threatpost.com Open in urlscan Pro
35.173.160.135 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://threatpost.com/google-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch/179103/
Submission: On April 04 via api (April 4th 2022, 3:23:38 pm UTC) from US — Scanned from DE

Summary HTTP 581 Redirects Links 20 Behaviour Indicators

Summary

This website contacted 108 IPs in 12 countries across 97 domains to perform 581 HTTP transactions. The main IP is 35.173.160.135, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is threatpost.com. The Cisco Umbrella rank of the primary domain is 147547.
TLS certificate: Issued by DigiCert TLS RSA SHA256 2020 CA1 on June 2nd 2021. Valid for: a year.

This is the only time threatpost.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
34	35.173.160.135 35.173.160.135	14618 (AMAZON-AES) (AMAZON-AES)
19	65.9.66.117 65.9.66.117	16509 (AMAZON-02) (AMAZON-02)
54	2a00:1450:400... 2a00:1450:4001:812::2002	15169 (GOOGLE) (GOOGLE)
7	2606:4700:303... 2606:4700:3031::6815:456d	13335 (CLOUDFLAR...) (CLOUDFLARENET)
14	2600:9000:205... 2600:9000:2057:1200:2:9275:3d40:93a1	16509 (AMAZON-02) (AMAZON-02)
10	2600:9000:21f... 2600:9000:21f3:da00:0:5c46:4f40:93a1	16509 (AMAZON-02) (AMAZON-02)
1 13	2a00:1450:400... 2a00:1450:4001:813::2004	15169 (GOOGLE) (GOOGLE)
1	185.85.15.31 185.85.15.31	200107 (KL-EXT) (KL-EXT)
6	65.9.62.173 65.9.62.173	16509 (AMAZON-02) (AMAZON-02)
1 9	151.101.2.137 151.101.2.137	54113 (FASTLY) (FASTLY)
5	2a00:1450:400... 2a00:1450:4001:82f::2008	15169 (GOOGLE) (GOOGLE)
6	142.250.181.226 142.250.181.226	15169 (GOOGLE) (GOOGLE)
8	2a00:1450:400... 2a00:1450:4001:827::2003	15169 (GOOGLE) (GOOGLE)
8	151.101.130.137 151.101.130.137	54113 (FASTLY) (FASTLY)
1	104.89.31.187 104.89.31.187	16625 (AKAMAI-AS) (AKAMAI-AS)
1	46.105.202.126 46.105.202.126	16276 (OVH) (OVH)
2	54.154.15.255 54.154.15.255	16509 (AMAZON-02) (AMAZON-02)
2	2606:4700:20:... 2606:4700:20::681a:9a9	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	51.195.5.40 51.195.5.40	16276 (OVH) (OVH)
6	2a00:1450:400... 2a00:1450:4001:808::200e	15169 (GOOGLE) (GOOGLE)
4 6	2620:116:800d... 2620:116:800d:21:fcb8:22d2:d390:5f1b	16509 (AMAZON-02) (AMAZON-02)
1	199.232.136.157 199.232.136.157	54113 (FASTLY) (FASTLY)
9	3.14.222.76 3.14.222.76	16509 (AMAZON-02) (AMAZON-02)
4	2a00:1450:400... 2a00:1450:4001:808::200a	15169 (GOOGLE) (GOOGLE)
3	18.196.121.26 18.196.121.26	16509 (AMAZON-02) (AMAZON-02)
4	2602:803:c004... 2602:803:c004:200::140	26667 (RUBICONPR...) (RUBICONPROJECT)
1	18.157.232.7 18.157.232.7	16509 (AMAZON-02) (AMAZON-02)
4 14	185.33.223.38 185.33.223.38	29990 (ASN-APPNEX) (ASN-APPNEX)
5	213.19.147.43 213.19.147.43	26120 (RHYTHMONE) (RHYTHMONE)
3	185.64.189.112 185.64.189.112	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1 17	35.244.159.8 35.244.159.8	15169 (GOOGLE) (GOOGLE)
3	23.32.59.34 23.32.59.34	16625 (AKAMAI-AS) (AKAMAI-AS)
2 6	63.251.14.14 63.251.14.14	14744 (INTERNAP-...) (INTERNAP-BLOCK-4)
5	52.28.203.152 52.28.203.152	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700::68... 2606:4700::6812:272	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2 6	134.209.131.220 134.209.131.220	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
1 3	145.40.89.200 145.40.89.200	54825 (PACKET) (PACKET)
1	54.194.228.85 54.194.228.85	16509 (AMAZON-02) (AMAZON-02)
2	13.36.218.177 13.36.218.177	16509 (AMAZON-02) (AMAZON-02)
1 1	34.248.191.66 34.248.191.66	16509 (AMAZON-02) (AMAZON-02)
1	64.140.160.2 64.140.160.2	18450 (WEBNX) (WEBNX)
1	2600:9000:206... 2600:9000:206f:b800:6:44e3:f8c0:93a1	16509 (AMAZON-02) (AMAZON-02)
1	104.244.42.131 104.244.42.131	13414 (TWITTER) (TWITTER)
1	104.244.42.5 104.244.42.5	13414 (TWITTER) (TWITTER)
2	2a00:1450:400... 2a00:1450:400c:c01::9c	15169 (GOOGLE) (GOOGLE)
40	2a00:1450:400... 2a00:1450:4001:828::2006	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:831::2003	15169 (GOOGLE) (GOOGLE)
2 3	2606:4700::68... 2606:4700::6810:7eaf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a02:26f0:350... 2a02:26f0:3500:7::17d8:4dc9	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
4 6	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1 4	142.250.185.230 142.250.185.230	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:811::2002	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:831::2002	15169 (GOOGLE) (GOOGLE)
9	2a00:1450:400... 2a00:1450:4001:812::2001	15169 (GOOGLE) (GOOGLE)
39	2a00:1450:400... 2a00:1450:4001:82a::2001	15169 (GOOGLE) (GOOGLE)
17	2a00:1450:400... 2a00:1450:4001:828::2002	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:80e::200a	15169 (GOOGLE) (GOOGLE)
2	65.9.66.69 65.9.66.69	16509 (AMAZON-02) (AMAZON-02)
13 45	142.250.185.226 142.250.185.226	15169 (GOOGLE) (GOOGLE)
1 9	23.35.228.247 23.35.228.247	16625 (AKAMAI-AS) (AKAMAI-AS)
1 2	2a02:2638::1c 2a02:2638::1c	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2	178.250.0.157 178.250.0.157	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
5	2.20.85.92 2.20.85.92	16625 (AKAMAI-AS) (AKAMAI-AS)
3	151.101.129.108 151.101.129.108	54113 (FASTLY) (FASTLY)
2	23.35.233.56 23.35.233.56	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2600:1f18:612... 2600:1f18:612b:4216:99f2:7ef8:5bca:944d	14618 (AMAZON-AES) (AMAZON-AES)
2 3	185.94.180.125 185.94.180.125	35220 (SPOTX-AMS) (SPOTX-AMS)
6 6	18.184.26.136 18.184.26.136	16509 (AMAZON-02) (AMAZON-02)
9 10	3.126.56.137 3.126.56.137	16509 (AMAZON-02) (AMAZON-02)
3 3	185.29.134.244 185.29.134.244	30419 (MEDIAMATH...) (MEDIAMATH-INC)
6 6	37.157.4.28 37.157.4.28	198622 (ADFORM) (ADFORM)
4 10	15.197.193.217 15.197.193.217	16509 (AMAZON-02) (AMAZON-02)
7 7	2.18.234.233 2.18.234.233	16625 (AKAMAI-AS) (AKAMAI-AS)
1 1	154.54.250.49 154.54.250.49	26558 (FREEWHEEL) (FREEWHEEL)
2 2	52.213.21.147 52.213.21.147	16509 (AMAZON-02) (AMAZON-02)
3 4	2a05:d018:d29... 2a05:d018:d29:3605:2e02:fe1c:9c40:529	16509 (AMAZON-02) (AMAZON-02)
2 2	3.122.208.3 3.122.208.3	16509 (AMAZON-02) (AMAZON-02)
1	72.251.232.228 72.251.232.228	29791 (VOXEL-DOT...) (VOXEL-DOT-NET)
1 2	2606:4700::68... 2606:4700::6812:d05	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	85.114.159.93 85.114.159.93	24961 (MYLOC-AS ...) (MYLOC-AS IP Backbone of myLoc managed IT AG)
1 1	81.222.128.215 81.222.128.215	20597 (ELTEL-AS) (ELTEL-AS)
2 2	193.0.160.128 193.0.160.128	54312 (ROCKETFUEL) (ROCKETFUEL)
6	142.250.186.66 142.250.186.66	15169 (GOOGLE) (GOOGLE)
1 2	2a02:fa8:8806... 2a02:fa8:8806:20::2040	41041 (VCLK-EU-SE) (VCLK-EU-SE)
1 1	35.186.193.173 35.186.193.173	15169 (GOOGLE) (GOOGLE)
2	63.34.46.247 63.34.46.247	16509 (AMAZON-02) (AMAZON-02)
1	13.115.149.166 13.115.149.166	16509 (AMAZON-02) (AMAZON-02)
2 2	217.66.147.164 217.66.147.164	29209 (SPBMTS-AS...) (SPBMTS-AS Malaya Monetnaya Street 2-A)
1 1	213.87.44.187 213.87.44.187	13174 (MTSNET Mo...) (MTSNET Moscow)
2	66.155.71.150 66.155.71.150	13768 (COGECO-PEER1) (COGECO-PEER1)
2 2	52.71.178.197 52.71.178.197	14618 (AMAZON-AES) (AMAZON-AES)
1 3	51.75.86.98 51.75.86.98	16276 (OVH) (OVH)
1	159.203.145.121 159.203.145.121	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
2	2a02:26f0:ef:... 2a02:26f0:ef::5c7b:c2a1	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
3 6	13.248.245.213 13.248.245.213	16509 (AMAZON-02) (AMAZON-02)
1	2620:1ec:bdf::44 2620:1ec:bdf::44	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
6	104.89.20.125 104.89.20.125	16625 (AKAMAI-AS) (AKAMAI-AS)
1 1	134.209.129.254 134.209.129.254	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
1	205.185.216.42 205.185.216.42	20446 (STACKPATH...) (STACKPATH-CDN)
3 4	3.122.58.191 3.122.58.191	16509 (AMAZON-02) (AMAZON-02)
1	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
4 8	209.54.180.144 209.54.180.144	16509 (AMAZON-02) (AMAZON-02)
3 3	64.74.236.31 64.74.236.31	19024 (INTERNAP-...) (INTERNAP-BLK5)
1	34.248.76.8 34.248.76.8	16509 (AMAZON-02) (AMAZON-02)
1	67.202.105.21 67.202.105.21	32748 (STEADFAST) (STEADFAST)
2	185.86.139.93 185.86.139.93	201081 (SMARTADSE...) (SMARTADSERVER)
8	79.125.2.154 79.125.2.154	16509 (AMAZON-02) (AMAZON-02)
2 3	213.19.147.44 213.19.147.44	26120 (RHYTHMONE) (RHYTHMONE)
3	178.162.133.149 178.162.133.149	60781 (LEASEWEB-...) (LEASEWEB-NL-AMS-01 Netherlands)
2 4	18.195.155.181 18.195.155.181	16509 (AMAZON-02) (AMAZON-02)
2 2	96.16.141.156 96.16.141.156	16625 (AKAMAI-AS) (AKAMAI-AS)
1	178.162.133.148 178.162.133.148	60781 (LEASEWEB-...) (LEASEWEB-NL-AMS-01 Netherlands)
2 2	18.235.91.242 18.235.91.242	14618 (AMAZON-AES) (AMAZON-AES)
1	2600:1f18:444... 2600:1f18:444a:4680:5b76:7408:bdd4:1592	14618 (AMAZON-AES) (AMAZON-AES)
1 1	54.84.59.198 54.84.59.198	14618 (AMAZON-AES) (AMAZON-AES)
1	2.20.85.164 2.20.85.164	16625 (AKAMAI-AS) (AKAMAI-AS)
3 3	69.173.144.138 69.173.144.138	26667 (RUBICONPR...) (RUBICONPROJECT)
2 3	52.94.220.185 52.94.220.185	16509 (AMAZON-02) (AMAZON-02)
2 4	69.173.144.139 69.173.144.139	26667 (RUBICONPR...) (RUBICONPROJECT)
1	2a00:1288:80:... 2a00:1288:80:807::1	203220 (YAHOO-DEB) (YAHOO-DEB)
1	35.244.174.68 35.244.174.68	15169 (GOOGLE) (GOOGLE)
2 2	185.33.221.91 185.33.221.91	29990 (ASN-APPNEX) (ASN-APPNEX)
1 13	52.17.2.116 52.17.2.116	16509 (AMAZON-02) (AMAZON-02)
3 3	70.42.32.31 70.42.32.31	22075 (AS-OUTBRAIN) (AS-OUTBRAIN)
1 1	34.232.92.67 34.232.92.67	14618 (AMAZON-AES) (AMAZON-AES)
1	129.159.70.95 129.159.70.95	31898 (ORACLE-BM...) (ORACLE-BMC-31898)
1	169.197.150.7 169.197.150.7	398989 (DEEPINTENT) (DEEPINTENT)
1 1	104.89.42.102 104.89.42.102	16625 (AKAMAI-AS) (AKAMAI-AS)
1 1	54.155.65.255 54.155.65.255	16509 (AMAZON-02) (AMAZON-02)
3	34.241.76.6 34.241.76.6	16509 (AMAZON-02) (AMAZON-02)
1 1	198.148.27.140 198.148.27.140	19189 (PULSEPOINT) (PULSEPOINT)
1 1	151.101.66.49 151.101.66.49	54113 (FASTLY) (FASTLY)
1 1	202.241.208.54 202.241.208.54	4694 (IDCF IDC ...) (IDCF IDC Frontier Inc.)
2 2	185.184.8.90 185.184.8.90	204995 (RTB-HOUSE...) (RTB-HOUSE-AMS)
1	69.173.151.100 69.173.151.100	26667 (RUBICONPR...) (RUBICONPROJECT)
1 4	185.86.139.115 185.86.139.115	201081 (SMARTADSE...) (SMARTADSERVER)
581	108

34 35.173.160.135 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-35-173-160-135.compute-1.amazonaws.com

threatpost.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
kasperskycontenthub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

19 65.9.66.117 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-65-9-66-117.fra56.r.cloudfront.net

tagan.adlightning.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

54 2a00:1450:4001:812::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2606:4700:3031::6815:456d (United States)

ASN13335 (CLOUDFLARENET, US)

qd.admetricspro.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 2600:9000:2057:1200:2:9275:3d40:93a1 (United States)

ASN16509 (AMAZON-02, US)

assets.threatpost.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2600:9000:21f3:da00:0:5c46:4f40:93a1 (United States)

ASN16509 (AMAZON-02, US)

media.threatpost.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 2a00:1450:4001:813::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.85.15.31 (Germany)

ASN200107 (KL-EXT, CH)

media.kaspersky.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 65.9.62.173 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-65-9-62-173.fra56.r.cloudfront.net

c.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 151.101.2.137 (United States) 1 redirects

ASN54113 (FASTLY, US)

cd.connatix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cds.connatix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
capi.connatix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
img.connatix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:82f::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 142.250.181.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s56-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:827::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 151.101.130.137 (United States)

ASN54113 (FASTLY, US)

lit.connatix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ins.connatix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
vid.connatix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.89.31.187 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-89-31-187.deploy.static.akamaitechnologies.com

secure.cdn.fastclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 46.105.202.126 (France)

ASN16276 (OVH, FR)

cdn.id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.154.15.255 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-154-15-255.eu-west-1.compute.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:20::681a:9a9 (United States)

ASN13335 (CLOUDFLARENET, US)

script.4dex.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 51.195.5.40 (France)

ASN16276 (OVH, FR)
PTR: p17.id5-sync.com

id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:808::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2620:116:800d:21:fcb8:22d2:d390:5f1b (United States) 4 redirects

ASN16509 (AMAZON-02, US)

secure.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cms.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 199.232.136.157 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 3.14.222.76 (Columbus, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-14-222-76.us-east-2.compute.amazonaws.com

capi-tier-2-us-east-2.connatix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:808::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

imasdk.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 18.196.121.26 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-196-121-26.eu-central-1.compute.amazonaws.com

btlr.sharethrough.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2602:803:c004:200::140 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)

fastlane.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.157.232.7 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-157-232-7.eu-central-1.compute.amazonaws.com

tlx.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 185.33.223.38 (Amsterdam, Netherlands) 4 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 400.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 213.19.147.43 (Utrecht, Netherlands)

ASN26120 (RHYTHMONE, US)

tag.1rx.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.64.189.112 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

hbopenbid.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 35.244.159.8 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 8.159.244.35.bc.googleusercontent.com

teachingaids-d.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
eu-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
gift-connect-d.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 23.32.59.34 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-32-59-34.deploy.static.akamaitechnologies.com

htlb.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 63.251.14.14 (United States) 2 redirects

ASN14744 (INTERNAP-BLOCK-4, US)

ap.lijit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ce.lijit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 52.28.203.152 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-28-203-152.eu-central-1.compute.amazonaws.com

c2shb.ssp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c2shb.pubgw.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:272 (United States)

ASN13335 (CLOUDFLARENET, US)

mp.4dex.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 134.209.131.220 (North Bergen, United States) 2 redirects

ASN14061 (DIGITALOCEAN-ASN, US)

e.serverbid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 145.40.89.200 (Ashburn, United States) 1 redirects

ASN54825 (PACKET, US)

prebid.a-mo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.194.228.85 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-194-228-85.eu-west-1.compute.amazonaws.com

kaspersky.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.36.218.177 (Paris, France)

ASN16509 (AMAZON-02, US)
PTR: ec2-13-36-218-177.eu-west-3.compute.amazonaws.com

kaspersky.d3.sc.omtrdc.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.248.191.66 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-34-248-191-66.eu-west-1.compute.amazonaws.com

cm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 64.140.160.2 (Ogden, United States)

ASN18450 (WEBNX, US)
PTR: threatintelligenceplatform.com

geo.ipify.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:206f:b800:6:44e3:f8c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

rules.quantcount.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.131 (United States)

ASN13414 (TWITTER, US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.5 (United States)

ASN13414 (TWITTER, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400c:c01::9c (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

40 2a00:1450:4001:828::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:831::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6810:7eaf (United States) 2 redirects

ASN13335 (CLOUDFLARENET, US)

unpkg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:3500:7::17d8:4dc9 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2620:1ec:21::14 (United States) 4 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.250.185.230 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s53-in-f6.1e100.net

9582686.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:811::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:831::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:4001:812::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

39 2a00:1450:4001:82a::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 2a00:1450:4001:828::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:80e::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 65.9.66.69 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-65-9-66-69.fra56.r.cloudfront.net

math-aids-threatpost-tagan.adlightning.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

45 142.250.185.226 (United States) 13 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s53-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 23.35.228.247 (Frankfurt am Main, Germany) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a23-35-228-247.deploy.static.akamaitechnologies.com

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
js-sec.indexww.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ssum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:2638::1c (France) 1 redirects

ASN44788 (ASN-CRITEO-EUROPE, FR)

gum.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 178.250.0.157 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

mug.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2.20.85.92 (Milan, Italy)

ASN16625 (AKAMAI-AS, US)
PTR: a2-20-85-92.deploy.static.akamaitechnologies.com

ads.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 151.101.129.108 (United States)

ASN54113 (FASTLY, US)

acdn.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.35.233.56 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-35-233-56.deploy.static.akamaitechnologies.com

sync.teads.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1f18:612b:4216:99f2:7ef8:5bca:944d (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

partners.tremorhub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.94.180.125 (Amsterdam, Netherlands) 2 redirects

ASN35220 (SPOTX-AMS, US)

sync.search.spotxchange.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 18.184.26.136 (Frankfurt am Main, Germany) 6 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-184-26-136.eu-central-1.compute.amazonaws.com

pixel.advertising.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 3.126.56.137 (Frankfurt am Main, Germany) 9 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-126-56-137.eu-central-1.compute.amazonaws.com

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.29.134.244 (United Kingdom) 3 redirects

ASN30419 (MEDIAMATH-INC, US)

sync.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 37.157.4.28 (Denmark) 6 redirects

ASN198622 (ADFORM, DK)

c1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 15.197.193.217 (United States) 4 redirects

ASN16509 (AMAZON-02, US)
PTR: a12b7a488abeaa9e4.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2.18.234.233 (Frankfurt am Main, Germany) 7 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-234-233.deploy.static.akamaitechnologies.com

ads.stickyadstv.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 154.54.250.49 (United States) 1 redirects

ASN26558 (FREEWHEEL, US)

1f2e7.v.fwmrm.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.213.21.147 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-213-21-147.eu-west-1.compute.amazonaws.com

match.prod.bidr.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a05:d018:d29:3605:2e02:fe1c:9c40:529 (Dublin, Ireland) 3 redirects

ASN16509 (AMAZON-02, US)

pr-bh.ybp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.122.208.3 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-122-208-3.eu-central-1.compute.amazonaws.com

pm.w55c.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 72.251.232.228 (United States)

ASN29791 (VOXEL-DOT-NET, US)

cm.adgrx.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6812:d05 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

a.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
s.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 85.114.159.93 (Rheinfelden, Germany) 1 redirects

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)
PTR: dsp.adfarm1.adition.com

dsp.adfarm1.adition.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 81.222.128.215 (Russian Federation) 1 redirects

ASN20597 (ELTEL-AS, RU)
PTR: ad15.adriver.ru

ssp.adriver.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 193.0.160.128 (United States) 2 redirects

ASN54312 (ROCKETFUEL, US)

a.rfihub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
p.rfihub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 142.250.186.66 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s05-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:fa8:8806:20::2040 (Singapore) 1 redirects

ASN41041 (VCLK-EU-SE, US)

dclk-match.dotomi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
casale-match.dotomi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.186.193.173 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 173.193.186.35.bc.googleusercontent.com

gcm.ctnsnet.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 63.34.46.247 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-63-34-46-247.eu-west-1.compute.amazonaws.com

ads.yieldmo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.115.149.166 (Tokyo, Japan)

ASN16509 (AMAZON-02, US)
PTR: ec2-13-115-149-166.ap-northeast-1.compute.amazonaws.com

cc.adingo.jp	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 217.66.147.164 (St Petersburg, Russian Federation) 2 redirects

ASN29209 (SPBMTS-AS Malaya Monetnaya Street 2-A, RU)
PTR: host-164-147-66-217.spbmts.ru

sm.rtb.mts.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 213.87.44.187 (Russian Federation) 1 redirects

ASN13174 (MTSNET Moscow, Russia, RU)
PTR: infrastructure-187-44.mts.ru

tech.rtb.mts.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 66.155.71.150 (Portsmouth, United Kingdom)

ASN13768 (COGECO-PEER1, CA)

pixel-sync.sitescout.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.71.178.197 (Ashburn, United States) 2 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-71-178-197.compute-1.amazonaws.com

sync.srv.stackadapt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 51.75.86.98 (France) 1 redirects

ASN16276 (OVH, FR)
PTR: ip98.ip-51-75-86.eu

onetag-sys.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 159.203.145.121 (Clifton, United States)

ASN14061 (DIGITALOCEAN-ASN, US)

cs.chocolateplatform.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:ef::5c7b:c2a1 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

code.createjs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 13.248.245.213 (United States) 3 redirects

ASN16509 (AMAZON-02, US)
PTR: a0f671730127a0812.awsglobalaccelerator.com

eb2.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:bdf::44 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

public.servenobid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 104.89.20.125 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-89-20-125.deploy.static.akamaitechnologies.com

eus.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 134.209.129.254 (North Bergen, United States) 1 redirects

ASN14061 (DIGITALOCEAN-ASN, US)

sync.serverbid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 205.185.216.42 (United States)

ASN20446 (STACKPATH-CDN, US)
PTR: map2.hwcdn.net

serverbid-sync.nyc3.cdn.digitaloceanspaces.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 3.122.58.191 (Frankfurt am Main, Germany) 3 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-122-58-191.eu-central-1.compute.amazonaws.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

c.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 209.54.180.144 (Ashburn, United States) 4 redirects

ASN16509 (AMAZON-02, US)

s.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 64.74.236.31 (United States) 3 redirects

ASN19024 (INTERNAP-BLK5, US)
PTR: chi.outbrain.com

b1sync.zemanta.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.248.76.8 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-248-76-8.eu-west-1.compute.amazonaws.com

g2.gumgum.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 67.202.105.21 (United States)

ASN32748 (STEADFAST, US)
PTR: ip21.67-202-105.static.steadfastdns.net

pixel.33across.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.86.139.93 (France)

ASN201081 (SMARTADSERVER, FR)

ssbsync.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 79.125.2.154 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-79-125-2-154.eu-west-1.compute.amazonaws.com

ads.servenobid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 213.19.147.44 (Utrecht, Netherlands) 2 redirects

ASN26120 (RHYTHMONE, US)

sync.1rx.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 178.162.133.149 (Rijswijk, Netherlands)

ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)
PTR: ams-1-sync.go.sonobi.com

sync.go.sonobi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 18.195.155.181 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-195-155-181.eu-central-1.compute.amazonaws.com

cs.emxdgt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 96.16.141.156 (Frankfurt am Main, Germany) 2 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a96-16-141-156.deploy.static.akamaitechnologies.com

secure-assets.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.162.133.148 (Rijswijk, Netherlands)

ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)
PTR: ams-1.go.sonobi.com

go.sonobi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.235.91.242 (Ashburn, United States) 2 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-18-235-91-242.compute-1.amazonaws.com

i.liadm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1f18:444a:4680:5b76:7408:bdd4:1592 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

i6.liadm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.84.59.198 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-84-59-198.compute-1.amazonaws.com

sync.extend.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2.20.85.164 (Milan, Italy)

ASN16625 (AKAMAI-AS, US)
PTR: a2-20-85-164.deploy.static.akamaitechnologies.com

dsum.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 69.173.144.138 (Frankfurt am Main, Germany) 3 redirects

ASN26667 (RUBICONPROJECT, US)

token.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 52.94.220.185 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)

aax-eu.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 69.173.144.139 (Frankfurt am Main, Germany) 2 redirects

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1288:80:807::1 (United Kingdom)

ASN203220 (YAHOO-DEB, GB)

ads.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.244.174.68 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 68.174.244.35.bc.googleusercontent.com

id.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.33.221.91 (Amsterdam, Netherlands) 2 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 721.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 52.17.2.116 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-17-2-116.eu-west-1.compute.amazonaws.com

rtb.gumgum.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 70.42.32.31 (United States) 3 redirects

ASN22075 (AS-OUTBRAIN, US)
PTR: ny.outbrain.com

sync.outbrain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.232.92.67 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-232-92-67.compute-1.amazonaws.com

sync.ipredictive.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 129.159.70.95 (Ashburn, United States)

ASN31898 (ORACLE-BMC-31898, US)

sync.technoratimedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 169.197.150.7 (United States)

ASN398989 (DEEPINTENT, US)
PTR: g.deepintent.com

match.deepintent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.89.42.102 (Frankfurt am Main, Germany) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a104-89-42-102.deploy.static.akamaitechnologies.com

stags.bluekai.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.155.65.255 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-54-155-65-255.eu-west-1.compute.amazonaws.com

ad.360yield.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 34.241.76.6 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-241-76-6.eu-west-1.compute.amazonaws.com

usersync.gumgum.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 198.148.27.140 (New York, United States) 1 redirects

ASN19189 (PULSEPOINT, US)

bh.contextweb.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.66.49 (United States) 1 redirects

ASN54113 (FASTLY, US)

sync-tm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 202.241.208.54 (Japan) 1 redirects

ASN4694 (IDCF IDC Frontier Inc., JP)

tg.socdm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.184.8.90 (Amsterdam, Netherlands) 2 redirects

ASN204995 (RTB-HOUSE-AMS, PL)
PTR: ip-185-184-8-90.rtbhouse.net

creativecdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.151.100 (United States)

ASN26667 (RUBICONPROJECT, US)

pixel-us-east.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 185.86.139.115 (France) 1 redirects

ASN201081 (SMARTADSERVER, FR)

rtb-csync.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
83	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 98 451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com tpc.googlesyndication.com — Cisco Umbrella Rank: 125	430 KB
78	doubleclick.net 14 redirects securepubads.g.doubleclick.net — Cisco Umbrella Rank: 193 stats.g.doubleclick.net — Cisco Umbrella Rank: 95 9582686.fls.doubleclick.net — Cisco Umbrella Rank: 340449 googleads.g.doubleclick.net — Cisco Umbrella Rank: 43 cm.g.doubleclick.net — Cisco Umbrella Rank: 206 ad.doubleclick.net — Cisco Umbrella Rank: 190 Failed googleads4.g.doubleclick.net — Cisco Umbrella Rank: 274	436 KB
56	threatpost.com threatpost.com — Cisco Umbrella Rank: 147547 assets.threatpost.com — Cisco Umbrella Rank: 399303 media.threatpost.com — Cisco Umbrella Rank: 354086	1 MB
40	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 257	318 KB
26	connatix.com 1 redirects cd.connatix.com — Cisco Umbrella Rank: 3428 cds.connatix.com — Cisco Umbrella Rank: 3539 capi.connatix.com — Cisco Umbrella Rank: 3917 lit.connatix.com — Cisco Umbrella Rank: 7406 ins.connatix.com — Cisco Umbrella Rank: 5944 capi-tier-2-us-east-2.connatix.com — Cisco Umbrella Rank: 4444 vid.connatix.com — Cisco Umbrella Rank: 4140 img.connatix.com — Cisco Umbrella Rank: 4251	2 MB
21	adlightning.com tagan.adlightning.com — Cisco Umbrella Rank: 1406 math-aids-threatpost-tagan.adlightning.com	445 KB
20	yahoo.com 12 redirects c2shb.ssp.yahoo.com — Cisco Umbrella Rank: 795 c2shb.pubgw.yahoo.com — Cisco Umbrella Rank: 1133 ups.analytics.yahoo.com — Cisco Umbrella Rank: 287 pr-bh.ybp.yahoo.com — Cisco Umbrella Rank: 370 ads.yahoo.com — Cisco Umbrella Rank: 1030	8 KB
20	rubiconproject.com 7 redirects fastlane.rubiconproject.com — Cisco Umbrella Rank: 450 eus.rubiconproject.com — Cisco Umbrella Rank: 551 secure-assets.rubiconproject.com — Cisco Umbrella Rank: 1110 token.rubiconproject.com — Cisco Umbrella Rank: 669 pixel.rubiconproject.com — Cisco Umbrella Rank: 348 pixel-us-east.rubiconproject.com — Cisco Umbrella Rank: 1170	39 KB
19	adnxs.com 6 redirects ib.adnxs.com — Cisco Umbrella Rank: 245 acdn.adnxs.com — Cisco Umbrella Rank: 560 secure.adnxs.com — Cisco Umbrella Rank: 436	66 KB
19	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 169	460 KB
17	gumgum.com 1 redirects g2.gumgum.com — Cisco Umbrella Rank: 1523 rtb.gumgum.com — Cisco Umbrella Rank: 1242 usersync.gumgum.com — Cisco Umbrella Rank: 3241	5 KB
17	openx.net 1 redirects teachingaids-d.openx.net — Cisco Umbrella Rank: 23504 us-u.openx.net — Cisco Umbrella Rank: 399 u.openx.net — Cisco Umbrella Rank: 730 eu-u.openx.net — Cisco Umbrella Rank: 1942 gift-connect-d.openx.net — Cisco Umbrella Rank: 13506	3 KB
17	amazon-adsystem.com 6 redirects c.amazon-adsystem.com — Cisco Umbrella Rank: 290 s.amazon-adsystem.com — Cisco Umbrella Rank: 278 aax-eu.amazon-adsystem.com — Cisco Umbrella Rank: 1196	49 KB
16	google.com 1 redirects www.google.com — Cisco Umbrella Rank: 7 adservice.google.com — Cisco Umbrella Rank: 76	3 KB
10	adsrvr.org 4 redirects match.adsrvr.org — Cisco Umbrella Rank: 326	3 KB
10	casalemedia.com 1 redirects htlb.casalemedia.com — Cisco Umbrella Rank: 470 dsum-sec.casalemedia.com — Cisco Umbrella Rank: 568 ssum-sec.casalemedia.com — Cisco Umbrella Rank: 536 dsum.casalemedia.com — Cisco Umbrella Rank: 1319	9 KB
9	servenobid.com ads.servenobid.com — Cisco Umbrella Rank: 2023 Failed public.servenobid.com — Cisco Umbrella Rank: 4173	7 KB
8	pubmatic.com hbopenbid.pubmatic.com — Cisco Umbrella Rank: 446 ads.pubmatic.com — Cisco Umbrella Rank: 453	29 KB
8	1rx.io 2 redirects tag.1rx.io — Cisco Umbrella Rank: 1309 sync.1rx.io — Cisco Umbrella Rank: 534	2 KB
8	googleapis.com imasdk.googleapis.com — Cisco Umbrella Rank: 405 fonts.googleapis.com — Cisco Umbrella Rank: 45	707 KB
8	gstatic.com www.gstatic.com	310 KB
7	stickyadstv.com 7 redirects ads.stickyadstv.com — Cisco Umbrella Rank: 668	6 KB
7	linkedin.com 4 redirects px.ads.linkedin.com — Cisco Umbrella Rank: 385 www.linkedin.com — Cisco Umbrella Rank: 595 px4.ads.linkedin.com — Cisco Umbrella Rank: 4868	4 KB
7	serverbid.com 3 redirects e.serverbid.com — Cisco Umbrella Rank: 3180 sync.serverbid.com — Cisco Umbrella Rank: 5979	1 KB
7	3lift.com 3 redirects tlx.3lift.com — Cisco Umbrella Rank: 566 eb2.3lift.com — Cisco Umbrella Rank: 325	4 KB
7	admetricspro.com qd.admetricspro.com — Cisco Umbrella Rank: 24025	322 KB
6	smartadserver.com 1 redirects ssbsync.smartadserver.com — Cisco Umbrella Rank: 1219 rtb-csync.smartadserver.com — Cisco Umbrella Rank: 626	2 KB
6	adform.net 6 redirects c1.adform.net — Cisco Umbrella Rank: 571	3 KB
6	advertising.com 6 redirects pixel.advertising.com — Cisco Umbrella Rank: 350	2 KB
6	lijit.com 2 redirects ap.lijit.com — Cisco Umbrella Rank: 602 ce.lijit.com — Cisco Umbrella Rank: 908	3 KB
6	quantserve.com 4 redirects secure.quantserve.com — Cisco Umbrella Rank: 962 pixel.quantserve.com — Cisco Umbrella Rank: 418 cms.quantserve.com — Cisco Umbrella Rank: 1104	12 KB
6	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 39	40 KB
5	google.de www.google.de — Cisco Umbrella Rank: 5640 adservice.google.de — Cisco Umbrella Rank: 8069	2 KB
5	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 70	388 KB
4	emxdgt.com 2 redirects cs.emxdgt.com — Cisco Umbrella Rank: 884	473 B
4	sonobi.com sync.go.sonobi.com — Cisco Umbrella Rank: 1004 go.sonobi.com — Cisco Umbrella Rank: 761	2 KB
4	bidswitch.net 3 redirects x.bidswitch.net — Cisco Umbrella Rank: 285	2 KB
4	criteo.com 1 redirects gum.criteo.com — Cisco Umbrella Rank: 389 mug.criteo.com — Cisco Umbrella Rank: 2685	1 KB
3	outbrain.com 3 redirects sync.outbrain.com — Cisco Umbrella Rank: 835	1 KB
3	liadm.com 2 redirects i.liadm.com — Cisco Umbrella Rank: 531 i6.liadm.com — Cisco Umbrella Rank: 1596	1 KB
3	zemanta.com 3 redirects b1sync.zemanta.com — Cisco Umbrella Rank: 558	2 KB
3	onetag-sys.com 1 redirects onetag-sys.com — Cisco Umbrella Rank: 841	1 KB
3	mts.ru 3 redirects sm.rtb.mts.ru — Cisco Umbrella Rank: 30626 tech.rtb.mts.ru — Cisco Umbrella Rank: 31046	2 KB
3	mathtag.com 3 redirects sync.mathtag.com — Cisco Umbrella Rank: 438	2 KB
3	spotxchange.com 2 redirects sync.search.spotxchange.com — Cisco Umbrella Rank: 515	2 KB
3	indexww.com js-sec.indexww.com — Cisco Umbrella Rank: 709	5 KB
3	unpkg.com 2 redirects unpkg.com — Cisco Umbrella Rank: 896	2 KB
3	a-mo.net 1 redirects prebid.a-mo.net — Cisco Umbrella Rank: 1149	806 B
3	sharethrough.com btlr.sharethrough.com — Cisco Umbrella Rank: 1085	337 B
3	4dex.io script.4dex.io — Cisco Umbrella Rank: 1906 mp.4dex.io — Cisco Umbrella Rank: 2659	24 KB
3	demdex.net dpm.demdex.net — Cisco Umbrella Rank: 208 kaspersky.demdex.net — Cisco Umbrella Rank: 256293	5 KB
3	id5-sync.com cdn.id5-sync.com — Cisco Umbrella Rank: 1658 id5-sync.com — Cisco Umbrella Rank: 607	12 KB
2	creativecdn.com 2 redirects creativecdn.com — Cisco Umbrella Rank: 650	695 B
2	createjs.com code.createjs.com — Cisco Umbrella Rank: 1360	125 KB
2	stackadapt.com 2 redirects sync.srv.stackadapt.com — Cisco Umbrella Rank: 822	947 B
2	sitescout.com pixel-sync.sitescout.com — Cisco Umbrella Rank: 613	382 B
2	yieldmo.com ads.yieldmo.com — Cisco Umbrella Rank: 611	69 B
2	dotomi.com 1 redirects dclk-match.dotomi.com — Cisco Umbrella Rank: 2899 casale-match.dotomi.com — Cisco Umbrella Rank: 3115	290 B
2	rfihub.com 2 redirects a.rfihub.com — Cisco Umbrella Rank: 2983 p.rfihub.com — Cisco Umbrella Rank: 725	2 KB
2	tribalfusion.com 1 redirects a.tribalfusion.com — Cisco Umbrella Rank: 800 s.tribalfusion.com — Cisco Umbrella Rank: 2468	1 KB
2	w55c.net 2 redirects pm.w55c.net — Cisco Umbrella Rank: 873	1 KB
2	bidr.io 2 redirects match.prod.bidr.io — Cisco Umbrella Rank: 489	1 KB
2	teads.tv sync.teads.tv — Cisco Umbrella Rank: 1005	344 B
2	everesttech.net 2 redirects cm.everesttech.net — Cisco Umbrella Rank: 1018 sync-tm.everesttech.net — Cisco Umbrella Rank: 575	747 B
2	omtrdc.net kaspersky.d3.sc.omtrdc.net — Cisco Umbrella Rank: 233441	561 B
2	kasperskycontenthub.com kasperskycontenthub.com — Cisco Umbrella Rank: 350744	1 KB
1	socdm.com 1 redirects tg.socdm.com — Cisco Umbrella Rank: 1857	694 B
1	contextweb.com 1 redirects bh.contextweb.com — Cisco Umbrella Rank: 587	383 B
1	360yield.com 1 redirects ad.360yield.com — Cisco Umbrella Rank: 654	201 B
1	bluekai.com 1 redirects stags.bluekai.com — Cisco Umbrella Rank: 469	1 KB
1	deepintent.com match.deepintent.com — Cisco Umbrella Rank: 933	44 B
1	technoratimedia.com sync.technoratimedia.com — Cisco Umbrella Rank: 1184	293 B
1	ipredictive.com 1 redirects sync.ipredictive.com — Cisco Umbrella Rank: 1001	428 B
1	rlcdn.com id.rlcdn.com — Cisco Umbrella Rank: 599
1	extend.tv 1 redirects sync.extend.tv — Cisco Umbrella Rank: 1707	546 B
1	33across.com pixel.33across.com — Cisco Umbrella Rank: 2431
1	bing.com c.bing.com — Cisco Umbrella Rank: 230	593 B
1	digitaloceanspaces.com serverbid-sync.nyc3.cdn.digitaloceanspaces.com — Cisco Umbrella Rank: 7077	5 KB
1	chocolateplatform.com cs.chocolateplatform.com — Cisco Umbrella Rank: 2166	68 B
1	adingo.jp cc.adingo.jp — Cisco Umbrella Rank: 3260	44 B
1	ctnsnet.com 1 redirects gcm.ctnsnet.com — Cisco Umbrella Rank: 44250	511 B
1	adriver.ru 1 redirects ssp.adriver.ru — Cisco Umbrella Rank: 11890	340 B
1	adition.com 1 redirects dsp.adfarm1.adition.com — Cisco Umbrella Rank: 1593	584 B
1	adgrx.com cm.adgrx.com — Cisco Umbrella Rank: 1479	408 B
1	fwmrm.net 1 redirects 1f2e7.v.fwmrm.net — Cisco Umbrella Rank: 4405	511 B
1	tremorhub.com partners.tremorhub.com — Cisco Umbrella Rank: 1007	183 B
1	licdn.com snap.licdn.com — Cisco Umbrella Rank: 938	3 KB
1	t.co t.co — Cisco Umbrella Rank: 463	336 B
1	twitter.com analytics.twitter.com — Cisco Umbrella Rank: 518	459 B
1	quantcount.com rules.quantcount.com — Cisco Umbrella Rank: 894	354 B
1	ipify.org geo.ipify.org — Cisco Umbrella Rank: 63408	646 B
1	ads-twitter.com static.ads-twitter.com — Cisco Umbrella Rank: 622	6 KB
1	fastclick.net secure.cdn.fastclick.net — Cisco Umbrella Rank: 1664	17 KB
1	kaspersky.com media.kaspersky.com — Cisco Umbrella Rank: 134181	48 KB
0	inmobi.com Failed sync.inmobi.com Failed
0	avads.net Failed ads.avads.net Failed
0	wbtrk.net Failed um.wbtrk.net Failed
581	97

	Domain	Requested by
45	cm.g.doubleclick.net	13 redirects googleads.g.doubleclick.net u.openx.net 451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com eb2.3lift.com ssum-sec.casalemedia.com g2.gumgum.com
40	s0.2mdn.net	imasdk.googleapis.com tagan.adlightning.com s0.2mdn.net ad.doubleclick.net 451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com
39	tpc.googlesyndication.com	tagan.adlightning.com 451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com ad.doubleclick.net tpc.googlesyndication.com
35	pagead2.googlesyndication.com	srcdoc securepubads.g.doubleclick.net tpc.googlesyndication.com 451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com tagan.adlightning.com ad.doubleclick.net www.googletagservices.com
32	threatpost.com	threatpost.com
19	www.googletagservices.com	threatpost.com 451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com tagan.adlightning.com s0.2mdn.net
19	tagan.adlightning.com	threatpost.com tagan.adlightning.com 451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com
15	googleads.g.doubleclick.net	451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com tagan.adlightning.com
14	ib.adnxs.com	4 redirects qd.admetricspro.com cds.connatix.com googleads.g.doubleclick.net acdn.adnxs.com
14	assets.threatpost.com	threatpost.com assets.threatpost.com
13	rtb.gumgum.com	1 redirects g2.gumgum.com
13	www.google.com	1 redirects threatpost.com tagan.adlightning.com 451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com
10	match.adsrvr.org	4 redirects u.openx.net 451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com eb2.3lift.com ssum-sec.casalemedia.com
10	ups.analytics.yahoo.com	9 redirects googleads.g.doubleclick.net
10	media.threatpost.com	threatpost.com
9	451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com	securepubads.g.doubleclick.net tagan.adlightning.com
9	capi-tier-2-us-east-2.connatix.com	cd.connatix.com
8	s.amazon-adsystem.com	4 redirects eb2.3lift.com ssum-sec.casalemedia.com ssbsync.smartadserver.com
8	ads.servenobid.com	qd.admetricspro.com public.servenobid.com ssum-sec.casalemedia.com g2.gumgum.com ssbsync.smartadserver.com
8	www.gstatic.com	www.google.com 451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com
7	ads.stickyadstv.com	7 redirects
7	qd.admetricspro.com	threatpost.com qd.admetricspro.com
6	eus.rubiconproject.com	qd.admetricspro.com eus.rubiconproject.com serverbid-sync.nyc3.cdn.digitaloceanspaces.com g2.gumgum.com
6	eb2.3lift.com	3 redirects qd.admetricspro.com eb2.3lift.com
6	googleads4.g.doubleclick.net	threatpost.com ad.doubleclick.net
6	c1.adform.net	6 redirects
6	pixel.advertising.com	6 redirects
6	us-u.openx.net	1 redirects googleads.g.doubleclick.net u.openx.net
6	e.serverbid.com	2 redirects qd.admetricspro.com serverbid-sync.nyc3.cdn.digitaloceanspaces.com
6	vid.connatix.com	cd.connatix.com cds.connatix.com
6	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com threatpost.com
6	securepubads.g.doubleclick.net	tagan.adlightning.com www.googletagservices.com securepubads.g.doubleclick.net
6	c.amazon-adsystem.com	qd.admetricspro.com c.amazon-adsystem.com
5	ads.pubmatic.com	cds.connatix.com qd.admetricspro.com serverbid-sync.nyc3.cdn.digitaloceanspaces.com g2.gumgum.com
5	px.ads.linkedin.com	3 redirects eb2.3lift.com
5	tag.1rx.io	qd.admetricspro.com cds.connatix.com
5	www.googletagmanager.com	threatpost.com www.googletagmanager.com
5	cds.connatix.com	threatpost.com cd.connatix.com
4	rtb-csync.smartadserver.com	1 redirects ssbsync.smartadserver.com
4	pixel.rubiconproject.com	2 redirects g2.gumgum.com
4	cs.emxdgt.com	2 redirects serverbid-sync.nyc3.cdn.digitaloceanspaces.com g2.gumgum.com
4	x.bidswitch.net	3 redirects eb2.3lift.com
4	pr-bh.ybp.yahoo.com	3 redirects ssum-sec.casalemedia.com
4	eu-u.openx.net	u.openx.net
4	dsum-sec.casalemedia.com	googleads.g.doubleclick.net ssum-sec.casalemedia.com
4	fonts.googleapis.com	451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com
4	pixel.quantserve.com	3 redirects threatpost.com
4	ap.lijit.com	qd.admetricspro.com public.servenobid.com serverbid-sync.nyc3.cdn.digitaloceanspaces.com
4	fastlane.rubiconproject.com	qd.admetricspro.com
4	imasdk.googleapis.com	cd.connatix.com imasdk.googleapis.com
3	usersync.gumgum.com	g2.gumgum.com
3	sync.outbrain.com	3 redirects
3	aax-eu.amazon-adsystem.com	2 redirects
3	token.rubiconproject.com	3 redirects
3	sync.go.sonobi.com	public.servenobid.com serverbid-sync.nyc3.cdn.digitaloceanspaces.com
3	sync.1rx.io	2 redirects public.servenobid.com g2.gumgum.com
3	b1sync.zemanta.com	3 redirects
3	onetag-sys.com	1 redirects 451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com public.servenobid.com
3	sync.mathtag.com	3 redirects
3	sync.search.spotxchange.com	2 redirects googleads.g.doubleclick.net
3	u.openx.net	cds.connatix.com qd.admetricspro.com
3	acdn.adnxs.com	cds.connatix.com qd.admetricspro.com
3	js-sec.indexww.com	cds.connatix.com qd.admetricspro.com
3	adservice.google.com	tagan.adlightning.com 9582686.fls.doubleclick.net
3	adservice.google.de	tagan.adlightning.com adservice.google.com
3	unpkg.com	2 redirects
3	prebid.a-mo.net	1 redirects qd.admetricspro.com cds.connatix.com
3	c2shb.ssp.yahoo.com	qd.admetricspro.com
3	htlb.casalemedia.com	qd.admetricspro.com cds.connatix.com
3	teachingaids-d.openx.net	qd.admetricspro.com cds.connatix.com
3	hbopenbid.pubmatic.com	qd.admetricspro.com cds.connatix.com
3	btlr.sharethrough.com	qd.admetricspro.com
2	creativecdn.com	2 redirects
2	secure.adnxs.com	2 redirects
2	i.liadm.com	2 redirects
2	secure-assets.rubiconproject.com	2 redirects
2	ce.lijit.com	2 redirects
2	ssum-sec.casalemedia.com	1 redirects public.servenobid.com
2	ssbsync.smartadserver.com	public.servenobid.com g2.gumgum.com
2	code.createjs.com	s0.2mdn.net
2	sync.srv.stackadapt.com	2 redirects
2	pixel-sync.sitescout.com	451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com ssum-sec.casalemedia.com
2	sm.rtb.mts.ru	2 redirects
2	ads.yieldmo.com	451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com
2	pm.w55c.net	2 redirects
2	match.prod.bidr.io	2 redirects
2	sync.teads.tv	googleads.g.doubleclick.net
2	mug.criteo.com
2	gum.criteo.com	1 redirects
2	ad.doubleclick.net	tagan.adlightning.com
2	math-aids-threatpost-tagan.adlightning.com	tagan.adlightning.com
2	9582686.fls.doubleclick.net	1 redirects www.googletagmanager.com
2	c2shb.pubgw.yahoo.com	cds.connatix.com
2	www.google.de	threatpost.com
2	stats.g.doubleclick.net	www.google-analytics.com
2	kaspersky.d3.sc.omtrdc.net	media.kaspersky.com
2	img.connatix.com	threatpost.com
2	id5-sync.com	qd.admetricspro.com cdn.id5-sync.com
2	script.4dex.io	qd.admetricspro.com script.4dex.io
2	dpm.demdex.net	media.kaspersky.com threatpost.com
2	kasperskycontenthub.com	threatpost.com
1	pixel-us-east.rubiconproject.com	serverbid-sync.nyc3.cdn.digitaloceanspaces.com
1	tg.socdm.com	1 redirects
1	sync-tm.everesttech.net	1 redirects
1	bh.contextweb.com	1 redirects
1	ad.360yield.com	1 redirects
1	stags.bluekai.com	1 redirects
1	match.deepintent.com	g2.gumgum.com
1	sync.technoratimedia.com	g2.gumgum.com
1	sync.ipredictive.com	1 redirects
1	id.rlcdn.com
1	ads.yahoo.com
1	dsum.casalemedia.com	ssum-sec.casalemedia.com
1	casale-match.dotomi.com	1 redirects
1	sync.extend.tv	1 redirects
1	i6.liadm.com	serverbid-sync.nyc3.cdn.digitaloceanspaces.com
1	gift-connect-d.openx.net	serverbid-sync.nyc3.cdn.digitaloceanspaces.com
1	go.sonobi.com	serverbid-sync.nyc3.cdn.digitaloceanspaces.com
1	p.rfihub.com	1 redirects
1	pixel.33across.com	public.servenobid.com
1	g2.gumgum.com	public.servenobid.com
1	c.bing.com	eb2.3lift.com
1	serverbid-sync.nyc3.cdn.digitaloceanspaces.com	qd.admetricspro.com
1	sync.serverbid.com	1 redirects
1	public.servenobid.com	qd.admetricspro.com
1	cs.chocolateplatform.com	451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com
1	cms.quantserve.com	1 redirects
1	tech.rtb.mts.ru	1 redirects
1	cc.adingo.jp	451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com
1	gcm.ctnsnet.com	1 redirects
1	dclk-match.dotomi.com	451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com
1	a.rfihub.com	1 redirects
1	ssp.adriver.ru	1 redirects
1	dsp.adfarm1.adition.com	1 redirects
1	s.tribalfusion.com
1	a.tribalfusion.com	1 redirects
1	cm.adgrx.com	googleads.g.doubleclick.net
1	1f2e7.v.fwmrm.net	1 redirects
1	partners.tremorhub.com	googleads.g.doubleclick.net
1	px4.ads.linkedin.com
1	www.linkedin.com	1 redirects
1	snap.licdn.com	www.googletagmanager.com
1	t.co	threatpost.com
1	analytics.twitter.com	tagan.adlightning.com
1	rules.quantcount.com	secure.quantserve.com
1	geo.ipify.org	qd.admetricspro.com
1	cm.everesttech.net	1 redirects
1	kaspersky.demdex.net	tagan.adlightning.com
1	mp.4dex.io	qd.admetricspro.com
1	tlx.3lift.com	qd.admetricspro.com
1	static.ads-twitter.com	www.googletagmanager.com
1	secure.quantserve.com	www.googletagmanager.com
1	cdn.id5-sync.com	tagan.adlightning.com
1	secure.cdn.fastclick.net	tagan.adlightning.com
1	ins.connatix.com	cd.connatix.com
1	lit.connatix.com	cd.connatix.com
1	capi.connatix.com	cd.connatix.com
1	cd.connatix.com	1 redirects
1	media.kaspersky.com	threatpost.com
0	sync.inmobi.com Failed	451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com
0	ads.avads.net Failed	451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com
0	um.wbtrk.net Failed	451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com
581	162

This site contains links to these domains. Also see Links.

Domain
www.facebook.com
twitter.com
www.linkedin.com
www.youtube.com
feedly.com
www.instagram.com
cve.mitre.org
chromereleases.googleblog.com
cwe.mitre.org
www.clearskysec.com
securelist.com
blog.google
www.virustotal.com
bit.ly
akismet.com
t.co
media.threatpost.com

Subject Issuer	Validity	Valid
threatpost.com DigiCert TLS RSA SHA256 2020 CA1	`2021-06-02` - `2022-07-03`	a year	crt.sh
*.adlightning.com Amazon	`2021-06-24` - `2022-07-23`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-08-11` - `2022-08-10`	a year	crt.sh
assets.threatpost.com Amazon	`2022-01-05` - `2023-02-03`	a year	crt.sh
media.threatpost.com Amazon	`2022-01-05` - `2023-02-03`	a year	crt.sh
*.google.com GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
kasperskycontenthub.com DigiCert TLS RSA SHA256 2020 CA1	`2021-06-02` - `2022-07-03`	a year	crt.sh
www.google.com GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
media.kaspersky.com DigiCert TLS RSA SHA256 2020 CA1	`2022-03-31` - `2023-03-31`	a year	crt.sh
c.amazon-adsystem.com Amazon	`2021-07-06` - `2022-06-27`	a year	crt.sh
*.connatix.com Go Daddy Secure Certificate Authority - G2	`2021-08-20` - `2022-09-21`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
secure.cdn.fastclick.net DigiCert SHA2 Secure Server CA	`2022-01-15` - `2023-01-17`	a year	crt.sh
cdn.id5-sync.com R3	`2022-02-02` - `2022-05-03`	3 months	crt.sh
*.demdex.net DigiCert TLS RSA SHA256 2020 CA1	`2021-10-19` - `2022-11-19`	a year	crt.sh
*.id5-sync.com R3	`2022-03-08` - `2022-06-06`	3 months	crt.sh
*.quantserve.com DigiCert TLS RSA SHA256 2020 CA1	`2021-09-22` - `2022-09-21`	a year	crt.sh
ads-twitter.com DigiCert TLS RSA SHA256 2020 CA1	`2021-07-21` - `2022-07-26`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
*.sharethrough.com Amazon	`2021-08-13` - `2022-09-11`	a year	crt.sh
*.rubiconproject.com DigiCert TLS RSA SHA256 2020 CA1	`2022-03-08` - `2023-04-04`	a year	crt.sh
*.3lift.com Amazon	`2021-06-12` - `2022-07-11`	a year	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2022-02-11` - `2023-03-14`	a year	crt.sh
*.1rx.io Sectigo RSA Domain Validation Secure Server CA	`2021-06-01` - `2022-07-02`	a year	crt.sh
*.pubmatic.com DigiCert Baltimore TLS RSA SHA256 2020 CA1	`2021-08-04` - `2022-09-04`	a year	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2021-07-08` - `2022-08-08`	a year	crt.sh
san.casalemedia.com GeoTrust RSA CA 2018	`2021-12-12` - `2022-12-13`	a year	crt.sh
*.lijit.com Go Daddy Secure Certificate Authority - G2	`2021-03-11` - `2022-04-12`	a year	crt.sh
web.ssp.yahoo.com DigiCert SHA2 High Assurance Server CA	`2022-03-08` - `2022-08-31`	6 months	crt.sh
e.serverbid.com R3	`2022-01-17` - `2022-04-17`	3 months	crt.sh
*.a-mo.net R3	`2022-02-18` - `2022-05-19`	3 months	crt.sh
*.d3.sc.omtrdc.net DigiCert TLS RSA SHA256 2020 CA1	`2022-02-17` - `2023-03-07`	a year	crt.sh
*.ipify.org Sectigo RSA Domain Validation Secure Server CA	`2022-02-07` - `2023-03-10`	a year	crt.sh
*.twitter.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-03-07` - `2023-03-06`	a year	crt.sh
t.co DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-03-07` - `2023-03-06`	a year	crt.sh
*.doubleclick.net GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
www.google.de GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2022-03-01` - `2023-03-01`	a year	crt.sh
*.google.de GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
*.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-02-04` - `2022-05-03`	3 months	crt.sh
cdn.adnxs.com GlobalSign Organization Validated CA - SHA256 - G4	`2021-05-10` - `2022-06-11`	a year	crt.sh
teads.tv R3	`2022-03-23` - `2022-06-21`	3 months	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2021-03-18` - `2022-04-19`	a year	crt.sh
*.dotomi.com GlobalSign RSA OV SSL CA 2018	`2021-08-10` - `2022-09-11`	a year	crt.sh
*.yieldmo.com Amazon	`2021-05-25` - `2022-06-23`	a year	crt.sh
*.adingo.jp DigiCert TLS RSA SHA256 2020 CA1	`2021-03-26` - `2022-04-14`	a year	crt.sh
*.sitescout.com GeoTrust TLS DV RSA Mixed SHA256 2020 CA-1	`2021-12-15` - `2023-01-15`	a year	crt.sh
cs.chocolateplatform.com ZeroSSL RSA Domain Secure Site CA	`2022-03-31` - `2022-06-29`	3 months	crt.sh
tls.adobe.com DigiCert SHA2 Secure Server CA	`2020-06-01` - `2022-06-06`	2 years	crt.sh
public.servenobid.com DigiCert TLS RSA SHA256 2020 CA1	`2022-02-17` - `2023-02-17`	a year	crt.sh
*.nyc3.cdn.digitaloceanspaces.com DigiCert TLS RSA SHA256 2020 CA1	`2021-03-30` - `2022-04-30`	a year	crt.sh
www.linkedin.com DigiCert SHA2 Secure Server CA	`2022-03-28` - `2022-09-28`	6 months	crt.sh
*.bidswitch.net Sectigo RSA Domain Validation Secure Server CA	`2020-04-23` - `2022-05-04`	2 years	crt.sh
www.bing.com Microsoft RSA TLS CA 01	`2022-03-16` - `2022-09-16`	6 months	crt.sh
*.gumgum.com Amazon	`2021-06-05` - `2022-07-04`	a year	crt.sh
*.33across.com Sectigo RSA Domain Validation Secure Server CA	`2021-09-23` - `2022-09-30`	a year	crt.sh
*.onetag-sys.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-01-10` - `2023-01-03`	a year	crt.sh
*.smartadserver.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-01-25` - `2023-01-25`	a year	crt.sh
*.go.sonobi.com Go Daddy Secure Certificate Authority - G2	`2021-12-08` - `2023-01-09`	a year	crt.sh
*.emxdgt.com Go Daddy Secure Certificate Authority - G2	`2021-05-18` - `2022-06-19`	a year	crt.sh
*.ybp.yahoo.com DigiCert SHA2 High Assurance Server CA	`2022-01-18` - `2022-07-13`	6 months	crt.sh
ads.servenobid.com Amazon	`2021-06-28` - `2022-07-27`	a year	crt.sh
*.rlcdn.com Sectigo RSA Domain Validation Secure Server CA	`2022-02-03` - `2023-02-25`	a year	crt.sh
*.technoratimedia.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2021-09-17` - `2022-10-05`	a year	crt.sh
*.deepintent.com Go Daddy Secure Certificate Authority - G2	`2020-04-09` - `2022-06-08`	2 years	crt.sh
*.ad-server.k8s.ie.ggops.com Amazon	`2022-02-15` - `2023-03-16`	a year	crt.sh

This page contains 87 frames:

Primary Page: https://threatpost.com/google-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch/179103/
Frame ID: A2EC376AF34E6D34B7F727354D5DDB23
Requests: 154 HTTP requests in this frame

Frame: https://cds.connatix.com/p/157383/connatix.player.dc.js
Frame ID: FAC580EAA8371D6B85C1A875A81CF425
Requests: 23 HTTP requests in this frame

Frame: https://kaspersky.demdex.net/dest5.html?d_nsid=0
Frame ID: CDF8C3CF24AE9C808F9C4F744B308478
Requests: 1 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.508.0_en.html
Frame ID: 7B4AFE01D764612A2B10D609A146BD59
Requests: 1 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.508.0_en.html
Frame ID: 11133C34628C79D90BCB8B920E6B2C8F
Requests: 1 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.508.0_en.html
Frame ID: D9F99B3ED08098734EBC36B6A37F0FDD
Requests: 1 HTTP requests in this frame

Frame: https://cds.connatix.com/p/plugins/prebid6.7.0-1.js
Frame ID: B034A93A32DE8BC3569BF931E3AC30B3
Requests: 16 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: 7B8962A215D5727E55B78D12B6EBDD51
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: 691FE72A5297F0CF9ABF0F1CAF5B719C
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: 774BEF445311F1D7D11ECC13376A1455
Requests: 1 HTTP requests in this frame

Frame: https://9582686.fls.doubleclick.net/activityi;dc_pre=CKuQ0K7b-vYCFQRCHQkd_9EF-A;src=9582686;type=globalc;cat=globa0;ord=7566560208165;gtm=2od3u0;auiddc=923006472.1649085809;u1=B2C;u2=no_locale;u4=threatpost.com;u5=%2Fgoogle-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch%2F179103%2F;u6=;u7=67137029763871488484502456997303030235-1480618513.1649085808;u9=_google-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch_179103_;~oref=https%3A%2F%2Fthreatpost.com%2Fgoogle-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch%2F179103%2F
Frame ID: 931EC5C51DBC457BEB750D767B0EC251
Requests: 1 HTTP requests in this frame

Frame: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 0DF2A49CB718B9B7D8D8E1646BED0054
Requests: 1 HTTP requests in this frame

Frame: https://adservice.google.com/ddm/fls/i/dc_pre=CKuQ0K7b-vYCFQRCHQkd_9EF-A;src=9582686;type=globalc;cat=globa0;ord=7566560208165;gtm=2od3u0;auiddc=923006472.1649085809;u1=B2C;u2=no_locale;u4=threatpost.com;u5=%2Fgoogle-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch%2F179103%2F;u6=;u7=67137029763871488484502456997303030235-1480618513.1649085808;u9=_google-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch_179103_;~oref=https%3A%2F%2Fthreatpost.com%2Fgoogle-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch%2F179103%2F
Frame ID: 0A757AB836B01908515C3B50967E0A49
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: F753CE1D5F5257EB02516EBCC6123402
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 243FB46B83EB484002C5B0D20687578C
Requests: 2 HTTP requests in this frame

Frame: https://adservice.google.de/ddm/fls/i/dc_pre=CKuQ0K7b-vYCFQRCHQkd_9EF-A;src=9582686;type=globalc;cat=globa0;ord=7566560208165;gtm=2od3u0;auiddc=923006472.1649085809;u1=B2C;u2=no_locale;u4=threatpost.com;u5=%2Fgoogle-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch%2F179103%2F;u6=;u7=67137029763871488484502456997303030235-1480618513.1649085808;u9=_google-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch_179103_;~oref=https%3A%2F%2Fthreatpost.com%2Fgoogle-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch%2F179103%2F
Frame ID: 7302CF5FD5381A730F30DB61EC775885
Requests: 1 HTTP requests in this frame

Frame: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 74213F669DF964FB8CD18F4BA36964A6
Requests: 12 HTTP requests in this frame

Frame: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 2130B689127AE0852742FB26043601E8
Requests: 12 HTTP requests in this frame

Frame: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: B5CC7A47F9F2894C55EC08572278B721
Requests: 12 HTTP requests in this frame

Frame: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 43BF55650691B09232EDA3BE820DD54F
Requests: 9 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPv1SRDa1sb8Ahi5tqbAATAB&v=APEucNV1lM3i98qKgxtwNkrLLZ2G24cLJ90wA3DLT3G4XVxWir0-LKKjPRiLRN23FyUSkrgwGIbFoHjky9K3Lm74cyP_C1iKjnRbv8n4tZssdANj3-ziFak
Frame ID: 435737FEFE26A52FB6A4C4846F58F5BA
Requests: 4 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPv1SRDa1sb8AhjN56XAATAB&v=APEucNV6qefQOhiPs6_Yo6V6IYXpX-kU_DF_XhBiUBIdDP9wtyoevKoGBY5FI7Vva0LzYCjdEzbCXgBPrxvL2xtwiLy5Qbau3Vytw_Y-2JlTEsebd7YWozE
Frame ID: F1285265E878E222928AC22A3E8E363E
Requests: 4 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CIvVChCpn9ACGPfdpsUBMAE&v=APEucNV3RLWqTTI4GmOVyH3X4jtSB4NwOeE8hJ1-nOepw-NpAzpAHBLwhesNXCzBeOap7KpxW3Kq1LbhTvH9CPkuGnD4yPq9r-f3V4TpEcAJCmQEYRZi8Vc
Frame ID: BB09906E8A99FD7C90406501628C9B47
Requests: 5 HTTP requests in this frame

Frame: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Frame ID: 3AA910C443E41EA50C47FA40AA7F6C6C
Requests: 8 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Frame ID: 9A169563DB5883661CE3BEDFAD7A6265
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 8DDA3C88493A4957F72F0CC34C9FB440
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 2D4789B1BB205CCDF95BC7D730D68DAA
Requests: 1 HTTP requests in this frame

Frame: https://ad.doubleclick.net/ddm/adi/N7171.3054164TW_ORGANIC/B27119434.326276386;dc_ver=85.248;dc_eid=40004000;sz=728x90;u_sd=1;gdpr=0;dc_adk=3037181502;ord=xhg51e;click=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCZ2xNcA1LYoLAK9DugAfQt7zwCo3TqLRp6q_FpsoPv87z_QgQASD5m_GEAWCV4qaCsAfIAQmoAwGqBJgCT9BGSceuREMVWcwQxYcpenxyIUDC__EvH-MFc98Cb6zA7dOefx5gjBtyrFt0-Jd2orNvIJNOnefKaCfbvvVQiWZHj9jyEYqw_XjAy4tFrXQHzAxc9LR6jiEyyX60ghhnp-6ddFutHrkBEDp8LFXXo8YvrIrYdI5TnNroXns_o6R_n5esyfQjIBUlihO7lTw5OXfqPRco0mUIjxiEwiHkhecF8q5JCTx0xtgGw-GbdBNTmYdGVQ5kAgtosyNGBRNJR4l7akNPRJVHF8HH4lEc-z4oKygGm6SFN11l73xUTzg5E-984Romvx7cfaytXplAakB8TcHP_Qqh0CQ-CTUADQYSGDfb2XDviGW8eko2uadbn_CUZtcDaMAE5Oi8uo0E4AQDkAYBoAZNgAegzvb6AqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiIYRABGB2ACgOYCwHICwGADAGwE7iu4Q7QEwDYEwPYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAASJ-RoFvgNbJcoxvsfsAoUoIjVl3Dd7I-hmomqxElX-VcMLspX01JcbQ%26sig%3DAOD64_1f1njkMJ8_CdhANxZovO9Gft20wA%26client%3Dca-pub-4113681882311455%26dbm_c%3DAKAmf-Bb04MlEHYS2AzS-5upnHE7hgCqARHH3Di9GqTH9OPOH-gxDPhwOa8hn2v1LFTmguyFbOTgEda0s-plogMC4NucvvJ_Giy2mYgkc7ntZoS1gw2EblBKkFzNkiuz1KGMRLtc9TF-xsWrAObbjufv_914blFSJw%26cry%3D1%26dbm_d%3DAKAmf-DF-z3fMs-deO4gm4pjceRzoDkQzggITd-lnDvX78OyQtrpD18DAbKxJmfVCXL9EwgiUENvjOJp0bD60TA5szobPKAwH44_S7SIu7L20mUDFmMH5oNCLmB4oXjAlzh-zvUdKg3VbpBHY1DSZhcbv8WHByLg8Z-RuKISX-k_UY6cQc7BDuTfwkPV9cgTi66NypTF5LejFyXC1hAKFXTcUg3JHf5zfUEfTAD3Ik_hDW1rWgZcdzK0QfcRWYqS1AIAdY9ZQRN4rahCSBEKUklhIN0ggdrlW_VVPzT_qZITsrdpG8tv09EzMeajKGt_b9WKggezU9c-aMHITsSKMvIEeH17S2sR-1TZJjjU4BLHe9fQu-jCDk0vXQyn0DVHmPsYKGltIKkCTrTyf-SQzMb4Xzm4zz_Ir2-9AU-x2NW1wOT6wzc4tOdANh1FkN4AuvJw4OAvhbsRoOvdpv35A1rfmCFHmwWIxI1GufibVvwurO-0y-vYNNxsrloTTH1GlfvarrXxq0pvzB6suQxzJyp4Gx2WZUDggJbeON5lq7oqieU3LRS3yE4%26adurl%3D;uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.;dc_rfl=1,https%3A%2F%2Fthreatpost.com%2F$0;xdt=1;crlt=8g4DImoWCr;gcsr=m;sttr=102;prcl=s
Frame ID: DD1DF31CDBDDDB3F686996F0D1C2ED36
Requests: 1 HTTP requests in this frame

Frame: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 69A5328E203A1B4F610E91D8154CED1F
Requests: 14 HTTP requests in this frame

Frame: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: C8AE868B58644DA3DCA779A0F40E12A9
Requests: 13 HTTP requests in this frame

Frame: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 4DE6AA92C7F5009DBFD3EF0EF4A49348
Requests: 16 HTTP requests in this frame

Frame: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 947129CD25D9D36A34FFD32803A9ECDA
Requests: 7 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPv1SRDa1sb8AhjN56XAATAB&v=APEucNX1RWWT8vp13clGEZMCSPnfYoxcAt2F_DuAowFyKuhk8wgvw2hYe39DUgpgN4Chkbk_QinO78Gf5hgYPb_rtSZzfvwmYvlpK9UfwCIHMZDOa8_hmFM
Frame ID: FA31DC3BD1C9BFD7902870DA3F76334B
Requests: 4 HTTP requests in this frame

Frame: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Frame ID: 6743AF78E17CB251D90EFF2DDF736D54
Requests: 8 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CIvVChCpn9ACGPfdpsUBMAE&v=APEucNV5dI76KvFaX0L2r-4ewI5zbwJd0Qb64Nkiavc5_oNLO8SlFg_KAbbsPGpbI5In3QfitjA5FPVHgdLC7zYfqJTMGPY604gNfaIcmeoV85P2qRjFJOo
Frame ID: 041EE76465E07A35640D277DF32176A4
Requests: 5 HTTP requests in this frame

Frame: https://js-sec.indexww.com/um/ixmatch.html
Frame ID: 58E1896DC9AB37DE3AB42297D99D24B2
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156858&gdpr=0&gdpr_consent=
Frame ID: FA5AD771C6868B7F685B70EC20C8BAFD
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: E389F2A9634535B05B26364CE5FF6887
Requests: 3 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156858&gdpr=0&gdpr_consent=
Frame ID: 8C8029BE6B035E24702CC783589907A2
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: 500D3BBBDE5769B1CE9EFD40B6770587
Requests: 3 HTTP requests in this frame

Frame: https://u.openx.net/w/1.0/pd?gdpr=0&gdpr_consent=
Frame ID: 16AA5315C72B4C4FF6B4545C80BFD162
Requests: 7 HTTP requests in this frame

Frame: https://u.openx.net/w/1.0/pd?gdpr=0&gdpr_consent=
Frame ID: 92B7CBC03AD4A8364D20E1C5BB75FD95
Requests: 7 HTTP requests in this frame

Frame: https://js-sec.indexww.com/um/ixmatch.html
Frame ID: B7B86B388CF88E2890BBA5DE29956708
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPv1SRDa1sb8Ahi5tqbAATAB&v=APEucNU8_W64Kx47TqNnhmBWRUnQb76enBQVThE2oMZm19uAkeHDBDPlQac51Wuj1Qv2WhACFc1jk2_9ipLhiXTmMw0KqoG2I8_DKrGZxZ0BaFGElCR4KQs
Frame ID: 0BE30CC39BF92D3E85081907CBC10CC4
Requests: 4 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 3E93889141BE9C047FB43557F16F7F21
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 9E6A12674FDD603F1C3D00072ACCB99D
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: D6CBBCF5F39BB26978609C874984AA25
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 89B8B5E08CE7FF63DDFB0EE91D043856
Requests: 3 HTTP requests in this frame

Frame: https://ad.doubleclick.net/ddm/adi/N7171.3054164TW_ORGANIC/B27119434.326276386;dc_ver=85.248;dc_eid=40004000;sz=728x90;u_sd=1;gdpr=0;dc_adk=3037181502;rc=1;ord=ydlnf6;click=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCRYrZcg1LYpuCG8uYgQf8q7HIBo3TqLRp6q_FpsoPv87z_QgQASD5m_GEAWCV4qaCsAfIAQmoAwGqBJICT9AP0i6xwmmF903ilmQJjDyaKei8Dis33YHptyNlcYOTECdNpgb7Vo9Wy3PnFgnkBcIbmUqo9CLlKQT8chHCEtCJ64-WtN0ySN2VGwuV-t4hCkOcs_JJRRDPEcoIXeRpwE88Kskmo_tbnUVZrkdGzVx3tWabakwzrSVoAwHOQqoxP7BQNvs7h4zHPQUsdYobtDdhmrGrqkSfla5GGa1QzonmW7MImJFAe7GpzEzicPt1IK2WTdli0WdeHnZ6OEApMfGrPzC37oFQIMfulz71hNuWyxHXfirspH5ZNCvgJl0P7cRBfBTDQje2H-csV_cfM0PbiJrS0KeIH9FR_wq9xfzvkiLrW4D_n7wz8fiF2R6q78AE5Oi8uo0E4AQDkAYBoAZNgAegzvb6AqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiAYRABGB2ACgOYCwHICwGADAGwE7iu4Q7QEwDYEwPYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAASJORo2FIzl4o_MR7vOwEOPhnm0S_DMHOCJvPhuamMdjtqNMxbXQ%26sig%3DAOD64_19l8cl61lU2hcU0cmGS88MTJ9SlQ%26client%3Dca-pub-4113681882311455%26dbm_c%3DAKAmf-ArmQ_k2akOq8TgpcNlmww2R3EjKxaVonNaXQVQZ6Xh-uqKexbeAnSl1odE6LLcHGxZh-2R6O63G2mnSlYmJutoXdsrW3QlDdWEDkiBWY2xfsoDXj69rJMbNOnP2FtzI4_mThtIAEJx4IzMn-Vbpnx73_DAow%26cry%3D1%26dbm_d%3DAKAmf-DiIrXwzSnn7JlWXTwhHqD0NlrmLaheN_6XPcJRGAsaX-GOqije0uA4bt9Xs9RMIx5hEaFxSE1Y22rindbueRYBLTztieNqeeGKaI4vhJhK7-5d8u0gVe1T0r0fiT35CLNAhdBd7xSN516S7rcQIenrbxP2ds1tHpDt_PgRr200TzQFc4jLLQtEXC3wVFI3LzMUHawFMmVU22kTAfYpibJODhp5_wg84LrVCsYY0_vSIFBfh7bcK_CDxSw0A5076o8Y_63xojeNEyYSbWlhXfFe9cg85D_Dq_zqN0qJBVHJojsr0qCCrLC73m-a-b4hrLIdWNOP5lQuAW7gXZURphr43_j-8z6KRWh6jeqEyX6K4b4_XKPf6eS2zeqXhL1jwgPFcDDyRKeyBS6-1KrgXeEaRCyX3xtK1wmB2jDkDUxvqr4jqBT9n4_q6ovuCUiEgl9Ve7gqGDMeSTNI5f6R9kkVPzJOh9yhCIzeqkje8UUS0fNfbp4w6Afcafqknp2JvQaPfc3w1Dhfjyu2HFp-hoxnrWEM30Q2CNhzbGlXu5EdSwRYjUY%26adurl%3D;uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.;dc_rfl=1,https%3A%2F%2Fthreatpost.com%2F$0;xdt=1;crlt=8g4DImoWCr;gcsr=m;sttr=95;rcsrc=h;prcl=s
Frame ID: AB9CA272191B10E82650AB0DB64840BF
Requests: 8 HTTP requests in this frame

Frame: https://ad.doubleclick.net/ddm/adi/N7171.3054164TW_ORGANIC/B27119434.326104590;dc_ver=85.248;sz=300x250;u_sd=1;gdpr=0;dc_adk=2004672148;ord=thc4tj;click=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCt6Axcg1LYpyCG8uYgQf8q7HIBo3TqLRpsrHFpsoPv87z_QgQASD5m_GEAWCV4qaCsAfIAQmoAwGqBJgCT9CSflIKdjJh76ZEphDtVeHAudg_UJdernnLQzsAcuxni2bF2IeTeR5WvVe63wn6ETOUHCtrxKM6Gv_N6BaRTaj5u3cAaZ2Yayka9gd9U7tcHLlzHxE1qs28SfFtCe7PcGtWgWpLtRK8xpHEX0T3rlAv-n8uKoCnv05j06Zah6cde9fGA1xBxYtnoH3qu7QnSLI1qtguuevDw49-VMAOxPWNpn9IifuUozdldCfp7rKF1Km61bGq-Ka-aXUQyaXviE3lVB5mrKVXC7Y-HJUoPX4KiGDuVzuRibfUwJAJinzYdwuaQHnyncyWRrZ-jdXDdCVBJoclM5jQAcs1tjKI8Tsw-GYCRSzlPWVMJyQjhGgY0uiqLqw77sAE5Oi8uo0E4AQDkAYBoAZNgAegzvb6AqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiAYRABGB2ACgOYCwHICwGADAGwE7iu4Q7QEwDYEwPYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAASJORoH_D-AVm3-lMEVFXjguhBCUzQ31Op7v_EJUUO1D6gWwUPNw%26sig%3DAOD64_1Ifd83NfSp77wWLG13IWJ_Xn-WEw%26client%3Dca-pub-4113681882311455%26dbm_c%3DAKAmf-CraVKk-C0_PyVU3-KDIfmx-JaCd-P_e8Om0P_RN_6MpDMNPs3pW4t_3zXdbpY6nzknBNiaFZss08dc4haL8ODn0xwHYhfb69Tp0OxtxKuvc-R_xdWjwhOhIEupPJpJn1x1AZDQ8zLTT3Eg4_HezWMRI1GQ7Q%26cry%3D1%26dbm_d%3DAKAmf-B0YyRTtUDewsEDRfO8f6VY9oGKJFRy-EtGnhuJnwArcQDBR90SjKocUliB71FyXwqV5ZC9OIqDTSIvXbdIOweP9fkK73fIrmQNIeimxQQ_PgN2dbEajBoCpSeIkxLClqS8d1-nEVSvdZ048RkQHZLFR7ojdgn9Jn661LFaCEfDqKh44O6gMm2R6Yd61GVjxlLoeOxbpNtji972dtkYwGCXCPOIUUmLdaKZoScM7jiuAcFUU6DeQwwIxQaaCflU-j7NUX5tr6N2xQgfmjr6re7MHdfcob2cr1RsI4qcSrQ_D0klCwJGoY-fYzDAyyBBG5Kt1h8gMVoeQCDWFrr2vojF8eLpywUg6CJdM6cAjJ_R7TCZAVt5T_Lx1KZoOS8m-PnAg7B53jkTN-2-ZHmSLfyCz2o4g7AgaiuneJrIdPPM32hqKftvN95leWLCZlUy2QRGmtuy00_IRGrmFwAHjUycSXEUstRDpWxEfjPzDXODoUZS9IYqw4SyEjQY4FzjkQHftMBY53sZWt6exbG4f2VvSeBnZB9AfWH7B-nJePrxax32oUE%26adurl%3D;uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.;dc_rfl=1,https%3A%2F%2Fthreatpost.com%2F$0;xdt=1;crlt=8g4DImoWCr;gcsr=m;sttr=119;prcl=s
Frame ID: C305BEB1B011CCB53ABF3163A4C1F1C4
Requests: 8 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/2935049498588202523/index.html
Frame ID: 952ED016E1A77D732E99E18EA30D3A9D
Requests: 13 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 0F59F78F87405999FA57FB5B14D51C10
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 5A80F5AF5803F308BDD3A0B6D867A6CD
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 5190F66F51FD0CC64F7818B07029A6F2
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 12B6BC5F151E9AE7053CB9DB047A4316
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: D3AFDF5F0EABFC8B5BB40C49E292E622
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 878D3C279FB3652AA59813129904DC5F
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/17907679525311717772/mandiant_constant_728x90/index.html
Frame ID: DA2A98B01FA27FBF97D5454F446BB19F
Requests: 10 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/760597265565128165/mandiant_names_300x250/index.html
Frame ID: 8EE6BB1AEF0B4678A0335BC9E51EA286
Requests: 14 HTTP requests in this frame

Frame: https://eb2.3lift.com/sync?&ld=1
Frame ID: D9DE9E33B2D26D90E80651EA3AF01F4C
Requests: 11 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: 037DF0F5C4147439C79FCD8C4FA3A678
Requests: 3 HTTP requests in this frame

Frame: https://public.servenobid.com/sync.html
Frame ID: C20555C98208D1C11742686E4B5CEB28
Requests: 9 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html
Frame ID: 915A93009251696D5155C9F4787FFDD1
Requests: 10 HTTP requests in this frame

Frame: https://u.openx.net/w/1.0/pd
Frame ID: E1D22E49A7940E61558C1A0F4BC3735A
Requests: 1 HTTP requests in this frame

Frame: https://ap.lijit.com/beacon?informer=13394437
Frame ID: F5DDE53B8744675C660E2498919BA5AA
Requests: 1 HTTP requests in this frame

Frame: https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/2000891.html
Frame ID: 4EB3CEE1597B61EB1E0A6B3B1B3BC706
Requests: 8 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156858
Frame ID: 072646044C2CF3A636552803F7F19F78
Requests: 1 HTTP requests in this frame

Frame: https://js-sec.indexww.com/um/ixmatch.html
Frame ID: 0AC25FFA681AD350CCBC475A6CC6D621
Requests: 1 HTTP requests in this frame

Frame: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Frame ID: 432819FF3708CAE7EA040654A9DB69D7
Requests: 16 HTTP requests in this frame

Frame: https://pixel.33across.com/ps?m=xch&rt=html&id=0010b00002Mq2FYAAZ&ru=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D304%26uid%3D33XUSERID33X
Frame ID: DBD637059F242D5FCDA5CF38F32F6CE8
Requests: 1 HTTP requests in this frame

Frame: https://onetag-sys.com/usync/?pubId=694e68b73971b58&gdpr=0&gdpr_consent=&us_privacy=1YN-&https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D318%26uid%3D
Frame ID: 4B38AE1285FC77D10BFCD85D9B4D192F
Requests: 1 HTTP requests in this frame

Frame: https://ssbsync.smartadserver.com/api/sync?callerId=9&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D317%26uid%3D%24UID
Frame ID: 61A7E0C92F91813273C8FCCB797029AD
Requests: 6 HTTP requests in this frame

Frame: https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D
Frame ID: 0E4BB4312915B527E30BE492AEDF61BB
Requests: 10 HTTP requests in this frame

Frame: https://cs.emxdgt.com/um?ssp=pbs&redirect=https%3A%2F%2Fe.serverbid.com%2Fudb%2F9969%2Fsync%2Fi.gif%3FpartnerId%3D44%26userId%3D%24UID
Frame ID: 2D8213F4A3330A22EF72B54F7B15D288
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?p=17632&endpoint=us-east
Frame ID: B82EC20F3B70C3D12BE89FF7731A6881
Requests: 3 HTTP requests in this frame

Frame: https://go.sonobi.com/uc.html?pubid=e55fb5d7c2
Frame ID: A900D54CC0298018AB194A645FB9036A
Requests: 1 HTTP requests in this frame

Frame: https://gift-connect-d.openx.net/w/1.0/cm?id=fd531c74-f5ed-4e60-8874-939fb2acafa1&r=https%3A%2F%2Fe.serverbid.com%2Fudb%2F9969%2Fsync%2Fi.gif%3FpartnerId%3D19%26userId%3D
Frame ID: B24F5F203CFE4D2226F75BEC867FD2A0
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156319&userIdMacro=PM_UID&predirect=https%3A%2F%2Fe.serverbid.com%2Fudb%2F9969%2Fsync%2Fi.gif%3FpartnerId%3D4%26userId%3DPM_UID
Frame ID: 6C3F7C1433C7523FA3685ADB4BAA599D
Requests: 1 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usersync?b=mmh&i=3039624b-0d74-4700-b428-ff9fe7626b72&gdpr=0&gdpr_consent=
Frame ID: 8452DEA09CC30D730FF6CFB52149F1B6
Requests: 1 HTTP requests in this frame

Frame: https://usersync.gumgum.com/usersync?b=atm&i=YksNbwAAAK5spAP0&gdpr=0&gdpr_consent=
Frame ID: 79E894C6A10F272CDF85D8FD8ED4198D
Requests: 1 HTTP requests in this frame

Frame: https://cm.g.doubleclick.net/pixel?google_nid=gumgum_dbm&google_hm=ZV8xYmVhNjczNS1kYjdkLTQzMTUtYjM1MC1mMzAxNTdkNWFkNmE=&gdpr=0&gdpr_consent=
Frame ID: 82FB97D1E1D4DA3F231D395241382F39
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=0&gdprConsent=
Frame ID: 3BD503DDFD61F1148895AADD2AED6810
Requests: 1 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usersync?b=ttd&i=6766d44e-e80f-4f86-93fa-4ff419910582&t=1651677814
Frame ID: EF200E4889AE730E4F1D15770A04D559
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?p=gumgum
Frame ID: F4CFB2C21230272EB9BD485D2DDCAFBF
Requests: 3 HTTP requests in this frame

Frame: https://usersync.gumgum.com/usersync?b=emx&uid=6514661878502015300brt18711649085814339617f1
Frame ID: D60DF3557DC1541A2F6ED853583EFAEC
Requests: 1 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usersync?b=sus&i=YksNdsCo5tAAAMJwevEAAAAA
Frame ID: 895CEF54AEB2736AE640F082CC1FDDF3
Requests: 1 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usersync?b=rth&i=E9H03ZLi7ugWcW0gJcGL&pi=gumgum&tc=1
Frame ID: 507212067E9C19F6C3203405F17D92D4
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Google Chrome Zero-Day Bugs Exploited Weeks Ahead of Patch | Threatpost

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
/wp-(?:content|includes)/

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

DoubleClick for Publishers (DFP) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googletagservices\.com/tag/js/gpt(?:_mobile)?\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

Prebid (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

/prebid\.js
adnxs\.com/[^"]*(?:prebid|/pb\.js)

PubMatic (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.pubmatic\.com

Quantcast Measure (Analytics) Expand

Overall confidence: 100%
Detected patterns

\.quantserve\.com/quant\.js

Rubicon Project (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.rubiconproject\.com

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

reCAPTCHA (Captchas) Expand

Overall confidence: 100%
Detected patterns

/recaptcha/api\.js

Page Statistics

581
Requests

83 %
HTTPS

26 %
IPv6

97
Domains

162
Subdomains

108
IPs

12
Countries

7126 kB
Transfer

17243 kB
Size

120
Cookies

20 Outgoing links

These are links going to different origins than the main page.

URL: https://www.facebook.com/Threatpost/

Search URL Search Domain Scan URL

URL: https://twitter.com/threatpost/

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/threatpost/

Search URL Search Domain Scan URL

URL: https://www.youtube.com/user/threatpost

Search URL Search Domain Scan URL

URL: https://feedly.com/threatpost

Search URL Search Domain Scan URL

URL: https://www.instagram.com/Threatpost/

Search URL Search Domain Scan URL

URL: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0609
Title: CVE-2022-0609

Search URL Search Domain Scan URL

URL: https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop_14.html
Title: an update

Search URL Search Domain Scan URL

URL: https://cwe.mitre.org/data/definitions/416.html
Title: use-after-free

Search URL Search Domain Scan URL

URL: https://www.clearskysec.com/operation-dream-job/
Title: Operation Dream Job

Search URL Search Domain Scan URL

URL: https://securelist.com/operation-applejeus/87553/
Title: Operation AppleJeus

Search URL Search Domain Scan URL

URL: https://blog.google/threat-analysis-group/countering-threats-north-korea/
Title: a blog post

Search URL Search Domain Scan URL

URL: https://blog.google/threat-analysis-group/new-campaign-targeting-security-researchers/
Title: reported on

Search URL Search Domain Scan URL

URL: https://www.virustotal.com/gui/file/03a41d29e3c9763093aca13f1cc8bcc41b201a6839c381aaaccf891204335685
Title: exploit kit

Search URL Search Domain Scan URL

URL: https://www.virustotal.com/gui/file/295c20d0f0a03fd8230098fade0af910b2c56e9e5700d4a3344d10c106a6ae2a
Title: trojanized cryptocurrency applications

Search URL Search Domain Scan URL

URL: https://bit.ly/3Jy6Bfs
Title: FREE downloadable eBook

Search URL Search Domain Scan URL

URL: https://akismet.com/privacy/
Title: Learn how your comment data is processed

Search URL Search Domain Scan URL

URL: https://t.co/BPJICAG9rN
Title: https://t.co/BPJICAG9rN

Search URL Search Domain Scan URL

URL: https://twitter.com/threatpost
Title: Follow @threatpost

Search URL Search Domain Scan URL

URL: https://media.threatpost.com/wp-content/uploads/sites/103/2021/12/09015533/ThreatpostMK_TEMPLATE.pdf
Title: Advertise With Us

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 45

https://cd.connatix.com/connatix.player.js HTTP 302
https://cds.connatix.com/p/157383/connatix.player.dc.js

Request Chain 122

https://cm.everesttech.net/cm/dd?d_uuid=60126495426056198183468076719881961345 HTTP 302
https://dpm.demdex.net/ibs:dpid=411&dpuuid=YksNbwAAAK5spAP0

Request Chain 169

https://unpkg.com/web-vitals HTTP 302
https://unpkg.com/web-vitals@2.1.4 HTTP 302
https://unpkg.com/web-vitals@2.1.4/dist/web-vitals.umd.js

Request Chain 178

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=39138&time=1649085808492&url=https%3A%2F%2Fthreatpost.com%2Fgoogle-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch%2F179103%2F HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D39138%26time%3D1649085808492%26url%3Dhttps%253A%252F%252Fthreatpost.com%252Fgoogle-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch%252F179103%252F%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=39138&time=1649085808492&url=https%3A%2F%2Fthreatpost.com%2Fgoogle-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch%2F179103%2F&liSync=true HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=39138&time=1649085808492&url=https%3A%2F%2Fthreatpost.com%2Fgoogle-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch%2F179103%2F&liSync=true&e_ipv6=AQJQHn2F9P3OOgAAAX_1LIGkV1VG9I6HEwkEvdlw7tahfiN7VegmNsrt61kCbrTH-qmqW7LF3U1J8czb6cKwpuFC1LovVg

Request Chain 181

https://9582686.fls.doubleclick.net/activityi;src=9582686;type=globalc;cat=globa0;ord=7566560208165;gtm=2od3u0;auiddc=923006472.1649085809;u1=B2C;u2=no_locale;u4=threatpost.com;u5=%2Fgoogle-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch%2F179103%2F;u6=;u7=67137029763871488484502456997303030235-1480618513.1649085808;u9=_google-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch_179103_;~oref=https%3A%2F%2Fthreatpost.com%2Fgoogle-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch%2F179103%2F HTTP 302
https://9582686.fls.doubleclick.net/activityi;dc_pre=CKuQ0K7b-vYCFQRCHQkd_9EF-A;src=9582686;type=globalc;cat=globa0;ord=7566560208165;gtm=2od3u0;auiddc=923006472.1649085809;u1=B2C;u2=no_locale;u4=threatpost.com;u5=%2Fgoogle-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch%2F179103%2F;u6=;u7=67137029763871488484502456997303030235-1480618513.1649085808;u9=_google-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch_179103_;~oref=https%3A%2F%2Fthreatpost.com%2Fgoogle-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch%2F179103%2F

Request Chain 255

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm&gdpr=0 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEClFc2DPTgNTMjpvCu-jGwg&google_cver=1&gdpr=0

Request Chain 256

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&gdpr=0&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgdpr%3D0%26google_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&gdpr=0&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?gdpr=0&google_nid=casale_media2_dsp_secure&google_cm&google_hm=YksNct4UTVn3MBHk14kPKAAA

Request Chain 258

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm&gdpr=0 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEClFc2DPTgNTMjpvCu-jGwg&google_cver=1&gdpr=0

Request Chain 259

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&gdpr=0&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgdpr%3D0%26google_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&gdpr=0&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?gdpr=0&google_nid=casale_media2_dsp_secure&google_cm&google_hm=YksNct4UTVn3MBHk14kPKAAA

Request Chain 260

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm&gdpr=0 HTTP 302
https://ib.adnxs.com/setuid?entity=101&gdpr=0&code=CAESEIlJeqKtlwOY6iWip9Yozqc&google_cver=1

Request Chain 261

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjUxNDY2MTg3ODUwMjAxNTMwMA%3D%3D

Request Chain 262

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm&gdpr=0 HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEK6JOiNqmC1zGYTi6YgLauM&google_cver=1&gdpr=0

Request Chain 263

https://us-u.openx.net/w/1.0/cm?id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&gdpr=0&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=NDNlYWNmNGQtZTkwZi0yMzQ4LWQ1ZjEtNTIyZTg2ZDc1YjJk

Request Chain 320

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fthreatpost.com%2F&domain=threatpost.com&cw=1&lsw=1 HTTP 302
https://mug.criteo.com/sid?cpp=a1gJuHxHNU9NYTZMdzJVVyt5TG4xRDFTNHd6dkZCTWVDVHVGTGVXeHN5UzBOZEtTSnY5ZERNYmw5bXZhd3NBQ01iandXUENuMUZzQjk1ZDREVmVUMkxBL2pPeXZwWTFkekE1WFYwelVld2ZDRHJOZ3VmcTdBaGFUYllMaVNMZTFxVlB1SFNMYWlhaGVaYkFnTGJ5YUZ1SjV4MXJaL0U0YWJqN3ppZEtLZGZxNk1ZUEova0JMTFJ4YnBuNER6U2RXT3hTTTNLNHJkc3hnWVVCbGEvVzRUZ0FSQi83T25qZjRkc0RNc2hZRWtWdEcrWlUwPXw&cppv=2

Request Chain 331

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm&gdpr=0 HTTP 302
https://sync.teads.tv/um?eid=3&uid=CAESEDmCG16VwDtB-ktEhFneOIM&google_cver=1&gdpr=0

Request Chain 333

https://cm.g.doubleclick.net/pixel?google_nid=tremor_video_dbm&google_cm&google_dbm&gdpr=0 HTTP 302
https://partners.tremorhub.com/sync?UIGL=CAESENZ2uz6Amfp-lGRs6EZBaao&google_cver=1&gdpr=0

Request Chain 334

https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_cm&google_dbm&gdpr=0 HTTP 302
https://sync.search.spotxchange.com/partner?adv_id=7025&gdpr=0&uid=CAESEE5ypaI5XbqDNFJ6ReLxW2A&google_cver=1

Request Chain 335

https://sync.search.spotxchange.com/partner?adv_id=7025&gdpr=0&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID HTTP 302
https://sync.search.spotxchange.com/partner?adv_id=7025&gdpr=0&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID&__user_check__=1&sync_id=30246eb1-b42b-11ec-9926-10ffbde80206 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=MzAyNDZlNzUtYjQyYi0xMWVjLTk5MjYtMTBmZmJkZTgwMjA2

Request Chain 336

https://cm.g.doubleclick.net/pixel?google_nid=adtech_dbm&google_cm&google_dbm&_origin=1&gdpr=0 HTTP 302
https://pixel.advertising.com/ups/55946/sync?uid=CAESEGEah9YPRo8IdRd_YjPOaJ8&_origin=1&gdpr=0&google_cver=1 HTTP 302
https://ups.analytics.yahoo.com/ups/55946/sync?uid=CAESEGEah9YPRo8IdRd_YjPOaJ8&_origin=1&gdpr=0&google_cver=1&apid=UP301e2d0f-b42b-11ec-8de4-0254f87e0f0c

Request Chain 337

https://pixel.advertising.com/ups/55946/sync?_origin=1&gdpr=0&redir=true HTTP 302
https://pixel.advertising.com/ups/55946/sync?_origin=1&gdpr=0&redir=true&verify=true HTTP 302
https://ups.analytics.yahoo.com/ups/55946/sync?_origin=1&gdpr=0&redir=true&apid=UP301e2d0f-b42b-11ec-8de4-0254f87e0f0c HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=adtech_dbm&google_hm=VVAzMDFlMmQwZi1iNDJiLTExZWMtOGRlNC0wMjU0Zjg3ZTBmMGM%3D&gdpr=0&gdpr_consent=

Request Chain 338

https://sync.mathtag.com/sync/img?mt_exid=5&redir=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D536872786%26val%3D%5BMM_UUID%5D HTTP 302
https://eu-u.openx.net/w/1.0/sd?id=536872786&val=b6c9624b-0d74-4300-a349-2d62e1565b6c

Request Chain 339

https://pixel.quantserve.com/pixel/p-25CIknq_eSg16.gif?idmatch=0&gdpr=0 HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072956&&val=7sNvp-iVbPX1wGum7sd28umVY6f1kGj04MHshZjv

Request Chain 340

https://c1.adform.net/serving/cookie/match?party=22 HTTP 302
https://c1.adform.net/serving/cookie/match?CC=1&party=22 HTTP 302
https://eu-u.openx.net/w/1.0/sd?id=537113484&val=4514158266698167182

Request Chain 343

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEK6JOiNqmC1zGYTi6YgLauM&google_cver=1

Request Chain 344

https://sync.mathtag.com/sync/img?mt_exid=5&redir=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D536872786%26val%3D%5BMM_UUID%5D HTTP 302
https://eu-u.openx.net/w/1.0/sd?id=536872786&val=3039624b-0d74-4700-b428-ff9fe7626b72

Request Chain 345

https://pixel.quantserve.com/pixel/p-25CIknq_eSg16.gif?idmatch=0&gdpr=0 HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072956&&val=7sNvp-iVbPX1wGum7sd28umVY6f1kGj04MHshZjv

Request Chain 346

https://c1.adform.net/serving/cookie/match?party=22 HTTP 302
https://c1.adform.net/serving/cookie/match?CC=1&party=22 HTTP 302
https://eu-u.openx.net/w/1.0/sd?id=537113484&val=1610214913330412716

Request Chain 349

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEK6JOiNqmC1zGYTi6YgLauM&google_cver=1

Request Chain 351

https://ups.analytics.yahoo.com/ups/58269/sync?_origin=1&gdpr=0&redir=true HTTP 302
https://ups.analytics.yahoo.com/ups/58269/sync?_origin=1&gdpr=0&redir=true&verify=true HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=oath_dbm&google_hm=eS10X0lIeWdCRTJ1Rk5rZVVURkRJUElzV3ZBVUVtajlnQ35B&gdpr=0&gdpr_consent=

Request Chain 352

https://cm.g.doubleclick.net/pixel?google_nid=stickyxchange_dbm&google_cm&google_dbm&gdpr=0 HTTP 302
https://ads.stickyadstv.com/user-registering?dataProviderId=141&userId=CAESEBjn2XVVVGKDIijCYLfWxVo&google_cver=1&gdpr=0 HTTP 302
https://1f2e7.v.fwmrm.net/ad/u?_dv=2&dsp_user_mapping=true&127719=d63f995c618fda5d324a93489a4b3725&rdU=https%3A%2F%2Fads.stickyadstv.com%2Fuser-registering%3FdataProviderId%3D1169%26userId%3d%23%7buser.id%7d&gdpr=0 HTTP 302
https://ads.stickyadstv.com/user-registering?dataProviderId=1169&userId=pc023_7082769630838436178 HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=stickyads&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
https://match.adsrvr.org/track/cmb/generic?ttd_pid=stickyads&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
https://ads.stickyadstv.com/user-registering?dataProviderId=208&userId=6766d44e-e80f-4f86-93fa-4ff419910582 HTTP 302
https://match.prod.bidr.io/cookie-sync/stv?gdpr=0&gdpr_consent= HTTP 303
https://match.prod.bidr.io/cookie-sync/stv?gdpr=0&gdpr_consent=&_bee_ppp=1 HTTP 303
https://ads.stickyadstv.com/user-registering?dataProviderId=817&userId=AADQjU7ElhsAADW9ogSpdQ&gdpr=0 HTTP 302
https://pr-bh.ybp.yahoo.com/sync/stickyads/d63f995c618fda5d324a93489a4b3725?gdpr=0&gdpr_consent=&gdpr=0 HTTP 302
https://ads.stickyadstv.com/user-registering?dataProviderId=199&userId=y-G.k8dvRE2oMGb3s0w1HKWHQ8A5qYOwBIOvxOVTkl~A HTTP 302
https://pm.w55c.net/ping_match.gif?st=FREEWHEEL&rurl=https%3A%2F%2Fads.stickyadstv.com%2Fuser-registering%3FdataProviderId%3D593&userId=_wfivefivec_ HTTP 302
https://pm.w55c.net/ping_match.gif?scc=1&st=FREEWHEEL&rurl=https%3A%2F%2Fads.stickyadstv.com%2Fuser-registering%3FdataProviderId%3D593&userId=_wfivefivec_ HTTP 302
https://ads.stickyadstv.com/user-registering?dataProviderId=593&userId=TNComNIS1NBoyh5 HTTP 302
https://cm.adgrx.com/bridge?AG_PID=freewheel&AG_SETCOOKIE

Request Chain 353

https://ads.stickyadstv.com/user-matching?id=11 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=stickyxchange_dbm&google_hm=ZDYzZjk5NWM2MThmZGE1ZDMyNGE5MzQ4OWE0YjM3MjU=&gdpr=0&gdpr_consent=

Request Chain 370

https://a.tribalfusion.com/i.match?p=b6&u=CAESEPG5QlH-isnAhB_-U4_RegQ&google_cver=1&google_push=AYg5qPJ9aUAIfleoW4EnvBlAkyl6En7f4ygFzt_94HP-LM1gpWNpYGhq9Fr2L7c6uhhIKhvEOEVMYW_uHGAHmGWwoNXDKj1sw-D2&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAYg5qPJ9aUAIfleoW4EnvBlAkyl6En7f4ygFzt_94HP-LM1gpWNpYGhq9Fr2L7c6uhhIKhvEOEVMYW_uHGAHmGWwoNXDKj1sw-D2%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24 HTTP 302
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEPG5QlH-isnAhB_-U4_RegQ&google_cver=1&google_push=AYg5qPJ9aUAIfleoW4EnvBlAkyl6En7f4ygFzt_94HP-LM1gpWNpYGhq9Fr2L7c6uhhIKhvEOEVMYW_uHGAHmGWwoNXDKj1sw-D2&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAYg5qPJ9aUAIfleoW4EnvBlAkyl6En7f4ygFzt_94HP-LM1gpWNpYGhq9Fr2L7c6uhhIKhvEOEVMYW_uHGAHmGWwoNXDKj1sw-D2%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24

Request Chain 371

https://px.ads.linkedin.com/setuid?partner=googleadxdb&google_gid=CAESEP-PIgwpXpomrIVaXwuuIRs&google_cver=1&google_push=AYg5qPJXB6-HqBcZsuQy4l68aBcix7M3nlG2YNqOmGXmSUaAOS2hg__hvxum-VJIRF6piltuP-uzbIdnGOvIjS6HJRRpmf_o_Fqk HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=linkedin&google_push=AYg5qPJXB6-HqBcZsuQy4l68aBcix7M3nlG2YNqOmGXmSUaAOS2hg__hvxum-VJIRF6piltuP-uzbIdnGOvIjS6HJRRpmf_o_Fqk

Request Chain 372

https://dsp.adfarm1.adition.com/cookie/?ssp=2&google_gid=CAESEGdPEDHB4xKZKToP3pOi4rI&google_cver=1&google_push=AYg5qPIinVZKFdX1tY3Sreg5dSvOs4IYUr6uNpRTXBOwIhD7qOvZYaD_nmlDsv8X6GhjNdjIcqa-fQVUNMcljBy_Ru1bf-Zid2ps HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzA4Mjc2OTYzMDg2Mzk0NzkxNg%3D%3D&google_push=AYg5qPIinVZKFdX1tY3Sreg5dSvOs4IYUr6uNpRTXBOwIhD7qOvZYaD_nmlDsv8X6GhjNdjIcqa-fQVUNMcljBy_Ru1bf-Zid2ps

Request Chain 373

https://ssp.adriver.ru/cgi-bin/sync.cgi?ssp_id=10&external_id=&google_gid=CAESEFc6KyJq1q1tNRLpqGYW-to&google_cver=1&google_push=AYg5qPKgN7tPNJF1yQQ9abwlfDxpyb2wxuLpd6izFXKX_9nZ1REz3FAQFvnf04c28B7Iph1g5ZghGk6i1S7Oiek3qIFm-sCeFzD1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=ADR&google_push=AYg5qPKgN7tPNJF1yQQ9abwlfDxpyb2wxuLpd6izFXKX_9nZ1REz3FAQFvnf04c28B7Iph1g5ZghGk6i1S7Oiek3qIFm-sCeFzD1&google_hm=QUYwQjNuM3EwT3RKWWhpR0d5M1N0Ync=

Request Chain 374

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEB-9O7lWbLpl5mW9KyS1-J0&google_cver=1&google_push=AYg5qPKZH5bs0norxN0-DQPgrjsSaBFmRI948HpOtVm5LywI4iQSz08oJ3_wlAlzxIfOXLg07_nfBnRnkQ2giSXdka1nAy3_NVQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MTYxMDIxNDkxMzMzMDQxMjcxNg&google_push=AYg5qPKZH5bs0norxN0-DQPgrjsSaBFmRI948HpOtVm5LywI4iQSz08oJ3_wlAlzxIfOXLg07_nfBnRnkQ2giSXdka1nAy3_NVQ

Request Chain 375

https://pixel.advertising.com/ups/58202/sync?gdpr=&gdpr_consent=&redir=true&google_gid=CAESEH8H2x34knZpAC1IR64HMIo&google_cver=1&google_push=AYg5qPI-nsg6Jgjg2TsbapOxp8NvKeMIxlATLCrcVB2t77jsP4HXSfVYNkSlYHbpVrgcX9cSuX8Tq_9bOuW5Ic8KcK9pelnohK0vbQ HTTP 302
https://ups.analytics.yahoo.com/ups/58202/sync?gdpr=&gdpr_consent=&redir=true&google_gid=CAESEH8H2x34knZpAC1IR64HMIo&google_cver=1&google_push=AYg5qPI-nsg6Jgjg2TsbapOxp8NvKeMIxlATLCrcVB2t77jsP4HXSfVYNkSlYHbpVrgcX9cSuX8Tq_9bOuW5Ic8KcK9pelnohK0vbQ&apid=UP301e2d0f-b42b-11ec-8de4-0254f87e0f0c HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=oath_eb&google_hm=VVAzMDFlMmQwZi1iNDJiLTExZWMtOGRlNC0wMjU0Zjg3ZTBmMGM%3D&google_push=AYg5qPI-nsg6Jgjg2TsbapOxp8NvKeMIxlATLCrcVB2t77jsP4HXSfVYNkSlYHbpVrgcX9cSuX8Tq_9bOuW5Ic8KcK9pelnohK0vbQ

Request Chain 376

https://a.rfihub.com/cm?pub=445&in=1&google_gid=CAESECpnWGB5qq9Igl02bkB2gNE&google_cver=1&google_push=AYg5qPI9ZLuJxmNa6A4QYBI7SsttpcEiKAwjc93i5LijWjrVQ_yg5jKoQ-isGiecNk6vQB9HF6dq5UdnhEID0kXlXqGIoE-fSh6DIA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=zeta_interactive&google_push=AYg5qPI9ZLuJxmNa6A4QYBI7SsttpcEiKAwjc93i5LijWjrVQ_yg5jKoQ-isGiecNk6vQB9HF6dq5UdnhEID0kXlXqGIoE-fSh6DIA&google_hm=MTc4OTUxMjQzNTU2NDUxMTU2NQ==

Request Chain 382

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 399

https://gcm.ctnsnet.com/int/cm?exc=1&acc=crimtan&google_gid=CAESEOgYk47vjnMFS_x3Jy0sexo&google_cver=1&google_push=AYg5qPKE6N--uw3pF2E3sYEHmFyesqb3fTUnPpV86ZuY_s9l5Ej2Oh3PwJ2hsmzS8jaEkEiKn69cfcOgGKWB1DDT2OB0AbP9tOVE HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AYg5qPKE6N--uw3pF2E3sYEHmFyesqb3fTUnPpV86ZuY_s9l5Ej2Oh3PwJ2hsmzS8jaEkEiKn69cfcOgGKWB1DDT2OB0AbP9tOVE&google_hm=aGLYSbiuQ2qJxgxuRjz9BoQ

Request Chain 400

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEFjkvGfbgY-IoY230gun_ig&google_cver=1&google_push=AYg5qPIfFTziByOSwvTFvDdJT68kZT9pP8WrqEiemy76MfVTJj6UjvcKMcg4S0ciyxQ3VWpX8_Lku5iZlRJEwSTgkzYMsPqAExc HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YksNct4UTVn3MBHk14kPKAAABKAAAAAB&google_gid=CAESEFjkvGfbgY-IoY230gun_ig&google_cver=1&google_push=AYg5qPIfFTziByOSwvTFvDdJT68kZT9pP8WrqEiemy76MfVTJj6UjvcKMcg4S0ciyxQ3VWpX8_Lku5iZlRJEwSTgkzYMsPqAExc HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YksNct4UTVn3MBHk14kPKAAABKAAAAAB&google_gid=CAESEFjkvGfbgY-IoY230gun_ig&google_cver=1&google_push=AYg5qPIfFTziByOSwvTFvDdJT68kZT9pP8WrqEiemy76MfVTJj6UjvcKMcg4S0ciyxQ3VWpX8_Lku5iZlRJEwSTgkzYMsPqAExc HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YksNct4UTVn3MBHk14kPKAAABKAAAAAB&google_gid=CAESEFjkvGfbgY-IoY230gun_ig&google_cver=1&google_push=AYg5qPIfFTziByOSwvTFvDdJT68kZT9pP8WrqEiemy76MfVTJj6UjvcKMcg4S0ciyxQ3VWpX8_Lku5iZlRJEwSTgkzYMsPqAExc HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YksNct4UTVn3MBHk14kPKAAABKAAAAAB&google_gid=CAESEFjkvGfbgY-IoY230gun_ig&google_cver=1&google_push=AYg5qPIfFTziByOSwvTFvDdJT68kZT9pP8WrqEiemy76MfVTJj6UjvcKMcg4S0ciyxQ3VWpX8_Lku5iZlRJEwSTgkzYMsPqAExc HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YksNct4UTVn3MBHk14kPKAAABKAAAAAB&google_gid=CAESEFjkvGfbgY-IoY230gun_ig&google_cver=1&google_push=AYg5qPIfFTziByOSwvTFvDdJT68kZT9pP8WrqEiemy76MfVTJj6UjvcKMcg4S0ciyxQ3VWpX8_Lku5iZlRJEwSTgkzYMsPqAExc HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YksNct4UTVn3MBHk14kPKAAABKAAAAAB&google_gid=CAESEFjkvGfbgY-IoY230gun_ig&google_cver=1&google_push=AYg5qPIfFTziByOSwvTFvDdJT68kZT9pP8WrqEiemy76MfVTJj6UjvcKMcg4S0ciyxQ3VWpX8_Lku5iZlRJEwSTgkzYMsPqAExc HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YksNct4UTVn3MBHk14kPKAAABKAAAAAB&google_gid=CAESEFjkvGfbgY-IoY230gun_ig&google_cver=1&google_push=AYg5qPIfFTziByOSwvTFvDdJT68kZT9pP8WrqEiemy76MfVTJj6UjvcKMcg4S0ciyxQ3VWpX8_Lku5iZlRJEwSTgkzYMsPqAExc HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YksNct4UTVn3MBHk14kPKAAABKAAAAAB&google_gid=CAESEFjkvGfbgY-IoY230gun_ig&google_cver=1&google_push=AYg5qPIfFTziByOSwvTFvDdJT68kZT9pP8WrqEiemy76MfVTJj6UjvcKMcg4S0ciyxQ3VWpX8_Lku5iZlRJEwSTgkzYMsPqAExc HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YksNct4UTVn3MBHk14kPKAAABKAAAAAB&google_gid=CAESEFjkvGfbgY-IoY230gun_ig&google_cver=1&google_push=AYg5qPIfFTziByOSwvTFvDdJT68kZT9pP8WrqEiemy76MfVTJj6UjvcKMcg4S0ciyxQ3VWpX8_Lku5iZlRJEwSTgkzYMsPqAExc HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YksNct4UTVn3MBHk14kPKAAABKAAAAAB&google_gid=CAESEFjkvGfbgY-IoY230gun_ig&google_cver=1&google_push=AYg5qPIfFTziByOSwvTFvDdJT68kZT9pP8WrqEiemy76MfVTJj6UjvcKMcg4S0ciyxQ3VWpX8_Lku5iZlRJEwSTgkzYMsPqAExc HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YksNct4UTVn3MBHk14kPKAAABKAAAAAB&google_gid=CAESEFjkvGfbgY-IoY230gun_ig&google_cver=1&google_push=AYg5qPIfFTziByOSwvTFvDdJT68kZT9pP8WrqEiemy76MfVTJj6UjvcKMcg4S0ciyxQ3VWpX8_Lku5iZlRJEwSTgkzYMsPqAExc HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YksNct4UTVn3MBHk14kPKAAABKAAAAAB&google_gid=CAESEFjkvGfbgY-IoY230gun_ig&google_cver=1&google_push=AYg5qPIfFTziByOSwvTFvDdJT68kZT9pP8WrqEiemy76MfVTJj6UjvcKMcg4S0ciyxQ3VWpX8_Lku5iZlRJEwSTgkzYMsPqAExc HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YksNct4UTVn3MBHk14kPKAAABKAAAAAB&google_gid=CAESEFjkvGfbgY-IoY230gun_ig&google_cver=1&google_push=AYg5qPIfFTziByOSwvTFvDdJT68kZT9pP8WrqEiemy76MfVTJj6UjvcKMcg4S0ciyxQ3VWpX8_Lku5iZlRJEwSTgkzYMsPqAExc HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YksNct4UTVn3MBHk14kPKAAABKAAAAAB&google_gid=CAESEFjkvGfbgY-IoY230gun_ig&google_cver=1&google_push=AYg5qPIfFTziByOSwvTFvDdJT68kZT9pP8WrqEiemy76MfVTJj6UjvcKMcg4S0ciyxQ3VWpX8_Lku5iZlRJEwSTgkzYMsPqAExc HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YksNct4UTVn3MBHk14kPKAAABKAAAAAB&google_gid=CAESEFjkvGfbgY-IoY230gun_ig&google_cver=1&google_push=AYg5qPIfFTziByOSwvTFvDdJT68kZT9pP8WrqEiemy76MfVTJj6UjvcKMcg4S0ciyxQ3VWpX8_Lku5iZlRJEwSTgkzYMsPqAExc HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YksNct4UTVn3MBHk14kPKAAABKAAAAAB&google_gid=CAESEFjkvGfbgY-IoY230gun_ig&google_cver=1&google_push=AYg5qPIfFTziByOSwvTFvDdJT68kZT9pP8WrqEiemy76MfVTJj6UjvcKMcg4S0ciyxQ3VWpX8_Lku5iZlRJEwSTgkzYMsPqAExc HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YksNct4UTVn3MBHk14kPKAAABKAAAAAB&google_gid=CAESEFjkvGfbgY-IoY230gun_ig&google_cver=1&google_push=AYg5qPIfFTziByOSwvTFvDdJT68kZT9pP8WrqEiemy76MfVTJj6UjvcKMcg4S0ciyxQ3VWpX8_Lku5iZlRJEwSTgkzYMsPqAExc HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YksNct4UTVn3MBHk14kPKAAABKAAAAAB&google_gid=CAESEFjkvGfbgY-IoY230gun_ig&google_cver=1&google_push=AYg5qPIfFTziByOSwvTFvDdJT68kZT9pP8WrqEiemy76MfVTJj6UjvcKMcg4S0ciyxQ3VWpX8_Lku5iZlRJEwSTgkzYMsPqAExc HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YksNct4UTVn3MBHk14kPKAAABKAAAAAB&google_gid=CAESEFjkvGfbgY-IoY230gun_ig&google_cver=1&google_push=AYg5qPIfFTziByOSwvTFvDdJT68kZT9pP8WrqEiemy76MfVTJj6UjvcKMcg4S0ciyxQ3VWpX8_Lku5iZlRJEwSTgkzYMsPqAExc HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YksNct4UTVn3MBHk14kPKAAABKAAAAAB&google_gid=CAESEFjkvGfbgY-IoY230gun_ig&google_cver=1&google_push=AYg5qPIfFTziByOSwvTFvDdJT68kZT9pP8WrqEiemy76MfVTJj6UjvcKMcg4S0ciyxQ3VWpX8_Lku5iZlRJEwSTgkzYMsPqAExc

Request Chain 402

https://match.360yield.com/match/ebda?google_gid=CAESEHl5j9-4UiBIXX63NIE__DM&google_cver=1&google_push=AYg5qPJ9B7Zpv4yEly-RqVLprWL_4UmI-J7Oz_SeshWJ9o123DSHuKrNhNZ1L5yuimJhcegsWnN7iVs1AkNeOY3Jtcr8yGLXInk9 HTTP 302
https://match.360yield.com/ul_cb/match/ebda?google_gid=CAESEHl5j9-4UiBIXX63NIE__DM&google_cver=1&google_push=AYg5qPJ9B7Zpv4yEly-RqVLprWL_4UmI-J7Oz_SeshWJ9o123DSHuKrNhNZ1L5yuimJhcegsWnN7iVs1AkNeOY3Jtcr8yGLXInk9 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=tSNTRCgBS-aDHKwcaYUotg&google_push=AYg5qPJ9B7Zpv4yEly-RqVLprWL_4UmI-J7Oz_SeshWJ9o123DSHuKrNhNZ1L5yuimJhcegsWnN7iVs1AkNeOY3Jtcr8yGLXInk9 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=tSNTRCgBS-aDHKwcaYUotg&google_push=AYg5qPJ9B7Zpv4yEly-RqVLprWL_4UmI-J7Oz_SeshWJ9o123DSHuKrNhNZ1L5yuimJhcegsWnN7iVs1AkNeOY3Jtcr8yGLXInk9 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=tSNTRCgBS-aDHKwcaYUotg&google_push=AYg5qPJ9B7Zpv4yEly-RqVLprWL_4UmI-J7Oz_SeshWJ9o123DSHuKrNhNZ1L5yuimJhcegsWnN7iVs1AkNeOY3Jtcr8yGLXInk9 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=tSNTRCgBS-aDHKwcaYUotg&google_push=AYg5qPJ9B7Zpv4yEly-RqVLprWL_4UmI-J7Oz_SeshWJ9o123DSHuKrNhNZ1L5yuimJhcegsWnN7iVs1AkNeOY3Jtcr8yGLXInk9 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=tSNTRCgBS-aDHKwcaYUotg&google_push=AYg5qPJ9B7Zpv4yEly-RqVLprWL_4UmI-J7Oz_SeshWJ9o123DSHuKrNhNZ1L5yuimJhcegsWnN7iVs1AkNeOY3Jtcr8yGLXInk9 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=tSNTRCgBS-aDHKwcaYUotg&google_push=AYg5qPJ9B7Zpv4yEly-RqVLprWL_4UmI-J7Oz_SeshWJ9o123DSHuKrNhNZ1L5yuimJhcegsWnN7iVs1AkNeOY3Jtcr8yGLXInk9 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=tSNTRCgBS-aDHKwcaYUotg&google_push=AYg5qPJ9B7Zpv4yEly-RqVLprWL_4UmI-J7Oz_SeshWJ9o123DSHuKrNhNZ1L5yuimJhcegsWnN7iVs1AkNeOY3Jtcr8yGLXInk9 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=tSNTRCgBS-aDHKwcaYUotg&google_push=AYg5qPJ9B7Zpv4yEly-RqVLprWL_4UmI-J7Oz_SeshWJ9o123DSHuKrNhNZ1L5yuimJhcegsWnN7iVs1AkNeOY3Jtcr8yGLXInk9 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=tSNTRCgBS-aDHKwcaYUotg&google_push=AYg5qPJ9B7Zpv4yEly-RqVLprWL_4UmI-J7Oz_SeshWJ9o123DSHuKrNhNZ1L5yuimJhcegsWnN7iVs1AkNeOY3Jtcr8yGLXInk9 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=tSNTRCgBS-aDHKwcaYUotg&google_push=AYg5qPJ9B7Zpv4yEly-RqVLprWL_4UmI-J7Oz_SeshWJ9o123DSHuKrNhNZ1L5yuimJhcegsWnN7iVs1AkNeOY3Jtcr8yGLXInk9 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=tSNTRCgBS-aDHKwcaYUotg&google_push=AYg5qPJ9B7Zpv4yEly-RqVLprWL_4UmI-J7Oz_SeshWJ9o123DSHuKrNhNZ1L5yuimJhcegsWnN7iVs1AkNeOY3Jtcr8yGLXInk9 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=tSNTRCgBS-aDHKwcaYUotg&google_push=AYg5qPJ9B7Zpv4yEly-RqVLprWL_4UmI-J7Oz_SeshWJ9o123DSHuKrNhNZ1L5yuimJhcegsWnN7iVs1AkNeOY3Jtcr8yGLXInk9 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=tSNTRCgBS-aDHKwcaYUotg&google_push=AYg5qPJ9B7Zpv4yEly-RqVLprWL_4UmI-J7Oz_SeshWJ9o123DSHuKrNhNZ1L5yuimJhcegsWnN7iVs1AkNeOY3Jtcr8yGLXInk9 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=tSNTRCgBS-aDHKwcaYUotg&google_push=AYg5qPJ9B7Zpv4yEly-RqVLprWL_4UmI-J7Oz_SeshWJ9o123DSHuKrNhNZ1L5yuimJhcegsWnN7iVs1AkNeOY3Jtcr8yGLXInk9 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=tSNTRCgBS-aDHKwcaYUotg&google_push=AYg5qPJ9B7Zpv4yEly-RqVLprWL_4UmI-J7Oz_SeshWJ9o123DSHuKrNhNZ1L5yuimJhcegsWnN7iVs1AkNeOY3Jtcr8yGLXInk9 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=tSNTRCgBS-aDHKwcaYUotg&google_push=AYg5qPJ9B7Zpv4yEly-RqVLprWL_4UmI-J7Oz_SeshWJ9o123DSHuKrNhNZ1L5yuimJhcegsWnN7iVs1AkNeOY3Jtcr8yGLXInk9 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=tSNTRCgBS-aDHKwcaYUotg&google_push=AYg5qPJ9B7Zpv4yEly-RqVLprWL_4UmI-J7Oz_SeshWJ9o123DSHuKrNhNZ1L5yuimJhcegsWnN7iVs1AkNeOY3Jtcr8yGLXInk9 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=tSNTRCgBS-aDHKwcaYUotg&google_push=AYg5qPJ9B7Zpv4yEly-RqVLprWL_4UmI-J7Oz_SeshWJ9o123DSHuKrNhNZ1L5yuimJhcegsWnN7iVs1AkNeOY3Jtcr8yGLXInk9 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=tSNTRCgBS-aDHKwcaYUotg&google_push=AYg5qPJ9B7Zpv4yEly-RqVLprWL_4UmI-J7Oz_SeshWJ9o123DSHuKrNhNZ1L5yuimJhcegsWnN7iVs1AkNeOY3Jtcr8yGLXInk9

Request Chain 404

https://sm.rtb.mts.ru/p?ssp=googlevid&pm=1&google_gid=CAESEBlZ1lt7IW0vtQK6V3SW2rQ&google_cver=1&google_push=AYg5qPKzA4UvyulsAwPcWxWI0MQwLB4TeLXh7v0HNHfckCN8d8zlFl_zHBQSmeW_1kvSKNpTwIUMMnpp86nvNgrNvw2100fxpTbjUg HTTP 301
https://sm.rtb.mts.ru/match/second?ssp=13&google_push=AYg5qPKzA4UvyulsAwPcWxWI0MQwLB4TeLXh7v0HNHfckCN8d8zlFl_zHBQSmeW_1kvSKNpTwIUMMnpp86nvNgrNvw2100fxpTbjUg&exu=CAESEBlZ1lt7IW0vtQK6V3SW2rQ HTTP 301
https://tech.rtb.mts.ru/?dsp_uid=fd127087-8aa9-48e2-b0e8-22a1e52d992e&return_url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dstream_llc_2%26id%3Dfd127087-8aa9-48e2-b0e8-22a1e52d992e%26google_push%3DAYg5qPKzA4UvyulsAwPcWxWI0MQwLB4TeLXh7v0HNHfckCN8d8zlFl_zHBQSmeW_1kvSKNpTwIUMMnpp86nvNgrNvw2100fxpTbjUg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=stream_llc_2&id=fd127087-8aa9-48e2-b0e8-22a1e52d992e&google_push=AYg5qPKzA4UvyulsAwPcWxWI0MQwLB4TeLXh7v0HNHfckCN8d8zlFl_zHBQSmeW_1kvSKNpTwIUMMnpp86nvNgrNvw2100fxpTbjUg

Request Chain 409

https://sync.srv.stackadapt.com/sync?nid=154&google_gid=CAESEIyTqIH7wrPxWpU4X4VSys0&google_cver=1&google_push=AYg5qPIb_nD6bV5A4du9lZgc_2Nr_QE-cBP2snzuCgaQTalIjUzusRUXefaRDTuJRoaQ1D46s84SKOxOFOI3hWejxfoy86GipHVP HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=stackadapt_usd&google_hm=ukEAkwxASVJQBhDbvu1w19ly14Q&google_push=AYg5qPIb_nD6bV5A4du9lZgc_2Nr_QE-cBP2snzuCgaQTalIjUzusRUXefaRDTuJRoaQ1D46s84SKOxOFOI3hWejxfoy86GipHVP

Request Chain 411

https://pixel.advertising.com/ups/58202/sync?gdpr=&gdpr_consent=&redir=true&google_gid=CAESEH8H2x34knZpAC1IR64HMIo&google_cver=1&google_push=AYg5qPLP9f-vVk9uQs09huy6OxuahmdGScKm8fSM9UKWyMNv-ouvOv7P9sIifGpEfS55NJKbb21SpMS5b2dzqSePnXmd6FtAjt1lQw HTTP 302
https://ups.analytics.yahoo.com/ups/58202/sync?gdpr=&gdpr_consent=&redir=true&google_gid=CAESEH8H2x34knZpAC1IR64HMIo&google_cver=1&google_push=AYg5qPLP9f-vVk9uQs09huy6OxuahmdGScKm8fSM9UKWyMNv-ouvOv7P9sIifGpEfS55NJKbb21SpMS5b2dzqSePnXmd6FtAjt1lQw&apid=UP301e2d0f-b42b-11ec-8de4-0254f87e0f0c HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=oath_eb&google_hm=VVAzMDFlMmQwZi1iNDJiLTExZWMtOGRlNC0wMjU0Zjg3ZTBmMGM%3D&google_push=AYg5qPLP9f-vVk9uQs09huy6OxuahmdGScKm8fSM9UKWyMNv-ouvOv7P9sIifGpEfS55NJKbb21SpMS5b2dzqSePnXmd6FtAjt1lQw

Request Chain 412

https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEFmq-cyYOvwM0qIaK9a0vBA&google_cver=1&google_push=AYg5qPJpOGXGC1YzVXtulOY-Cgvtnvb_ZzMF6yF1pO-pNF65m41hu25Ffs59VxBlh16KJweaLcVEoEZQH2rtfDCb4O_0HU2_n5ii HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1PTWQxT2NKRTJ1RTRDdjRjcy5Hc0tsR0NTY3cwajd3Sn5B&google_push=AYg5qPJpOGXGC1YzVXtulOY-Cgvtnvb_ZzMF6yF1pO-pNF65m41hu25Ffs59VxBlh16KJweaLcVEoEZQH2rtfDCb4O_0HU2_n5ii

Request Chain 413

https://onetag-sys.com/match/?int_id=106&redir=1&google_gid=CAESEI_poNSw5WSETZssW0L-vy4&google_cver=1&google_push=AYg5qPLae_Pz6gDgj7ksarRw5dvuCcBrAIN-k7p-PQFPocGvkm221nJXY-EuR667NPLt4mLL9oheMFK24aN-D2GRTQqPvZwI5StVYQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AYg5qPLae_Pz6gDgj7ksarRw5dvuCcBrAIN-k7p-PQFPocGvkm221nJXY-EuR667NPLt4mLL9oheMFK24aN-D2GRTQqPvZwI5StVYQ HTTP 302
https://onetag-sys.com/sync/i,19/?google_error=5

Request Chain 415

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEJvG7Qs1R0vKPoVnrIJJwGw&google_cver=1&google_push=AYg5qPI1eR4FEVDBPBlnZvXYhdHvEWOqCnYewp3ByJUYzHJU8CLfrUzCSlcxhv0m0xn1e9J8V9oXmnKMCDol0EP4K1kgsw7zSbA HTTP 302
https://cm.g.doubleclick.net/pixel?&google_nid=B765081F39B1F7&google_push=AYg5qPI1eR4FEVDBPBlnZvXYhdHvEWOqCnYewp3ByJUYzHJU8CLfrUzCSlcxhv0m0xn1e9J8V9oXmnKMCDol0EP4K1kgsw7zSbA&google_hm=goqe6sWiSEwcFB-9Bm0ZeA

Request Chain 417

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEFjkvGfbgY-IoY230gun_ig&google_cver=1&google_push=AYg5qPJfVcORVVnsql0PQX8sYkjRZQDRXpom5JYfDer9GleXIFsJSvCddYbHJETAanXnzQg7I12RnHEJoVPZZmEe7hdjFCLZO9ZS HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YksNct4UTVn3MBHk14kPKAAABKAAAAAB&google_push=AYg5qPJfVcORVVnsql0PQX8sYkjRZQDRXpom5JYfDer9GleXIFsJSvCddYbHJETAanXnzQg7I12RnHEJoVPZZmEe7hdjFCLZO9ZS&google_cver=1&google_gid=CAESEFjkvGfbgY-IoY230gun_ig HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YksNct4UTVn3MBHk14kPKAAABKAAAAAB&google_push=AYg5qPJfVcORVVnsql0PQX8sYkjRZQDRXpom5JYfDer9GleXIFsJSvCddYbHJETAanXnzQg7I12RnHEJoVPZZmEe7hdjFCLZO9ZS&google_cver=1&google_gid=CAESEFjkvGfbgY-IoY230gun_ig HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YksNct4UTVn3MBHk14kPKAAABKAAAAAB&google_push=AYg5qPJfVcORVVnsql0PQX8sYkjRZQDRXpom5JYfDer9GleXIFsJSvCddYbHJETAanXnzQg7I12RnHEJoVPZZmEe7hdjFCLZO9ZS&google_cver=1&google_gid=CAESEFjkvGfbgY-IoY230gun_ig HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YksNct4UTVn3MBHk14kPKAAABKAAAAAB&google_push=AYg5qPJfVcORVVnsql0PQX8sYkjRZQDRXpom5JYfDer9GleXIFsJSvCddYbHJETAanXnzQg7I12RnHEJoVPZZmEe7hdjFCLZO9ZS&google_cver=1&google_gid=CAESEFjkvGfbgY-IoY230gun_ig HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YksNct4UTVn3MBHk14kPKAAABKAAAAAB&google_push=AYg5qPJfVcORVVnsql0PQX8sYkjRZQDRXpom5JYfDer9GleXIFsJSvCddYbHJETAanXnzQg7I12RnHEJoVPZZmEe7hdjFCLZO9ZS&google_cver=1&google_gid=CAESEFjkvGfbgY-IoY230gun_ig HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YksNct4UTVn3MBHk14kPKAAABKAAAAAB&google_push=AYg5qPJfVcORVVnsql0PQX8sYkjRZQDRXpom5JYfDer9GleXIFsJSvCddYbHJETAanXnzQg7I12RnHEJoVPZZmEe7hdjFCLZO9ZS&google_cver=1&google_gid=CAESEFjkvGfbgY-IoY230gun_ig HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YksNct4UTVn3MBHk14kPKAAABKAAAAAB&google_push=AYg5qPJfVcORVVnsql0PQX8sYkjRZQDRXpom5JYfDer9GleXIFsJSvCddYbHJETAanXnzQg7I12RnHEJoVPZZmEe7hdjFCLZO9ZS&google_cver=1&google_gid=CAESEFjkvGfbgY-IoY230gun_ig HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YksNct4UTVn3MBHk14kPKAAABKAAAAAB&google_push=AYg5qPJfVcORVVnsql0PQX8sYkjRZQDRXpom5JYfDer9GleXIFsJSvCddYbHJETAanXnzQg7I12RnHEJoVPZZmEe7hdjFCLZO9ZS&google_cver=1&google_gid=CAESEFjkvGfbgY-IoY230gun_ig HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YksNct4UTVn3MBHk14kPKAAABKAAAAAB&google_push=AYg5qPJfVcORVVnsql0PQX8sYkjRZQDRXpom5JYfDer9GleXIFsJSvCddYbHJETAanXnzQg7I12RnHEJoVPZZmEe7hdjFCLZO9ZS&google_cver=1&google_gid=CAESEFjkvGfbgY-IoY230gun_ig HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YksNct4UTVn3MBHk14kPKAAABKAAAAAB&google_push=AYg5qPJfVcORVVnsql0PQX8sYkjRZQDRXpom5JYfDer9GleXIFsJSvCddYbHJETAanXnzQg7I12RnHEJoVPZZmEe7hdjFCLZO9ZS&google_cver=1&google_gid=CAESEFjkvGfbgY-IoY230gun_ig HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YksNct4UTVn3MBHk14kPKAAABKAAAAAB&google_push=AYg5qPJfVcORVVnsql0PQX8sYkjRZQDRXpom5JYfDer9GleXIFsJSvCddYbHJETAanXnzQg7I12RnHEJoVPZZmEe7hdjFCLZO9ZS&google_cver=1&google_gid=CAESEFjkvGfbgY-IoY230gun_ig HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YksNct4UTVn3MBHk14kPKAAABKAAAAAB&google_push=AYg5qPJfVcORVVnsql0PQX8sYkjRZQDRXpom5JYfDer9GleXIFsJSvCddYbHJETAanXnzQg7I12RnHEJoVPZZmEe7hdjFCLZO9ZS&google_cver=1&google_gid=CAESEFjkvGfbgY-IoY230gun_ig HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YksNct4UTVn3MBHk14kPKAAABKAAAAAB&google_push=AYg5qPJfVcORVVnsql0PQX8sYkjRZQDRXpom5JYfDer9GleXIFsJSvCddYbHJETAanXnzQg7I12RnHEJoVPZZmEe7hdjFCLZO9ZS&google_cver=1&google_gid=CAESEFjkvGfbgY-IoY230gun_ig HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YksNct4UTVn3MBHk14kPKAAABKAAAAAB&google_push=AYg5qPJfVcORVVnsql0PQX8sYkjRZQDRXpom5JYfDer9GleXIFsJSvCddYbHJETAanXnzQg7I12RnHEJoVPZZmEe7hdjFCLZO9ZS&google_cver=1&google_gid=CAESEFjkvGfbgY-IoY230gun_ig HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YksNct4UTVn3MBHk14kPKAAABKAAAAAB&google_push=AYg5qPJfVcORVVnsql0PQX8sYkjRZQDRXpom5JYfDer9GleXIFsJSvCddYbHJETAanXnzQg7I12RnHEJoVPZZmEe7hdjFCLZO9ZS&google_cver=1&google_gid=CAESEFjkvGfbgY-IoY230gun_ig HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YksNct4UTVn3MBHk14kPKAAABKAAAAAB&google_push=AYg5qPJfVcORVVnsql0PQX8sYkjRZQDRXpom5JYfDer9GleXIFsJSvCddYbHJETAanXnzQg7I12RnHEJoVPZZmEe7hdjFCLZO9ZS&google_cver=1&google_gid=CAESEFjkvGfbgY-IoY230gun_ig HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YksNct4UTVn3MBHk14kPKAAABKAAAAAB&google_push=AYg5qPJfVcORVVnsql0PQX8sYkjRZQDRXpom5JYfDer9GleXIFsJSvCddYbHJETAanXnzQg7I12RnHEJoVPZZmEe7hdjFCLZO9ZS&google_cver=1&google_gid=CAESEFjkvGfbgY-IoY230gun_ig HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YksNct4UTVn3MBHk14kPKAAABKAAAAAB&google_push=AYg5qPJfVcORVVnsql0PQX8sYkjRZQDRXpom5JYfDer9GleXIFsJSvCddYbHJETAanXnzQg7I12RnHEJoVPZZmEe7hdjFCLZO9ZS&google_cver=1&google_gid=CAESEFjkvGfbgY-IoY230gun_ig HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YksNct4UTVn3MBHk14kPKAAABKAAAAAB&google_push=AYg5qPJfVcORVVnsql0PQX8sYkjRZQDRXpom5JYfDer9GleXIFsJSvCddYbHJETAanXnzQg7I12RnHEJoVPZZmEe7hdjFCLZO9ZS&google_cver=1&google_gid=CAESEFjkvGfbgY-IoY230gun_ig HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YksNct4UTVn3MBHk14kPKAAABKAAAAAB&google_push=AYg5qPJfVcORVVnsql0PQX8sYkjRZQDRXpom5JYfDer9GleXIFsJSvCddYbHJETAanXnzQg7I12RnHEJoVPZZmEe7hdjFCLZO9ZS&google_cver=1&google_gid=CAESEFjkvGfbgY-IoY230gun_ig

Request Chain 419

https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEFmq-cyYOvwM0qIaK9a0vBA&google_cver=1&google_push=AYg5qPIDWAs91p0seRPTL6md1xDA5MmHZoCdXNKKuHcHjgVN-5D_YHwYkp7qxo5jdqH7LK-v-CN176ZXUR9o60IrA_9Yj1iyF7NAYg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1PTWQxT2NKRTJ1RTRDdjRjcy5Hc0tsR0NTY3cwajd3Sn5B&google_push=AYg5qPIDWAs91p0seRPTL6md1xDA5MmHZoCdXNKKuHcHjgVN-5D_YHwYkp7qxo5jdqH7LK-v-CN176ZXUR9o60IrA_9Yj1iyF7NAYg

Request Chain 473

https://eb2.3lift.com/sync HTTP 302
https://eb2.3lift.com/sync?&ld=1

Request Chain 479

https://sync.serverbid.com/ss/2000891.html HTTP 302
https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/2000891.html

Request Chain 487

https://eb2.3lift.com/ebda?sync=1&gdpr=1&cmp_cs= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MjY4ODY4NzA3MDU1MTMwNjIzOTkwNw%3D%3D

Request Chain 489

https://eb2.3lift.com/sync/google/demand?sync=1&gdpr=1&gdpr_consent= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=triplelift&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MjY4ODY4NzA3MDU1MTMwNjIzOTkwNw%3D%3D

Request Chain 491

https://pr-bh.ybp.yahoo.com/sync/triplelift/2688687070551306239907?gdpr=1&gdpr_consent= HTTP 302
https://eb2.3lift.com/xuid?mid=2662&xuid=y-99wLG0lE2oQvJXqvnglXGpNhW2yJsiuclNjS7_Mrlg--~A&dongle=0883

Request Chain 494

https://s.amazon-adsystem.com/x/757c0557066e95cfd4c7?gdpr=1&gdpr_consent=&uid=2688687070551306239907 HTTP 302
https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&dl=3lift&gdpr=1&gdpr_consent=&uid=2688687070551306239907&dcc=t

Request Chain 495

https://b1sync.zemanta.com/usersync/triplelift?gdpr=1&gdpr_consent= HTTP 302
https://eb2.3lift.com/xuid?mid=2460&dongle=dba8&xuid=&gdpr=1

Request Chain 504

https://ib.adnxs.com/getuid?https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D312%26uid%3D%24UID HTTP 302
https://ads.servenobid.com/sync?pid=312&uid=6514661878502015300

Request Chain 505

https://ce.lijit.com/merge?pid=273657&3pid=273657&gdpr=0&gdpr_consent=&us_privacy=1YN-&&location=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D310%26uid%3D%5BSOVRNID%5D HTTP 302
https://ce.lijit.com/merge?pid=273657&3pid=273657&gdpr=0&gdpr_consent=&us_privacy=1YN-&location=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D310%26uid%3D%5BSOVRNID%5D&dnr=1 HTTP 302
https://ads.servenobid.com/sync?pid=310&uid=0df219cae5e4fef18b8d9d71

Request Chain 508

https://p.rfihub.com/cm?pub=44007&in=1 HTTP 302
https://ads.servenobid.com/sync?pid=324&uid=1789512435564511565

Request Chain 510

https://prebid.a-mo.net/cchain/0?gdpr=0&gdpr_consent=&us_privacy=1YN-&&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D327%26uid%3D HTTP 302
https://ads.servenobid.com/sync?pid=327&uid=6317f8ea-5e59-44f3-aeee-0d12d3cb3af6&gdpr=0&gdpr_consent=&us_privacy=1YN-

Request Chain 511

https://ups.analytics.yahoo.com/ups/58559/occ HTTP 302
https://ads.servenobid.com/sync?pid=337&uid=y-v35Ej1xE2uGW7DM0QxSfCOl9FKU.jDYzIXXQYq4-~A

Request Chain 513

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=17632&endpoint=us-east HTTP 301
https://eus.rubiconproject.com/usync.html?p=17632&endpoint=us-east

Request Chain 517

https://ib.adnxs.com/getuid?https%3A%2F%2Fe.serverbid.com%2Fudb%2F9969%2Fsync%2Fi.gif%3FpartnerId%3D28%26userId%3D%24UID HTTP 302
https://e.serverbid.com/udb/9969/sync/i.gif?partnerId=28&userId=6514661878502015300

Request Chain 518

https://ssum-sec.casalemedia.com/usermatchredir?s=185073&cb=https%3A%2F%2Fe.serverbid.com%2Fudb%2F9969%2Fsync%2Fi.gif%3FpartnerId%3D1%26userId%3D HTTP 302
https://e.serverbid.com/udb/9969/sync/i.gif?partnerId=1&userId=YksNct4UTVn3MBHk14kPKAAA%261184

Request Chain 521

https://pixel.advertising.com/ups/56621/occ HTTP 302
https://ups.analytics.yahoo.com/ups/56621/occ?apid=UP301e2d0f-b42b-11ec-8de4-0254f87e0f0c HTTP 302
https://e.serverbid.com/udb/9969/sync/i.gif?partnerId=29&userId=UP301e2d0f-b42b-11ec-8de4-0254f87e0f0c

Request Chain 522

https://e.serverbid.com/udb/9969/match?redir=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dco%26nuid%3D HTTP 302
https://sync.go.sonobi.com/us.gif?nw=co&nuid=ue1-sb1-859639ea-eeac-4fdf-adab-ad9aacf957ef

Request Chain 523

https://e.serverbid.com/udb/9969/match?redir=https%3A%2F%2Fi.liadm.com%2Fs%2F56939%3Fbidder_id%3D203802%26bidder_uuid%3D HTTP 302
https://i.liadm.com/s/56939?bidder_id=203802&bidder_uuid=ue1-sb1-859639ea-eeac-4fdf-adab-ad9aacf957ef HTTP 303
https://i.liadm.com/s/56939?bidder_id=203802&bidder_uuid=ue1-sb1-859639ea-eeac-4fdf-adab-ad9aacf957ef&_li_chk=true&previous_uuid=a735513126a34cdebe65cc3d3a77013b HTTP 303
https://i6.liadm.com/s/56939?bidder_id=203802&bidder_uuid=ue1-sb1-859639ea-eeac-4fdf-adab-ad9aacf957ef

Request Chain 526

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YksNct4UTVn3MBHk14kPKAAABKAAAAAB HTTP 302
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YksNct4UTVn3MBHk14kPKAAABKAAAAAB&dcc=t

Request Chain 528

https://sync.extend.tv/r.gif?exchange=index HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=152&external_user_id=f8d37842-44f9-4de5-9988-24bb337c2c3f

Request Chain 529

https://pixel.quantserve.com/pixel/p-Z8PuJEk6U7Hyq.gif?idmatch=0&gdpr=1 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=81&&external_user_id=Jzt31SFtdIc8OHPUJz9ugCBte9U8aHCGKTkGvejb

Request Chain 530

https://casale-match.dotomi.com/match/bounce/current?networkId=19998&version=1&gdpr=1 HTTP 302
https://dsum.casalemedia.com/rum?cm_dsp_id=65&external_user_id=&expiration=1649172214&gdpr=1

Request Chain 533

https://token.rubiconproject.com/token?pid=25470 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDFLVjQwVzYtMUotR0ZBSw==

Request Chain 534

https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id= HTTP 302
https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=&dcc=t HTTP 302
https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=ix67ShiVSNyrLNmBCipA9g&rk=usync-other HTTP 302
https://aax-eu.amazon-adsystem.com/s/ecm3?ex=rubiconprojectHMT&id=ix67ShiVSNyrLNmBCipA9g

Request Chain 535

https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id= HTTP 302
https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=&dcc=t HTTP 302
https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=IwUx3lm8T22l_oNKgJ36HQ&rk=usync-na HTTP 302
https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=IwUx3lm8T22l_oNKgJ36HQ

Request Chain 536

https://token.rubiconproject.com/token?pid=36584 HTTP 302
https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=L1KV40W6-1J-GFAK

Request Chain 538

https://token.rubiconproject.com/token?pid=26594 HTTP 302
https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=L1KV40W6-1J-GFAK&sigv=1&esig=2~aa44ccb19153c7c9be89c1d2f372fe98ef1f98a3

Request Chain 539

https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc HTTP 302
https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEEHUZ1hbN72gAKeuJaMHImE&google_cver=1

Request Chain 541

https://secure.adnxs.com/getuid?https://rtb.gumgum.com/usersync?b=apn&i=$UID HTTP 302
https://rtb.gumgum.com/usersync?b=apn&i=6514661878502015300

Request Chain 542

https://x.bidswitch.net/sync?ssp=gumgum2&user_id=e_1bea6735-db7d-4315-b350-f30157d5ad6a&gdpr=0&gdpr_consent=&us_privacy=1--- HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=gumgum2&user_id=e_1bea6735-db7d-4315-b350-f30157d5ad6a&gdpr=0&gdpr_consent=&us_privacy=1--- HTTP 302
https://c1.adform.net/serving/cookie/match/?party=24&bidswitch_ssp_id=gumgum2 HTTP 302
https://x.bidswitch.net/sync?dsp_id=70&user_id=1610214913330412716&ssp=gumgum2 HTTP 302
https://rtb.gumgum.com/usersync?b=bsw&i=15890a4f-bb9f-4a45-aeff-f776621a0fce

Request Chain 543

https://sync.outbrain.com/redirectObuid?platformId=GUMGU18H7EL9NI653I7DPEH51&gdpr=0&gdprConsent=&platformRdUrl=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dobn%26i%3D%7BOB_UID%7D%26r%3D%7BobRdUrl%7D HTTP 302
https://rtb.gumgum.com/usersync?b=obn&i=ENC%28hgMJHrnitVluyEbAFYEj1epiaxRkuPiKRkR3Vf-fMg7vMz6uPo3y5iuuWY1mR5k0%29&r=https%3A%2F%2Fsync.outbrain.com%2FsyncUser%3FplatformId%3D%7Bplatform_id%7D%26platformUid%3D%7Bplatform_uid%7D%26obuid%3DENC%28hgMJHrnitVluyEbAFYEj1epiaxRkuPiKRkR3Vf-fMg7vMz6uPo3y5iuuWY1mR5k0%29 HTTP 302
https://sync.outbrain.com/syncUser?platformId=GUMGU18H7EL9NI653I7DPEH51&platformUid=e_1bea6735-db7d-4315-b350-f30157d5ad6a&obuid=ENC(hgMJHrnitVluyEbAFYEj1epiaxRkuPiKRkR3Vf-fMg7vMz6uPo3y5iuuWY1mR5k0) HTTP 302
https://sync.outbrain.com/syncPartner?platformId=GUMGU18H7EL9NI653I7DPEH51 HTTP 302
https://cs.emxdgt.com/um?gdpr=$GDPR_APPLIES&gdpr_consent=$CONSNT_STRING&redirect=https%3A%2F%2Fsync.outbrain.com%2Fcookie-sync%3Fp%3Demx%26uid%3D%24UID%26obUid%3DhgMJHrnitVluyEbAFYEj1epiaxRkuPiKRkR3Vf-fMg7vMz6uPo3y5iuuWY1mR5k0%0A

Request Chain 544

https://us-u.openx.net/w/1.0/cm?_={CACHEBUSTER}&id=47f31213-389c-4904-aaa6-9b11aab9c211&gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dopx%26i%3D HTTP 302
https://rtb.gumgum.com/usersync?b=opx&i=98b8b8f7-086d-45ba-a76a-187a8465940b

Request Chain 545

https://sync.srv.stackadapt.com/sync?nid=1&gdpr=0&gdpr_consent= HTTP 302
https://rtb.gumgum.com/usersync?b=sta&i=0-ba410093-0c40-4952-5006-10dbbeed70d7$ip$217.114.215.132

Request Chain 546

https://pr-bh.ybp.yahoo.com/sync/gumgum?gdpr=0&gdpr_consent= HTTP 302
https://rtb.gumgum.com/usersync?b=oth&i=y-C3RWuT5E2pf_4_5pwwZyK64E3KlbFof7XE84~A

Request Chain 547

https://sync.ipredictive.com/d/sync/cookie/generic?partner=gumgum&cspid=9&append=1&cb=${ADELPHIC_CACHE_BUSTER}&gdpr=0&gdpr_consent=&us_privacy=1---&redirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dvnt%26i%3D HTTP 302
https://rtb.gumgum.com/usersync?b=vnt&i=3163a4f0-b42b-11ec-9fec-dbd44b831426

Request Chain 550

https://b1sync.zemanta.com/usersync/gumgum/?puid=e_1bea6735-db7d-4315-b350-f30157d5ad6a&gdpr=0&gdpr_consent=&us_privacy=1--- HTTP 302
https://stags.bluekai.com/site/23178?id=uK08ugMwTq4CJva-tS_m&redir=https%3A%2F%2Fb1sync.zemanta.com%2Fusersync%2Fbluekai%2Fcallback%2F%3Fd%3DNB2HI4DTHIXS64TUMIXGO5LNM52W2LTDN5WS65LTMVZHG6LOMM7WEPL2MVWSMZLYMNUGC3THMU6WO5LNM52W2JTHMRYHEPJQEZUT25KLGA4HKZ2NO5KHCNCDJJ3GCLLUKNPW2JTVONPXA4TJOZQWG6J5GEWS2LI&gdpr=0&us_privacy=1--- HTTP 302
https://b1sync.zemanta.com/usersync/bluekai/callback/?d=NB2HI4DTHIXS64TUMIXGO5LNM52W2LTDN5WS65LTMVZHG6LOMM7WEPL2MVWSMZLYMNUGC3THMU6WO5LNM52W2JTHMRYHEPJQEZUT25KLGA4HKZ2NO5KHCNCDJJ3GCLLUKNPW2JTVONPXA4TJOZQWG6J5GEWS2LI HTTP 302
https://rtb.gumgum.com/usersync?b=zem&gdpr=0&i=uK08ugMwTq4CJva-tS_m&us_privacy=1---

Request Chain 551

https://ad.360yield.com/server_match?partner_id=N&r=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Didi%26i%3D%7BPUB_USER_ID%7D HTTP 302
https://usersync.gumgum.com/usersync?b=idi&i=b5235344-2801-4be6-831c-ac1c698528b6

Request Chain 552

https://sync.1rx.io/usersync2/floor6&gdpr=0&gdpr_consent= HTTP 302
https://sync.1rx.io/usersync2/floor6?zcc=1&cb=1649085814362

Request Chain 553

https://bh.contextweb.com/bh/rtset?pid=558355&ev=1&rurl=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dpln%26i%3D%25%25VGUID%25%25 HTTP 302
https://rtb.gumgum.com/usersync?b=pln&i=2GYb886yGFWr&ev=1&pid=558355

Request Chain 559

https://sync.mathtag.com/sync/img?mt_exid=71&gdpr=0&gdpr_consent=&redir=https%3a%2f%2frtb.gumgum.com%2fusersync%3fb%3dmmh%26i%3d%5bMM_UUID%5d HTTP 302
https://rtb.gumgum.com/usersync?b=mmh&i=3039624b-0d74-4700-b428-ff9fe7626b72&gdpr=0&gdpr_consent=

Request Chain 560

https://sync-tm.everesttech.net/upi/pid/URnmbSKM?redir=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Datm%26i%3D%24%7BTM_USER_ID%7D&gdpr=0&gdpr_consent= HTTP 302
https://usersync.gumgum.com/usersync?b=atm&i=YksNbwAAAK5spAP0&gdpr=0&gdpr_consent=

Request Chain 563

https://match.adsrvr.org/track/cmf/generic?ttd_pid=gumgum&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
https://rtb.gumgum.com/usersync?b=ttd&i=6766d44e-e80f-4f86-93fa-4ff419910582&t=1651677814

Request Chain 564

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=gumgum HTTP 301
https://eus.rubiconproject.com/usync.html?p=gumgum

Request Chain 565

https://cs.emxdgt.com/um?redirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Demx%26i%3D%24UID&gdpr=0&gdpr_consent= HTTP 302
https://ib.adnxs.com/getuid?https://cs.emxdgt.com/umcheck?apnxid=$UID&redirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Demx%26i%3D%24EMXUID HTTP 302
https://cs.emxdgt.com/umcheck?apnxid=6514661878502015300&redirect=https://usersync.gumgum.com/usersync?b=emx&i=$EMXUID HTTP 302
https://usersync.gumgum.com/usersync?b=emx&uid=6514661878502015300brt18711649085814339617f1

Request Chain 566

https://tg.socdm.com/aux/idsync?proto=gumgum HTTP 302
https://rtb.gumgum.com/usersync?b=sus&i=YksNdsCo5tAAAMJwevEAAAAA

Request Chain 567

https://creativecdn.com/cm-notify?pi=gumgum HTTP 302
https://creativecdn.com/cm-notify?pi=gumgum&tc=1 HTTP 302
https://rtb.gumgum.com/usersync?b=rth&i=E9H03ZLi7ugWcW0gJcGL&pi=gumgum&tc=1

Request Chain 571

https://match.adsrvr.org/track/cmf/generic?ttd_pid=smart-adserver&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
https://rtb-csync.smartadserver.com/redir/?partnerid=75&issi=1&partneruserid=6766d44e-e80f-4f86-93fa-4ff419910582&gdpr=1&gdpr_consent=

Request Chain 572

https://secure.adnxs.com/getuid?https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D86%26partneruserid%3D$UID&gdpr=0&gdpr_consent= HTTP 302
https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=86&partneruserid=6514661878502015300&gdpr=0&gdpr_consent=

Request Chain 573

https://sync.1rx.io/usersync2/smartadserver?gdpr=0&gdpr_consent= HTTP 302
https://sync.1rx.io/usersync2/smartadserver?zcc=1&cb=1649085814529 HTTP 302
https://rtb-csync.smartadserver.com/redir/?partnerid=113&partneruserid=OPTOUT

Request Chain 574

https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=135&partneruserid=TAM_OK&redirurl=https%3A%2F%2Fs.amazon-adsystem.com%2Fdcm%3Fpid%3D72348060-38ad-4586-8e4f-f1e2a8e789b3%26id%3DSMART_USER_ID&gdpr=0&gdpr_consent= HTTP 302
https://s.amazon-adsystem.com/dcm?pid=72348060-38ad-4586-8e4f-f1e2a8e789b3&id=6022361112205237142&gdpr=0&gdpr_consent=

581 HTTP transactions
-1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
threatpost.com/google-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch/179103/ 90 KB
24 KB 411ms
200ms Document
text/html 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://threatpost.com/google-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch/179103/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-35-173-160-135.compute-1.amazonaws.com

Software

nginx /

Resource Hash

05a8c9fcf4de3fce82d6c670ece5dba2ef3b2e2d700f5a114107f3fee44dcf49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Connection: close
Content-Encoding: gzip
Content-Type: text/html; charset=UTF-8
Date: Mon, 04 Apr 2022 15:23:25 GMT
Link: <https://threatpost.com/wp-json/>; rel="https://api.w.org/" <https://threatpost.com/wp-json/wp/v2/posts/179103>; rel="alternate"; type="application/json" <https://threatpost.com/?p=179103>; rel=shortlink
Server: nginx
Strict-Transport-Security: max-age=31536000; includeSubDomains
Transfer-Encoding: chunked
X-Content-Type-Options: nosniff
X-Debug-Auth: off
X-Frame-Options: SAMEORIGIN
X-Request-Host: threatpost.com
X-XSS-Protection: 1; mode=block
x-cache-hit: HIT

GET
H/1.1 200
OK museosans-900italic-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 15 KB
15 KB 404ms
203ms Font
font/woff2 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-900italic-webfont.woff2
Requested by: Host: threatpost.com
URL: https://threatpost.com/google-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch/179103/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 8edaef698e025c37ba9e8d632a895d7252c62251df3f095d5cff17b6f3304854

Request headers

Referer: https://threatpost.com/google-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch/179103/
Origin: https://threatpost.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date: Mon, 04 Apr 2022 15:23:25 GMT
Last-Modified: Mon, 04 Apr 2022 09:15:26 GMT
Server: nginx
ETag: "624ab72e-3ca8"
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Connection: close
Accept-Ranges: bytes
Content-Length: 15528

GET
H/1.1 200
OK museosans-900-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 20 KB
21 KB 405ms
202ms Font
font/woff2 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-900-webfont.woff2
Requested by: Host: threatpost.com
URL: https://threatpost.com/google-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch/179103/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 4823c011e4b4cb4b7f35ced3ab09d57215ee243676d9bfcc24d10ec77d3db398

Request headers

Referer: https://threatpost.com/google-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch/179103/
Origin: https://threatpost.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date: Mon, 04 Apr 2022 15:23:25 GMT
Last-Modified: Mon, 04 Apr 2022 09:15:25 GMT
Server: nginx
ETag: "624ab72d-5124"
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Connection: close
Accept-Ranges: bytes
Content-Length: 20772

GET
H/1.1 200
OK museosans-700italic-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 15 KB
16 KB 405ms
203ms Font
font/woff2 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-700italic-webfont.woff2
Requested by: Host: threatpost.com
URL: https://threatpost.com/google-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch/179103/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 859faa9b9ed0990288b2f393a102b1fe2668ac79088b113b6f0beaee521221eb

Request headers

Referer: https://threatpost.com/google-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch/179103/
Origin: https://threatpost.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date: Mon, 04 Apr 2022 15:23:25 GMT
Last-Modified: Mon, 04 Apr 2022 09:15:28 GMT
Server: nginx
ETag: "624ab730-3dcc"
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Connection: close
Accept-Ranges: bytes
Content-Length: 15820

GET
H/1.1 200
OK museosans-700-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 20 KB
21 KB 406ms
203ms Font
font/woff2 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-700-webfont.woff2
Requested by: Host: threatpost.com
URL: https://threatpost.com/google-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch/179103/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: ae00ae9c862bc8b8923efd1d9a18befa912678a869d4dd01179a59ed3de731be

Request headers

Referer: https://threatpost.com/google-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch/179103/
Origin: https://threatpost.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date: Mon, 04 Apr 2022 15:23:25 GMT
Last-Modified: Mon, 04 Apr 2022 09:15:25 GMT
Server: nginx
ETag: "624ab72d-51a4"
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Connection: close
Accept-Ranges: bytes
Content-Length: 20900

GET
H/1.1 200
OK museosans-500italic-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 23 KB
23 KB 407ms
202ms Font
font/woff2 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-500italic-webfont.woff2
Requested by: Host: threatpost.com
URL: https://threatpost.com/google-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch/179103/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 17aee1fe3d7d16e647b97f568230c2ff36c1855ce35ce930c26aec5d2c58eaf4

Request headers

Referer: https://threatpost.com/google-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch/179103/
Origin: https://threatpost.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date: Mon, 04 Apr 2022 15:23:25 GMT
Last-Modified: Mon, 04 Apr 2022 09:15:26 GMT
Server: nginx
ETag: "624ab72e-5c74"
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Connection: close
Accept-Ranges: bytes
Content-Length: 23668

GET
H/1.1 200
OK museosans-500-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 20 KB
21 KB 407ms
202ms Font
font/woff2 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-500-webfont.woff2
Requested by: Host: threatpost.com
URL: https://threatpost.com/google-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch/179103/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 2de77164bb9924542e1dea4ee4a0ff27d40b51a3d7939dac7db11a95045c9b7d

Request headers

Referer: https://threatpost.com/google-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch/179103/
Origin: https://threatpost.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date: Mon, 04 Apr 2022 15:23:25 GMT
Last-Modified: Mon, 04 Apr 2022 09:15:28 GMT
Server: nginx
ETag: "624ab730-5194"
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Connection: close
Accept-Ranges: bytes
Content-Length: 20884

GET
H/1.1 200
OK museosans-300italic-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 23 KB
23 KB 814ms
207ms Font
font/woff2 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-300italic-webfont.woff2
Requested by: Host: threatpost.com
URL: https://threatpost.com/google-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch/179103/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: f8a2b5b62eb722c3379b30cf0cc58d3176ee6be48036d6ad2aa838d2029c4189

Request headers

Referer: https://threatpost.com/google-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch/179103/
Origin: https://threatpost.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date: Mon, 04 Apr 2022 15:23:26 GMT
Last-Modified: Mon, 04 Apr 2022 09:15:26 GMT
Server: nginx
ETag: "624ab72e-5bac"
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Connection: close
Accept-Ranges: bytes
Content-Length: 23468

GET
H/1.1 200
OK museosans-300-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 20 KB
21 KB 812ms
205ms Font
font/woff2 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-300-webfont.woff2
Requested by: Host: threatpost.com
URL: https://threatpost.com/google-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch/179103/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 45ddc09b0ad6ab916bd9a0282070b161045e186fc025303f4aa1aa821fc45ac7

Request headers

Referer: https://threatpost.com/google-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch/179103/
Origin: https://threatpost.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date: Mon, 04 Apr 2022 15:23:26 GMT
Last-Modified: Mon, 04 Apr 2022 09:15:26 GMT
Server: nginx
ETag: "624ab72e-51b8"
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Connection: close
Accept-Ranges: bytes
Content-Length: 20920

GET
H/1.1 200
OK museosans-100italic-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 23 KB
23 KB 813ms
202ms Font
font/woff2 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-100italic-webfont.woff2
Requested by: Host: threatpost.com
URL: https://threatpost.com/google-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch/179103/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 038fc4d49a9191d416d49841f371b6e0b06bb40f719124099d40fe8f393b9e2c

Request headers

Referer: https://threatpost.com/google-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch/179103/
Origin: https://threatpost.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date: Mon, 04 Apr 2022 15:23:26 GMT
Last-Modified: Mon, 04 Apr 2022 09:15:25 GMT
Server: nginx
ETag: "624ab72d-5b34"
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Connection: close
Accept-Ranges: bytes
Content-Length: 23348

GET
H/1.1 200
OK museosans-100-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 20 KB
20 KB 812ms
201ms Font
font/woff2 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-100-webfont.woff2
Requested by: Host: threatpost.com
URL: https://threatpost.com/google-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch/179103/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 06fc565587b8b700936a1677218cb269a6cc31ca5f701eb45461e86a3d54d5c7

Request headers

Referer: https://threatpost.com/google-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch/179103/
Origin: https://threatpost.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date: Mon, 04 Apr 2022 15:23:26 GMT
Last-Modified: Mon, 04 Apr 2022 09:15:25 GMT
Server: nginx
ETag: "624ab72d-50c8"
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Connection: close
Accept-Ranges: bytes
Content-Length: 20680

GET
H2 200 op.js Show response
tagan.adlightning.com/math-aids-threatpost/ 44 KB
18 KB 75ms
27ms Script
application/javascript 65.9.66.117
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Requested by: Host: threatpost.com
URL: https://threatpost.com/google-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch/179103/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.117 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-117.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 4d94a0f51bade076fa154e469f12563fcee377fd94d79ca6d080d231e0e8b1d1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

x-amz-version-id: HkG2Wiu3pjH4_E8Lal0CHGT1z3YrEXeV
content-encoding: gzip
etag: "c4d48c8dc1b5ae975f43aaa90c2be257"
age: 1774
x-cache: Hit from cloudfront
content-length: 18353
x-amz-meta-git_commit: 7b120a5
last-modified: Sat, 02 Apr 2022 00:32:20 GMT
server: AmazonS3
date: Mon, 04 Apr 2022 15:23:26 GMT
content-type: application/javascript
via: 1.1 4f114016fe4d6c05531b0486ec2868be.cloudfront.net (CloudFront)
cache-control: max-age=3600
x-amz-cf-pop: FRA56-C1
accept-ranges: bytes
x-amz-cf-id: ykREfzxD8ywaLsj_CKi5zeINXOSYx8SfA5CzkQ3byXq1K6AqC73sOg==

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ 83 KB
28 KB 78ms
31ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: threatpost.com
URL: https://threatpost.com/google-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch/179103/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

abfb1f15c2cb3df79d00d5c685c6840b8f5c91ecebb41650eacb4611aeff6071

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:23:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28206
x-xss-protection: 0
server: sffe
etag: "1177 / 888 of 1000 / last-modified: 1649070350"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Mon, 04 Apr 2022 15:23:26 GMT

GET
H2 200 ros-layout.js Show response
qd.admetricspro.com/js/threatpost/ 26 KB
4 KB 214ms
159ms Script
application/javascript 2606:4700:3031::6815:456d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://qd.admetricspro.com/js/threatpost/ros-layout.js
Requested by: Host: threatpost.com
URL: https://threatpost.com/google-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch/179103/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::6815:456d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2a647d79b31b4b19f30c795aac862bcf5b424731c732e239775127b8ac4aae0a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:23:25 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Wed, 09 Mar 2022 04:05:55 GMT
server: cloudflare
etag: W/"67e2-5d9c136d2119a-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QHttHkZTyd6Y%2FjRyiHHfb00qYTdLOAJpR8pEz1iU9FWlAfLPQGhUkzG9YtmaqU1c1E7q%2Ff%2FhL2DpY4z%2BJFf1o9FGIc3qx2u24WwsNGQQwYKZXEq21km%2B6hHn9R0wIM0YdY3VlEaY3IX%2BecQz7NHBi2lN"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=14400
cf-ray: 6f6b0b8da8249b83-FRA
expires: Mon, 04 Apr 2022 15:31:58 GMT

GET
H2 200 cmp.js Show response
qd.admetricspro.com/js/threatpost/ 310 KB
90 KB 204ms
202ms Script
application/javascript 2606:4700:3031::6815:456d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://qd.admetricspro.com/js/threatpost/cmp.js
Requested by: Host: threatpost.com
URL: https://threatpost.com/google-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch/179103/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::6815:456d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 519815bc4a3dd9a571cb56f57c7c6abfbda2b4e2de8c4b884a7535a1705438f2

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:23:26 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Tue, 01 Jun 2021 14:47:10 GMT
server: cloudflare
etag: W/"4d957-5c3b56abf6028-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IbDBhvDiL4pjOqzNtApfP6n8a27zvHvZjK6zshWxNSLcL728xCDbWZyEqVOcrJvnVL8s%2BKv8RZHt94g3aENLN3X%2B06%2F5sbzdo8bqTtN1eeiGzyafppLhBT%2FgoyWTEXBfY%2BFhGc7nY46t8D6UnfAiQ9gi"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=14400
cf-ray: 6f6b0b945af79b83-FRA
expires: Mon, 04 Apr 2022 15:31:02 GMT

GET
H2 200 uspcmp.js Show response
qd.admetricspro.com/js/threatpost/ 148 KB
58 KB 187ms
186ms Script
application/javascript 2606:4700:3031::6815:456d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://qd.admetricspro.com/js/threatpost/uspcmp.js
Requested by: Host: threatpost.com
URL: https://threatpost.com/google-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch/179103/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::6815:456d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1ae61ed61290f9bf2619f52667aafa622c805072c75765025f0b61a23862005f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:23:26 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Sat, 08 Aug 2020 22:40:07 GMT
server: cloudflare
etag: W/"24e50-5ac65673cef1c-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jMHE%2FemJns15TKvprFePztDEDnsImqZEPc%2BFIDmRfIRIWmTRSCEyrg9wumZm%2FM%2B86Cpnlftk9EQZCi4JAhnK%2BoUHLjnlLrLTAoi8%2BhE0E1LrQ6TGYNvoqkVlu6KWkQB2wwT1ILuDI98%2Fvf0GMfVYT8RA"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=14400
cf-ray: 6f6b0b945afc9b83-FRA
expires: Mon, 04 Apr 2022 15:31:13 GMT

GET
H2 200 targeting.js Show response
qd.admetricspro.com/js/threatpost/ 393 B
524 B 187ms
185ms Script
application/javascript 2606:4700:3031::6815:456d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://qd.admetricspro.com/js/threatpost/targeting.js
Requested by: Host: threatpost.com
URL: https://threatpost.com/google-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch/179103/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::6815:456d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 03cc687f0c8a2d1694e509b91fcd6c62c0fbdbdbdb850b8007b8052f649c7f77

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:23:26 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Wed, 04 Aug 2021 21:50:12 GMT
server: cloudflare
etag: W/"189-5c8c2c96f96c7-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ijNu6X0N5RAY803VmVJW0bWftYyKmwUWynQhPy9zi3xac%2B%2BjwxKABRvijFcZI2QebA88atCDBx3Cz08ShQTZ4NiLF1zYhMo2RpprgQ3Wudrkvfg7ssQ%2FAooEDjJw0CCM3enr5ZAVuTomIjLriDj3UVfP"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=14400
cf-ray: 6f6b0b945afe9b83-FRA
expires: Mon, 04 Apr 2022 15:29:47 GMT

GET
H2 200 prebid.js Show response
qd.admetricspro.com/js/threatpost/ 430 KB
124 KB 169ms
167ms Script
application/javascript 2606:4700:3031::6815:456d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Requested by: Host: threatpost.com
URL: https://threatpost.com/google-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch/179103/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::6815:456d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c8c03fd4dea0f2c83fa05b10dfd913bfcff51d05e0c6e84b7f340b857fdda517

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:23:26 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Thu, 14 Oct 2021 15:35:01 GMT
server: cloudflare
etag: W/"6b738-5ce51d26ef74c-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BM3fFn5Q4hMIWuvlEywffZYd0hdQjCtlGf0H8eYtPIhAhJtjHdGec3IJCwCyY1E4cFrYURVxdzoGjdkEmKPF7EOQ5R56uOEvvt0ILE04wUKyzh62l7P3h3%2B86Jwug4G%2FAcS5vT6YAJ9QvHcIu%2B832VQd"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=14400
cf-ray: 6f6b0b945b039b83-FRA
expires: Mon, 04 Apr 2022 15:31:24 GMT

GET
H2 200 engine.js Show response
qd.admetricspro.com/js/threatpost/ 35 KB
11 KB 216ms
162ms Script
application/javascript 2606:4700:3031::6815:456d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://qd.admetricspro.com/js/threatpost/engine.js
Requested by: Host: threatpost.com
URL: https://threatpost.com/google-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch/179103/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::6815:456d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6e6377776a1104aed9b11142115b22dcaad3cf78ae76d255e454b04b7189af32

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:23:25 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Mon, 24 Jan 2022 02:31:38 GMT
server: cloudflare
etag: W/"8cae-5d64ac49b9c1c-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BMyoIREWjOZXtN6wzgVvZyfneJwH7SI%2FBx2iqsfP1DE26E55Uy%2BPdTJcN9mrL%2B%2BcyaKPQwwt%2BxaurJGhM52mEZ3A%2BiZECuWCG6x3etjv2w0UqPlp8aBFKeC2nkUQmiyatLP1HyA3fsR7FYb3fme7usTb"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=14400
cf-ray: 6f6b0b8da82c9b83-FRA
expires: Mon, 04 Apr 2022 15:32:20 GMT

GET
H2 200 /
assets.threatpost.com/wp-content/plugins/bwp-minify/min/ 294 KB
42 KB 440ms
381ms Stylesheet
text/css 2600:9000:2057:1200:2:9275:3d40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=1d62b9db

Requested by

Host: threatpost.com
URL: https://threatpost.com/google-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch/179103/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2057:1200:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

62cbf085d014439b719c84c3d2f3222fde66e299c2da1b41dfc4dbb315db0456

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:23:25 GMT
content-encoding: gzip
x-amz-cf-pop: FRA6-C1
x-cache: Miss from cloudfront
content-length: 42696
x-cache-hit: HIT
last-modified: Mon, 04 Apr 2022 09:15:26 GMT
server: nginx
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/css; charset=utf-8
via: 1.1 49140b838a62cd29e30f20e39a82dad0.cloudfront.net (CloudFront)
cache-control: max-age=86400
x-debug-auth: off
x-request-host: assets.threatpost.com
x-amz-cf-id: CJJa-PPPP0VhlklLJdVeSAZqHAWl_T4A720gAGHUWTYXVCFE_idyfg==
expires: Tue, 05 Apr 2022 09:18:00 GMT

GET
H/1.1 200
OK jquery-1.12.4-wp.js Show response
threatpost.com/wp-content/plugins/kaspersky-enable-jquery-migrate-helper/js/jquery/ 95 KB
37 KB 814ms
202ms Script
application/x-javascript 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/plugins/kaspersky-enable-jquery-migrate-helper/js/jquery/jquery-1.12.4-wp.js?ver=1.12.4-wp
Requested by: Host: threatpost.com
URL: https://threatpost.com/google-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch/179103/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 3bb2621a4c0c710f6e78404473aebff8e115a28f8d53f44339b867c63ad93b26

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/google-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch/179103/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: public
Date: Mon, 04 Apr 2022 15:23:26 GMT
Content-Encoding: gzip
Last-Modified: Mon, 04 Apr 2022 09:15:25 GMT
Server: nginx
ETag: W/"624ab72d-17a56"
Transfer-Encoding: chunked
Content-Type: application/x-javascript
Cache-Control: max-age=604800, public
Connection: close
Expires: Mon, 11 Apr 2022 15:23:26 GMT

GET
H/1.1 200
OK alert_text.js Show response
threatpost.com/wp-content/plugins/kaspersky-cookies-notification/scripts/ 107 B
461 B 716ms
105ms Script
application/x-javascript 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/plugins/kaspersky-cookies-notification/scripts/alert_text.js?ver=1649063725
Requested by: Host: threatpost.com
URL: https://threatpost.com/google-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch/179103/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 68cdaaeccd079ab33df06d3e5fb47594a4458a6491d48a8ae2f394defb419eb5

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/google-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch/179103/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: public
Date: Mon, 04 Apr 2022 15:23:26 GMT
Content-Encoding: gzip
Last-Modified: Mon, 04 Apr 2022 09:15:25 GMT
Server: nginx
ETag: W/"624ab72d-6b"
Transfer-Encoding: chunked
Content-Type: application/x-javascript
Cache-Control: max-age=604800, public
Connection: close
Expires: Mon, 11 Apr 2022 15:23:26 GMT

GET
H/1.1 200
OK alert.js Show response
threatpost.com/wp-content/plugins/kaspersky-cookies-notification/scripts/ 4 KB
2 KB 1024ms
104ms Script
application/x-javascript 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/plugins/kaspersky-cookies-notification/scripts/alert.js?ver=1649063725
Requested by: Host: threatpost.com
URL: https://threatpost.com/google-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch/179103/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 500288356853c7199a27a6a2cdcd14b217d18dd9c8103272d8e6def6acbe2580

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/google-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch/179103/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: public
Date: Mon, 04 Apr 2022 15:23:26 GMT
Content-Encoding: gzip
Last-Modified: Mon, 04 Apr 2022 09:15:27 GMT
Server: nginx
ETag: W/"624ab72f-104a"
Transfer-Encoding: chunked
Content-Type: application/x-javascript
Cache-Control: max-age=604800, public
Connection: close
Expires: Mon, 11 Apr 2022 15:23:26 GMT

GET
H/1.1 200
OK public.js Show response
threatpost.com/wp-content/plugins/honeypot-comments/public/assets/js/ 116 B
495 B 1115ms
103ms Script
application/x-javascript 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/plugins/honeypot-comments/public/assets/js/public.js?ver=1.0.0
Requested by: Host: threatpost.com
URL: https://threatpost.com/google-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch/179103/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 931dc539e87db7f509be9c77dfcc9b2baee0b91e5236aa04580ab14ed81e2cc0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/google-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch/179103/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: public
Date: Mon, 04 Apr 2022 15:23:26 GMT
Content-Encoding: gzip
Last-Modified: Wed, 11 Jun 2014 19:20:42 GMT
Server: nginx
ETag: W/"5398ac0a-74"
Transfer-Encoding: chunked
Content-Type: application/x-javascript
Cache-Control: max-age=604800, public
Connection: close
Expires: Mon, 11 Apr 2022 15:23:26 GMT

GET
H/1.1 200
OK kaspersky-twitter-pullquote.js Show response
threatpost.com/wp-content/plugins/kspr_twitter_pullquote/js/ 599 B
713 B 1119ms
102ms Script
application/x-javascript 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/plugins/kspr_twitter_pullquote/js/kaspersky-twitter-pullquote.js?ver=1.0
Requested by: Host: threatpost.com
URL: https://threatpost.com/google-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch/179103/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 1791bf831c158912a11ca40bcf5f3573fc54ec8f8343c37780dab679c0203d63

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/google-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch/179103/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: public
Date: Mon, 04 Apr 2022 15:23:26 GMT
Content-Encoding: gzip
Last-Modified: Mon, 04 Apr 2022 09:15:25 GMT
Server: nginx
ETag: W/"624ab72d-257"
Transfer-Encoding: chunked
Content-Type: application/x-javascript
Cache-Control: max-age=604800, public
Connection: close
Expires: Mon, 11 Apr 2022 15:23:26 GMT

GET
H/1.1 200
OK loadmore.js Show response
threatpost.com/wp-content/themes/threatpost-2018/assets/js/ 4 KB
2 KB 1118ms
102ms Script
application/x-javascript 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/js/loadmore.js?ver=5.9.2
Requested by: Host: threatpost.com
URL: https://threatpost.com/google-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch/179103/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: e0f1df7af81fd8eb920863093c426fdafd241b8d9aeb6126fb2fd24f36c061b3

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/google-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch/179103/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: public
Date: Mon, 04 Apr 2022 15:23:26 GMT
Content-Encoding: gzip
Last-Modified: Mon, 04 Apr 2022 09:15:28 GMT
Server: nginx
ETag: W/"624ab730-11e7"
Transfer-Encoding: chunked
Content-Type: application/x-javascript
Cache-Control: max-age=604800, public
Connection: close
Expires: Mon, 11 Apr 2022 15:23:26 GMT

GET
H/1.1 200
OK social-share.js Show response
threatpost.com/wp-content/plugins/kaspersky-social-sharing/assets/js/ 18 KB
6 KB 1120ms
104ms Script
application/x-javascript 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/plugins/kaspersky-social-sharing/assets/js/social-share.js?ver=1.0.0
Requested by: Host: threatpost.com
URL: https://threatpost.com/google-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch/179103/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 546be401414bcb20cdea07cdbcd806409b9629e4895737e214401948c40409f3

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/google-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch/179103/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: public
Date: Mon, 04 Apr 2022 15:23:26 GMT
Content-Encoding: gzip
Last-Modified: Mon, 04 Apr 2022 09:15:26 GMT
Server: nginx
ETag: W/"624ab72e-484d"
Transfer-Encoding: chunked
Content-Type: application/x-javascript
Cache-Control: max-age=604800, public
Connection: close
Expires: Mon, 11 Apr 2022 15:23:26 GMT

GET
H2 200 chrome_bug.png
media.threatpost.com/wp-content/uploads/sites/103/2022/03/25091849/ 37 KB
38 KB 123ms
56ms Image
image/png 2600:9000:21f3:da00:0:5c46:4f40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.threatpost.com/wp-content/uploads/sites/103/2022/03/25091849/chrome_bug.png
Requested by: Host: threatpost.com
URL: https://threatpost.com/google-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch/179103/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21f3:da00:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 02f9d93789c1c6eb90e5a580da466fb57aa49759c8a2caac2a945744eb66f60f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 25 Mar 2022 13:20:05 GMT
via: 1.1 ad46d498157a92ab1076f74db460670c.cloudfront.net (CloudFront), 1.1 56fad5a50ef67bd961b9722ed0931838.cloudfront.net (CloudFront)
last-modified: Fri, 25 Mar 2022 13:18:50 GMT
server: AmazonS3
age: 871402
etag: "67d9ff812dfd90afe68ab2556074c911"
x-cache: Hit from cloudfront
content-type: image/png
cache-control: max-age=31536000
x-amz-cf-pop: FRA50-C1, FRA2-C2
accept-ranges: bytes
content-length: 38095
x-amz-cf-id: 7c5TDLc4u-9mmCQlu4hGV1-XB76ZmvPW4Ld0UsXjJMUTfy8eY4Xm_g==
expires: Sat, 25 Mar 2023 13:18:49 GMT

GET
H2 200 apple-with-bandaid-540x270.jpeg
media.threatpost.com/wp-content/uploads/sites/103/2021/10/27115334/ 17 KB
17 KB 80ms
25ms Image
image/jpeg 2600:9000:21f3:da00:0:5c46:4f40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.threatpost.com/wp-content/uploads/sites/103/2021/10/27115334/apple-with-bandaid-540x270.jpeg
Requested by: Host: threatpost.com
URL: https://threatpost.com/google-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch/179103/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21f3:da00:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 84bd5c5ee263222372ea62269eb1814c32b3a241bd37fcb5d6b7c5584590c8ee

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 29 Mar 2022 10:41:19 GMT
via: 1.1 24475cc722041223cf99f56b55432566.cloudfront.net (CloudFront), 1.1 56fad5a50ef67bd961b9722ed0931838.cloudfront.net (CloudFront)
last-modified: Wed, 27 Oct 2021 15:53:39 GMT
server: AmazonS3
age: 535328
etag: "c0525d43b32f781b689054a198fedaa7"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000
x-amz-cf-pop: FRA50-C1, FRA2-C2
accept-ranges: bytes
content-length: 17027
x-amz-cf-id: uizJGtq44IqiXJVg3jioYwO9mcydCydM74APxe4Qhl_fc6I9du_0cA==
expires: Thu, 27 Oct 2022 15:53:38 GMT

GET
H3 200 api.js Show response
www.google.com/recaptcha/ 852 B
575 B 57ms
28ms Script
text/javascript 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js?hl=en&render=explicit

Requested by

Host: threatpost.com
URL: https://threatpost.com/google-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch/179103/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

8fb4a4f4521a94032afdb851a8612f898a1e8a40705d06df03ddfa932d3ca274

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:23:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
content-security-policy: frame-ancestors 'self'
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 554
x-xss-protection: 1; mode=block
expires: Mon, 04 Apr 2022 15:23:26 GMT

GET
H/1.1 200
OK scripts.js Show response
kasperskycontenthub.com/threatpost-global/wp-content/plugins/kaspersky-embeds/js/ 2 KB
1 KB 329ms
105ms Script
application/x-javascript 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://kasperskycontenthub.com/threatpost-global/wp-content/plugins/kaspersky-embeds/js/scripts.js?ver=1.0
Requested by: Host: threatpost.com
URL: https://threatpost.com/google-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch/179103/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: b1f863d13dbad7d5240f577a73b47b06227d218909259042da95301e2eb8be55

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: public
Date: Mon, 04 Apr 2022 15:23:27 GMT
Content-Encoding: gzip
Last-Modified: Mon, 04 Apr 2022 09:15:25 GMT
Server: nginx
ETag: W/"624ab72d-828"
Transfer-Encoding: chunked
Content-Type: application/x-javascript
Cache-Control: max-age=604800, public
Connection: close
Expires: Mon, 11 Apr 2022 15:23:27 GMT

GET
H2 200 api.js Show response
www.google.com/recaptcha/ 852 B
970 B 78ms
31ms Script
text/javascript 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js?render=explicit&ver=202124050927

Requested by

Host: threatpost.com
URL: https://threatpost.com/google-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch/179103/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

68cc26362c0cc4baa161311ed8f92a440624b120f844cecef402a4c7f94bf39d

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:23:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
content-security-policy: frame-ancestors 'self'
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 557
x-xss-protection: 1; mode=block
expires: Mon, 04 Apr 2022 15:23:26 GMT

GET
H/1.1 200
OK main.js Show response
threatpost.com/wp-content/plugins/kaspersky-gravity-forms-dynamic-recaptcha/assets/js/ 3 KB
1 KB 308ms
105ms Script
application/x-javascript 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/plugins/kaspersky-gravity-forms-dynamic-recaptcha/assets/js/main.js?ver=202124050927
Requested by: Host: threatpost.com
URL: https://threatpost.com/google-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch/179103/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 4d52f37b83f70c5035632548c652508d793eec55e17f2ac19552f4fa19d323be

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/google-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch/179103/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: public
Date: Mon, 04 Apr 2022 15:23:27 GMT
Content-Encoding: gzip
Last-Modified: Mon, 04 Apr 2022 09:15:25 GMT
Server: nginx
ETag: W/"624ab72d-ab4"
Transfer-Encoding: chunked
Content-Type: application/x-javascript
Cache-Control: max-age=604800, public
Connection: close
Expires: Mon, 11 Apr 2022 15:23:27 GMT

GET
H2 200 s_code_single_suite.js Show response
media.kaspersky.com/tracking/omniture/ 172 KB
48 KB 221ms
25ms Script
application/javascript 185.85.15.31
KL-EXT

General

Check archive.org

Show headers Download Go to

Full URL

https://media.kaspersky.com/tracking/omniture/s_code_single_suite.js?ver=5.9.2

Requested by

Host: threatpost.com
URL: https://threatpost.com/google-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch/179103/

Protocol

Security

TLS 1.3, , CHACHA20_POLY1305

Server

185.85.15.31 , Germany, ASN200107 (KL-EXT, CH),

Reverse DNS

Software

/ Kaspersky Labs, Kaspersky Labs

Resource Hash

9e89048f0456e3b02cedb7cf76410b3576a32bad0f1cc024640f01e1339b3a71

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
etag: "8044e984f147d81:0"
x-powered-by: Kaspersky Labs, Kaspersky Labs
alt-svc: h3=":443"; ma=86400
content-length: 49271
x-xss-protection: 1; mode=block
last-modified: Mon, 04 Apr 2022 06:59:25 GMT
server
x-frame-options: SAMEORIGIN
date: Mon, 04 Apr 2022 15:23:26 GMT
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=3600
x-server: fr2/FRA3
accept-ranges: bytes
x-content-type-options: nosniff

GET
H/1.1 200
OK main.js Show response
threatpost.com/wp-content/themes/threatpost-2018/assets/js/ 114 KB
40 KB 415ms
206ms Script
application/x-javascript 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/js/main.js?ver=202107061113
Requested by: Host: threatpost.com
URL: https://threatpost.com/google-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch/179103/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 4e0b5563ff1fc5175d65e11e1546bee1945486d65d76c9248bdd77487532dadf

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/google-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch/179103/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: public
Date: Mon, 04 Apr 2022 15:23:27 GMT
Content-Encoding: gzip
Last-Modified: Mon, 04 Apr 2022 09:15:26 GMT
Server: nginx
ETag: W/"624ab72e-1c643"
Transfer-Encoding: chunked
Content-Type: application/x-javascript
Cache-Control: max-age=604800, public
Connection: close
Expires: Mon, 11 Apr 2022 15:23:27 GMT

GET
H/1.1 200
OK regenerator-runtime.min.js Show response
threatpost.com/wp-includes/js/dist/vendor/ 6 KB
3 KB 315ms
103ms Script
application/x-javascript 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.13.9
Requested by: Host: threatpost.com
URL: https://threatpost.com/google-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch/179103/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: a3e64300797e8078baa41dbc49e2affc1d2bedd04a470f0c929ed7fac698fbcd

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/google-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch/179103/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: public
Date: Mon, 04 Apr 2022 15:23:27 GMT
Content-Encoding: gzip
Last-Modified: Fri, 11 Mar 2022 00:51:39 GMT
Server: nginx
ETag: W/"622a9d1b-195e"
Transfer-Encoding: chunked
Content-Type: application/x-javascript
Cache-Control: max-age=604800, public
Connection: close
Expires: Mon, 11 Apr 2022 15:23:27 GMT

GET
H/1.1 200
OK wp-polyfill.min.js Show response
threatpost.com/wp-includes/js/dist/vendor/ 19 KB
8 KB 318ms
105ms Script
application/x-javascript 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=3.15.0
Requested by: Host: threatpost.com
URL: https://threatpost.com/google-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch/179103/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: e20ddb9ed1fa044cb624f0253bb06b13c92ed9915063bd63a5806440c6b1ce7c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/google-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch/179103/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: public
Date: Mon, 04 Apr 2022 15:23:27 GMT
Content-Encoding: gzip
Last-Modified: Fri, 11 Mar 2022 00:51:39 GMT
Server: nginx
ETag: W/"622a9d1b-4b3d"
Transfer-Encoding: chunked
Content-Type: application/x-javascript
Cache-Control: max-age=604800, public
Connection: close
Expires: Mon, 11 Apr 2022 15:23:27 GMT

GET
H/1.1 200
OK dom-ready.min.js Show response
threatpost.com/wp-includes/js/dist/ 1 KB
989 B 318ms
105ms Script
application/x-javascript 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-includes/js/dist/dom-ready.min.js?ver=ecda74de0221e1c2ce5c57cbb5af09d5
Requested by: Host: threatpost.com
URL: https://threatpost.com/google-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch/179103/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: e127aead57cd6625f795f8c41d8b7c463c2c50158e3a3dc398424db2b16bd5db

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/google-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch/179103/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: public
Date: Mon, 04 Apr 2022 15:23:27 GMT
Content-Encoding: gzip
Last-Modified: Fri, 11 Mar 2022 00:51:39 GMT
Server: nginx
ETag: W/"622a9d1b-4e9"
Transfer-Encoding: chunked
Content-Type: application/x-javascript
Cache-Control: max-age=604800, public
Connection: close
Expires: Mon, 11 Apr 2022 15:23:27 GMT

GET
H/1.1 200
OK hooks.min.js Show response
threatpost.com/wp-includes/js/dist/ 6 KB
2 KB 317ms
104ms Script
application/x-javascript 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-includes/js/dist/hooks.min.js?ver=1e58c8c5a32b2e97491080c5b10dc71c
Requested by: Host: threatpost.com
URL: https://threatpost.com/google-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch/179103/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: e5935466216a250bb06338805b32ffb19eeda9042ead790ebc6e5dda27820adb

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/google-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch/179103/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: public
Date: Mon, 04 Apr 2022 15:23:27 GMT
Content-Encoding: gzip
Last-Modified: Fri, 11 Mar 2022 00:51:39 GMT
Server: nginx
ETag: W/"622a9d1b-163a"
Transfer-Encoding: chunked
Content-Type: application/x-javascript
Cache-Control: max-age=604800, public
Connection: close
Expires: Mon, 11 Apr 2022 15:23:27 GMT

GET
H/1.1 200
OK i18n.min.js Show response
threatpost.com/wp-includes/js/dist/ 10 KB
4 KB 308ms
104ms Script
application/x-javascript 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-includes/js/dist/i18n.min.js?ver=30fcecb428a0e8383d3776bcdd3a7834
Requested by: Host: threatpost.com
URL: https://threatpost.com/google-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch/179103/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 22c90613db09ef65c964b143e6adbe584b42eae85c9b7a75fa27c22b25cccb90

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/google-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch/179103/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: public
Date: Mon, 04 Apr 2022 15:23:27 GMT
Content-Encoding: gzip
Last-Modified: Fri, 11 Mar 2022 00:51:39 GMT
Server: nginx
ETag: W/"622a9d1b-28a7"
Transfer-Encoding: chunked
Content-Type: application/x-javascript
Cache-Control: max-age=604800, public
Connection: close
Expires: Mon, 11 Apr 2022 15:23:27 GMT

GET
H/1.1 200
OK a11y.min.js Show response
threatpost.com/wp-includes/js/dist/ 3 KB
2 KB 305ms
103ms Script
application/x-javascript 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-includes/js/dist/a11y.min.js?ver=68e470cf840f69530e9db3be229ad4b6
Requested by: Host: threatpost.com
URL: https://threatpost.com/google-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch/179103/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 927e16d837ac9f46ddb4a64c8fea1cbe39343902c91b14e11b484e9b01f98cdd

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/google-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch/179103/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: public
Date: Mon, 04 Apr 2022 15:23:27 GMT
Content-Encoding: gzip
Last-Modified: Fri, 11 Mar 2022 00:51:39 GMT
Server: nginx
ETag: W/"622a9d1b-bfd"
Transfer-Encoding: chunked
Content-Type: application/x-javascript
Cache-Control: max-age=604800, public
Connection: close
Expires: Mon, 11 Apr 2022 15:23:27 GMT

GET
H/1.1 200
OK jquery.json.min.js Show response
threatpost.com/wp-content/plugins/gravityforms/js/ 2 KB
1 KB 307ms
103ms Script
application/x-javascript 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/plugins/gravityforms/js/jquery.json.min.js?ver=2.5.16.3
Requested by: Host: threatpost.com
URL: https://threatpost.com/google-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch/179103/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 693c8b61667ac94847264924178702a190c5113b41b82085dad0641f89e3f864

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/google-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch/179103/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: public
Date: Mon, 04 Apr 2022 15:23:27 GMT
Content-Encoding: gzip
Last-Modified: Mon, 04 Apr 2022 09:15:25 GMT
Server: nginx
ETag: W/"624ab72d-730"
Transfer-Encoding: chunked
Content-Type: application/x-javascript
Cache-Control: max-age=604800, public
Connection: close
Expires: Mon, 11 Apr 2022 15:23:27 GMT

GET
H/1.1 200
OK gravityforms.min.js Show response
threatpost.com/wp-content/plugins/gravityforms/js/ 43 KB
15 KB 407ms
201ms Script
application/x-javascript 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/plugins/gravityforms/js/gravityforms.min.js?ver=2.5.16.3
Requested by: Host: threatpost.com
URL: https://threatpost.com/google-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch/179103/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 69f0ade8cca67112ef495f707fb73c68fd5099a6cd9c51d9ba9ceda8dcca16f7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/google-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch/179103/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: public
Date: Mon, 04 Apr 2022 15:23:27 GMT
Content-Encoding: gzip
Last-Modified: Mon, 04 Apr 2022 09:15:25 GMT
Server: nginx
ETag: W/"624ab72d-abe0"
Transfer-Encoding: chunked
Content-Type: application/x-javascript
Cache-Control: max-age=604800, public
Connection: close
Expires: Mon, 11 Apr 2022 15:23:27 GMT

GET
H/1.1 200
OK conditional_logic.min.js Show response
threatpost.com/wp-content/plugins/gravityforms/js/ 8 KB
3 KB 311ms
106ms Script
application/x-javascript 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/plugins/gravityforms/js/conditional_logic.min.js?ver=2.5.16.3
Requested by: Host: threatpost.com
URL: https://threatpost.com/google-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch/179103/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 7104f88840a420f1702717d900db98910deb6141ad639bb7338b88993e989c72

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/google-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch/179103/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: public
Date: Mon, 04 Apr 2022 15:23:27 GMT
Content-Encoding: gzip
Last-Modified: Mon, 04 Apr 2022 09:15:27 GMT
Server: nginx
ETag: W/"624ab72f-213f"
Transfer-Encoding: chunked
Content-Type: application/x-javascript
Cache-Control: max-age=604800, public
Connection: close
Expires: Mon, 11 Apr 2022 15:23:27 GMT

GET
H/1.1 200
OK placeholders.jquery.min.js Show response
threatpost.com/wp-content/plugins/gravityforms/js/ 5 KB
2 KB 308ms
104ms Script
application/x-javascript 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/plugins/gravityforms/js/placeholders.jquery.min.js?ver=2.5.16.3
Requested by: Host: threatpost.com
URL: https://threatpost.com/google-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch/179103/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: d62a7b7ec5313469ebff5c006b9068dc44d6d1c122cf787ffa29a10113b34060

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/google-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch/179103/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: public
Date: Mon, 04 Apr 2022 15:23:27 GMT
Content-Encoding: gzip
Last-Modified: Mon, 04 Apr 2022 09:15:25 GMT
Server: nginx
ETag: W/"624ab72d-121f"
Transfer-Encoding: chunked
Content-Type: application/x-javascript
Cache-Control: max-age=604800, public
Connection: close
Expires: Mon, 11 Apr 2022 15:23:27 GMT

GET
H2 200 apstag.js Show response
c.amazon-adsystem.com/aax2/ 134 KB
36 KB 98ms
21ms Script
application/javascript 65.9.62.173
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/aax2/apstag.js
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/engine.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.62.173 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-62-173.fra56.r.cloudfront.net
Software: Server /
Resource Hash: 3ef5bfd224e0baa902eb88c94979cfaeccf2169a996c601fa3de4c3f3b33da01

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

x-amz-version-id: cDw9qPFdR3WLu_gch_nIk4UAdfcPuNG7
content-encoding: gzip
etag: 4e3fad24a118a07cea7ce88b2721a583
age: 404
x-cache: Hit from cloudfront
server: Server
x-amz-rid: 0JAZY1G2PMWM7N31EPWK
date: Mon, 04 Apr 2022 15:16:44 GMT
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 cc763905c39a59494c951c09271b0422.cloudfront.net (CloudFront)
cache-control: public, max-age=900
x-amz-cf-pop: FRA56-C1
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: unO0jdwdU71l1VTrmEeQNQeSgsrX8ixflmP-i8t8pXIGQ_YxUaw_Kg==

GET
H2

200

connatix.player.dc.js Show response
cds.connatix.com/p/157383/ Frame FAC5
Redirect Chain

https://cd.connatix.com/connatix.player.js
https://cds.connatix.com/p/157383/connatix.player.dc.js

859 KB
200 KB

39ms
17ms

Script
application/javascript

151.101.2.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cds.connatix.com/p/157383/connatix.player.dc.js
Requested by: Host: threatpost.com
URL: https://threatpost.com/google-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch/179103/
Protocol: H2
Server: 151.101.2.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: b1ed25b06e9dc8a8fdf322a31ec753509f7f53a97907cb5048444d0c25361820

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:23:26 GMT
content-encoding: br
last-modified: Mon, 04 Apr 2022 13:23:09 GMT
age: 5693
etag: "ff75549e21d9f300a4fea22cf7adbe23"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges: bytes
content-length: 204822

Redirect headers

location: https://cds.connatix.com/p/157383/connatix.player.dc.js
date: Mon, 04 Apr 2022 15:23:26 GMT
cache-control: no-cache, no-store, must-revalidate, max-age=0
accept-ranges: bytes
content-length: 0
access-control-max-age: 86400

GET
H2 200 hls.5b3b785f487abbe00eee.js
cds.connatix.com/p/157383/ Frame FAC5 0
47 KB 17ms
17ms Other
application/javascript 151.101.2.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cds.connatix.com/p/157383/hls.5b3b785f487abbe00eee.js
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.2.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:23:26 GMT
content-encoding: br
last-modified: Mon, 04 Apr 2022 13:23:10 GMT
age: 5692
etag: "182f65d040bfb9544bd8f71472475672"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges: bytes
content-length: 48258

GET
H/1.1 200
OK / Show response
kasperskycontenthub.com/ 0
398 B 304ms
102ms Script
application/javascript 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://kasperskycontenthub.com/?dm=ed1f9e435dc885292eab65620c51f3fb&action=load&blogid=103&siteid=1&t=349562136&back=https%3A%2F%2Fthreatpost.com%2Fgoogle-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch%2F179103%2F

Requested by

Host: threatpost.com
URL: https://threatpost.com/google-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch/179103/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-35-173-160-135.compute-1.amazonaws.com

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date: Mon, 04 Apr 2022 15:23:27 GMT
X-Content-Type-Options: nosniff
Server: nginx
X-Frame-Options: SAMEORIGIN
Connection: close
Content-Type: application/javascript
x-cache-hit: HIT
Transfer-Encoding: chunked
X-Debug-Auth: off
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Request-Host: kasperskycontenthub.com
X-XSS-Protection: 1; mode=block

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 182 KB
61 KB 93ms
41ms Script
application/javascript 2a00:1450:4001:82f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-PM29HLF

Requested by

Host: threatpost.com
URL: https://threatpost.com/google-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch/179103/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

83acf5a563525cb07d2525242b01c943cfdf33e88bbc07a822260a01107c130a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:23:27 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 61809
x-xss-protection: 0
last-modified: Mon, 04 Apr 2022 15:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 04 Apr 2022 15:23:27 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 503 KB
117 KB 77ms
71ms Script
application/javascript 2a00:1450:4001:82f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-WZ7LJ3

Requested by

Host: threatpost.com
URL: https://threatpost.com/google-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch/179103/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

029dfc35f37b961c2f49e3d1165c656f92dab5c52721891257f99ad67a69fd6e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:23:27 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 119629
x-xss-protection: 0
last-modified: Mon, 04 Apr 2022 15:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 04 Apr 2022 15:23:27 GMT

GET
H/1.1 200
OK icons.svg
threatpost.com/wp-content/themes/threatpost-2018//assets/sprite/ 13 KB
13 KB 310ms
104ms Other
image/svg+xml 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018//assets/sprite/icons.svg
Requested by: Host: threatpost.com
URL: https://threatpost.com/google-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch/179103/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 97f5070aadd9475bb56a49a7bc1114e9fe1b992b55f2b227502f35f8bba71d74

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/google-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch/179103/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date: Mon, 04 Apr 2022 15:23:27 GMT
Last-Modified: Mon, 04 Apr 2022 09:15:25 GMT
Server: nginx
ETag: "624ab72d-328e"
Content-Type: image/svg+xml
Access-Control-Allow-Origin: *
Connection: close
Accept-Ranges: bytes
Content-Length: 12942

GET
H/1.1 200
OK icons.svg
threatpost.com/wp-content/themes/threatpost-2018/assets/sprite/ 13 KB
13 KB 307ms
104ms Other
image/svg+xml 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/sprite/icons.svg
Requested by: Host: threatpost.com
URL: https://threatpost.com/google-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch/179103/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 97f5070aadd9475bb56a49a7bc1114e9fe1b992b55f2b227502f35f8bba71d74

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/google-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch/179103/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date: Mon, 04 Apr 2022 15:23:27 GMT
Last-Modified: Mon, 04 Apr 2022 09:15:26 GMT
Server: nginx
ETag: "624ab72e-328e"
Content-Type: image/svg+xml
Access-Control-Allow-Origin: *
Connection: close
Accept-Ranges: bytes
Content-Length: 12942

GET
H2 200 logo.png
assets.threatpost.com/wp-content/themes/threatpost-2018/assets/images/ 19 KB
19 KB 378ms
377ms Image
image/png 2600:9000:2057:1200:2:9275:3d40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.threatpost.com/wp-content/themes/threatpost-2018/assets/images/logo.png
Requested by: Host: assets.threatpost.com
URL: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=1d62b9db
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2057:1200:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 39af7c1116fb967a330e8770f775e6b5ee871add01ed45c98a1634911cebfb0a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=1d62b9db
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: public
date: Mon, 04 Apr 2022 15:23:27 GMT
via: 1.1 49140b838a62cd29e30f20e39a82dad0.cloudfront.net (CloudFront)
last-modified: Mon, 04 Apr 2022 09:15:25 GMT
server: nginx
x-amz-cf-pop: FRA6-C1
etag: "624ab72d-4a32"
x-cache: Miss from cloudfront
content-type: image/png
cache-control: max-age=604800, public
accept-ranges: bytes
content-length: 18994
x-amz-cf-id: YAaQqsPwZvyCZOpwzynnAwATYoHSKGxoSitcWWK3ZyQ3AGlhs3wjDg==
expires: Mon, 11 Apr 2022 15:23:27 GMT

GET
H2 200 museosans-700-webfont.woff2
assets.threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 20 KB
21 KB 455ms
413ms Font
font/woff2 2600:9000:2057:1200:2:9275:3d40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-700-webfont.woff2
Requested by: Host: assets.threatpost.com
URL: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=1d62b9db
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2057:1200:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: ae00ae9c862bc8b8923efd1d9a18befa912678a869d4dd01179a59ed3de731be

Request headers

Referer: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=1d62b9db
Origin: https://threatpost.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:23:27 GMT
via: 1.1 f0a97a8c56cd2bb79a1739863489ed4c.cloudfront.net (CloudFront)
last-modified: Mon, 04 Apr 2022 09:15:25 GMT
server: nginx
x-amz-cf-pop: FRA6-C1
etag: "624ab72d-51a4"
x-cache: Miss from cloudfront
content-type: font/woff2
access-control-allow-origin: *
accept-ranges: bytes
content-length: 20900
x-amz-cf-id: JZYOXs1suG0WkxBIxP5y3C5WAUzSebJw_izCYlgwzmJt1nAa4xXKig==

GET
H2 200 museosans-100-webfont.woff2
assets.threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 20 KB
21 KB 443ms
401ms Font
font/woff2 2600:9000:2057:1200:2:9275:3d40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-100-webfont.woff2
Requested by: Host: assets.threatpost.com
URL: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=1d62b9db
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2057:1200:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 06fc565587b8b700936a1677218cb269a6cc31ca5f701eb45461e86a3d54d5c7

Request headers

Referer: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=1d62b9db
Origin: https://threatpost.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:23:27 GMT
via: 1.1 f0a97a8c56cd2bb79a1739863489ed4c.cloudfront.net (CloudFront)
last-modified: Mon, 04 Apr 2022 09:15:26 GMT
server: nginx
x-amz-cf-pop: FRA6-C1
etag: "624ab72e-50c8"
x-cache: Miss from cloudfront
content-type: font/woff2
access-control-allow-origin: *
accept-ranges: bytes
content-length: 20680
x-amz-cf-id: fd1mlsJYGaQ_whNdtOc38MbK8pn71uerQa1HK24DwWkme43cItX7EA==

GET
H2 200 museosans-300-webfont.woff2
assets.threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 20 KB
21 KB 428ms
387ms Font
font/woff2 2600:9000:2057:1200:2:9275:3d40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-300-webfont.woff2
Requested by: Host: assets.threatpost.com
URL: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=1d62b9db
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2057:1200:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 45ddc09b0ad6ab916bd9a0282070b161045e186fc025303f4aa1aa821fc45ac7

Request headers

Referer: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=1d62b9db
Origin: https://threatpost.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:23:27 GMT
via: 1.1 f0a97a8c56cd2bb79a1739863489ed4c.cloudfront.net (CloudFront)
last-modified: Mon, 04 Apr 2022 09:15:25 GMT
server: nginx
x-amz-cf-pop: FRA6-C1
etag: "624ab72d-51b8"
x-cache: Miss from cloudfront
content-type: font/woff2
access-control-allow-origin: *
accept-ranges: bytes
content-length: 20920
x-amz-cf-id: x0rx5S1XM-b6NoEqdIoZbMtzK8qCLVAIj30FeJJ7Ny5XfN64eqj9hQ==

GET
H2 200 museosans-500-webfont.woff2
assets.threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 20 KB
21 KB 415ms
407ms Font
font/woff2 2600:9000:2057:1200:2:9275:3d40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-500-webfont.woff2
Requested by: Host: assets.threatpost.com
URL: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=1d62b9db
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2057:1200:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 2de77164bb9924542e1dea4ee4a0ff27d40b51a3d7939dac7db11a95045c9b7d

Request headers

Referer: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=1d62b9db
Origin: https://threatpost.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:23:27 GMT
via: 1.1 f0a97a8c56cd2bb79a1739863489ed4c.cloudfront.net (CloudFront)
last-modified: Mon, 04 Apr 2022 09:15:26 GMT
server: nginx
x-amz-cf-pop: FRA6-C1
etag: "624ab72e-5194"
x-cache: Miss from cloudfront
content-type: font/woff2
access-control-allow-origin: *
accept-ranges: bytes
content-length: 20884
x-amz-cf-id: waCzepa0YX-0xvXhO0mkYm1JRyuNgu9wCQ_Qz7MgbhN1MVtkIdCMiA==

GET
H2 200 Liz-Montalbano-headshot.jpg
media.threatpost.com/wp-content/uploads/sites/103/2021/05/05095657/ 77 KB
78 KB 61ms
21ms Image
image/jpeg 2600:9000:21f3:da00:0:5c46:4f40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.threatpost.com/wp-content/uploads/sites/103/2021/05/05095657/Liz-Montalbano-headshot.jpg
Requested by: Host: threatpost.com
URL: https://threatpost.com/google-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch/179103/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21f3:da00:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 369c67a5afb2ffa25d4480b3781a938e7fe7c5633f89d36570e2c1cc23c49eff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 18 Feb 2022 10:59:52 GMT
via: 1.1 5721f7035c3fc934bd3f96dbb04ba1e4.cloudfront.net (CloudFront), 1.1 56fad5a50ef67bd961b9722ed0931838.cloudfront.net (CloudFront)
last-modified: Tue, 11 May 2021 15:45:08 GMT
server: AmazonS3
age: 3903815
etag: "09775ac22fdd614b1588724aaef06c61"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000
x-amz-cf-pop: FRA50-C1, FRA2-C2
accept-ranges: bytes
content-length: 78876
x-amz-cf-id: t1GsmvXw0pRbl7u6M_ZW8c10fj2igDPgIth4IxwEze5vpLzA6vV_dg==
expires: Wed, 11 May 2022 15:45:07 GMT

GET
H2 200 museosans-700italic-webfont.woff2
assets.threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 15 KB
16 KB 374ms
374ms Font
font/woff2 2600:9000:2057:1200:2:9275:3d40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-700italic-webfont.woff2
Requested by: Host: assets.threatpost.com
URL: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=1d62b9db
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2057:1200:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 859faa9b9ed0990288b2f393a102b1fe2668ac79088b113b6f0beaee521221eb

Request headers

Referer: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=1d62b9db
Origin: https://threatpost.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:23:27 GMT
via: 1.1 f0a97a8c56cd2bb79a1739863489ed4c.cloudfront.net (CloudFront)
last-modified: Mon, 04 Apr 2022 09:15:28 GMT
server: nginx
x-amz-cf-pop: FRA6-C1
etag: "624ab730-3dcc"
x-cache: Miss from cloudfront
content-type: font/woff2
access-control-allow-origin: *
accept-ranges: bytes
content-length: 15820
x-amz-cf-id: 87V5Gzy_PBZsEHwI9WaCEgOpJKKeS4_fMZNG9DlPDuD0OpBykcPTiQ==

GET
H2 200 museosans-300italic-webfont.woff2
assets.threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 23 KB
23 KB 403ms
401ms Font
font/woff2 2600:9000:2057:1200:2:9275:3d40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-300italic-webfont.woff2
Requested by: Host: assets.threatpost.com
URL: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=1d62b9db
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2057:1200:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: f8a2b5b62eb722c3379b30cf0cc58d3176ee6be48036d6ad2aa838d2029c4189

Request headers

Referer: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=1d62b9db
Origin: https://threatpost.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:23:27 GMT
via: 1.1 f0a97a8c56cd2bb79a1739863489ed4c.cloudfront.net (CloudFront)
last-modified: Mon, 04 Apr 2022 09:15:25 GMT
server: nginx
x-amz-cf-pop: FRA6-C1
etag: "624ab72d-5bac"
x-cache: Miss from cloudfront
content-type: font/woff2
access-control-allow-origin: *
accept-ranges: bytes
content-length: 23468
x-amz-cf-id: zeCHWY29oIxLfEtH8p-qwyXNqohLz7uSyYzfvmXK7-pTkwppkvidmw==

GET
H2 200 Russia-Ukraine-540x270.jpeg
media.threatpost.com/wp-content/uploads/sites/103/2022/02/24192129/ 32 KB
32 KB 25ms
19ms Image
image/jpeg 2600:9000:21f3:da00:0:5c46:4f40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.threatpost.com/wp-content/uploads/sites/103/2022/02/24192129/Russia-Ukraine-540x270.jpeg
Requested by: Host: threatpost.com
URL: https://threatpost.com/google-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch/179103/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21f3:da00:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: d40a2cf12ea21acda522d8dc8ab7129f169a6d23ff557b10ac40bb865fea0fd7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Thu, 31 Mar 2022 18:09:41 GMT
via: 1.1 436c247027acc191b22ece964efbaeca.cloudfront.net (CloudFront), 1.1 56fad5a50ef67bd961b9722ed0931838.cloudfront.net (CloudFront)
last-modified: Fri, 25 Feb 2022 00:21:45 GMT
server: AmazonS3
age: 335626
etag: "2c8a74996aaa8029c779c1037e338339"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000
x-amz-cf-pop: FRA50-C1, FRA2-C2
accept-ranges: bytes
content-length: 32625
x-amz-cf-id: EVN9r2MeRUcUjzVrV4K2ZFEVaJGb3AX9t1PtBUf_3yEyL1tH4r-dTQ==
expires: Sat, 25 Feb 2023 00:21:44 GMT

GET
H2 200 2020-honda-civic-1024x516-1-540x270.png
media.threatpost.com/wp-content/uploads/sites/103/2022/03/31104615/ 244 KB
245 KB 25ms
20ms Image
image/png 2600:9000:21f3:da00:0:5c46:4f40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.threatpost.com/wp-content/uploads/sites/103/2022/03/31104615/2020-honda-civic-1024x516-1-540x270.png
Requested by: Host: threatpost.com
URL: https://threatpost.com/google-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch/179103/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21f3:da00:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: bfb48a9884ea1ce7b47da60b4a99b5a8eec9d1007be88eb938c0c62198fef1e8

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Thu, 31 Mar 2022 14:51:46 GMT
via: 1.1 9eb0e845437929074828e0cf53f179ae.cloudfront.net (CloudFront), 1.1 56fad5a50ef67bd961b9722ed0931838.cloudfront.net (CloudFront)
last-modified: Thu, 31 Mar 2022 14:46:22 GMT
server: AmazonS3
age: 347501
etag: "2f43a6a96f7e45383e58d68a26497b49"
x-cache: Hit from cloudfront
content-type: image/png
cache-control: max-age=31536000
x-amz-cf-pop: FRA50-C1, FRA2-C2
accept-ranges: bytes
content-length: 249767
x-amz-cf-id: 5gizsnfopj3fnln2XEo5onJa8qeM-CgRm3kFpsNmtRgvK_eN5X_y6A==
expires: Fri, 31 Mar 2023 14:46:21 GMT

GET
H2 200 14_kaspersky_secure_futures_magazine_composable_infrastructure-64x64.jpg
media.threatpost.com/wp-content/uploads/sites/103/2022/03/01154703/ 2 KB
3 KB 49ms
20ms Image
image/jpeg 2600:9000:21f3:da00:0:5c46:4f40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.threatpost.com/wp-content/uploads/sites/103/2022/03/01154703/14_kaspersky_secure_futures_magazine_composable_infrastructure-64x64.jpg
Requested by: Host: threatpost.com
URL: https://threatpost.com/google-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch/179103/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21f3:da00:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 7e75ade51afcae47ec8dedc46bd50962ebb58b46638a69951f1f494c5052fe14

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 08 Mar 2022 15:57:05 GMT
via: 1.1 57d93b321db68494cc6755a0d3fb29cc.cloudfront.net (CloudFront), 1.1 56fad5a50ef67bd961b9722ed0931838.cloudfront.net (CloudFront)
last-modified: Tue, 01 Mar 2022 20:47:09 GMT
server: AmazonS3
age: 2330782
etag: "502f5a6c66ba05c0831f656eb6cc29dd"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000
x-amz-cf-pop: FRA2-C2, FRA2-C2
accept-ranges: bytes
content-length: 2476
x-amz-cf-id: -B3dDqknxFLb82pb24ydiq1b2U7xbiOWH609fxZhvZg9iL6JSi52qw==
expires: Wed, 01 Mar 2023 20:47:08 GMT

GET
H2 200 checklist2-64x64.jpg
media.threatpost.com/wp-content/uploads/sites/103/2021/10/19100940/ 2 KB
3 KB 50ms
21ms Image
image/jpeg 2600:9000:21f3:da00:0:5c46:4f40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.threatpost.com/wp-content/uploads/sites/103/2021/10/19100940/checklist2-64x64.jpg
Requested by: Host: threatpost.com
URL: https://threatpost.com/google-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch/179103/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21f3:da00:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 7fd9983a3429d6ead1f66bf933770f9b790818b189e39ff0f2a0d3f590bbf67b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Thu, 24 Mar 2022 01:39:48 GMT
via: 1.1 93b8205e2f07a7099af2e6fd126d9658.cloudfront.net (CloudFront), 1.1 56fad5a50ef67bd961b9722ed0931838.cloudfront.net (CloudFront)
last-modified: Tue, 19 Oct 2021 14:09:44 GMT
server: AmazonS3
age: 999818
etag: "14bf40c9dffffaec5cd1337f170dac93"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000
x-amz-cf-pop: FRA56-P2, FRA2-C2
accept-ranges: bytes
content-length: 2112
x-amz-cf-id: RVVPN4ugvnkI-r18c97av2uOYtQPP7ClptyOsBVYHlf5mt5Q7_OXaQ==
expires: Wed, 19 Oct 2022 14:09:43 GMT

GET
H2 200 5-Steps-For-Securing-Your-Remote-Work-Space-e1645021300212-64x64.jpg
media.threatpost.com/wp-content/uploads/sites/103/2021/09/09141032/ 2 KB
2 KB 50ms
21ms Image
image/jpeg 2600:9000:21f3:da00:0:5c46:4f40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.threatpost.com/wp-content/uploads/sites/103/2021/09/09141032/5-Steps-For-Securing-Your-Remote-Work-Space-e1645021300212-64x64.jpg
Requested by: Host: threatpost.com
URL: https://threatpost.com/google-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch/179103/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21f3:da00:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 1f3d8b57f69b73694c38ba6bbf8ddc46c8a5e52db401795fa8ab80643e14236d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 21:12:50 GMT
via: 1.1 666eddda46892ed48d8d771b6142ac24.cloudfront.net (CloudFront), 1.1 56fad5a50ef67bd961b9722ed0931838.cloudfront.net (CloudFront)
last-modified: Wed, 16 Feb 2022 14:21:42 GMT
server: AmazonS3
age: 3348637
etag: "8d2fd78b5abc332b1098cc4de81608b9"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000
x-amz-cf-pop: FRA56-P2, FRA2-C2
accept-ranges: bytes
content-length: 1940
x-amz-cf-id: XVlD19D9egKK0mEUxTb5nJRSwcKgteO3-QY2tYD7F8a3MWVRRqoCaQ==
expires: Thu, 16 Feb 2023 14:21:40 GMT

GET
H2 200 nuclear-bomb-explosion-1478796377Hhl-64x64.jpeg
media.threatpost.com/wp-content/uploads/sites/103/2021/09/29112739/ 2 KB
3 KB 49ms
20ms Image
image/jpeg 2600:9000:21f3:da00:0:5c46:4f40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.threatpost.com/wp-content/uploads/sites/103/2021/09/29112739/nuclear-bomb-explosion-1478796377Hhl-64x64.jpeg
Requested by: Host: threatpost.com
URL: https://threatpost.com/google-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch/179103/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21f3:da00:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 6c8e343da3b15a6a26e0367b83d1c97813863ea6e6a905bd9e69870bb0a0ebd0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Wed, 09 Feb 2022 21:08:04 GMT
via: 1.1 9c7c26f5beeb09381cea450ea3581b36.cloudfront.net (CloudFront), 1.1 56fad5a50ef67bd961b9722ed0931838.cloudfront.net (CloudFront)
last-modified: Wed, 29 Sep 2021 15:27:43 GMT
server: AmazonS3
age: 4644923
etag: "6d0d1a22dbbe088376115135bb5be675"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000
x-amz-cf-pop: FRA50-C1, FRA2-C2
accept-ranges: bytes
content-length: 2337
x-amz-cf-id: _O8zah5UZcaJZEXNWuOGeId_LvgJzl8C1pwA6A2wD4zOrVppkOEhuQ==
expires: Thu, 29 Sep 2022 15:27:42 GMT

GET
H2 200 mail-plane-light.svg
assets.threatpost.com/wp-content/themes/threatpost-2018/assets/images/ 828 B
1 KB 289ms
288ms Image
image/svg+xml 2600:9000:2057:1200:2:9275:3d40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.threatpost.com/wp-content/themes/threatpost-2018/assets/images/mail-plane-light.svg
Requested by: Host: assets.threatpost.com
URL: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=1d62b9db
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2057:1200:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 5a7ed822968963e31d88424c96387ad9f4fd4f4b5a5b581a33f65e3784d162cf

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=1d62b9db
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:23:27 GMT
via: 1.1 49140b838a62cd29e30f20e39a82dad0.cloudfront.net (CloudFront)
last-modified: Mon, 04 Apr 2022 09:15:26 GMT
server: nginx
x-amz-cf-pop: FRA6-C1
etag: "624ab72e-33c"
x-cache: Miss from cloudfront
content-type: image/svg+xml
access-control-allow-origin: *
accept-ranges: bytes
content-length: 828
x-amz-cf-id: UGyzFHxDsfr5IW1_JYp4T7isE1quBDI3f1IcsQIdqnLtzaaggKLSzA==

GET
H2 200 twitter-blue.svg
assets.threatpost.com/wp-content/themes/threatpost-2018/assets/images/ 868 B
1 KB 289ms
289ms Image
image/svg+xml 2600:9000:2057:1200:2:9275:3d40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.threatpost.com/wp-content/themes/threatpost-2018/assets/images/twitter-blue.svg
Requested by: Host: assets.threatpost.com
URL: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=1d62b9db
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2057:1200:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 420508fc523520f35de5c851905543294123d7676b5a5668744691f2abe9e730

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=1d62b9db
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:23:27 GMT
via: 1.1 49140b838a62cd29e30f20e39a82dad0.cloudfront.net (CloudFront)
last-modified: Mon, 04 Apr 2022 09:15:25 GMT
server: nginx
x-amz-cf-pop: FRA6-C1
etag: "624ab72d-364"
x-cache: Miss from cloudfront
content-type: image/svg+xml
access-control-allow-origin: *
accept-ranges: bytes
content-length: 868
x-amz-cf-id: 9Lj39nIThgDQoNR0Iwf6iZSqOeH35JrIp-fGN9uNFTT92afXA68Y9A==

GET
H2 200 player.css
cds.connatix.com/p/157383/ 56 KB
8 KB 23ms
23ms Stylesheet
text/css 151.101.2.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cds.connatix.com/p/157383/player.css
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.2.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: bdfd60b477fc3a53026309cc91965dae061323c4a99562dabdd08831147528b2

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:23:26 GMT
content-encoding: br
last-modified: Mon, 04 Apr 2022 13:23:10 GMT
age: 5693
etag: "379e0d01d797a7cf7455b95630ef6907"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges: bytes
content-length: 8612

GET
H2 200 mail-plane-large-dark.svg
assets.threatpost.com/wp-content/themes/threatpost-2018/assets/images/ 812 B
1 KB 290ms
289ms Image
image/svg+xml 2600:9000:2057:1200:2:9275:3d40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.threatpost.com/wp-content/themes/threatpost-2018/assets/images/mail-plane-large-dark.svg
Requested by: Host: assets.threatpost.com
URL: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=1d62b9db
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2057:1200:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: a9d2b2df99c1a115d5394c70a898d8801092208dc582f8bd6fb01b35c30d6b22

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=1d62b9db
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:23:27 GMT
via: 1.1 49140b838a62cd29e30f20e39a82dad0.cloudfront.net (CloudFront)
last-modified: Mon, 04 Apr 2022 09:15:25 GMT
server: nginx
x-amz-cf-pop: FRA6-C1
etag: "624ab72d-32c"
x-cache: Miss from cloudfront
content-type: image/svg+xml
access-control-allow-origin: *
accept-ranges: bytes
content-length: 812
x-amz-cf-id: -lMs0Iuhq-kHUwTyJVN7mscIZXF_S1-DeWD1-HubnNOQsPzSYnh3BQ==

GET
H2 200 logo-white.png
assets.threatpost.com/wp-content/themes/threatpost-2018/assets/images/ 10 KB
10 KB 285ms
285ms Image
image/png 2600:9000:2057:1200:2:9275:3d40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.threatpost.com/wp-content/themes/threatpost-2018/assets/images/logo-white.png
Requested by: Host: assets.threatpost.com
URL: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=1d62b9db
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2057:1200:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: e4058d4ee9da1ceaddfa91ddb63650ba67285f1bbfee487d9dfe648bced669a0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=1d62b9db
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: public
date: Mon, 04 Apr 2022 15:23:27 GMT
via: 1.1 49140b838a62cd29e30f20e39a82dad0.cloudfront.net (CloudFront)
last-modified: Mon, 04 Apr 2022 09:15:28 GMT
server: nginx
x-amz-cf-pop: FRA6-C1
etag: "624ab730-260a"
x-cache: Miss from cloudfront
content-type: image/png
cache-control: max-age=604800, public
accept-ranges: bytes
content-length: 9738
x-amz-cf-id: JCMhdVU_U3dh9p52evxUz7itgjVFm6EJfQowBwp6loMy5ZLwvg1low==
expires: Mon, 11 Apr 2022 15:23:27 GMT

GET
H2 200 Log4J_shell_thrpst-e1643986376319-64x64.jpg
media.threatpost.com/wp-content/uploads/sites/103/2021/12/30110920/ 2 KB
3 KB 39ms
22ms Image
image/jpeg 2600:9000:21f3:da00:0:5c46:4f40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.threatpost.com/wp-content/uploads/sites/103/2021/12/30110920/Log4J_shell_thrpst-e1643986376319-64x64.jpg
Requested by: Host: threatpost.com
URL: https://threatpost.com/google-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch/179103/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21f3:da00:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 41f047950d4db7e04d250ebe65613aaaf482546a855d9321d1536ecb8ab6cccf

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 04 Feb 2022 18:59:05 GMT
via: 1.1 e38834cd8f7f79ef118dc9bba0861780.cloudfront.net (CloudFront), 1.1 56fad5a50ef67bd961b9722ed0931838.cloudfront.net (CloudFront)
last-modified: Fri, 04 Feb 2022 14:52:59 GMT
server: AmazonS3
age: 5084662
etag: "8b8e89e4e306930920312db10e2c0dbf"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000
x-amz-cf-pop: FRA50-C1, FRA2-C2
accept-ranges: bytes
content-length: 2455
x-amz-cf-id: RHyxv89PxQ-XZwZJDSH3Gy0COa7iCTmtor4hIb-LB4JKjrAsUokaCA==
expires: Sat, 04 Feb 2023 14:52:57 GMT

GET
H2 200 b-7b120a5-9b871d4e.js Show response
tagan.adlightning.com/math-aids-threatpost/ 73 KB
28 KB 26ms
25ms Script
application/javascript 65.9.66.117
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.117 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-117.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 4658e1122a2190db712f6731d3e8c14b027f0a42bd7c1333b11d272f8e9ea3fd

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Oct 2021 20:58:51 GMT
content-encoding: gzip
age: 15963876
x-cache: Hit from cloudfront
content-length: 28179
x-amz-meta-git_commit: 7b120a5
last-modified: Mon, 16 Aug 2021 17:49:31 GMT
server: AmazonS3
etag: "c42a7ac1ac405f3f0cad04305cad5553"
x-amz-version-id: HCJNSpgvHPkSF2.YDap.Qx6PnxOllH79
via: 1.1 4f114016fe4d6c05531b0486ec2868be.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: FRA56-C1
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: r1nAqfIy6Ap_3kVXQrplzB7oQaN_wrYl2z_wi3Xne_RVqt0_H1yGig==

GET
H2 200 bl-39123b0-71ac0870.js Show response
tagan.adlightning.com/math-aids-threatpost/ 46 KB
19 KB 19ms
18ms Script
application/javascript 65.9.66.117
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/math-aids-threatpost/bl-39123b0-71ac0870.js
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.117 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-117.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: e2835af998d5ef885bfa14a1b1995c7724d5b6a76f545b4a491763bff6f0dac5

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Sat, 02 Apr 2022 00:47:40 GMT
content-encoding: gzip
age: 225347
x-cache: Hit from cloudfront
content-length: 19393
x-amz-meta-git_commit: 39123b0
last-modified: Sat, 02 Apr 2022 00:31:19 GMT
server: AmazonS3
etag: "27a611307893faed4f77b20bc9c527af"
x-amz-version-id: ciXDgJvjDfKJZB9C8XzODN3O2B85Zno7
via: 1.1 4f114016fe4d6c05531b0486ec2868be.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: FRA56-C1
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: IVjhQLwYaA5vFQfURFzbLj0S0MHXQvfDlXLV8qQbUqN7flWB1F4AoQ==

POST
H2 200 pls Show response
capi.connatix.com/core/ Frame FAC5 14 KB
7 KB 205ms
190ms XHR
application/x-protobuf 151.101.2.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://capi.connatix.com/core/pls?v=157383
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.2.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: effb8cfbba4b5f42d4f41c2520b3c1e28a8ccd0b9176423a56d57046f2d50238

Request headers

Referer
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: multipart/form-data

Response headers

date: Mon, 04 Apr 2022 15:23:27 GMT
content-encoding: gzip
vary: Accept-Encoding
content-type: application/x-protobuf
access-control-allow-origin: https://threatpost.com
access-control-max-age: 86400
access-control-allow-credentials: true
accept-ranges: bytes
content-length: 6669

GET
H2 200 pubads_impl_2022032106.js Show response
securepubads.g.doubleclick.net/gpt/ 364 KB
124 KB 62ms
17ms Script
text/javascript 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022032106.js

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

sffe /

Resource Hash

8da979458600536726a4bfca5e105c96a405e0740c16e55a7d6cc59108706417

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:10:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 759
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 126678
x-xss-protection: 0
last-modified: Thu, 24 Mar 2022 20:13:14 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Tue, 04 Apr 2023 15:10:48 GMT

GET
H2 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 141 B
737 B 77ms
27ms XHR
application/json 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=threatpost.com

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

d4c4215f41a4bb6f12e0d100854eecc6bc5c57ef23af0e945b8359d7727ae94e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 04 Apr 2022 15:23:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 101
x-xss-protection: 0
expires: Mon, 04 Apr 2022 15:23:27 GMT

GET
H2 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/gZWLhEUEJFxEhoT5hpjn2xHK/ 359 KB
142 KB 90ms
44ms Script
text/javascript 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/gZWLhEUEJFxEhoT5hpjn2xHK/recaptcha__en.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?hl=en&render=explicit

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f5eea1c9406e22225635f46d7ddde71a450b2337a7cd0b25ff834aef95734258

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/
Origin: https://threatpost.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 07:21:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 28937
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 144576
x-xss-protection: 0
last-modified: Mon, 28 Mar 2022 04:22:14 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 04 Apr 2023 07:21:10 GMT

GET
H2 200 blockedDomains_12.bin Show response
lit.connatix.com/08d79ac9-d151-59b7-8ffc-1666f862d246/ Frame FAC5 2 KB
1 KB 77ms
17ms XHR
application/octet-stream 151.101.130.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://lit.connatix.com/08d79ac9-d151-59b7-8ffc-1666f862d246/blockedDomains_12.bin
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.130.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 085f299301d3258baf25d3cdaf1ff539b13a00169b765b1c8abaabc5fe353d2b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:23:27 GMT
content-encoding: gzip
last-modified: Wed, 30 Mar 2022 17:18:30 GMT
age: 425009
etag: "047f4b895f454fb7748c6b90383a386e"
vary: Accept-Encoding
content-type: application/octet-stream
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges: bytes
content-length: 1296

GET
H2 200 insights.bin Show response
ins.connatix.com/c694354ba14a953dafc9171cb97f0bc2/ Frame FAC5 324 B
449 B 77ms
18ms XHR
application/octet-stream 151.101.130.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://ins.connatix.com/c694354ba14a953dafc9171cb97f0bc2/insights.bin
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.130.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: ad466bf5bd3260297c0582435e86872bec1ea288884d96aecb461d53025fb69b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:23:27 GMT
content-encoding: gzip
last-modified: Sun, 27 Mar 2022 22:43:36 GMT
age: 659754
etag: "54ff8c5ccd9b394c782f0811943951de"
vary: Accept-Encoding
content-type: application/octet-stream
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges: bytes
content-length: 211

GET
H2 200 config Show response
c.amazon-adsystem.com/cdn/prod/ 662 B
1018 B 20ms
20ms XHR
application/json 65.9.62.173
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/cdn/prod/config?src=600&u=https%3A%2F%2Fthreatpost.com&pubid=cb8cfc89-e83e-44aa-a3a2-ff78eda781ef
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.62.173 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-62-173.fra56.r.cloudfront.net
Software: Server /
Resource Hash: 6493fe707262fb8d9bc0e4d487e319fc9ebe7de26ebe7e3b4f58a5d17f03a9ea

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:11:02 GMT
via: 1.1 cc763905c39a59494c951c09271b0422.cloudfront.net (CloudFront)
server: Server
age: 744
x-cache: Hit from cloudfront
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://threatpost.com
cache-control: max-age=21550, s-maxage=21600
access-control-allow-credentials: true
x-amz-cf-pop: FRA56-C1
content-length: 662
x-amz-cf-id: A1jDrlRTwmc_VvmhyIoFaYzWNxRBbSgf3F2ZDBkui85V_ATfob7VZw==

GET
H2 200 aps_csm.js Show response
c.amazon-adsystem.com/bao-csm/aps-comm/ 6 KB
3 KB 56ms
17ms XHR
application/javascript 65.9.62.173
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.62.173 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-62-173.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 02:53:29 GMT
content-encoding: gzip
vary: Accept-Encoding,Origin
age: 44999
x-cache: Hit from cloudfront
access-control-allow-origin: *
last-modified: Thu, 17 Mar 2022 02:21:48 GMT
server: AmazonS3
etag: W/"a4d296427fc806b21335359e398c025c"
access-control-max-age: 3000
access-control-allow-methods: GET
x-amz-version-id: khsXo6Z3HSo5bHNWbmb1eMp88IHhxPc.
via: 1.1 715791ebe4663055c84208b8a58b2b80.cloudfront.net (CloudFront)
cache-control: public, max-age=86400
x-amz-cf-pop: FRA56-C1
content-type: application/javascript
x-amz-cf-id: 7i9ptP7ryBAeGiPd1EnTaLUGpkCQjE-PElPErdzPfudnjGDItXZ4Aw==

GET
H3 200 vendor-list.json Show response
qd.admetricspro.com/js/cmp2/ 256 KB
36 KB 251ms
198ms XHR
application/json 2606:4700:3031::6815:456d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://qd.admetricspro.com/js/cmp2/vendor-list.json
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/cmp.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:456d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1aeb3ee07f4b462935c5d8047ff038c8e279d75f9be1dcd0b848ba68223a3ee2

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:23:27 GMT
content-encoding: br
cf-cache-status: DYNAMIC
last-modified: Mon, 31 May 2021 16:54:38 GMT
server: cloudflare
etag: W/"3ffae-5c3a314b5dcb2"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=X%2FprnsNCmKJCazDmGcv8UcPhx4QB21QbSNsdmPpSvrZNR6Q19gONBC6GH77v4ul90S%2FxfWPOFedUILNDusv54P5XUil67Jib%2B0pY378cpeCtVHRiGV3pmv1HqMVHrI71er2UxZGLzmVQznmQZZsuCnie"}],"group":"cf-nel","max_age":604800}
content-type: application/json
access-control-allow-origin: *
cache-control: max-age=600
cf-ray: 6f6b0b981a90905e-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Mon, 04 Apr 2022 15:33:27 GMT

GET
H2 200 pubcid.min.js Show response
secure.cdn.fastclick.net/js/pubcid/latest/ 53 KB
17 KB 69ms
16ms Script
application/javascript 104.89.31.187
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.cdn.fastclick.net/js/pubcid/latest/pubcid.min.js
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.89.31.187 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-89-31-187.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: a4350fed8ed92bbf4f462fc245028928ac33afa25d2231b28c334b91cd0d3952

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:23:27 GMT
content-encoding: gzip
last-modified: Tue, 01 Jun 2021 17:06:57 GMT
server: Apache
etag: "d398-5c3b75e9ebb41-gzip"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=900
accept-ranges: bytes
content-length: 17087
expires: Mon, 04 Apr 2022 15:38:27 GMT

GET
H2 200 id5-api.js Show response
cdn.id5-sync.com/api/1.0/ 40 KB
11 KB 95ms
19ms Script
text/javascript 46.105.202.126
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.id5-sync.com/api/1.0/id5-api.js

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

46.105.202.126 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

Resource Hash

9476350068dbd8b61373906f6d9dba49ed31ed5d64d6ee2d48da082c44a447dc

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
content-encoding: br
x-cacheable: Matched cache
x-cdn-pop-ip: 137.74.120.0/27
date: Mon, 04 Apr 2022 14:56:30 GMT
content-type: text/javascript;charset=utf-8
cache-control: max-age=3600
x-cdn-pop: sbg
content-disposition: attachment;filename="id5-api.js"
accept-ranges: bytes
content-length: 11181
x-request-id: 162562318

GET
H3 200 recaptcha__de.js Show response
www.gstatic.com/recaptcha/releases/gZWLhEUEJFxEhoT5hpjn2xHK/ 362 KB
143 KB 47ms
22ms Script
text/javascript 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/gZWLhEUEJFxEhoT5hpjn2xHK/recaptcha__de.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?render=explicit&ver=202124050927

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dff2681d8f5f16b61b464b599d7c62f61efe496b54a77044145495bc8cad36d0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/
Origin: https://threatpost.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 13:43:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 6004
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 146406
x-xss-protection: 0
last-modified: Mon, 28 Mar 2022 04:22:14 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 04 Apr 2023 13:43:23 GMT

GET
H/1.1 200
OK id Show response
dpm.demdex.net/ 368 B
1 KB 159ms
42ms XHR
application/json 54.154.15.255
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://dpm.demdex.net/id?d_visid_ver=4.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=983502BE532960BE0A490D4C%40AdobeOrg&d_nsid=0&ts=1649085807358

Requested by

Host: media.kaspersky.com
URL: https://media.kaspersky.com/tracking/omniture/s_code_single_suite.js?ver=5.9.2

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.154.15.255 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-154-15-255.eu-west-1.compute.amazonaws.com

Software

Resource Hash

aeb4476ed7fb51c861603882be58248c659a8765c6cd9170c8304df68fc3b0ee

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://threatpost.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

DCS: dcs-prod-irl1-1-v030-0d2b4133c.edge-irl1.demdex.com UNKNOWN
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-TID: /MHSA7hpR/Q=
Vary: Origin
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin: https://threatpost.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json;charset=utf-8
Content-Length: 311
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H2 200 localstore.js Show response
script.4dex.io/ 483 B
947 B 77ms
27ms Script
application/javascript 2606:4700:20::681a:9a9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.4dex.io/localstore.js
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:9a9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e8fe64429e5900c16c7f8dd7861704e2f4d38e00cbb16bc18820b46d92461389

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:23:27 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1145252
x-amz-request-id: tx19d8ce819bcb496485a59-00623993cb
x-amz-id-2: tx19d8ce819bcb496485a59-00623993cb
last-modified: Tue, 22 Mar 2022 09:15:21 GMT
server: cloudflare
etag: W/"922cffdd75f7192f75231d92684885aa"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YveRhvV3%2B0sFwlN0aJVw8JvdsN1EVYH8T%2FkBdTEr2j7S%2B1heXr%2BdNjsW1nLnl4rOexo4KuF82AK4rRGSzQuubtgzObmPSi%2F2tdNJSNsYLZbWwyOOj8gE%2ByTjmBMO5er8XHNt4UqHpOc%2FbQuC"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=1800
x-amz-version-id: 1647940521027959
cf-ray: 6f6b0b98bc4c905b-FRA

POST
H/1.1 200 724.json Show response
id5-sync.com/g/v2/ 213 B
532 B 82ms
22ms XHR
application/json 51.195.5.40
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://id5-sync.com/g/v2/724.json

Requested by

Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

51.195.5.40 , France, ASN16276 (OVH, FR),

Reverse DNS

p17.id5-sync.com

Software

Resource Hash

d7b77231b46dc7c7249d85e788540c2f7bb585ae43a167c0320c86dd6f7983a0

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://threatpost.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: https://threatpost.com
Date: Mon, 04 Apr 2022 15:23:26 GMT
Access-Control-Allow-Credentials: true
Vary: Origin
Transfer-Encoding: chunked
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
Content-Type: application/json;charset=UTF-8

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 63ms
18ms Script
text/javascript 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PM29HLF

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 02 Nov 2021 17:39:06 GMT
server: Golfe2
age: 4721
date: Mon, 04 Apr 2022 14:04:46 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Mon, 04 Apr 2022 16:04:46 GMT

GET
H2 200 quant.js Show response
secure.quantserve.com/ 24 KB
10 KB 73ms
22ms Script
application/javascript 2620:116:800d:21:fcb8:22d2:d390:5f1b
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.quantserve.com/quant.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PM29HLF
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2620:116:800d:21:fcb8:22d2:d390:5f1b , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 8d6580af877387b05d9ffac3ebeacfe25a7728c77adef6d9b32fd72ccbe21468

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:23:27 GMT
content-encoding: gzip
etag: "u2JtyZzqnTXwzBUswy2r+w=="
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, max-age=604800
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
expires: Mon, 11 Apr 2022 15:23:27 GMT

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ 14 KB
6 KB 79ms
16ms Script
application/javascript 199.232.136.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PM29HLF
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 199.232.136.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 4da3e3aa30b5b06390d7e7e3fcfb16d648909eb429d161c2748bd6d79a7ec5fb

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:23:27 GMT
content-encoding: gzip
last-modified: Tue, 29 Mar 2022 00:09:12 GMT
fastly-original-body-size: 14407
etag: "8dc11b7ca1d5ed9ec3b1ab1beb621c75+gzip+gzip"
vary: Accept-Encoding,Host
x-tw-cdn: FT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
cache-control: no-cache
x-cache: HIT, HIT
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
content-length: 5410
x-served-by: cache-iad-kcgs7200069-IAD, cache-hhn11541-HHN

GET
H3 200 gtm.js Show response
www.googletagmanager.com/ 428 KB
109 KB 52ms
27ms Script
application/javascript 2a00:1450:4001:82f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-T45JW6B&l=dataLayer

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WZ7LJ3

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

0480e99ef32d730897e546bbd434dd634eeb6ca4bb79b47d3c09f5b26c22c073

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:23:27 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 111358
x-xss-protection: 0
last-modified: Mon, 04 Apr 2022 15:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 04 Apr 2022 15:23:27 GMT

POST
H/1.1 200
OK sr Show response
capi-tier-2-us-east-2.connatix.com/tr/ Frame FAC5 0
315 B 443ms
109ms XHR
application/x-protobuf 3.14.222.76
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://capi-tier-2-us-east-2.connatix.com/tr/sr?v=157383
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.14.222.76 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-14-222-76.us-east-2.compute.amazonaws.com
Software: Kestrel /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: multipart/form-data

Response headers

date: Mon, 04 Apr 2022 15:23:27 GMT
content-encoding: gzip
server: Kestrel
vary: Accept-Encoding
content-type: application/x-protobuf
access-control-allow-origin: https://threatpost.com
access-control-allow-credentials: true
Connection: keep-alive
Content-Length: 20

GET
H3 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 83 KB
28 KB 59ms
33ms Script
text/javascript 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

sffe /

Resource Hash

9c2cd57fc33e43d8a3b951095eee1988fbe9ade5603046cff11a378f7460d85e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:23:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28304
x-xss-protection: 0
server: sffe
etag: "1177 / 799 of 1000 / last-modified: 1649070439"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Mon, 04 Apr 2022 15:23:27 GMT

GET
H2 200 2_media.bin Show response
vid.connatix.com/pid-c2ecd04f-0dca-4ffa-8761-d93b34717380/60764267-557e-410f-85cb-f102d92ee134/523d4fb0-4f47-4bf9-83cd-2b5c179a45db/ Frame FAC5 285 B
339 B 39ms
17ms XHR
application/octet-stream 151.101.130.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://vid.connatix.com/pid-c2ecd04f-0dca-4ffa-8761-d93b34717380/60764267-557e-410f-85cb-f102d92ee134/523d4fb0-4f47-4bf9-83cd-2b5c179a45db/2_media.bin
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.130.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 3b9d39edb2591de65a095117689dd79effa44a7cf3e0a594d01c978b2f05d00e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:23:27 GMT
content-encoding: gzip
last-modified: Thu, 18 Mar 2021 19:13:10 GMT
age: 87715
etag: "259c03714a4dc20e6a891f05ce653dc0"
vary: Accept-Encoding
content-type: application/octet-stream
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges: bytes
content-length: 249

GET
H2 200 ima3.js Show response
imasdk.googleapis.com/js/sdkloader/ Frame FAC5 375 KB
126 KB 194ms
32ms Script
text/javascript 2a00:1450:4001:808::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/sdkloader/ima3.js

Requested by

Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b8e352006cc3bc3c7c2206316ef5ecc3a319959d6b6a3b4da9702afd1dff10de

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:23:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 127864
x-xss-protection: 0
expires: Mon, 04 Apr 2022 15:23:27 GMT

GET
H2 200 1.png
img.connatix.com/pid-c2ecd04f-0dca-4ffa-8761-d93b34717380/c2ecd04f-0dca-4ffa-8761-d93b34717380/ 6 KB
7 KB 26ms
18ms Image
image/png 151.101.2.137
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.connatix.com/pid-c2ecd04f-0dca-4ffa-8761-d93b34717380/c2ecd04f-0dca-4ffa-8761-d93b34717380/1.png
Requested by: Host: threatpost.com
URL: https://threatpost.com/google-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch/179103/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.2.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 739ab1cbd5fc795c806cfbc012e937834a1d566f02ed72ff02af2700c0629eb4

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:23:27 GMT
content-encoding: br
age: 1155665
etag: "CDlq0wWU2N6Hha9Y1OkqKS7K/JyWAUvXYL5GlZ2se8g"
access-control-max-age: 86400
fastly-io-info: ifsz=8114 idim=288x42 ifmt=png ofsz=6487 odim=288x42 ofmt=png
access-control-allow-origin: *
cache-control: max-age=2592000, public
fastly-stats: io=1
accept-ranges: bytes
content-type: image/png
content-length: 6487

POST
H2 204 v1 Show response
btlr.sharethrough.com/universal/ 0
112 B 179ms
22ms XHR
text/plain 18.196.121.26
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.196.121.26 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-196-121-26.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatpost.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://threatpost.com
date: Mon, 04 Apr 2022 15:23:27 GMT
access-control-allow-credentials: true
vary: Origin

POST
H2 204 v1 Show response
btlr.sharethrough.com/universal/ 0
113 B 178ms
22ms XHR
text/plain 18.196.121.26
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.196.121.26 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-196-121-26.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatpost.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://threatpost.com
date: Mon, 04 Apr 2022 15:23:27 GMT
access-control-allow-credentials: true
vary: Origin

POST
H2 204 v1 Show response
btlr.sharethrough.com/universal/ 0
112 B 247ms
91ms XHR
text/plain 18.196.121.26
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.196.121.26 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-196-121-26.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatpost.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://threatpost.com
date: Mon, 04 Apr 2022 15:23:27 GMT
access-control-allow-credentials: true
vary: Origin

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 631 B
1 KB 295ms
131ms XHR
application/json 2602:803:c004:200::140
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=19254&site_id=300372&zone_id=1509502&size_id=2&alt_size_ids=55%2C57&p_pos=atf&rp_schain=1.0,1!admetricspro.com,1005,1,,,&rf=https%3A%2F%2Fthreatpost.com%2Fgoogle-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch%2F179103%2F&kw=Hacks%2CMalware%2CVulnerabilities%2CWebSecurity%2CMobileSecurity%2CPrivacy&tg_i.ref=https%3A%2F%2Fthreatpost.com%2Fgoogle-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch%2F179103%2F&tg_i.page=https%3A%2F%2Fthreatpost.com%2Fgoogle-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch%2F179103%2F&tg_i.domain=threatpost.com&tg_i.dfp_ad_unit_code=22404337467%2C21707124336%2Fthreatpost-970x250-ATF&tg_i.pbadslot=22404337467%2C21707124336%2Fthreatpost-970x250-ATF&tk_flint=pbjs_lite_v5.17.0&x_source.tid=22e792e8-58c4-4e94-91cc-f6b409e21b2d&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.7016191976041144
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 2602:803:c004:200::140 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: 7c7c702463dc6941f4d9749347a5ea4dbe32bf7f97488272681d40c4068fd557

Request headers

Referer: https://threatpost.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Mon, 04 Apr 2022 15:23:27 GMT
Server: nginx/1.21.4
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://threatpost.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Content-Length: 631
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 629 B
1 KB 243ms
77ms XHR
application/json 2602:803:c004:200::140
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=19254&site_id=300372&zone_id=1509502&size_id=15&alt_size_ids=16&p_pos=atf&rp_schain=1.0,1!admetricspro.com,1005,1,,,&rf=https%3A%2F%2Fthreatpost.com%2Fgoogle-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch%2F179103%2F&kw=Hacks%2CMalware%2CVulnerabilities%2CWebSecurity%2CMobileSecurity%2CPrivacy&tg_i.ref=https%3A%2F%2Fthreatpost.com%2Fgoogle-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch%2F179103%2F&tg_i.page=https%3A%2F%2Fthreatpost.com%2Fgoogle-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch%2F179103%2F&tg_i.domain=threatpost.com&tg_i.dfp_ad_unit_code=22404337467%2C21707124336%2Fthreatpost-300x250-ATF&tg_i.pbadslot=22404337467%2C21707124336%2Fthreatpost-300x250-ATF&tk_flint=pbjs_lite_v5.17.0&x_source.tid=074f0d9b-1cec-455c-b23c-f69599ed4c08&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.016954962623643155
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 2602:803:c004:200::140 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: 480a52724fb3cb5ff84d11dc6e298c35e0c118d56662e6393d20c02b030ebfb8

Request headers

Referer: https://threatpost.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Mon, 04 Apr 2022 15:23:27 GMT
Server: nginx/1.21.4
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://threatpost.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Content-Length: 629
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 629 B
1 KB 298ms
132ms XHR
application/json 2602:803:c004:200::140
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=19254&site_id=300372&zone_id=1509506&size_id=15&alt_size_ids=10&p_pos=atf&rp_schain=1.0,1!admetricspro.com,1005,1,,,&rf=https%3A%2F%2Fthreatpost.com%2Fgoogle-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch%2F179103%2F&kw=Hacks%2CMalware%2CVulnerabilities%2CWebSecurity%2CMobileSecurity%2CPrivacy&tg_i.ref=https%3A%2F%2Fthreatpost.com%2Fgoogle-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch%2F179103%2F&tg_i.page=https%3A%2F%2Fthreatpost.com%2Fgoogle-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch%2F179103%2F&tg_i.domain=threatpost.com&tg_i.dfp_ad_unit_code=22404337467%2C21707124336%2Fthreatpost-300x600-ATF&tg_i.pbadslot=22404337467%2C21707124336%2Fthreatpost-300x600-ATF&tk_flint=pbjs_lite_v5.17.0&x_source.tid=5b3030a1-6d1b-455d-9229-6a9e6362c9ba&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.14621538791923427
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 2602:803:c004:200::140 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: 2f9ff07c1365531108b5f2cf03ffa0cc9c95e116e34228c04601584090381aa8

Request headers

Referer: https://threatpost.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Mon, 04 Apr 2022 15:23:27 GMT
Server: nginx/1.21.4
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://threatpost.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Content-Length: 629
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 629 B
1 KB 301ms
135ms XHR
application/json 2602:803:c004:200::140
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=19254&site_id=300372&zone_id=1509502&size_id=15&alt_size_ids=10&p_pos=atf&rp_schain=1.0,1!admetricspro.com,1005,1,,,&rf=https%3A%2F%2Fthreatpost.com%2Fgoogle-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch%2F179103%2F&kw=Hacks%2CMalware%2CVulnerabilities%2CWebSecurity%2CMobileSecurity%2CPrivacy&tg_i.ref=https%3A%2F%2Fthreatpost.com%2Fgoogle-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch%2F179103%2F&tg_i.page=https%3A%2F%2Fthreatpost.com%2Fgoogle-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch%2F179103%2F&tg_i.domain=threatpost.com&tg_i.dfp_ad_unit_code=22404337467%2C21707124336%2Fthreatpost-300x600-ATF&tg_i.pbadslot=22404337467%2C21707124336%2Fthreatpost-300x600-ATF&tk_flint=pbjs_lite_v5.17.0&x_source.tid=5b3030a1-6d1b-455d-9229-6a9e6362c9ba&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.17103779825314325
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 2602:803:c004:200::140 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: 5c0f884d82f6d3a7bf887f9be1c661a4ae8814baee671971390c774e2e492dbc

Request headers

Referer: https://threatpost.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Mon, 04 Apr 2022 15:23:27 GMT
Server: nginx/1.21.4
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://threatpost.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Content-Length: 629
Expires: Wed, 17 Sep 1975 21:32:10 GMT

POST
H2 200 auction Show response
tlx.3lift.com/header/ 3 KB
2 KB 244ms
92ms XHR
application/json 18.157.232.7
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://tlx.3lift.com/header/auction?lib=prebid&v=5.17.0&referrer=https%3A%2F%2Fthreatpost.com%2Fgoogle-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch%2F179103%2F&tmax=1200

Requested by

Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

18.157.232.7 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-157-232-7.eu-central-1.compute.amazonaws.com

Software

Resource Hash

8d5938a91cc56334ad31696d108fda4f631da0f8fba7589a7d9a1bc1ee91dc9b

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 15:23:27 GMT
content-encoding: gzip
accept-ch: sec-ch-rtt,sec-ch-ua-arch,sec-ch-viewport-width,sec-ch-ua-platform-version,sec-ch-ua-full-version,sec-ch-ua-model,sec-ch-viewport-height,sec-ch-width,sec-ch-save-data,sec-ch-device-memory,sec-ch-dpr,sec-ch-prefers-color-scheme,sec-ch-ua-bitness,sec-ch-ect,sec-ch-downlink
content-type: application/json; charset=utf-8
access-control-allow-origin: https://threatpost.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 1304
x-xss-protection: 0
expires: Thu, 15 Oct 1992 20:10:00 GMT

POST adreq
ads.servenobid.com/ 0
0

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 365 B
1 KB 275ms
127ms XHR
application/json 185.33.223.38
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.223.38 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

400.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

ce14c0afa6c9a2db0b2abcd223acda784bdead49ed4d5949d1985e69b20e160e

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Mon, 04 Apr 2022 15:23:27 GMT
X-Proxy-Origin: 217.114.215.132; 217.114.215.132; 400.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid: 88476ac0-7bce-4341-8bb4-294898a07044
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://threatpost.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 365
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 204 mvo Show response
tag.1rx.io/rmp/216477/0/ 0
170 B 183ms
36ms XHR
text/plain 213.19.147.43
RHYTHMONE

General

Check archive.org

Show headers Download Go to

Full URL: https://tag.1rx.io/rmp/216477/0/mvo?z=1r&hbv=5.17,2.1
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 213.19.147.43 Utrecht, Netherlands, ASN26120 (RHYTHMONE, US),
Reverse DNS
Software: Tengine /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatpost.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://threatpost.com
pragma: no-cache
date: Mon, 04 Apr 2022 15:23:27 GMT
cache-control: private, max-age=0, no-cache, no-store
access-control-allow-credentials: true
server: Tengine

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ 0
59 B 818ms
96ms XHR
text/plain 185.64.189.112
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatpost.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://threatpost.com
date: Mon, 04 Apr 2022 15:23:26 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

GET
H2 200 arj Show response
teachingaids-d.openx.net/w/1.0/ 73 B
378 B 182ms
38ms XHR
application/json 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://teachingaids-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fthreatpost.com%2Fgoogle-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch%2F179103%2F&ch=UTF-8&res=1600x1200x24&ifr=false&tz=0&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=22e792e8-58c4-4e94-91cc-f6b409e21b2d%2C22e792e8-58c4-4e94-91cc-f6b409e21b2d%2C074f0d9b-1cec-455c-b23c-f69599ed4c08%2C5b3030a1-6d1b-455d-9229-6a9e6362c9ba%2C5b3030a1-6d1b-455d-9229-6a9e6362c9ba&nocache=1649085807581&pubcid=a5c86a69-1cac-4a20-a00d-c5fc3e6f3c04&schain=1.0%2C1!admetricspro.com%2C1005%2C1%2C%2C%2C&aus=728x90%2C970x250%2C970x90%7C728x90%2C970x250%2C970x90%7C300x250%2C336x280%7C300x250%2C300x600%7C300x250%2C300x600&divids=div-gpt-ad-6794670-2%2Cdiv-gpt-ad-6794670-2%2Cdiv-gpt-ad-6794670-3%2Cdiv-gpt-ad-6794670-5%2Cdiv-gpt-ad-6794670-5&aucs=%252F22404337467%252C21707124336%252Fthreatpost-970x250-ATF%2C%252F22404337467%252C21707124336%252Fthreatpost-970x250-ATF%2C%252F22404337467%252C21707124336%252Fthreatpost-300x250-ATF%2C%252F22404337467%252C21707124336%252Fthreatpost-300x600-ATF%2C%252F22404337467%252C21707124336%252Fthreatpost-300x600-ATF&auid=540932704%2C540932709%2C540932713%2C540932715%2C540932720
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/18.0.0 /
Resource Hash: f56272ce9e4b643808c03656845ec7b3f3b17fcd5633420b1912874751b8fe9e

Request headers

Referer: https://threatpost.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 15:23:27 GMT
content-encoding: gzip
server: OXGW/18.0.0
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: https://threatpost.com
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
content-type: application/json
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 79
via: 1.1 google
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 cygnus Show response
htlb.casalemedia.com/ 37 B
331 B 257ms
115ms XHR
application/json 23.32.59.34
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://htlb.casalemedia.com/cygnus?s=438654&v=7.2&ac=j&sd=1&r=%7B%22id%22%3A%22377fcc2afe78e31%22%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fthreatpost.com%2Fgoogle-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch%2F179103%2F%22%2C%22ref%22%3A%22https%3A%2F%2Fthreatpost.com%2Fgoogle-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch%2F179103%2F%22%2C%22domain%22%3A%22threatpost.com%22%2C%22publisher%22%3A%7B%22domain%22%3A%22threatpost.com%22%7D%2C%22keywords%22%3A%22Hacks%2CMalware%2CVulnerabilities%2CWebSecurity%2CMobileSecurity%2CPrivacy%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%2C%22ixdiag%22%3A%7B%22msd%22%3A4%2C%22msi%22%3A4%2C%22mfu%22%3A0%2C%22bu%22%3A3%2C%22iu%22%3A0%2C%22nu%22%3A0%2C%22ou%22%3A0%2C%22allu%22%3A3%2C%22ren%22%3Afalse%2C%22version%22%3A%225.17.0%22%2C%22userIds%22%3A%5B%5D%2C%22fpd%22%3Atrue%7D%7D%2C%22imp%22%3A%5B%7B%22id%22%3A%22386ed62f8a16fc7%22%2C%22banner%22%3A%7B%22topframe%22%3A1%2C%22format%22%3A%5B%7B%22w%22%3A728%2C%22h%22%3A90%2C%22ext%22%3A%7B%22siteID%22%3A%22438654%22%2C%22dfp_ad_unit_code%22%3A%22%2F22404337467%2C21707124336%2Fthreatpost-970x250-ATF%22%2C%22sid%22%3A%22728x90%22%7D%7D%2C%7B%22w%22%3A970%2C%22h%22%3A250%2C%22ext%22%3A%7B%22siteID%22%3A%22438654%22%2C%22dfp_ad_unit_code%22%3A%22%2F22404337467%2C21707124336%2Fthreatpost-970x250-ATF%22%2C%22sid%22%3A%22970x250%22%7D%7D%2C%7B%22w%22%3A970%2C%22h%22%3A90%2C%22ext%22%3A%7B%22siteID%22%3A%22438654%22%2C%22dfp_ad_unit_code%22%3A%22%2F22404337467%2C21707124336%2Fthreatpost-970x250-ATF%22%2C%22sid%22%3A%22970x90%22%7D%7D%5D%7D%7D%2C%7B%22id%22%3A%2239986cbf12ed65e%22%2C%22banner%22%3A%7B%22topframe%22%3A1%2C%22format%22%3A%5B%7B%22w%22%3A300%2C%22h%22%3A250%2C%22ext%22%3A%7B%22siteID%22%3A%22438649%22%2C%22dfp_ad_unit_code%22%3A%22%2F22404337467%2C21707124336%2Fthreatpost-300x250-ATF%22%2C%22sid%22%3A%22300x250%22%7D%7D%2C%7B%22w%22%3A336%2C%22h%22%3A280%2C%22ext%22%3A%7B%22siteID%22%3A%22438649%22%2C%22dfp_ad_unit_code%22%3A%22%2F22404337467%2C21707124336%2Fthreatpost-300x250-ATF%22%2C%22sid%22%3A%22336x280%22%7D%7D%5D%7D%7D%2C%7B%22id%22%3A%2240e096082c59c79%22%2C%22banner%22%3A%7B%22topframe%22%3A1%2C%22format%22%3A%5B%7B%22w%22%3A300%2C%22h%22%3A250%2C%22ext%22%3A%7B%22siteID%22%3A%22438650%22%2C%22dfp_ad_unit_code%22%3A%22%2F22404337467%2C21707124336%2Fthreatpost-300x600-ATF%22%2C%22sid%22%3A%22300x250%22%7D%7D%2C%7B%22w%22%3A300%2C%22h%22%3A600%2C%22ext%22%3A%7B%22siteID%22%3A%22438650%22%2C%22dfp_ad_unit_code%22%3A%22%2F22404337467%2C21707124336%2Fthreatpost-300x600-ATF%22%2C%22sid%22%3A%22300x600%22%7D%7D%5D%7D%7D%5D%2C%22source%22%3A%7B%22ext%22%3A%7B%22schain%22%3A%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22admetricspro.com%22%2C%22sid%22%3A%221005%22%2C%22hp%22%3A1%7D%5D%7D%7D%7D%2C%22user%22%3A%7B%7D%7D
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.32.59.34 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-32-59-34.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 2c469a897d1eee15915927ef811838f80ba761e8219154de620fc4e638dd5cc3

Request headers

Referer: https://threatpost.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 15:23:27 GMT
x-ak-initial-geo: CC:[DE], RC:[HE], CN:[EU], CIP:[217.114.215.132], XFF:[]
server: Apache
content-type: application/json
access-control-allow-origin: https://threatpost.com
x-cs-client-geo: 12
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
content-length: 37
x-ak-client-geo: 12
expires: Mon, 04 Apr 2022 15:23:27 GMT

POST
H/1.1 200
OK bid Show response
ap.lijit.com/rtb/ 94 B
743 B 618ms
280ms XHR
application/json 63.251.14.14
INTERNAP-BLOCK-4

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/rtb/bid?src=prebid_prebid_5.17.0
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 63.251.14.14 , United States, ASN14744 (INTERNAP-BLOCK-4, US),
Reverse DNS
Software: /
Resource Hash: 8ad716d4a479f84be58f7e2f4b725950c205e0f22f353be89cfc8e1e6fc07e13

Request headers

Referer: https://threatpost.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: text/plain

Response headers

Date: Mon, 04 Apr 2022 15:23:28 GMT
Content-Encoding: gzip
Vary: Accept-Encoding, User-Agent
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Content-Type: application/json
Access-Control-Allow-Origin: https://threatpost.com
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap1sea1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 97

GET
H2 200 bidRequest Show response
c2shb.ssp.yahoo.com/ 62 B
291 B 235ms
94ms XHR
application/json 52.28.203.152
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a9695ad017373d9b19cda6b03bc00b5&pos=threatpost.com_desktop_728x90-atf&cmd=bid&secure=1
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 52.28.203.152 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-28-203-152.eu-central-1.compute.amazonaws.com
Software: ATS/9.1.0.33 /
Resource Hash: c8b7aa14f73e2f279bb0901f1938820a56594b04aa6898d12362486ab58cd4e0

Request headers

Referer: https://threatpost.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 04 Apr 2022 15:23:27 GMT
server: ATS/9.1.0.33
age: 0
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods: POST,GET,HEAD,OPTIONS
content-type: application/json;charset=utf-8
access-control-allow-origin: https://threatpost.com
access-control-allow-credentials: true
content-length: 62

GET
H2 200 bidRequest Show response
c2shb.ssp.yahoo.com/ 62 B
92 B 257ms
116ms XHR
application/json 52.28.203.152
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a9695ad017373d9b19cda6b03bc00b5&pos=threatpost.com_desktop_300x250-atf&cmd=bid&secure=1
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 52.28.203.152 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-28-203-152.eu-central-1.compute.amazonaws.com
Software: ATS/9.1.0.33 /
Resource Hash: c3970f8ab86dce74caf210c248b24920cd504608043efaa14256cc016666da6e

Request headers

Referer: https://threatpost.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 04 Apr 2022 15:23:27 GMT
server: ATS/9.1.0.33
age: 0
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods: POST,GET,HEAD,OPTIONS
content-type: application/json;charset=utf-8
access-control-allow-origin: https://threatpost.com
access-control-allow-credentials: true
content-length: 62

GET
H2 200 bidRequest Show response
c2shb.ssp.yahoo.com/ 62 B
92 B 268ms
127ms XHR
application/json 52.28.203.152
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a9695ad017373d9b19cda6b03bc00b5&pos=threatpost.com_desktop_300x600-atf&cmd=bid&secure=1
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 52.28.203.152 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-28-203-152.eu-central-1.compute.amazonaws.com
Software: ATS/9.1.0.33 /
Resource Hash: 01cf2b2ba01cfd3c1be27c8da811054c4adbe2af875a5bc2aeabb304a9b7972d

Request headers

Referer: https://threatpost.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 04 Apr 2022 15:23:27 GMT
server: ATS/9.1.0.33
age: 0
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods: POST,GET,HEAD,OPTIONS
content-type: application/json;charset=utf-8
access-control-allow-origin: https://threatpost.com
access-control-allow-credentials: true
content-length: 62

POST
H2 200 prebid Show response
mp.4dex.io/ 114 B
589 B 212ms
73ms XHR
application/json 2606:4700::6812:272
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mp.4dex.io/prebid
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:272 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: efc1f6c6bfaa91b75a02c46b21fb9f62b860663e54ee63a46d35cea3d75a9633

Request headers

Referer: https://threatpost.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: text/plain

Response headers

cf-ray: 6f6b0b9a5faa695e-FRA
pragma: no-cache
date: Mon, 04 Apr 2022 15:23:27 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin, Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://threatpost.com
expires: 0
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-encoding: gzip
x-err: Validating the Prebid Request adunits. Sampled or No valid non-debug AdUnits

POST
H2 200 v2 Show response
e.serverbid.com/api/ 711 B
984 B 317ms
109ms XHR
application/json 134.209.131.220
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://e.serverbid.com/api/v2
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 134.209.131.220 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: /
Resource Hash: f4b064d961dd5c30917481f9cf22f400d352737e7dac10d70e574877eef1e8ea

Request headers

Referer: https://threatpost.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://threatpost.com
date: Mon, 04 Apr 2022 15:23:27 GMT
access-control-allow-credentials: true
content-length: 711
vary: Origin
content-type: application/json

POST
H2 204 c Show response
prebid.a-mo.net/a/ 0
347 B 604ms
371ms XHR
text/plain 145.40.89.200
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.a-mo.net/a/c
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 145.40.89.200 Ashburn, United States, ASN54825 (PACKET, US),
Reverse DNS
Software: envoy /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatpost.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://threatpost.com
date: Mon, 04 Apr 2022 15:23:28 GMT
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
server: envoy
x-envoy-upstream-service-time: 260
vary: origin, Accept-Encoding

GET
H2 200 bid Show response
c.amazon-adsystem.com/e/dtb/ 64 B
533 B 54ms
54ms XHR
text/javascript 65.9.62.173
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fthreatpost.com%2Fgoogle-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch%2F179103%2F&pid=T18IpYyZzEWUf&cb=0&ws=1600x1200&v=7.74.0&t=1200&slots=%5B%7B%22sd%22%3A%22div-gpt-ad-6794670-2%22%2C%22s%22%3A%5B%22728x90%22%2C%22970x250%22%2C%22970x90%22%5D%2C%22sn%22%3A%22%2F22404337467%2C21707124336%2Fthreatpost-970x250-ATF%22%7D%2C%7B%22sd%22%3A%22div-gpt-ad-6794670-3%22%2C%22s%22%3A%5B%22300x250%22%2C%22336x280%22%5D%2C%22sn%22%3A%22%2F22404337467%2C21707124336%2Fthreatpost-300x250-ATF%22%7D%2C%7B%22sd%22%3A%22div-gpt-ad-6794670-5%22%2C%22s%22%3A%5B%22300x250%22%2C%22300x600%22%5D%2C%22sn%22%3A%22%2F22404337467%2C21707124336%2Fthreatpost-300x600-ATF%22%7D%2C%7B%22sd%22%3A%22div-gpt-ad-6794670-1%22%2C%22s%22%3A%5B%222x2%22%5D%2C%22sn%22%3A%22%2F22404337467%2C21707124336%2Fthreatpost-2x2-Skin%22%7D%5D&pubid=cb8cfc89-e83e-44aa-a3a2-ff78eda781ef&gdprl=%7B%22status%22%3A%22tcfv2-timeout%22%7D

Requested by

Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.62.173 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-62-173.fra56.r.cloudfront.net

Software

Server /

Resource Hash

d278491b1de51ad826d16be5ab27b1746999c02d45200f107218427e34eed798

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:23:27 GMT
via: 1.1 cc763905c39a59494c951c09271b0422.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: FRA56-C1
x-amz-rid: F09FT63B01QNFX5C3CK5
vary: Accept-Encoding,User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://threatpost.com
access-control-allow-credentials: true
permissions-policy: interest-cohort=()
strict-transport-security: max-age=47474747; includeSubDomains; preload
timing-allow-origin: *
content-length: 64
x-amz-cf-id: XwZqN_avx3FWeIuR0NN6QnW8UP8X3HUx1njJSqxstXvcN2KUmcuApg==

GET
H/1.1 200
OK dest5.html Show response
kaspersky.demdex.net/ Frame CDF8 7 KB
3 KB 178ms
42ms Document
text/html 54.194.228.85
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://kaspersky.demdex.net/dest5.html?d_nsid=0

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.194.228.85 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-194-228-85.eu-west-1.compute.amazonaws.com

Software

Resource Hash

7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Accept-Ranges: bytes
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: text/html;charset=UTF-8
DCS: dcs-prod-irl1-1-v030-0f52d3ec3.edge-irl1.demdex.com UNKNOWN
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: XA7hNgGLTGE=
content-encoding: gzip
date: Mon, 4 Apr 2022 15:23:27 GMT
last-modified: Tue, 15 Mar 2022 12:08:42 GMT
transfer-encoding: chunked
vary: accept-encoding

GET
H2 200 id Show response
kaspersky.d3.sc.omtrdc.net/ 2 B
316 B 145ms
25ms XHR
application/x-javascript 13.36.218.177
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://kaspersky.d3.sc.omtrdc.net/id?d_visid_ver=4.4.0&d_fieldgroup=A&mcorgid=983502BE532960BE0A490D4C%40AdobeOrg&mid=67137029763871488484502456997303030235&ts=1649085807606

Requested by

Host: media.kaspersky.com
URL: https://media.kaspersky.com/tracking/omniture/s_code_single_suite.js?ver=5.9.2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.36.218.177 Paris, France, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-13-36-218-177.eu-west-3.compute.amazonaws.com

Software

jag /

Resource Hash

44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://threatpost.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Mon, 04 Apr 2022 15:23:27 GMT
x-content-type-options: nosniff
server: jag
xserver: anedge-7b6f4bb9f7-skr4n
vary: Origin
x-c: main-1637.I660130.M0-562
p3p: CP="This is not a P3P policy"
access-control-allow-origin: https://threatpost.com
cache-control: no-cache, no-store, max-age=0, no-transform, private
access-control-allow-credentials: true
content-type: application/x-javascript;charset=utf-8
content-length: 2
x-xss-protection: 1; mode=block

GET
H/1.1

200
OK

ibs:dpid=411&dpuuid=YksNbwAAAK5spAP0
dpm.demdex.net/
Redirect Chain

https://cm.everesttech.net/cm/dd?d_uuid=60126495426056198183468076719881961345
https://dpm.demdex.net/ibs:dpid=411&dpuuid=YksNbwAAAK5spAP0

42 B
943 B

47ms
47ms

Image
image/gif

54.154.15.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=411&dpuuid=YksNbwAAAK5spAP0

Requested by

Host: threatpost.com
URL: https://threatpost.com/google-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch/179103/

Protocol

HTTP/1.1

Server

54.154.15.255 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-154-15-255.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

DCS: dcs-prod-irl1-1-v030-04a642d70.edge-irl1.demdex.com UNKNOWN
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: 6peStO/DQZo=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

Location: https://dpm.demdex.net/ibs:dpid=411&dpuuid=YksNbwAAAK5spAP0
Date: Mon, 04 Apr 2022 15:23:27 GMT
Cache-Control: no-cache
Server: AMO-cookiemap/1.1
Connection: keep-alive
Content-Length: 0
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"

POST
H/1.1 200 724.json Show response
id5-sync.com/g/v2/ 213 B
532 B 32ms
31ms XHR
application/json 51.195.5.40
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://id5-sync.com/g/v2/724.json

Requested by

Host: cdn.id5-sync.com
URL: https://cdn.id5-sync.com/api/1.0/id5-api.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

51.195.5.40 , France, ASN16276 (OVH, FR),

Reverse DNS

p17.id5-sync.com

Software

Resource Hash

2b48c43b818236ec743b95a9188a77284e7e4dccd91d58d64ca044488647bf7d

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://threatpost.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: https://threatpost.com
Date: Mon, 04 Apr 2022 15:23:27 GMT
Access-Control-Allow-Credentials: true
Vary: Origin
Transfer-Encoding: chunked
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
Content-Type: application/json;charset=UTF-8

GET
H2 200 flipboard.svg
assets.threatpost.com/wp-content/plugins/kaspersky-social-sharing/assets/img/ 236 B
561 B 287ms
287ms Image
image/svg+xml 2600:9000:2057:1200:2:9275:3d40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.threatpost.com/wp-content/plugins/kaspersky-social-sharing/assets/img/flipboard.svg
Requested by: Host: assets.threatpost.com
URL: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=1d62b9db
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2057:1200:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 506d565f94cecbb486394c545a96e8459217f8d045496b511e8c815142abfc70

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=1d62b9db
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:23:27 GMT
via: 1.1 49140b838a62cd29e30f20e39a82dad0.cloudfront.net (CloudFront)
last-modified: Mon, 04 Apr 2022 09:15:26 GMT
server: nginx
x-amz-cf-pop: FRA6-C1
etag: "624ab72e-ec"
x-cache: Miss from cloudfront
content-type: image/svg+xml
access-control-allow-origin: *
accept-ranges: bytes
content-length: 236
x-amz-cf-id: n0W8t67QY80ZeDxIBQiZsOskHuuFeeVDyEOzG-ylcfryDZJ41e64IQ==

GET
H2 200 fontawesome-webfont.woff2
assets.threatpost.com/wp-content/plugins/kaspersky-social-sharing/assets/fonts/ 75 KB
76 KB 376ms
376ms Font
font/woff2 2600:9000:2057:1200:2:9275:3d40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.threatpost.com/wp-content/plugins/kaspersky-social-sharing/assets/fonts/fontawesome-webfont.woff2?v=4.7.0
Requested by: Host: assets.threatpost.com
URL: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=1d62b9db
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2057:1200:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

Request headers

Referer: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=1d62b9db
Origin: https://threatpost.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:23:27 GMT
via: 1.1 f0a97a8c56cd2bb79a1739863489ed4c.cloudfront.net (CloudFront)
last-modified: Mon, 04 Apr 2022 09:15:25 GMT
server: nginx
x-amz-cf-pop: FRA6-C1
etag: "624ab72d-12d68"
x-cache: Miss from cloudfront
content-type: font/woff2
access-control-allow-origin: *
accept-ranges: bytes
content-length: 77160
x-amz-cf-id: mBqdlqVnU7a7tDeJ_JyS2KOlX4UsZN26CDE6o5EOrpoo8nIfXrSbXA==

GET
H/1.1 200
OK v1 Show response
geo.ipify.org/api/ 458 B
646 B 675ms
305ms XHR
application/json 64.140.160.2
WEBNX

General

Check archive.org

Show headers Download Go to

Full URL

https://geo.ipify.org/api/v1?apiKey=at_riPAQYz3EiQ6JhsH05bmtozma13RA

Requested by

Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/uspcmp.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

64.140.160.2 Ogden, United States, ASN18450 (WEBNX, US),

Reverse DNS

threatintelligenceplatform.com

Software

nginx /

Resource Hash

85b25a6edcc9b07991470245715aefe2ed0dadd8b72acbd873a3c81ed1ab9149

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date: Mon, 04 Apr 2022 15:23:28 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Server: nginx
X-Frame-Options: SAMEORIGIN
Content-Type: application/json
Access-Control-Allow-Origin: *
Cache-Control: no-cache, private
Transfer-Encoding: chunked
Connection: keep-alive

GET
H2 200 hls.5b3b785f487abbe00eee.js Show response
cds.connatix.com/p/157383/ Frame FAC5 162 KB
47 KB 18ms
17ms Script
application/javascript 151.101.2.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cds.connatix.com/p/157383/hls.5b3b785f487abbe00eee.js
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.2.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: e2c4332b6cd0fea250e89907921adaf7e597b52808cf19c995d6173ae0263f21

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:23:27 GMT
content-encoding: br
last-modified: Mon, 04 Apr 2022 13:23:10 GMT
age: 5693
etag: "182f65d040bfb9544bd8f71472475672"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges: bytes
content-length: 48258

GET
H2 200 adagio.js Show response
script.4dex.io/ 72 KB
23 KB 73ms
35ms Fetch
application/javascript 2606:4700:20::681a:9a9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.4dex.io/adagio.js
Requested by: Host: script.4dex.io
URL: https://script.4dex.io/localstore.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:9a9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3373dca69883fd4d5298c955d822359a23e9c3658b63e06b483e251c10024f21

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:23:27 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1144074
access-control-max-age: 3000
access-control-allow-methods: GET
x-amz-request-id: tx6f2ea791109f4903a1561-0062399424
x-amz-id-2: tx6f2ea791109f4903a1561-0062399424
last-modified: Tue, 22 Mar 2022 09:15:19 GMT
server: cloudflare
etag: W/"f6062b9ed3c12dab430d5d33afafadb4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=POX3lIDiEYmwX%2F1V0%2FnKj6uxqtwnkvXRvOl9%2F4S%2F4a0DX0OcAkFuao4DKyKNSzNX5hk%2F85MtrDIUTX0PKxh4lOAyZPa%2BtFW4JvOzn4juEpUX1czFsOoo9ekzt1GH%2F5XkZB9mZpAvDGwqUpIC"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=1800
access-control-allow-credentials: true
x-amz-version-id: 1647940519211847
cf-ray: 6f6b0b9a6a129b8e-FRA
access-control-allow-headers: Authorization

GET
H2 200 rules-p-_7kVx0t9Jqj90.js Show response
rules.quantcount.com/ 2 B
354 B 80ms
24ms Script
application/javascript 2600:9000:206f:b800:6:44e3:f8c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rules.quantcount.com/rules-p-_7kVx0t9Jqj90.js
Requested by: Host: secure.quantserve.com
URL: https://secure.quantserve.com/quant.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:b800:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 14:36:51 GMT
via: 1.1 29d33c5cd70a6501fde7bc2dba557906.cloudfront.net (CloudFront)
server: AmazonS3
age: 2796
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=3600
cross-origin-resource-policy: cross-origin
x-cache: Hit from cloudfront
x-amz-cf-pop: FRA56-C1
content-length: 2
x-amz-cf-id: OCqHLYFZP9LfoAv8yS16cr7nOmUF9Sex7UMEM8Yu1he38hrujet_gg==

POST
H3 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 62ms
29ms XHR
text/plain 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&aip=1&a=593948391&t=pageview&_s=1&dl=https%3A%2F%2Fthreatpost.com%2Fgoogle-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch%2F179103%2F&ul=en-us&de=UTF-8&dt=Google%20Chrome%20Zero-Day%20Bugs%20Exploited%20Weeks%20Ahead%20of%20Patch%20%7C%20Threatpost&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEABAAAAAC~&jid=163308365&gjid=678628613&cid=1480618513.1649085808&tid=UA-35676203-21&_gid=140132761.1649085808&_r=1&gtm=2wg3u0PM29HLF&z=965689276

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://threatpost.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 15:23:27 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://threatpost.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 52ms
24ms Image
image/gif 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j96&aip=1&a=593948391&t=event&ni=0&_s=1&dl=https%3A%2F%2Fthreatpost.com%2Fgoogle-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch%2F179103%2F&ul=en-us&de=UTF-8&dt=Google%20Chrome%20Zero-Day%20Bugs%20Exploited%20Weeks%20Ahead%20of%20Patch%20%7C%20Threatpost&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=VISIBILITY&ea=elementVisibility%20%2F%20%5BHeader%5D%20%2F%20Social%20Networks%20View&_u=YEDAAEABAAAAAC~&jid=&gjid=&cid=1480618513.1649085808&tid=UA-35676203-21&_gid=140132761.1649085808&gtm=2wg3u0PM29HLF&z=94306775

Requested by

Host: threatpost.com
URL: https://threatpost.com/google-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch/179103/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 10:39:28 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 17039
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 adsct Show response
analytics.twitter.com/i/ 31 B
459 B 166ms
122ms Script
application/javascript 104.244.42.131
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://analytics.twitter.com/i/adsct?type=javascript&version=2.0.4&p_id=Twitter&p_user_id=0&txn_id=ntt0j&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&event_id=4f5dba8d-d80b-48de-8116-edac5ffeecaf&tw_document_href=https%3A%2F%2Fthreatpost.com%2Fgoogle-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch%2F179103%2F&tpx_cb=twttr.conversion.loadPixels

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.131 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

x-response-time: 106
date: Mon, 04 Apr 2022 15:23:27 GMT
content-encoding: gzip
server: tsa_o
strict-transport-security: max-age=631138519
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
cache-control: no-cache, no-store, max-age=0
x-connection-hash: 7f205a0730f880284d7fc889fed3892d2dbf864289546a6909e0800b8a772c1e
content-type: application/javascript;charset=utf-8
content-length: 57

GET
H2 200 adsct
t.co/i/ 43 B
336 B 170ms
123ms Image
image/gif 104.244.42.5
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?type=javascript&version=2.0.4&p_id=Twitter&p_user_id=0&txn_id=ntt0j&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&event_id=4f5dba8d-d80b-48de-8116-edac5ffeecaf&tw_document_href=https%3A%2F%2Fthreatpost.com%2Fgoogle-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch%2F179103%2F

Requested by

Host: threatpost.com
URL: https://threatpost.com/google-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch/179103/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.5 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

x-response-time: 106
date: Mon, 04 Apr 2022 15:23:27 GMT
server: tsa_o
strict-transport-security: max-age=0
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, max-age=0
x-connection-hash: 21289d05ff7ff888a3f42195efa9ca71e567db00021afed52ac4b022e1aecbb8
content-length: 43

POST
H/1.1 200
OK ao Show response
capi-tier-2-us-east-2.connatix.com/tr/ Frame FAC5 0
315 B 191ms
109ms XHR
application/x-protobuf 3.14.222.76
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://capi-tier-2-us-east-2.connatix.com/tr/ao?v=157383
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.14.222.76 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-14-222-76.us-east-2.compute.amazonaws.com
Software: Kestrel /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: multipart/form-data

Response headers

date: Mon, 04 Apr 2022 15:23:27 GMT
content-encoding: gzip
server: Kestrel
vary: Accept-Encoding
content-type: application/x-protobuf
access-control-allow-origin: https://threatpost.com
access-control-allow-credentials: true
Connection: keep-alive
Content-Length: 20

POST
H/1.1 200
OK g Show response
capi-tier-2-us-east-2.connatix.com/rtb/ Frame FAC5 1 KB
1 KB 526ms
202ms XHR
application/x-protobuf 3.14.222.76
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://capi-tier-2-us-east-2.connatix.com/rtb/g?v=157383
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.14.222.76 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-14-222-76.us-east-2.compute.amazonaws.com
Software: Kestrel /
Resource Hash: 48c564de3356352b7ab96436dde08f74a9a97262e6041f59ab6bcdb3e8ee9171

Request headers

Referer
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: multipart/form-data

Response headers

date: Mon, 04 Apr 2022 15:23:27 GMT
content-encoding: gzip
server: Kestrel
vary: Accept-Encoding
content-type: application/x-protobuf
access-control-allow-origin: https://threatpost.com
access-control-allow-credentials: true
Connection: keep-alive
Content-Length: 899

GET
H2 200 bid Show response
c.amazon-adsystem.com/e/dtb/ 23 B
490 B 67ms
66ms XHR
text/javascript 65.9.62.173
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.62.173 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-62-173.fra56.r.cloudfront.net

Software

Server /

Resource Hash

89b4aa9e9bf8516c2ab7b5134f65d47b02071637259a14c9f60dccc207e05ce4

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:23:27 GMT
via: 1.1 cc763905c39a59494c951c09271b0422.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: FRA56-C1
x-amz-rid: 8F9NTRAAT0CRFNE56JE7
vary: Accept-Encoding,User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://threatpost.com
access-control-allow-credentials: true
permissions-policy: interest-cohort=()
strict-transport-security: max-age=47474747; includeSubDomains; preload
timing-allow-origin: *
content-length: 23
x-amz-cf-id: -7QGbMD7262ipcziXVWtn-3W_h1MiIaYg3qe2EYpw6p2aZ8QKAmWFQ==

POST
H/1.1 200
OK ps Show response
capi-tier-2-us-east-2.connatix.com/tr/ Frame FAC5 0
315 B 283ms
109ms XHR
application/x-protobuf 3.14.222.76
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://capi-tier-2-us-east-2.connatix.com/tr/ps?v=157383
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.14.222.76 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-14-222-76.us-east-2.compute.amazonaws.com
Software: Kestrel /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: multipart/form-data

Response headers

date: Mon, 04 Apr 2022 15:23:27 GMT
content-encoding: gzip
server: Kestrel
vary: Accept-Encoding
content-type: application/x-protobuf
access-control-allow-origin: https://threatpost.com
access-control-allow-credentials: true
Connection: keep-alive
Content-Length: 20

GET
H2 200 1_th.jpg
img.connatix.com/pid-c2ecd04f-0dca-4ffa-8761-d93b34717380/60764267-557e-410f-85cb-f102d92ee134/523d4fb0-4f47-4bf9-83cd-2b5c179a45db/ 7 KB
7 KB 17ms
17ms Image
image/jpeg 151.101.2.137
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.connatix.com/pid-c2ecd04f-0dca-4ffa-8761-d93b34717380/60764267-557e-410f-85cb-f102d92ee134/523d4fb0-4f47-4bf9-83cd-2b5c179a45db/1_th.jpg?crop=400:225,smart&width=400&height=225&format=jpeg&quality=60&fit=crop
Requested by: Host: threatpost.com
URL: https://threatpost.com/google-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch/179103/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.2.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: e998d70d54146b70fbd8882efdd0682978dbc337f03a6e22367cb97aadf9e573

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:23:27 GMT
content-encoding: br
age: 252814
etag: "JNaAhBiLMSOnkkei/N3fo5fCL/mt/wlc+iBOJzzjuy8"
access-control-max-age: 86400
fastly-io-info: ifsz=79819 idim=2560x1440 ifmt=jpeg ofsz=7628 odim=400x225 ofmt=jpeg
access-control-allow-origin: *
cache-control: max-age=2592000, public
fastly-stats: io=1
accept-ranges: bytes
content-type: image/jpeg
content-length: 7179

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
441 B 77ms
24ms XHR
text/plain 2a00:1450:400c:c01::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-35676203-21&cid=1480618513.1649085808&jid=163308365&gjid=678628613&_gid=140132761.1649085808&_u=YEBAAEAAAAAAAC~&z=50998853

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c01::9c Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://threatpost.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Mon, 04 Apr 2022 15:23:27 GMT
content-type: text/plain
access-control-allow-origin: https://threatpost.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 bridge3.508.0_en.html Show response
imasdk.googleapis.com/js/core/ Frame 7B4A 592 KB
193 KB 47ms
21ms Document
text/html 2a00:1450:4001:808::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/core/bridge3.508.0_en.html

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

56e21c0b93290490c1b1bcd3c541dc358b4f5bb43b24d954dc075e82fe48dcaf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

accept-ranges: bytes
age: 550863
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 197186
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
cross-origin-resource-policy: cross-origin
date: Tue, 29 Mar 2022 06:22:24 GMT
expires: Wed, 29 Mar 2023 06:22:24 GMT
last-modified: Mon, 28 Mar 2022 15:10:05 GMT
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 client.js Show response
s0.2mdn.net/instream/video/ Frame FAC5 44 KB
17 KB 92ms
27ms Script
text/javascript 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/instream/video/client.js

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d0bffc7261df1454c5e05475cda7d9e6647318dc6c3936767e1252bfe8849c54

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:23:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16746
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 04 Apr 2022 15:23:27 GMT

GET
H3 200 bridge3.508.0_en.html Show response
imasdk.googleapis.com/js/core/ Frame 1113 592 KB
193 KB 25ms
24ms Document
text/html 2a00:1450:4001:808::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/core/bridge3.508.0_en.html

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

56e21c0b93290490c1b1bcd3c541dc358b4f5bb43b24d954dc075e82fe48dcaf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

accept-ranges: bytes
age: 550863
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 197186
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
cross-origin-resource-policy: cross-origin
date: Tue, 29 Mar 2022 06:22:24 GMT
expires: Wed, 29 Mar 2023 06:22:24 GMT
last-modified: Mon, 28 Mar 2022 15:10:05 GMT
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 bridge3.508.0_en.html Show response
imasdk.googleapis.com/js/core/ Frame D9F9 592 KB
193 KB 36ms
35ms Document
text/html 2a00:1450:4001:808::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/core/bridge3.508.0_en.html

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

56e21c0b93290490c1b1bcd3c541dc358b4f5bb43b24d954dc075e82fe48dcaf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

accept-ranges: bytes
age: 550863
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 197186
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
cross-origin-resource-policy: cross-origin
date: Tue, 29 Mar 2022 06:22:24 GMT
expires: Wed, 29 Mar 2023 06:22:24 GMT
last-modified: Mon, 28 Mar 2022 15:10:05 GMT
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 prebid6.7.0-1.js Show response
cds.connatix.com/p/plugins/ Frame B034 456 KB
119 KB 17ms
17ms Script
application/javascript 151.101.2.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cds.connatix.com/p/plugins/prebid6.7.0-1.js
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.2.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 084885652dacd1b70a7979e7631caa6fe5985a5c1b872c28dd890d9ea39cec3d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:23:27 GMT
content-encoding: br
last-modified: Wed, 09 Feb 2022 14:06:45 GMT
age: 2952745
etag: "c647c6ead685f3c1b8ba4c8a5de1eb5a"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges: bytes
content-length: 121193

GET
H2 200 omweb-v1.js Show response
pagead2.googlesyndication.com/omsdk/releases/live/ Frame 7B89 37 KB
13 KB 18ms
17ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js

Requested by

Host: srcdoc
URL: about:srcdoc

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2511b147f3cf95f742758d3e2062eac98f5265a859dc07959eb8a32f0a2f528

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 14:52:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1859
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12861
x-xss-protection: 0
last-modified: Tue, 26 Oct 2021 20:08:54 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="omsdk-team-release-policy"
vary: Accept-Encoding
report-to: {"group":"omsdk-team-release-policy","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/omsdk-team-release-policy"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Mon, 04 Apr 2022 15:52:29 GMT

GET
H2 200 omweb-v1.js Show response
pagead2.googlesyndication.com/omsdk/releases/live/ Frame 691F 37 KB
13 KB 17ms
17ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js

Requested by

Host: srcdoc
URL: about:srcdoc

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2511b147f3cf95f742758d3e2062eac98f5265a859dc07959eb8a32f0a2f528

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 14:52:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1859
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12861
x-xss-protection: 0
last-modified: Tue, 26 Oct 2021 20:08:54 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="omsdk-team-release-policy"
vary: Accept-Encoding
report-to: {"group":"omsdk-team-release-policy","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/omsdk-team-release-policy"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Mon, 04 Apr 2022 15:52:29 GMT

GET
H3 200 omweb-v1.js Show response
pagead2.googlesyndication.com/omsdk/releases/live/ Frame 774B 37 KB
13 KB 44ms
18ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js

Requested by

Host: srcdoc
URL: about:srcdoc

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2511b147f3cf95f742758d3e2062eac98f5265a859dc07959eb8a32f0a2f528

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 14:52:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1859
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12861
x-xss-protection: 0
last-modified: Tue, 26 Oct 2021 20:08:54 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="omsdk-team-release-policy"
vary: Accept-Encoding
report-to: {"group":"omsdk-team-release-policy","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/omsdk-team-release-policy"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Mon, 04 Apr 2022 15:52:29 GMT

GET
H2 200 pixel;r=7348493;source=gtm;rf=0;a=p-_7kVx0t9Jqj90;url=https%3A%2F%2Fthreatpost.com%2Fgoogle-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch%2F179103%2F;uht=2;fpan=1;fpa=P0-396542707-16490858080...
pixel.quantserve.com/ 35 B
371 B 38ms
22ms Image
image/gif 2620:116:800d:21:fcb8:22d2:d390:5f1b
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.quantserve.com/pixel;r=7348493;source=gtm;rf=0;a=p-_7kVx0t9Jqj90;url=https%3A%2F%2Fthreatpost.com%2Fgoogle-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch%2F179103%2F;uht=2;fpan=1;fpa=P0-396542707-1649085808038;pbc=;ns=0;ce=1;qjs=1;qv=a98acd33-20220316110313;cm=;gdpr=0;us_privacy=1---;ref=;d=threatpost.com;je=0;sr=1600x1200x24;dst=0;et=1649085808037;tzo=0;ogl=image.https%3A%2F%2Fmedia%252Ethreatpost%252Ecom%2Fwp-content%2Fuploads%2Fsites%2F103%2F2022%2F03%2F25091849%2Fchrom%2Ctype.article%2Ctitle.Google%20Chrome%20Zero-Day%20Bugs%20Exploited%20Weeks%20Ahead%20of%20Patch%2Cdescription.Two%20separate%20campaigns%20from%20different%20threat%20actors%20targeted%20users%20with%20the%20same%2Curl.https%3A%2F%2Fthreatpost%252Ecom%2Fgoogle-chrome-zero-day-bugs-exploited-weeks-ahead-of-patc

Requested by

Host: threatpost.com
URL: https://threatpost.com/google-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch/179103/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:fcb8:22d2:d390:5f1b , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 15:23:28 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2 200 playlist.m3u8 Show response
vid.connatix.com/pid-c2ecd04f-0dca-4ffa-8761-d93b34717380/60764267-557e-410f-85cb-f102d92ee134/523d4fb0-4f47-4bf9-83cd-2b5c179a45db/ Frame FAC5 309 B
271 B 21ms
20ms XHR
application/x-mpegurl 151.101.130.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://vid.connatix.com/pid-c2ecd04f-0dca-4ffa-8761-d93b34717380/60764267-557e-410f-85cb-f102d92ee134/523d4fb0-4f47-4bf9-83cd-2b5c179a45db/playlist.m3u8
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/157383/hls.5b3b785f487abbe00eee.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.130.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 05a58707d25ec9885faf81f026410f37d3757c0689d56b7ec1fc8b2f9cffb9d1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:23:28 GMT
content-encoding: gzip
last-modified: Thu, 18 Mar 2021 19:13:10 GMT
age: 98497
etag: "8a966507b13615ecdc1330a4bc9dcfe1"
vary: Accept-Encoding
content-type: application/x-mpegURL
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges: bytes
content-length: 164

GET
H3 200 ga-audiences
www.google.com/ads/ 42 B
63 B 60ms
60ms Image
image/gif 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-35676203-21&cid=1480618513.1649085808&jid=163308365&_u=YEBAAEAAAAAAAC~&z=831523125

Requested by

Host: threatpost.com
URL: https://threatpost.com/google-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch/179103/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 15:23:28 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
501 B 99ms
54ms Image
image/gif 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-35676203-21&cid=1480618513.1649085808&jid=163308365&_u=YEBAAEAAAAAAAC~&z=831523125

Requested by

Host: threatpost.com
URL: https://threatpost.com/google-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch/179103/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 15:23:28 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 0.m3u8 Show response
vid.connatix.com/pid-c2ecd04f-0dca-4ffa-8761-d93b34717380/60764267-557e-410f-85cb-f102d92ee134/523d4fb0-4f47-4bf9-83cd-2b5c179a45db/ Frame FAC5 662 B
353 B 28ms
27ms XHR
application/x-mpegurl 151.101.130.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://vid.connatix.com/pid-c2ecd04f-0dca-4ffa-8761-d93b34717380/60764267-557e-410f-85cb-f102d92ee134/523d4fb0-4f47-4bf9-83cd-2b5c179a45db/0.m3u8
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/157383/hls.5b3b785f487abbe00eee.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.130.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 3788f6d78d3779c5cb9799b5a5194c8e4f56de10b3c7cc962dd4ff56a006c076

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:23:28 GMT
content-encoding: gzip
last-modified: Thu, 18 Mar 2021 19:13:09 GMT
age: 98497
etag: "3462f99156683c73680c822827559fb9"
vary: Accept-Encoding
content-type: application/x-mpegURL
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges: bytes
content-length: 267

OPTIONS
H2 200 bidRequest
c2shb.pubgw.yahoo.com/ Frame 0
0 76ms
33ms Preflight 52.28.203.152
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.pubgw.yahoo.com/bidRequest
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 52.28.203.152 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-28-203-152.eu-central-1.compute.amazonaws.com
Software: ATS/9.1.0.33 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,x-openrtb-version
Access-Control-Request-Method: POST
Origin: https://threatpost.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: X-Requested-With,Content-Type,X-Openrtb-Version
access-control-allow-methods: GET,POST,OPTIONS
access-control-allow-origin: https://threatpost.com
access-control-max-age: 600
age: 0
content-length: 0
date: Mon, 04 Apr 2022 15:23:28 GMT
server: ATS/9.1.0.33

GET
H2 200 cygnus Show response
htlb.casalemedia.com/ Frame B034 36 B
330 B 110ms
110ms XHR
application/json 23.32.59.34
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://htlb.casalemedia.com/cygnus?s=435870&v=8.1&ac=j&sd=1&nf=1&t=900&r=%7B%22id%22%3A%221023cf137c4434%22%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fthreatpost.com%2Fgoogle-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch%2F179103%2F%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%2C%22ixdiag%22%3A%7B%22msd%22%3A0%2C%22msi%22%3A0%2C%22mfu%22%3A0%2C%22bu%22%3A0%2C%22iu%22%3A1%2C%22nu%22%3A0%2C%22ou%22%3A0%2C%22allu%22%3A1%2C%22ren%22%3Afalse%2C%22version%22%3A%226.7.0%22%2C%22userIds%22%3A%5B%22pubcid%22%5D%2C%22dms%22%3Atrue%7D%7D%2C%22imp%22%3A%5B%7B%22id%22%3A%222306208e67fb97%22%2C%22ext%22%3A%7B%22siteID%22%3A%22435870%22%2C%22sid%22%3A%22400x225%22%2C%22fl%22%3A%22x%22%7D%2C%22video%22%3A%7B%22mimes%22%3A%5B%22video%2Fmp4%22%2C%22video%2Fwebm%22%2C%22application%2Fjavascript%22%2C%22video%2Fogg%22%2C%22video%2Fmpeg%22%5D%2C%22minduration%22%3A0%2C%22maxduration%22%3A180%2C%22protocols%22%3A%5B1%2C2%2C3%2C4%2C5%2C6%2C7%2C8%5D%2C%22playerSize%22%3A%5B%5B400%2C225%5D%5D%2C%22linearity%22%3A1%2C%22api%22%3A%5B1%2C2%5D%2C%22skip%22%3A1%2C%22skipmin%22%3A31%2C%22skipafter%22%3A5%2C%22placement%22%3A1%2C%22w%22%3A400%2C%22h%22%3A225%7D%2C%22bidfloor%22%3A0.25%2C%22bidfloorcur%22%3A%22USD%22%7D%5D%2C%22at%22%3A1%2C%22source%22%3A%7B%22ext%22%3A%7B%22schain%22%3A%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22admetricspro.com%22%2C%22hp%22%3A1%2C%22sid%22%3A%221005%22%7D%5D%7D%7D%7D%2C%22user%22%3A%7B%22eids%22%3A%5B%7B%22source%22%3A%22pubcid.org%22%2C%22uids%22%3A%5B%7B%22id%22%3A%22bc2923de-89ff-421b-9ac7-c07f2812a6b0%22%7D%5D%7D%5D%2C%22ext%22%3A%7B%22consent%22%3A%22%22%7D%7D%2C%22regs%22%3A%7B%22ext%22%3A%7B%22gdpr%22%3A0%7D%7D%7D
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.7.0-1.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.32.59.34 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-32-59-34.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 814b138dca87e7cd9e819cd883468e9927702abe51065a9f95c09409b3f3dbd1

Request headers

Referer: https://threatpost.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 15:23:28 GMT
x-ak-initial-geo: CC:[DE], RC:[HE], CN:[EU], CIP:[217.114.215.132], XFF:[]
server: Apache
content-type: application/json
access-control-allow-origin: https://threatpost.com
x-cs-client-geo: 12
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
content-length: 36
x-ak-client-geo: 12
expires: Mon, 04 Apr 2022 15:23:28 GMT

GET
H3 200 avjp Show response
teachingaids-d.openx.net/v/1.0/ Frame B034 106 B
127 B 123ms
104ms XHR
application/json 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://teachingaids-d.openx.net/v/1.0/avjp?ju=https%3A%2F%2Fthreatpost.com%2Fgoogle-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch%2F179103%2F&ch=UTF-8&res=1600x1200x24&ifr=true&tz=0&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=b6d2c9a2-c9cf-4383-9454-548d9371802e&nocache=1649085808240&gdpr=0&pubcid=bc2923de-89ff-421b-9ac7-c07f2812a6b0&schain=1.0%2C1!admetricspro.com%2C1005%2C1%2C%2C%2C&openrtb=%7B%22imp%22%3A%5B%7B%22video%22%3A%7B%22w%22%3A400%2C%22h%22%3A225%2C%22skippable%22%3Atrue%2C%22mimes%22%3A%5B%22video%2Fmp4%22%2C%22video%2Fwebm%22%2C%22application%2Fjavascript%22%2C%22video%2Fogg%22%2C%22video%2Fmpeg%22%5D%2C%22protocols%22%3A%5B5%2C2%2C3%2C6%5D%2C%22linearity%22%3A1%2C%22api%22%3A%5B1%2C2%5D%2C%22maxduration%22%3A180%7D%7D%5D%7D&auid=540882778&vwd=400&vht=225&aumfs=250
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.7.0-1.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/18.0.0 /
Resource Hash: 730fa1f3e8b3c4a223c4e69f4a27e690a4552f96ab97dba05b943dff44967658

Request headers

Referer: https://threatpost.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 15:23:28 GMT
via: 1.1 google
server: OXGW/18.0.0
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: https://threatpost.com
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
content-type: application/json
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 106
expires: Mon, 26 Jul 1997 05:00:00 GMT

POST
H2 204 c Show response
prebid.a-mo.net/a/ Frame B034 0
205 B 176ms
175ms XHR
text/plain 145.40.89.200
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.a-mo.net/a/c
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.7.0-1.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 145.40.89.200 Ashburn, United States, ASN54825 (PACKET, US),
Reverse DNS
Software: envoy /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatpost.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://threatpost.com
date: Mon, 04 Apr 2022 15:23:28 GMT
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
server: envoy
x-envoy-upstream-service-time: 64
vary: origin, Accept-Encoding

GET
H2 200 cygnus Show response
htlb.casalemedia.com/ Frame B034 35 B
329 B 121ms
120ms XHR
application/json 23.32.59.34
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://htlb.casalemedia.com/cygnus?s=435871&v=8.1&ac=j&sd=1&nf=1&t=900&r=%7B%22id%22%3A%2277d51fe37834a%22%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fthreatpost.com%2Fgoogle-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch%2F179103%2F%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%2C%22ixdiag%22%3A%7B%22msd%22%3A0%2C%22msi%22%3A0%2C%22mfu%22%3A0%2C%22bu%22%3A0%2C%22iu%22%3A1%2C%22nu%22%3A0%2C%22ou%22%3A0%2C%22allu%22%3A1%2C%22ren%22%3Afalse%2C%22version%22%3A%226.7.0%22%2C%22userIds%22%3A%5B%22pubcid%22%5D%2C%22dms%22%3Atrue%7D%7D%2C%22imp%22%3A%5B%7B%22id%22%3A%228593681f786a8c%22%2C%22ext%22%3A%7B%22siteID%22%3A%22435871%22%2C%22sid%22%3A%22400x225%22%2C%22fl%22%3A%22x%22%7D%2C%22video%22%3A%7B%22mimes%22%3A%5B%22video%2Fmp4%22%2C%22video%2Fwebm%22%2C%22application%2Fjavascript%22%2C%22video%2Fogg%22%2C%22video%2Fmpeg%22%5D%2C%22minduration%22%3A0%2C%22maxduration%22%3A180%2C%22protocols%22%3A%5B1%2C2%2C3%2C4%2C5%2C6%2C7%2C8%5D%2C%22playerSize%22%3A%5B%5B400%2C225%5D%5D%2C%22linearity%22%3A1%2C%22api%22%3A%5B1%2C2%5D%2C%22skip%22%3A1%2C%22skipmin%22%3A31%2C%22skipafter%22%3A5%2C%22placement%22%3A1%2C%22w%22%3A400%2C%22h%22%3A225%7D%2C%22bidfloor%22%3A0.25%2C%22bidfloorcur%22%3A%22USD%22%7D%5D%2C%22at%22%3A1%2C%22source%22%3A%7B%22ext%22%3A%7B%22schain%22%3A%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22admetricspro.com%22%2C%22hp%22%3A1%2C%22sid%22%3A%221005%22%7D%5D%7D%7D%7D%2C%22user%22%3A%7B%22eids%22%3A%5B%7B%22source%22%3A%22pubcid.org%22%2C%22uids%22%3A%5B%7B%22id%22%3A%22bc2923de-89ff-421b-9ac7-c07f2812a6b0%22%7D%5D%7D%5D%2C%22ext%22%3A%7B%22consent%22%3A%22%22%7D%7D%2C%22regs%22%3A%7B%22ext%22%3A%7B%22gdpr%22%3A0%7D%7D%7D
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.7.0-1.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.32.59.34 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-32-59-34.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: a42c2a6356b0c9ce958723f2253a958ea49926c876d51eb6017afe3ffa459d94

Request headers

Referer: https://threatpost.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 15:23:28 GMT
x-ak-initial-geo: CC:[DE], RC:[HE], CN:[EU], CIP:[217.114.215.132], XFF:[]
server: Apache
content-type: application/json
access-control-allow-origin: https://threatpost.com
x-cs-client-geo: 12
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
content-length: 35
x-ak-client-geo: 12
expires: Mon, 04 Apr 2022 15:23:28 GMT

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame B034 139 B
988 B 128ms
127ms XHR
application/json 185.33.223.38
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.7.0-1.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.223.38 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

400.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

659a16a868127e3d1a8464ab4989bf7b70368c56c80bf46caea3bf7b0147f033

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Mon, 04 Apr 2022 15:23:28 GMT
X-Proxy-Origin: 217.114.215.132; 217.114.215.132; 400.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid: 6bbfcff2-7946-4241-97f8-0a7920e928d9
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://threatpost.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 139
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 avjp Show response
teachingaids-d.openx.net/v/1.0/ Frame B034 106 B
127 B 118ms
105ms XHR
application/json 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://teachingaids-d.openx.net/v/1.0/avjp?ju=https%3A%2F%2Fthreatpost.com%2Fgoogle-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch%2F179103%2F&ch=UTF-8&res=1600x1200x24&ifr=true&tz=0&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=ae064bce-9728-46da-8034-dc1a70a54ea2&nocache=1649085808247&gdpr=0&pubcid=bc2923de-89ff-421b-9ac7-c07f2812a6b0&schain=1.0%2C1!admetricspro.com%2C1005%2C1%2C%2C%2C&openrtb=%7B%22imp%22%3A%5B%7B%22video%22%3A%7B%22w%22%3A400%2C%22h%22%3A225%2C%22skippable%22%3Atrue%2C%22mimes%22%3A%5B%22video%2Fmp4%22%2C%22video%2Fwebm%22%2C%22application%2Fjavascript%22%2C%22video%2Fogg%22%2C%22video%2Fmpeg%22%5D%2C%22protocols%22%3A%5B5%2C2%2C3%2C6%5D%2C%22linearity%22%3A1%2C%22api%22%3A%5B1%2C2%5D%2C%22maxduration%22%3A180%7D%7D%5D%7D&auid=540882779&vwd=400&vht=225&aumfs=250
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.7.0-1.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/18.0.0 /
Resource Hash: 730fa1f3e8b3c4a223c4e69f4a27e690a4552f96ab97dba05b943dff44967658

Request headers

Referer: https://threatpost.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 15:23:28 GMT
via: 1.1 google
server: OXGW/18.0.0
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: https://threatpost.com
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
content-type: application/json
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 106
expires: Mon, 26 Jul 1997 05:00:00 GMT

POST
H2 204 mvo Show response
tag.1rx.io/rmp/233148/0/ Frame B034 0
170 B 34ms
34ms XHR
text/plain 213.19.147.43
RHYTHMONE

General

Check archive.org

Show headers Download Go to

Full URL: https://tag.1rx.io/rmp/233148/0/mvo?z=1r&hbv=6.7,2.1
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.7.0-1.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 213.19.147.43 Utrecht, Netherlands, ASN26120 (RHYTHMONE, US),
Reverse DNS
Software: Tengine /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatpost.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://threatpost.com
pragma: no-cache
date: Mon, 04 Apr 2022 15:23:28 GMT
cache-control: private, max-age=0, no-cache, no-store
access-control-allow-credentials: true
server: Tengine

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ Frame B034 0
59 B 208ms
157ms XHR
text/plain 185.64.189.112
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.7.0-1.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatpost.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://threatpost.com
date: Mon, 04 Apr 2022 15:23:27 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

POST
H2 200 bidRequest Show response
c2shb.pubgw.yahoo.com/ Frame B034 66 B
122 B 87ms
86ms XHR
application/json 52.28.203.152
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.pubgw.yahoo.com/bidRequest
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.7.0-1.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 52.28.203.152 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-28-203-152.eu-central-1.compute.amazonaws.com
Software: ATS/9.1.0.33 /
Resource Hash: 38c6190408c68bd61af02cd3aa31e2ac3461f4af4b1f91d991a6b93e073f8c76

Request headers

Referer: https://threatpost.com/
x-openrtb-version: 2.5
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 04 Apr 2022 15:23:28 GMT
server: ATS/9.1.0.33
age: 0
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods: POST,GET,HEAD,OPTIONS
content-type: application/json;charset=utf-8
access-control-allow-origin: https://threatpost.com
access-control-allow-credentials: true
content-length: 66

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ Frame B034 0
115 B 113ms
67ms XHR
text/plain 185.64.189.112
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.7.0-1.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatpost.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://threatpost.com
date: Mon, 04 Apr 2022 15:23:28 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

POST
H2 204 mvo Show response
tag.1rx.io/rmp/216476/0/ Frame B034 0
170 B 29ms
29ms XHR
text/plain 213.19.147.43
RHYTHMONE

General

Check archive.org

Show headers Download Go to

Full URL: https://tag.1rx.io/rmp/216476/0/mvo?z=1r&hbv=6.7,2.1
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.7.0-1.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 213.19.147.43 Utrecht, Netherlands, ASN26120 (RHYTHMONE, US),
Reverse DNS
Software: Tengine /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatpost.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://threatpost.com
pragma: no-cache
date: Mon, 04 Apr 2022 15:23:28 GMT
cache-control: private, max-age=0, no-cache, no-store
access-control-allow-credentials: true
server: Tengine

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame B034 139 B
988 B 87ms
41ms XHR
application/json 185.33.223.38
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.7.0-1.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.223.38 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

400.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

c63cd86699646244db347b2746e3a3fde58f17d7d6189f4c054cc9a648ecd202

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Mon, 04 Apr 2022 15:23:28 GMT
X-Proxy-Origin: 217.114.215.132; 217.114.215.132; 400.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid: d658a052-8658-4e84-bdaa-797b50721563
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://threatpost.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 139
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 204 mvo Show response
tag.1rx.io/rmp/216475/0/ Frame B034 0
170 B 26ms
26ms XHR
text/plain 213.19.147.43
RHYTHMONE

General

Check archive.org

Show headers Download Go to

Full URL: https://tag.1rx.io/rmp/216475/0/mvo?z=1r&hbv=6.7,2.1
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.7.0-1.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 213.19.147.43 Utrecht, Netherlands, ASN26120 (RHYTHMONE, US),
Reverse DNS
Software: Tengine /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatpost.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://threatpost.com
pragma: no-cache
date: Mon, 04 Apr 2022 15:23:28 GMT
cache-control: private, max-age=0, no-cache, no-store
access-control-allow-credentials: true
server: Tengine

POST
H2 204 mvo Show response
tag.1rx.io/rmp/233098/0/ Frame B034 0
170 B 28ms
28ms XHR
text/plain 213.19.147.43
RHYTHMONE

General

Check archive.org

Show headers Download Go to

Full URL: https://tag.1rx.io/rmp/233098/0/mvo?z=1r&hbv=6.7,2.1
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.7.0-1.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 213.19.147.43 Utrecht, Netherlands, ASN26120 (RHYTHMONE, US),
Reverse DNS
Software: Tengine /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatpost.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://threatpost.com
pragma: no-cache
date: Mon, 04 Apr 2022 15:23:28 GMT
cache-control: private, max-age=0, no-cache, no-store
access-control-allow-credentials: true
server: Tengine

GET
H2 206 0.mp4 Show response
vid.connatix.com/pid-c2ecd04f-0dca-4ffa-8761-d93b34717380/60764267-557e-410f-85cb-f102d92ee134/523d4fb0-4f47-4bf9-83cd-2b5c179a45db/ Frame FAC5 1 KB
1 KB 20ms
20ms XHR
video/mp4 151.101.130.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://vid.connatix.com/pid-c2ecd04f-0dca-4ffa-8761-d93b34717380/60764267-557e-410f-85cb-f102d92ee134/523d4fb0-4f47-4bf9-83cd-2b5c179a45db/0.mp4
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/157383/hls.5b3b785f487abbe00eee.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.130.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: d8bd1954d35c36441c577e571af12e327da0115465a35f85bca7f6976ad49dda

Request headers

Referer
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Range: bytes=0-1361

Response headers

date: Mon, 04 Apr 2022 15:23:28 GMT
last-modified: Thu, 18 Mar 2021 19:13:09 GMT
age: 98455
etag: "0f4ba301101db680996746112d54887a"
access-control-max-age: 86400
content-type: video/mp4
Content-Range: bytes 0-1361/5163990
cache-control: public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges: bytes
access-control-allow-origin: *
Content-Length: 1362

GET
H2

200

web-vitals.umd.js Show response
unpkg.com/web-vitals@2.1.4/dist/
Redirect Chain

https://unpkg.com/web-vitals
https://unpkg.com/web-vitals@2.1.4
https://unpkg.com/web-vitals@2.1.4/dist/web-vitals.umd.js

5 KB
2 KB

35ms
35ms

Script
application/javascript

2606:4700::6810:7eaf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://unpkg.com/web-vitals@2.1.4/dist/web-vitals.umd.js

Protocol

Server

2606:4700::6810:7eaf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

52cac1193a3683e35353723a38e01a9bcc0c5f9bf2be42d29c96905527c7923d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:23:28 GMT
via: 1.1 fly.io
x-content-type-options: nosniff
cf-cache-status: HIT
age: 6354661
fly-request-id: 01FSX6G4BV26459PNH2WD5M7Q3
content-encoding: br
vary: Accept-Encoding
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
server: cloudflare
etag: W/"120b-0F8cYs4ysxGP6ebngBlASGivDqM"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 6f6b0b9f2c809b52-FRA

Redirect headers

date: Mon, 04 Apr 2022 15:23:28 GMT
via: 1.1 fly.io
x-content-type-options: nosniff
cf-cache-status: HIT
fly-request-id: 01FSXAPQCR787H8XM1CH5RFGZ6
server: cloudflare
age: 6350250
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
content-type: text/plain; charset=utf-8
location: /web-vitals@2.1.4/dist/web-vitals.umd.js
cache-control: public, max-age=31536000
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-ray: 6f6b0b9efc2d9b52-FRA
access-control-allow-origin: *

POST
H3 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 26ms
26ms XHR
text/plain 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&a=593948391&t=pageview&_s=1&dl=https%3A%2F%2Fthreatpost.com%2Fgoogle-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch%2F179103%2F&dp=%2Fgoogle-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch%2F179103%2F&ul=en-us&de=UTF-8&dt=Google%20Chrome%20Zero-Day%20Bugs%20Exploited%20Weeks%20Ahead%20of%20Patch%20%7C%20Threatpost&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aEDAAEABAAAAAC~&jid=596398841&gjid=1549981807&cid=1480618513.1649085808&uid=67137029763871488484502456997303030235&tid=UA-63997723-2&_gid=140132761.1649085808&_r=1&gtm=2wg3u0WZ7LJ3&cd14=no_locale&cd15=67137029763871488484502456997303030235&cd53=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F100.0.4896.60%20Safari%2F537.36&cd16=1480618513.1649085808&z=130003150

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://threatpost.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 15:23:28 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://threatpost.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 20ms
19ms Script
text/javascript 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WZ7LJ3

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 02 Nov 2021 17:39:06 GMT
server: Golfe2
age: 4722
date: Mon, 04 Apr 2022 14:04:46 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Mon, 04 Apr 2022 16:04:46 GMT

GET
H/1.1 200
OK insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 8 KB
3 KB 66ms
20ms Script
application/x-javascript 2a02:26f0:3500:7::17d8:4dc9
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-T45JW6B&l=dataLayer
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:7::17d8:4dc9 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 5d5cf5a4a5b7c02915bc261dca0c755d29beda0c0c3a005c78c1682c9934bb3c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date: Mon, 04 Apr 2022 15:23:28 GMT
Content-Encoding: gzip
Last-Modified: Fri, 18 Mar 2022 23:45:34 GMT
X-CDN: AKAM
Vary: Accept-Encoding
Content-Type: application/x-javascript;charset=utf-8
Cache-Control: max-age=47832
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3104

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 93 KB
37 KB 31ms
31ms Script
application/javascript 2a00:1450:4001:82f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-9582686

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-T45JW6B&l=dataLayer

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

f3526a0dfc8a25fe1f7a46a9a4beb8cd19b90cf877c97ab14edaf728ad134434

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:23:28 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37610
x-xss-protection: 0
last-modified: Mon, 04 Apr 2022 15:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 04 Apr 2022 15:23:28 GMT

GET
H2 206 0.mp4 Show response
vid.connatix.com/pid-c2ecd04f-0dca-4ffa-8761-d93b34717380/60764267-557e-410f-85cb-f102d92ee134/523d4fb0-4f47-4bf9-83cd-2b5c179a45db/ Frame FAC5 639 KB
640 KB 28ms
28ms XHR
video/mp4 151.101.130.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://vid.connatix.com/pid-c2ecd04f-0dca-4ffa-8761-d93b34717380/60764267-557e-410f-85cb-f102d92ee134/523d4fb0-4f47-4bf9-83cd-2b5c179a45db/0.mp4
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/157383/hls.5b3b785f487abbe00eee.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.130.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 1a125096dce20357e3049f8166f66af69a0e57f5f802696000ab095613703e8f

Request headers

Referer
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Range: bytes=1362-656072

Response headers

date: Mon, 04 Apr 2022 15:23:28 GMT
last-modified: Thu, 18 Mar 2021 19:13:09 GMT
age: 98455
etag: "0f4ba301101db680996746112d54887a"
access-control-max-age: 86400
content-type: video/mp4
Content-Range: bytes 1362-656072/5163990
cache-control: public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges: bytes
access-control-allow-origin: *
Content-Length: 654711

POST
H/1.1 200
OK g Show response
capi-tier-2-us-east-2.connatix.com/rtb/ Frame FAC5 0
315 B 110ms
109ms XHR
application/x-protobuf 3.14.222.76
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://capi-tier-2-us-east-2.connatix.com/rtb/g?v=157383
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.14.222.76 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-14-222-76.us-east-2.compute.amazonaws.com
Software: Kestrel /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: multipart/form-data

Response headers

date: Mon, 04 Apr 2022 15:23:28 GMT
content-encoding: gzip
server: Kestrel
vary: Accept-Encoding
content-type: application/x-protobuf
access-control-allow-origin: https://threatpost.com
access-control-allow-credentials: true
Connection: keep-alive
Content-Length: 20

POST
H3 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
25 B 52ms
26ms XHR
text/plain 2a00:1450:400c:c01::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-63997723-2&cid=1480618513.1649085808&jid=596398841&uid=67137029763871488484502456997303030235&gjid=1549981807&_gid=140132761.1649085808&_u=aEDAAEABAAAAAC~&z=1923699482

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400c:c01::9c Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://threatpost.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Mon, 04 Apr 2022 15:23:28 GMT
content-type: text/plain
access-control-allow-origin: https://threatpost.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 176 KB
65 KB 37ms
36ms Script
application/javascript 2a00:1450:4001:82f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-YP1JLG57CH&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=DC-9582686

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

f20700868112cc667cdc2609b5ef9421a542d9c393aa8321517d7e18fdc471ac

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:23:28 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 66067
x-xss-protection: 0
expires: Mon, 04 Apr 2022 15:23:28 GMT

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=39138&time=1649085808492&url=https%3A%2F%2Fthreatpost.com%2Fgoogle-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch%2F179103%2F
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D39138%26time%3D1649085808492%26url%3Dhttps%253A%252F%252Fthreatpost.com%252Fgoogl...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=39138&time=1649085808492&url=https%3A%2F%2Fthreatpost.com%2Fgoogle-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch%2F179103%2F&liSync=true
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=39138&time=1649085808492&url=https%3A%2F%2Fthreatpost.com%2Fgoogle-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch%2F179103%2F&liSync=true&e_...

0
265 B

250ms
211ms

Image
application/javascript

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=39138&time=1649085808492&url=https%3A%2F%2Fthreatpost.com%2Fgoogle-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch%2F179103%2F&liSync=true&e_ipv6=AQJQHn2F9P3OOgAAAX_1LIGkV1VG9I6HEwkEvdlw7tahfiN7VegmNsrt61kCbrTH-qmqW7LF3U1J8czb6cKwpuFC1LovVg
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:23:28 GMT
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: CF9BECC656A34159A30DBDD87FF2F57A Ref B: FRAEDGE0916 Ref C: 2022-04-04T15:23:29Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
content-type: application/javascript
x-li-proto: http/2
content-length: 0
x-li-uuid: AAXb1bXd0Gu8h9uv13FswQ==
x-li-fabric: prod-lor1

Redirect headers

date: Mon, 04 Apr 2022 15:23:29 GMT
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: 6433E33EF0B94D7A86FEB200D55176A3 Ref B: FRAEDGE0918 Ref C: 2022-04-04T15:23:28Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-lor1
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=39138&time=1649085808492&url=https%3A%2F%2Fthreatpost.com%2Fgoogle-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch%2F179103%2F&liSync=true&e_ipv6=AQJQHn2F9P3OOgAAAX_1LIGkV1VG9I6HEwkEvdlw7tahfiN7VegmNsrt61kCbrTH-qmqW7LF3U1J8czb6cKwpuFC1LovVg
x-li-proto: http/2
content-length: 0
x-li-uuid: AAXb1bXaB1jfYlAV1F967Q==

GET
H3 200 ga-audiences
www.google.com/ads/ 42 B
63 B 55ms
55ms Image
image/gif 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-63997723-2&cid=1480618513.1649085808&jid=596398841&_u=aEDAAEABAAAAAC~&z=1517831401

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 15:23:28 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ga-audiences
www.google.de/ads/ 42 B
63 B 88ms
54ms Image
image/gif 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-63997723-2&cid=1480618513.1649085808&jid=596398841&_u=aEDAAEABAAAAAC~&z=1517831401

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 15:23:28 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

activityi;dc_pre=CKuQ0K7b-vYCFQRCHQkd_9EF-A;src=9582686;type=globalc;cat=globa0;ord=7566560208165;gtm=2od3u0;auiddc=923006472.1649085809;u1=B2C;u2=no_locale;u4=threatpost.com;u5=%2Fgoogle-chrome-ze... Show response
9582686.fls.doubleclick.net/ Frame 931E
Redirect Chain

https://9582686.fls.doubleclick.net/activityi;src=9582686;type=globalc;cat=globa0;ord=7566560208165;gtm=2od3u0;auiddc=923006472.1649085809;u1=B2C;u2=no_locale;u4=threatpost.com;u5=%2Fgoogle-chrome-...
https://9582686.fls.doubleclick.net/activityi;dc_pre=CKuQ0K7b-vYCFQRCHQkd_9EF-A;src=9582686;type=globalc;cat=globa0;ord=7566560208165;gtm=2od3u0;auiddc=923006472.1649085809;u1=B2C;u2=no_locale;u4=t...

803 B
537 B

56ms
30ms

Document
text/html

142.250.185.230
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://9582686.fls.doubleclick.net/activityi;dc_pre=CKuQ0K7b-vYCFQRCHQkd_9EF-A;src=9582686;type=globalc;cat=globa0;ord=7566560208165;gtm=2od3u0;auiddc=923006472.1649085809;u1=B2C;u2=no_locale;u4=threatpost.com;u5=%2Fgoogle-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch%2F179103%2F;u6=;u7=67137029763871488484502456997303030235-1480618513.1649085808;u9=_google-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch_179103_;~oref=https%3A%2F%2Fthreatpost.com%2Fgoogle-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch%2F179103%2F?

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=DC-9582686

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.230 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f6.1e100.net

Software

cafe /

Resource Hash

a2494ba238dc52ba44ec629445988a7b4e595a8795f6f79f6d3d5b4f91f6c850

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: about:blank
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: no-cache, must-revalidate
content-encoding: gzip
content-length: 512
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 04 Apr 2022 15:23:28 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 04 Apr 2022 15:23:28 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown: 1
location: https://9582686.fls.doubleclick.net/activityi;dc_pre=CKuQ0K7b-vYCFQRCHQkd_9EF-A;src=9582686;type=globalc;cat=globa0;ord=7566560208165;gtm=2od3u0;auiddc=923006472.1649085809;u1=B2C;u2=no_locale;u4=threatpost.com;u5=%2Fgoogle-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch%2F179103%2F;u6=;u7=67137029763871488484502456997303030235-1480618513.1649085808;u9=_google-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch_179103_;~oref=https%3A%2F%2Fthreatpost.com%2Fgoogle-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch%2F179103%2F?
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 206 0.mp4 Show response
vid.connatix.com/pid-c2ecd04f-0dca-4ffa-8761-d93b34717380/60764267-557e-410f-85cb-f102d92ee134/523d4fb0-4f47-4bf9-83cd-2b5c179a45db/ Frame FAC5 613 KB
613 KB 18ms
18ms XHR
video/mp4 151.101.130.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://vid.connatix.com/pid-c2ecd04f-0dca-4ffa-8761-d93b34717380/60764267-557e-410f-85cb-f102d92ee134/523d4fb0-4f47-4bf9-83cd-2b5c179a45db/0.mp4
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/157383/hls.5b3b785f487abbe00eee.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.130.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: b0c35bcc511183abbaf158b20f6f4a85a54cf4353b4df88163dc9425d97e4ca6

Request headers

Referer
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Range: bytes=656073-1283660

Response headers

date: Mon, 04 Apr 2022 15:23:28 GMT
last-modified: Thu, 18 Mar 2021 19:13:09 GMT
age: 98455
etag: "0f4ba301101db680996746112d54887a"
access-control-max-age: 86400
content-type: video/mp4
Content-Range: bytes 656073-1283660/5163990
cache-control: public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges: bytes
access-control-allow-origin: *
Content-Length: 627588

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
792 B 78ms
32ms Script
application/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=threatpost.com

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 04 Apr 2022 15:23:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
549 B 72ms
28ms Script
application/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=threatpost.com

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 04 Apr 2022 15:23:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 174 KB
47 KB 539ms
539ms XHR
text/plain 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=290203956529752&correlator=876582071968676&eid=31065713&output=ldjh&gdfp_req=1&vrg=2022032106&ptt=17&impl=fifs&gdpr=0&us_privacy=1---&tfua=0&tfcd=0&iu_parts=22404337467%3A21707124336%2Cthreatpost-970x250-ATF%2Cthreatpost-300x250-ATF%2Cthreatpost-300x600-ATF%2Cthreatpost-2x2-Skin%2Cthreatpost-AdX-Interstitial&enc_prev_ius=%2F0%2F1%2C%2F0%2F2%2C%2F0%2F3%2C%2F0%2F4%2C%2F0%2F5&prev_iu_szs=728x90%7C970x250%7C970x90%2C300x250%7C336x280%2C300x250%7C300x600%2C2x2%2C1x1&ifi=1&adks=4166723991%2C1414505084%2C1356251026%2C3771495681%2C2643643476&sfv=1-0-38&ecs=20220404&ists=1&fas=0%2C0%2C0%2C0%2C8&fsapi=false&prev_scp=amznbid%3D2%26amznp%3D2%7Camznbid%3D2%26amznp%3D2%7Camznbid%3D2%26amznp%3D2%7Camznbid%3D2%26amznp%3D2%7C&eri=1&cust_params=urlhost%3Dhttps%253A%252F%252Fthreatpost.com%252F%26urlpath%3D%252Fgoogle-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch%252F179103%252F%26urlquery%3Dgoogfc%26contentid%3D179103%26category%3Dvulnerabilities%26contenttags%3D&sc=1&cookie_enabled=1&abxe=1&dt=1649085808644&lmt=1649085808&dlt=1649085805618&idt=1789&biw=1600&bih=1200&adxs=436%2C1082%2C1082%2C0%2C-9&adys=8%2C166%2C1211%2C8%2C-9&ucis=1%7C2%7C3%7C4%7C5&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&url=https%3A%2F%2Fthreatpost.com%2Fgoogle-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch%2F179103%2F&frm=20&vis=1&scr_x=0&scr_y=0&psz=728x0%7C300x0%7C300x0%7C1600x0%7C0x-1&msz=728x0%7C300x0%7C300x0%7C1600x0%7C0x-1&fws=0%2C0%2C0%2C0%2C2&ohw=0%2C0%2C0%2C0%2C0&ga_vid=1480618513.1649085808&ga_sid=1649085809&ga_hid=593948391&ga_fc=true&btvi=0%7C0%7C1%7C0%7C-1&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022032106.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

e88135bd901d05162fb708390be2c2cfd3c5d279418faf5fb99e77ead81cd9bb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:23:29 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 48309
x-xss-protection: 0
google-lineitem-id: -1,-1,-1,-2,-1
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -1,-1,-1,-2,-1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://threatpost.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 14 KB
11 KB 68ms
42ms XHR
application/json 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022032106&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022032106.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

acb1e3d8b8d6ad15775258df31190c5b390c2e954004969e8d8e629971e36a6c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 04 Apr 2022 15:23:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10785
x-xss-protection: 0

GET
H2 200 container.html Show response
451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 0DF2 6 KB
4 KB 113ms
26ms Document
text/html 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022032106.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 04 Apr 2022 15:23:28 GMT
expires: Tue, 04 Apr 2023 15:23:28 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 pubads_impl_page_level_ads_2022032106.js Show response
securepubads.g.doubleclick.net/gpt/ 35 KB
13 KB 18ms
18ms Script
text/javascript 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_page_level_ads_2022032106.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022032106.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

sffe /

Resource Hash

17c36e9523e8b97999649b89a0f8480d574d7a1fe1dd4f3d8fe841e5649cd0c5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 29 Mar 2022 16:37:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 513936
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13258
x-xss-protection: 0
last-modified: Thu, 24 Mar 2022 20:13:14 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Wed, 29 Mar 2023 16:37:52 GMT

POST
H3 204 collect
www.google-analytics.com/g/ 0
17 B 26ms
26ms Ping
text/plain 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google-analytics.com/g/collect?v=2&tid=G-YP1JLG57CH&gtm=2oe3u0&_p=593948391&sr=1600x1200&ul=en-us&cid=1480618513.1649085808&_s=1&dl=https%3A%2F%2Fthreatpost.com%2Fgoogle-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch%2F179103%2F&dt=Google%20Chrome%20Zero-Day%20Bugs%20Exploited%20Weeks%20Ahead%20of%20Patch%20%7C%20Threatpost&sid=1649085808&sct=1&seg=0&en=page_view&_fv=1&_ss=1&ep.pageType=other&ep.businessType=b2c&ep.siteType=Default&ep.siteClass=Websites&ep.siteLocale=%5BNULL%5D&ep.pageName=websites%20%3E%20google-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch%2F179103&ep.campaign=&ep.acCampaignId=&ep.omnitureVisitorId=67137029763871488484502456997303030235
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-YP1JLG57CH&l=dataLayer&cx=c
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 15:23:28 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://threatpost.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H/1.1 200
OK mq Show response
capi-tier-2-us-east-2.connatix.com/tr/ Frame FAC5 0
315 B 109ms
109ms XHR
application/x-protobuf 3.14.222.76
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://capi-tier-2-us-east-2.connatix.com/tr/mq?v=157383
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.14.222.76 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-14-222-76.us-east-2.compute.amazonaws.com
Software: Kestrel /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: multipart/form-data

Response headers

date: Mon, 04 Apr 2022 15:23:28 GMT
content-encoding: gzip
server: Kestrel
vary: Accept-Encoding
content-type: application/x-protobuf
access-control-allow-origin: https://threatpost.com
access-control-allow-credentials: true
Connection: keep-alive
Content-Length: 20

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 76ms
28ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:23:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 04 Apr 2022 15:23:28 GMT

GET
H3 200 dc_pre=CKuQ0K7b-vYCFQRCHQkd_9EF-A;src=9582686;type=globalc;cat=globa0;ord=7566560208165;gtm=2od3u0;auiddc=923006472.1649085809;u1=B2C;u2=no_locale;u4=threatpost.com;u5=%2Fgoogle-chrome-zero-day-bug... Show response
adservice.google.com/ddm/fls/i/ Frame 0A75 802 B
534 B 85ms
56ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/ddm/fls/i/dc_pre=CKuQ0K7b-vYCFQRCHQkd_9EF-A;src=9582686;type=globalc;cat=globa0;ord=7566560208165;gtm=2od3u0;auiddc=923006472.1649085809;u1=B2C;u2=no_locale;u4=threatpost.com;u5=%2Fgoogle-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch%2F179103%2F;u6=;u7=67137029763871488484502456997303030235-1480618513.1649085808;u9=_google-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch_179103_;~oref=https%3A%2F%2Fthreatpost.com%2Fgoogle-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch%2F179103%2F

Requested by

Host: 9582686.fls.doubleclick.net
URL: https://9582686.fls.doubleclick.net/activityi;dc_pre=CKuQ0K7b-vYCFQRCHQkd_9EF-A;src=9582686;type=globalc;cat=globa0;ord=7566560208165;gtm=2od3u0;auiddc=923006472.1649085809;u1=B2C;u2=no_locale;u4=threatpost.com;u5=%2Fgoogle-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch%2F179103%2F;u6=;u7=67137029763871488484502456997303030235-1480618513.1649085808;u9=_google-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch_179103_;~oref=https%3A%2F%2Fthreatpost.com%2Fgoogle-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch%2F179103%2F?

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ffccd2a23cfd8028df1154bca2f74d09337660b524c84263f35699af2c88a828

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://9582686.fls.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: no-cache, must-revalidate
content-encoding: gzip
content-length: 511
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 04 Apr 2022 15:23:28 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
pragma: no-cache
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 s32911704161654
kaspersky.d3.sc.omtrdc.net/b/ss/kaspersky-single-suite/1/JS-2.22.3/ 43 B
245 B 26ms
26ms Image
image/gif 13.36.218.177
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://kaspersky.d3.sc.omtrdc.net/b/ss/kaspersky-single-suite/1/JS-2.22.3/s32911704161654?AQB=1&ndh=1&pf=1&t=4%2F3%2F2022%2015%3A23%3A28%201%200&mid=67137029763871488484502456997303030235&aamlh=6&ce=UTF-8&ns=kaspersky&cdp=2&pageName=websites%20%3E%20google-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch%2F179103&g=https%3A%2F%2Fthreatpost.com%2Fgoogle-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch%2F179103%2F&cc=USD&ch=websites&server=threatpost.com&aamb=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&c2=other&c3=b2c&v3=websites%20%3E%20google-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch%2F179103&v9=https%3A%2F%2Fthreatpost.com%2Fgoogle-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch%2F179103%2F&c20=url&c29=v1%3As_code_single_suite.js%3AtrackPageView%20%3E%20sng.t%3Ap&c30=v1%3A20220404%3A288%3ANextGen%3A%5BNULL%5D&c31=https%3A%2F%2Fthreatpost.com%2Fgoogle-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch%2F179103%2F&v44=D%3Dv3&c47=Default&v47=D%3Dc47&c51=Websites&c57=%5BNULL%5D&v57=D%3Dc57&c58=Google%20Chrome%20Zero-Day%20Bugs%20Exploited%20Weeks%20Ahead%20of%20Patch%20%7C%20Threatpost&v71=v1%3APage%20View%3A%5BNULL%5D&v113=67137029763871488484502456997303030235&v116=1480618513.1649085808&v125=0.79949758806652_1649085807360&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&mcorgid=983502BE532960BE0A490D4C%40AdobeOrg&AQE=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.36.218.177 Paris, France, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-13-36-218-177.eu-west-3.compute.amazonaws.com

Software

jag /

Resource Hash

a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:23:28 GMT
x-content-type-options: nosniff
x-c: main-1637.I660130.M0-562
p3p: CP="This is not a P3P policy"
content-length: 43
x-xss-protection: 1; mode=block
pragma: no-cache
last-modified: Tue, 05 Apr 2022 15:23:28 GMT
server: jag
xserver: anedge-7b6f4bb9f7-5v9wc
etag: 3541384806983041024-4619875738450830358
vary: *
content-type: image/gif;charset=utf-8
access-control-allow-origin: *
cache-control: no-cache, no-store, max-age=0, no-transform, private
expires: Sun, 03 Apr 2022 15:23:28 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame F753 13 KB
5 KB 48ms
18ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

accept-ranges: bytes
age: 274
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 04 Apr 2022 15:18:54 GMT
expires: Tue, 04 Apr 2023 15:18:54 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 243F 783 B
533 B 27ms
27ms Document
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

583930898275cde93516bd1fe38ac6c7e03c2cd95d63ff087b95f4a5ec26db6f

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-eYopsTyVhyB+d4nqaTT7IQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=300
content-encoding: gzip
content-length: 511
content-security-policy: script-src 'report-sample' 'nonce-eYopsTyVhyB+d4nqaTT7IQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Mon, 04 Apr 2022 15:23:28 GMT
expires: Mon, 04 Apr 2022 15:23:28 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 dc_pre=CKuQ0K7b-vYCFQRCHQkd_9EF-A;src=9582686;type=globalc;cat=globa0;ord=7566560208165;gtm=2od3u0;auiddc=923006472.1649085809;u1=B2C;u2=no_locale;u4=threatpost.com;u5=%2Fgoogle-chrome-zero-day-bug... Show response
adservice.google.de/ddm/fls/i/ Frame 7302 194 B
199 B 84ms
57ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/ddm/fls/i/dc_pre=CKuQ0K7b-vYCFQRCHQkd_9EF-A;src=9582686;type=globalc;cat=globa0;ord=7566560208165;gtm=2od3u0;auiddc=923006472.1649085809;u1=B2C;u2=no_locale;u4=threatpost.com;u5=%2Fgoogle-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch%2F179103%2F;u6=;u7=67137029763871488484502456997303030235-1480618513.1649085808;u9=_google-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch_179103_;~oref=https%3A%2F%2Fthreatpost.com%2Fgoogle-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch%2F179103%2F

Requested by

Host: adservice.google.com
URL: https://adservice.google.com/ddm/fls/i/dc_pre=CKuQ0K7b-vYCFQRCHQkd_9EF-A;src=9582686;type=globalc;cat=globa0;ord=7566560208165;gtm=2od3u0;auiddc=923006472.1649085809;u1=B2C;u2=no_locale;u4=threatpost.com;u5=%2Fgoogle-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch%2F179103%2F;u6=;u7=67137029763871488484502456997303030235-1480618513.1649085808;u9=_google-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch_179103_;~oref=https%3A%2F%2Fthreatpost.com%2Fgoogle-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch%2F179103%2F

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

05978957c6c8b028f2785dc77271c286bfac76e30b7bcd7e835c2927fbe897cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://adservice.google.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=0
content-encoding: gzip
content-length: 177
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 04 Apr 2022 15:23:28 GMT
expires: Mon, 04 Apr 2022 15:23:28 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 243F 0
0 82ms
82ms Image
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022032106&jk=290203956529752&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

GET
H3 200 V_I9kkE0weacsZYJ7hXHsf1U2l7Bs5zHQi7wjQJaUfA.js Show response
pagead2.googlesyndication.com/bg/ Frame F753 35 KB
13 KB 18ms
17ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/V_I9kkE0weacsZYJ7hXHsf1U2l7Bs5zHQi7wjQJaUfA.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

57f23d924134c1e69cb19609ee15c7b1fd54da5ec1b39cc7422ef08d025a51f0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 07:39:24 GMT
content-encoding: br
x-content-type-options: nosniff
age: 27844
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13731
x-xss-protection: 0
last-modified: Mon, 28 Mar 2022 10:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 04 Apr 2023 07:39:24 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame F753 0
9 B 18ms
18ms Image
text/plain 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?GpPtIQ
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:23:28 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H3 200 container.html Show response
451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 7421 6 KB
3 KB 46ms
19ms Document
text/html 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 04 Apr 2022 15:23:28 GMT
expires: Tue, 04 Apr 2023 15:23:28 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 container.html Show response
451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 2130 6 KB
3 KB 23ms
20ms Document
text/html 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 04 Apr 2022 15:23:28 GMT
expires: Tue, 04 Apr 2023 15:23:28 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 container.html Show response
451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame B5CC 6 KB
3 KB 19ms
18ms Document
text/html 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 04 Apr 2022 15:23:28 GMT
expires: Tue, 04 Apr 2023 15:23:28 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 container.html Show response
451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 43BF 6 KB
3 KB 19ms
18ms Document
text/html 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 04 Apr 2022 15:23:28 GMT
expires: Tue, 04 Apr 2023 15:23:28 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 bl-39123b0-71ac0870.js Show response
tagan.adlightning.com/math-aids-threatpost/ Frame 7421 46 KB
19 KB 21ms
20ms Script
application/javascript 65.9.66.117
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/math-aids-threatpost/bl-39123b0-71ac0870.js
Requested by: Host: 451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com
URL: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.117 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-117.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: e2835af998d5ef885bfa14a1b1995c7724d5b6a76f545b4a491763bff6f0dac5

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Sat, 02 Apr 2022 00:47:40 GMT
content-encoding: gzip
age: 225350
x-cache: Hit from cloudfront
content-length: 19393
x-amz-meta-git_commit: 39123b0
last-modified: Sat, 02 Apr 2022 00:31:19 GMT
server: AmazonS3
etag: "27a611307893faed4f77b20bc9c527af"
x-amz-version-id: ciXDgJvjDfKJZB9C8XzODN3O2B85Zno7
via: 1.1 4f114016fe4d6c05531b0486ec2868be.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: FRA56-C1
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: IUfaSvY2cy-r3CEf8HFKP_4xHcxupdHxa32UMgImtVdfXN57UyI1sw==

GET
H2 200 b-7b120a5-9b871d4e.js Show response
tagan.adlightning.com/math-aids-threatpost/ Frame 7421 73 KB
28 KB 23ms
23ms Script
application/javascript 65.9.66.117
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js
Requested by: Host: 451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com
URL: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.117 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-117.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 4658e1122a2190db712f6731d3e8c14b027f0a42bd7c1333b11d272f8e9ea3fd

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Oct 2021 20:58:51 GMT
content-encoding: gzip
age: 15963879
x-cache: Hit from cloudfront
content-length: 28179
x-amz-meta-git_commit: 7b120a5
last-modified: Mon, 16 Aug 2021 17:49:31 GMT
server: AmazonS3
etag: "c42a7ac1ac405f3f0cad04305cad5553"
x-amz-version-id: HCJNSpgvHPkSF2.YDap.Qx6PnxOllH79
via: 1.1 4f114016fe4d6c05531b0486ec2868be.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: FRA56-C1
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: L-OYu9dUbjraU5S2i5CUIIWb1MDJv8mZMVfDtFryH32_K9hpztBN8A==

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 7421 42 B
63 B 50ms
50ms Image
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-CRNMVsAgbCUvlshNKznjBbl0RAJ1wLbmZzhmdehUX8VdyHS4sugWc3oRWLCY0j_4o5sczUnfz7psTLFNRPYPUHo3qagkr44qt04AFgBD4cwtY5Afw

Requested by

Host: 451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com
URL: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 15:23:29 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 dcmads.js Show response
www.googletagservices.com/dcm/ Frame 7421 11 KB
5 KB 18ms
17ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/dcm/dcmads.js

Requested by

Host: 451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com
URL: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

503a1dd70b8b9c286875f5f7de72bce93c664b79f3fcfeefa1150d2384df33a0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:19:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 242
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-dcm-tag
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5008
x-xss-protection: 0
last-modified: Thu, 24 Feb 2022 18:23:57 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-dcm-tag"
vary: Accept-Encoding
report-to: {"group":"ads-dcm-tag","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-dcm-tag"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Mon, 04 Apr 2022 16:19:27 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220330/r20110914/client/ Frame 7421 2 KB
1 KB 18ms
18ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220330/r20110914/client/window_focus_fy2019.js

Requested by

Host: 451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com
URL: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

68026f99511fbc5c2275b7068b5fac19797d638977ffb9db12c5c1523614c18f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:22:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 84
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1233
x-xss-protection: 0
server: cafe
etag: 16517525077337815633
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 18 Apr 2022 15:22:05 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 7421 119 KB
36 KB 31ms
30ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com
URL: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d593fdf64289375adaa96b87ebf4c4beec2995d730e3601254e0a226808bfe57

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:23:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36916
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1648640521462251"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 04 Apr 2022 15:23:29 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220330/r20110914/client/ Frame 7421 15 KB
6 KB 21ms
20ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220330/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com
URL: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ecc2e585ea072abb205881f3aad6f36e92d556537e7100a8a128ddbc75edb436

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:22:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 32
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6407
x-xss-protection: 0
server: cafe
etag: 6055885685211612390
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 18 Apr 2022 15:22:57 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 7421 0
0 26ms
26ms Image
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSz2UJVsiktACx5bu4mpLyL2XyJnM6jO40OwWBqjZa6sf8CKOpVu_kCHrhF4ZOQRbgksWrKc4IzalcJaObOItA4whHVBw
Requested by: Host: 451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com
URL: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

GET
H2 200 bl-39123b0-71ac0870.js Show response
tagan.adlightning.com/math-aids-threatpost/ Frame 2130 46 KB
19 KB 26ms
25ms Script
application/javascript 65.9.66.117
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/math-aids-threatpost/bl-39123b0-71ac0870.js
Requested by: Host: 451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com
URL: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.117 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-117.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: e2835af998d5ef885bfa14a1b1995c7724d5b6a76f545b4a491763bff6f0dac5

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Sat, 02 Apr 2022 00:47:40 GMT
content-encoding: gzip
age: 225350
x-cache: Hit from cloudfront
content-length: 19393
x-amz-meta-git_commit: 39123b0
last-modified: Sat, 02 Apr 2022 00:31:19 GMT
server: AmazonS3
etag: "27a611307893faed4f77b20bc9c527af"
x-amz-version-id: ciXDgJvjDfKJZB9C8XzODN3O2B85Zno7
via: 1.1 4f114016fe4d6c05531b0486ec2868be.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: FRA56-C1
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: PrQQ7igsHwHWGqd3_kGV1Z0gG5V_Pr4tRRSYSb_fv1uiebh5oMVkUw==

GET
H2 200 b-7b120a5-9b871d4e.js Show response
tagan.adlightning.com/math-aids-threatpost/ Frame 2130 73 KB
28 KB 35ms
34ms Script
application/javascript 65.9.66.117
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js
Requested by: Host: 451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com
URL: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.117 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-117.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 4658e1122a2190db712f6731d3e8c14b027f0a42bd7c1333b11d272f8e9ea3fd

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Oct 2021 20:58:51 GMT
content-encoding: gzip
age: 15963879
x-cache: Hit from cloudfront
content-length: 28179
x-amz-meta-git_commit: 7b120a5
last-modified: Mon, 16 Aug 2021 17:49:31 GMT
server: AmazonS3
etag: "c42a7ac1ac405f3f0cad04305cad5553"
x-amz-version-id: HCJNSpgvHPkSF2.YDap.Qx6PnxOllH79
via: 1.1 4f114016fe4d6c05531b0486ec2868be.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: FRA56-C1
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: LqgTm9j-I05_vZbED1OAEFbLh3cYCaDmn9NB4FftvaED55-H13PE_w==

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 2130 42 B
63 B 51ms
50ms Image
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-CxfTxn5VISfwJ7vYy5ZOmimCVT4Y_3Nm-3OPc_WdAzFTX--hu3imUDqHALaY_ax00JmEu9WM6LHQA05MYqjEujY09ffuMlk4j4eAu8Qo8kdHSMC0c

Requested by

Host: 451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com
URL: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 15:23:29 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 dcmads.js Show response
www.googletagservices.com/dcm/ Frame 2130 11 KB
5 KB 18ms
17ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/dcm/dcmads.js

Requested by

Host: 451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com
URL: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

503a1dd70b8b9c286875f5f7de72bce93c664b79f3fcfeefa1150d2384df33a0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:19:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 242
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-dcm-tag
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5008
x-xss-protection: 0
last-modified: Thu, 24 Feb 2022 18:23:57 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-dcm-tag"
vary: Accept-Encoding
report-to: {"group":"ads-dcm-tag","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-dcm-tag"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Mon, 04 Apr 2022 16:19:27 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220330/r20110914/client/ Frame 2130 2 KB
1 KB 19ms
18ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220330/r20110914/client/window_focus_fy2019.js

Requested by

Host: 451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com
URL: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

68026f99511fbc5c2275b7068b5fac19797d638977ffb9db12c5c1523614c18f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:22:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 85
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1233
x-xss-protection: 0
server: cafe
etag: 16517525077337815633
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 18 Apr 2022 15:22:05 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 2130 119 KB
36 KB 53ms
53ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com
URL: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d593fdf64289375adaa96b87ebf4c4beec2995d730e3601254e0a226808bfe57

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:23:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36916
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1648640521462251"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 04 Apr 2022 15:23:29 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220330/r20110914/client/ Frame 2130 15 KB
6 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220330/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com
URL: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ecc2e585ea072abb205881f3aad6f36e92d556537e7100a8a128ddbc75edb436

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:22:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 32
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6407
x-xss-protection: 0
server: cafe
etag: 6055885685211612390
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 18 Apr 2022 15:22:57 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 2130 0
0 26ms
26ms Image
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSrgxyGnIyBCmP4JQbXnS_-ePG-nuesH7mrxLFZEYYUzJYHGLkzO06Se0iVbJYyewMP4C6w51iRg_LM_IwVCd5y_5e2bQ
Requested by: Host: 451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com
URL: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

GET
H2 200 bl-39123b0-71ac0870.js Show response
tagan.adlightning.com/math-aids-threatpost/ Frame B5CC 46 KB
19 KB 39ms
38ms Script
application/javascript 65.9.66.117
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/math-aids-threatpost/bl-39123b0-71ac0870.js
Requested by: Host: 451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com
URL: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.117 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-117.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: e2835af998d5ef885bfa14a1b1995c7724d5b6a76f545b4a491763bff6f0dac5

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Sat, 02 Apr 2022 00:47:40 GMT
content-encoding: gzip
age: 225350
x-cache: Hit from cloudfront
content-length: 19393
x-amz-meta-git_commit: 39123b0
last-modified: Sat, 02 Apr 2022 00:31:19 GMT
server: AmazonS3
etag: "27a611307893faed4f77b20bc9c527af"
x-amz-version-id: ciXDgJvjDfKJZB9C8XzODN3O2B85Zno7
via: 1.1 4f114016fe4d6c05531b0486ec2868be.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: FRA56-C1
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: WKYpQmg6N_pxXV0NXGig4tvnNtoFSCmPHbON5C8PhA-9qIu8McljzA==

GET
H2 200 b-7b120a5-9b871d4e.js Show response
tagan.adlightning.com/math-aids-threatpost/ Frame B5CC 73 KB
28 KB 42ms
41ms Script
application/javascript 65.9.66.117
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js
Requested by: Host: 451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com
URL: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.117 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-117.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 4658e1122a2190db712f6731d3e8c14b027f0a42bd7c1333b11d272f8e9ea3fd

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Oct 2021 20:58:51 GMT
content-encoding: gzip
age: 15963879
x-cache: Hit from cloudfront
content-length: 28179
x-amz-meta-git_commit: 7b120a5
last-modified: Mon, 16 Aug 2021 17:49:31 GMT
server: AmazonS3
etag: "c42a7ac1ac405f3f0cad04305cad5553"
x-amz-version-id: HCJNSpgvHPkSF2.YDap.Qx6PnxOllH79
via: 1.1 4f114016fe4d6c05531b0486ec2868be.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: FRA56-C1
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: FLPkdAiCa6ydquuX4nH5b6hotLj0RUo3Nplb7WIlI7wQ6hEanUzcmQ==

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame B5CC 42 B
63 B 51ms
51ms Image
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-BVnq9duJilqTjGI3GFYxb7-6_9K7EZ4YXcC93QKG68fUe0jrv6wGjNb2GcDDGQV0JzoHhQ-Bc1hJAg12KAefbzDsBOgapGuk_AYIj9WmDqiUKMuXQ

Requested by

Host: 451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com
URL: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 15:23:29 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220330/r20110914/client/ Frame B5CC 2 KB
1 KB 19ms
18ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220330/r20110914/client/window_focus_fy2019.js

Requested by

Host: 451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com
URL: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

68026f99511fbc5c2275b7068b5fac19797d638977ffb9db12c5c1523614c18f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:22:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 85
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1233
x-xss-protection: 0
server: cafe
etag: 16517525077337815633
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 18 Apr 2022 15:22:05 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame B5CC 119 KB
36 KB 55ms
55ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com
URL: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d593fdf64289375adaa96b87ebf4c4beec2995d730e3601254e0a226808bfe57

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:23:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36916
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1648640521462251"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 04 Apr 2022 15:23:29 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220330/r20110914/client/ Frame B5CC 15 KB
6 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220330/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com
URL: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ecc2e585ea072abb205881f3aad6f36e92d556537e7100a8a128ddbc75edb436

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:22:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 32
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6407
x-xss-protection: 0
server: cafe
etag: 6055885685211612390
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 18 Apr 2022 15:22:57 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame B5CC 0
0 27ms
27ms Image
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaTbNV2Ryura98LaoVk54lmBHOVGMejAyO4unnz2IHeaXxRByYqPxa3I5PNcsEWOVSvfwYReVjTFu-4WKnWYp_520l3rlQ
Requested by: Host: 451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com
URL: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

GET
H2 200 bl-39123b0-71ac0870.js Show response
tagan.adlightning.com/math-aids-threatpost/ Frame 43BF 46 KB
19 KB 44ms
44ms Script
application/javascript 65.9.66.117
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/math-aids-threatpost/bl-39123b0-71ac0870.js
Requested by: Host: 451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com
URL: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.117 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-117.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: e2835af998d5ef885bfa14a1b1995c7724d5b6a76f545b4a491763bff6f0dac5

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Sat, 02 Apr 2022 00:47:40 GMT
content-encoding: gzip
age: 225350
x-cache: Hit from cloudfront
content-length: 19393
x-amz-meta-git_commit: 39123b0
last-modified: Sat, 02 Apr 2022 00:31:19 GMT
server: AmazonS3
etag: "27a611307893faed4f77b20bc9c527af"
x-amz-version-id: ciXDgJvjDfKJZB9C8XzODN3O2B85Zno7
via: 1.1 4f114016fe4d6c05531b0486ec2868be.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: FRA56-C1
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: iqqZknBUfwkMDZlnMkppn7zlbaYOphVAPCVuGw_H9HNmYCXVgjg64Q==

GET
H2 200 b-7b120a5-9b871d4e.js Show response
tagan.adlightning.com/math-aids-threatpost/ Frame 43BF 73 KB
28 KB 46ms
45ms Script
application/javascript 65.9.66.117
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js
Requested by: Host: 451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com
URL: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.117 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-117.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 4658e1122a2190db712f6731d3e8c14b027f0a42bd7c1333b11d272f8e9ea3fd

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Oct 2021 20:58:51 GMT
content-encoding: gzip
age: 15963879
x-cache: Hit from cloudfront
content-length: 28179
x-amz-meta-git_commit: 7b120a5
last-modified: Mon, 16 Aug 2021 17:49:31 GMT
server: AmazonS3
etag: "c42a7ac1ac405f3f0cad04305cad5553"
x-amz-version-id: HCJNSpgvHPkSF2.YDap.Qx6PnxOllH79
via: 1.1 4f114016fe4d6c05531b0486ec2868be.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: FRA56-C1
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: PBd74ge3aAh1m2LrXag_Gsq4io9sb4K0YFyYHGEYugfGK7byqyt-Bg==

GET
H2 200 css2
fonts.googleapis.com/ Frame 43BF 4 KB
1 KB 70ms
26ms Stylesheet
text/css 2a00:1450:4001:80e::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap

Requested by

Host: 451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com
URL: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

ab7475d461d9f613ef90faa375ec3387987dd7536af23c13cacd6be9c0c0e370

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 04 Apr 2022 15:01:03 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Mon, 04 Apr 2022 15:23:29 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 04 Apr 2022 15:23:29 GMT

GET
H3 200 feedback_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 43BF 205 B
229 B 45ms
18ms Image
image/png 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/feedback_grey600_24dp.png

Requested by

Host: 451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com
URL: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Sun, 03 Apr 2022 21:38:16 GMT
x-content-type-options: nosniff
age: 63913
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 205
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Mon, 03 Apr 2023 21:38:16 GMT

GET
H3 200 settings_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 43BF 604 B
628 B 19ms
19ms Image
image/png 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/settings_grey600_24dp.png

Requested by

Host: 451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com
URL: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Sun, 03 Apr 2022 21:25:50 GMT
x-content-type-options: nosniff
age: 64660
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 604
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Mon, 03 Apr 2023 21:25:50 GMT

GET
H3 200 interstitial_ad_frame_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220330/r20110914/elements/html/ Frame 43BF 19 KB
8 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220330/r20110914/elements/html/interstitial_ad_frame_fy2019.js

Requested by

Host: 451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com
URL: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e11dced993be3d8dc0b83a9532f0423d64ef189d577b91a7f9794b653ba435bd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 14:15:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 4094
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8226
x-xss-protection: 0
server: cafe
etag: 11792478805792993122
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 18 Apr 2022 14:15:15 GMT

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 4357 499 B
937 B 74ms
30ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CPv1SRDa1sb8Ahi5tqbAATAB&v=APEucNV1lM3i98qKgxtwNkrLLZ2G24cLJ90wA3DLT3G4XVxWir0-LKKjPRiLRN23FyUSkrgwGIbFoHjky9K3Lm74cyP_C1iKjnRbv8n4tZssdANj3-ziFak

Requested by

Host: 451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com
URL: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5ee2a16d4f8f9629ae75e0f94473f8601a4e0bf9527ba4467a094926e0947505

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: gzip
content-length: 237
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 04 Apr 2022 15:23:29 GMT
expires: Mon, 04 Apr 2022 15:23:29 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 7421 14 KB
11 KB 65ms
48ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-C09awMV1STBYZekhopovzJwrjyuKtnVu0OyGx-EhYf0uPGR2PEe31p55m4i4RfifkjyAkNryCdDL9IjbOsWs3VkSdjs7ZG68OTk9J0OgStgXIX7fU9eQhbhaPxHg1l_tWyBHePvvmDDgjhCeaxq1BF-SWTmw&cry=1&dbm_d=AKAmf-CHbAVjqbqPmHgRTmqR3pCA37N7sK1g4ypZk0FdTq5mx2238cEyMOuQfSqDlJQhRfZrUMVQnICcJKCMiuRlbc_TKgKlkc9-rGdPrMJnGd2Ffo_Vq107Y-A-g4SHEDAe0287GsQZH86l0cu35tLnen0JUClY2e_UP3rcM7SxJUDcq-siezYRiGzRQpasPICYcCK2QNnKaOX9cJk9eKVyVlRVcD_uvcDmDZVXUgDZLIm6zwPmE3wTa02Hma6wWaVIwnS-oTnVvT4UZrPVhnn2nrqGUB3woOIchWxAtzOvupl5PJj20BqMBj2L6YTFSRMKXJ0yNbGBWrXYdTpp4rojeEVLrRU7m_GSeFbz-c3m88RYzVhfFwdhU3P5EO9uJI3HEOGKhKk2HhyZtaey3iz7qqqWgTlRLPR_BXTW3cp-wUXRMDUboZ7s1hTMoDh5zj2pvn42_RPHl98dh6JqgwZHPdtA50qDWeD1NnSryNggj2GTtvzlu3FnSHWIwuyRwRdUWLWWHuqc2ErKcmHLdEaRVbXJHkneT908-jWbFDYTji24sM4QQmJkPYAvMHyhcyVVeIk6bdA8MOxpg6W2hVSzj1_B8pj6uIih78s_tknrx9dWqHM5KTyORmJmSFL2KnkZJjF6dBv2NThI4y-U-5HBdocEGbHZiFYDyd6dChiDA7wsR3reZq0YhEpN5O-WpwPrEQWCYPbumQ46aV3CujHJeRF2So0eQ8pMvsuzCvYW5hWQjvF__QSmyUGOORkBtadRoRTmIsemVl3gte4gDl8t0rQkfRz4gP5IGeZiiYXNDpRU0iqLN_ufmnY1gbxrbzEcAGILiht5j-qOUq5eJ6_cLxB5PsV42vYmxm8Cu3JhNqh4LU4aK0yPQNf11qPzyhg68500NRAjBksXYbOdRuarJVf_GFMa5yiEmBM0NgXk_YkMGDL9j5bWDjfaZFZq1c1Oweuewt16a3mMpzpQUaCUHTnGpBpeqWiy2PSnpxXJ_o1Vbh9042B24B0RjCfYIsG1i76WcCa_HfoXzED7ncWGUHa1pu0f-ShTurDVts9JQfR6bk4h4ZbdaDL3yfkbbJaqfq04hIRfI1VQeRInBIh9w-L3bzZqNJQO6K6p5h0UVo1h23pEkUismLufCnO3HIyZTSWlL-wd5RDyN999EIKgC_ggFKxlKpB35M_JOm60FPQ2TT453o3qGwyZeb5dgjYUchDLRKioZ5GuHsKuWbzsLVOhoLL3Bfq9OdqWxaAj4kfg4TPJAn4PIi2bhEzGBAVqdRoe7BkE52dcy20BSn-Ik5O83bA4N8qRDj6tmEpC2vCpzyJFCVCzKuEd5UuqL06xi60YYWppCJZ1Kgv4lis9Q4Y72o4ypzO7d3MXMu_wqS2jR1jKEAd_HjluSDdg-quQkK8TP-J84hHmVYumRFXZZUT4-PlOSf5EOwaomCNl-xA71wPHqYoCsZvYSM8HVOwKt_lEQzC78ewTZ_apwN_9BxdMCbsJifssPNEdQBd5j2DTweMrYXhytXzigk4jgiQHgqAyw3ruIVvuLQrRiEj2DbjpuZVzL05nUoW8mbKys0VAjGkudJjHo4s4RxO4LgpDDSoSvu_45t-o7zvdtcNblgjXd0B_5zXDE6pp9cq9uIXI6UizJNvu4TA7HACvDbhiXyTy5CafntirDWWhbfqzS3yEiW32JZMPA1z4YDdtlygF2lnZ8cviyzbe5NrIdT11N2nmB_n7MWjsIu5E_dlH2TZ2li6-lcT08DrGXt9BdAX0GAKu4dn-cvyuQlu_yZY0z-oP0xQDAvUhYbO1R-K6MmJTou-XLsgTki4hHFKEuTWVtLyWLloTJtKMBNeXaogsv5-DRw0tAa61a2XMwztfDW_JXllBNiGK7Ya_CpwDrPwDhRxGvpjjcRKwrlJaGWQddeaqngAOa43QI07FSc5UcbPKl4YMWsUOhbzcPyGKl84EiDCzQyNhW1Ap2DP2FL7v9h4TbY56ld69ksbJE7vGwhYxxFFmcYq2bkF9D6PfcYXhSy98oYOdGdBUBtVi1IbdYit4ks19u3T0jbc3cf9o94yxN07hrG4fzTOSo9bSBSOK6-fd4lCKtOnfqoVBKdr6gURHmSdu8yp-EP4EliMGs1zHmACCJdV8CnEbKuCGQchgCXWjS7AQe5-BaMXrTSlZVT636U1wRZSPgk9a49OHlPocGncUYCHDw1DiJ753nSozSw8l3BRwZ1Y2sVUF09nhwMOo-psdXwL7vaMDPGwAw8Y_3bQrXnnLkAbQTssgoYgH7IepDoVXlH3za_1OTTtRU6xbSzqj2WFDVHJJuZm8L5azGesrstMkA4dwW1KzmM1R_ascR8JGq0FanpZhrsHagDDxvdYQRCr0BnECzARjNdMUpZ5Hm6c-3AnQQOqKwKLK2Jo9CIa6dQvBR4uqNOWi-Y-rxdHp-vQ2ADcKY8QumUkgGjAQnnQ5TOipHdHrD_xtJB9KPECVSFpPrr_dkEk16xSEi7iNY0BfyQiuxd7VIak1q8Lypo1TzCA2ew2EW4mCx7hoEy-wY4cuxyl6XUjXAguBZ-8MX_V_zBYB6WH_iJVUxmMQ6400nsEl2FUR6sTAc607PUuATUaYvG8C41edywr0QrdEa-ilPnv6cTVapOb5MwfS4j5X5_uRKuxpNS0JCzlNaywITNhVqbueprVEDpAWJVLPoE59qMQM4eRA3kKY8pkAVr8WR7jGxKy8McjjJ1auilgwIUmpzeEXpKSDd61CWJfRkynAD8-gn0AWmteo36-RJvw-qQHgiVLOn5US1mHaSVZP_ko40nnHGvwtpq5JDV891AK3x_3-i-NMWcZHfIaPXkgsnqDLeM_aecvmUUz1NZ_4I8JA9xWyDePEWy7q3NCKypU5-oPNMoILtlmY37ppCGzbfHMWX5YIdKS5joeP7Tk3FML-GTnpFW1X3pvQV7IkphmUU2FW3ZWykuiO0yQ_LJ3e0SJrAqL3uymU3_uBx2Fckm-PNvB6wyKMje2B8hvkArovw_XyswFH4QH9BGqazQD1_m2UqS9Yy5EkYbrKpfWzKmpCL1fJ2MebwAmZHL_EbJOLSO5_1su62ZQ2Ywc6YSTGlj-v3dyCQ4veeGt6O1lQCnLChlVzX_7P3Ls3l4CZwVeAkWbL-GL6p8-ZGv0UxTMd9kBa018cBH2GrCWEhKI0AHD8ZZ2TZQdaWt5Ugk2mY9HdAmpNducETriwQf6LO2oaNhGeM3rorIAokdKPIRKdWPJ1EkdG0S2KvjfwZn8hCiTx18OA5hErKTHMBjOAsA&cid=CAASJ-RoFvgNbJcoxvsfsAoUoIjVl3Dd7I-hmomqxElX-VcMLspX01JcbQ&rfl=1%2Chttps%253A%252F%252Fthreatpost.com%252F%240

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

590bd102c53da3b756f9f8c590dde6983d070ad9ccbdd8900e8503692e6cb2dc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 15:23:29 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10870
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame F128 499 B
258 B 56ms
29ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CPv1SRDa1sb8AhjN56XAATAB&v=APEucNV6qefQOhiPs6_Yo6V6IYXpX-kU_DF_XhBiUBIdDP9wtyoevKoGBY5FI7Vva0LzYCjdEzbCXgBPrxvL2xtwiLy5Qbau3Vytw_Y-2JlTEsebd7YWozE

Requested by

Host: 451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com
URL: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5ee2a16d4f8f9629ae75e0f94473f8601a4e0bf9527ba4467a094926e0947505

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: gzip
content-length: 237
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 04 Apr 2022 15:23:30 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 2130 14 KB
11 KB 50ms
49ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AwiK6zGkzoP2PtxV9HVeaBfX2Um9BMHBMG7I6jv-yiZJcam6Idp25FQJittpIlDsqNCj0mIUJG1DiSuywRUwwPsDuLiNTaA3f9dkoFpCpaRKVPxNvCsl3j3DLdS5Vgj7u0gqgr4DnXUODRpb9_4WELNOBOPw&cry=1&dbm_d=AKAmf-AuvFuBOyK4T0SPd1nmUmBrJgl7mX_OXJaSwkWkTzgo9UtyYAGq_sXmIMxmgKw5ltksege7jiIQuZf44ZgX-KwgRbF7-HI6ViUZdVMkU0sQUYs0QwZ2c-YNeOXYKWbO75RNjfwble_xcrxD-9_rmexcKRitaODUbaj2c9kNXvAdm_QtyCxUEoEeobmL-4Ht0hz1AFCEUERblO96S08qGy-b5nsIt91jVu6Kb6ss8IKmBYoFVkQIiDC59axwtzX-dRXJ-SQ2tbg8pOPuNjrrzcYWuBOH58fUHR5WidspNzJheYvCfC1hBGPnyy9A2-45Zbie3g4iG-fTCWfM5YzDd5WlXYGg7NVfUSMvPGEPdln9olhNKE161pFjqlq5YVgEn8jyO41LejoTtnGnMoSv3VnCJxbWSxvL7mC0chSrO0SL-3GvZNjtIQXeDg49oozcqFnLB1uRS7UPQJlvD-5tqc2jNaLvQmh6yfd-ITZW3k3FsDzGiZucGj7kKIK2KskpICY4olT8p6AdUtDkpfqPpThkjD-ZFGaX5PNV9gJS53j5nDftS5GotJRdoTv8j_bSZaUo8CTpqS3gKfCFXvpVb_OYDaucCUyBOMzemGvkfYR0VCel0-OhAITNxYKfxhGb_mpdiV73o2_mAHm65J9eJSDhFdPHlDfdSdZQ98is0BVF81yApUUMxQVhe7UDhLgUmt7FGagIYozG_gkjSmdu4z6sg0KMLi8apWZ_qNp3KxJiHZGMCdywvtVZfskTOjC1BS2pTFFOAExKiTgLJUqKTT8Gic25Ua_HDbB9xt-jYk8l6_H1ljDF0DMfWXmX3cnA4fYuIJvbJrzOTdkgfaA5B7ZGZVieZVv9AGmdrX4knpb7QHyXosTGWp1AI3-bZaGf4QqLdS-wrUIy4PxsjuYKQrRFOV3Jzr9_fnXQaaGWYCzUb5p4WswoTwdkbI6Ipna-zngoZ_ER7TkAPRH3cEDrMlWCx59rxrHdMioJI80Fnvjts5Rcygd9oHLbpk1oEHaIMU8fD_LS4sWd0Jf2GE9metafCWYqeOCKzV_O53EN20DVR7zdySWzk24giWB3pSuV83Yl_l2m-BdDx4GW4vOAzgSrkZZnLno8x377M8Dplh3fBU7RTklrxNUlX3zr2hEbF9__uHKSY6mqbH7KcLiXF4BrwnWqu4AvbeW5z-UwKgZWeLs62SaBI541zx2rHyHMq4Qgm89UASecs7DDYMgTTs3ZSfWmD9hOjjJxWqtkGlIY0gZOlQSJp-kF8PGezul1cz9JdfFKGpHs8cFQrTuXATCtyIFIQJsV3FvUtuUJXizyILIBVyGpEI92DF1WMkvpOZGdsF5WdCdaj063dhVkcNSzP9eJE7A4cwuWDxKtE3snfyx4YvAcM2GRkLRpg8KRqdASxXS3cwXOCd0qKIKs9s48jx3b7umRdrI0tSFL8AIRm-_C7Q7ZqysldBfp21RHMIc7wq-9pCrP3bg5Z6t0TrBSr-IzFSv8cNoggzZ6g4fE6hf_5V5--QJO3T7FpDZ96s4mjhhaaexwK1BXEb_6brPLLaxFMMCAIEe8TG_99yF22Ans4e2eAARBthL6A-V_bmym5wsgSDrpiHzI4g7JnnPaDL2KzTE9GKe29kMbBFoLQmsq8-__zgxWUGHpM7t7x8eZ4HyB5wAJnfRnZ4HlfYPsrZyY0Dx50-NRhCaP-_Fxwn2rDjfybtqUpSrslKVN5UKEwzkhbUqVyfjLEeLA9qfuTyQb7hfOfQ8mwsjom-VUq_ll-uKtpALVDBgjKmNSP1wx2JpenjrMJ7StVtkrSZg9Ja7PNJHUdwMESsMUW5cpPQdNuFVCkvzxG-wxc_I5EuR9g9m6FXoRewVhI0MG0lvSVXxo8pdRak1izEPzhs2Cx5X7OaeGma2IYBboced3pKvgjs0os88Yay8rtojFZ4OfZU6i90mPgtBsCLy-Dur5nslpHrrsxVohg5TQCg7CoOSi9Tz-61g9p70gdkk97ObiBYuN0fUj5_BrIpFJRyNxGHhu2o7bwC_nvycNB6BBlRnZOoGR6ERK6GY4GIrKYCJzDP9tG7CUgedsnCvLvS3o1W1HzAQFLynodQIS3oZzXKfptnSaGsS5CjtUjcury6B89VPYzwqqSLPMW-qzMsB5tNOj6nGznkOuBpuL2mn3DgpUZ0AD9kWY1SOkXCCcQUs-x--UEo8dMGk5KniVCp9SINCxdhSayBbg6i6bhV1inxRDq-5JJdej0UdEMwhJJNgL03Odg2X3Cq7gkfQsLs1rt4gJX98q7SGThpfE3u5ekbyBLGI_G-l-isi6ckJSHo41Chq7ZymZi1lBdmO3hZlFLRlaJQNx0xn0ztYTGcFEwhlJYk5hZGg-aCWga8mgwPwL5gGX7U95VI6OhCR75-2YuKOeYSUyfhtxVd53_RKgmkW-Y0KCt0LYVBTrGTiPgLU0TOEYygVEKUBTbriVZVXpsOneh08qEwhlYQOkgWjWQu0BksgESmyaAtBWx8ZrA9rFx1_6jNV1J7aM8mWy55vpMtc0IaPH7gEjRHF5lpg7KOsYJlwMS3byMfm3_ZJYYOVFrkSAXkB8GfBjtcj1Px4GhZhOqtq9PCBIZ6VOYWnNvExJ4IAtJ9ElMh-8yHber41zvqQbI3gYsaPk6ZmgytRRk-n8oGpNDj2I43ABy5GcPhGhBH5WSHMnxgIPZhtnlP0OICzUnpBhhZy-bGne-1OshJuTpQDaAqIKCiX3xRPDs4rZibGoLdo8mTc7nz-gQhq_k3qcyAqls0_JdFwWI7FGfeuRSG6Y6FhLO379pmrtOqUcE4L76RD651G7EqJr9cG_D1APCsUK6aeK8B8zjwuVPvOWJ4PVU95n10F-4a0KCH07p92BQZVaSI8iItrZqUY7fxud5fwa0gImYfGcjH2Rer6i11M8kSY9j3JNi7Ya52dwaaY50k1DjgFM2SqsVZd7qBAK8TFS2st8kCtUkgCHukypvZ1KCBzhDyy3vau-MPrf4TAJqOdeorwcfuYl9XiMgHDiFRfxcMlz4BPLIaJHv5FnBO3Ltqavgvk9Ao8UtnvGaJF1_0q23ug-R-B2D97l-E_6iD4qiEg1F-ydA-AkygONXlmyp0G8Eqk380FfNg-OoSNZsKfoY3ZQlz66fCJVzMR38Jzh1gQgStPUyQICE2SDzfcR_0cxJ40Ym1v3FV3cm7XjQSNJnU4Ev_VEqxgFc-1_6n_63JSDPIswxr49N7Lf9mJveYN5myAUPvT-hJg8vEjVDohC3xfAxOcdOGGe7UmL3ut86ua2hVY2ZL8-YwmazmU&cid=CAASJ-Ro2wLhueHjLmkszpfea64CJGHcvjOHM9NKzBLWxKfxGliLa1qACA&rfl=1%2Chttps%253A%252F%252Fthreatpost.com%252F%240

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ea4feec0041895844cfcde210c65f7f6ac292458e5b412f7f0d5ef01792bea21

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 15:23:30 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10864
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame BB09 632 B
324 B 30ms
30ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CIvVChCpn9ACGPfdpsUBMAE&v=APEucNV3RLWqTTI4GmOVyH3X4jtSB4NwOeE8hJ1-nOepw-NpAzpAHBLwhesNXCzBeOap7KpxW3Kq1LbhTvH9CPkuGnD4yPq9r-f3V4TpEcAJCmQEYRZi8Vc

Requested by

Host: 451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com
URL: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e34f3c96e1eae99e2fc8b8f0c8f608bf3d8822872bf36246c4360a024a8527d5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: gzip
content-length: 303
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 04 Apr 2022 15:23:30 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame B5CC 78 KB
33 KB 65ms
65ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AHzKswtbLG6oO9mLyUcvEza-5gL-RLZX2VpL4HKKh1-vu3ejhXxhJbJrFhKEKE4yK1tlZXYMOAeQX28O7w_9hLYTzRa6quhbiDBNIlzDPc8tLTQBXFaKVNhlhEpSsU-y3TA8ReUru05RTQHP_GXoHaTZlBiA&dbm_d=AKAmf-DLpjgzhwh24MiGRvGan_fxIUrVKVEbZd7Ocnv3JQB7PxJKWDcxiTY2TAHT78hs5MUH96wvltgsmifzd8osBG8I6cX-lC_AJdVOpGdpGzM0AqvUCMn2SZuOclH6HabjXtcTXSHiIA4ha4RANUbF-H710ktCtDNWoXbV0RdUBf8VYuGCpmJA3aBzjRBVT33XC1jUHrEFsEtQfXhzxkDRr5ppYV1Z5cEr8vN9nNNZT6q1chz-OIsZEfAXV4nsglwU9_G6fhHjNJ3x38tUdyYT3g29rYep1ZuDxui_bhJamghP9jYSnVr52ibA-tjGfAGe2QnHxK35AJz8KQMJ8tn3pRXWNGQhgiAIX76NMZ-oTwepVisJ1h7AUnvpo0uIFmDH2b8SW55mrPLO2DYfsXTDtKHAWd9DTY1xyq7xS6_xcCMNtZBJFtQ2h1TRFyHsI2Qq2GYI5UDrDQq64J-7CscDvtZ03pUThf65-_tuf6g088P8uo3wO7W5k7jNW13l6XQTZDablQ6sSkjSyjjQmvpUhqnRgDuHdAM-wDmcgFno_HES4pcOtGut-D9PbxC-MtIlxkhOt-OFE8oy0n_nzyjnohS-RZE7KezR_iz0J_4QMECVvSEoTAT3XeFV1Pn7yNnQyIVPYaVaBFDYxR9-9jBax0Fr5vZUIvr99rjdpmSHFVUCHkLCRAputhoQORCotnpkY2Toura43c-6iV-dznWf5OZDhCLEYu8nfY0mM89XYNSS8VYLV6UONCgdxFjwoWC0aope3GW7DMMlMofDszDBmWYs842wZ0KZwQSB4boaC73fKGNcyWi4Jasu2P4aPOm6o4a6daRjjVF3LUE8DU-DG070f2-Fe9ueZoOekER5kLvdUuOG9EpYphTR2rYVqJUs6jZnAOsZrRfDYHYi2BpPn-GeuMfUhjz4diIK_YTqHc8eHnfFv19ivkq-rEdPKIuR1TPB_cxXbZESenrnFS2PAVVi5kGREPxUzM5_p48E4rItIFBRo--8lbjRfTCFvkIlFUvavUS4E2SAKm7BhMMSi24n8NQeGgx677WQvU00Wu_nLPhYWLYWsh0PaJqU0E_p-Mgp-eTmtLhlXEHnxEjJdL1kztS1iZ92ukd3lHXpHqnjsBwRrOT401DdOqwkNNcaFbuebwvkIaYVqzWEjJiK93IEpoDz5OFQ1aIbZI6Mdoikq_g90ZSv1KVxfaKOFJLqlLNg_kZRK-5TGAjqzqS2erHUDj7-36SNDE2Y5eoCPVu_H4COqDIqJNJ6_-ANjfm5ozr1_froe1Dw8_sBfXgHbZ4F2wcQV9d8zraCU-hw5H3666sOZ0ryUi0HXLfsCaItOaRAMTZvKN1_aEmeChXlLtKJDLxsBYaA0HN3BSRn-PZn8z4ubXlMej3TW7C2DO7Rss0gFILddFdlS-zdnCdU8kqAxEaIK1QIaNSDHPxe3XRcSIuzBajajGZmOu5SlzyGL8yYAAREesUtcW4k6uoNNfyLHZtTNLzthLLKhJ5xftDCsR-JKS_z7FQn_17sZYaIJQkb5zCrbLcKpC2VL4TBpV7wLFAU4joaXd_Nk-tw4g1iwhARyc8N7vIbv6d6d2H33wQl5oi_rAmdPNyVvcd1DzUEyt33IMucXjdbtpDwjgGV1UIu2mT8M4LbXjoAh96ndvBN1CmrdL4q9AVI0pTmVY3OcVog8MVD5KiCt4cBvcKhYmGestiEp58hnVfeQiZ_eTe-tqVctETuFWqQuoprf_ElBP6gM3NdUaM8ZpWtOEG_18gwVOB0OqJlkoV9FhfzKOuFzvnuYRoP-1PxVkBhEEE3BW3vkYmyHBlG9ExB8meFT1ihi57flRSbzVXhrT5AJsJGuWhIPJJS-KAOklNuBkvdsU4eGpupYiLwbzq5chHB7m8zkeVBc17_0QZb29iYVyrFGprDPUO6br7xta3ebHLlZdN3fo28DjSD1qU-8xPX0CSPr5od8Gkj2sj7uk40b2o3IdVRQNbIlzewjThmt0t1sZdoptmpWkTXReID_8Z21YuaSrOgpjCQMFa9_gE7jo9ap347GooxyCKR07Y8qhlc7_aJLyD3-oet8puOYSrbjzP_c6orbDCl8NPXKdkphTGhbnt86nGh56Xm2kY27-qTTb77FduymNhePPnhIvuKYldRzPvVx-b1EsPrS7IgtsBBCmWGnLAAaWPz1xVCfjmU9msbpAGXhTZQ4rkckNXVwUAFL5XxRTu-jMGdNbNzLJtPW4XtGUOapdX43sJzCAFCBj-yFEU5jv2wlqGiFrxsG_noXP8su5w4JSrNjdiuZJ9ordKXGtINP_h2RGD-6l8p-puD5Hw0DB6bc7bzH6ptYuZkqYyOmIbJaKb58P3OSFVA3FNfY6NYTAQoN6FARBhVGgEUNoBklkhhjK0UXBda4nxZV0zNj8s0A6DdAhlDTHIRHzQ5xJWk0oxPp5zyWeSbf8BeUz0zk_XhiwJjK5NsUAi7y8R0Wk4QB-rJ9-QQRb1yXRgJ9aK-aQlH51r4lHKYL59EuLP8yYAqQkC7KJMtXKJou1rGQCBiZ5mnzWN18AeAWbJ56yBZsJ4paYRVkqOemn-X8R1m6HVsd5wgfP0K4yTQsDKuWgfg-FO0NKzy1auSLNYUAxeMmtGh8pYj3NPJ39kzjr8chVzYCuDPzmvU0cdFyk7n7TaxQ9YG4Z3HTCLg8blD5_0FImiqRQCeV_V1o5pQ--nXURjM0IBaMS_r1BJLJP3lAmaXKhiyDEkFaJtzjmjOTzqpkbFlVKdmKMTG6FBvBCe5jazvD-RTeYwSE1luhdV8NXO7ShcDaDpu6Yo39KFiJHpj6cOqQv1qjpg5N3u6aKfG78-k8hhESLZi32ZIk1Pq46WRNbDtgkNjaiZzvDgPOsf3B78cwQAnMCJmsvH4PGWH5eGVZW5bzSTuNi6pEuQ_cufPIzbsvw83wqacTJPEdgB0SO-Fz8VdGXjI8o2zAn4nFycRRaXJ8FOGC8co0YhNU8g8oaITMwseVlC7ho8HME1AEwr2yfQjkjUuHt8jYW0w2r8kL1veapxDq0wTpE3iLVrg95FG3EEl96QJpFmLS000bUnrlAMPJr_Q9ZM5LqQNG5o3KR_s3DSVYKzikpAi57I4b-ibhhu4dJd_8-yWSEwgolg2aLA23j2t7BV77flScbp_0fCp-lqh0k6CTyw-27PfleEHOh6xazl8yv4iBZdKrvH9O4x_NzykQUMpzoVTCo9arBFwAmYH0DEhKuRHsYHYH62sLX4Qx8_NlDBcicE3Mvd6JWW96z4QrSUowt97KSLIInxTMVIxhiyzzlyVMI4OaDaEfJc6R4fnELh_NuAyDRaXKqEJdBXUS92cOVt1YZO2id1HtPD_JVVraiKIpnhu_fbYHweUyymSs1AX&cid=CAASJ-Roe370UA2-RP6Q13uCxe3wFYZcMe36xDkdnigRB---rhGtp1qfpA&rfl=1%2Chttps%253A%252F%252Fthreatpost.com%252F%240

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fda93a9ac28a125c30b9e09dd90d5a12093089ceb697a1a157c3905f44d66490

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 15:23:30 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 33473
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 30ms
30ms Script
application/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=threatpost.com

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 04 Apr 2022 15:23:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 29ms
29ms Script
application/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=threatpost.com

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 04 Apr 2022 15:23:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 180 KB
51 KB 533ms
532ms XHR
text/plain 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=290203956529752&correlator=790553285963287&eid=31065713&output=ldjh&gdfp_req=1&vrg=2022032106&ptt=17&impl=fifs&gdpr=0&us_privacy=1---&tfua=0&tfcd=0&iu_parts=22404337467%3A21707124336%2Cthreatpost-970x250-ATF%2Cthreatpost-300x250-ATF%2Cthreatpost-300x600-ATF%2Cthreatpost-2x2-Skin%2Cthreatpost-AdX-Interstitial&enc_prev_ius=%2F0%2F1%2C%2F0%2F2%2C%2F0%2F3%2C%2F0%2F4%2C%2F0%2F5&prev_iu_szs=728x90%7C970x250%7C970x90%2C300x250%7C336x280%2C300x250%7C300x600%2C2x2%2C1x1&ifi=6&adks=4166723991%2C1414505084%2C1356251026%2C3771495681%2C2643643476&sfv=1-0-38&ecs=20220404&ris=2~2~2~2~2&rcs=1%2C1%2C1%2C1%2C1&ists=1&fas=0%2C0%2C0%2C0%2C8&fsapi=false&prev_scp=amznbid%3D2%26amznp%3D2%26hb_adid_triplelift%3D64dd6903f54bf5e%26hb_bidder_triplelift%3Dtriplelift%26dyn_bids%3D0.01%26hb_adid%3D64dd6903f54bf5e%26hb_bidder%3Dtriplelift%7Camznbid%3D2%26amznp%3D2%7Camznbid%3D2%26amznp%3D2%7Camznbid%3D2%26amznp%3D2%7C&eri=1&cust_params=urlhost%3Dhttps%253A%252F%252Fthreatpost.com%252F%26urlpath%3D%252Fgoogle-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch%252F179103%252F%26urlquery%3Dgoogfc%26contentid%3D179103%26category%3Dvulnerabilities%26contenttags%3D&sc=1&cookie=ID%3D37d2fa86691c1002-2262365e6dcd0030%3AT%3D1649085808%3AS%3DALNI_MZI5F90x_OfNrdK2EZqPSzpNAD-Ow&abxe=1&dt=1649085810366&lmt=1649085810&dlt=1649085805618&idt=1789&biw=1600&bih=1200&adxs=436%2C1082%2C1082%2C0%2C0&adys=8%2C256%2C1551%2C8%2C0&ucis=1%7C2%7C3%7C4%7C5&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&url=https%3A%2F%2Fthreatpost.com%2Fgoogle-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch%2F179103%2F&frm=20&vis=1&scr_x=0&scr_y=0&psz=728x90%7C300x250%7C300x600%7C1600x0%7C1600x4579&msz=728x90%7C300x250%7C300x600%7C1600x0%7C1600x-1&fws=0%2C0%2C0%2C0%2C640&ohw=0%2C0%2C0%2C0%2C0&ga_vid=1480618513.1649085808&ga_sid=1649085809&ga_hid=593948391&ga_fc=true&btvi=0%7C0%7C2%7C0%7C0&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022032106.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

e895df88a898c42d0a462314157b881f614bf4c66bed9fd4113c980b5fdb020d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:23:30 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 52526
x-xss-protection: 0
google-lineitem-id: -1,-1,-1,-2,-1
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -1,-1,-1,-2,-1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://threatpost.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 place
math-aids-threatpost-tagan.adlightning.com/ Frame 43BF 0
426 B 62ms
17ms Ping
text/plain 65.9.66.69
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://math-aids-threatpost-tagan.adlightning.com/place?p=0&d=eyJzaXRlSWQiOiJtYXRoLWFpZHMtdGhyZWF0cG9zdCIsInVybCI6Imh0dHBzOi8vdGhyZWF0cG9zdC5jb20vZ29vZ2xlLWNocm9tZS16ZXJvLWRheS1idWdzLWV4cGxvaXRlZC13ZWVrcy1haGVhZC1vZi1wYXRjaC8xNzkxMDMvIiwiYWRVbml0IjoiLzIyNDA0MzM3NDY3LDIxNzA3MTI0MzM2L3RocmVhdHBvc3QtQWRYLUludGVyc3RpdGlhbF8wIiwiYWRTZXJ2ZXJEZXRhaWxzIjp7ImFkdmVydGlzZXJJZCI6IjUwMjQ1NjkzNzQiLCJjYW1wYWlnbklkIjoiMjkxMDkwMjM4NiIsImNyZWF0aXZlSWQiOiIxMzgzNjQ3NTY0MjEiLCJsaW5laXRlbUlkIjoiNTc5NjE4OTk3NCIsImFkU2VydmVyIjoiZGZwIiwieWllbGRHcm91cElkcyI6WzI4NTgzN119LCJ3aWR0aCI6MSwiaGVpZ2h0IjoxLCJ3diI6IjEuMC4wKzdiMTIwYTUiLCJidiI6IjEuMC4wKzdiMTIwYTUiLCJ0YWdNYXJrdXAiOiI8aHRtbD48aGVhZD5cbiAgICA8bWV0YSBjaGFyc2V0PVwiVVRGLThcIj5cbiAgICA8dGl0bGU%2BU2FmZUZyYW1lIENvbnRhaW5lcjwvdGl0bGU%2BXG4gICAgPHNjcmlwdD5cbihmdW5jdGlvbigpey8qXG5cbiBDb3B5cmlnaHQgVGhlIENsb3N1cmUgTGlicmFyeSBBdXRob3JzLlxuIFNQRFgtTGljZW5zZS1JZGVudGlmaWVyOiBBcGFjaGUtMi4wXG4qL1xudmFyIG09dGhpc3x8c2VsZix3PWZ1bmN0aW9uKGEpe3JldHVybiBhfTt2YXIgeDt2YXIgej1mdW5jdGlvbihhLGIsYyl7dGhpcy5nPWM9PT15P2E6XCJcIn07ei5wcm90b3R5cGUudG9TdHJpbmc9ZnVuY3Rpb24oKXtyZXR1cm4gdGhpcy5nLnRvU3RyaW5nKCl9O3ZhciB5PXt9O3ZhciBDPWZ1bmN0aW9uKGEsYil7dmFyIGM9dm9pZCAwPT09Yz97fTpjO3RoaXMuZXJyb3I9YTt0aGlzLmNvbnRleHQ9Yi5jb250ZXh0O3RoaXMubXNnPWIubWVzc2FnZXx8XCJcIjt0aGlzLmlkPWIuaWR8fFwianNlcnJvclwiO3RoaXMubWV0YT1jfTt2YXIgRD1mdW5jdGlvbihhKXtEW1wiIFwiXShhKTtyZXR1cm4gYX07RFtcIiBcIl09ZnVuY3Rpb24oKXt9O3ZhciBFPS9eKD86KFteOi8%2FIy5dKyk6KT8oPzpcXC9cXC8oPzooW15cXFxcLz8jXSopQCk%2FKFteXFxcXC8%2FI10qPykoPzo6KFswLTldKykpPyg%2FPVtcXFxcLz8jXXwkKSk%2FKFtePyNdKyk%2FKD86XFw%2FKFteI10qKSk%2FKD86IyhbXFxzXFxTXSopKT8kLzt2YXIgST1mdW5jdGlvbihhLGIpe2lmKGEpZm9yKHZhciBjIGluIGEpT2JqZWN0LnByb3RvdHlwZS5oYXNPd25Qcm9wZXJ0eS5jYWxsKGEsYykmJmIuY2FsbCh2b2lkIDAsYVtjXSxjLGEpfTt2YXIgSj0vXmh0dHBzPzpcXC9cXC8oXFx3fC0pK1xcLmNkblxcLmFtcHByb2plY3RcXC4obmV0fG9yZykoXFw%2FfFxcL3wkKS8sSz1mdW5jdGlvbihhLGIpe3RoaXMuZz1hO3RoaXMuaD1ifSxMPWZ1bmN0aW9uKGEsYil7dGhpcy51cmw9YTt0aGlzLmo9ISFiO3RoaXMuZGVwdGg9bnVsbH07dmFyIE09ZnVuY3Rpb24oYSl7bS5nb29nbGVfaW1hZ2VfcmVxdWVzdHN8fChtLmdvb2dsZV9pbWFnZV9yZXF1ZXN0cz1bXSk7dmFyIGI9bS5kb2N1bWVudC5jcmVhdGVFbGVtZW50KFwiaW1nXCIpO2Iuc3JjPWE7bS5nb29nbGVfaW1hZ2VfcmVxdWVzdHMucHVzaChiKX07dmFyIE49ZnVuY3Rpb24oKXt0aGlzLmk9XCImXCI7dGhpcy5oPXt9O3RoaXMubz0wO3RoaXMuZz1bXX0sTz1mdW5jdGlvbihhLGIpe3ZhciBjPXt9O2NbYV09YjtyZXR1cm5bY119LFU9ZnVuY3Rpb24oYSxiLGMsZCxnKXt2YXIgZT1bXTtJKGEsZnVuY3Rpb24oZixrKXsoZj1UKGYsYixjLGQsZykpJiZlLnB1c2goaytcIj1cIitmKX0pO3JldHVybiBlLmpvaW4oYil9LFQ9ZnVuY3Rpb24oYSxiLGMsZCxnKXtpZihudWxsPT1hKXJldHVyblwiXCI7Yj1ifHxcIiZcIjtjPWN8fFwiLCRcIjtcInN0cmluZ1wiPT10eXBlb2YgYyYmKGM9Yy5zcGxpdChcIlwiKSk7aWYoYSBpbnN0YW5jZW9mIEFycmF5KXtpZihkPWR8fDAsZDxjLmxlbmd0aCl7Zm9yKHZhciBlPVtdLGY9MDtmPGEubGVuZ3RoO2YrKyllLnB1c2goVChhW2ZdLGIsYyxkKzEsZykpO3JldHVybiBlLmpvaW4oY1tkXSl9fWVsc2UgaWYoXCJvYmplY3RcIj09dHlwZW9mIGEpcmV0dXJuIGc9Z3x8MCwyPmc%2FZW5jb2RlVVJJQ29tcG9uZW50KFUoYSxiLGMsZCxnKzEpKTpcIi4uLlwiO3JldHVybiBlbmNvZGVVUklDb21wb25lbnQoU3RyaW5nKGEpKX0sVz1mdW5jdGlvbihhKXt2YXIgYj1cImh0dHBzOi8vcGFnZWFkMi5nb29nbGVzeW5kaWNhdGlvbi5jb20vcGFnZWFkL2dlbl8yMDQ%2FaWQ9anNlcnJvciZcIixjPVYoYSktMjc7aWYoMD5jKXJldHVyblwiXCI7YS5nLnNvcnQoZnVuY3Rpb24obixBKXtyZXR1cm4gbi1BfSk7Zm9yKHZhciBkPW51bGwsZz1cIlwiLGU9MDtlPGEuZy5sZW5ndGg7ZSsrKWZvcih2YXIgZj1hLmdbZV0saz1hLmhbZl0sbD0wO2w8ay5sZW5ndGg7bCsrKXtpZighYyl7ZD1udWxsPT1kP2Y6ZDticmVha312YXIgaD1VKGtbbF0sYS5pLFwiLCRcIik7aWYoaCl7aD1nK2g7aWYoYz49aC5sZW5ndGgpe2MtPWgubGVuZ3RoO2IrPWg7Zz1hLmk7YnJlYWt9ZD1udWxsPT1kP2Y6ZH19YT1cIlwiO251bGwhPWQmJihhPWcrXCJ0cm49XCIrZCk7cmV0dXJuIGIrYStcIlwifSxWPWZ1bmN0aW9uKGEpe3ZhciBiPTEsYztmb3IoYyBpbiBhLmgpYj1jLmxlbmd0aD5iP2MubGVuZ3RoOmI7cmV0dXJuIDM5OTctYi1hLmkubGVuZ3RoLTF9O3ZhciBYPWZ1bmN0aW9uKGEpe2lmKC4wMT5NYXRoLnJhbmRvbSgpKXRyeXtpZihhIGluc3RhbmNlb2YgTil2YXIgYj1hO2Vsc2UgYj1uZXcgTixJKGEsZnVuY3Rpb24oZCxnKXt2YXIgZT1iLGY9ZS5vKys7ZD1PKGcsZCk7ZS5nLnB1c2goZik7ZS5oW2ZdPWR9KTt2YXIgYz1XKGIpO2MmJk0oYyl9Y2F0Y2goZCl7fX07dmFyIFk9ZnVuY3Rpb24oYSl7dmFyIGI9YS50b1N0cmluZygpO2EubmFtZSYmLTE9PWIuaW5kZXhPZihhLm5hbWUpJiYoYis9XCI6IFwiK2EubmFtZSk7YS5tZXNzYWdlJiYtMT09Yi5pbmRleE9mKGEubWVzc2FnZSkmJihiKz1cIjogXCIrYS5tZXNzYWdlKTtpZihhLnN0YWNrKXthPWEuc3RhY2s7dmFyIGM9Yjt0cnl7LTE9PWEuaW5kZXhPZihjKSYmKGE9YytcIlxcblwiK2EpO2Zvcih2YXIgZDthIT1kOylkPWEsYT1hLnJlcGxhY2UoLygoaHR0cHM%2FOlxcLy4uKlxcLylbXlxcLzpdKjpcXGQrKD86LnxcXG4pKilcXDIvLFwiJDFcIik7Yj1hLnJlcGxhY2UoL1xcbiAqL2csXCJcXG5cIil9Y2F0Y2goZyl7Yj1jfX1yZXR1cm4gYn07dmFyIGFhPS9eKFteO10rKTsoXFxkKyk7KFtcXHNcXFNdKikkLyxiYT1mdW5jdGlvbigpe3ZhciBhPXdpbmRvdy5uYW1lLGI9YWEuZXhlYyhhKTtpZihudWxsPT09Yil0aHJvdyBFcnJvcihcIkNhbm5vdCBwYXJzZSBzZXJpYWxpemVkIGRhdGEuIFwiK2Euc3Vic3RyaW5nKDAsNTApKTthPStiWzJdO3ZhciBjPWJbM107aWYoYT5jLmxlbmd0aCl0aHJvdyBFcnJvcihcIlBhcnNlZCBjb250ZW50IHNpemUgZG9lc24ndCBtYXRjaC4gXCIrYStcIjpcIitjLmxlbmd0aCk7cmV0dXJue206YlsxXSxjb250ZW50OmMuc3Vic3RyKDAsYSksbDpjLnN1YnN0cihhKX19O3ZhciBaPW51bGwsZGE9ZnVuY3Rpb24oYSl7dmFyIGI9YS5sZW5ndGgsYz0zKmIvNDtjJTM%2FYz1NYXRoLmZsb29yKGMpOi0xIT1cIj0uXCIuaW5kZXhPZihhW2ItMV0pJiYoYz0tMSE9XCI9LlwiLmluZGV4T2YoYVtiLTJdKT9jLTI6Yy0xKTt2YXIgZD1uZXcgVWludDhBcnJheShjKSxnPTA7Y2EoYSxmdW5jdGlvbihlKXtkW2crK109ZX0pO3JldHVybiBkLnN1YmFycmF5KDAsZyl9LGNhPWZ1bmN0aW9uKGEsYil7ZnVuY3Rpb24gYyhsKXtmb3IoO2Q8YS5sZW5ndGg7KXt2YXIgaD1hLmNoYXJBdChkKyspLG49WltoXTtpZihudWxsIT1uKXJldHVybiBuO2lmKCEvXltcXHNcXHhhMF0qJC8udGVzdChoKSl0aHJvdyBFcnJvcihcIlVua25vd24gYmFzZTY0IGVuY29kaW5nIGF0IGNoYXI6IFwiK2gpO31yZXR1cm4gbH1lYSgpO2Zvcih2YXIgZD0wOzspe3ZhciBnPWMoLTEpLGU9YygwKSxmPWMoNjQpLGs9Yyg2NCk7aWYoNjQ9PT1rJiYtMT09PWcpYnJlYWs7YihnPDwyfGU%2BPjQpOzY0IT1mJiYoYihlPDw0JjI0MHxmPj4yKSw2NCE9ayYmYihmPDw2JjE5MnxrKSl9fSxlYT1mdW5jdGlvbigpe2lmKCFaKXtaPXt9O2Zvcih2YXIgYT1cIkFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaYWJjZGVmZ2hpamtsbW5vcHFyc3R1dnd4eXowMTIzNDU2Nzg5XCIuc3BsaXQoXCJcIiksYj1bXCIrLz1cIixcIisvXCIsXCItXz1cIixcIi1fLlwiLFwiLV9cIl0sYz0wOzU%2BYztjKyspZm9yKHZhciBkPWEuY29uY2F0KGJbY10uc3BsaXQoXCJcIikpLGc9MDtnPGQubGVuZ3RoO2crKyl7dmFyIGU9ZFtnXTt2b2lkIDA9PT1aW2VdJiYoWltlXT1nKX19fTsoZnVuY3Rpb24oYSl7aWYod2luZG93Lm5hbWUpe3ZhciBiPWZ1bmN0aW9uKGUpe3RyeXt2YXIgZj1uZXcgTjtmLmcucHVzaCgxKTtmLmhbMV09TyhcImNvbnRleHRcIiw1MDcpO2UuZXJyb3ImJmUubWV0YSYmZS5pZHx8KGU9bmV3IEMoZSx7bWVzc2FnZTpZKGUpfSkpO2lmKGUubXNnKXt2YXIgaz1lLm1zZy5zdWJzdHJpbmcoMCw1MTIpO2YuZy5wdXNoKDIpO2YuaFsyXT1PKFwibXNnXCIsayl9dmFyIGw9W2UubWV0YXx8e31dO2YuZy5wdXNoKDMpO2YuaFszXT1sO2w9bTtrPVtdO2U9bnVsbDtkb3t2YXIgaD1sO3RyeXt2YXIgbjtpZihuPSEhaCYmbnVsbCE9aC5sb2NhdGlvbi5ocmVmKWI6e3RyeXtEKGguZm9vKTtuPSEwO2JyZWFrIGJ9Y2F0Y2goQil7fW49ITF9dmFyIEE9bn1jYXRjaChCKXtBPSExfWlmKEEpe3ZhciByPWgubG9jYXRpb24uaHJlZjtlPWguZG9jdW1lbnQmJmguZG9jdW1lbnQucmVmZXJyZXJ8fG51bGx9ZWxzZSByPWUsZT1udWxsO2sucHVzaChuZXcgTChyfHxcIlwiKSk7dHJ5e2w9aC5wYXJlbnR9Y2F0Y2goQil7bD1udWxsfX13aGlsZShsJiZoIT1sKTtyPTA7Zm9yKHZhciB0PWsubGVuZ3RoLTE7cjw9dDsrK3Ipa1tyXS5kZXB0aD10LXI7aD1tO2lmKGgubG9jYXRpb24mJmgubG9jYXRpb24uYW5jZXN0b3JPcmlnaW5zJiZoLmxvY2F0aW9uLmFuY2VzdG9yT3JpZ2lucy5sZW5ndGg9PWsubGVuZ3RoLTEpZm9yKHQ9MTt0PGsubGVuZ3RoOysrdCl7dmFyIHU9a1t0XTt1LnVybHx8KHUudXJsPWgubG9jYXRpb24uYW5jZXN0b3JPcmlnaW5zW3QtMV18fFwiXCIsdS5qPSEwKX12YXIgcD1uZXcgTChtLmxvY2F0aW9uLmhyZWYsITEpO2g9bnVsbDt2YXIgRj1rLmxlbmd0aC0xO2Zvcih1PUY7MDw9dTstLXUpe3ZhciBxPWtbdV07IWgmJkoudGVzdChxLnVybCkmJihoPXEpO2lmKHEudXJsJiYhcS5qKXtwPXE7YnJlYWt9fXE9bnVsbDt2YXIgZmE9ay5sZW5ndGgmJmtbRl0udXJsOzAhPXAuZGVwdGgmJmZhJiYocT1rW0ZdKTt2YXIgdj1uZXcgSyhwLHEpO2lmKHYuaCl7dmFyIGhhPXYuaC51cmx8fFwiXCI7Zi5nLnB1c2goNCk7Zi5oWzRdPU8oXCJ0b3BcIixoYSl9dmFyIEc9e3VybDp2LmcudXJsfHxcIlwifTtpZih2LmcudXJsKXt2YXIgSD12LmcudXJsLm1hdGNoKEUpLFA9SFsxXSxRPUhbM10sUj1IWzRdO3A9XCJcIjtQJiYocCs9UCtcIjpcIik7USYmKHArPVwiLy9cIixwKz1RLFImJihwKz1cIjpcIitSKSk7dmFyIFM9cH1lbHNlIFM9XCJcIjtHPVtHLHt1cmw6U31dO2YuZy5wdXNoKDUpO2YuaFs1XT1HO1goZil9Y2F0Y2goQil7dHJ5e1goe2NvbnRleHQ6XCJlY21zZXJyXCIscmN0eDo1MDcsbXNnOlkoQiksdXJsOnYmJnYuZy51cmx9KX1jYXRjaChpYSl7fX19O3RyeXt2YXIgYz1iYSgpLGQ9SlNPTi5wYXJzZShjLmwpLGc9dm9pZCAwPT09ZC5lbmNyeXB0aW9uTW9kZT9udWxsOmQuZW5jcnlwdGlvbk1vZGU7d2luZG93Lm5hbWU9XCJcIjthKGMuY29udGVudCxnLGZ1bmN0aW9uKGUpe2QuZ29vZ19zYWZlZnJhbWVfaGx0JiYobS5nb29nX3NhZmVmcmFtZV9obHQ9ZC5nb29nX3NhZmVmcmFtZV9obHQpO2QuX2NvbnRleHQmJihtLkFNUF9DT05URVhUX0RBVEE9ZC5fY29udGV4dCk7bS5zZl89e3Y6Yy5tLGNmZzpkfTtkb2N1bWVudC5vcGVuKFwidGV4dC9odG1sXCIsXCJyZXBsYWNlXCIpO2lmKHZvaWQgMD09PXgpe3ZhciBmPW51bGw7dm&i=1-2&t=adltag_l1kv423u_qu3E5hSq4t&r=40a69d6f93f5d6199d65bb5445e81b8&c=math-aids-threatpost&z=1
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.69 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-69.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

x-amz-version-id: D2POxJleIt92FyXaxSi7iRHuNLtujALh
via: 1.1 35a6ad9a7597ea2f4dacbdb5dc66a66c.cloudfront.net (CloudFront)
etag: "d41d8cd98f00b204e9800998ecf8427e"
age: 45812
x-cache: Error from cloudfront
content-length: 0
last-modified: Mon, 15 Jun 2020 18:35:10 GMT
server: AmazonS3
date: Mon, 04 Apr 2022 02:39:59 GMT
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: text/plain
access-control-allow-origin: *
x-amz-cf-pop: FRA56-C1
accept-ranges: bytes
x-amz-cf-id: vOeLtPJtMia2OVBGQGe0Ec2Qqxk-nkNR5bl_xmRe4p3-6hfwpo91hg==

POST
H2 200 place
math-aids-threatpost-tagan.adlightning.com/ Frame 43BF 0
426 B 62ms
18ms Ping
text/plain 65.9.66.69
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://math-aids-threatpost-tagan.adlightning.com/place?p=0&d=FyIGs9bS50cnVzdGVkVHlwZXM7aWYoayYmay5jcmVhdGVQb2xpY3kpe3RyeXtmPWsuY3JlYXRlUG9saWN5KFwiZ29vZyNodG1sXCIse2NyZWF0ZUhUTUw6dyxjcmVhdGVTY3JpcHQ6dyxjcmVhdGVTY3JpcHRVUkw6d30pfWNhdGNoKGwpe20uY29uc29sZSYmbS5jb25zb2xlLmVycm9yKGwubWVzc2FnZSl9eD1mfWVsc2UgeD1mfWU9KGY9eCk%2FZi5jcmVhdGVIVE1MKGUpOmU7ZT1uZXcgeihlLG51bGwseSk7ZG9jdW1lbnQud3JpdGUoZSBpbnN0YW5jZW9mIHomJmUuY29uc3RydWN0b3I9PT16P2UuZzpcInR5cGVfZXJyb3I6U2FmZUh0bWxcIik7ZG9jdW1lbnQuY2xvc2UoKTttLnNmXyYmKHdpbmRvdy5uYW1lPVwiXCIpfSxiKX1jYXRjaChlKXtiKGUpfX19KShmdW5jdGlvbihhLGIsYyl7aWYoMj09PWIpe2I9bmV3IFRleHREZWNvZGVyO3ZhciBkPS88c3RhcnRndWFyZD4oLiopPGVuZGd1YXJkPi9nLmV4ZWMoYSk7aWYoYT1iLmRlY29kZS5jYWxsKGIsZGEoZCYmZFsxXT9kWzFdOmEpKSliPWEudG9Mb3dlckNhc2UoKSxhPS0xPGIuaW5kZXhPZihcIjwhZG9jdHlwZVwiKXx8LTE8Yi5pbmRleE9mKFwiPGh0bWxcIik%2FYTpcIjwhZG9jdHlwZSBodG1sPjxodG1sPjxoZWFkPjwvaGVhZD48Ym9keT5cIithK1wiPC9ib2R5PjwvaHRtbD5cIn1jKGEpfSk7fSkuY2FsbCh0aGlzKTtcbiAgICA8L3NjcmlwdD48c2NyaXB0IHNyYz1cImh0dHBzOi8vdGFnYW4uYWRsaWdodG5pbmcuY29tL21hdGgtYWlkcy10aHJlYXRwb3N0L2JsLTM5MTIzYjAtNzFhYzA4NzAuanNcIiB0eXBlPVwidGV4dC9qYXZhc2NyaXB0XCI%2BPC9zY3JpcHQ%2BPHNjcmlwdCBzcmM9XCJodHRwczovL3RhZ2FuLmFkbGlnaHRuaW5nLmNvbS9tYXRoLWFpZHMtdGhyZWF0cG9zdC9iLTdiMTIwYTUtOWI4NzFkNGUuanNcIiB0eXBlPVwidGV4dC9qYXZhc2NyaXB0XCI%2BPC9zY3JpcHQ%2BPHNjcmlwdD52YXIgZD1kZWNvZGVVUklDb21wb25lbnQoXCIlN0IlMjJzaXRlSWQlMjIlM0ElMjJtYXRoLWFpZHMtdGhyZWF0cG9zdCUyMiUyQyUyMnd2JTIyJTNBJTIyMS4wLjAlMkI3YjEyMGE1JTIyJTJDJTIydG9wRG9tYWluJTIyJTNBJTIyaHR0cHMlM0ElMkYlMkZ0aHJlYXRwb3N0LmNvbSUyRmdvb2dsZS1jaHJvbWUtemVyby1kYXktYnVncy1leHBsb2l0ZWQtd2Vla3MtYWhlYWQtb2YtcGF0Y2glMkYxNzkxMDMlMkYlMjIlMkMlMjJjdXJyZW50VGFnSWQlMjIlM0ElMjJhZGx0YWdfbDFrdjQyM3VfcXUzRTVoU3E0dCUyMiUyQyUyMmF1JTIyJTNBJTIyJTJGMjI0MDQzMzc0NjclMkMyMTcwNzEyNDMzNiUyRnRocmVhdHBvc3QtQWRYLUludGVyc3RpdGlhbF8wJTIyJTJDJTIyc2xvdEVsZW1lbnRJZCUyMiUzQSUyMmdwdF91bml0XyUyRjIyNDA0MzM3NDY3JTJDMjE3MDcxMjQzMzYlMkZ0aHJlYXRwb3N0LUFkWC1JbnRlcnN0aXRpYWxfMCUyMiUyQyUyMmFkU2VydmVyRGV0YWlscyUyMiUzQSU3QiUyMmFkdmVydGlzZXJJZCUyMiUzQSUyMjUwMjQ1NjkzNzQlMjIlMkMlMjJjYW1wYWlnbklkJTIyJTNBJTIyMjkxMDkwMjM4NiUyMiUyQyUyMmNyZWF0aXZlSWQlMjIlM0ElMjIxMzgzNjQ3NTY0MjElMjIlMkMlMjJsaW5laXRlbUlkJTIyJTNBJTIyNTc5NjE4OTk3NCUyMiUyQyUyMmFkU2VydmVyJTIyJTNBJTIyZGZwJTIyJTJDJTIyeWllbGRHcm91cElkcyUyMiUzQSU1QjI4NTgzNyU1RCU3RCUyQyUyMnclMjIlM0ExJTJDJTIyaCUyMiUzQTElMkMlMjJzYWZlRnJhbWVLZXklMjIlM0ElMjI0MzU3MjA2MSUyMiU3RFwiKTt3aW5kb3dbXCI0ODY1MzYxMV9tYXRoLWFpZHMtdGhyZWF0cG9zdFwiXT17fTt3aW5kb3dbXCI0ODY1MzYxMV9tYXRoLWFpZHMtdGhyZWF0cG9zdFwiXS50YWdEZXRhaWxzPUpTT04ucGFyc2UoZCk7d2luZG93LmJsb2NrZXIgJiYgYmxvY2tlcihcIjQ4NjUzNjExX21hdGgtYWlkcy10aHJlYXRwb3N0XCIsIFwiPCEtLUFETF9XUkFQUEVELS0%2BXCIsIGZhbHNlLCB3aW5kb3csIHt9KTs8L3NjcmlwdD48L2hlYWQ%2BPC9odG1sPjwhLS0gSUZSQU1FIElOTkVSIENPTlRFTlQgLS0%2BIiwibWV0YSI6eyJwbFJhdGlvIjowLjAxLCJibGFja2xpc3RTdGF0dXMiOnsibG9hZGVkIjp0cnVlLCJyZW1vdmVkIjpmYWxzZSwiY291bnQiOjk0NH19fQ%3D%3D&i=2-2&t=adltag_l1kv423u_qu3E5hSq4t&r=40a69d6f93f5d6199d65bb5445e81b8&c=math-aids-threatpost&z=1
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.69 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-69.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

x-amz-version-id: D2POxJleIt92FyXaxSi7iRHuNLtujALh
via: 1.1 35a6ad9a7597ea2f4dacbdb5dc66a66c.cloudfront.net (CloudFront)
etag: "d41d8cd98f00b204e9800998ecf8427e"
age: 45812
x-cache: Error from cloudfront
content-length: 0
last-modified: Mon, 15 Jun 2020 18:35:10 GMT
server: AmazonS3
date: Mon, 04 Apr 2022 02:39:59 GMT
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: text/plain
access-control-allow-origin: *
x-amz-cf-pop: FRA56-C1
accept-ranges: bytes
x-amz-cf-id: 5RWtN1g1tnegClsfgKf5Wn6UF4Vg-ybaQpJBLSgvzu6BaHBu9pQ3Rw==

GET
H3 200 css
fonts.googleapis.com/ Frame 3AA9 8 KB
892 B 54ms
28ms Stylesheet
text/css 2a00:1450:4001:80e::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: 451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com
URL: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

1e046a89bb90f44dadb24f5fdfbe412b5f6d320b790f7317fad956b193234726

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 04 Apr 2022 15:01:02 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Mon, 04 Apr 2022 15:23:30 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 04 Apr 2022 15:23:30 GMT

GET
H3 200 load_preloaded_resource_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220330/r20110914/client/ Frame 3AA9 2 KB
904 B 18ms
18ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220330/r20110914/client/load_preloaded_resource_fy2019.js

Requested by

Host: 451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com
URL: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7a487d46a028c374c609924015d8c7ef6dd28b613a3739aa97ed2080984775bb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:19:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 229
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 877
x-xss-protection: 0
server: cafe
etag: 13035868154101442325
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 18 Apr 2022 15:19:41 GMT

GET
H3 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220330/r20110914/ Frame 3AA9 19 KB
8 KB 18ms
18ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220330/r20110914/abg_lite_fy2019.js

Requested by

Host: 451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com
URL: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d072a09604e6a1fea8ef42203503771aa36b63a3c91fd1059966e26e6f5812b3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:22:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 69
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7871
x-xss-protection: 0
server: cafe
etag: 7397949449432438406
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 18 Apr 2022 15:22:21 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220330/r20110914/client/ Frame 3AA9 2 KB
1 KB 18ms
18ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220330/r20110914/client/window_focus_fy2019.js

Requested by

Host: 451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com
URL: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

68026f99511fbc5c2275b7068b5fac19797d638977ffb9db12c5c1523614c18f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:22:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 85
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1233
x-xss-protection: 0
server: cafe
etag: 16517525077337815633
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 18 Apr 2022 15:22:05 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 3AA9 119 KB
36 KB 45ms
45ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com
URL: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d593fdf64289375adaa96b87ebf4c4beec2995d730e3601254e0a226808bfe57

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:23:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36916
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1648640521462251"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 04 Apr 2022 15:23:30 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220330/r20110914/client/ Frame 3AA9 15 KB
6 KB 18ms
18ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220330/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com
URL: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ecc2e585ea072abb205881f3aad6f36e92d556537e7100a8a128ddbc75edb436

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:22:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 33
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6407
x-xss-protection: 0
server: cafe
etag: 6055885685211612390
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 18 Apr 2022 15:22:57 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 3AA9 0
0 26ms
26ms Image
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaT8gepDmRHXGNj7UzUwXZ89vem5AT3lNgxH-QIGIQkSChoDfAEIep4aKKEMT1I5YTMBaVAk38Vuq4L_MnZKNCOCFI9XoA
Requested by: Host: 451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com
URL: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

GET
H3 200 dfa9fdc9b45632ba17ba59fe64d4dcb5.js Show response
www.gstatic.com/mysidia/ Frame 3AA9 29 KB
12 KB 18ms
18ms Script
text/javascript 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/dfa9fdc9b45632ba17ba59fe64d4dcb5.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: 451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com
URL: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

aa0992b4e17a3324d53313c014452f8636a4c6b1b84d3187886c386140911535

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Sat, 02 Apr 2022 11:21:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 187317
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12015
x-xss-protection: 0
last-modified: Tue, 29 Mar 2022 18:36:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Fri, 01 Jul 2022 11:21:33 GMT

POST
H/1.1 200
OK sv Show response
capi-tier-2-us-east-2.connatix.com/tr/ Frame FAC5 0
315 B 109ms
109ms XHR
application/x-protobuf 3.14.222.76
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://capi-tier-2-us-east-2.connatix.com/tr/sv?v=157383
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.14.222.76 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-14-222-76.us-east-2.compute.amazonaws.com
Software: Kestrel /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: multipart/form-data

Response headers

date: Mon, 04 Apr 2022 15:23:29 GMT
content-encoding: gzip
server: Kestrel
vary: Accept-Encoding
content-type: application/x-protobuf
access-control-allow-origin: https://threatpost.com
access-control-allow-credentials: true
Connection: keep-alive
Content-Length: 20

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 53ms
52ms Image
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=225&t=2&li=gpt_2022032106&jk=290203956529752&bg=!VValVhLNAAZku-1yRLs7ACkAdvg8Wt1l0rMHA4Gu4uuTFPSA46gC2HZmOwJAdKONoOhHvcXA2bFJfwIAAABZUgAAAAJoAQcKAFnzJB-kXPtDhGrafXhinNgYBmF6gr17cceTdTRS5IJeZoJVE5TvbGg9GYzzZpoeAiTlCYBKY8wQfmepSKTq-9pKrhz0S3TWDEi6osuWCAOkUaoVcK3rFMfoXJkC0VQFAY5mHa3rjq9TfKrO0m8hXnD2KXfNBKIfuF7r3drpJOE0kYKsQ1tl_oNFBcu9WN94Y6V8lqsVhBoOmo87oZHofYCXRLPvMWX_UNk-A-Pz829G9Irs_1Z0VxhURRbtPLgzz6pmS2ULh0sXyQdG8r6ipao5wanuMqrRdPXO6iwfph-bGC0KF1GSQXctGZvZnpQEBjhCSjcEOPh04B5ouaEC0EO8R5HRUOaUGn7Qg91f-NLGSasMAD33JhsM9G2MZytScoZbNZZcEf9HIgjPVQEDItjK3IxwmfnV5qkc-HRmyFImRPkqnz399T37HxZRVpL06yF2woS631N1MoS9u-QxEt42aFA4vfeOaEM-Wq4YfLWgRrALE6612vuxJ7bFURshOkcnooGEr_ExMQxzFumlHaXjjNdqAhaOMGLmLEOEYJVnvCprYj8o6nlmWpWALib-G1JUu3rx6bG2K-C7z9bn51fJFfoW1r-BWbymUnvdvHovEYZ-QpyCNlx9UduRHCMrMhFq9o4GWS8BBaQMTyvCpErICf9A4HpxMUMYI3U_qh9UYA8j8fnrdoAM9N7_mJyT4AgS-I2K-H2totVp9QJMx2iS2JQNug_uz6sMlucyvflNO6eCkx79_fvIHzs_Bgpr2r5eFvLKaBbG9ceC4OQujTMGYeXdsGBrR_dkf84qIxfmQoqrzD4TQdPIKQLv8EiQunIUIi5SUAOCZvi-hTVTvXhrPtmj9V8kPO5wJ7aH_uQv7dsTzLIxiV4G-bwmN-dDTOEfvCF5S0zTnBK5qHmsRVtcdf9PUvwvFcL2Yy_cs0vLfOvlIXU-o5uLGT1hy7_H96QZy7qPPAr3O-ExNEeXBxl_t6Rjp0Eh6S3ROAEQUNbqQp5QgIYvVFxijiNAkSOY084Jv02VwIAYl_RUHagscVyMceNI612FhjUKf2RMe3jNo-r0G9UTPOGlcIkIIHk

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 15:23:30 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pixel
cm.g.doubleclick.net/ Frame 4357 170 B
502 B 67ms
26ms Image
image/png 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=adscale&google_cm&google_dbm&gdpr=0

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPv1SRDa1sb8Ahi5tqbAATAB&v=APEucNV1lM3i98qKgxtwNkrLLZ2G24cLJ90wA3DLT3G4XVxWir0-LKKjPRiLRN23FyUSkrgwGIbFoHjky9K3Lm74cyP_C1iKjnRbv8n4tZssdANj3-ziFak

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 15:23:30 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 4357
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm&gdpr=0
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEClFc2DPTgNTMjpvCu-jGwg&google_cver=1&gdpr=0

43 B
1014 B

25ms
23ms

Image
image/gif

23.35.228.247
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEClFc2DPTgNTMjpvCu-jGwg&google_cver=1&gdpr=0
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPv1SRDa1sb8Ahi5tqbAATAB&v=APEucNV1lM3i98qKgxtwNkrLLZ2G24cLJ90wA3DLT3G4XVxWir0-LKKjPRiLRN23FyUSkrgwGIbFoHjky9K3Lm74cyP_C1iKjnRbv8n4tZssdANj3-ziFak
Protocol: HTTP/1.1
Server: 23.35.228.247 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-228-247.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 04 Apr 2022 15:23:30 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Mon, 04 Apr 2022 15:23:30 GMT

Redirect headers

pragma: no-cache
date: Mon, 04 Apr 2022 15:23:30 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEClFc2DPTgNTMjpvCu-jGwg&google_cver=1&gdpr=0
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 324
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET

pixel
cm.g.doubleclick.net/ Frame 4357
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&gdpr=0&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgdpr%3D0%26google_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&gdpr=0&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?gdpr=0&google_nid=casale_media2_dsp_secure&google_cm&google_hm=YksNct4UTVn3MBHk14kPKAAA

0
0

GET
H2 200 pixel
cm.g.doubleclick.net/ Frame F128 170 B
232 B 79ms
41ms Image
image/png 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=adscale&google_cm&google_dbm&gdpr=0

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPv1SRDa1sb8AhjN56XAATAB&v=APEucNV6qefQOhiPs6_Yo6V6IYXpX-kU_DF_XhBiUBIdDP9wtyoevKoGBY5FI7Vva0LzYCjdEzbCXgBPrxvL2xtwiLy5Qbau3Vytw_Y-2JlTEsebd7YWozE

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 15:23:30 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame F128
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm&gdpr=0
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEClFc2DPTgNTMjpvCu-jGwg&google_cver=1&gdpr=0

43 B
1014 B

33ms
28ms

Image
image/gif

23.35.228.247
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEClFc2DPTgNTMjpvCu-jGwg&google_cver=1&gdpr=0
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPv1SRDa1sb8AhjN56XAATAB&v=APEucNV6qefQOhiPs6_Yo6V6IYXpX-kU_DF_XhBiUBIdDP9wtyoevKoGBY5FI7Vva0LzYCjdEzbCXgBPrxvL2xtwiLy5Qbau3Vytw_Y-2JlTEsebd7YWozE
Protocol: HTTP/1.1
Server: 23.35.228.247 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-228-247.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 04 Apr 2022 15:23:30 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Mon, 04 Apr 2022 15:23:30 GMT

Redirect headers

pragma: no-cache
date: Mon, 04 Apr 2022 15:23:30 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEClFc2DPTgNTMjpvCu-jGwg&google_cver=1&gdpr=0
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 324
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET

pixel
cm.g.doubleclick.net/ Frame F128
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&gdpr=0&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgdpr%3D0%26google_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&gdpr=0&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?gdpr=0&google_nid=casale_media2_dsp_secure&google_cm&google_hm=YksNct4UTVn3MBHk14kPKAAA

0
0

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame BB09
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm&gdpr=0
https://ib.adnxs.com/setuid?entity=101&gdpr=0&code=CAESEIlJeqKtlwOY6iWip9Yozqc&google_cver=1

43 B
1020 B

24ms
24ms

Image
image/gif

185.33.223.38
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&gdpr=0&code=CAESEIlJeqKtlwOY6iWip9Yozqc&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CIvVChCpn9ACGPfdpsUBMAE&v=APEucNV3RLWqTTI4GmOVyH3X4jtSB4NwOeE8hJ1-nOepw-NpAzpAHBLwhesNXCzBeOap7KpxW3Kq1LbhTvH9CPkuGnD4yPq9r-f3V4TpEcAJCmQEYRZi8Vc

Protocol

HTTP/1.1

Server

185.33.223.38 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

400.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 04 Apr 2022 15:23:30 GMT
X-Proxy-Origin: 217.114.215.132; 217.114.215.132; 400.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid: ae6087b5-53ed-4a60-ac48-17df34bf6773
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 04 Apr 2022 15:23:30 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ib.adnxs.com/setuid?entity=101&gdpr=0&code=CAESEIlJeqKtlwOY6iWip9Yozqc&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 301
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame BB09
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjUxNDY2MTg3ODUwMjAxNTMwMA%3D%3D

170 B
0

55ms
28ms

Image
image/png

142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjUxNDY2MTg3ODUwMjAxNTMwMA%3D%3D

Requested by

Protocol

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 15:23:30 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 04 Apr 2022 15:23:30 GMT
X-Proxy-Origin: 217.114.215.132; 217.114.215.132; 400.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid: ca8b0bb9-8a8e-44ed-b93c-72dbd2b05a13
Server: nginx/1.21.3
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjUxNDY2MTg3ODUwMjAxNTMwMA%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3

200

sd
us-u.openx.net/w/1.0/ Frame BB09
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm&gdpr=0
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEK6JOiNqmC1zGYTi6YgLauM&google_cver=1&gdpr=0

43 B
61 B

36ms
36ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEK6JOiNqmC1zGYTi6YgLauM&google_cver=1&gdpr=0
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CIvVChCpn9ACGPfdpsUBMAE&v=APEucNV3RLWqTTI4GmOVyH3X4jtSB4NwOeE8hJ1-nOepw-NpAzpAHBLwhesNXCzBeOap7KpxW3Kq1LbhTvH9CPkuGnD4yPq9r-f3V4TpEcAJCmQEYRZi8Vc
Protocol: H3
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/18.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 15:23:30 GMT
via: 1.1 google
server: OXGW/18.0.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 04 Apr 2022 15:23:30 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEK6JOiNqmC1zGYTi6YgLauM&google_cver=1&gdpr=0
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 306
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET

pixel
cm.g.doubleclick.net/ Frame BB09
Redirect Chain

https://us-u.openx.net/w/1.0/cm?id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&gdpr=0&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=NDNlYWNmNGQtZTkwZi0yMzQ4LWQ1ZjEtNTIyZTg2ZDc1YjJk

0
0

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 7421 41 KB
15 KB 18ms
18ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 11:16:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 14811
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 04 Apr 2023 11:16:39 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 2130 41 KB
15 KB 20ms
19ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 11:16:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 14811
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 04 Apr 2023 11:16:39 GMT

GET
H3 200 express_html_inpage_rendering_lib_200_275.js
s0.2mdn.net/879366/ Frame B5CC 106 KB
0 47ms
21ms Script
text/javascript 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_275.js

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/
Origin: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 14:41:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2507
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37892
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:44:52 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 05 Apr 2022 14:41:43 GMT

GET omrhp.js
pagead2.googlesyndication.com/pagead/js/r20220330/r20110914/elements/html/ Frame B5CC 0
0

GET abg_lite.js
pagead2.googlesyndication.com/pagead/js/r20220330/r20110914/ Frame B5CC 0
0

GET
H3 200 impl_v85.js Show response
www.googletagservices.com/dcm/ Frame 7421 42 KB
17 KB 17ms
17ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/dcm/impl_v85.js

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7337a38ce3a732e5243bd354ad12d96b4d5512e283a8dd70d129b730d7a5d3d3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Sun, 03 Apr 2022 22:14:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 61715
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-dcm-tag
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17382
x-xss-protection: 0
last-modified: Mon, 21 Feb 2022 17:13:18 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-dcm-tag"
vary: Accept-Encoding
report-to: {"group":"ads-dcm-tag","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-dcm-tag"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 03 Apr 2023 22:14:55 GMT

GET
H3 200 s
googleads.g.doubleclick.net/pagead/drt/ Frame 9A16 0
0 21ms
17ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: 451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com
URL: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

age: 976
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
date: Mon, 04 Apr 2022 15:07:14 GMT
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 impl_v85.js
www.googletagservices.com/dcm/ Frame 2130 42 KB
0 18ms
17ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/dcm/impl_v85.js

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Sun, 03 Apr 2022 22:14:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 61715
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-dcm-tag
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17382
x-xss-protection: 0
last-modified: Mon, 21 Feb 2022 17:13:18 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-dcm-tag"
vary: Accept-Encoding
report-to: {"group":"ads-dcm-tag","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-dcm-tag"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 03 Apr 2023 22:14:55 GMT

GET
H3 200 Enqz_20U.html
tpc.googlesyndication.com/sodar/ Frame 8DDA 0
0 20ms
18ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

accept-ranges: bytes
age: 14810
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 04 Apr 2022 11:16:40 GMT
expires: Tue, 04 Apr 2023 11:16:40 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 Enqz_20U.html
tpc.googlesyndication.com/sodar/ Frame 2D47 0
0 20ms
19ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

accept-ranges: bytes
age: 14810
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 04 Apr 2022 11:16:40 GMT
expires: Tue, 04 Apr 2023 11:16:40 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET B27119434.326276386;dc_ver=85.248;dc_eid=40004000;sz=728x90;u_sd=1;gdpr=0;dc_adk=3037181502;ord=xhg51e;click=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCZ2xNcA1LYoLAK9Dug...
ad.doubleclick.net/ddm/adi/N7171.3054164TW_ORGANIC/ Frame DD1D 0
0

GET
H3 200 container.html Show response
451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 69A5 6 KB
3 KB 20ms
19ms Document
text/html 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

accept-ranges: bytes
age: 3
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 04 Apr 2022 15:23:28 GMT
expires: Tue, 04 Apr 2023 15:23:28 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 container.html Show response
451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame C8AE 6 KB
3 KB 20ms
20ms Document
text/html 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

accept-ranges: bytes
age: 3
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 04 Apr 2022 15:23:28 GMT
expires: Tue, 04 Apr 2023 15:23:28 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 container.html Show response
451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 4DE6 6 KB
3 KB 20ms
20ms Document
text/html 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

accept-ranges: bytes
age: 3
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 04 Apr 2022 15:23:28 GMT
expires: Tue, 04 Apr 2023 15:23:28 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 container.html Show response
451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 9471 6 KB
3 KB 19ms
18ms Document
text/html 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

accept-ranges: bytes
age: 3
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 04 Apr 2022 15:23:28 GMT
expires: Tue, 04 Apr 2023 15:23:28 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 bl-39123b0-71ac0870.js Show response
tagan.adlightning.com/math-aids-threatpost/ Frame 69A5 46 KB
19 KB 18ms
17ms Script
application/javascript 65.9.66.117
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/math-aids-threatpost/bl-39123b0-71ac0870.js
Requested by: Host: 451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com
URL: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.117 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-117.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: e2835af998d5ef885bfa14a1b1995c7724d5b6a76f545b4a491763bff6f0dac5

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Sat, 02 Apr 2022 00:47:40 GMT
content-encoding: gzip
age: 225352
x-cache: Hit from cloudfront
content-length: 19393
x-amz-meta-git_commit: 39123b0
last-modified: Sat, 02 Apr 2022 00:31:19 GMT
server: AmazonS3
etag: "27a611307893faed4f77b20bc9c527af"
x-amz-version-id: ciXDgJvjDfKJZB9C8XzODN3O2B85Zno7
via: 1.1 4f114016fe4d6c05531b0486ec2868be.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: FRA56-C1
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: PFsV1LbOKxqFuxwjJceRwhDHzt1DQeyqUjfu2-G1bUbIeyEJBJmvBQ==

GET
H2 200 b-7b120a5-9b871d4e.js Show response
tagan.adlightning.com/math-aids-threatpost/ Frame 69A5 73 KB
28 KB 19ms
18ms Script
application/javascript 65.9.66.117
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js
Requested by: Host: 451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com
URL: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.117 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-117.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 4658e1122a2190db712f6731d3e8c14b027f0a42bd7c1333b11d272f8e9ea3fd

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Oct 2021 20:58:51 GMT
content-encoding: gzip
age: 15963881
x-cache: Hit from cloudfront
content-length: 28179
x-amz-meta-git_commit: 7b120a5
last-modified: Mon, 16 Aug 2021 17:49:31 GMT
server: AmazonS3
etag: "c42a7ac1ac405f3f0cad04305cad5553"
x-amz-version-id: HCJNSpgvHPkSF2.YDap.Qx6PnxOllH79
via: 1.1 4f114016fe4d6c05531b0486ec2868be.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: FRA56-C1
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: ctlpMDEc5qkgyzBaX6nreX5UrbYKCv02eevklq4qtXRDNWnayUkhig==

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 69A5 42 B
64 B 53ms
52ms Image
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-AfRyXKaNgoO_R3Of559Er0P_wMJbQvgcFRPfGlE5pMYtruXwddfcevGKxL3URDwVRE-Io3iOf1HfoB74D7EuZpW-6Bugng9QoQGdTG9o4X7KW4Anw

Requested by

Host: 451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com
URL: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 15:23:31 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 dcmads.js Show response
www.googletagservices.com/dcm/ Frame 69A5 11 KB
5 KB 22ms
21ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/dcm/dcmads.js

Requested by

Host: 451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com
URL: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

503a1dd70b8b9c286875f5f7de72bce93c664b79f3fcfeefa1150d2384df33a0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:19:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 244
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-dcm-tag
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5008
x-xss-protection: 0
last-modified: Thu, 24 Feb 2022 18:23:57 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-dcm-tag"
vary: Accept-Encoding
report-to: {"group":"ads-dcm-tag","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-dcm-tag"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Mon, 04 Apr 2022 16:19:27 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220330/r20110914/client/ Frame 69A5 2 KB
1 KB 19ms
18ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220330/r20110914/client/window_focus_fy2019.js

Requested by

Host: 451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com
URL: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

68026f99511fbc5c2275b7068b5fac19797d638977ffb9db12c5c1523614c18f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:22:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 86
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1233
x-xss-protection: 0
server: cafe
etag: 16517525077337815633
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 18 Apr 2022 15:22:05 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 69A5 119 KB
36 KB 36ms
35ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com
URL: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d593fdf64289375adaa96b87ebf4c4beec2995d730e3601254e0a226808bfe57

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:23:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36916
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1648640521462251"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 04 Apr 2022 15:23:31 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220330/r20110914/client/ Frame 69A5 15 KB
6 KB 22ms
22ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220330/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com
URL: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ecc2e585ea072abb205881f3aad6f36e92d556537e7100a8a128ddbc75edb436

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:22:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 34
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6407
x-xss-protection: 0
server: cafe
etag: 6055885685211612390
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 18 Apr 2022 15:22:57 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 69A5 0
0 26ms
25ms Image
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRZvu4IYKKQImphUGfApo-8nm6fXPkxdDcvMWD0fzriPfQyV7IIKCuAnDjsEEchIIdRziUuNB_5e_D53a9F7xPWEAJ0NA
Requested by: Host: 451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com
URL: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

GET
H2 200 bl-39123b0-71ac0870.js Show response
tagan.adlightning.com/math-aids-threatpost/ Frame C8AE 46 KB
19 KB 19ms
18ms Script
application/javascript 65.9.66.117
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/math-aids-threatpost/bl-39123b0-71ac0870.js
Requested by: Host: 451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com
URL: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.117 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-117.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: e2835af998d5ef885bfa14a1b1995c7724d5b6a76f545b4a491763bff6f0dac5

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Sat, 02 Apr 2022 00:47:40 GMT
content-encoding: gzip
age: 225352
x-cache: Hit from cloudfront
content-length: 19393
x-amz-meta-git_commit: 39123b0
last-modified: Sat, 02 Apr 2022 00:31:19 GMT
server: AmazonS3
etag: "27a611307893faed4f77b20bc9c527af"
x-amz-version-id: ciXDgJvjDfKJZB9C8XzODN3O2B85Zno7
via: 1.1 4f114016fe4d6c05531b0486ec2868be.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: FRA56-C1
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: pPGWiqmRtWgTRNkBfgUdtruI8S6gZzmvve1q7MJcm1UuD9JPkQYycQ==

GET
H2 200 b-7b120a5-9b871d4e.js Show response
tagan.adlightning.com/math-aids-threatpost/ Frame C8AE 73 KB
28 KB 19ms
18ms Script
application/javascript 65.9.66.117
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js
Requested by: Host: 451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com
URL: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.117 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-117.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 4658e1122a2190db712f6731d3e8c14b027f0a42bd7c1333b11d272f8e9ea3fd

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Oct 2021 20:58:51 GMT
content-encoding: gzip
age: 15963881
x-cache: Hit from cloudfront
content-length: 28179
x-amz-meta-git_commit: 7b120a5
last-modified: Mon, 16 Aug 2021 17:49:31 GMT
server: AmazonS3
etag: "c42a7ac1ac405f3f0cad04305cad5553"
x-amz-version-id: HCJNSpgvHPkSF2.YDap.Qx6PnxOllH79
via: 1.1 4f114016fe4d6c05531b0486ec2868be.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: FRA56-C1
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: ozkan54SH6s0uZs688tdEjoNJZ4CnxALJtWkDpiPV3oxkZ6Cz-eTOw==

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame C8AE 42 B
64 B 53ms
52ms Image
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-CWUU0WtHwMrb8AmM9dScMTsqDEWltDslEt1FW4OdPPjqYOK5suZqUNvStnwx8yt3n2BRcMzHelvzV05SBujLBvXotUyur02mmNHjIxTKQvjAwMYD4

Requested by

Host: 451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com
URL: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 15:23:31 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 dcmads.js Show response
www.googletagservices.com/dcm/ Frame C8AE 11 KB
5 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/dcm/dcmads.js

Requested by

Host: 451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com
URL: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

503a1dd70b8b9c286875f5f7de72bce93c664b79f3fcfeefa1150d2384df33a0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:19:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 244
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-dcm-tag
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5008
x-xss-protection: 0
last-modified: Thu, 24 Feb 2022 18:23:57 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-dcm-tag"
vary: Accept-Encoding
report-to: {"group":"ads-dcm-tag","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-dcm-tag"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Mon, 04 Apr 2022 16:19:27 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220330/r20110914/client/ Frame C8AE 2 KB
1 KB 18ms
18ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220330/r20110914/client/window_focus_fy2019.js

Requested by

Host: 451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com
URL: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

68026f99511fbc5c2275b7068b5fac19797d638977ffb9db12c5c1523614c18f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:22:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 86
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1233
x-xss-protection: 0
server: cafe
etag: 16517525077337815633
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 18 Apr 2022 15:22:05 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame C8AE 119 KB
36 KB 60ms
59ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com
URL: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d593fdf64289375adaa96b87ebf4c4beec2995d730e3601254e0a226808bfe57

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:23:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36916
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1648640521462251"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 04 Apr 2022 15:23:31 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220330/r20110914/client/ Frame C8AE 15 KB
6 KB 23ms
23ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220330/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com
URL: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ecc2e585ea072abb205881f3aad6f36e92d556537e7100a8a128ddbc75edb436

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:22:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 34
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6407
x-xss-protection: 0
server: cafe
etag: 6055885685211612390
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 18 Apr 2022 15:22:57 GMT

GET
H2 200 bl-39123b0-71ac0870.js Show response
tagan.adlightning.com/math-aids-threatpost/ Frame 4DE6 46 KB
19 KB 19ms
19ms Script
application/javascript 65.9.66.117
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/math-aids-threatpost/bl-39123b0-71ac0870.js
Requested by: Host: 451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com
URL: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.117 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-117.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: e2835af998d5ef885bfa14a1b1995c7724d5b6a76f545b4a491763bff6f0dac5

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Sat, 02 Apr 2022 00:47:40 GMT
content-encoding: gzip
age: 225352
x-cache: Hit from cloudfront
content-length: 19393
x-amz-meta-git_commit: 39123b0
last-modified: Sat, 02 Apr 2022 00:31:19 GMT
server: AmazonS3
etag: "27a611307893faed4f77b20bc9c527af"
x-amz-version-id: ciXDgJvjDfKJZB9C8XzODN3O2B85Zno7
via: 1.1 4f114016fe4d6c05531b0486ec2868be.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: FRA56-C1
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: cjru8ly9YGb_Zh-pW5JExVYZ0TkCfu9yAsKgYAa6PX6GgYoERYbqAw==

GET
H2 200 b-7b120a5-9b871d4e.js Show response
tagan.adlightning.com/math-aids-threatpost/ Frame 4DE6 73 KB
28 KB 20ms
20ms Script
application/javascript 65.9.66.117
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js
Requested by: Host: 451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com
URL: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.117 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-117.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 4658e1122a2190db712f6731d3e8c14b027f0a42bd7c1333b11d272f8e9ea3fd

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Oct 2021 20:58:51 GMT
content-encoding: gzip
age: 15963881
x-cache: Hit from cloudfront
content-length: 28179
x-amz-meta-git_commit: 7b120a5
last-modified: Mon, 16 Aug 2021 17:49:31 GMT
server: AmazonS3
etag: "c42a7ac1ac405f3f0cad04305cad5553"
x-amz-version-id: HCJNSpgvHPkSF2.YDap.Qx6PnxOllH79
via: 1.1 4f114016fe4d6c05531b0486ec2868be.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: FRA56-C1
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: H2LM89y8S01eACf0H9OP921HPT75GB-IVdii1tIITGj32m7XB8xqBQ==

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 4DE6 42 B
64 B 53ms
52ms Image
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-C5eZ6qSpxOzn0kEwYfznfcbFVbCvjNYWYMz8z4UAnByXTHwVcRnKmaQuhkntdiuve6_KyZ3C9yJ4TO50bqWRh8Ogs218FwAQBMS9mW5zU2sxxy-Rk

Requested by

Host: 451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com
URL: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 15:23:31 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220330/r20110914/client/ Frame 4DE6 2 KB
1 KB 21ms
20ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220330/r20110914/client/window_focus_fy2019.js

Requested by

Host: 451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com
URL: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

68026f99511fbc5c2275b7068b5fac19797d638977ffb9db12c5c1523614c18f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:22:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 87
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1233
x-xss-protection: 0
server: cafe
etag: 16517525077337815633
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 18 Apr 2022 15:22:05 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 4DE6 119 KB
36 KB 50ms
50ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com
URL: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d593fdf64289375adaa96b87ebf4c4beec2995d730e3601254e0a226808bfe57

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:23:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36916
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1648640521462251"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 04 Apr 2022 15:23:31 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220330/r20110914/client/ Frame 4DE6 15 KB
6 KB 22ms
22ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220330/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com
URL: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ecc2e585ea072abb205881f3aad6f36e92d556537e7100a8a128ddbc75edb436

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:22:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 34
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6407
x-xss-protection: 0
server: cafe
etag: 6055885685211612390
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 18 Apr 2022 15:22:57 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 4DE6 0
0 27ms
27ms Image
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSiVhOFl1AbpeOW2DWK0-mZPimYSxa8wsDFLFWYEeS2CnfE58HAyVZnqN-7MSOXME0vzE9dX32_GstGQcPnu9XHvtzHOw
Requested by: Host: 451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com
URL: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

GET
H2 200 bl-39123b0-71ac0870.js Show response
tagan.adlightning.com/math-aids-threatpost/ Frame 9471 46 KB
19 KB 20ms
20ms Script
application/javascript 65.9.66.117
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/math-aids-threatpost/bl-39123b0-71ac0870.js
Requested by: Host: 451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com
URL: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.117 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-117.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: e2835af998d5ef885bfa14a1b1995c7724d5b6a76f545b4a491763bff6f0dac5

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Sat, 02 Apr 2022 00:47:40 GMT
content-encoding: gzip
age: 225352
x-cache: Hit from cloudfront
content-length: 19393
x-amz-meta-git_commit: 39123b0
last-modified: Sat, 02 Apr 2022 00:31:19 GMT
server: AmazonS3
etag: "27a611307893faed4f77b20bc9c527af"
x-amz-version-id: ciXDgJvjDfKJZB9C8XzODN3O2B85Zno7
via: 1.1 4f114016fe4d6c05531b0486ec2868be.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: FRA56-C1
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: 9dGSyo17hn7Ls96jQvJh3YDYukcJY3KUyj80DwE2WcXv6Qa3hdKqQQ==

GET
H2 200 b-7b120a5-9b871d4e.js Show response
tagan.adlightning.com/math-aids-threatpost/ Frame 9471 73 KB
28 KB 21ms
21ms Script
application/javascript 65.9.66.117
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js
Requested by: Host: 451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com
URL: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.117 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-117.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 4658e1122a2190db712f6731d3e8c14b027f0a42bd7c1333b11d272f8e9ea3fd

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Oct 2021 20:58:51 GMT
content-encoding: gzip
age: 15963881
x-cache: Hit from cloudfront
content-length: 28179
x-amz-meta-git_commit: 7b120a5
last-modified: Mon, 16 Aug 2021 17:49:31 GMT
server: AmazonS3
etag: "c42a7ac1ac405f3f0cad04305cad5553"
x-amz-version-id: HCJNSpgvHPkSF2.YDap.Qx6PnxOllH79
via: 1.1 4f114016fe4d6c05531b0486ec2868be.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: FRA56-C1
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: BBFPO3vqia3Qcn1z9a89lI8SRgyjlb5S18Ul5ijifwISuFTo3WkFAw==

GET
H3 200 css2
fonts.googleapis.com/ Frame 9471 4 KB
634 B 29ms
28ms Stylesheet
text/css 2a00:1450:4001:80e::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap

Requested by

Host: 451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com
URL: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

ab7475d461d9f613ef90faa375ec3387987dd7536af23c13cacd6be9c0c0e370

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 04 Apr 2022 14:03:43 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Mon, 04 Apr 2022 15:23:31 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 04 Apr 2022 15:23:31 GMT

GET
H3 200 feedback_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 9471 205 B
229 B 19ms
18ms Image
image/png 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/feedback_grey600_24dp.png

Requested by

Host: 451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com
URL: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Sun, 03 Apr 2022 21:38:16 GMT
x-content-type-options: nosniff
age: 63915
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 205
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Mon, 03 Apr 2023 21:38:16 GMT

GET
H3 200 settings_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 9471 604 B
628 B 19ms
18ms Image
image/png 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/settings_grey600_24dp.png

Requested by

Host: 451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com
URL: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Sun, 03 Apr 2022 21:25:50 GMT
x-content-type-options: nosniff
age: 64661
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 604
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Mon, 03 Apr 2023 21:25:50 GMT

GET
H3 200 interstitial_ad_frame_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220330/r20110914/elements/html/ Frame 9471 19 KB
8 KB 22ms
21ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220330/r20110914/elements/html/interstitial_ad_frame_fy2019.js

Requested by

Host: 451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com
URL: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e11dced993be3d8dc0b83a9532f0423d64ef189d577b91a7f9794b653ba435bd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 14:15:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 4096
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8226
x-xss-protection: 0
server: cafe
etag: 11792478805792993122
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 18 Apr 2022 14:15:15 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame FA31 462 B
253 B 29ms
29ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CPv1SRDa1sb8AhjN56XAATAB&v=APEucNX1RWWT8vp13clGEZMCSPnfYoxcAt2F_DuAowFyKuhk8wgvw2hYe39DUgpgN4Chkbk_QinO78Gf5hgYPb_rtSZzfvwmYvlpK9UfwCIHMZDOa8_hmFM

Requested by

Host: 451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com
URL: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

89d538c36cf602eba0a7634d92b4ba8fe05a79bbd7c2721f490bcf993ba3ebf6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: gzip
content-length: 232
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 04 Apr 2022 15:23:31 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame C8AE 14 KB
11 KB 54ms
53ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CFSsfEGlu37dPzMqzzLKtZT9yy7lNg75z-EOBtKcR8wzgW1_C-ociAnWB9ckp5Ggdp4vHkVfVKK82bhS72nW4tZGDdW5kaJFo-_-E3S2v2v5Jd9c-i-RBWsxtLB8JOAX4SDSLPKjXd8tdbmZPJ88lfeDrQIQ&cry=1&dbm_d=AKAmf-AfrSS5YCOrDXp61r2Fp4Rbg7ZyV2NBqYHPoAS7vQhp6utQOZOzLCVHz7mjHxB1oJVO7PeCc_rImTK11s46Ui_UU2fHUMxi7PFJ50Glnx8V6bPc9KuCod89FebzcKNlzy1WA4amKpAJ1eQBpWFWHXOFnc9AEwcY8H7fcCmZK82ISHJlPYnCfFjf6GTf4h1Ww8XU4uq-X-f2cHXnqyoTOz_7SgvolCF9r-b_o-AuJCY948gMtqsdWtvU8unQVpJJaLp1_RVl5oLopdfEt0bTVzPG-ol6YZkqwgY-RT9B94V62zUi0apuobHpt_ixBlgRvKiqLR8fchrBl3VBFWkLe6X9LqoHL2Z1twI2PUfNrgcp8_exr1mbAz69wM29dpX4chubsol07duqdCr06pKCZi7LvMczQaQDGNlpwlnTfnhY_6yoTM3XIrlcGpg_n-ddn8ZWLHhdSMqCZoKHBEUks0PFUA_IB7Z7ba_u5TEhGpcqli90-dHGfgROJGVAciv1GiPGrg9Z_11FxbU6wnSi9nINBSaE0glt7WcuPDdT0CJVgsclxH5uFznWRuMPHAhaiReQxwDPX4yWrp4eMZYhOX3t9Mz8mSWolOiDuQENVjNhVVzMX4XcK0e5Uz977oF4uSJoIQnoOjsKfosppR5rL1pyIWWljMuzFvn2vgF7oZONfMFy0rb4aeOucjn8LWJ6j6-GtpPyyRg1-OeE0JiNWSQz8HGkHKYKaBxTlNr4XZjL78qp-Prc51WX5x2jASelvHcq0j_k2A6fD89fBkvcU0TbbxTuQ_Me6jR89lrtGil3buhTe4xDeAzNlrwiOuMPLE_aQE_p1ultbZMCCVtHW8olEGjkqlKQ522XnflEoskEDHJiYr0FpEszE28zZbcWQ0upkQZEf8Cb5xu5F4UUNyNIC_BKQK95C7csDRtRGzkDRLI5trNqaJXZI6ij7iGE91e1O5wE0xTnr12f1c8k71597UCzNJJShl4Mb8dmAtSkDS6HT0uL3mLC6D_ltSPPkV21BrpxuKmf3fyNLIvC8vW0avjHCksOsOgB8txQ7BDfOOZkTcM5V6SLqKIr22RwRVTDxNJdTmhbjsj81G0VOLmUy7OzcVYCKev_BHiOBF_u98MlGlDElY3DQgdygTdC5V4rDuLsaMsUigsjxMCH2J_LwKPZQQKlWuyI2fKRI_gY_2p8fAKh7devJHhobS1HMbXnPWNkGYdZAPFcbXDh-vyKCwqb1Y00wsoqVWD6CQnNv2xzjVpWuQJHQlcxl6X6RqByqH64L61jzZ5CkhnrgA_qpwAwzMwMqTtYNhCxL0MU-qw04xCUhxCfHgI10Iz9EXbLGpkTDGdYacLkyzqX82HX3Un9nU7xrxk2f2l5NgQD_ruxutjD3xWWZFEQKqTzBgpzT66Fdc1LQfskwg-FwT3ee2ICw-EU3FbthPtzhdkKtY8XhB6FlR-ET0vuP2Hr70Z2Yy3Ozk5AedqEyEXn0QM0Rt_N1KNaqt1lv0celhQAnBMUf6LyNbTKSocs8wZ1D40kUAvCWKFCO7hHD6jNSi8Bo-VE-0Z8loyw7M17WdhGtVtuSsSK5qV8IxC2H0QdhPJc4oLPd9jUcPMzVmHnIia9NNbLlnT08IbF2unik4KxedGkzMllU85Hx6hWddOD5Ggy9ynBilWr7P4Lgrs_PnlLWHlNu0xqUKhxcRXOIGPoS-uBBJ7XVHtSe5wSUN1TNNsmJkbc_s-Y7meozIqzslRVr-p57dAxvVMa7JfonPj-E0TKz1uvnFZR9jyA8xAcGgYwpv87hDfuZ92NNsS-q1dCerHWJJ3JuRm3zUxb2KTT4ESjTwx-QQE_52qNm8eX2uEmwj5zc4f0QEgx1bD9T9xNq2ITwgZF0FhKcdKfG_H198DcoMu6qysvUK0ajtvcExGA372zPu48Zz3P5ZLFddSdrI2XcnY7LQhy2Ve9U9Ei9Z9BjgXhQhNAc1FU8tXR4vI0HM1xlGgprQ9SdDkBr_2myXoZroM-jBXiofjPOtsEeH2lGW_3q-4g5ZGt2Xz8cz-TofZ_MctiiUCPyGUCMtU2SA2q6-xzb4bEzrKlz8f_y2ybSXk59u2LsYBAaEZ2moNfsrrht9YZ_35iHZ2CgvOxvFcS03JH5SW8l0wsiHMURGvwpVi8pn9ssU3CHJ8LjD7RzQThY4Otao5Kch1IHR9Uj6AIEe7anJC-csn8Od3MFYHMAJvR1ZZ5siAHaugnqdDiiyUU6KEDiITr03IG3My4T1CSlPl9zQjDJMOWRMHYvk7VPEiEdls3hsytmsQ9RX5uAIH_dgPogfWAYerIHywdnas3A8oek8-XF1LwOTwtUpTQ4o9sJPSSEg14iONpc9Lj1kB_o2zbiCiMmOcMNdlHoW68vhBq9ISRqDgOw56W5EwCVZNeekpm4dH8p8UW237srOuZejnF-eL8jx6C8UsH1SudpqGZqH-89OEfDcCNv2GZYD7Z49pMrlwuRcoqUdoOkvZeR1z2ZlhWthbIlMUV3XNCbFUqFrZwnQxy-AwV9q5bhNkakZk_3OiIB7xLbaThOLI3N9rrzAlEO-g02agJRQW3UaXdqonHYgtNQopx_IBiv5JNvSEImIsF8N2p60URS3Yehb7Tc5w3yvwXFadmvWTVAjtuK4bMP730X7_uzRla7uJmG5Fq4WEclJadMrhnhpgmGqRoiwD6xraqPJSd5E9LRG7uggSk8dX2wtz1B0vmxdqI5b1EZtv1-4f9g4wGaVhN2uR7IdD1Vi8FLkJ9K-2HlRnyG7TqhGev6mtWMJZPnUViBr_ZbnquxeaksnAkZAD54v3oVwL7S7xwTdWIEmvPyI09eNwYmQcpjNGOzX-orX2ylDbAThj6ZJfDUSN0nyTOHIR53R54_Ctbc3X2faKro1lI0YoEiFLzSLza7sdO6Z9WGjfiBcPzkevaay6THAXCEWgsPMX_Ni589uB6P4H9KhsV3I5mJJfnWF0gt0IPAZmrZRj1y95inYKf9BuIqxwTokXpLGpBUiodFmZoublpqTFA3HWlLpJEayaa1dTmPwXP_9jX0tmLOasyGKGaysfc83ESlda6VqS2r4uPWn929-GHstJBYNbNXHBTlvH-1RBKlakmRbgOUBz7REAndxRr9JVbindBkXwaXQLKJuS0_00-kilnHMElcvSXoD9w_wib7EM5LTaV8V0haEH4_HKW39-UweXI2_QoE0ilLD7QXCMzQKXj0M5unh1Bu9gWOpmNq2-8WaiaPlGkbapY-pYDkiRyB4g9wSTH2vUG9A6ZnA&cid=CAASJORoH_D-AVm3-lMEVFXjguhBCUzQ31Op7v_EJUUO1D6gWwUPNw&rfl=1%2Chttps%253A%252F%252Fthreatpost.com%252F%240

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a184671c97c60a8bc92aa2950c751217f5a3be42ebf19333ea3b566aab3612e7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 15:23:31 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10910
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame 6743 8 KB
892 B 26ms
26ms Stylesheet
text/css 2a00:1450:4001:80e::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: 451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com
URL: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

1e046a89bb90f44dadb24f5fdfbe412b5f6d320b790f7317fad956b193234726

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 04 Apr 2022 13:39:34 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Mon, 04 Apr 2022 15:23:32 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 04 Apr 2022 15:23:32 GMT

GET
H3 200 load_preloaded_resource_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220330/r20110914/client/ Frame 6743 2 KB
904 B 19ms
18ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220330/r20110914/client/load_preloaded_resource_fy2019.js

Requested by

Host: 451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com
URL: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7a487d46a028c374c609924015d8c7ef6dd28b613a3739aa97ed2080984775bb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:19:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 231
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 877
x-xss-protection: 0
server: cafe
etag: 13035868154101442325
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 18 Apr 2022 15:19:41 GMT

GET
H3 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220330/r20110914/ Frame 6743 19 KB
8 KB 19ms
18ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220330/r20110914/abg_lite_fy2019.js

Requested by

Host: 451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com
URL: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d072a09604e6a1fea8ef42203503771aa36b63a3c91fd1059966e26e6f5812b3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:22:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 71
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7871
x-xss-protection: 0
server: cafe
etag: 7397949449432438406
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 18 Apr 2022 15:22:21 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220330/r20110914/client/ Frame 6743 2 KB
1 KB 19ms
19ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220330/r20110914/client/window_focus_fy2019.js

Requested by

Host: 451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com
URL: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

68026f99511fbc5c2275b7068b5fac19797d638977ffb9db12c5c1523614c18f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:22:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 87
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1233
x-xss-protection: 0
server: cafe
etag: 16517525077337815633
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 18 Apr 2022 15:22:05 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 6743 119 KB
36 KB 65ms
64ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com
URL: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d593fdf64289375adaa96b87ebf4c4beec2995d730e3601254e0a226808bfe57

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:23:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36916
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1648640521462251"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 04 Apr 2022 15:23:32 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220330/r20110914/client/ Frame 6743 15 KB
6 KB 19ms
18ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220330/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com
URL: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ecc2e585ea072abb205881f3aad6f36e92d556537e7100a8a128ddbc75edb436

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:22:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 35
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6407
x-xss-protection: 0
server: cafe
etag: 6055885685211612390
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 18 Apr 2022 15:22:57 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 6743 0
0 27ms
26ms Image
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSzaAEMym2a9qSlzLh72mnTjqqz0wdD2LcQDP97XKwbnYRD4mlv6s83iKMZcQC5_pm_dyO-ZAD3MlldccOIZ63JpuM83Q
Requested by: Host: 451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com
URL: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

GET
H3 200 dfa9fdc9b45632ba17ba59fe64d4dcb5.js Show response
www.gstatic.com/mysidia/ Frame 6743 29 KB
12 KB 19ms
19ms Script
text/javascript 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/dfa9fdc9b45632ba17ba59fe64d4dcb5.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: 451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com
URL: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

aa0992b4e17a3324d53313c014452f8636a4c6b1b84d3187886c386140911535

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Sat, 02 Apr 2022 11:21:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 187319
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12015
x-xss-protection: 0
last-modified: Tue, 29 Mar 2022 18:36:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Fri, 01 Jul 2022 11:21:33 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 041E 614 B
319 B 29ms
28ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CIvVChCpn9ACGPfdpsUBMAE&v=APEucNV5dI76KvFaX0L2r-4ewI5zbwJd0Qb64Nkiavc5_oNLO8SlFg_KAbbsPGpbI5In3QfitjA5FPVHgdLC7zYfqJTMGPY604gNfaIcmeoV85P2qRjFJOo

Requested by

Host: 451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com
URL: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c9377b8af573396ce123e5b2721d3dd004abdaf9b5d590a6f83bc645326350e1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: gzip
content-length: 298
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 04 Apr 2022 15:23:32 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 4DE6 78 KB
33 KB 61ms
61ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-Bo8V5gVq29yUgqFhYDeFyZApj3ofE8abnFt3jEQrS4J2_4atQxF6zcBo4o9OLHGjxBUsuRGWgh-AQJZvHSJsQW77Y4r_M0lU8cDtUl5ga3dqYJP-E03CmUL9hKHnuLWbZfyK5noLLnJnAima9M59AGpOuONw&dbm_d=AKAmf-AwWGdRWI0eTw066V5yeWw-w-wGaXoecKLsS70f3xwuaQdHVls8veUSmzO_6KHf_L2MozK47Ob39NFvvl92S60a9PAPpgfNDDbXsg-GVDiiCGTWAzrwBAOnq4uC9G1i6GXN6CJ5lgW0_UK0HlNXnQbtoZtagR6o7A0GAHlwi3mTUVuOA8hKOv_O67jxkbhQh7SQRlz2av4_fx_3HohWjewkN2uvFADumpPjFe7EtMvUswcd4hHIqGu_Uz5pQ2Q0JHxYB4efzpXmOmbyapwgtUGWbxRt9KJ4UXwfkezEZZi9SxuAvhV3YcTj5V0J8GQkgh9jRFh7tOpERebW11zrMos6s7bYG7Ajjj3F46z5TWh5REsdSJ7nBXPWkvHByK__XVN4llkmFDmKh90ym8fw85CWsLu_sujtxyqt8x4aG3GXNVuidai33G1tbWYQcTKh2hUHImcrPF6E7raKWhShM73bhhyM-m6da4RR9iGi05L49jXUedmthhxeONNtpxpyAld0e1OtVtGO7ICOUAZV6l3Z5FiW5KwQ_2iLssQPWSCnjjbIObhFMgaeuH8ZLVchylds59s16K-fiVxXYJgbgnAPz58hyz9Y60u-I_oKwSdbcYL5TZGcLTtz0hCfUonPw1Lnu6ucv7zAXQCmSVlJWontlTcF0VHv8yrVrTuyIWl5d3bkxiNVGCn3Zp0bJZfL4puLXUEqBwSh1AQguDRcLcxmWB7hybwEASVjL5CCEaXIU7W1cf8TWxvodec20W5EyyY8kfPqY1MrEAbrvX_smnbxaf_nYL7kT6vmWMtD_cKiykAA3oiT8xTVmgkZg4Goe8UQAvII8slH4eu3iJk1pxiauAJSptWvXTsqd4W9Z99Y3Dr52RtpWLq47Je-yv9MeQZMFuFQCEBnvTijVsmR7eBKQvH-aVqU_EwPup9VEezYxTyS4fVNcHqKfUSzBGVhASofjwvVXK-TcZsMjW1mlTJieYZ7iETQbG8DGCrA204ejZDoGUtUjinkeYh9dHKyDzvzRgcJWbtJmGad9CKj9OF7vxsyjiS8lMIXFkVF8Mozo-F-GV19ZpwPHMx9gF0XqO2zyqsiXIL4ZeNy3ePk6sjzvzsSa42XlH8X91YszEJNS4XMQVSmiiuYhx7e03NgE5-nXH8aCTjSATxFsMNmzBlDhbfXvjiOJ2nzJO0E7p6ewThnw7Q0LLucuxlKVGL3vjTvkruFV9ZkUlS2jhHYS3Ma-tP81yyvb7CMg4gfa4OVi61tjfpfZzyhCgTLI319F1r3aW8Xcerbja1EFI7KXlzKhqOL-aztF76X3AKTgfaNLO6PRhNm3dYnBVdkMB0S2L786a58aytkSh8W5pSpuET0EzVJoeJUa5x6j_rmHjka3d5WXue6H4ONfPNExDNdqCVR6WJ4jXHDZ21F-wn3fhooG6lWlGkQOqUoo-sPbr-_xrnKFj4Bd8arDk9wXKwi5lx3AWD2efCg-Sdy283cIL832JJKqhtNt5RPXJ-_RYgkZtO2THW0tgxOztJG92GGlPAEU3hL-ABR2uBU5nNDb-nGAyPbwsyotQuNOyiRi8zg0jqrInPvOpiMps3RZQSeTxNGB1RocBJyOchVWNs2O9zmBqNCyjj6GofgIouFQqh6OxUbyEGrU4-yxTq3USfwpYQK0L-bkIs4qeHEeW30UczFVRjUX3tvnanjHRnfHbkitoi8FQlwxzbn4sek9FpY5bUIVM4mzizPxt6KuKtlx6hLTM-IDkW1GxM0deCSgwz5uOvX4qAeXrJy7KLe9vg27O3S8BmiX93Ld0IWHChz-HjgoYDzdg1gyW9z86Izop26VzS9DLMoOFKfJVTOmW0qH_KqjS6cWxHNdWuYXQxxTCaE89DnBVki-VUbnal4gXxw0PWSmMJO91wRr6Wx9Le4qfnZho6hgwrSPxpORi7qKo8veCFSUnDBC0X3JcVfZ2SHdSOYfb2a3N5iC5ZC7YEKEyMvWvwWzbzdYezBAfxroZ-Rj5FMETGdw73jLTdV7xN56ml-cIr0rzxibFqR42clm1F41LfnVfgL0mCxB2RTdWOT9Ess6cFKWA6reQ35GUFoK9u6LawHUFc_pVqMntDd0l-Z25yMmdkT31D8HfTLgM2LvmucK3DqOKpakulUP_5Aikx0ePVtmZ5nIO6EwNLVvI2qJwxLdsIxFMCwKb5ci46dt0y9Gj1FCRY3IwNC7Kop8Uyqe-Ez8FZGC3-N9-Us0_AtSnJgS09XR_PvCeeGLc_RIr6rKTqryQJ68-LFf_265lerfCnwn8jWCITip2UZACTZQI4LjQt7l5nvicHVBbYePPMmAhxo-lH6DwrIzWHqVeZGuX_NMF6S7x0X5wEXX_sUHAmZR81FYoH2JzusfoyHb-r5dduu8AMfUdbJZGMbIVFiOlJ2itDtHvw43Eobly6p8nTO_iRelf3pTeiygnZGoLBTM3YjlLpF-GDE6ya-iBUhZFQJATF9hpmlGJiqeh7RBe62mz5cDGpMcI3dfxzG0kMj3mbGoSDhIUAS0SBn4FVhm0jVtfrgYdLmP2kLSfDb3eoP-WFD3fGLsuLzKHmFX8zt3alJ84u2P6wRdg2POv5OkT-eB78aKrg02wOyRh6UFbQ4MsoXs0UHR1nMEgeMbPE5Q0gWEQGU1HkVmTCmZLDqLqsNnyCUMVUzGk_-KejXM8vhPR04P8vgu1OIMKR-Zo3yxpHqux6xU8jL1VNBvRQNdJmcsxY34K5Aiz9KzZ70uWT5w5uO5wYJubjDMHwQZaDOIJB8p15933g4rXi9uDdyb3kW41ezidbjB38GUyWOqUb0xapmcLhLoV82v__uzpLOZ35NYceYRdfhqIw-qev_Ukfbp--d7dUa5FPsIyXdmjWMyFKXyfWM5ezcjXiomTS_agPPvsbnFDLjBY6uedG_ziKV-ttW2EpLs7T-wXkV6OADPJchsU_4T93rO3BYyoM1jTAHA-9V7Qydo5IrKcbGTD8d19K-t7rGlmeuX_tFwk5yDqGy3VdO8Vlwk_VMbu-BU0k9ZcIiXvDafFU2d4myny2dopnaWWAnV6zXDjVEF5g_RsS8UCFaMM7zMaxRHlykiTCgQh_u65bWcJvsjK1Sa0yS8OLTWw-rr_Y5rUbZCIhr_XTmEOGCOyUZSGNh_1I8FATc4smTz5NA4JclQNaCuIO1MsRBKykj72Jk6jTvC18Vxgda1eLpvbj_jomufe1-O88pXNfr84kwcg1mVcHk7_-gUH2C7jwJ3hY0NxRU2hpooDKKfLpRw9-ZvM1WNLptXS6YbulwtkH0Dt0y5ECddJ26PEcdxUC3PvhOKRv21rXNjfbs_sLjAI4QN9GwtgOdMKTvsgwM8MYkwwxw_jv6lLw&cid=CAASJORo-uLnYlxHXr3Ua85HmB147XYiGcfv9LzTRGItb_176nswFw&rfl=1%2Chttps%253A%252F%252Fthreatpost.com%252F%240

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8ccda7f7ccdafbd9a5875d1b3372b38ff6dcc6de393cd99e1834ac18e5fabaaf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 15:23:32 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 33248
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

OPTIONS
H2 200 json
gum.criteo.com/sid/ Frame 0
0 99ms
31ms Preflight
application/json 2a02:2638::1c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fthreatpost.com%2F&domain=threatpost.com&cw=1&lsw=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::1c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: https://threatpost.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET
access-control-allow-origin: https://threatpost.com
cache-control: no-cache, no-store, must-revalidate
content-encoding: gzip
content-type: application/json; charset=utf-8
date: Mon, 04 Apr 2022 15:23:31 GMT
expires: 0
pragma: no-cache
server-processing-duration-in-ticks: 1681
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H2

200

sid Show response
mug.criteo.com/ Frame B034
Redirect Chain

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fthreatpost.com%2F&domain=threatpost.com&cw=1&lsw=1
https://mug.criteo.com/sid?cpp=a1gJuHxHNU9NYTZMdzJVVyt5TG4xRDFTNHd6dkZCTWVDVHVGTGVXeHN5UzBOZEtTSnY5ZERNYmw5bXZhd3NBQ01iandXUENuMUZzQjk1ZDREVmVUMkxBL2pPeXZwWTFkekE1WFYwelVld2ZDRHJOZ3VmcTdBaGFUYllMaV...

355 B
621 B

89ms
31ms

XHR
application/json

178.250.0.157
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=a1gJuHxHNU9NYTZMdzJVVyt5TG4xRDFTNHd6dkZCTWVDVHVGTGVXeHN5UzBOZEtTSnY5ZERNYmw5bXZhd3NBQ01iandXUENuMUZzQjk1ZDREVmVUMkxBL2pPeXZwWTFkekE1WFYwelVld2ZDRHJOZ3VmcTdBaGFUYllMaVNMZTFxVlB1SFNMYWlhaGVaYkFnTGJ5YUZ1SjV4MXJaL0U0YWJqN3ppZEtLZGZxNk1ZUEova0JMTFJ4YnBuNER6U2RXT3hTTTNLNHJkc3hnWVVCbGEvVzRUZ0FSQi83T25qZjRkc0RNc2hZRWtWdEcrWlUwPXw&cppv=2

Protocol

Server

178.250.0.157 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

31330c5a5574b4c0c22dd5852c22b66f253faf0181f9a2686e26990e11993e6c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 15:23:31 GMT
content-encoding: gzip
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: null
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 2928
strict-transport-security: max-age=31536000; preload;
expires: 0

Redirect headers

pragma: no-cache
date: Mon, 04 Apr 2022 15:23:32 GMT
location: https://mug.criteo.com/sid?cpp=a1gJuHxHNU9NYTZMdzJVVyt5TG4xRDFTNHd6dkZCTWVDVHVGTGVXeHN5UzBOZEtTSnY5ZERNYmw5bXZhd3NBQ01iandXUENuMUZzQjk1ZDREVmVUMkxBL2pPeXZwWTFkekE1WFYwelVld2ZDRHJOZ3VmcTdBaGFUYllMaVNMZTFxVlB1SFNMYWlhaGVaYkFnTGJ5YUZ1SjV4MXJaL0U0YWJqN3ppZEtLZGZxNk1ZUEova0JMTFJ4YnBuNER6U2RXT3hTTTNLNHJkc3hnWVVCbGEvVzRUZ0FSQi83T25qZjRkc0RNc2hZRWtWdEcrWlUwPXw&cppv=2
strict-transport-security: max-age=31536000; preload;
access-control-allow-methods: GET
content-type: text/html; charset=utf-8
access-control-allow-origin: https://threatpost.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 2008
content-length: 482
expires: 0

GET
H/1.1 200
OK ixmatch.html Show response
js-sec.indexww.com/um/ Frame 58E1 3 KB
2 KB 87ms
15ms Document
text/html 23.35.228.247
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://js-sec.indexww.com/um/ixmatch.html
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.7.0-1.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.35.228.247 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-228-247.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 7c3b96f238042f73d0bedf5877fa02eb834e89649bbd122e2f10cc35238173cf

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Accept-Ranges: bytes
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 1388
Content-Type: text/html; charset=UTF-8
Date: Mon, 04 Apr 2022 15:23:32 GMT
ETag: "e20015-b6b-5d84d0db0c30a"
Last-Modified: Fri, 18 Feb 2022 16:05:37 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Server: Apache
Vary: Accept-Encoding

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame FA5A 15 KB
6 KB 281ms
35ms Document
text/html 2.20.85.92
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156858&gdpr=0&gdpr_consent=
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.7.0-1.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.20.85.92 Milan, Italy, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-20-85-92.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

accept-ranges: bytes
cache-control: max-age=37974
content-encoding: gzip
content-length: 5549
content-type: text/html; charset=UTF-8
date: Mon, 04 Apr 2022 15:23:32 GMT
etag: "1300708-3de4-5d6ef246ef4cf"
expires: Tue, 05 Apr 2022 01:56:26 GMT
last-modified: Tue, 01 Feb 2022 06:38:00 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: Apache/2.2.15 (CentOS)
vary: Accept-Encoding

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame E389 52 KB
17 KB 68ms
22ms Document
text/html 151.101.129.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.7.0-1.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.129.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Age: 35350
Cache-Control: max-age=86402
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 17053
Content-Type: text/html
Date: Mon, 04 Apr 2022 15:23:32 GMT
ETag: W/"623de86a-cf34"
Expires: Fri, 01 Apr 2022 05:34:16 GMT
Last-Modified: Fri, 25 Mar 2022 16:06:02 GMT
Server: nginx/1.18.0 (Ubuntu)
Vary: Accept-Encoding
Via: 1.1 varnish, 1.1 varnish
X-Cache: HIT, HIT
X-Cache-Hits: 1, 695652
X-Served-By: cache-lga21970-LGA, cache-hhn4074-HHN
X-Timer: S1649085812.337679,VS0,VE0

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame 8C80 15 KB
6 KB 279ms
36ms Document
text/html 2.20.85.92
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156858&gdpr=0&gdpr_consent=
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.7.0-1.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.20.85.92 Milan, Italy, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-20-85-92.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

accept-ranges: bytes
cache-control: max-age=37974
content-encoding: gzip
content-length: 5549
content-type: text/html; charset=UTF-8
date: Mon, 04 Apr 2022 15:23:32 GMT
etag: "1300708-3de4-5d6ef246ef4cf"
expires: Tue, 05 Apr 2022 01:56:26 GMT
last-modified: Tue, 01 Feb 2022 06:38:00 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: Apache/2.2.15 (CentOS)
vary: Accept-Encoding

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame 500D 52 KB
17 KB 62ms
17ms Document
text/html 151.101.129.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.7.0-1.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.129.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Age: 35350
Cache-Control: max-age=86402
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 17053
Content-Type: text/html
Date: Mon, 04 Apr 2022 15:23:32 GMT
ETag: W/"623de86a-cf34"
Expires: Fri, 01 Apr 2022 05:34:16 GMT
Fastly-Original-Body-Size: 17053
Last-Modified: Fri, 25 Mar 2022 16:06:02 GMT
Server: nginx/1.18.0 (Ubuntu)
Vary: Accept-Encoding
Via: 1.1 varnish, 1.1 varnish
X-Cache: HIT, HIT
X-Cache-Hits: 1, 716386
X-Served-By: cache-lga21970-LGA, cache-hhn4032-HHN
X-Timer: S1649085812.334741,VS0,VE0

GET
H2 200 pd Show response
u.openx.net/w/1.0/ Frame 16AA 668 B
720 B 40ms
39ms Document
text/html 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://u.openx.net/w/1.0/pd?gdpr=0&gdpr_consent=
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.7.0-1.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/18.0.0 /
Resource Hash: 755c9fc29f92242ec74a963de3c01f5ccc4eb97f5254d64c64a0e8e7d54c8d1c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: gzip
content-length: 420
content-type: text/html
date: Mon, 04 Apr 2022 15:23:32 GMT
p3p: CP="CUR ADM OUR NOR STA NID"
server: OXGW/18.0.0
vary: Accept, Accept-Encoding
via: 1.1 google

GET
H2 200 pd Show response
u.openx.net/w/1.0/ Frame 92B7 668 B
731 B 38ms
38ms Document
text/html 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://u.openx.net/w/1.0/pd?gdpr=0&gdpr_consent=
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.7.0-1.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/18.0.0 /
Resource Hash: 755c9fc29f92242ec74a963de3c01f5ccc4eb97f5254d64c64a0e8e7d54c8d1c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: gzip
content-length: 420
content-type: text/html
date: Mon, 04 Apr 2022 15:23:32 GMT
p3p: CP="CUR ADM OUR NOR STA NID"
server: OXGW/18.0.0
vary: Accept, Accept-Encoding
via: 1.1 google

GET
H/1.1 200
OK ixmatch.html Show response
js-sec.indexww.com/um/ Frame B7B8 3 KB
2 KB 81ms
17ms Document
text/html 23.35.228.247
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://js-sec.indexww.com/um/ixmatch.html
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.7.0-1.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.35.228.247 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-228-247.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 7c3b96f238042f73d0bedf5877fa02eb834e89649bbd122e2f10cc35238173cf

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Accept-Ranges: bytes
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 1388
Content-Type: text/html; charset=UTF-8
Date: Mon, 04 Apr 2022 15:23:32 GMT
ETag: "e20015-b6b-5d84d0db0c30a"
Last-Modified: Fri, 18 Feb 2022 16:05:37 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Server: Apache
Vary: Accept-Encoding

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 0BE3 356 B
240 B 33ms
32ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CPv1SRDa1sb8Ahi5tqbAATAB&v=APEucNU8_W64Kx47TqNnhmBWRUnQb76enBQVThE2oMZm19uAkeHDBDPlQac51Wuj1Qv2WhACFc1jk2_9ipLhiXTmMw0KqoG2I8_DKrGZxZ0BaFGElCR4KQs

Requested by

Host: 451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com
URL: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

55f56026d86468db4135723445d1df3498809ce536fa7a518b2847d7e6a27a96

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: gzip
content-length: 219
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 04 Apr 2022 15:23:32 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 69A5 14 KB
11 KB 55ms
54ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CqJRCs4VGK2cOpKBuvuom1R7SPO12JybnTPUZCjXXTVuWVPMh7blBfvumljmTc9pZ5boPVuODB6uKePkA4ObuNv2CfQkeUZ2qGZD7YmUgQJ6YxH6ZBCOOR3D75A7osZ2CPiR5Qj8AM53arjLqQyvLTJuZJjA&cry=1&dbm_d=AKAmf-AXmODx3NRyhg3EdvNQ_pYE5x--aE61UVLh6YPM7JOwP85otWT_43aarp6wx7xgvUQZf0szrxY5qKv0bkYW6Jv_bRBb4Y1kaMqO-WLDhelSaFJsR5rD3Yka_754sLt37jcgXMeEYYCnFrB7q0_nMlxAbYrt5f1x70BgoVvB0mUWK3oRmIxlge_00ezI7yaKjyCXflu4GGFqnqbIdd9Q32KvM_3Y9j2b9vRtAKt6vyrLmbaTaEZX4FL_fosFtxKA9oE5-UG37E-8y3Hc0ccdFZbJRz45MrHaNLVsJt-S7ZJQMnbmpkMWClLVAD2I18-m5e3kDMbPxkXx8x0vod61aShT1PywpoPOBOFm0VtbGXSZYuCSF5PVx3OomBqetwHSuphLfViIzfAKpjgveZuYmO9HDLjMhL2XXQqtwF8uDW-R23GGBIoe6LrsvNGtbgUVGRfb7V_7YnsKeyn-i9t-QajL_ERLc0ltwmdYqcWptEqH87-gE_4ILsYXUhtdrW9twkUi-4T2GSGZkJi3DjuHE9tVsm4VOGt3-gSjp_j8Ce7WGGFYtyq_DtQyvgvLcb_B_aR7dWW5tmKooLlg9eEW6HNE87QjL8isFfDq8bFxJL6WujKQnSvzutuV3kJ8QJlmG1htGe_XsA_nMqU6TyD3pwdzGYgAUxIP2-FoibsVtx2GETd68G8IlL5s4OL8BM_Mk_qzrCbX7PauvHNIC5xGbFidR2pJd2Tx9kS5tVA2ymQphojecDZqBr5xk6B2hdGorL6pq7png4yWOTrHg4qbRO8tuVvZb9IYb55Mi3MQVAq9qX1a-bjYTB3YNIpwZq1SyMXOMCzhHZL8KMqwjo4jX5TmDangbDrtCL7iodZSIKhDEhmtj916jDPG3ZKodsA89Qh91Z1cBn3PngRjG2szEVbEtv7H8N3Six7YT8Ud9r8C9w1sZVrHOw0_r8AM3xyF34aqIfTRBIjyCUNeNjB-7sMQQu01s09Y2oenBnC9Ax_jRUzAFQ7oTddf95Fmyx5aYBl4zUVIfRnMMB73ROkjwpjVmj2DoPVvW-GtstQOi8BZ6_5xCQxJ2vjzzayOCJ_covfxQD4LVIcgL5GE9khqjmINQmQKj9CqlokKya3zUOA0xsiO2JiLUO--HQcp11Phyg7gdNb0jMgaVMefIetcp-hofbIlZVHAGb75N9jz9gdDB2dmkWU3JU_GV-2VUHKZD3JnxMPTIfgRZz8Kf1JFqnVjURcifTnVLIdQsW0D1aa9PuIc2YozbZPBeu5vI28O_qjkom3zj_ZtrrD8TFXuVOhtb3M7I17k8QLPpZ9lpioT4f0yGN6ouklZhhxi4xphioktvf8KUqap4B-bTcb51J3UgtHxeZ0GJMywjztJRvcPU7CTyn1W07hl5yEGXzor0qmymlWFRjNZlaAZSWAoVAdhNQ6dcUOmMxxIo41Q09VjDchnaMnGslGtWxxnfPGaebeES2BYSwIZMpxF3G00MaLEChCTyxv4iez1m0ZRi5h2adDJXee8pfabjfTO3EYysLPm6rjuKynEm07sSv9qpFYyr_VaMpgXaFPPh5QMwZLviZKnRkxIlbsI-93syx3C4c35LKpyFbxDiqFJgTRrKFHE83PcsoTH6-p7QxZrDXEDAEryLIhPzqmjc4fKaS_kzkzerUfbPvGKdbPiGOIqZHMv9fKU0j-9YQaBjNvizd_dmC5AgJmWMYrsHCVbGI_JmjmjZg4D98eQPJnzxABwPhFc0h3b8cfdLbeLVjHfMGk7G-KLq3vhyD3WdLg7jF976C3Xgyo7kk7K_QMtWbGsjK7b3mrfIsX2r7880L_W3zF4tcbQQ3tm94d-ZGtIHXZxPMfBaG6wNdPBe_rblmDoSIdhzQzBw7C19ej4hAcFuIUxdP7kGOaS4z9kJJhfSajn7XFbmXGZdNX2Rgfp8HhvgdhF1WycXHa7BkoF81dvuAiL-lKl5eBf1xYZf-IX9vMJE1bLSPP8beFvTpdclthpH-ek08l2MMB1WPP6pYmGZilcujhrrucMO2vfXyxcMbIH4gC762hYIRczJQqyQitgH2GxFNpCv3e3i-22qtaLzU1Dt-TTRIk1LmiB-MQssjb4hXzMgtSXloLuh5BvGDIzI-_j3hzdGnwnbJxdkTYLebzwsPelz-s_lyvr6BKcQJs8GcM36B0Z5n2bJc_aCHzMFJE-b982eunhZuXDcIlo5IIDL-CAjp0tRxRWCrNbwAq0DBRkEi8dB7YAWdg1VTGCHRtWH8FIMA_zfgB2u478kYDra7FAxw9eKaFIrrigh-xmwpfGi5NF2gr9htkdAJA-pm74BwJy3ZwV1zIMi81GnsY5HqnfQtILSo7_4IrmWUvsqZxn7WxDaKi-ats-MtjE_FAAGE1eJ8B7cMPNRMmMy89gPe4cF6MsAIMyqQ8Ba3HcA9GqLeD49A9PznT1twhdrxRVQw5eDfZplSETnxk7SiDgRL1uVvB1A_yQFlsZfmwymr-GLZh0BHKDYvuADgHngkBZuZCd1-MSQC7mcx6-xQ_uWl9LY-WjMrMu73LeUDpix_NxEa7pJBNu6xrIrPeVr5xKq5dUVx3M62jfqEg__sqHpVEhhpjotEmGtAGq_r_GLA0YKD65ZykOJsLJxO9eSs3ApKqvab7eZkJMXJkjGESWBpwT-61t2wPszhGApgpUdHqwpA9mCrqMzBo-zyLtjDkptV0bdR5Sysbv_Z-62HTtkWHifjBzfY36GZyO7IOkU10gPwnW9713GAIXlhVntyTa8AReZNhhhintYfjEoVViv1g7V_-g4qhWvBCeRUv3Vzn9T1cpghbWWWKekKqKZYeCM0DPIRRDY18TywjMJfxyhaMIOj6mrVutTErssJSDNvMJEagRS3v-qsDQDuQ27LlffF8dWz9aVPTCXV1T6vMza8ExIo-cBZMDl6Zftc5J1y5UyiV3JHtwhm5YEE5hVpRA0KgZpGhivl0qH4WA1fcm6joS_q1NTgl5UongBezZsM7xIo2CM0n0jDfzzq1Dnx5sThl8kJVjvEu2shs5xoQ5EEk6g5sDpqpqmZfoYrksVkVrPzIUiCOEqN4eWgIRMguDMmt3BAmqlaOEEnuQt0XijiHBxGmVWfCGdPQ48W61Hjt5b-PRx4n1z0Vr7igwcm5AUtt93Esm7F12o9p2GSkVZRLUcHYG7SPdMatTqvNUuNC4Ty3lHNkLugF8nTBOakTUze5po035X5xTKzji12OXyoaN6-k&cid=CAASJORo2FIzl4o_MR7vOwEOPhnm0S_DMHOCJvPhuamMdjtqNMxbXQ&rfl=1%2Chttps%253A%252F%252Fthreatpost.com%252F%240

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

af0604469e47b50e494a840868c655f755b5da5116874cd4bd9bb26b9bdbb245

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 15:23:32 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10937
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

um
sync.teads.tv/ Frame FA31
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm&gdpr=0
https://sync.teads.tv/um?eid=3&uid=CAESEDmCG16VwDtB-ktEhFneOIM&google_cver=1&gdpr=0

23 B
172 B

44ms
44ms

Image
image/gif

23.35.233.56
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=CAESEDmCG16VwDtB-ktEhFneOIM&google_cver=1&gdpr=0
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPv1SRDa1sb8AhjN56XAATAB&v=APEucNX1RWWT8vp13clGEZMCSPnfYoxcAt2F_DuAowFyKuhk8wgvw2hYe39DUgpgN4Chkbk_QinO78Gf5hgYPb_rtSZzfvwmYvlpK9UfwCIHMZDOa8_hmFM
Protocol: H2
Server: 23.35.233.56 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-233-56.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.7 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 15:23:32 GMT
cache-control: max-age=0, no-cache, no-store
expires: Mon, 04 Apr 2022 15:23:32 GMT
server: akka-http/10.2.7
content-length: 23
content-type: image/gif

Redirect headers

pragma: no-cache
date: Mon, 04 Apr 2022 15:23:32 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://sync.teads.tv/um?eid=3&uid=CAESEDmCG16VwDtB-ktEhFneOIM&google_cver=1&gdpr=0
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 292
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 um
sync.teads.tv/ Frame FA31 23 B
172 B 135ms
52ms Image
image/gif 23.35.233.56
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=&gdpr=0&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_dbm%26google_hm%3D%5BVID_B64%5D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPv1SRDa1sb8AhjN56XAATAB&v=APEucNX1RWWT8vp13clGEZMCSPnfYoxcAt2F_DuAowFyKuhk8wgvw2hYe39DUgpgN4Chkbk_QinO78Gf5hgYPb_rtSZzfvwmYvlpK9UfwCIHMZDOa8_hmFM
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.35.233.56 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-233-56.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.7 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 15:23:32 GMT
cache-control: max-age=0, no-cache, no-store
expires: Mon, 04 Apr 2022 15:23:32 GMT
server: akka-http/10.2.7
content-length: 23
content-type: image/gif

GET
H2

200

sync
partners.tremorhub.com/ Frame FA31
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=tremor_video_dbm&google_cm&google_dbm&gdpr=0
https://partners.tremorhub.com/sync?UIGL=CAESENZ2uz6Amfp-lGRs6EZBaao&google_cver=1&gdpr=0

43 B
183 B

334ms
102ms

Image
image/gif

2600:1f18:612b:4216:99f2:7ef8:5bca:944d
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://partners.tremorhub.com/sync?UIGL=CAESENZ2uz6Amfp-lGRs6EZBaao&google_cver=1&gdpr=0
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPv1SRDa1sb8AhjN56XAATAB&v=APEucNX1RWWT8vp13clGEZMCSPnfYoxcAt2F_DuAowFyKuhk8wgvw2hYe39DUgpgN4Chkbk_QinO78Gf5hgYPb_rtSZzfvwmYvlpK9UfwCIHMZDOa8_hmFM
Protocol: H2
Server: 2600:1f18:612b:4216:99f2:7ef8:5bca:944d Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:23:32 GMT
server: Apache-Coyote/1.1
p3p: CP='This is not a P3P policy. See https://telaria.com/privacy-policy/'
content-type: image/gif

Redirect headers

pragma: no-cache
date: Mon, 04 Apr 2022 15:23:32 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://partners.tremorhub.com/sync?UIGL=CAESENZ2uz6Amfp-lGRs6EZBaao&google_cver=1&gdpr=0
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 294
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200

partner
sync.search.spotxchange.com/ Frame 041E
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_cm&google_dbm&gdpr=0
https://sync.search.spotxchange.com/partner?adv_id=7025&gdpr=0&uid=CAESEE5ypaI5XbqDNFJ6ReLxW2A&google_cver=1

43 B
548 B

71ms
26ms

Image
image/gif

185.94.180.125
SPOTX-AMS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.search.spotxchange.com/partner?adv_id=7025&gdpr=0&uid=CAESEE5ypaI5XbqDNFJ6ReLxW2A&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CIvVChCpn9ACGPfdpsUBMAE&v=APEucNV5dI76KvFaX0L2r-4ewI5zbwJd0Qb64Nkiavc5_oNLO8SlFg_KAbbsPGpbI5In3QfitjA5FPVHgdLC7zYfqJTMGPY604gNfaIcmeoV85P2qRjFJOo
Protocol: HTTP/1.1
Server: 185.94.180.125 Amsterdam, Netherlands, ASN35220 (SPOTX-AMS, US),
Reverse DNS
Software: nginx /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date: Mon, 04 Apr 2022 15:23:32 GMT
Server: nginx
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 21
Connection: keep-alive
Content-Length: 43

Redirect headers

pragma: no-cache
date: Mon, 04 Apr 2022 15:23:32 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://sync.search.spotxchange.com/partner?adv_id=7025&gdpr=0&uid=CAESEE5ypaI5XbqDNFJ6ReLxW2A&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 317
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 041E
Redirect Chain

https://sync.search.spotxchange.com/partner?adv_id=7025&gdpr=0&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID
https://sync.search.spotxchange.com/partner?adv_id=7025&gdpr=0&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID&__user_check__=1...
https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=MzAyNDZlNzUtYjQyYi0xMWVjLTk5MjYtMTBmZmJkZTgwMjA2

170 B
188 B

29ms
29ms

Image
image/png

142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=MzAyNDZlNzUtYjQyYi0xMWVjLTk5MjYtMTBmZmJkZTgwMjA2

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CIvVChCpn9ACGPfdpsUBMAE&v=APEucNV5dI76KvFaX0L2r-4ewI5zbwJd0Qb64Nkiavc5_oNLO8SlFg_KAbbsPGpbI5In3QfitjA5FPVHgdLC7zYfqJTMGPY604gNfaIcmeoV85P2qRjFJOo

Protocol

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 15:23:32 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Mon, 04 Apr 2022 15:23:32 GMT
Server: nginx
Location: https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=MzAyNDZlNzUtYjQyYi0xMWVjLTk5MjYtMTBmZmJkZTgwMjA2
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/plain
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 32
Connection: keep-alive
Content-Length: 0

GET
H2

204

sync
ups.analytics.yahoo.com/ups/55946/ Frame 041E
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=adtech_dbm&google_cm&google_dbm&_origin=1&gdpr=0
https://pixel.advertising.com/ups/55946/sync?uid=CAESEGEah9YPRo8IdRd_YjPOaJ8&_origin=1&gdpr=0&google_cver=1
https://ups.analytics.yahoo.com/ups/55946/sync?uid=CAESEGEah9YPRo8IdRd_YjPOaJ8&_origin=1&gdpr=0&google_cver=1&apid=UP301e2d0f-b42b-11ec-8de4-0254f87e0f0c

0
122 B

20ms
20ms

Image
text/plain

3.126.56.137
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ups.analytics.yahoo.com/ups/55946/sync?uid=CAESEGEah9YPRo8IdRd_YjPOaJ8&_origin=1&gdpr=0&google_cver=1&apid=UP301e2d0f-b42b-11ec-8de4-0254f87e0f0c

Requested by

Protocol

Server

3.126.56.137 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-126-56-137.eu-central-1.compute.amazonaws.com

Software

ATS/9.1.0.33 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:23:32 GMT
server: ATS/9.1.0.33
age: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

Redirect headers

location: https://ups.analytics.yahoo.com/ups/55946/sync?uid=CAESEGEah9YPRo8IdRd_YjPOaJ8&_origin=1&gdpr=0&google_cver=1&apid=UP301e2d0f-b42b-11ec-8de4-0254f87e0f0c
date: Mon, 04 Apr 2022 15:23:32 GMT
content-length: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 041E
Redirect Chain

https://pixel.advertising.com/ups/55946/sync?_origin=1&gdpr=0&redir=true
https://pixel.advertising.com/ups/55946/sync?_origin=1&gdpr=0&redir=true&verify=true
https://ups.analytics.yahoo.com/ups/55946/sync?_origin=1&gdpr=0&redir=true&apid=UP301e2d0f-b42b-11ec-8de4-0254f87e0f0c
https://cm.g.doubleclick.net/pixel?google_nid=adtech_dbm&google_hm=VVAzMDFlMmQwZi1iNDJiLTExZWMtOGRlNC0wMjU0Zjg3ZTBmMGM%3D&gdpr=0&gdpr_consent=

170 B
188 B

28ms
28ms

Image
image/png

142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=adtech_dbm&google_hm=VVAzMDFlMmQwZi1iNDJiLTExZWMtOGRlNC0wMjU0Zjg3ZTBmMGM%3D&gdpr=0&gdpr_consent=

Requested by

Protocol

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 15:23:32 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=adtech_dbm&google_hm=VVAzMDFlMmQwZi1iNDJiLTExZWMtOGRlNC0wMjU0Zjg3ZTBmMGM%3D&gdpr=0&gdpr_consent=
date: Mon, 04 Apr 2022 15:23:32 GMT
server: ATS/9.1.0.33
age: 0
content-length: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H2

200

sd
eu-u.openx.net/w/1.0/ Frame 92B7
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=5&redir=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D536872786%26val%3D%5BMM_UUID%5D
https://eu-u.openx.net/w/1.0/sd?id=536872786&val=b6c9624b-0d74-4300-a349-2d62e1565b6c

43 B
106 B

48ms
47ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eu-u.openx.net/w/1.0/sd?id=536872786&val=b6c9624b-0d74-4300-a349-2d62e1565b6c
Requested by: Host: u.openx.net
URL: https://u.openx.net/w/1.0/pd?gdpr=0&gdpr_consent=
Protocol: H2
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/18.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 15:23:32 GMT
via: 1.1 google
server: OXGW/18.0.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

Date: Mon, 04 Apr 2022 15:23:32 GMT
Server: MT3 4320 2f2dfe5 master cdg-pixel-x30 config:1.0.0
Access-Control-Allow-Origin: *
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://eu-u.openx.net/w/1.0/sd?id=536872786&val=b6c9624b-0d74-4300-a349-2d62e1565b6c
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Mon, 04 Apr 2022 15:23:31 GMT

GET
H3

200

sd
us-u.openx.net/w/1.0/ Frame 92B7
Redirect Chain

https://pixel.quantserve.com/pixel/p-25CIknq_eSg16.gif?idmatch=0&gdpr=0
https://us-u.openx.net/w/1.0/sd?id=537072956&&val=7sNvp-iVbPX1wGum7sd28umVY6f1kGj04MHshZjv

43 B
61 B

38ms
38ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072956&&val=7sNvp-iVbPX1wGum7sd28umVY6f1kGj04MHshZjv
Requested by: Host: u.openx.net
URL: https://u.openx.net/w/1.0/pd?gdpr=0&gdpr_consent=
Protocol: H3
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/18.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 15:23:32 GMT
via: 1.1 google
server: OXGW/18.0.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 04 Apr 2022 15:23:32 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
location: https://us-u.openx.net/w/1.0/sd?id=537072956&&val=7sNvp-iVbPX1wGum7sd28umVY6f1kGj04MHshZjv
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 0
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2

200

sd
eu-u.openx.net/w/1.0/ Frame 92B7
Redirect Chain

https://c1.adform.net/serving/cookie/match?party=22
https://c1.adform.net/serving/cookie/match?CC=1&party=22
https://eu-u.openx.net/w/1.0/sd?id=537113484&val=4514158266698167182

43 B
106 B

122ms
115ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eu-u.openx.net/w/1.0/sd?id=537113484&val=4514158266698167182
Requested by: Host: u.openx.net
URL: https://u.openx.net/w/1.0/pd?gdpr=0&gdpr_consent=
Protocol: H2
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/18.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 15:23:32 GMT
via: 1.1 google
server: OXGW/18.0.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 04 Apr 2022 15:23:32 GMT
server: nginx
location: https://eu-u.openx.net/w/1.0/sd?id=537113484&val=4514158266698167182
access-control-max-age: 86400
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H2 200 openx
match.adsrvr.org/track/cmf/ Frame 92B7 70 B
264 B 155ms
61ms Image
image/gif 15.197.193.217
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/openx?oxid=6f851c87-2078-7dec-c011-08974c35954d&gdpr=0
Requested by: Host: u.openx.net
URL: https://u.openx.net/w/1.0/pd?gdpr=0&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 15.197.193.217 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a12b7a488abeaa9e4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 15:23:32 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H3 200 pixel
cm.g.doubleclick.net/ Frame 92B7 170 B
188 B 28ms
27ms Image
image/png 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=NDNlYWNmNGQtZTkwZi0yMzQ4LWQ1ZjEtNTIyZTg2ZDc1YjJk

Requested by

Host: u.openx.net
URL: https://u.openx.net/w/1.0/pd?gdpr=0&gdpr_consent=

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 15:23:32 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

sd
us-u.openx.net/w/1.0/ Frame 92B7
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEK6JOiNqmC1zGYTi6YgLauM&google_cver=1

43 B
61 B

33ms
33ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEK6JOiNqmC1zGYTi6YgLauM&google_cver=1
Requested by: Host: u.openx.net
URL: https://u.openx.net/w/1.0/pd?gdpr=0&gdpr_consent=
Protocol: H3
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/18.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 15:23:32 GMT
via: 1.1 google
server: OXGW/18.0.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 04 Apr 2022 15:23:32 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEK6JOiNqmC1zGYTi6YgLauM&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

sd
eu-u.openx.net/w/1.0/ Frame 16AA
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=5&redir=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D536872786%26val%3D%5BMM_UUID%5D
https://eu-u.openx.net/w/1.0/sd?id=536872786&val=3039624b-0d74-4700-b428-ff9fe7626b72

43 B
106 B

36ms
36ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eu-u.openx.net/w/1.0/sd?id=536872786&val=3039624b-0d74-4700-b428-ff9fe7626b72
Requested by: Host: u.openx.net
URL: https://u.openx.net/w/1.0/pd?gdpr=0&gdpr_consent=
Protocol: H2
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/18.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 15:23:32 GMT
via: 1.1 google
server: OXGW/18.0.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

Date: Mon, 04 Apr 2022 15:23:32 GMT
Server: MT3 4320 2f2dfe5 master cdg-pixel-x24 config:1.0.0
Access-Control-Allow-Origin: *
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://eu-u.openx.net/w/1.0/sd?id=536872786&val=3039624b-0d74-4700-b428-ff9fe7626b72
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Mon, 04 Apr 2022 15:23:31 GMT

GET
H3

200

sd
us-u.openx.net/w/1.0/ Frame 16AA
Redirect Chain

https://pixel.quantserve.com/pixel/p-25CIknq_eSg16.gif?idmatch=0&gdpr=0
https://us-u.openx.net/w/1.0/sd?id=537072956&&val=7sNvp-iVbPX1wGum7sd28umVY6f1kGj04MHshZjv

43 B
61 B

33ms
32ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072956&&val=7sNvp-iVbPX1wGum7sd28umVY6f1kGj04MHshZjv
Requested by: Host: u.openx.net
URL: https://u.openx.net/w/1.0/pd?gdpr=0&gdpr_consent=
Protocol: H3
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/18.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 15:23:32 GMT
via: 1.1 google
server: OXGW/18.0.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 04 Apr 2022 15:23:32 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
location: https://us-u.openx.net/w/1.0/sd?id=537072956&&val=7sNvp-iVbPX1wGum7sd28umVY6f1kGj04MHshZjv
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 0
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2

200

sd
eu-u.openx.net/w/1.0/ Frame 16AA
Redirect Chain

https://c1.adform.net/serving/cookie/match?party=22
https://c1.adform.net/serving/cookie/match?CC=1&party=22
https://eu-u.openx.net/w/1.0/sd?id=537113484&val=1610214913330412716

43 B
114 B

42ms
36ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eu-u.openx.net/w/1.0/sd?id=537113484&val=1610214913330412716
Requested by: Host: u.openx.net
URL: https://u.openx.net/w/1.0/pd?gdpr=0&gdpr_consent=
Protocol: H2
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/18.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 15:23:32 GMT
via: 1.1 google
server: OXGW/18.0.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 04 Apr 2022 15:23:32 GMT
server: nginx
location: https://eu-u.openx.net/w/1.0/sd?id=537113484&val=1610214913330412716
access-control-max-age: 86400
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H2 200 openx
match.adsrvr.org/track/cmf/ Frame 16AA 70 B
265 B 153ms
60ms Image
image/gif 15.197.193.217
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/openx?oxid=6f851c87-2078-7dec-c011-08974c35954d&gdpr=0
Requested by: Host: u.openx.net
URL: https://u.openx.net/w/1.0/pd?gdpr=0&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 15.197.193.217 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a12b7a488abeaa9e4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 15:23:32 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H3 200 pixel
cm.g.doubleclick.net/ Frame 16AA 170 B
188 B 28ms
27ms Image
image/png 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=NDNlYWNmNGQtZTkwZi0yMzQ4LWQ1ZjEtNTIyZTg2ZDc1YjJk

Requested by

Host: u.openx.net
URL: https://u.openx.net/w/1.0/pd?gdpr=0&gdpr_consent=

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 15:23:32 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

sd
us-u.openx.net/w/1.0/ Frame 16AA
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEK6JOiNqmC1zGYTi6YgLauM&google_cver=1

43 B
61 B

34ms
34ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEK6JOiNqmC1zGYTi6YgLauM&google_cver=1
Requested by: Host: u.openx.net
URL: https://u.openx.net/w/1.0/pd?gdpr=0&gdpr_consent=
Protocol: H3
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/18.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 15:23:32 GMT
via: 1.1 google
server: OXGW/18.0.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 04 Apr 2022 15:23:32 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEK6JOiNqmC1zGYTi6YgLauM&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

OPTIONS
H2 200 sid
mug.criteo.com/ Frame 0
0 203ms
37ms Preflight
application/json 178.250.0.157
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.157 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: null
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET
access-control-allow-origin: null
cache-control: no-cache, no-store, must-revalidate
content-encoding: gzip
content-type: application/json; charset=utf-8
date: Mon, 04 Apr 2022 15:23:31 GMT
expires: 0
pragma: no-cache
server-processing-duration-in-ticks: 917
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 0BE3
Redirect Chain

https://ups.analytics.yahoo.com/ups/58269/sync?_origin=1&gdpr=0&redir=true
https://ups.analytics.yahoo.com/ups/58269/sync?_origin=1&gdpr=0&redir=true&verify=true
https://cm.g.doubleclick.net/pixel?google_nid=oath_dbm&google_hm=eS10X0lIeWdCRTJ1Rk5rZVVURkRJUElzV3ZBVUVtajlnQ35B&gdpr=0&gdpr_consent=

170 B
188 B

29ms
28ms

Image
image/png

142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=oath_dbm&google_hm=eS10X0lIeWdCRTJ1Rk5rZVVURkRJUElzV3ZBVUVtajlnQ35B&gdpr=0&gdpr_consent=

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPv1SRDa1sb8Ahi5tqbAATAB&v=APEucNU8_W64Kx47TqNnhmBWRUnQb76enBQVThE2oMZm19uAkeHDBDPlQac51Wuj1Qv2WhACFc1jk2_9ipLhiXTmMw0KqoG2I8_DKrGZxZ0BaFGElCR4KQs

Protocol

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 15:23:32 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=oath_dbm&google_hm=eS10X0lIeWdCRTJ1Rk5rZVVURkRJUElzV3ZBVUVtajlnQ35B&gdpr=0&gdpr_consent=
date: Mon, 04 Apr 2022 15:23:32 GMT
server: ATS/9.1.0.33
age: 0
content-length: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H/1.1

200
OK

bridge
cm.adgrx.com/ Frame 0BE3
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=stickyxchange_dbm&google_cm&google_dbm&gdpr=0
https://ads.stickyadstv.com/user-registering?dataProviderId=141&userId=CAESEBjn2XVVVGKDIijCYLfWxVo&google_cver=1&gdpr=0
https://1f2e7.v.fwmrm.net/ad/u?_dv=2&dsp_user_mapping=true&127719=d63f995c618fda5d324a93489a4b3725&rdU=https%3A%2F%2Fads.stickyadstv.com%2Fuser-registering%3FdataProviderId%3D1169%26userId%3d%23%7b...
https://ads.stickyadstv.com/user-registering?dataProviderId=1169&userId=pc023_7082769630838436178
https://match.adsrvr.org/track/cmf/generic?ttd_pid=stickyads&ttd_tpi=1&gdpr=0&gdpr_consent=
https://match.adsrvr.org/track/cmb/generic?ttd_pid=stickyads&ttd_tpi=1&gdpr=0&gdpr_consent=
https://ads.stickyadstv.com/user-registering?dataProviderId=208&userId=6766d44e-e80f-4f86-93fa-4ff419910582
https://match.prod.bidr.io/cookie-sync/stv?gdpr=0&gdpr_consent=
https://match.prod.bidr.io/cookie-sync/stv?gdpr=0&gdpr_consent=&_bee_ppp=1
https://ads.stickyadstv.com/user-registering?dataProviderId=817&userId=AADQjU7ElhsAADW9ogSpdQ&gdpr=0
https://pr-bh.ybp.yahoo.com/sync/stickyads/d63f995c618fda5d324a93489a4b3725?gdpr=0&gdpr_consent=&gdpr=0
https://ads.stickyadstv.com/user-registering?dataProviderId=199&userId=y-G.k8dvRE2oMGb3s0w1HKWHQ8A5qYOwBIOvxOVTkl~A
https://pm.w55c.net/ping_match.gif?st=FREEWHEEL&rurl=https%3A%2F%2Fads.stickyadstv.com%2Fuser-registering%3FdataProviderId%3D593&userId=_wfivefivec_
https://pm.w55c.net/ping_match.gif?scc=1&st=FREEWHEEL&rurl=https%3A%2F%2Fads.stickyadstv.com%2Fuser-registering%3FdataProviderId%3D593&userId=_wfivefivec_
https://ads.stickyadstv.com/user-registering?dataProviderId=593&userId=TNComNIS1NBoyh5
https://cm.adgrx.com/bridge?AG_PID=freewheel&AG_SETCOOKIE

43 B
408 B

617ms
172ms

Image
image/gif

72.251.232.228
VOXEL-DOT-NET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cm.adgrx.com/bridge?AG_PID=freewheel&AG_SETCOOKIE
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPv1SRDa1sb8Ahi5tqbAATAB&v=APEucNU8_W64Kx47TqNnhmBWRUnQb76enBQVThE2oMZm19uAkeHDBDPlQac51Wuj1Qv2WhACFc1jk2_9ipLhiXTmMw0KqoG2I8_DKrGZxZ0BaFGElCR4KQs
Protocol: HTTP/1.1
Server: 72.251.232.228 , United States, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software: Cowboy /
Resource Hash: 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 04 Apr 2022 15:23:34 GMT
server: Cowboy
P3P: CP="NOI OTC OTP OUR NOR"
Access-Control-Allow-Origin: *
Cache-Control: no-cache, no-store, must-revalidate, proxy-revalidate
Connection: keep-alive
Content-Type: image/gif
X-RealServer-NX: sjc-delivery-2
Content-Length: 43
Expires: Thu, 23 Sep 2004 17:42:04 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 04 Apr 2022 15:23:34 GMT
Server: nginx
Access-Control-Allow-Origin: *
Location: https://cm.adgrx.com/bridge?AG_PID=freewheel&AG_SETCOOKIE
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 0
x-sticky-vk: 1649085813959018-362
Expires: Mon, 04 Apr 2022 15:23:34 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 0BE3
Redirect Chain

https://ads.stickyadstv.com/user-matching?id=11
https://cm.g.doubleclick.net/pixel?google_nid=stickyxchange_dbm&google_hm=ZDYzZjk5NWM2MThmZGE1ZDMyNGE5MzQ4OWE0YjM3MjU=&gdpr=0&gdpr_consent=

170 B
188 B

27ms
27ms

Image
image/png

142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=stickyxchange_dbm&google_hm=ZDYzZjk5NWM2MThmZGE1ZDMyNGE5MzQ4OWE0YjM3MjU=&gdpr=0&gdpr_consent=

Requested by

Protocol

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 15:23:32 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 04 Apr 2022 15:23:32 GMT
Server: nginx
Access-Control-Allow-Origin: *
Location: https://cm.g.doubleclick.net/pixel?google_nid=stickyxchange_dbm&google_hm=ZDYzZjk5NWM2MThmZGE1ZDMyNGE5MzQ4OWE0YjM3MjU=&gdpr=0&gdpr_consent=
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 0
x-sticky-vk: 1649085812577044-595
Expires: Mon, 04 Apr 2022 15:23:32 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 69A5 41 KB
15 KB 21ms
19ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 11:16:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 14813
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 04 Apr 2023 11:16:39 GMT

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame 500D 0
747 B 25ms
24ms Script
text/html 185.33.223.38
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.223.38 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

400.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 04 Apr 2022 15:23:32 GMT
X-Proxy-Origin: 217.114.215.132; 217.114.215.132; 400.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid: 1b79f99f-80dc-4c4b-9961-2d64d5c6f8b8
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame E389 0
747 B 34ms
34ms Script
text/html 185.33.223.38
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.223.38 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

400.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 04 Apr 2022 15:23:32 GMT
X-Proxy-Origin: 217.114.215.132; 217.114.215.132; 400.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid: 44f12c22-44aa-4e64-8a49-ee4200b5bd83
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame C8AE 41 KB
15 KB 19ms
18ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 11:16:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 14813
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 04 Apr 2023 11:16:39 GMT

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 3E93 143 B
163 B 20ms
18ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: 451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com
URL: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

age: 978
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
date: Mon, 04 Apr 2022 15:07:14 GMT
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 9E6A 1 KB
753 B 19ms
17ms Document
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com
URL: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

age: 34188
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=86400
content-encoding: gzip
content-length: 724
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 04 Apr 2022 05:53:44 GMT
etag: 48472445140208031
expires: Tue, 05 Apr 2022 05:53:44 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 express_html_inpage_rendering_lib_200_275.js Show response
s0.2mdn.net/879366/ Frame 4DE6 106 KB
37 KB 26ms
26ms Script
text/javascript 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_275.js

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a23e44d9d02a2a9641a9bd3b47693656054c00b71890aed2fa7fc90151750f73

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/
Origin: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 14:41:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2509
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37892
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:44:52 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 05 Apr 2022 14:41:43 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20220330/r20110914/elements/html/ Frame 4DE6 8 KB
3 KB 24ms
24ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220330/r20110914/elements/html/omrhp.js

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

28f18d39406a4b70dfa6cd479fe03f7ed918ca5c05cee26b87d9e1626cea1ed9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:22:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 68
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3159
x-xss-protection: 0
server: cafe
etag: 1394524276809619753
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 18 Apr 2022 15:22:24 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20220330/r20110914/ Frame 4DE6 25 KB
9 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220330/r20110914/abg_lite.js

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4a18b0faf6a447454e134730303202f8416b72f1d4f744b1d3b4646636240eb7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:22:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 76
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9657
x-xss-protection: 0
server: cafe
etag: 16576748017229546422
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 18 Apr 2022 15:22:16 GMT

GET
H3 200 impl_v85.js Show response
www.googletagservices.com/dcm/ Frame 69A5 42 KB
17 KB 18ms
18ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/dcm/impl_v85.js

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7337a38ce3a732e5243bd354ad12d96b4d5512e283a8dd70d129b730d7a5d3d3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Sun, 03 Apr 2022 22:14:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 61717
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-dcm-tag
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17382
x-xss-protection: 0
last-modified: Mon, 21 Feb 2022 17:13:18 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-dcm-tag"
vary: Accept-Encoding
report-to: {"group":"ads-dcm-tag","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-dcm-tag"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 03 Apr 2023 22:14:55 GMT

GET
H3 200 impl_v85.js Show response
www.googletagservices.com/dcm/ Frame C8AE 42 KB
17 KB 17ms
17ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/dcm/impl_v85.js

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7337a38ce3a732e5243bd354ad12d96b4d5512e283a8dd70d129b730d7a5d3d3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Sun, 03 Apr 2022 22:14:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 61717
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-dcm-tag
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17382
x-xss-protection: 0
last-modified: Mon, 21 Feb 2022 17:13:18 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-dcm-tag"
vary: Accept-Encoding
report-to: {"group":"ads-dcm-tag","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-dcm-tag"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 03 Apr 2023 22:14:55 GMT

POST
H/1.1 200
OK abt Show response
capi-tier-2-us-east-2.connatix.com/tr/ Frame FAC5 0
315 B 109ms
109ms XHR
application/x-protobuf 3.14.222.76
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://capi-tier-2-us-east-2.connatix.com/tr/abt?v=157383
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.14.222.76 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-14-222-76.us-east-2.compute.amazonaws.com
Software: Kestrel /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: multipart/form-data

Response headers

date: Mon, 04 Apr 2022 15:23:32 GMT
content-encoding: gzip
server: Kestrel
vary: Accept-Encoding
content-type: application/x-protobuf
access-control-allow-origin: https://threatpost.com
access-control-allow-credentials: true
Connection: keep-alive
Content-Length: 20

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame D6CB 22 KB
8 KB 19ms
19ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

accept-ranges: bytes
age: 14812
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 04 Apr 2022 11:16:40 GMT
expires: Tue, 04 Apr 2023 11:16:40 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 89B8 22 KB
8 KB 19ms
18ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

accept-ranges: bytes
age: 14812
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 04 Apr 2022 11:16:40 GMT
expires: Tue, 04 Apr 2023 11:16:40 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 B27119434.326276386;dc_ver=85.248;dc_eid=40004000;sz=728x90;u_sd=1;gdpr=0;dc_adk=3037181502;rc=1;ord=ydlnf6;click=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCRYrZcg1LYpuC... Show response
ad.doubleclick.net/ddm/adi/N7171.3054164TW_ORGANIC/ Frame AB9C 56 KB
26 KB 70ms
69ms Document
text/html 142.250.185.230
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/ddm/adi/N7171.3054164TW_ORGANIC/B27119434.326276386;dc_ver=85.248;dc_eid=40004000;sz=728x90;u_sd=1;gdpr=0;dc_adk=3037181502;rc=1;ord=ydlnf6;click=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCRYrZcg1LYpuCG8uYgQf8q7HIBo3TqLRp6q_FpsoPv87z_QgQASD5m_GEAWCV4qaCsAfIAQmoAwGqBJICT9AP0i6xwmmF903ilmQJjDyaKei8Dis33YHptyNlcYOTECdNpgb7Vo9Wy3PnFgnkBcIbmUqo9CLlKQT8chHCEtCJ64-WtN0ySN2VGwuV-t4hCkOcs_JJRRDPEcoIXeRpwE88Kskmo_tbnUVZrkdGzVx3tWabakwzrSVoAwHOQqoxP7BQNvs7h4zHPQUsdYobtDdhmrGrqkSfla5GGa1QzonmW7MImJFAe7GpzEzicPt1IK2WTdli0WdeHnZ6OEApMfGrPzC37oFQIMfulz71hNuWyxHXfirspH5ZNCvgJl0P7cRBfBTDQje2H-csV_cfM0PbiJrS0KeIH9FR_wq9xfzvkiLrW4D_n7wz8fiF2R6q78AE5Oi8uo0E4AQDkAYBoAZNgAegzvb6AqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiAYRABGB2ACgOYCwHICwGADAGwE7iu4Q7QEwDYEwPYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAASJORo2FIzl4o_MR7vOwEOPhnm0S_DMHOCJvPhuamMdjtqNMxbXQ%26sig%3DAOD64_19l8cl61lU2hcU0cmGS88MTJ9SlQ%26client%3Dca-pub-4113681882311455%26dbm_c%3DAKAmf-ArmQ_k2akOq8TgpcNlmww2R3EjKxaVonNaXQVQZ6Xh-uqKexbeAnSl1odE6LLcHGxZh-2R6O63G2mnSlYmJutoXdsrW3QlDdWEDkiBWY2xfsoDXj69rJMbNOnP2FtzI4_mThtIAEJx4IzMn-Vbpnx73_DAow%26cry%3D1%26dbm_d%3DAKAmf-DiIrXwzSnn7JlWXTwhHqD0NlrmLaheN_6XPcJRGAsaX-GOqije0uA4bt9Xs9RMIx5hEaFxSE1Y22rindbueRYBLTztieNqeeGKaI4vhJhK7-5d8u0gVe1T0r0fiT35CLNAhdBd7xSN516S7rcQIenrbxP2ds1tHpDt_PgRr200TzQFc4jLLQtEXC3wVFI3LzMUHawFMmVU22kTAfYpibJODhp5_wg84LrVCsYY0_vSIFBfh7bcK_CDxSw0A5076o8Y_63xojeNEyYSbWlhXfFe9cg85D_Dq_zqN0qJBVHJojsr0qCCrLC73m-a-b4hrLIdWNOP5lQuAW7gXZURphr43_j-8z6KRWh6jeqEyX6K4b4_XKPf6eS2zeqXhL1jwgPFcDDyRKeyBS6-1KrgXeEaRCyX3xtK1wmB2jDkDUxvqr4jqBT9n4_q6ovuCUiEgl9Ve7gqGDMeSTNI5f6R9kkVPzJOh9yhCIzeqkje8UUS0fNfbp4w6Afcafqknp2JvQaPfc3w1Dhfjyu2HFp-hoxnrWEM30Q2CNhzbGlXu5EdSwRYjUY%26adurl%3D;uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.;dc_rfl=1,https%3A%2F%2Fthreatpost.com%2F$0;xdt=1;crlt=8g4DImoWCr;gcsr=m;sttr=95;rcsrc=h;prcl=s

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.230 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f6.1e100.net

Software

cafe /

Resource Hash

a14ba71f9395672c003d0245f1baa9873636299552b7edab1c25a1c9bd7694ed

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: no-cache, must-revalidate
content-encoding: br
content-length: 26596
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 04 Apr 2022 15:23:32 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 B27119434.326104590;dc_ver=85.248;sz=300x250;u_sd=1;gdpr=0;dc_adk=2004672148;ord=thc4tj;click=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCt6Axcg1LYpyCG8uYgQf8q7HIBo3TqLRp... Show response
ad.doubleclick.net/ddm/adi/N7171.3054164TW_ORGANIC/ Frame C305 56 KB
26 KB 55ms
55ms Document
text/html 142.250.185.230
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/ddm/adi/N7171.3054164TW_ORGANIC/B27119434.326104590;dc_ver=85.248;sz=300x250;u_sd=1;gdpr=0;dc_adk=2004672148;ord=thc4tj;click=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCt6Axcg1LYpyCG8uYgQf8q7HIBo3TqLRpsrHFpsoPv87z_QgQASD5m_GEAWCV4qaCsAfIAQmoAwGqBJgCT9CSflIKdjJh76ZEphDtVeHAudg_UJdernnLQzsAcuxni2bF2IeTeR5WvVe63wn6ETOUHCtrxKM6Gv_N6BaRTaj5u3cAaZ2Yayka9gd9U7tcHLlzHxE1qs28SfFtCe7PcGtWgWpLtRK8xpHEX0T3rlAv-n8uKoCnv05j06Zah6cde9fGA1xBxYtnoH3qu7QnSLI1qtguuevDw49-VMAOxPWNpn9IifuUozdldCfp7rKF1Km61bGq-Ka-aXUQyaXviE3lVB5mrKVXC7Y-HJUoPX4KiGDuVzuRibfUwJAJinzYdwuaQHnyncyWRrZ-jdXDdCVBJoclM5jQAcs1tjKI8Tsw-GYCRSzlPWVMJyQjhGgY0uiqLqw77sAE5Oi8uo0E4AQDkAYBoAZNgAegzvb6AqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiAYRABGB2ACgOYCwHICwGADAGwE7iu4Q7QEwDYEwPYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAASJORoH_D-AVm3-lMEVFXjguhBCUzQ31Op7v_EJUUO1D6gWwUPNw%26sig%3DAOD64_1Ifd83NfSp77wWLG13IWJ_Xn-WEw%26client%3Dca-pub-4113681882311455%26dbm_c%3DAKAmf-CraVKk-C0_PyVU3-KDIfmx-JaCd-P_e8Om0P_RN_6MpDMNPs3pW4t_3zXdbpY6nzknBNiaFZss08dc4haL8ODn0xwHYhfb69Tp0OxtxKuvc-R_xdWjwhOhIEupPJpJn1x1AZDQ8zLTT3Eg4_HezWMRI1GQ7Q%26cry%3D1%26dbm_d%3DAKAmf-B0YyRTtUDewsEDRfO8f6VY9oGKJFRy-EtGnhuJnwArcQDBR90SjKocUliB71FyXwqV5ZC9OIqDTSIvXbdIOweP9fkK73fIrmQNIeimxQQ_PgN2dbEajBoCpSeIkxLClqS8d1-nEVSvdZ048RkQHZLFR7ojdgn9Jn661LFaCEfDqKh44O6gMm2R6Yd61GVjxlLoeOxbpNtji972dtkYwGCXCPOIUUmLdaKZoScM7jiuAcFUU6DeQwwIxQaaCflU-j7NUX5tr6N2xQgfmjr6re7MHdfcob2cr1RsI4qcSrQ_D0klCwJGoY-fYzDAyyBBG5Kt1h8gMVoeQCDWFrr2vojF8eLpywUg6CJdM6cAjJ_R7TCZAVt5T_Lx1KZoOS8m-PnAg7B53jkTN-2-ZHmSLfyCz2o4g7AgaiuneJrIdPPM32hqKftvN95leWLCZlUy2QRGmtuy00_IRGrmFwAHjUycSXEUstRDpWxEfjPzDXODoUZS9IYqw4SyEjQY4FzjkQHftMBY53sZWt6exbG4f2VvSeBnZB9AfWH7B-nJePrxax32oUE%26adurl%3D;uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.;dc_rfl=1,https%3A%2F%2Fthreatpost.com%2F$0;xdt=1;crlt=8g4DImoWCr;gcsr=m;sttr=119;prcl=s

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.230 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f6.1e100.net

Software

cafe /

Resource Hash

3d6ac6672cf649dfef31809888f605403ef9c8bcca4afe58f524dfe2c1a0faa3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: no-cache, must-revalidate
content-encoding: br
content-length: 26588
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 04 Apr 2022 15:23:32 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2

200

i.match
s.tribalfusion.com/z/ Frame 9E6A
Redirect Chain

https://a.tribalfusion.com/i.match?p=b6&u=CAESEPG5QlH-isnAhB_-U4_RegQ&google_cver=1&google_push=AYg5qPJ9aUAIfleoW4EnvBlAkyl6En7f4ygFzt_94HP-LM1gpWNpYGhq9Fr2L7c6uhhIKhvEOEVMYW_uHGAHmGWwoNXDKj1sw-D2&...
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEPG5QlH-isnAhB_-U4_RegQ&google_cver=1&google_push=AYg5qPJ9aUAIfleoW4EnvBlAkyl6En7f4ygFzt_94HP-LM1gpWNpYGhq9Fr2L7c6uhhIKhvEOEVMYW_uHGAHmGWwoNXDKj1sw-D...

43 B
418 B

196ms
186ms

Image
image/gif

2606:4700::6812:d05
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEPG5QlH-isnAhB_-U4_RegQ&google_cver=1&google_push=AYg5qPJ9aUAIfleoW4EnvBlAkyl6En7f4ygFzt_94HP-LM1gpWNpYGhq9Fr2L7c6uhhIKhvEOEVMYW_uHGAHmGWwoNXDKj1sw-D2&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAYg5qPJ9aUAIfleoW4EnvBlAkyl6En7f4ygFzt_94HP-LM1gpWNpYGhq9Fr2L7c6uhhIKhvEOEVMYW_uHGAHmGWwoNXDKj1sw-D2%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
Protocol: H2
Server: 2606:4700::6812:d05 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 15:23:33 GMT
cf-cache-status: DYNAMIC
x-function: 302
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cf-ray: 6f6b0bbc19bd6940-FRA
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
content-type: image/gif; charset=utf-8
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43
expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 04 Apr 2022 15:23:33 GMT
cf-cache-status: DYNAMIC
x-function: 206
server: cloudflare
x-reuse-index: 4096
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cf-ray: 6f6b0bbaaebe6940-FRA
p3p: CP="NOI DEVo TAIa OUR BUS"
location: https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEPG5QlH-isnAhB_-U4_RegQ&google_cver=1&google_push=AYg5qPJ9aUAIfleoW4EnvBlAkyl6En7f4ygFzt_94HP-LM1gpWNpYGhq9Fr2L7c6uhhIKhvEOEVMYW_uHGAHmGWwoNXDKj1sw-D2&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAYg5qPJ9aUAIfleoW4EnvBlAkyl6En7f4ygFzt_94HP-LM1gpWNpYGhq9Fr2L7c6uhhIKhvEOEVMYW_uHGAHmGWwoNXDKj1sw-D2%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
cache-control: no-cache, private
content-type: text/html
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 9E6A
Redirect Chain

https://px.ads.linkedin.com/setuid?partner=googleadxdb&google_gid=CAESEP-PIgwpXpomrIVaXwuuIRs&google_cver=1&google_push=AYg5qPJXB6-HqBcZsuQy4l68aBcix7M3nlG2YNqOmGXmSUaAOS2hg__hvxum-VJIRF6piltuP-uzb...
https://cm.g.doubleclick.net/pixel?google_nid=linkedin&google_push=AYg5qPJXB6-HqBcZsuQy4l68aBcix7M3nlG2YNqOmGXmSUaAOS2hg__hvxum-VJIRF6piltuP-uzbIdnGOvIjS6HJRRpmf_o_Fqk

170 B
188 B

31ms
30ms

Image
image/png

142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=linkedin&google_push=AYg5qPJXB6-HqBcZsuQy4l68aBcix7M3nlG2YNqOmGXmSUaAOS2hg__hvxum-VJIRF6piltuP-uzbIdnGOvIjS6HJRRpmf_o_Fqk

Protocol

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 15:23:33 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Mon, 04 Apr 2022 15:23:32 GMT
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: 97E3E0C8CD514E38BC165D7AB6D0B527 Ref B: FRAEDGE0918 Ref C: 2022-04-04T15:23:32Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-lor1
location: https://cm.g.doubleclick.net/pixel?google_nid=linkedin&google_push=AYg5qPJXB6-HqBcZsuQy4l68aBcix7M3nlG2YNqOmGXmSUaAOS2hg__hvxum-VJIRF6piltuP-uzbIdnGOvIjS6HJRRpmf_o_Fqk
x-li-proto: http/2
content-length: 0
x-li-uuid: AAXb1bYVccc9m0jHb2i82w==

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 9E6A
Redirect Chain

https://dsp.adfarm1.adition.com/cookie/?ssp=2&google_gid=CAESEGdPEDHB4xKZKToP3pOi4rI&google_cver=1&google_push=AYg5qPIinVZKFdX1tY3Sreg5dSvOs4IYUr6uNpRTXBOwIhD7qOvZYaD_nmlDsv8X6GhjNdjIcqa-fQVUNMcljB...
https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzA4Mjc2OTYzMDg2Mzk0NzkxNg%3D%3D&google_push=AYg5qPIinVZKFdX1tY3Sreg5dSvOs4IYUr6uNpRTXBOwIhD7qOvZYaD_nmlDsv8X6GhjNdjIcqa-fQVUNMcljBy_Ru...

170 B
188 B

28ms
27ms

Image
image/png

142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzA4Mjc2OTYzMDg2Mzk0NzkxNg%3D%3D&google_push=AYg5qPIinVZKFdX1tY3Sreg5dSvOs4IYUr6uNpRTXBOwIhD7qOvZYaD_nmlDsv8X6GhjNdjIcqa-fQVUNMcljBy_Ru1bf-Zid2ps

Protocol

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 15:23:32 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzA4Mjc2OTYzMDg2Mzk0NzkxNg%3D%3D&google_push=AYg5qPIinVZKFdX1tY3Sreg5dSvOs4IYUr6uNpRTXBOwIhD7qOvZYaD_nmlDsv8X6GhjNdjIcqa-fQVUNMcljBy_Ru1bf-Zid2ps
Date: Mon, 04 Apr 2022 15:23:32 GMT
Server: nginx
Connection: keep-alive
Transfer-Encoding: chunked
p3p: policyref="http://imagesrv.adition.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 9E6A
Redirect Chain

https://ssp.adriver.ru/cgi-bin/sync.cgi?ssp_id=10&external_id=&google_gid=CAESEFc6KyJq1q1tNRLpqGYW-to&google_cver=1&google_push=AYg5qPKgN7tPNJF1yQQ9abwlfDxpyb2wxuLpd6izFXKX_9nZ1REz3FAQFvnf04c28B7Ip...
https://cm.g.doubleclick.net/pixel?google_nid=ADR&google_push=AYg5qPKgN7tPNJF1yQQ9abwlfDxpyb2wxuLpd6izFXKX_9nZ1REz3FAQFvnf04c28B7Iph1g5ZghGk6i1S7Oiek3qIFm-sCeFzD1&google_hm=QUYwQjNuM3EwT3RKWWhpR0d5...

170 B
188 B

34ms
32ms

Image
image/png

142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=ADR&google_push=AYg5qPKgN7tPNJF1yQQ9abwlfDxpyb2wxuLpd6izFXKX_9nZ1REz3FAQFvnf04c28B7Iph1g5ZghGk6i1S7Oiek3qIFm-sCeFzD1&google_hm=QUYwQjNuM3EwT3RKWWhpR0d5M1N0Ync=

Protocol

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 15:23:33 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: //cm.g.doubleclick.net/pixel?google_nid=ADR&google_push=AYg5qPKgN7tPNJF1yQQ9abwlfDxpyb2wxuLpd6izFXKX_9nZ1REz3FAQFvnf04c28B7Iph1g5ZghGk6i1S7Oiek3qIFm-sCeFzD1&google_hm=QUYwQjNuM3EwT3RKWWhpR0d5M1N0Ync=
Date: Mon, 04 Apr 2022 15:23:33 GMT
Server: nginx
Connection: keep-alive
Transfer-Encoding: chunked

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 9E6A
Redirect Chain

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEB-9O7lWbLpl5mW9KyS1-J0&google_cver=1&google_push=AYg5qPKZH5bs0norxN0-DQPgrjsSaBFmRI948HpOtVm5LywI4iQSz08oJ3_wlAlzxIfOXLg07_nfBnRn...
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MTYxMDIxNDkxMzMzMDQxMjcxNg&google_push=AYg5qPKZH5bs0norxN0-DQPgrjsSaBFmRI948HpOtVm5LywI4iQSz08oJ3_wlAlzxIfOXLg07_nfBn...

170 B
188 B

48ms
47ms

Image
image/png

142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MTYxMDIxNDkxMzMzMDQxMjcxNg&google_push=AYg5qPKZH5bs0norxN0-DQPgrjsSaBFmRI948HpOtVm5LywI4iQSz08oJ3_wlAlzxIfOXLg07_nfBnRnkQ2giSXdka1nAy3_NVQ

Protocol

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 15:23:32 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 04 Apr 2022 15:23:32 GMT
server: nginx
location: https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MTYxMDIxNDkxMzMzMDQxMjcxNg&google_push=AYg5qPKZH5bs0norxN0-DQPgrjsSaBFmRI948HpOtVm5LywI4iQSz08oJ3_wlAlzxIfOXLg07_nfBnRnkQ2giSXdka1nAy3_NVQ
access-control-max-age: 86400
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 9E6A
Redirect Chain

https://pixel.advertising.com/ups/58202/sync?gdpr=&gdpr_consent=&redir=true&google_gid=CAESEH8H2x34knZpAC1IR64HMIo&google_cver=1&google_push=AYg5qPI-nsg6Jgjg2TsbapOxp8NvKeMIxlATLCrcVB2t77jsP4HXSfVY...
https://ups.analytics.yahoo.com/ups/58202/sync?gdpr=&gdpr_consent=&redir=true&google_gid=CAESEH8H2x34knZpAC1IR64HMIo&google_cver=1&google_push=AYg5qPI-nsg6Jgjg2TsbapOxp8NvKeMIxlATLCrcVB2t77jsP4HXSf...
https://cm.g.doubleclick.net/pixel?google_nid=oath_eb&google_hm=VVAzMDFlMmQwZi1iNDJiLTExZWMtOGRlNC0wMjU0Zjg3ZTBmMGM%3D&google_push=AYg5qPI-nsg6Jgjg2TsbapOxp8NvKeMIxlATLCrcVB2t77jsP4HXSfVYNkSlYHbpVr...

170 B
188 B

27ms
27ms

Image
image/png

142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=oath_eb&google_hm=VVAzMDFlMmQwZi1iNDJiLTExZWMtOGRlNC0wMjU0Zjg3ZTBmMGM%3D&google_push=AYg5qPI-nsg6Jgjg2TsbapOxp8NvKeMIxlATLCrcVB2t77jsP4HXSfVYNkSlYHbpVrgcX9cSuX8Tq_9bOuW5Ic8KcK9pelnohK0vbQ

Protocol

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 15:23:33 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=oath_eb&google_hm=VVAzMDFlMmQwZi1iNDJiLTExZWMtOGRlNC0wMjU0Zjg3ZTBmMGM%3D&google_push=AYg5qPI-nsg6Jgjg2TsbapOxp8NvKeMIxlATLCrcVB2t77jsP4HXSfVYNkSlYHbpVrgcX9cSuX8Tq_9bOuW5Ic8KcK9pelnohK0vbQ
date: Mon, 04 Apr 2022 15:23:32 GMT
server: ATS/9.1.0.33
age: 0
content-length: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 9E6A
Redirect Chain

https://a.rfihub.com/cm?pub=445&in=1&google_gid=CAESECpnWGB5qq9Igl02bkB2gNE&google_cver=1&google_push=AYg5qPI9ZLuJxmNa6A4QYBI7SsttpcEiKAwjc93i5LijWjrVQ_yg5jKoQ-isGiecNk6vQB9HF6dq5UdnhEID0kXlXqGIoE-...
https://cm.g.doubleclick.net/pixel?google_nid=zeta_interactive&google_push=AYg5qPI9ZLuJxmNa6A4QYBI7SsttpcEiKAwjc93i5LijWjrVQ_yg5jKoQ-isGiecNk6vQB9HF6dq5UdnhEID0kXlXqGIoE-fSh6DIA&google_hm=MTc4OTUxM...

170 B
188 B

28ms
28ms

Image
image/png

142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=zeta_interactive&google_push=AYg5qPI9ZLuJxmNa6A4QYBI7SsttpcEiKAwjc93i5LijWjrVQ_yg5jKoQ-isGiecNk6vQB9HF6dq5UdnhEID0kXlXqGIoE-fSh6DIA&google_hm=MTc4OTUxMjQzNTU2NDUxMTU2NQ==

Protocol

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 15:23:33 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=zeta_interactive&google_push=AYg5qPI9ZLuJxmNa6A4QYBI7SsttpcEiKAwjc93i5LijWjrVQ_yg5jKoQ-isGiecNk6vQB9HF6dq5UdnhEID0kXlXqGIoE-fSh6DIA&google_hm=MTc4OTUxMjQzNTU2NDUxMTU2NQ==
Date: Mon, 04 Apr 2022 15:23:32 GMT
Server: Jetty(9.3.29.v20201019)
Content-Length: 0
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 9E6A 0
12 B 25ms
25ms Image
text/html 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13ITnlLJi-dp5-VeiUGigvt39QLYn8Pe3D27-H7ybrkJZsABjJ5X7IgJxkkbW42vIrizx5iN1NU

Requested by

Host: 451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com
URL: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:23:32 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/2935049498588202523/ Frame 952E 8 KB
3 KB 46ms
18ms Document
text/html 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/2935049498588202523/index.html

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6b982d6e086f55ba0d055165418341ec19a8ed922ed63326cc6e25b156271fcd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 351863
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 2834
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Thu, 31 Mar 2022 13:39:09 GMT
expires: Fri, 31 Mar 2023 13:39:09 GMT
last-modified: Wed, 16 Mar 2022 09:21:41 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 4DE6 0
622 B 124ms
64ms Ping
image/gif 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjss1hm1mgSf_1Pwjk00xqJ_ej5U2UJ3_1gsdc3g_GrrTDNB-UksRlwz0cFCvdnZkWVFnsEA88IegYkUknXKzIAgGlVj6sdjIZy2nje219sCOjXQZOToMKH5Gz5NcgrS3smsAK1wSnC-wmC8X2famILSL-f5R73WHawk9qpS-dRIB41YsmQzQorEx6eWOwmSCBgusw_VL2GGi_RE55dARTcKmkivDt1dTH6XACjDrfxjqSh3hDOUoA1a5_JsMKz0bZt7ie1exKyP-Vf3EIzgWNmPcGXaDXdO_TH-SSCqnl5vsFN2064kx8KOde-h3P5Q8fXRmNBYmI4RX3__l2MW9tT5mkkAOJDg3KdlZtzZ1P52F3jA3NtVsRlW_JKtTy-M5CDQ7mjZENU9eytCgdsMXF4XDkYoF68LIItG3QAfkQQZoCjAd-IbCN2dn0aimqozQNOotdsCINcKvCPiSj622UNEmRwwXbZxWWa2kNL8MXLw5Lt8SERLox9Xy4W_lPbI3AY9FNjXcgQVfoGMHSzmvuB-O0VMe0WV8Y-eSgNLoLeN-0i86CBRB8_wxnJ4i3JvPY-8smnEkxzKtLpAtrpq95IhQMmmK0K-WvDlpQL5ATn3tJkemHg3Ybt56l5jXx1uex9HGL5N5NS2_x39yZVI4H-LHdjrGkNF5pzMSMCMJonPm-j6L-3AYhAuUg16Cm79cfI1M-mvpj2XWx86C0CfG-vSJQr9mKdUy7_GtJSbnTMyaBkOE8uAFttcJNPXIXDh_qGzQcldFp2oBIPrJyDBvSlTxVq8v-tLYIok9W7KUHO6RMVNJUMWSYumigeNyA3SJlbl1dJGvB0Wipo7Uaql9xhdj4KEcx859sqdNu8o39w4GH2E8EL-tKxsMWw1qMkmcSjWexAR361fvrOS2IIXwpeh0FTdMHcx0y4TsK5awMZnbMLtkz2wxINEKAiCebouVXwlGfcekUI78NiGxkNlvdUiwJiPe99Vr1-MNd3D2YebfJ1_SSNSvzzPOs-h41HARnQnU4wtRn5HTKR-4TcGqWAW2y33TgO10aybMFgI1Lo1BueZHbxJ4jX94UUgZGK61vCvq_9yWy270CDi5zDU76GJqWkHOQr71zs2KkfVd2Go5G9YMODZGw4fKLigy_rX2rR0kkkVMEQd42aBpPH9qg3hXd8pCbiPbmfUam14AHPWl_izQiHPRg8K_Pub8Y4KhzmJUMcPhWAGdGzXFXap_edAlx8dL_0ehkvqTS8e9QTawD35bwPLRMRqAYe42aOfNrf8lGkaZE24wx_FkkoAR3cSH&sai=AMfl-YT9I6AKdX61vp8_Qr6piKVYEcxBWdhACKpTNlQAlJDhH3uYJk_LG-WxcZL4TdRKqUR904AlXWd_IxjCrjooktBUIUF36KJAuY_3-_0yckZ8tdy8qjTGyg8vDOJjBKCeXhPB-T0brDhsbZuaTijfl6KKSHugRCMjf3zrL1bXXz6A3r3vaOp9qGvY4A7bc1fEEey9izPo4fOPSJ9vbqrekA&sig=Cg0ArKJSzHzuSAzBDeSMEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=224&cbvp=1&cstd=195&cisv=r20220330.26388&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&adurl=

Requested by

Host: threatpost.com
URL: https://threatpost.com/google-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch/179103/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
date: Mon, 04 Apr 2022 15:23:32 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 0F59 1 KB
753 B 18ms
18ms Document
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com
URL: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

age: 34188
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=86400
content-encoding: gzip
content-length: 724
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 04 Apr 2022 05:53:44 GMT
etag: 48472445140208031
expires: Tue, 05 Apr 2022 05:53:44 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 5A80 1 KB
753 B 19ms
17ms Document
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com
URL: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

age: 34188
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=86400
content-encoding: gzip
content-length: 724
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 04 Apr 2022 05:53:44 GMT
etag: 48472445140208031
expires: Tue, 05 Apr 2022 05:53:44 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 3E93
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
16 B

43ms
43ms

Document
text/html

2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: 451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com
URL: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
date: Mon, 04 Apr 2022 15:23:33 GMT
expires: Mon, 04 Apr 2022 15:23:33 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
date: Mon, 04 Apr 2022 15:23:33 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 69A5 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 40b972a48b99b2f07e7c5462d75f0b2c9e65f70d110e807ff46e8bb9a22f5c57

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame C8AE 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 176570d8ab47dab888bec2f9014db7ac8a979f78281a44dd1e8a80a3a4d45e2e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 4DE6 41 KB
15 KB 19ms
19ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 11:16:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 14813
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 04 Apr 2023 11:16:39 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 5190 1 KB
753 B 17ms
17ms Document
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com
URL: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

age: 34188
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=86400
content-encoding: gzip
content-length: 724
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 04 Apr 2022 05:53:44 GMT
etag: 48472445140208031
expires: Tue, 05 Apr 2022 05:53:44 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20220330/r20110914/elements/html/ Frame AB9C 8 KB
3 KB 18ms
17ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220330/r20110914/elements/html/omrhp.js

Requested by

Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adi/N7171.3054164TW_ORGANIC/B27119434.326276386;dc_ver=85.248;dc_eid=40004000;sz=728x90;u_sd=1;gdpr=0;dc_adk=3037181502;rc=1;ord=ydlnf6;click=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCRYrZcg1LYpuCG8uYgQf8q7HIBo3TqLRp6q_FpsoPv87z_QgQASD5m_GEAWCV4qaCsAfIAQmoAwGqBJICT9AP0i6xwmmF903ilmQJjDyaKei8Dis33YHptyNlcYOTECdNpgb7Vo9Wy3PnFgnkBcIbmUqo9CLlKQT8chHCEtCJ64-WtN0ySN2VGwuV-t4hCkOcs_JJRRDPEcoIXeRpwE88Kskmo_tbnUVZrkdGzVx3tWabakwzrSVoAwHOQqoxP7BQNvs7h4zHPQUsdYobtDdhmrGrqkSfla5GGa1QzonmW7MImJFAe7GpzEzicPt1IK2WTdli0WdeHnZ6OEApMfGrPzC37oFQIMfulz71hNuWyxHXfirspH5ZNCvgJl0P7cRBfBTDQje2H-csV_cfM0PbiJrS0KeIH9FR_wq9xfzvkiLrW4D_n7wz8fiF2R6q78AE5Oi8uo0E4AQDkAYBoAZNgAegzvb6AqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiAYRABGB2ACgOYCwHICwGADAGwE7iu4Q7QEwDYEwPYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAASJORo2FIzl4o_MR7vOwEOPhnm0S_DMHOCJvPhuamMdjtqNMxbXQ%26sig%3DAOD64_19l8cl61lU2hcU0cmGS88MTJ9SlQ%26client%3Dca-pub-4113681882311455%26dbm_c%3DAKAmf-ArmQ_k2akOq8TgpcNlmww2R3EjKxaVonNaXQVQZ6Xh-uqKexbeAnSl1odE6LLcHGxZh-2R6O63G2mnSlYmJutoXdsrW3QlDdWEDkiBWY2xfsoDXj69rJMbNOnP2FtzI4_mThtIAEJx4IzMn-Vbpnx73_DAow%26cry%3D1%26dbm_d%3DAKAmf-DiIrXwzSnn7JlWXTwhHqD0NlrmLaheN_6XPcJRGAsaX-GOqije0uA4bt9Xs9RMIx5hEaFxSE1Y22rindbueRYBLTztieNqeeGKaI4vhJhK7-5d8u0gVe1T0r0fiT35CLNAhdBd7xSN516S7rcQIenrbxP2ds1tHpDt_PgRr200TzQFc4jLLQtEXC3wVFI3LzMUHawFMmVU22kTAfYpibJODhp5_wg84LrVCsYY0_vSIFBfh7bcK_CDxSw0A5076o8Y_63xojeNEyYSbWlhXfFe9cg85D_Dq_zqN0qJBVHJojsr0qCCrLC73m-a-b4hrLIdWNOP5lQuAW7gXZURphr43_j-8z6KRWh6jeqEyX6K4b4_XKPf6eS2zeqXhL1jwgPFcDDyRKeyBS6-1KrgXeEaRCyX3xtK1wmB2jDkDUxvqr4jqBT9n4_q6ovuCUiEgl9Ve7gqGDMeSTNI5f6R9kkVPzJOh9yhCIzeqkje8UUS0fNfbp4w6Afcafqknp2JvQaPfc3w1Dhfjyu2HFp-hoxnrWEM30Q2CNhzbGlXu5EdSwRYjUY%26adurl%3D;uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.;dc_rfl=1,https%3A%2F%2Fthreatpost.com%2F$0;xdt=1;crlt=8g4DImoWCr;gcsr=m;sttr=95;rcsrc=h;prcl=s

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

28f18d39406a4b70dfa6cd479fe03f7ed918ca5c05cee26b87d9e1626cea1ed9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ad.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:22:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 69
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3159
x-xss-protection: 0
server: cafe
etag: 1394524276809619753
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 18 Apr 2022 15:22:24 GMT

GET
DATA 200
OK truncated
/ Frame 4DE6 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d58198a3d9dcac61549b296427023797e40de39b3b3bf0105ed7bb96202a9018

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20220330/r20110914/elements/html/ Frame C305 8 KB
3 KB 17ms
17ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220330/r20110914/elements/html/omrhp.js

Requested by

Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adi/N7171.3054164TW_ORGANIC/B27119434.326104590;dc_ver=85.248;sz=300x250;u_sd=1;gdpr=0;dc_adk=2004672148;ord=thc4tj;click=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCt6Axcg1LYpyCG8uYgQf8q7HIBo3TqLRpsrHFpsoPv87z_QgQASD5m_GEAWCV4qaCsAfIAQmoAwGqBJgCT9CSflIKdjJh76ZEphDtVeHAudg_UJdernnLQzsAcuxni2bF2IeTeR5WvVe63wn6ETOUHCtrxKM6Gv_N6BaRTaj5u3cAaZ2Yayka9gd9U7tcHLlzHxE1qs28SfFtCe7PcGtWgWpLtRK8xpHEX0T3rlAv-n8uKoCnv05j06Zah6cde9fGA1xBxYtnoH3qu7QnSLI1qtguuevDw49-VMAOxPWNpn9IifuUozdldCfp7rKF1Km61bGq-Ka-aXUQyaXviE3lVB5mrKVXC7Y-HJUoPX4KiGDuVzuRibfUwJAJinzYdwuaQHnyncyWRrZ-jdXDdCVBJoclM5jQAcs1tjKI8Tsw-GYCRSzlPWVMJyQjhGgY0uiqLqw77sAE5Oi8uo0E4AQDkAYBoAZNgAegzvb6AqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiAYRABGB2ACgOYCwHICwGADAGwE7iu4Q7QEwDYEwPYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAASJORoH_D-AVm3-lMEVFXjguhBCUzQ31Op7v_EJUUO1D6gWwUPNw%26sig%3DAOD64_1Ifd83NfSp77wWLG13IWJ_Xn-WEw%26client%3Dca-pub-4113681882311455%26dbm_c%3DAKAmf-CraVKk-C0_PyVU3-KDIfmx-JaCd-P_e8Om0P_RN_6MpDMNPs3pW4t_3zXdbpY6nzknBNiaFZss08dc4haL8ODn0xwHYhfb69Tp0OxtxKuvc-R_xdWjwhOhIEupPJpJn1x1AZDQ8zLTT3Eg4_HezWMRI1GQ7Q%26cry%3D1%26dbm_d%3DAKAmf-B0YyRTtUDewsEDRfO8f6VY9oGKJFRy-EtGnhuJnwArcQDBR90SjKocUliB71FyXwqV5ZC9OIqDTSIvXbdIOweP9fkK73fIrmQNIeimxQQ_PgN2dbEajBoCpSeIkxLClqS8d1-nEVSvdZ048RkQHZLFR7ojdgn9Jn661LFaCEfDqKh44O6gMm2R6Yd61GVjxlLoeOxbpNtji972dtkYwGCXCPOIUUmLdaKZoScM7jiuAcFUU6DeQwwIxQaaCflU-j7NUX5tr6N2xQgfmjr6re7MHdfcob2cr1RsI4qcSrQ_D0klCwJGoY-fYzDAyyBBG5Kt1h8gMVoeQCDWFrr2vojF8eLpywUg6CJdM6cAjJ_R7TCZAVt5T_Lx1KZoOS8m-PnAg7B53jkTN-2-ZHmSLfyCz2o4g7AgaiuneJrIdPPM32hqKftvN95leWLCZlUy2QRGmtuy00_IRGrmFwAHjUycSXEUstRDpWxEfjPzDXODoUZS9IYqw4SyEjQY4FzjkQHftMBY53sZWt6exbG4f2VvSeBnZB9AfWH7B-nJePrxax32oUE%26adurl%3D;uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.;dc_rfl=1,https%3A%2F%2Fthreatpost.com%2F$0;xdt=1;crlt=8g4DImoWCr;gcsr=m;sttr=119;prcl=s

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

28f18d39406a4b70dfa6cd479fe03f7ed918ca5c05cee26b87d9e1626cea1ed9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ad.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:22:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 69
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3159
x-xss-protection: 0
server: cafe
etag: 1394524276809619753
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 18 Apr 2022 15:22:24 GMT

GET
H3 200 createjs_2019.11.15_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame 952E 236 KB
63 KB 26ms
25ms Script
text/javascript 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/createjs_2019.11.15_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/2935049498588202523/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bc12347103da4da2ac30f8b4defd567679284e0bad691a54fad78ad804fc9c27

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/2935049498588202523/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:23:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 64275
x-xss-protection: 0
last-modified: Fri, 15 Nov 2019 19:16:20 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 04 Apr 2022 15:23:33 GMT

GET
H3 200 TEF_o2Business_21-05_01-Awareness_L05_300x600.js Show response
s0.2mdn.net/sadbundle/2935049498588202523/ Frame 952E 11 KB
4 KB 19ms
18ms Script
application/x-javascript 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/2935049498588202523/TEF_o2Business_21-05_01-Awareness_L05_300x600.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/2935049498588202523/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9151903cf1fcdcfd19720c440d6673f56d6cc5c6806f2aea26fbc654f95cb903

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/2935049498588202523/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Thu, 31 Mar 2022 13:39:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 351864
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3752
x-xss-protection: 0
last-modified: Wed, 16 Mar 2022 09:21:41 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 31 Mar 2023 13:39:09 GMT

GET
H3 200 express_html_inpage_rendering_lib_200_275.js Show response
s0.2mdn.net/879366/ Frame AB9C 106 KB
37 KB 19ms
18ms Script
text/javascript 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_275.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a23e44d9d02a2a9641a9bd3b47693656054c00b71890aed2fa7fc90151750f73

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ad.doubleclick.net/
Origin: https://ad.doubleclick.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 14:41:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2510
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37892
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:44:52 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 05 Apr 2022 14:41:43 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame AB9C 41 KB
15 KB 18ms
18ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ad.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 11:16:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 14814
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 04 Apr 2023 11:16:39 GMT

GET
H3 200 express_html_inpage_rendering_lib_200_275.js Show response
s0.2mdn.net/879366/ Frame C305 106 KB
37 KB 22ms
22ms Script
text/javascript 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_275.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a23e44d9d02a2a9641a9bd3b47693656054c00b71890aed2fa7fc90151750f73

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ad.doubleclick.net/
Origin: https://ad.doubleclick.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 14:41:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2510
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37892
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:44:52 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 05 Apr 2022 14:41:43 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame C305 41 KB
15 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ad.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 11:16:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 14814
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 04 Apr 2023 11:16:39 GMT

GET
H3 200 V_I9kkE0weacsZYJ7hXHsf1U2l7Bs5zHQi7wjQJaUfA.js Show response
pagead2.googlesyndication.com/bg/ Frame D6CB 35 KB
13 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/V_I9kkE0weacsZYJ7hXHsf1U2l7Bs5zHQi7wjQJaUfA.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

57f23d924134c1e69cb19609ee15c7b1fd54da5ec1b39cc7422ef08d025a51f0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 07:39:24 GMT
content-encoding: br
x-content-type-options: nosniff
age: 27849
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13731
x-xss-protection: 0
last-modified: Mon, 28 Mar 2022 10:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 04 Apr 2023 07:39:24 GMT

GET
H3 200 V_I9kkE0weacsZYJ7hXHsf1U2l7Bs5zHQi7wjQJaUfA.js Show response
pagead2.googlesyndication.com/bg/ Frame 89B8 35 KB
13 KB 23ms
23ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/V_I9kkE0weacsZYJ7hXHsf1U2l7Bs5zHQi7wjQJaUfA.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

57f23d924134c1e69cb19609ee15c7b1fd54da5ec1b39cc7422ef08d025a51f0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 07:39:24 GMT
content-encoding: br
x-content-type-options: nosniff
age: 27849
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13731
x-xss-protection: 0
last-modified: Mon, 28 Mar 2022 10:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 04 Apr 2023 07:39:24 GMT

GET
H2 204 current
dclk-match.dotomi.com/match/bounce/ Frame 0F59 0
104 B 144ms
45ms Image
text/plain 2a02:fa8:8806:20::2040
VCLK-EU-SE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dclk-match.dotomi.com/match/bounce/current?networkId=14000&version=1&google_gid=CAESEBJHKtl0oAXUfyTEmbHId5I&google_cver=1&google_push=AYg5qPJ_JOrc_IqLS_V3TnuOFo8_YsZIKqLHXCIkjOgTI6s1-BUXTktoW7UUEQ9v1l2rqkkhEiHuQT4tpOgCx08LlJQ2XjekRTTJ
Requested by: Host: 451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com
URL: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:fa8:8806:20::2040 , Singapore, ASN41041 (VCLK-EU-SE, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 15:23:33 GMT
cache-control: no-cache, private, max-age=0, no-store
server: nginx
expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 0F59
Redirect Chain

https://gcm.ctnsnet.com/int/cm?exc=1&acc=crimtan&google_gid=CAESEOgYk47vjnMFS_x3Jy0sexo&google_cver=1&google_push=AYg5qPKE6N--uw3pF2E3sYEHmFyesqb3fTUnPpV86ZuY_s9l5Ej2Oh3PwJ2hsmzS8jaEkEiKn69cfcOgGKW...
https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AYg5qPKE6N--uw3pF2E3sYEHmFyesqb3fTUnPpV86ZuY_s9l5Ej2Oh3PwJ2hsmzS8jaEkEiKn69cfcOgGKWB1DDT2OB0AbP9tOVE&google_hm=aGLYSbiuQ2qJxgxuRjz9BoQ

170 B
188 B

28ms
28ms

Image
image/png

142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AYg5qPKE6N--uw3pF2E3sYEHmFyesqb3fTUnPpV86ZuY_s9l5Ej2Oh3PwJ2hsmzS8jaEkEiKn69cfcOgGKWB1DDT2OB0AbP9tOVE&google_hm=aGLYSbiuQ2qJxgxuRjz9BoQ

Requested by

Host: 451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com
URL: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 15:23:33 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 04 Apr 2022 15:23:32 GMT
via: 1.1 google
server: Apache-Coyote/1.1
status: 302
p3p: CP="NOI DSP COR NID CUR OUR NOR"
location: https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AYg5qPKE6N--uw3pF2E3sYEHmFyesqb3fTUnPpV86ZuY_s9l5Ej2Oh3PwJ2hsmzS8jaEkEiKn69cfcOgGKWB1DDT2OB0AbP9tOVE&google_hm=aGLYSbiuQ2qJxgxuRjz9BoQ
cache-control: no-cache, must-revalidate
content-type: text/html;charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET

pixel
cm.g.doubleclick.net/ Frame 0F59
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEFjkvGfbgY-IoY230gun_ig&google_cver=1&googl...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YksNct4UTVn3MBHk14kPKAAABKAAAAAB&google_gid=CAESEFjkvGfbgY-IoY230gun_ig&google_cver=1&google_push=AYg5qPIfFTziByOSwvTFvDdJT68kZT9pP8Wrq...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YksNct4UTVn3MBHk14kPKAAABKAAAAAB&google_gid=CAESEFjkvGfbgY-IoY230gun_ig&google_cver=1&google_push=AYg5qPIfFTziByOSwvTFvDdJT68kZT9pP8Wrq...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YksNct4UTVn3MBHk14kPKAAABKAAAAAB&google_gid=CAESEFjkvGfbgY-IoY230gun_ig&google_cver=1&google_push=AYg5qPIfFTziByOSwvTFvDdJT68kZT9pP8Wrq...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YksNct4UTVn3MBHk14kPKAAABKAAAAAB&google_gid=CAESEFjkvGfbgY-IoY230gun_ig&google_cver=1&google_push=AYg5qPIfFTziByOSwvTFvDdJT68kZT9pP8Wrq...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YksNct4UTVn3MBHk14kPKAAABKAAAAAB&google_gid=CAESEFjkvGfbgY-IoY230gun_ig&google_cver=1&google_push=AYg5qPIfFTziByOSwvTFvDdJT68kZT9pP8Wrq...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YksNct4UTVn3MBHk14kPKAAABKAAAAAB&google_gid=CAESEFjkvGfbgY-IoY230gun_ig&google_cver=1&google_push=AYg5qPIfFTziByOSwvTFvDdJT68kZT9pP8Wrq...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YksNct4UTVn3MBHk14kPKAAABKAAAAAB&google_gid=CAESEFjkvGfbgY-IoY230gun_ig&google_cver=1&google_push=AYg5qPIfFTziByOSwvTFvDdJT68kZT9pP8Wrq...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YksNct4UTVn3MBHk14kPKAAABKAAAAAB&google_gid=CAESEFjkvGfbgY-IoY230gun_ig&google_cver=1&google_push=AYg5qPIfFTziByOSwvTFvDdJT68kZT9pP8Wrq...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YksNct4UTVn3MBHk14kPKAAABKAAAAAB&google_gid=CAESEFjkvGfbgY-IoY230gun_ig&google_cver=1&google_push=AYg5qPIfFTziByOSwvTFvDdJT68kZT9pP8Wrq...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YksNct4UTVn3MBHk14kPKAAABKAAAAAB&google_gid=CAESEFjkvGfbgY-IoY230gun_ig&google_cver=1&google_push=AYg5qPIfFTziByOSwvTFvDdJT68kZT9pP8Wrq...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YksNct4UTVn3MBHk14kPKAAABKAAAAAB&google_gid=CAESEFjkvGfbgY-IoY230gun_ig&google_cver=1&google_push=AYg5qPIfFTziByOSwvTFvDdJT68kZT9pP8Wrq...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YksNct4UTVn3MBHk14kPKAAABKAAAAAB&google_gid=CAESEFjkvGfbgY-IoY230gun_ig&google_cver=1&google_push=AYg5qPIfFTziByOSwvTFvDdJT68kZT9pP8Wrq...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YksNct4UTVn3MBHk14kPKAAABKAAAAAB&google_gid=CAESEFjkvGfbgY-IoY230gun_ig&google_cver=1&google_push=AYg5qPIfFTziByOSwvTFvDdJT68kZT9pP8Wrq...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YksNct4UTVn3MBHk14kPKAAABKAAAAAB&google_gid=CAESEFjkvGfbgY-IoY230gun_ig&google_cver=1&google_push=AYg5qPIfFTziByOSwvTFvDdJT68kZT9pP8Wrq...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YksNct4UTVn3MBHk14kPKAAABKAAAAAB&google_gid=CAESEFjkvGfbgY-IoY230gun_ig&google_cver=1&google_push=AYg5qPIfFTziByOSwvTFvDdJT68kZT9pP8Wrq...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YksNct4UTVn3MBHk14kPKAAABKAAAAAB&google_gid=CAESEFjkvGfbgY-IoY230gun_ig&google_cver=1&google_push=AYg5qPIfFTziByOSwvTFvDdJT68kZT9pP8Wrq...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YksNct4UTVn3MBHk14kPKAAABKAAAAAB&google_gid=CAESEFjkvGfbgY-IoY230gun_ig&google_cver=1&google_push=AYg5qPIfFTziByOSwvTFvDdJT68kZT9pP8Wrq...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YksNct4UTVn3MBHk14kPKAAABKAAAAAB&google_gid=CAESEFjkvGfbgY-IoY230gun_ig&google_cver=1&google_push=AYg5qPIfFTziByOSwvTFvDdJT68kZT9pP8Wrq...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YksNct4UTVn3MBHk14kPKAAABKAAAAAB&google_gid=CAESEFjkvGfbgY-IoY230gun_ig&google_cver=1&google_push=AYg5qPIfFTziByOSwvTFvDdJT68kZT9pP8Wrq...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YksNct4UTVn3MBHk14kPKAAABKAAAAAB&google_gid=CAESEFjkvGfbgY-IoY230gun_ig&google_cver=1&google_push=AYg5qPIfFTziByOSwvTFvDdJT68kZT9pP8Wrq...

0
0

GET
H2 204 exptsync
ads.yieldmo.com/ Frame 0F59 0
35 B 153ms
43ms Image
text/plain 63.34.46.247
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.yieldmo.com/exptsync?google_gid=CAESEDG9kZtF9paf6o6qE7j8UsI&google_cver=1&google_push=AYg5qPIGbFIpo2ggojNBM07_g64KNAkhCEARadHSWQ3HKuUi8lvYGZRxPcrcIIfBE2yRFDqyQc_K-Cn_qeyUEOX2ul4UJ3cUx5Hb
Requested by: Host: 451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com
URL: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 63.34.46.247 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-63-34-46-247.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:23:33 GMT

GET

pixel
cm.g.doubleclick.net/ Frame 0F59
Redirect Chain

https://match.360yield.com/match/ebda?google_gid=CAESEHl5j9-4UiBIXX63NIE__DM&google_cver=1&google_push=AYg5qPJ9B7Zpv4yEly-RqVLprWL_4UmI-J7Oz_SeshWJ9o123DSHuKrNhNZ1L5yuimJhcegsWnN7iVs1AkNeOY3Jtcr8yG...
https://match.360yield.com/ul_cb/match/ebda?google_gid=CAESEHl5j9-4UiBIXX63NIE__DM&google_cver=1&google_push=AYg5qPJ9B7Zpv4yEly-RqVLprWL_4UmI-J7Oz_SeshWJ9o123DSHuKrNhNZ1L5yuimJhcegsWnN7iVs1AkNeOY3J...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=tSNTRCgBS-aDHKwcaYUotg&google_push=AYg5qPJ9B7Zpv4yEly-RqVLprWL_4UmI-J7Oz_SeshWJ9o123DSHuKrNhNZ1L5yuimJhcegsWnN7iVs1AkNeOY3...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=tSNTRCgBS-aDHKwcaYUotg&google_push=AYg5qPJ9B7Zpv4yEly-RqVLprWL_4UmI-J7Oz_SeshWJ9o123DSHuKrNhNZ1L5yuimJhcegsWnN7iVs1AkNeOY3...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=tSNTRCgBS-aDHKwcaYUotg&google_push=AYg5qPJ9B7Zpv4yEly-RqVLprWL_4UmI-J7Oz_SeshWJ9o123DSHuKrNhNZ1L5yuimJhcegsWnN7iVs1AkNeOY3...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=tSNTRCgBS-aDHKwcaYUotg&google_push=AYg5qPJ9B7Zpv4yEly-RqVLprWL_4UmI-J7Oz_SeshWJ9o123DSHuKrNhNZ1L5yuimJhcegsWnN7iVs1AkNeOY3...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=tSNTRCgBS-aDHKwcaYUotg&google_push=AYg5qPJ9B7Zpv4yEly-RqVLprWL_4UmI-J7Oz_SeshWJ9o123DSHuKrNhNZ1L5yuimJhcegsWnN7iVs1AkNeOY3...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=tSNTRCgBS-aDHKwcaYUotg&google_push=AYg5qPJ9B7Zpv4yEly-RqVLprWL_4UmI-J7Oz_SeshWJ9o123DSHuKrNhNZ1L5yuimJhcegsWnN7iVs1AkNeOY3...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=tSNTRCgBS-aDHKwcaYUotg&google_push=AYg5qPJ9B7Zpv4yEly-RqVLprWL_4UmI-J7Oz_SeshWJ9o123DSHuKrNhNZ1L5yuimJhcegsWnN7iVs1AkNeOY3...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=tSNTRCgBS-aDHKwcaYUotg&google_push=AYg5qPJ9B7Zpv4yEly-RqVLprWL_4UmI-J7Oz_SeshWJ9o123DSHuKrNhNZ1L5yuimJhcegsWnN7iVs1AkNeOY3...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=tSNTRCgBS-aDHKwcaYUotg&google_push=AYg5qPJ9B7Zpv4yEly-RqVLprWL_4UmI-J7Oz_SeshWJ9o123DSHuKrNhNZ1L5yuimJhcegsWnN7iVs1AkNeOY3...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=tSNTRCgBS-aDHKwcaYUotg&google_push=AYg5qPJ9B7Zpv4yEly-RqVLprWL_4UmI-J7Oz_SeshWJ9o123DSHuKrNhNZ1L5yuimJhcegsWnN7iVs1AkNeOY3...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=tSNTRCgBS-aDHKwcaYUotg&google_push=AYg5qPJ9B7Zpv4yEly-RqVLprWL_4UmI-J7Oz_SeshWJ9o123DSHuKrNhNZ1L5yuimJhcegsWnN7iVs1AkNeOY3...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=tSNTRCgBS-aDHKwcaYUotg&google_push=AYg5qPJ9B7Zpv4yEly-RqVLprWL_4UmI-J7Oz_SeshWJ9o123DSHuKrNhNZ1L5yuimJhcegsWnN7iVs1AkNeOY3...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=tSNTRCgBS-aDHKwcaYUotg&google_push=AYg5qPJ9B7Zpv4yEly-RqVLprWL_4UmI-J7Oz_SeshWJ9o123DSHuKrNhNZ1L5yuimJhcegsWnN7iVs1AkNeOY3...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=tSNTRCgBS-aDHKwcaYUotg&google_push=AYg5qPJ9B7Zpv4yEly-RqVLprWL_4UmI-J7Oz_SeshWJ9o123DSHuKrNhNZ1L5yuimJhcegsWnN7iVs1AkNeOY3...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=tSNTRCgBS-aDHKwcaYUotg&google_push=AYg5qPJ9B7Zpv4yEly-RqVLprWL_4UmI-J7Oz_SeshWJ9o123DSHuKrNhNZ1L5yuimJhcegsWnN7iVs1AkNeOY3...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=tSNTRCgBS-aDHKwcaYUotg&google_push=AYg5qPJ9B7Zpv4yEly-RqVLprWL_4UmI-J7Oz_SeshWJ9o123DSHuKrNhNZ1L5yuimJhcegsWnN7iVs1AkNeOY3...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=tSNTRCgBS-aDHKwcaYUotg&google_push=AYg5qPJ9B7Zpv4yEly-RqVLprWL_4UmI-J7Oz_SeshWJ9o123DSHuKrNhNZ1L5yuimJhcegsWnN7iVs1AkNeOY3...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=tSNTRCgBS-aDHKwcaYUotg&google_push=AYg5qPJ9B7Zpv4yEly-RqVLprWL_4UmI-J7Oz_SeshWJ9o123DSHuKrNhNZ1L5yuimJhcegsWnN7iVs1AkNeOY3...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=tSNTRCgBS-aDHKwcaYUotg&google_push=AYg5qPJ9B7Zpv4yEly-RqVLprWL_4UmI-J7Oz_SeshWJ9o123DSHuKrNhNZ1L5yuimJhcegsWnN7iVs1AkNeOY3...

0
0

GET
H2 204 /
cc.adingo.jp/adx/push/ Frame 0F59 0
44 B 793ms
260ms Image
text/plain 13.115.149.166
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cc.adingo.jp/adx/push/?google_gid=CAESEE4uyhkID_K6yA0IP-a_7Y0&google_cver=1&google_push=AYg5qPLl-dlHfTh0V80CYKhe2yCWj1qDCEYuarZDHIYjp-JdD7cT3YAX9GweaQZodxqqp3Pw26dypolSFRRpRVgwvzhTXFTHrnLt
Requested by: Host: 451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com
URL: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.115.149.166 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-13-115-149-166.ap-northeast-1.compute.amazonaws.com
Software: awselb/2.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:23:33 GMT
server: awselb/2.0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 0F59
Redirect Chain

https://sm.rtb.mts.ru/p?ssp=googlevid&pm=1&google_gid=CAESEBlZ1lt7IW0vtQK6V3SW2rQ&google_cver=1&google_push=AYg5qPKzA4UvyulsAwPcWxWI0MQwLB4TeLXh7v0HNHfckCN8d8zlFl_zHBQSmeW_1kvSKNpTwIUMMnpp86nvNgrNv...
https://sm.rtb.mts.ru/match/second?ssp=13&google_push=AYg5qPKzA4UvyulsAwPcWxWI0MQwLB4TeLXh7v0HNHfckCN8d8zlFl_zHBQSmeW_1kvSKNpTwIUMMnpp86nvNgrNvw2100fxpTbjUg&exu=CAESEBlZ1lt7IW0vtQK6V3SW2rQ
https://tech.rtb.mts.ru/?dsp_uid=fd127087-8aa9-48e2-b0e8-22a1e52d992e&return_url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dstream_llc_2%26id%3Dfd127087-8aa9-48e2-b0e8-22a1e52d992e%2...
https://cm.g.doubleclick.net/pixel?google_nid=stream_llc_2&id=fd127087-8aa9-48e2-b0e8-22a1e52d992e&google_push=AYg5qPKzA4UvyulsAwPcWxWI0MQwLB4TeLXh7v0HNHfckCN8d8zlFl_zHBQSmeW_1kvSKNpTwIUMMnpp86nvNg...

170 B
188 B

30ms
29ms

Image
image/png

142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=stream_llc_2&id=fd127087-8aa9-48e2-b0e8-22a1e52d992e&google_push=AYg5qPKzA4UvyulsAwPcWxWI0MQwLB4TeLXh7v0HNHfckCN8d8zlFl_zHBQSmeW_1kvSKNpTwIUMMnpp86nvNgrNvw2100fxpTbjUg

Requested by

Host: 451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com
URL: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 15:23:33 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Mon, 04 Apr 2022 15:23:33 GMT
Server: nginx/1.20.2
Transfer-Encoding: chunked
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
Content-Type: text/html; charset=utf-8
Location: https://cm.g.doubleclick.net/pixel?google_nid=stream_llc_2&id=fd127087-8aa9-48e2-b0e8-22a1e52d992e&google_push=AYg5qPKzA4UvyulsAwPcWxWI0MQwLB4TeLXh7v0HNHfckCN8d8zlFl_zHBQSmeW_1kvSKNpTwIUMMnpp86nvNgrNvw2100fxpTbjUg
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 0F59 0
12 B 29ms
25ms Image
text/html 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13IwCu2fnrT8vD-q6uiu05tqRsyLP_mj1fUvTmb781mL4KSLhm3koBnJVwYQBmlewA3AyN96lw

Requested by

Host: 451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com
URL: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:23:33 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 12B6 22 KB
8 KB 19ms
18ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

accept-ranges: bytes
age: 14813
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 04 Apr 2022 11:16:40 GMT
expires: Tue, 04 Apr 2023 11:16:40 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 google
match.adsrvr.org/track/cmf/ Frame 5A80 70 B
264 B 41ms
40ms Image
image/gif 15.197.193.217
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/google?google_gid=CAESEEf6rAJ5H7Q6jPN6DkBAti4&google_cver=1&google_push=AYg5qPLtmnzqlExjROvOxqGu78LSUqT_phodZUaIzulf1y9er8q-aOzMkhTeUORpycZ0CbsPbbvzPF4EyIB1rUc3wB5TNTlWj9Zv
Requested by: Host: 451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com
URL: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 15.197.193.217 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a12b7a488abeaa9e4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 15:23:33 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H2 204 pixelSync
pixel-sync.sitescout.com/dmp/ Frame 5A80 0
191 B 120ms
35ms Image
text/plain 66.155.71.150
COGECO-PEER1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel-sync.sitescout.com/dmp/pixelSync?nid=8&google_gid=CAESEN5jmP7ptdJjJ_6o6T_-_gM&google_cver=1&google_push=AYg5qPJ-ZS3JD4UiKn2INMSbO8auhNA_-p2nbAdJFBOUwE9BxE_vUcpq15D6UHQERAnYaU3gI5m0hJaTmROSgurMBlsZoqsKn4ID
Requested by: Host: 451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com
URL: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 66.155.71.150 Portsmouth, United Kingdom, ASN13768 (COGECO-PEER1, CA),
Reverse DNS
Software: AC1.1 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 15:23:32 GMT
cache-control: max-age=0,no-cache,no-store
server: AC1.1
p3p: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
expires: Tue, 11 Oct 1977 12:34:56 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 5A80
Redirect Chain

https://sync.srv.stackadapt.com/sync?nid=154&google_gid=CAESEIyTqIH7wrPxWpU4X4VSys0&google_cver=1&google_push=AYg5qPIb_nD6bV5A4du9lZgc_2Nr_QE-cBP2snzuCgaQTalIjUzusRUXefaRDTuJRoaQ1D46s84SKOxOFOI3hWe...
https://cm.g.doubleclick.net/pixel?google_nid=stackadapt_usd&google_hm=ukEAkwxASVJQBhDbvu1w19ly14Q&google_push=AYg5qPIb_nD6bV5A4du9lZgc_2Nr_QE-cBP2snzuCgaQTalIjUzusRUXefaRDTuJRoaQ1D46s84SKOxOFOI3hW...

170 B
188 B

34ms
33ms

Image
image/png

142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=stackadapt_usd&google_hm=ukEAkwxASVJQBhDbvu1w19ly14Q&google_push=AYg5qPIb_nD6bV5A4du9lZgc_2Nr_QE-cBP2snzuCgaQTalIjUzusRUXefaRDTuJRoaQ1D46s84SKOxOFOI3hWejxfoy86GipHVP

Protocol

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 15:23:33 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=stackadapt_usd&google_hm=ukEAkwxASVJQBhDbvu1w19ly14Q&google_push=AYg5qPIb_nD6bV5A4du9lZgc_2Nr_QE-cBP2snzuCgaQTalIjUzusRUXefaRDTuJRoaQ1D46s84SKOxOFOI3hWejxfoy86GipHVP
Date: Mon, 04 Apr 2022 15:23:33 GMT
Connection: keep-alive
Content-Length: 242
Content-Type: text/html; charset=utf-8

GET
H2 204 exptsync
ads.yieldmo.com/ Frame 5A80 0
34 B 139ms
44ms Image
text/plain 63.34.46.247
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.yieldmo.com/exptsync?google_gid=CAESEDG9kZtF9paf6o6qE7j8UsI&google_cver=1&google_push=AYg5qPIcmg2XCfwk7W0tmz-MoY0nC55YrDJlX3IQbhfPdPJ-Rp_KUZ80MvtUlSXyBc63DGs3qKjKr53nwkBf_cwIaRp7RTzCkHpB
Requested by: Host: 451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com
URL: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 63.34.46.247 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-63-34-46-247.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:23:33 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 5A80
Redirect Chain

https://pixel.advertising.com/ups/58202/sync?gdpr=&gdpr_consent=&redir=true&google_gid=CAESEH8H2x34knZpAC1IR64HMIo&google_cver=1&google_push=AYg5qPLP9f-vVk9uQs09huy6OxuahmdGScKm8fSM9UKWyMNv-ouvOv7P...
https://ups.analytics.yahoo.com/ups/58202/sync?gdpr=&gdpr_consent=&redir=true&google_gid=CAESEH8H2x34knZpAC1IR64HMIo&google_cver=1&google_push=AYg5qPLP9f-vVk9uQs09huy6OxuahmdGScKm8fSM9UKWyMNv-ouvOv...
https://cm.g.doubleclick.net/pixel?google_nid=oath_eb&google_hm=VVAzMDFlMmQwZi1iNDJiLTExZWMtOGRlNC0wMjU0Zjg3ZTBmMGM%3D&google_push=AYg5qPLP9f-vVk9uQs09huy6OxuahmdGScKm8fSM9UKWyMNv-ouvOv7P9sIifGpEfS...

170 B
188 B

31ms
30ms

Image
image/png

142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=oath_eb&google_hm=VVAzMDFlMmQwZi1iNDJiLTExZWMtOGRlNC0wMjU0Zjg3ZTBmMGM%3D&google_push=AYg5qPLP9f-vVk9uQs09huy6OxuahmdGScKm8fSM9UKWyMNv-ouvOv7P9sIifGpEfS55NJKbb21SpMS5b2dzqSePnXmd6FtAjt1lQw

Requested by

Host: 451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com
URL: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 15:23:33 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=oath_eb&google_hm=VVAzMDFlMmQwZi1iNDJiLTExZWMtOGRlNC0wMjU0Zjg3ZTBmMGM%3D&google_push=AYg5qPLP9f-vVk9uQs09huy6OxuahmdGScKm8fSM9UKWyMNv-ouvOv7P9sIifGpEfS55NJKbb21SpMS5b2dzqSePnXmd6FtAjt1lQw
date: Mon, 04 Apr 2022 15:23:33 GMT
server: ATS/9.1.0.33
age: 0
content-length: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 5A80
Redirect Chain

https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEFmq-cyYOvwM0qIaK9a0vBA&google_cver=1&google_push=AYg5qPJpOGXGC1YzVXtulOY-Cgvtnvb_ZzMF6yF1pO-pNF65m41hu25Ffs59VxBlh16KJweaLc...
https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1PTWQxT2NKRTJ1RTRDdjRjcy5Hc0tsR0NTY3cwajd3Sn5B&google_push=AYg5qPJpOGXGC1YzVXtulOY-Cgvtnvb_ZzMF6yF1pO-pNF65m41hu25Ff...

170 B
188 B

27ms
27ms

Image
image/png

142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1PTWQxT2NKRTJ1RTRDdjRjcy5Hc0tsR0NTY3cwajd3Sn5B&google_push=AYg5qPJpOGXGC1YzVXtulOY-Cgvtnvb_ZzMF6yF1pO-pNF65m41hu25Ffs59VxBlh16KJweaLcVEoEZQH2rtfDCb4O_0HU2_n5ii

Requested by

Host: 451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com
URL: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 15:23:33 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1PTWQxT2NKRTJ1RTRDdjRjcy5Hc0tsR0NTY3cwajd3Sn5B&google_push=AYg5qPJpOGXGC1YzVXtulOY-Cgvtnvb_ZzMF6yF1pO-pNF65m41hu25Ffs59VxBlh16KJweaLcVEoEZQH2rtfDCb4O_0HU2_n5ii
date: Mon, 04 Apr 2022 15:23:33 GMT
server: ATS/9.1.0.33
age: 0
content-length: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H2

204

/
onetag-sys.com/sync/i,19/ Frame 5A80
Redirect Chain

https://onetag-sys.com/match/?int_id=106&redir=1&google_gid=CAESEI_poNSw5WSETZssW0L-vy4&google_cver=1&google_push=AYg5qPLae_Pz6gDgj7ksarRw5dvuCcBrAIN-k7p-PQFPocGvkm221nJXY-EuR667NPLt4mLL9oheMFK24aN...
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AYg5qPLae_Pz6gDgj7ksarRw5dvuCcBrAIN-k7p-PQFPocGvkm221nJXY-EuR667NPLt4mLL9oheMFK24aN-D2GRTQqPvZwI5StVYQ
https://onetag-sys.com/sync/i,19/?google_error=5

0
148 B

18ms
17ms

Image
text/plain

51.75.86.98
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://onetag-sys.com/sync/i,19/?google_error=5

Requested by

Host: 451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com
URL: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

51.75.86.98 , France, ASN16276 (OVH, FR),

Reverse DNS

ip98.ip-51-75-86.eu

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
cache-control: no-cache, no-transform
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

pragma: no-cache
date: Mon, 04 Apr 2022 15:23:33 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://onetag-sys.com/sync/i,19/?google_error=5
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 245
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 5A80 0
12 B 26ms
25ms Image
text/html 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13Iv8K99UZY9jJBmLJYIdnPYuzIwqcqnQWvfGbfyOBdmy43qcBDRu2o56JhYfvWqkUbuD5GwPWnI

Requested by

Host: 451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com
URL: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:23:33 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 5190
Redirect Chain

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEJvG7Qs1R0vKPoVnrIJJwGw&google_cver=1&google_push=AYg5qPI1eR4FEVDBPBlnZvXYhdHvEWOqCnYewp3ByJUYzHJU8CLfrUzCSl...
https://cm.g.doubleclick.net/pixel?&google_nid=B765081F39B1F7&google_push=AYg5qPI1eR4FEVDBPBlnZvXYhdHvEWOqCnYewp3ByJUYzHJU8CLfrUzCSlcxhv0m0xn1e9J8V9oXmnKMCDol0EP4K1kgsw7zSbA&google_hm=goqe6sWiSEwcF...

170 B
188 B

30ms
29ms

Image
image/png

142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?&google_nid=B765081F39B1F7&google_push=AYg5qPI1eR4FEVDBPBlnZvXYhdHvEWOqCnYewp3ByJUYzHJU8CLfrUzCSlcxhv0m0xn1e9J8V9oXmnKMCDol0EP4K1kgsw7zSbA&google_hm=goqe6sWiSEwcFB-9Bm0ZeA

Requested by

Host: 451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com
URL: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 15:23:33 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 04 Apr 2022 15:23:33 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
location: https://cm.g.doubleclick.net/pixel?&google_nid=B765081F39B1F7&google_push=AYg5qPI1eR4FEVDBPBlnZvXYhdHvEWOqCnYewp3ByJUYzHJU8CLfrUzCSlcxhv0m0xn1e9J8V9oXmnKMCDol0EP4K1kgsw7zSbA&google_hm=goqe6sWiSEwcFB-9Bm0ZeA
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 0
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET match
um.wbtrk.net/doubleclick/user/ Frame 5190 0
0

GET

pixel
cm.g.doubleclick.net/ Frame 5190
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEFjkvGfbgY-IoY230gun_ig&google_cver=1&googl...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YksNct4UTVn3MBHk14kPKAAABKAAAAAB&google_push=AYg5qPJfVcORVVnsql0PQX8sYkjRZQDRXpom5JYfDer9GleXIFsJSvCddYbHJETAanXnzQg7I12RnHEJoVPZZmEe7h...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YksNct4UTVn3MBHk14kPKAAABKAAAAAB&google_push=AYg5qPJfVcORVVnsql0PQX8sYkjRZQDRXpom5JYfDer9GleXIFsJSvCddYbHJETAanXnzQg7I12RnHEJoVPZZmEe7h...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YksNct4UTVn3MBHk14kPKAAABKAAAAAB&google_push=AYg5qPJfVcORVVnsql0PQX8sYkjRZQDRXpom5JYfDer9GleXIFsJSvCddYbHJETAanXnzQg7I12RnHEJoVPZZmEe7h...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YksNct4UTVn3MBHk14kPKAAABKAAAAAB&google_push=AYg5qPJfVcORVVnsql0PQX8sYkjRZQDRXpom5JYfDer9GleXIFsJSvCddYbHJETAanXnzQg7I12RnHEJoVPZZmEe7h...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YksNct4UTVn3MBHk14kPKAAABKAAAAAB&google_push=AYg5qPJfVcORVVnsql0PQX8sYkjRZQDRXpom5JYfDer9GleXIFsJSvCddYbHJETAanXnzQg7I12RnHEJoVPZZmEe7h...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YksNct4UTVn3MBHk14kPKAAABKAAAAAB&google_push=AYg5qPJfVcORVVnsql0PQX8sYkjRZQDRXpom5JYfDer9GleXIFsJSvCddYbHJETAanXnzQg7I12RnHEJoVPZZmEe7h...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YksNct4UTVn3MBHk14kPKAAABKAAAAAB&google_push=AYg5qPJfVcORVVnsql0PQX8sYkjRZQDRXpom5JYfDer9GleXIFsJSvCddYbHJETAanXnzQg7I12RnHEJoVPZZmEe7h...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YksNct4UTVn3MBHk14kPKAAABKAAAAAB&google_push=AYg5qPJfVcORVVnsql0PQX8sYkjRZQDRXpom5JYfDer9GleXIFsJSvCddYbHJETAanXnzQg7I12RnHEJoVPZZmEe7h...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YksNct4UTVn3MBHk14kPKAAABKAAAAAB&google_push=AYg5qPJfVcORVVnsql0PQX8sYkjRZQDRXpom5JYfDer9GleXIFsJSvCddYbHJETAanXnzQg7I12RnHEJoVPZZmEe7h...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YksNct4UTVn3MBHk14kPKAAABKAAAAAB&google_push=AYg5qPJfVcORVVnsql0PQX8sYkjRZQDRXpom5JYfDer9GleXIFsJSvCddYbHJETAanXnzQg7I12RnHEJoVPZZmEe7h...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YksNct4UTVn3MBHk14kPKAAABKAAAAAB&google_push=AYg5qPJfVcORVVnsql0PQX8sYkjRZQDRXpom5JYfDer9GleXIFsJSvCddYbHJETAanXnzQg7I12RnHEJoVPZZmEe7h...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YksNct4UTVn3MBHk14kPKAAABKAAAAAB&google_push=AYg5qPJfVcORVVnsql0PQX8sYkjRZQDRXpom5JYfDer9GleXIFsJSvCddYbHJETAanXnzQg7I12RnHEJoVPZZmEe7h...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YksNct4UTVn3MBHk14kPKAAABKAAAAAB&google_push=AYg5qPJfVcORVVnsql0PQX8sYkjRZQDRXpom5JYfDer9GleXIFsJSvCddYbHJETAanXnzQg7I12RnHEJoVPZZmEe7h...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YksNct4UTVn3MBHk14kPKAAABKAAAAAB&google_push=AYg5qPJfVcORVVnsql0PQX8sYkjRZQDRXpom5JYfDer9GleXIFsJSvCddYbHJETAanXnzQg7I12RnHEJoVPZZmEe7h...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YksNct4UTVn3MBHk14kPKAAABKAAAAAB&google_push=AYg5qPJfVcORVVnsql0PQX8sYkjRZQDRXpom5JYfDer9GleXIFsJSvCddYbHJETAanXnzQg7I12RnHEJoVPZZmEe7h...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YksNct4UTVn3MBHk14kPKAAABKAAAAAB&google_push=AYg5qPJfVcORVVnsql0PQX8sYkjRZQDRXpom5JYfDer9GleXIFsJSvCddYbHJETAanXnzQg7I12RnHEJoVPZZmEe7h...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YksNct4UTVn3MBHk14kPKAAABKAAAAAB&google_push=AYg5qPJfVcORVVnsql0PQX8sYkjRZQDRXpom5JYfDer9GleXIFsJSvCddYbHJETAanXnzQg7I12RnHEJoVPZZmEe7h...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YksNct4UTVn3MBHk14kPKAAABKAAAAAB&google_push=AYg5qPJfVcORVVnsql0PQX8sYkjRZQDRXpom5JYfDer9GleXIFsJSvCddYbHJETAanXnzQg7I12RnHEJoVPZZmEe7h...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YksNct4UTVn3MBHk14kPKAAABKAAAAAB&google_push=AYg5qPJfVcORVVnsql0PQX8sYkjRZQDRXpom5JYfDer9GleXIFsJSvCddYbHJETAanXnzQg7I12RnHEJoVPZZmEe7h...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YksNct4UTVn3MBHk14kPKAAABKAAAAAB&google_push=AYg5qPJfVcORVVnsql0PQX8sYkjRZQDRXpom5JYfDer9GleXIFsJSvCddYbHJETAanXnzQg7I12RnHEJoVPZZmEe7h...

0
0

GET
H2 204 pub
cs.chocolateplatform.com/ Frame 5190 0
68 B 389ms
100ms Image
text/plain 159.203.145.121
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cs.chocolateplatform.com/pub?pid=ebda&google_gid=CAESEErHGyCIxsyRt7hdxKGeRmE&google_cver=1&google_push=AYg5qPIoXD00T4QXHUWitq2S69MI_qUING6mrvhwywNiLCOhQKdOX8ERsaf7z5TjVJnUkosQyMXwzOng9e-YyRJ0QOl7l8V8u1E
Requested by: Host: 451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com
URL: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 159.203.145.121 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: Chocolate Cookie Sync Powered by Vdopia /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:23:33 GMT
server: Chocolate Cookie Sync Powered by Vdopia

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 5190
Redirect Chain

https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEFmq-cyYOvwM0qIaK9a0vBA&google_cver=1&google_push=AYg5qPIDWAs91p0seRPTL6md1xDA5MmHZoCdXNKKuHcHjgVN-5D_YHwYkp7qxo5jdqH7LK-v-C...
https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1PTWQxT2NKRTJ1RTRDdjRjcy5Hc0tsR0NTY3cwajd3Sn5B&google_push=AYg5qPIDWAs91p0seRPTL6md1xDA5MmHZoCdXNKKuHcHjgVN-5D_YHwYk...

170 B
188 B

32ms
31ms

Image
image/png

142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1PTWQxT2NKRTJ1RTRDdjRjcy5Hc0tsR0NTY3cwajd3Sn5B&google_push=AYg5qPIDWAs91p0seRPTL6md1xDA5MmHZoCdXNKKuHcHjgVN-5D_YHwYkp7qxo5jdqH7LK-v-CN176ZXUR9o60IrA_9Yj1iyF7NAYg

Requested by

Host: 451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com
URL: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 15:23:33 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1PTWQxT2NKRTJ1RTRDdjRjcy5Hc0tsR0NTY3cwajd3Sn5B&google_push=AYg5qPIDWAs91p0seRPTL6md1xDA5MmHZoCdXNKKuHcHjgVN-5D_YHwYkp7qxo5jdqH7LK-v-CN176ZXUR9o60IrA_9Yj1iyF7NAYg
date: Mon, 04 Apr 2022 15:23:33 GMT
server: ATS/9.1.0.33
age: 0
content-length: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET ggl
ads.avads.net/sync/ Frame 5190 0
0

GET gob
sync.inmobi.com/ Frame 5190 0
0

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 5190 0
12 B 27ms
25ms Image
text/html 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13KoQEKXl7XJJ7WBZdB8wn9R63dX7jmySv_owD0kEkAdX5QDK66rcBMs7UXRmTGl512yhbsU6qbo

Requested by

Host: 451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com
URL: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:23:33 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame D3AF 22 KB
8 KB 20ms
19ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ad.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

accept-ranges: bytes
age: 14813
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 04 Apr 2022 11:16:40 GMT
expires: Tue, 04 Apr 2023 11:16:40 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 878D 22 KB
8 KB 21ms
20ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ad.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

accept-ranges: bytes
age: 14813
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 04 Apr 2022 11:16:40 GMT
expires: Tue, 04 Apr 2023 11:16:40 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame AB9C 119 KB
36 KB 30ms
30ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_275.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d593fdf64289375adaa96b87ebf4c4beec2995d730e3601254e0a226808bfe57

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ad.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:23:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36916
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1648640521462251"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 04 Apr 2022 15:23:33 GMT

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/17907679525311717772/mandiant_constant_728x90/ Frame DA2A 6 KB
2 KB 18ms
18ms Document
text/html 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/17907679525311717772/mandiant_constant_728x90/index.html

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_275.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

463187e6623e8c2bada952641a689f60c637e92fb2727e83b35318a7d3e2ab14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ad.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 83
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 2393
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Mon, 04 Apr 2022 15:22:10 GMT
expires: Tue, 04 Apr 2023 15:22:10 GMT
last-modified: Fri, 01 Apr 2022 14:36:42 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame AB9C 0
26 B 80ms
53ms Ping
image/gif 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjst6iY-zG55s_UGagB7RcPYi9Ijh0WJyk9NEys7BCc2fNy-JN7qRxcBLIV5ioW7CxllfIl9JPnziadOIgHPdTF5ATK4-V9L4YET4PXv__s7UL2vlKIkRlR5jI45LQTuq9IYyt3MmpVJ7xpsFcuV1&sig=Cg0ArKJSzBOc81A-_jNzEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=82&cbvp=1&cstd=80&cisv=r20220330.88618&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&adurl=

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ad.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 04 Apr 2022 15:23:33 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 cta.png
s0.2mdn.net/sadbundle/2935049498588202523/ Frame 952E 707 B
734 B 19ms
19ms Image
image/png 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/2935049498588202523/cta.png

Requested by

Host: 451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com
URL: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

aac2dd9f70c9c52e69e9b3751581824c3e5376a404563ba2f350aaab6ee43c91

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/2935049498588202523/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Thu, 31 Mar 2022 13:39:09 GMT
x-content-type-options: nosniff
age: 351864
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 707
x-xss-protection: 0
last-modified: Wed, 16 Mar 2022 09:21:41 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 31 Mar 2023 13:39:09 GMT

GET
H3 200 hl_01.png
s0.2mdn.net/sadbundle/2935049498588202523/ Frame 952E 3 KB
3 KB 19ms
18ms Image
image/png 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/2935049498588202523/hl_01.png

Requested by

Host: 451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com
URL: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6be067b7743a9176f3e4a9c65ed07e43e72dad23e127b5ffde1caa4d84b0b0f6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/2935049498588202523/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Thu, 31 Mar 2022 13:39:09 GMT
x-content-type-options: nosniff
age: 351864
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2956
x-xss-protection: 0
last-modified: Wed, 16 Mar 2022 09:21:41 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 31 Mar 2023 13:39:09 GMT

GET
H3 200 hl_02.png
s0.2mdn.net/sadbundle/2935049498588202523/ Frame 952E 2 KB
2 KB 19ms
18ms Image
image/png 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/2935049498588202523/hl_02.png

Requested by

Host: 451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com
URL: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a9d82b1f790c96b18b50fe7eff489a57f644cd60a4c12adeac385dcb8dd23bb2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/2935049498588202523/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Thu, 31 Mar 2022 13:39:09 GMT
x-content-type-options: nosniff
age: 351864
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2110
x-xss-protection: 0
last-modified: Wed, 16 Mar 2022 09:21:41 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 31 Mar 2023 13:39:09 GMT

GET
H3 200 hl_03.png
s0.2mdn.net/sadbundle/2935049498588202523/ Frame 952E 2 KB
2 KB 21ms
19ms Image
image/png 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/2935049498588202523/hl_03.png

Requested by

Host: 451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com
URL: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e36e52f2dea526e013e72de047c397cb01506cae0394f2365a365ed549508cb9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/2935049498588202523/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 28 Mar 2022 20:41:56 GMT
x-content-type-options: nosniff
age: 585697
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2430
x-xss-protection: 0
last-modified: Wed, 16 Mar 2022 09:21:41 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 28 Mar 2023 20:41:56 GMT

GET
H3 200 image_bg_01.jpg
s0.2mdn.net/sadbundle/2935049498588202523/ Frame 952E 27 KB
27 KB 22ms
20ms Image
image/jpeg 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/2935049498588202523/image_bg_01.jpg

Requested by

Host: 451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com
URL: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

94706947fc97a408c79e7ce545dbe0915dacdc1a0e94944e83f68862c866aeab

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/2935049498588202523/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Thu, 31 Mar 2022 13:39:09 GMT
x-content-type-options: nosniff
age: 351864
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28124
x-xss-protection: 0
last-modified: Wed, 16 Mar 2022 09:21:41 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 31 Mar 2023 13:39:09 GMT

GET
H3 200 image_bg_02.jpg
s0.2mdn.net/sadbundle/2935049498588202523/ Frame 952E 8 KB
8 KB 22ms
20ms Image
image/jpeg 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/2935049498588202523/image_bg_02.jpg

Requested by

Host: 451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com
URL: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

762fbd0ed8d039b77a774a8f040600d6c1d9c9a23fb5bee6015c2b5729f75fe1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/2935049498588202523/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Thu, 31 Mar 2022 13:39:09 GMT
x-content-type-options: nosniff
age: 351864
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8082
x-xss-protection: 0
last-modified: Wed, 16 Mar 2022 09:21:41 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 31 Mar 2023 13:39:09 GMT

GET
H3 200 label_red.png
s0.2mdn.net/sadbundle/2935049498588202523/ Frame 952E 1 KB
1 KB 21ms
19ms Image
image/png 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/2935049498588202523/label_red.png

Requested by

Host: 451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com
URL: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dfcd4bd02a71994b7f5d7df2ce2bcaeb7266a9e901555dc82af84e700e0f05e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/2935049498588202523/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Thu, 31 Mar 2022 13:39:09 GMT
x-content-type-options: nosniff
age: 351864
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1067
x-xss-protection: 0
last-modified: Wed, 16 Mar 2022 09:21:41 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 31 Mar 2023 13:39:09 GMT

GET
H3 200 logo_blue.png
s0.2mdn.net/sadbundle/2935049498588202523/ Frame 952E 2 KB
2 KB 26ms
24ms Image
image/png 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/2935049498588202523/logo_blue.png

Requested by

Host: 451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com
URL: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

75749bcc96610e4e7a84996bacc0496fb9a6a39540f17685594348d7a3971f1c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/2935049498588202523/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Thu, 31 Mar 2022 13:39:09 GMT
x-content-type-options: nosniff
age: 351864
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1816
x-xss-protection: 0
last-modified: Wed, 16 Mar 2022 09:21:41 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 31 Mar 2023 13:39:09 GMT

GET
H3 200 logo_white.png
s0.2mdn.net/sadbundle/2935049498588202523/ Frame 952E 2 KB
2 KB 25ms
23ms Image
image/png 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/2935049498588202523/logo_white.png

Requested by

Host: 451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com
URL: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

171d552ced7daf557a3bcb4cd294ed6c71d50417062128b318495bbb00078a03

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/2935049498588202523/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Thu, 31 Mar 2022 13:39:09 GMT
x-content-type-options: nosniff
age: 351864
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1840
x-xss-protection: 0
last-modified: Wed, 16 Mar 2022 09:21:41 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 31 Mar 2023 13:39:09 GMT

GET
H3 200 seal.png
s0.2mdn.net/sadbundle/2935049498588202523/ Frame 952E 9 KB
9 KB 26ms
24ms Image
image/png 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/2935049498588202523/seal.png

Requested by

Host: 451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com
URL: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9fc2e3c5c08c80a2e9d0c4dd44492a4938a6a7da0665c2e15f41472cff60e8ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/2935049498588202523/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Thu, 31 Mar 2022 13:39:09 GMT
x-content-type-options: nosniff
age: 351864
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9643
x-xss-protection: 0
last-modified: Wed, 16 Mar 2022 09:21:41 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 31 Mar 2023 13:39:09 GMT

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 4DE6 0
26 B 75ms
57ms Ping
image/gif 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjss1hm1mgSf_1Pwjk00xqJ_ej5U2UJ3_1gsdc3g_GrrTDNB-UksRlwz0cFCvdnZkWVFnsEA88IegYkUknXKzIAgGlVj6sdjIZy2nje219sCOjXQZOToMKH5Gz5NcgrS3smsAK1wSnC-wmC8X2famILSL-f5R73WHawk9qpS-dRIB41YsmQzQorEx6eWOwmSCBgusw_VL2GGi_RE55dARTcKmkivDt1dTH6XACjDrfxjqSh3hDOUoA1a5_JsMKz0bZt7ie1exKyP-Vf3EIzgWNmPcGXaDXdO_TH-SSCqnl5vsFN2064kx8KOde-h3P5Q8fXRmNBYmI4RX3__l2MW9tT5mkkAOJDg3KdlZtzZ1P52F3jA3NtVsRlW_JKtTy-M5CDQ7mjZENU9eytCgdsMXF4XDkYoF68LIItG3QAfkQQZoCjAd-IbCN2dn0aimqozQNOotdsCINcKvCPiSj622UNEmRwwXbZxWWa2kNL8MXLw5Lt8SERLox9Xy4W_lPbI3AY9FNjXcgQVfoGMHSzmvuB-O0VMe0WV8Y-eSgNLoLeN-0i86CBRB8_wxnJ4i3JvPY-8smnEkxzKtLpAtrpq95IhQMmmK0K-WvDlpQL5ATn3tJkemHg3Ybt56l5jXx1uex9HGL5N5NS2_x39yZVI4H-LHdjrGkNF5pzMSMCMJonPm-j6L-3AYhAuUg16Cm79cfI1M-mvpj2XWx86C0CfG-vSJQr9mKdUy7_GtJSbnTMyaBkOE8uAFttcJNPXIXDh_qGzQcldFp2oBIPrJyDBvSlTxVq8v-tLYIok9W7KUHO6RMVNJUMWSYumigeNyA3SJlbl1dJGvB0Wipo7Uaql9xhdj4KEcx859sqdNu8o39w4GH2E8EL-tKxsMWw1qMkmcSjWexAR361fvrOS2IIXwpeh0FTdMHcx0y4TsK5awMZnbMLtkz2wxINEKAiCebouVXwlGfcekUI78NiGxkNlvdUiwJiPe99Vr1-MNd3D2YebfJ1_SSNSvzzPOs-h41HARnQnU4wtRn5HTKR-4TcGqWAW2y33TgO10aybMFgI1Lo1BueZHbxJ4jX94UUgZGK61vCvq_9yWy270CDi5zDU76GJqWkHOQr71zs2KkfVd2Go5G9YMODZGw4fKLigy_rX2rR0kkkVMEQd42aBpPH9qg3hXd8pCbiPbmfUam14AHPWl_izQiHPRg8K_Pub8Y4KhzmJUMcPhWAGdGzXFXap_edAlx8dL_0ehkvqTS8e9QTawD35bwPLRMRqAYe42aOfNrf8lGkaZE24wx_FkkoAR3cSH&sai=AMfl-YT9I6AKdX61vp8_Qr6piKVYEcxBWdhACKpTNlQAlJDhH3uYJk_LG-WxcZL4TdRKqUR904AlXWd_IxjCrjooktBUIUF36KJAuY_3-_0yckZ8tdy8qjTGyg8vDOJjBKCeXhPB-T0brDhsbZuaTijfl6KKSHugRCMjf3zrL1bXXz6A3r3vaOp9qGvY4A7bc1fEEey9izPo4fOPSJ9vbqrekA&sig=Cg0ArKJSzHzuSAzBDeSMEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=464&vt=11&dtpt=240&dett=3&cstd=195&cisv=r20220330.26388&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&adurl=

Requested by

Host: threatpost.com
URL: https://threatpost.com/google-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch/179103/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 04 Apr 2022 15:23:33 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame C305 119 KB
36 KB 28ms
26ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_275.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d593fdf64289375adaa96b87ebf4c4beec2995d730e3601254e0a226808bfe57

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ad.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:23:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36916
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1648640521462251"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 04 Apr 2022 15:23:33 GMT

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/760597265565128165/mandiant_names_300x250/ Frame 8EE6 6 KB
2 KB 20ms
18ms Document
text/html 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/760597265565128165/mandiant_names_300x250/index.html

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_275.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb3c904f3fe6bdcb1bc5f5955cf0681c7b54d31acdb6015c6a39928805cdbadf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ad.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 83
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 2379
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Mon, 04 Apr 2022 15:22:10 GMT
expires: Tue, 04 Apr 2023 15:22:10 GMT
last-modified: Fri, 01 Apr 2022 14:36:50 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame C305 0
26 B 65ms
56ms Ping
image/gif 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstHXK4eIxEiddNXQTSrjWHXXqcjQ-ivHJLXVXScuSviioaU-1m5SYAZT9eNwtCztAN6tL56_2z512AqLRnZHZl97c_rQTmbGxqkQzDRtPmRAsYvk8tYnFWnrlHIsQmlhTuVcunKkTcrbXhQcvBg&sig=Cg0ArKJSzJpvTlrST6n3EAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=92&cbvp=1&cstd=91&cisv=r20220330.01974&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&adurl=

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ad.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 04 Apr 2022 15:23:33 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H2 200 createjs.min.js Show response
code.createjs.com/1.0.0/ Frame DA2A 236 KB
63 KB 93ms
34ms Script
text/javascript 2a02:26f0:ef::5c7b:c2a1
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://code.createjs.com/1.0.0/createjs.min.js
Requested by: Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17907679525311717772/mandiant_constant_728x90/index.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:26f0:ef::5c7b:c2a1 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Apache /
Resource Hash: e439bebf8de2df0582273906d2c1dceff2387c661efb2152ef1c28420ce4e7e5

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:23:33 GMT
content-encoding: gzip
server: Apache
cache-control: max-age=900
vary: Accept-Encoding
content-type: text/javascript
x-n: S
accept-ranges: bytes
expires: Mon, 04 Apr 2022 15:38:33 GMT

GET
H3 200 mandiant_constant_728x90.js Show response
s0.2mdn.net/sadbundle/17907679525311717772/mandiant_constant_728x90/ Frame DA2A 79 KB
9 KB 19ms
19ms Script
application/x-javascript 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/17907679525311717772/mandiant_constant_728x90/mandiant_constant_728x90.js?1635054838465

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17907679525311717772/mandiant_constant_728x90/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

aa71287395c21792215380546956b9250d13e83e6337207b57637e557ce1e6ad

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17907679525311717772/mandiant_constant_728x90/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:22:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 83
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9588
x-xss-protection: 0
last-modified: Fri, 01 Apr 2022 14:36:42 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 04 Apr 2023 15:22:10 GMT

GET
H2 200 createjs.min.js Show response
code.createjs.com/1.0.0/ Frame 8EE6 236 KB
63 KB 77ms
28ms Script
text/javascript 2a02:26f0:ef::5c7b:c2a1
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://code.createjs.com/1.0.0/createjs.min.js
Requested by: Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/760597265565128165/mandiant_names_300x250/index.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:26f0:ef::5c7b:c2a1 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Apache /
Resource Hash: e439bebf8de2df0582273906d2c1dceff2387c661efb2152ef1c28420ce4e7e5

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:23:33 GMT
content-encoding: gzip
server: Apache
cache-control: max-age=900
vary: Accept-Encoding
content-type: text/javascript
x-n: S
accept-ranges: bytes
expires: Mon, 04 Apr 2022 15:38:33 GMT

GET
H3 200 mandiant_name_300x250.js Show response
s0.2mdn.net/sadbundle/760597265565128165/mandiant_names_300x250/ Frame 8EE6 41 KB
5 KB 19ms
19ms Script
application/x-javascript 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/760597265565128165/mandiant_names_300x250/mandiant_name_300x250.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/760597265565128165/mandiant_names_300x250/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

99d75855bd913a43cbe2485a1a57a6ff3b30f27e93c24aa03a50d6e3bc90253d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/760597265565128165/mandiant_names_300x250/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:22:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 82
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5372
x-xss-protection: 0
last-modified: Fri, 01 Apr 2022 14:36:50 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 04 Apr 2023 15:22:11 GMT

GET
H3 200 V_I9kkE0weacsZYJ7hXHsf1U2l7Bs5zHQi7wjQJaUfA.js Show response
pagead2.googlesyndication.com/bg/ Frame 12B6 35 KB
13 KB 17ms
17ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/V_I9kkE0weacsZYJ7hXHsf1U2l7Bs5zHQi7wjQJaUfA.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

57f23d924134c1e69cb19609ee15c7b1fd54da5ec1b39cc7422ef08d025a51f0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 07:39:24 GMT
content-encoding: br
x-content-type-options: nosniff
age: 27849
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13731
x-xss-protection: 0
last-modified: Mon, 28 Mar 2022 10:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 04 Apr 2023 07:39:24 GMT

GET
H3 200 3b8ZtKHcFUSYKihZpywKVICyDtFsaoLwoCuDyEZifyk.js Show response
pagead2.googlesyndication.com/bg/ Frame D3AF 35 KB
13 KB 18ms
17ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/3b8ZtKHcFUSYKihZpywKVICyDtFsaoLwoCuDyEZifyk.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ddbf19b4a1dc1544982a2859a72c0a5480b20ed16c6a82f0a02b83c846627f29

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Sat, 02 Apr 2022 12:43:31 GMT
content-encoding: br
x-content-type-options: nosniff
age: 182402
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13770
x-xss-protection: 0
last-modified: Mon, 28 Mar 2022 10:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 02 Apr 2023 12:43:31 GMT

GET
H3 200 3b8ZtKHcFUSYKihZpywKVICyDtFsaoLwoCuDyEZifyk.js Show response
pagead2.googlesyndication.com/bg/ Frame 878D 35 KB
13 KB 19ms
19ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/3b8ZtKHcFUSYKihZpywKVICyDtFsaoLwoCuDyEZifyk.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ddbf19b4a1dc1544982a2859a72c0a5480b20ed16c6a82f0a02b83c846627f29

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Sat, 02 Apr 2022 12:43:31 GMT
content-encoding: br
x-content-type-options: nosniff
age: 182402
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13770
x-xss-protection: 0
last-modified: Mon, 28 Mar 2022 10:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 02 Apr 2023 12:43:31 GMT

GET
H3 200 man_constant_728_copy1.png
s0.2mdn.net/sadbundle/17907679525311717772/mandiant_constant_728x90/ Frame DA2A 3 KB
3 KB 19ms
18ms Image
image/png 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/17907679525311717772/mandiant_constant_728x90/man_constant_728_copy1.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b6e3cf334d6180897d5c94ca6da8f819944b286a00a06904cc1527053a3f5eca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17907679525311717772/mandiant_constant_728x90/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:22:10 GMT
x-content-type-options: nosniff
age: 83
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2905
x-xss-protection: 0
last-modified: Fri, 01 Apr 2022 14:36:42 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 04 Apr 2023 15:22:10 GMT

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame AB9C 0
26 B 53ms
53ms Ping
image/gif 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjst6iY-zG55s_UGagB7RcPYi9Ijh0WJyk9NEys7BCc2fNy-JN7qRxcBLIV5ioW7CxllfIl9JPnziadOIgHPdTF5ATK4-V9L4YET4PXv__s7UL2vlKIkRlR5jI45LQTuq9IYyt3MmpVJ7xpsFcuV1&sig=Cg0ArKJSzBOc81A-_jNzEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=447&vt=11&dtpt=365&dett=3&cstd=80&cisv=r20220330.88618&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&adurl=

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ad.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 04 Apr 2022 15:23:33 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 man_names_300_bg.jpg
s0.2mdn.net/sadbundle/760597265565128165/mandiant_names_300x250/ Frame 8EE6 5 KB
5 KB 19ms
18ms Image
image/jpeg 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/760597265565128165/mandiant_names_300x250/man_names_300_bg.jpg

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2d81a5cbabc401e26f9796b2d542a96518680646804cf45b744ff15f7d04a741

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/760597265565128165/mandiant_names_300x250/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:22:11 GMT
x-content-type-options: nosniff
age: 82
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5499
x-xss-protection: 0
last-modified: Fri, 01 Apr 2022 14:36:50 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 04 Apr 2023 15:22:11 GMT

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame C305 0
26 B 53ms
53ms Ping
image/gif 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstHXK4eIxEiddNXQTSrjWHXXqcjQ-ivHJLXVXScuSviioaU-1m5SYAZT9eNwtCztAN6tL56_2z512AqLRnZHZl97c_rQTmbGxqkQzDRtPmRAsYvk8tYnFWnrlHIsQmlhTuVcunKkTcrbXhQcvBg&sig=Cg0ArKJSzJpvTlrST6n3EAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=460&vt=11&dtpt=368&dett=3&cstd=91&cisv=r20220330.01974&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&adurl=

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ad.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 04 Apr 2022 15:23:33 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame 500D 0
747 B 87ms
86ms Script
text/html 185.33.223.38
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.223.38 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

400.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 04 Apr 2022 15:23:33 GMT
X-Proxy-Origin: 217.114.215.132; 217.114.215.132; 400.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid: a11b4a10-49d4-4c42-a110-7bd3ab5579b3
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame E389 0
747 B 49ms
48ms Script
text/html 185.33.223.38
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.223.38 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

400.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 04 Apr 2022 15:23:33 GMT
X-Proxy-Origin: 217.114.215.132; 217.114.215.132; 400.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid: 7cc5d4fa-a112-4586-ada1-c974aa3fef84
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 man_constant_728_copy2.png
s0.2mdn.net/sadbundle/17907679525311717772/mandiant_constant_728x90/ Frame DA2A 3 KB
3 KB 25ms
24ms Image
image/png 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/17907679525311717772/mandiant_constant_728x90/man_constant_728_copy2.png

Requested by

Host: 451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com
URL: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4ed257b6a66a4f688863fc524916553700aac538de647baddffcc27b10403dcb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17907679525311717772/mandiant_constant_728x90/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:22:10 GMT
x-content-type-options: nosniff
age: 83
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3509
x-xss-protection: 0
last-modified: Fri, 01 Apr 2022 14:36:42 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 04 Apr 2023 15:22:10 GMT

GET
H3 200 man_names_300_copy1.png
s0.2mdn.net/sadbundle/760597265565128165/mandiant_names_300x250/ Frame 8EE6 1 KB
1 KB 24ms
22ms Image
image/png 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/760597265565128165/mandiant_names_300x250/man_names_300_copy1.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9c4ec1cb9472a75fd57990b7823fc13fd069e3b926ae5c9aed78cac65f943166

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/760597265565128165/mandiant_names_300x250/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:22:11 GMT
x-content-type-options: nosniff
age: 82
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1497
x-xss-protection: 0
last-modified: Fri, 01 Apr 2022 14:36:50 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 04 Apr 2023 15:22:11 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 89B8 0
23 B 53ms
53ms Image
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BgQ5Ccw1LYuuvMcSHrAS-3aeIBwAAAAA4AeAEAg&bg=!4OOl46fNAAZku-1yRLs7ACkAdvg8WqBk-lLwW2DFt0sSTkhzgTuM8mf6aPdlVZNnxLnB8TDNcEZpsgIAAAFhUgAAAAJoAQeZAx3lLBzZQgxuFSCIzfZhdjQGPcjb7y0QxF92IJ_Kx1pmCOWXd2T6RLo75n_NIlYtPyduc0X0M8ZI0LmAFcDvTQQRy4hETsZiGmWzr_mvK9GKkKgb8OEC3JNAA5F11-iI9vMAfMhkfyLZa-FlIiQR9lhdJx02GYgDsC_keQtJF1EGhdaDEe_DHSozgehZr__Yg9VYJ2cb4zo_0d9RWxtvVnMPZYQfrSqLcjLhugzl1ePnY05X6k_pG6i5RWO_gWcUkRNmx1zSKc9uAvEASLJacsTX_1rHXl6PGKzDfwGZkRKp4o4W90DM-1UxTk9E39BiNHs8wVgWv60pLwakvmeh_VxOgzlKj9FvU2dsWnEZNspnTTaTvKt4EZRZtdREn2yLWndxalXC9LRYN6SkB_7BWainU1RawwNPWyK8hlhRMFQJaalSURpF02_vhiqTbqOAOIaArwXfKkB8eSTcbeNUrjWd1hKpcAYRVW5_uPT36q4y_Y5-m5_zpS-Z2lqOy7bkFYRN1RtaEeBeSHLdDdsPyD1eYkJQS5t8c2q5inedNDDbaEFgKyy-sYnpjSEoH8wGB0Sd6oghTWzZErZuz7KjpoSyMM-RB4aaTCu-FlIoFBZFgsVkHpWCpniyu8AUvVGo-x1l9T08ZJkw2YOkyztR3jYbQzTOE3X9PDqdwRIb_QG7bb1ovOHFVCkr0MRTIRKQaXUcMjvLz1AwaL3tU6RVcgJzlRLPAj2cccnrg4Bi0-crdfEh1JhBGNDMZ4pBU-kxKhoAwO7uSer8hmMtbWR_2V4beN1ZPriwrvFO8LFxxmivDfo3bnYvLBhz6v55OOtCcmP3KvMq0pFJQrv8tehSODefoZsG6JA63xshnYIFa3gJo4udXo-oV4p-OWgXPibEFBWTt1qft8G4AvG1oEg4i-YC6MHssf66ZNDGcShku3aEWga4eO3t-Ck7Hg_SGl5MbeBwA2kyUwBpVVkYKe-nVQ7pN6_r8O-AKj8qlnDynvjZnYOe6SXcVA111DrY2_ZxMa8xAJEAdJPxs5B4A4gWfL48UpOHum3RhBlBvXzIcg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 15:23:33 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame D6CB 0
23 B 59ms
54ms Image
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BVpKqdA1LYpzPGPXYx_AP35Kq2AIAAAAAOAHgBAI&bg=!EBOlE1fNAAZku-1yRLs7ACkAdvg8WhD-tAZk-iL6R6e9zVrG3M3ZPQiHUd9rndnu8XwUCKT_he7ilwIAAAF9UgAAAAFoAQeZAybXdp0y1lLif5mVI5EQk1AEi0DvjDuiL0jIapVA-Dz9Z-h53jmvMeooMU4h_YT36hPeSZ3MLxVbALdXnq1HDsHZvGMlMeaWA4oeUyUrHv5Yp1rbOPnvxpSRooZS7XgD0Q5icfXJPrvCfUm2ok3ldxxPU_zwBrRIRMTSFiVICGheu7TGqivSGImg48QMfj2XvGzqIJrgYEWRjcQsa1crVwxo5VlKCNjiNmfWwgZwqZx59VeaJ4ZTCEiwewC-ytCb5HzYTcZyus6ms77rR3fkkQ14jynUPgQGOQddEVMCy-2VAhxHOAXslj_IX61OMdFxq5FFh2G2OVArP1W8jONYUnpYzHb16KSfJYXTsj6E43xgF3Wcv8pIv1uvDoOwuzHxMFG72aDtLqLnUatTYPvJGfaGNcsAALmKF8H7iwZRzBUZuuE3XSxZuWHqF0ShqbiXoJCc2JTU2bQlX0SxV8et2UMFuGK4RJoRY9um3XAHY8GxP53b-offHS9iZaOzKao8THF7CJoyDKBJgE2ux2YUc3AUtIjDgb-shitjyJli-X3kdInyTTo_3o-W4NCO15aUw150p-nhPPNBGsgpZV0_htiCZctMyT7E_TwpzJzzkcedWw9jxkeeAw_KUNF7_FNupnyhi-a3lYKZO7yQ_FKjoJ9UnpYM9AVWr-1UlplqRLJ8PJYEKrHFlfkywNJI4dR5DgA5li7qkjjDgr8sj5xEfTsFj-1D4KXQ1DITSEFFRjE8zAYLby0rmtIwQ-GfwEaBTTMKghkTnj4dBTKZhnXN5yjV9uneJkxkDsLc-ZL7k48d7dXLrFHU9Y32dTPv5K0dDMpynwISks737ExKqSQD3uBofO9AbEbruilDBmb6jdzzqEI2GQOJGwnsq4ncln8LnuWIznnCkiIYTbnBDekVB_qr99bTCVlRAlTjA2DHWvv5R7gjw6vSYEgYrlIsz8cLtvWfh3_6UH747rdJBc3mJD7pXjFTH3ihl6R_gyNU557Gqxk8KtQySWqzvZJ_V9ozStZ-lFynxpJJqf6C1Ub77fiCHHRxqsFN_O-8j9cZmlR8M917UJodbA

Requested by

Host: 451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com
URL: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 15:23:33 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 man_constant_728_copy3.png
s0.2mdn.net/sadbundle/17907679525311717772/mandiant_constant_728x90/ Frame DA2A 3 KB
3 KB 18ms
18ms Image
image/png 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/17907679525311717772/mandiant_constant_728x90/man_constant_728_copy3.png

Requested by

Host: 451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com
URL: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6ab252c8b2e19890361a35f5e81a8ed4c19ae6add6878d844ee08952d22ff450

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17907679525311717772/mandiant_constant_728x90/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:22:10 GMT
x-content-type-options: nosniff
age: 83
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3158
x-xss-protection: 0
last-modified: Fri, 01 Apr 2022 14:36:42 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 04 Apr 2023 15:22:10 GMT

GET
H3 200 man_names_300_copy2.png
s0.2mdn.net/sadbundle/760597265565128165/mandiant_names_300x250/ Frame 8EE6 1 KB
1 KB 19ms
18ms Image
image/png 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/760597265565128165/mandiant_names_300x250/man_names_300_copy2.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f57b665fd1cf39f583765bbe2ab26050ea2fe934808ca9477804de22bff02222

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/760597265565128165/mandiant_names_300x250/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:22:11 GMT
x-content-type-options: nosniff
age: 82
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1140
x-xss-protection: 0
last-modified: Fri, 01 Apr 2022 14:36:50 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 04 Apr 2023 15:22:11 GMT

GET
H3 200 man_constant_728_bg.jpg
s0.2mdn.net/sadbundle/17907679525311717772/mandiant_constant_728x90/ Frame DA2A 5 KB
5 KB 18ms
18ms Image
image/jpeg 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/17907679525311717772/mandiant_constant_728x90/man_constant_728_bg.jpg

Requested by

Host: 451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com
URL: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b7927c45da6f16a94e5463c3c5e980e3182c80e834541b5a4a70374948d06663

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17907679525311717772/mandiant_constant_728x90/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:22:10 GMT
x-content-type-options: nosniff
age: 83
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5497
x-xss-protection: 0
last-modified: Fri, 01 Apr 2022 14:36:42 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 04 Apr 2023 15:22:10 GMT

GET
H3 200 man_names_300_copy3.png
s0.2mdn.net/sadbundle/760597265565128165/mandiant_names_300x250/ Frame 8EE6 1 KB
1 KB 19ms
18ms Image
image/png 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/760597265565128165/mandiant_names_300x250/man_names_300_copy3.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dd85d36e65e3602aea07ead6d94b8fbe2ed5bbe3473f0fb1512f54ab359e8b03

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/760597265565128165/mandiant_names_300x250/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:22:11 GMT
x-content-type-options: nosniff
age: 82
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1347
x-xss-protection: 0
last-modified: Fri, 01 Apr 2022 14:36:50 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 04 Apr 2023 15:22:11 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 12B6 0
23 B 53ms
53ms Image
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BvTThdA1LYsuiEZeD3wOWirbgCQAAAAA4AeAEAg&bg=!UlGlURXNAAZku-1yRLs7ACkAdvg8WlnduiQUHFkzjD4iAtd_ve6RpBoFKHuYa40B62gm7o8RUH0_bAIAAAFNUgAAAAJoAQcKAC5scDlQujXvgTATfTN_XBythw2NNd7zXCGSyW5PIyWFUF8u4--szqI8Fm7JRZS5mQMVPmsEX4bjaKkDfIOMKzzMCBzs-W3mElxf-6zSCa3ONSB0--ub5IeoYBdKJoaVUpEFgYrExtCcNCU45ZDi6xjWuG84zGfeNGYiVXs8A-ZYNGcoQqaD7afZ7yskT5JzenYgZZ65wQ0AJukfXQ9SvN15L8qTQiP9grR8YilESg_46zIPI8Gz_ZNfrD3v9zZjnZMvdzll-9NdpksmtCCOJo0e_tZIZ0TW_XN8uD47nAqJrZT5yn2vVVcO8jC2NVNNr0p1DJLHyRPEzqwr5NiqhjIE2MwawhZivo3ECSKwoKc3sR12kwUdVOnw1YnTTWbCElHu8rR9AZfyw6jN882108VRqWs2Te5PI9nOHwtzawzhzv7_DUEJSnINYE4M2f9kiHo1vDLXov6pTRkL5IuAp9r4RYeeupAo_U_GJJdE4q7n6wMatMjnlNvSS_05-pyTWDSeJ-Nfeg0q5KitLUPA85WfollGnGALxf7Dr1blXNJ1XZO4wmn0Pax4v0JQ4BUQ3jdXQRPzNLvtyOilWNGo5mnTmaiFGxtv9TpPZ41OETP6keZw_wC8m_GlmX6jMEIDfpvi0WgEcoWWWNu85QUyR_rpYc4xXWJnvovryb8a-JPGA08WfyLCnbwqGyIDgmSc8qvj09mCKjCtMpxMdmQU9FIHc8xd_lZGh50-JaFHIPXCso3IJxzdUEXKrJpamny-u7aFJMM2W9z2SSBGLCVpO9VgZ-iuas74LLmUvdQCbYzXS2hsoK_gsrTe4V7r4kMf-M4HwsjzCey8lEiirLRjBVhuAgcYqAxtnJUG7hDLV9FxfuKWHOegd6qXqpRV0In49LzH1Zigx6QEapPWyNqE6Vm1CPyCGvgr9H-oQotae7DGP3yv2hpi98Lg3z5mffGloliyCiCggxa_IpVS7-QZQoKC1c6rHcKvqVnctXQRSZLT5I1qwjKINnD2fbNFduSpbHX4-QUqSMVwbxBkkECVQNCtgNJj3lDQhIroxc3JBgWN4zqxpA8c7W4fsgtMmjaPFEWx_ZA5qpsLOhhmlBj7jhrCLHwsYtzj

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 15:23:33 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame D3AF 0
23 B 53ms
53ms Image
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BbudddA1LYpbuMdaygQemyZLQDgAAAAA4AeAEAg&bg=!AgGlAUXNAAZku-1yRLs7ACkAdvg8WqMiECOr6GgWkGgeJcow48NTEpppk8nYqyKnOe6wVWdDNMGcAAIAAAEGUgAAAAFoAQeZAz6Jr9l1lN3n1pqlS1MSGxNNtKHlwWUfHxLWRzUt2VUoAySufwaRO6K1qyT1Napy341CzwTZLAXFw3PUl_QMLtQEb2FZqmaSDrO4lqfec8BQ3-8-1kfS2T-UT5HdDFzHwQ_Z-NmMM76p8tCtwb0OVVqS3MhHz3-yQepkXzQG5OJa6E7ifVSe97cmzpg1P_eDrViFB8aXiqgYDjoVf12eFk5duD8dLHqQzbaa59QOpsGq6d3q6AWzdNp4puZjfGkZiho4K71ASiHRSVdeAQVnaTm263MU4Nr90MaOgFWHnYgFHEFbEBTpH1QUxYO1i6LxEik9Ti3wqMwIkGp6P7A7oB0EBe9cLJecG6etfsKYj7LJK6iqjaWV3Lld5xY78o9z1aOgtBkeeC0xnF-fNYYjhk5kyMlkxSOkCGORTtC5_X02pfTkdBzRC7y9nZ5Uuk7HhqeMwAZ-k0yw7B1RtPsNzNClTxISsYoq8_ru5eWAxdsxkrQtoL2OnG9ULYnaM-UJ3cHamNCl3ejiUEI14ws196T0KzzkivGTz6QfGQEsTs2JfO4DOWdo785y82BJRGwc4omI7aHIfsgGxYOXkUkAcIDTezJ3pVaxy0jAzL3tFuqG5eNf1H-sVXzJ2EZlQI2kIHFv8IcASJrRRtG5i1t6v22VRSPcUjcnIVx9Y56gD8sXystAKcbUcMSim-Ock2_Qh60jblI1SWsvYT0u5D-0FS6UnJscDHpj-SEijju8rUZZkReiMDcMH2jMXGcP9AHdQH4sWymDJr9evcrhyCfFX8eLMKPCOHyOcyKeZy1Yy-QK-X8IKLLCHWWYyfp1p61cgn34u-7tNcCTZJBLQG7Pwa0Mbv8_mKijSOZ0bJt477n99iobImD_n4IVWkyXhrF_4xvXlMNc5R5ekqKbL654uI-7ERDzByarU-0tuJDB8BDa2ptQvr5VXrN0n-rah_ghFDpfRsNBvBdw9JmKWQfssxlxDev37J3wD6QxP62QfOZXBb4MHX5TUOkl-TndUQjGWYD2a4I8gcgx7meFh7icGQxyR_Lne_ZM1zPjzOSEmmDnjgDXRa2qRKY0GPsh_l0M34yPtnrSLw2AKiopTdIrTQ

Requested by

Host: 451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com
URL: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 15:23:33 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 man_names_728_cta_bg.png
s0.2mdn.net/sadbundle/17907679525311717772/mandiant_constant_728x90/ Frame DA2A 515 B
542 B 18ms
18ms Image
image/png 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/17907679525311717772/mandiant_constant_728x90/man_names_728_cta_bg.png

Requested by

Host: 451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com
URL: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5acdc1f4922888ced2af3577fd5bde7ea69a95e465eae69a3f62c65cd1abedef

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17907679525311717772/mandiant_constant_728x90/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:22:10 GMT
x-content-type-options: nosniff
age: 83
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 515
x-xss-protection: 0
last-modified: Fri, 01 Apr 2022 14:36:42 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 04 Apr 2023 15:22:10 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 878D 0
23 B 55ms
55ms Image
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BWZDNdA1LYt7CM8KE3gPuqpPoDwAAAAA4AeAEAg&bg=!rK-lr-vNAAZku-1yRLs7ACkAdvg8WvIP0NR9pqM-WHr-hUAovNY-4LW2Yok_3NjE51ZPgp53E9nUvQIAAAD5UgAAAAFoAQeZA1H148XIGGUz_LdYZcVHhUGaxuOIS6GX4ChoZg8-GFHSDYcelBIvf6VFurUc1PbmF_ROk3kPNins_NfWrgGyq9DOX1DqjKxSoqarPOLhqwpiIc3_IjhK1EEmJ8tDMrD_g0ijpfzgeWRijHcKewrefgMDKIWcyLuXMG6IuExi9UySaWzfaJUk9PFP-daFm8iQGe5q9LoWjvvbWoRaHvNVzpZmIobwgvXUjp_Twca5fujSJx8IrKWitJoKWmuUw2A3GV13kgeDOr_VgvHhNjzVrRHHyklzUQiuLAeEZw4TyJHWIuXpV2LHHcg9tv2NAM_N5YoLVwthe9do7m9Hr4_S0SiTJKmSMbSEm8w_8qC85fH-uu7QZuXUVhFlaDrjWvFGiRPKs4qnL5Z5aC6-2gq2PogsaayYrOm6_nF7I_Babt96oariV0m6UjVpoBjQd8nIwOdrlc5mGNHJgFlSvEGTF-KDU-Wa-7WfYAc7pIuLk4l04owLJfy-tg599FYxcbc0itT1DRu31uD-o_S_00adfFTdoLl5mcwUgbPtlJZ8hfrDSWZkN0BuGhOZgOxvfZb6wyshyOn0fp-aMHsPVEsl85MUvKLYW6utZmSqb-_yWaNiw1rbXlkmqpHUJuuQciT4D5pFYhOUU124CUM4449PYF1clbLtr6N8ieqLsA0zQsvt4bgN2uxswencB-ofpYIxyxYvPYQtzLCjpNKA_oejTWsLfE1-7gZ-gWz71N5iYqA13A9rjLx49pZcdAk9QVDRHZbAsU-7QfsQA-JL_4GeUGPC_S42niFWCzOm9CSK7pl9PhijHBp0erx2yoEKJKcE7x_BOQoPAKK7xHLr2a5r1J4twi2LuUdhkuXU_VdWBvOpL72s-6AoP_IpdOmC5qcDJJR7pse_J897mMmHr-TGli62-YGsx_B4m6hnZJWnx6Z3DIVb4cxqehmeXpPLbKCPPp_-92no6F9g99G1Smb_3gy888-kSpyk92ppGAWfGm0wqQe2DqAo9zJS5PplLpuEKzmfxr8rIQ6Wt-jYkPZFImEAFpQL2tOXMEiewltpEamB6tnAsJ6-be-Yu9xw8txhLe7IwkX8pN3O-jxpaEV5byROTx4KkZMTtPF8LdyPc18hek4

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 15:23:33 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 man_names_300_copy4.png
s0.2mdn.net/sadbundle/760597265565128165/mandiant_names_300x250/ Frame 8EE6 902 B
929 B 19ms
18ms Image
image/png 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/760597265565128165/mandiant_names_300x250/man_names_300_copy4.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ca38cd9407ae288717edd25a803756b478d9b40481ad7148155f0931abe49840

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/760597265565128165/mandiant_names_300x250/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:22:11 GMT
x-content-type-options: nosniff
age: 82
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 902
x-xss-protection: 0
last-modified: Fri, 01 Apr 2022 14:36:50 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 04 Apr 2023 15:22:11 GMT

GET
H3 200 man_names_728_cta_text.png
s0.2mdn.net/sadbundle/17907679525311717772/mandiant_constant_728x90/ Frame DA2A 1 KB
1 KB 19ms
18ms Image
image/png 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/17907679525311717772/mandiant_constant_728x90/man_names_728_cta_text.png

Requested by

Host: 451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com
URL: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

09c83d88c4cf129848d0022e19abf1920c99a0512d3e5b818c60a66cb68fb764

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17907679525311717772/mandiant_constant_728x90/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:22:10 GMT
x-content-type-options: nosniff
age: 83
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1432
x-xss-protection: 0
last-modified: Fri, 01 Apr 2022 14:36:42 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 04 Apr 2023 15:22:10 GMT

GET
H3 200 man_names_300_copy5.png
s0.2mdn.net/sadbundle/760597265565128165/mandiant_names_300x250/ Frame 8EE6 1 KB
1 KB 18ms
18ms Image
image/png 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/760597265565128165/mandiant_names_300x250/man_names_300_copy5.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a8b859c337ba140cd427e7018d90d06c09eeea5b94659ce387d7df29edcf836f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/760597265565128165/mandiant_names_300x250/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:22:11 GMT
x-content-type-options: nosniff
age: 82
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1388
x-xss-protection: 0
last-modified: Fri, 01 Apr 2022 14:36:50 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 04 Apr 2023 15:22:11 GMT

GET
H3 200 man_names_728_logo.png
s0.2mdn.net/sadbundle/17907679525311717772/mandiant_constant_728x90/ Frame DA2A 3 KB
3 KB 19ms
19ms Image
image/png 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/17907679525311717772/mandiant_constant_728x90/man_names_728_logo.png

Requested by

Host: 451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com
URL: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f0e1ec797405914aa02b0dc7f1530b5fe6c9a8e7a6b76d34dee37a051db04e59

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17907679525311717772/mandiant_constant_728x90/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:22:10 GMT
x-content-type-options: nosniff
age: 83
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3392
x-xss-protection: 0
last-modified: Fri, 01 Apr 2022 14:36:42 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 04 Apr 2023 15:22:10 GMT

GET
H3 200 man_names_300_copy6.png
s0.2mdn.net/sadbundle/760597265565128165/mandiant_names_300x250/ Frame 8EE6 2 KB
2 KB 18ms
18ms Image
image/png 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/760597265565128165/mandiant_names_300x250/man_names_300_copy6.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

afde443c0e71ebed5be4869cf9f6bee4cbb8a864130f6738c7f2228a675f088d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/760597265565128165/mandiant_names_300x250/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:22:11 GMT
x-content-type-options: nosniff
age: 82
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1554
x-xss-protection: 0
last-modified: Fri, 01 Apr 2022 14:36:50 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 04 Apr 2023 15:22:11 GMT

GET
H3 200 man_names_300_copy7.png
s0.2mdn.net/sadbundle/760597265565128165/mandiant_names_300x250/ Frame 8EE6 7 KB
7 KB 18ms
18ms Image
image/png 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/760597265565128165/mandiant_names_300x250/man_names_300_copy7.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7d01c79518ec7aa4d8f9edc39a5535df85d418029deda2bc4e555b295d939049

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/760597265565128165/mandiant_names_300x250/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:22:11 GMT
x-content-type-options: nosniff
age: 82
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7142
x-xss-protection: 0
last-modified: Fri, 01 Apr 2022 14:36:50 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 04 Apr 2023 15:22:11 GMT

GET
H2

200

sync Show response
eb2.3lift.com/ Frame D9DE
Redirect Chain

https://eb2.3lift.com/sync?
https://eb2.3lift.com/sync?&ld=1

1 KB
1 KB

17ms
17ms

Document
text/html

13.248.245.213
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://eb2.3lift.com/sync?&ld=1
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.248.245.213 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a0f671730127a0812.awsglobalaccelerator.com
Software: /
Resource Hash: fc13d99478d069c058c37d39f160adebe866ccb682702f4ea8cad462cf54040c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

cache-control: no-cache, no-store, must-revalidate
content-encoding: gzip
content-length: 458
content-type: text/html; charset=utf-8
date: Mon, 04 Apr 2022 15:23:33 GMT
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

cache-control: no-cache, no-store, must-revalidate
content-length: 0
date: Mon, 04 Apr 2022 15:23:33 GMT
location: /sync?&ld=1
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame 037D 52 KB
17 KB 25ms
25ms Document
text/html 151.101.129.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.129.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Age: 35352
Cache-Control: max-age=86402
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 17053
Content-Type: text/html
Date: Mon, 04 Apr 2022 15:23:33 GMT
ETag: W/"623de86a-cf34"
Expires: Fri, 01 Apr 2022 05:34:16 GMT
Last-Modified: Fri, 25 Mar 2022 16:06:02 GMT
Server: nginx/1.18.0 (Ubuntu)
Vary: Accept-Encoding
Via: 1.1 varnish, 1.1 varnish
X-Cache: HIT, HIT
X-Cache-Hits: 1, 695678
X-Served-By: cache-lga21970-LGA, cache-hhn4074-HHN
X-Timer: S1649085814.793085,VS0,VE0

GET
H2 200 sync.html Show response
public.servenobid.com/ Frame C205 8 KB
4 KB 361ms
28ms Document
text/html 2620:1ec:bdf::44
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://public.servenobid.com/sync.html
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:bdf::44 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 0849eef021b381cb3f64d424bdd29839513dbb4e964aef0420136906426a18de

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

accept-ranges: bytes
cache-control: max-age=86400
content-encoding: br
content-type: text/html
date: Mon, 04 Apr 2022 15:23:33 GMT
etag: "866b66bb3ccc5c8de41913672c69b8f7"
last-modified: Tue, 15 Mar 2022 23:39:48 GMT
server: AmazonS3
x-amz-id-2: Whw4gUaF5qRRhOMRwKptf7o3l9ebgSMjvbEzTldEI0EueT2RFJ+3BSTsvbolN0hYAMyfIX5wp5A=
x-amz-meta-codebuild-buildarn: arn:aws:codebuild:us-east-1:559734745816:build/adserver-public-prod:a4519585-d31b-4588-8499-6641ec459b43
x-amz-meta-codebuild-content-md5: d97b029b026ab1b5da9f71fc8f6cf19a
x-amz-meta-codebuild-content-sha256: 1bd3623b950dcf081744ebf0150c6ff72edcc5cbd4a3ea8293d7f9c29b2e9c0b
x-amz-request-id: HXRZQT963RTZSQMT
x-azure-ref: 0dg1LYgAAAADpCY1rdUmERpfh8XsiU2sqQkVSMzBFREdFMDQxNQA4NGU3ZGZhMi0xNDQyLTQzMzQtYjM0Zi1lNDJkM2Y3ZGRhZDk=
x-azure-ref-originshield: 0B9ZKYgAAAACZa7PyionRSpaoccUupXqQQU1TMDRFREdFMTkwOQA4NGU3ZGZhMi0xNDQyLTQzMzQtYjM0Zi1lNDJkM2Y3ZGRhZDk=
x-cache: TCP_HIT

GET
H/1.1 200
OK usync.html Show response
eus.rubiconproject.com/ Frame 915A 281 B
554 B 208ms
16ms Document
text/html 104.89.20.125
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.89.20.125 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-89-20-125.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Accept-Ranges: bytes
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Mon, 04 Apr 2022 15:23:33 GMT
ETag: "40014-119-5d32342a551c0"
Last-Modified: Tue, 14 Dec 2021 23:07:59 GMT
Server: Apache/2.2.15 (CentOS)
Vary: Accept-Encoding

GET
H3 200 pd Show response
u.openx.net/w/1.0/ Frame E1D2 0
35 B 33ms
33ms Document
text/html 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://u.openx.net/w/1.0/pd
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/18.0.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: gzip
content-length: 20
content-type: text/html
date: Mon, 04 Apr 2022 15:23:33 GMT
server: OXGW/18.0.0
vary: Accept, Accept-Encoding
via: 1.1 google

GET
H/1.1 204
No Content beacon
ap.lijit.com/ Frame F5DD 0
0 165ms
165ms Document
text/plain 63.251.14.14
INTERNAP-BLOCK-4

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/beacon?informer=13394437
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 63.251.14.14 , United States, ASN14744 (INTERNAP-BLOCK-4, US),
Reverse DNS
Software: nginx / raptor
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
Date: Mon, 04 Apr 2022 15:23:33 GMT
Expires: Fri, 20 Mar 2009 00:00:00 GMT
P3P: CP="CUR ADM OUR NOR STA NID"
Pragma: no-cache
Server: nginx
X-Powered-By: raptor
X-Sovrn-Pod: ad_ap1sea1

GET
H/1.1

200
OK

2000891.html Show response
serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/ Frame 4EB3
Redirect Chain

https://sync.serverbid.com/ss/2000891.html
https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/2000891.html

5 KB
5 KB

86ms
19ms

Document
text/html

205.185.216.42
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL

https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/2000891.html

Requested by

Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

205.185.216.42 , United States, ASN20446 (STACKPATH-CDN, US),

Reverse DNS

map2.hwcdn.net

Software

Resource Hash

f3d66b78ca0c93adf48dec8533da3c4db538cc648dc60e383d5fd0b666859206

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Accept-Ranges: bytes
Cache-Control: max-age=74777
Connection: Keep-Alive
Content-Length: 4947
Content-Type: text/html
Date: Mon, 04 Apr 2022 15:23:34 GMT
Last-Modified: Wed, 20 Nov 2019 20:29:05 GMT
Vary: Access-Control-Request-Headers,Access-Control-Request-Method,Origin
X-HW: 1649085814.dop211.fr8.t,1649085814.cds264.fr8.shn,1649085814.dop211.fr8.t,1649085814.cds227.fr8.c
age: 0
etag: "1b0ebac83fe30af80513039edbdf566f"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: tx000000000000010ce75fa-00624ae00f-14d1c90f-nyc3a
x-rgw-object-type: Normal

Redirect headers

cache-control: no-cache
content-length: 0
location: https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/2000891.html

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame 0726 15 KB
6 KB 37ms
36ms Document
text/html 2.20.85.92
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156858
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.20.85.92 Milan, Italy, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-20-85-92.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

accept-ranges: bytes
cache-control: max-age=37973
content-encoding: gzip
content-length: 5549
content-type: text/html; charset=UTF-8
date: Mon, 04 Apr 2022 15:23:33 GMT
etag: "1300708-3de4-5d6ef246ef4cf"
expires: Tue, 05 Apr 2022 01:56:26 GMT
last-modified: Tue, 01 Feb 2022 06:38:00 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: Apache/2.2.15 (CentOS)
vary: Accept-Encoding

GET
H/1.1 200
OK ixmatch.html Show response
js-sec.indexww.com/um/ Frame 0AC2 3 KB
2 KB 17ms
17ms Document
text/html 23.35.228.247
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://js-sec.indexww.com/um/ixmatch.html
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.35.228.247 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-228-247.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 7c3b96f238042f73d0bedf5877fa02eb834e89649bbd122e2f10cc35238173cf

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Accept-Ranges: bytes
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 1388
Content-Type: text/html; charset=UTF-8
Date: Mon, 04 Apr 2022 15:23:33 GMT
ETag: "e20015-b6b-5d84d0db0c30a"
Last-Modified: Fri, 18 Feb 2022 16:05:37 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Server: Apache
Vary: Accept-Encoding

GET
H3 200 man_names_300_cta_bg.png
s0.2mdn.net/sadbundle/760597265565128165/mandiant_names_300x250/ Frame 8EE6 366 B
393 B 18ms
18ms Image
image/png 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/760597265565128165/mandiant_names_300x250/man_names_300_cta_bg.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a0d01991879875adad900b371a341342baf6deca280896fb406ad48360caa6e1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/760597265565128165/mandiant_names_300x250/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:22:11 GMT
x-content-type-options: nosniff
age: 82
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 366
x-xss-protection: 0
last-modified: Fri, 01 Apr 2022 14:36:50 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 04 Apr 2023 15:22:11 GMT

GET
H3 200 man_names_300_cta_text.png
s0.2mdn.net/sadbundle/760597265565128165/mandiant_names_300x250/ Frame 8EE6 886 B
914 B 19ms
18ms Image
image/png 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/760597265565128165/mandiant_names_300x250/man_names_300_cta_text.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

037dd36c7b23a7cdab949ce0bbdd15dc6962c96638c6da41ecdfeb6db74fe400

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/760597265565128165/mandiant_names_300x250/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:22:11 GMT
x-content-type-options: nosniff
age: 82
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 886
x-xss-protection: 0
last-modified: Fri, 01 Apr 2022 14:36:50 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 04 Apr 2023 15:22:11 GMT

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame 037D 0
747 B 100ms
100ms Script
text/html 185.33.223.38
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.223.38 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

400.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 04 Apr 2022 15:23:33 GMT
X-Proxy-Origin: 217.114.215.132; 217.114.215.132; 400.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid: 1d5710e3-5215-470e-b9c1-bb6df3ec9d51
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 man_names_300_logo.png
s0.2mdn.net/sadbundle/760597265565128165/mandiant_names_300x250/ Frame 8EE6 2 KB
2 KB 20ms
20ms Image
image/png 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/760597265565128165/mandiant_names_300x250/man_names_300_logo.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c8742eb0bd710587edec894c84e82c8372ef6b8040c3081c8aa230024e107fee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/760597265565128165/mandiant_names_300x250/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:22:11 GMT
x-content-type-options: nosniff
age: 82
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1624
x-xss-protection: 0
last-modified: Fri, 01 Apr 2022 14:36:50 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 04 Apr 2023 15:22:11 GMT

GET
H2 200 generic
match.adsrvr.org/track/cmf/ Frame D9DE 70 B
264 B 45ms
41ms Image
image/gif 15.197.193.217
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/generic?ttd_pid=svx9t50&ttd_tpi=1&gdpr=1&gdpr_consent=
Requested by: Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?&ld=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 15.197.193.217 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a12b7a488abeaa9e4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eb2.3lift.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 15:23:33 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame D9DE
Redirect Chain

https://eb2.3lift.com/ebda?sync=1&gdpr=1&cmp_cs=
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MjY4ODY4NzA3MDU1MTMwNjIzOTkwNw%3D%3D

170 B
188 B

29ms
28ms

Image
image/png

142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MjY4ODY4NzA3MDU1MTMwNjIzOTkwNw%3D%3D

Requested by

Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?&ld=1

Protocol

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eb2.3lift.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 15:23:33 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MjY4ODY4NzA3MDU1MTMwNjIzOTkwNw%3D%3D
date: Mon, 04 Apr 2022 15:23:33 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H3 200 pixel
cm.g.doubleclick.net/ Frame D9DE 170 B
188 B 30ms
27ms Image
image/png 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=triplelift&google_cm&google_sc&gdpr=1&gdpr_consent=

Requested by

Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?&ld=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eb2.3lift.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 15:23:33 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame D9DE
Redirect Chain

https://eb2.3lift.com/sync/google/demand?sync=1&gdpr=1&gdpr_consent=
https://cm.g.doubleclick.net/pixel?google_nid=triplelift&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MjY4ODY4NzA3MDU1MTMwNjIzOTkwNw%3D%3D

170 B
188 B

28ms
28ms

Image
image/png

142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=triplelift&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MjY4ODY4NzA3MDU1MTMwNjIzOTkwNw%3D%3D

Requested by

Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?&ld=1

Protocol

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eb2.3lift.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 15:23:33 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=triplelift&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MjY4ODY4NzA3MDU1MTMwNjIzOTkwNw%3D%3D
date: Mon, 04 Apr 2022 15:23:33 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H2 200 setuid
px.ads.linkedin.com/ Frame D9DE 0
228 B 207ms
203ms Image
text/plain 2620:1ec:21::14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.ads.linkedin.com/setuid?partner=tripleliftdbredirect&tlUid=2688687070551306239907&dbredirect=true&gdpr=1&consent=
Requested by: Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?&ld=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eb2.3lift.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:23:34 GMT
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: 7E019C9C72884C5EA5D6CCB0662E010F Ref B: FRAEDGE0918 Ref C: 2022-04-04T15:23:33Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-lor1
x-li-proto: http/2
content-length: 0
x-li-uuid: AAXb1bYlTqFVW8lR4jhUHA==

GET
H2

200

xuid
eb2.3lift.com/ Frame D9DE
Redirect Chain

https://pr-bh.ybp.yahoo.com/sync/triplelift/2688687070551306239907?gdpr=1&gdpr_consent=
https://eb2.3lift.com/xuid?mid=2662&xuid=y-99wLG0lE2oQvJXqvnglXGpNhW2yJsiuclNjS7_Mrlg--~A&dongle=0883

37 B
354 B

20ms
20ms

Image
image/gif

13.248.245.213
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eb2.3lift.com/xuid?mid=2662&xuid=y-99wLG0lE2oQvJXqvnglXGpNhW2yJsiuclNjS7_Mrlg--~A&dongle=0883
Requested by: Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?&ld=1
Protocol: H2
Server: 13.248.245.213 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a0f671730127a0812.awsglobalaccelerator.com
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eb2.3lift.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:23:33 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-length: 37
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

date: Mon, 04 Apr 2022 15:23:33 GMT
referrer-policy: strict-origin-when-cross-origin
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=31536000
location: https://eb2.3lift.com/xuid?mid=2662&xuid=y-99wLG0lE2oQvJXqvnglXGpNhW2yJsiuclNjS7_Mrlg--~A&dongle=0883
x-xss-protection: 1; mode=block
content-length: 0
x-content-type-options: nosniff

GET
H/1.1 200
OK sync
x.bidswitch.net/ Frame D9DE 43 B
220 B 518ms
18ms Image
image/gif 3.122.58.191
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/sync?ssp=triplelift&user_id=2688687070551306239907&gdpr=1&gdpr_consent=
Requested by: Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?&ld=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.122.58.191 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-122-58-191.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eb2.3lift.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date: Mon, 04 Apr 2022 15:23:34 GMT
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif

GET
H2 200 c.gif
c.bing.com/ Frame D9DE 42 B
593 B 88ms
44ms Image
image/gif 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.bing.com/c.gif?xid=2688687070551306239907&Red3=TLMS_pd
Requested by: Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?&ld=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: / ASP.NET
Resource Hash: 99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eb2.3lift.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 15:23:33 GMT
etag: "8120eaf0ff3ad81:0"
last-modified: Fri, 18 Mar 2022 19:39:54 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 96742804A05946A09B5657EAA120828C Ref B: FRAEDGE1320 Ref C: 2022-04-04T15:23:33Z
x-powered-by: ASP.NET
x-cache: CONFIG_NOCACHE
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control: private, no-cache, proxy-revalidate, no-store
accept-ranges: bytes
content-type: image/gif
content-length: 42

GET
H/1.1

200
OK

iu3
s.amazon-adsystem.com/ Frame D9DE
Redirect Chain

https://s.amazon-adsystem.com/x/757c0557066e95cfd4c7?gdpr=1&gdpr_consent=&uid=2688687070551306239907
https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&dl=3lift&gdpr=1&gdpr_consent=&uid=2688687070551306239907&dcc=t

0
0

229ms
114ms

Image
text/html

209.54.180.144
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&dl=3lift&gdpr=1&gdpr_consent=&uid=2688687070551306239907&dcc=t
Requested by: Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?&ld=1
Protocol: HTTP/1.1
Server: 209.54.180.144 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eb2.3lift.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Redirect headers

Pragma: no-cache
Date: Mon, 04 Apr 2022 15:23:34 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: 25W960CN0EFD7JWSDGJZ
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location: https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&dl=3lift&gdpr=1&gdpr_consent=&uid=2688687070551306239907&dcc=t
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2

200

xuid
eb2.3lift.com/ Frame D9DE
Redirect Chain

https://b1sync.zemanta.com/usersync/triplelift?gdpr=1&gdpr_consent=
https://eb2.3lift.com/xuid?mid=2460&dongle=dba8&xuid=&gdpr=1

37 B
139 B

18ms
17ms

Image
image/gif

13.248.245.213
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eb2.3lift.com/xuid?mid=2460&dongle=dba8&xuid=&gdpr=1
Requested by: Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?&ld=1
Protocol: H2
Server: 13.248.245.213 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a0f671730127a0812.awsglobalaccelerator.com
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eb2.3lift.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:23:34 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 37
content-type: image/gif

Redirect headers

Location: https://eb2.3lift.com/xuid?mid=2460&dongle=dba8&xuid=&gdpr=1
Pragma: no-cache
Date: Mon, 04 Apr 2022 15:23:34 GMT
Cache-Control: no-cache, no-store, must-revalidate
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Content-Length: 95
Content-Type: text/html; charset=utf-8

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 69A5 42 B
64 B 55ms
54ms Fetch
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvH8Q1l8b1GcjrJ7kz48TDU-6M-ceKrydLZbMz8YjC3V4V8U9lLVQufOdV716W86Cha9rrBr18iSLetlKf-I3B3oLYY3aS_pLgNVQ&sai=AMfl-YQIykx2tlvyrdcNDPviEkgDOFlJRs7bw7gdNHM1UPnqFR--BjqOHIVEUHeVCgMx50Ht0bg4ynDNpNrubKQIcPjd7gE1nw4AjuudJrkU6a_3Sw3qiODoqE0KL04&sig=Cg0ArKJSzHsqvIvNUOaSEAE&cid=CAASJORo2FIzl4o_MR7vOwEOPhnm0S_DMHOCJvPhuamMdjtqNMxbXQ&id=lidar2&mcvt=1000&p=8,436,102,1164&mtos=0,1000,1000,1000,1000&tos=0,1000,0,0,0&v=20220330&bin=7&avms=nio&bs=0,0&mc=0.96&if=1&app=0&itpl=20&adk=4166723991&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0%3D&vs=4&r=v&rst=1649085811024&rpt=1879&isd=0&lsd=0&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 15:23:33 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame C8AE 42 B
64 B 57ms
56ms Fetch
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsv1TChqMFVMYmie4jCdSuqOdgvZAxsgUBaz1u6uLXY-dKKbRVgcfMh4cgzsJf2g9O9k8fqQunh4VfXv2tCHg4cSKPzFV67skuwT5g&sai=AMfl-YTUC8bvTmMCkWMmLBlX_av4HRdDxMwdaWWGOGSNFm5XleCSCB2V_bY9AzxZDgu-lR8MhdUI_JPbkhqUi806XOY8xdxm318wLt8Kxc2MYdUVEpfjwKWwhqVdcIY&sig=Cg0ArKJSzEV5UWiODXOmEAE&cid=CAASJORoH_D-AVm3-lMEVFXjguhBCUzQ31Op7v_EJUUO1D6gWwUPNw&id=lidar2&mcvt=1002&p=256,1082,510,1382&mtos=0,1002,1002,1002,1002&tos=0,1002,0,0,0&v=20220330&bin=7&avms=nio&bs=0,0&mc=0.98&if=1&app=0&itpl=20&adk=1414505084&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0%3D&vs=4&r=v&rst=1649085811049&rpt=1874&isd=0&lsd=0&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 15:23:33 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame 915A 32 KB
10 KB 18ms
17ms Script
text/html 104.89.20.125
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.89.20.125 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-89-20-125.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: b7781f6fa62c80c336671d895754a77ce8d0f5e9fe30e0b1f40d08c66261408b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/usync.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date: Mon, 04 Apr 2022 15:23:34 GMT
Content-Encoding: gzip
Last-Modified: Wed, 02 Mar 2022 16:28:01 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=20376
Connection: keep-alive
Content-Type: text/html; charset=UTF-8
Content-Length: 9541
Expires: Mon, 04 Apr 2022 21:03:10 GMT

GET
H2 200 13926 Show response
g2.gumgum.com/usync/ Frame 4328 4 KB
2 KB 125ms
37ms Document
text/html 34.248.76.8
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.248.76.8 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-248-76-8.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 442e04d29e831cccad0690c929d9c3bd176d17319a91be696a134aad5341b723

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://public.servenobid.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

content-encoding: gzip
content-type: text/html;charset=UTF-8
date: Mon, 04 Apr 2022 15:23:34 GMT
etag: W/"0126e54fb985c4087056649d5d0cbe55a"
server: nginx
timing-allow-origin: *

GET
H2 204 ps
pixel.33across.com/ Frame DBD6 0
0 378ms
125ms Document
text/plain 67.202.105.21
STEADFAST

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel.33across.com/ps?m=xch&rt=html&id=0010b00002Mq2FYAAZ&ru=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D304%26uid%3D33XUSERID33X
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.202.105.21 , United States, ASN32748 (STEADFAST, US),
Reverse DNS: ip21.67-202-105.static.steadfastdns.net
Software: 33XP001 /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://public.servenobid.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:23:34 GMT
server: 33XP001
x-33x-status: 2000208

GET
H2 200 / Show response
onetag-sys.com/usync/ Frame 4B38 2 KB
814 B 22ms
18ms Document
text/html 51.75.86.98
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://onetag-sys.com/usync/?pubId=694e68b73971b58&gdpr=0&gdpr_consent=&us_privacy=1YN-&https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D318%26uid%3D

Requested by

Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.75.86.98 , France, ASN16276 (OVH, FR),

Reverse DNS

ip98.ip-51-75-86.eu

Software

Resource Hash

37a31642af0a7fe695ed0fd68a06a55af44e854d083dc7f5d0e70535f0189ae0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://public.servenobid.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

cache-control: no-transform, no-cache
content-encoding: gzip
content-length: 731
content-type: text/html
strict-transport-security: max-age=15552000

GET
H/1.1 200
OK sync Show response
ssbsync.smartadserver.com/api/ Frame 61A7 731 B
981 B 306ms
28ms Document
text/html 185.86.139.93
SMARTADSERVER

General

Check archive.org

Show headers Download Go to

Full URL: https://ssbsync.smartadserver.com/api/sync?callerId=9&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D317%26uid%3D%24UID
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.139.93 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: f78a2306382111c023adb75e9f54aa7a5ac504b55851fb36038a3193e107c7fb

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://public.servenobid.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

content-length: 731
content-type: text/html
date: Mon, 04 Apr 2022 15:23:34 GMT

GET
H/1.1 200
OK usermatch Show response
ssum-sec.casalemedia.com/ Frame 0E4B 1 KB
3 KB 31ms
31ms Document
text/html 23.35.228.247
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.35.228.247 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-228-247.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: e208ef089c772279edf49733f265b4781ce4cbbfc83a8e6ce797b7b36aee146f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://public.servenobid.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 1488
Content-Type: text/html
Date: Mon, 04 Apr 2022 15:23:34 GMT
Dropped-Udsids: 39|230|241|73|152|81|65|64
Expires: Mon, 04 Apr 2022 15:23:34 GMT
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Pragma: no-cache
Server: Apache
Vary: Is-Traffic-Usersync

GET
H2

200

sync
ads.servenobid.com/ Frame C205
Redirect Chain

https://ib.adnxs.com/getuid?https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D312%26uid%3D%24UID
https://ads.servenobid.com/sync?pid=312&uid=6514661878502015300

0
344 B

39ms
39ms

Image
image/avif

79.125.2.154
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.servenobid.com/sync?pid=312&uid=6514661878502015300
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: H2
Server: 79.125.2.154 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-79-125-2-154.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://public.servenobid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:23:34 GMT
amp-access-control-allow-source-origin: *
content-type: image/avif;charset=ISO-8859-1
access-control-allow-origin: *
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 0

Redirect headers

Pragma: no-cache
Date: Mon, 04 Apr 2022 15:23:34 GMT
X-Proxy-Origin: 217.114.215.132; 217.114.215.132; 400.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid: 06ed7ab2-05c7-4fd0-bf76-7e8e0031ea9b
Server: nginx/1.21.3
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://ads.servenobid.com/sync?pid=312&uid=6514661878502015300
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

sync
ads.servenobid.com/ Frame C205
Redirect Chain

https://ce.lijit.com/merge?pid=273657&3pid=273657&gdpr=0&gdpr_consent=&us_privacy=1YN-&&location=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D310%26uid%3D%5BSOVRNID%5D
https://ce.lijit.com/merge?pid=273657&3pid=273657&gdpr=0&gdpr_consent=&us_privacy=1YN-&location=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D310%26uid%3D%5BSOVRNID%5D&dnr=1
https://ads.servenobid.com/sync?pid=310&uid=0df219cae5e4fef18b8d9d71

0
347 B

39ms
39ms

Image
image/avif

79.125.2.154
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.servenobid.com/sync?pid=310&uid=0df219cae5e4fef18b8d9d71
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: H2
Server: 79.125.2.154 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-79-125-2-154.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://public.servenobid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:23:34 GMT
amp-access-control-allow-source-origin: *
content-type: image/avif;charset=ISO-8859-1
access-control-allow-origin: *
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 0

Redirect headers

Pragma: no-cache
Date: Mon, 04 Apr 2022 15:23:34 GMT
Server: nginx
X-Powered-By: raptor
P3P: CP="CUR ADM OUR NOR STA NID"
Location: https://ads.servenobid.com/sync?pid=310&uid=0df219cae5e4fef18b8d9d71
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod: ad_ap1sea1
Content-Length: 0
Expires: Fri, 20 Mar 2009 00:00:00 GMT

GET
H/1.1 204
No Content pixel
ap.lijit.com/ Frame C205 0
277 B 166ms
164ms Image
text/plain 63.251.14.14
INTERNAP-BLOCK-4

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ap.lijit.com/pixel?pid=273657&3pid=273657&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redir=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D310%26uid%3D%24UID
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 63.251.14.14 , United States, ASN14744 (INTERNAP-BLOCK-4, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://public.servenobid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Mon, 04 Apr 2022 15:23:34 GMT
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap1sea1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Access-Control-Allow-Methods: GET, POST, DELETE, PUT

GET
H2 502 rmpssp
sync.1rx.io/usersync2/ Frame C205 0
0 85ms
24ms Image
text/html 213.19.147.44
RHYTHMONE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.1rx.io/usersync2/rmpssp?sub=duration&redir=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D321%26uid%3D%5BRX_UUID%5D
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 213.19.147.44 Utrecht, Netherlands, ASN26120 (RHYTHMONE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://public.servenobid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

GET
H2

200

sync
ads.servenobid.com/ Frame C205
Redirect Chain

https://p.rfihub.com/cm?pub=44007&in=1
https://ads.servenobid.com/sync?pid=324&uid=1789512435564511565

0
344 B

40ms
39ms

Image
image/avif

79.125.2.154
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.servenobid.com/sync?pid=324&uid=1789512435564511565
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: H2
Server: 79.125.2.154 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-79-125-2-154.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://public.servenobid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:23:34 GMT
amp-access-control-allow-source-origin: *
content-type: image/avif;charset=ISO-8859-1
access-control-allow-origin: *
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 0

Redirect headers

Location: https://ads.servenobid.com/sync?pid=324&uid=1789512435564511565
Date: Mon, 04 Apr 2022 15:23:34 GMT
Server: Jetty(9.3.29.v20201019)
Content-Length: 0
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H/1.1 200
OK usa
sync.go.sonobi.com/ Frame C205 0
474 B 115ms
23ms Image
text/plain 178.162.133.149
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sync.go.sonobi.com/usa?loc=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D332%26uid%3D

Requested by

Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.149 Rijswijk, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

ams-1-sync.go.sonobi.com

Software

sonobi-go /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://public.servenobid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 04 Apr 2022 15:23:34 GMT
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: xcp-ams-1-7-9
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache, no-store, private
Tcn: Choice
Content-Type: text/plain; charset=utf8
Content-Length: 0
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

GET
H2

200

sync
ads.servenobid.com/ Frame C205
Redirect Chain

https://prebid.a-mo.net/cchain/0?gdpr=0&gdpr_consent=&us_privacy=1YN-&&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D327%26uid%3D
https://ads.servenobid.com/sync?pid=327&uid=6317f8ea-5e59-44f3-aeee-0d12d3cb3af6&gdpr=0&gdpr_consent=&us_privacy=1YN-

0
356 B

40ms
39ms

Image
image/avif

79.125.2.154
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.servenobid.com/sync?pid=327&uid=6317f8ea-5e59-44f3-aeee-0d12d3cb3af6&gdpr=0&gdpr_consent=&us_privacy=1YN-
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: H2
Server: 79.125.2.154 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-79-125-2-154.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://public.servenobid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:23:34 GMT
amp-access-control-allow-source-origin: *
content-type: image/avif;charset=ISO-8859-1
access-control-allow-origin: *
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 0

Redirect headers

location: https://ads.servenobid.com/sync?pid=327&uid=6317f8ea-5e59-44f3-aeee-0d12d3cb3af6&gdpr=0&gdpr_consent=&us_privacy=1YN-
date: Mon, 04 Apr 2022 15:23:34 GMT
cache-control: max-age=0, private, must-revalidate
x-envoy-upstream-service-time: 1
server: envoy
content-length: 0

GET
H2

200

sync
ads.servenobid.com/ Frame C205
Redirect Chain

https://ups.analytics.yahoo.com/ups/58559/occ
https://ads.servenobid.com/sync?pid=337&uid=y-v35Ej1xE2uGW7DM0QxSfCOl9FKU.jDYzIXXQYq4-~A

0
369 B

40ms
39ms

Image
image/avif

79.125.2.154
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.servenobid.com/sync?pid=337&uid=y-v35Ej1xE2uGW7DM0QxSfCOl9FKU.jDYzIXXQYq4-~A
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: H2
Server: 79.125.2.154 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-79-125-2-154.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://public.servenobid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:23:34 GMT
amp-access-control-allow-source-origin: *
content-type: image/avif;charset=ISO-8859-1
access-control-allow-origin: *
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 0

Redirect headers

location: https://ads.servenobid.com/sync?pid=337&uid=y-v35Ej1xE2uGW7DM0QxSfCOl9FKU.jDYzIXXQYq4-~A
date: Mon, 04 Apr 2022 15:23:34 GMT
server: ATS/9.1.0.33
age: 0
content-length: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H2 204 um
cs.emxdgt.com/ Frame 2D82 0
0 151ms
20ms Document
text/html 18.195.155.181
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cs.emxdgt.com/um?ssp=pbs&redirect=https%3A%2F%2Fe.serverbid.com%2Fudb%2F9969%2Fsync%2Fi.gif%3FpartnerId%3D44%26userId%3D%24UID
Requested by: Host: serverbid-sync.nyc3.cdn.digitaloceanspaces.com
URL: https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/2000891.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.195.155.181 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-155-181.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

content-length: 0
content-type: text/html
date: Mon, 04 Apr 2022 15:23:34 GMT

GET
H/1.1

200
OK

usync.html Show response
eus.rubiconproject.com/ Frame B82E
Redirect Chain

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=17632&endpoint=us-east
https://eus.rubiconproject.com/usync.html?p=17632&endpoint=us-east

281 B
554 B

17ms
17ms

Document
text/html

104.89.20.125
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html?p=17632&endpoint=us-east
Requested by: Host: serverbid-sync.nyc3.cdn.digitaloceanspaces.com
URL: https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/2000891.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.89.20.125 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-89-20-125.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Accept-Ranges: bytes
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Mon, 04 Apr 2022 15:23:34 GMT
ETag: "40014-119-5d32342a551c0"
Last-Modified: Tue, 14 Dec 2021 23:07:59 GMT
Server: Apache/2.2.15 (CentOS)
Vary: Accept-Encoding

Redirect headers

access-control-allow-credentials: true
access-control-allow-origin: *
content-length: 0
date: Mon, 04 Apr 2022 15:23:34 GMT
location: https://eus.rubiconproject.com/usync.html?p=17632&endpoint=us-east
server: AkamaiGHost

GET
H/1.1 200
OK uc.html Show response
go.sonobi.com/ Frame A900 43 B
579 B 94ms
22ms Document
text/html 178.162.133.148
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL

https://go.sonobi.com/uc.html?pubid=e55fb5d7c2

Requested by

Host: serverbid-sync.nyc3.cdn.digitaloceanspaces.com
URL: https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/2000891.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.148 Rijswijk, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

ams-1.go.sonobi.com

Software

sonobi-go /

Resource Hash

bcdf010ba3dc61605c33de9b33e7e76dbc3bb4326dcec49f33970345e517fb25

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Cache-Control: no-cache, no-store, private
Content-Encoding: gzip
Content-Type: text/html
Date: Mon, 04 Apr 2022 15:23:34 GMT
Expires: Sat, 26 Jul 1997 05:00:00 GMT
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Pragma: no-cache
Server: sonobi-go
Tcn: Choice
Transfer-Encoding: chunked
Vary: negotiate,Accept-Encoding
X-Go-Server: apex-ams-1-6-128
X-Xss-Protection: 0

GET
H2 200 cm Show response
gift-connect-d.openx.net/w/1.0/ Frame B24F 0
83 B 59ms
33ms Document
text/html 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://gift-connect-d.openx.net/w/1.0/cm?id=fd531c74-f5ed-4e60-8874-939fb2acafa1&r=https%3A%2F%2Fe.serverbid.com%2Fudb%2F9969%2Fsync%2Fi.gif%3FpartnerId%3D19%26userId%3D
Requested by: Host: serverbid-sync.nyc3.cdn.digitaloceanspaces.com
URL: https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/2000891.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/18.0.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: gzip
content-length: 20
content-type: text/html
date: Mon, 04 Apr 2022 15:23:34 GMT
server: OXGW/18.0.0
vary: Accept, Accept-Encoding
via: 1.1 google

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame 6C3F 15 KB
6 KB 36ms
34ms Document
text/html 2.20.85.92
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156319&userIdMacro=PM_UID&predirect=https%3A%2F%2Fe.serverbid.com%2Fudb%2F9969%2Fsync%2Fi.gif%3FpartnerId%3D4%26userId%3DPM_UID
Requested by: Host: serverbid-sync.nyc3.cdn.digitaloceanspaces.com
URL: https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/2000891.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.20.85.92 Milan, Italy, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-20-85-92.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

accept-ranges: bytes
cache-control: max-age=37972
content-encoding: gzip
content-length: 5549
content-type: text/html; charset=UTF-8
date: Mon, 04 Apr 2022 15:23:34 GMT
etag: "1300708-3de4-5d6ef246ef4cf"
expires: Tue, 05 Apr 2022 01:56:26 GMT
last-modified: Tue, 01 Feb 2022 06:38:00 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: Apache/2.2.15 (CentOS)
vary: Accept-Encoding

GET
H2

200

i.gif
e.serverbid.com/udb/9969/sync/ Frame 4EB3
Redirect Chain

https://ib.adnxs.com/getuid?https%3A%2F%2Fe.serverbid.com%2Fudb%2F9969%2Fsync%2Fi.gif%3FpartnerId%3D28%26userId%3D%24UID
https://e.serverbid.com/udb/9969/sync/i.gif?partnerId=28&userId=6514661878502015300

0
44 B

218ms
97ms

Image
text/plain

134.209.131.220
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://e.serverbid.com/udb/9969/sync/i.gif?partnerId=28&userId=6514661878502015300
Requested by: Host: serverbid-sync.nyc3.cdn.digitaloceanspaces.com
URL: https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/2000891.html
Protocol: H2
Server: 134.209.131.220 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:23:34 GMT
content-length: 0

Redirect headers

Pragma: no-cache
Date: Mon, 04 Apr 2022 15:23:34 GMT
X-Proxy-Origin: 217.114.215.132; 217.114.215.132; 400.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid: ec13d7aa-22a2-4142-89d4-c139a4c4e963
Server: nginx/1.21.3
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://e.serverbid.com/udb/9969/sync/i.gif?partnerId=28&userId=6514661878502015300
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

i.gif
e.serverbid.com/udb/9969/sync/ Frame 4EB3
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=185073&cb=https%3A%2F%2Fe.serverbid.com%2Fudb%2F9969%2Fsync%2Fi.gif%3FpartnerId%3D1%26userId%3D
https://e.serverbid.com/udb/9969/sync/i.gif?partnerId=1&userId=YksNct4UTVn3MBHk14kPKAAA%261184

0
44 B

268ms
97ms

Image
text/plain

134.209.131.220
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://e.serverbid.com/udb/9969/sync/i.gif?partnerId=1&userId=YksNct4UTVn3MBHk14kPKAAA%261184
Requested by: Host: serverbid-sync.nyc3.cdn.digitaloceanspaces.com
URL: https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/2000891.html
Protocol: H2
Server: 134.209.131.220 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:23:34 GMT
content-length: 0

Redirect headers

Pragma: no-cache
Date: Mon, 04 Apr 2022 15:23:34 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://e.serverbid.com/udb/9969/sync/i.gif?partnerId=1&userId=YksNct4UTVn3MBHk14kPKAAA%261184
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Content-Length: 282
Expires: Mon, 04 Apr 2022 15:23:34 GMT

GET
H/1.1 204
No Content pixel
ap.lijit.com/ Frame 4EB3 0
277 B 289ms
165ms Image
text/plain 63.251.14.14
INTERNAP-BLOCK-4

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ap.lijit.com/pixel?redir=https%3A%2F%2Fe.serverbid.com%2Fudb%2F9969%2Fsync%2Fi.gif%3FpartnerId%3D24%26userId%3D%24UID
Requested by: Host: serverbid-sync.nyc3.cdn.digitaloceanspaces.com
URL: https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/2000891.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 63.251.14.14 , United States, ASN14744 (INTERNAP-BLOCK-4, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Mon, 04 Apr 2022 15:23:34 GMT
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap1sea1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Access-Control-Allow-Methods: GET, POST, DELETE, PUT

GET
H/1.1 200
OK usa
sync.go.sonobi.com/ Frame 4EB3 0
474 B 94ms
23ms Image
text/plain 178.162.133.149
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sync.go.sonobi.com/usa?https://e.serverbid.com/udb/9969/sync/i.gif?partnerId=38&userId=

Requested by

Host: serverbid-sync.nyc3.cdn.digitaloceanspaces.com
URL: https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/2000891.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.149 Rijswijk, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

ams-1-sync.go.sonobi.com

Software

sonobi-go /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 04 Apr 2022 15:23:34 GMT
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: xcp-ams-1-7-9
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache, no-store, private
Tcn: Choice
Content-Type: text/plain; charset=utf8
Content-Length: 0
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

GET
H2

200

i.gif
e.serverbid.com/udb/9969/sync/ Frame 4EB3
Redirect Chain

https://pixel.advertising.com/ups/56621/occ
https://ups.analytics.yahoo.com/ups/56621/occ?apid=UP301e2d0f-b42b-11ec-8de4-0254f87e0f0c
https://e.serverbid.com/udb/9969/sync/i.gif?partnerId=29&userId=UP301e2d0f-b42b-11ec-8de4-0254f87e0f0c

0
44 B

244ms
97ms

Image
text/plain

134.209.131.220
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://e.serverbid.com/udb/9969/sync/i.gif?partnerId=29&userId=UP301e2d0f-b42b-11ec-8de4-0254f87e0f0c
Requested by: Host: serverbid-sync.nyc3.cdn.digitaloceanspaces.com
URL: https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/2000891.html
Protocol: H2
Server: 134.209.131.220 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:23:34 GMT
content-length: 0

Redirect headers

location: https://e.serverbid.com/udb/9969/sync/i.gif?partnerId=29&userId=UP301e2d0f-b42b-11ec-8de4-0254f87e0f0c
date: Mon, 04 Apr 2022 15:23:34 GMT
server: ATS/9.1.0.33
age: 0
content-length: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H/1.1

200
OK

us.gif
sync.go.sonobi.com/ Frame 4EB3
Redirect Chain

https://e.serverbid.com/udb/9969/match?redir=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dco%26nuid%3D
https://sync.go.sonobi.com/us.gif?nw=co&nuid=ue1-sb1-859639ea-eeac-4fdf-adab-ad9aacf957ef

49 B
509 B

24ms
23ms

Image
image/gif

178.162.133.149
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sync.go.sonobi.com/us.gif?nw=co&nuid=ue1-sb1-859639ea-eeac-4fdf-adab-ad9aacf957ef

Requested by

Host: serverbid-sync.nyc3.cdn.digitaloceanspaces.com
URL: https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/2000891.html

Protocol

HTTP/1.1

Server

178.162.133.149 Rijswijk, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

ams-1-sync.go.sonobi.com

Software

sonobi-go /

Resource Hash

8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 04 Apr 2022 15:23:34 GMT
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: xcp-ams-1-7-9
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache, no-store, private
Tcn: Choice
Content-Type: image/gif
Content-Length: 49
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

location: https://sync.go.sonobi.com/us.gif?nw=co&nuid=ue1-sb1-859639ea-eeac-4fdf-adab-ad9aacf957ef
cache-control: no-cache
content-length: 0

GET
H/1.1

200
OK

56939
i6.liadm.com/s/ Frame 4EB3
Redirect Chain

https://e.serverbid.com/udb/9969/match?redir=https%3A%2F%2Fi.liadm.com%2Fs%2F56939%3Fbidder_id%3D203802%26bidder_uuid%3D
https://i.liadm.com/s/56939?bidder_id=203802&bidder_uuid=ue1-sb1-859639ea-eeac-4fdf-adab-ad9aacf957ef
https://i.liadm.com/s/56939?bidder_id=203802&bidder_uuid=ue1-sb1-859639ea-eeac-4fdf-adab-ad9aacf957ef&_li_chk=true&previous_uuid=a735513126a34cdebe65cc3d3a77013b
https://i6.liadm.com/s/56939?bidder_id=203802&bidder_uuid=ue1-sb1-859639ea-eeac-4fdf-adab-ad9aacf957ef

43 B
419 B

312ms
101ms

Image
image/gif

2600:1f18:444a:4680:5b76:7408:bdd4:1592
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i6.liadm.com/s/56939?bidder_id=203802&bidder_uuid=ue1-sb1-859639ea-eeac-4fdf-adab-ad9aacf957ef

Requested by

Host: serverbid-sync.nyc3.cdn.digitaloceanspaces.com
URL: https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/2000891.html

Protocol

HTTP/1.1

Server

2600:1f18:444a:4680:5b76:7408:bdd4:1592 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

Resource Hash

caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date: Mon, 04 Apr 2022 15:23:35 GMT
Cache-Control: no-store
Connection: keep-alive
Content-Length: 43
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/gif

Redirect headers

Location: https://i6.liadm.com/s/56939?bidder_id=203802&bidder_uuid=ue1-sb1-859639ea-eeac-4fdf-adab-ad9aacf957ef
Date: Mon, 04 Apr 2022 15:23:34 GMT
Connection: keep-alive
Content-Length: 0
Strict-Transport-Security: max-age=31536000; includeSubDomains

GET
H2 200 casale
match.adsrvr.org/track/cmf/ Frame 0E4B 70 B
264 B 42ms
39ms Image
image/gif 15.197.193.217
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/casale?gdpr=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 15.197.193.217 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a12b7a488abeaa9e4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 15:23:34 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H3 200 pixel
cm.g.doubleclick.net/ Frame 0E4B 170 B
188 B 29ms
27ms Image
image/png 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=YksNct4UTVn3MBHk14kPKAAABKAAAAAB&gdpr_consent=&us_privacy=&gdpr=1

Requested by

Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 15:23:34 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

dcm
s.amazon-adsystem.com/ Frame 0E4B
Redirect Chain

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YksNct4UTVn3MBHk14kPKAAABKAAAAAB
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YksNct4UTVn3MBHk14kPKAAABKAAAAAB&dcc=t

43 B
645 B

116ms
113ms

Image
image/gif

209.54.180.144
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YksNct4UTVn3MBHk14kPKAAABKAAAAAB&dcc=t

Requested by

Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D

Protocol

HTTP/1.1

Server

209.54.180.144 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 04 Apr 2022 15:23:34 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: M7M7NN0YFSPQMKGN7MFX
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 04 Apr 2022 15:23:34 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: T33A2FBSXH8AER6NDF0T
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location: https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YksNct4UTVn3MBHk14kPKAAABKAAAAAB&dcc=t
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 YksNct4UTVn3MBHk14kPKAAABKAAAAAB
pr-bh.ybp.yahoo.com/sync/casale/ Frame 0E4B 43 B
984 B 48ms
45ms Image
image/gif 2a05:d018:d29:3605:2e02:fe1c:9c40:529
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pr-bh.ybp.yahoo.com/sync/casale/YksNct4UTVn3MBHk14kPKAAABKAAAAAB?gdpr_consent=&us_privacy=&gdpr=1

Requested by

Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a05:d018:d29:3605:2e02:fe1c:9c40:529 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

ATS /

Resource Hash

48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:23:34 GMT
referrer-policy: strict-origin-when-cross-origin
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=31536000
content-type: image/gif
x-xss-protection: 1; mode=block
content-length: 43
x-content-type-options: nosniff

GET
H/1.1

200
OK

crum
dsum-sec.casalemedia.com/ Frame 0E4B
Redirect Chain

https://sync.extend.tv/r.gif?exchange=index
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=152&external_user_id=f8d37842-44f9-4de5-9988-24bb337c2c3f

43 B
1 KB

23ms
23ms

Image
image/gif

23.35.228.247
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=152&external_user_id=f8d37842-44f9-4de5-9988-24bb337c2c3f
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D
Protocol: HTTP/1.1
Server: 23.35.228.247 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-228-247.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 04 Apr 2022 15:23:34 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Mon, 04 Apr 2022 15:23:34 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 04 Apr 2022 15:23:34 GMT
Access-Control-Allow-Origin: *
Content-Type: text/html; charset=utf-8
Location: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=152&external_user_id=f8d37842-44f9-4de5-9988-24bb337c2c3f
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: keep-alive
Content-Length: 132
Expires: Tue, 29 May 1984 15:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 0E4B
Redirect Chain

https://pixel.quantserve.com/pixel/p-Z8PuJEk6U7Hyq.gif?idmatch=0&gdpr=1
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=81&&external_user_id=Jzt31SFtdIc8OHPUJz9ugCBte9U8aHCGKTkGvejb

43 B
1 KB

23ms
23ms

Image
image/gif

23.35.228.247
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=81&&external_user_id=Jzt31SFtdIc8OHPUJz9ugCBte9U8aHCGKTkGvejb
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D
Protocol: HTTP/1.1
Server: 23.35.228.247 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-228-247.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 04 Apr 2022 15:23:34 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Mon, 04 Apr 2022 15:23:34 GMT

Redirect headers

pragma: no-cache
date: Mon, 04 Apr 2022 15:23:34 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=81&&external_user_id=Jzt31SFtdIc8OHPUJz9ugCBte9U8aHCGKTkGvejb
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 0
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H/1.1

200
OK

rum
dsum.casalemedia.com/ Frame 0E4B
Redirect Chain

https://casale-match.dotomi.com/match/bounce/current?networkId=19998&version=1&gdpr=1
https://dsum.casalemedia.com/rum?cm_dsp_id=65&external_user_id=&expiration=1649172214&gdpr=1

43 B
315 B

212ms
88ms

Image
image/gif

2.20.85.164
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum.casalemedia.com/rum?cm_dsp_id=65&external_user_id=&expiration=1649172214&gdpr=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D
Protocol: HTTP/1.1
Server: 2.20.85.164 Milan, Italy, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-20-85-164.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 04 Apr 2022 15:23:34 GMT
Server: Apache
Vary: Is-Traffic-Usersync
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 43
Expires: Mon, 04 Apr 2022 15:23:34 GMT

Redirect headers

location: https://dsum.casalemedia.com/rum?cm_dsp_id=65&external_user_id=&expiration=1649172214&gdpr=1
pragma: no-cache
date: Mon, 04 Apr 2022 15:23:34 GMT
cache-control: no-cache, private, max-age=0, no-store
server: nginx
content-length: 0
expires: 0

GET
H2 204 pixelSync
pixel-sync.sitescout.com/dmp/ Frame 0E4B 0
191 B 40ms
37ms Image
text/plain 66.155.71.150
COGECO-PEER1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel-sync.sitescout.com/dmp/pixelSync?nid=48&gdpr=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 66.155.71.150 Portsmouth, United Kingdom, ASN13768 (COGECO-PEER1, CA),
Reverse DNS
Software: AC1.1 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 15:23:33 GMT
cache-control: max-age=0,no-cache,no-store
server: AC1.1
p3p: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
expires: Tue, 11 Oct 1977 12:34:56 GMT

GET
H2 200 sync
ads.servenobid.com/ Frame 0E4B 0
356 B 42ms
39ms Image
image/avif 79.125.2.154
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.servenobid.com/sync?pid=333&uid=YksNct4UTVn3MBHk14kPKAAABKAAAAAB
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 79.125.2.154 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-79-125-2-154.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:23:34 GMT
amp-access-control-allow-source-origin: *
content-type: image/avif;charset=ISO-8859-1
access-control-allow-origin: *
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 915A
Redirect Chain

https://token.rubiconproject.com/token?pid=25470
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDFLVjQwVzYtMUotR0ZBSw==

170 B
188 B

36ms
35ms

Image
image/png

142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDFLVjQwVzYtMUotR0ZBSw==

Protocol

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 15:23:34 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDFLVjQwVzYtMUotR0ZBSw==
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: de8527bfa1ccfd6c1590da0d3b6cff52
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H/1.1

200
OK

ecm3
aax-eu.amazon-adsystem.com/s/ Frame 915A
Redirect Chain

https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=
https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=&dcc=t
https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=ix67ShiVSNyrLNmBCipA9g&rk=usync-other
https://aax-eu.amazon-adsystem.com/s/ecm3?ex=rubiconprojectHMT&id=ix67ShiVSNyrLNmBCipA9g

43 B
556 B

44ms
44ms

Image
image/gif

52.94.220.185
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://aax-eu.amazon-adsystem.com/s/ecm3?ex=rubiconprojectHMT&id=ix67ShiVSNyrLNmBCipA9g

Protocol

HTTP/1.1

Server

52.94.220.185 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 04 Apr 2022 15:23:34 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: N7J5ZFTK6K6JBVAHTSS8
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Location: https://aax-eu.amazon-adsystem.com/s/ecm3?ex=rubiconprojectHMT&id=ix67ShiVSNyrLNmBCipA9g
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 78e3bdce5107450057bade54d54a0a7e
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H/1.1

200
OK

ecm3
s.amazon-adsystem.com/ Frame 915A
Redirect Chain

https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=
https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=&dcc=t
https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=IwUx3lm8T22l_oNKgJ36HQ&rk=usync-na
https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=IwUx3lm8T22l_oNKgJ36HQ

43 B
556 B

117ms
116ms

Image
image/gif

209.54.180.144
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=IwUx3lm8T22l_oNKgJ36HQ

Protocol

HTTP/1.1

Server

209.54.180.144 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 04 Apr 2022 15:23:34 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: 4AKWHBAD6D91BKBQH1ZJ
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Location: https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=IwUx3lm8T22l_oNKgJ36HQ
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 78e3bdce5107450057bade54d54a0a7e
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H2

200

setuid
px.ads.linkedin.com/ Frame 915A
Redirect Chain

https://token.rubiconproject.com/token?pid=36584
https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=L1KV40W6-1J-GFAK

0
142 B

216ms
215ms

Image
text/plain

2620:1ec:21::14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=L1KV40W6-1J-GFAK
Protocol: H2
Server: 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:23:34 GMT
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: 50A66993F1D44061B35F31658BECC020 Ref B: FRAEDGE0918 Ref C: 2022-04-04T15:23:34Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-lor1
x-li-proto: http/2
content-length: 0
x-li-uuid: AAXb1bYsIExpEXf7XRp5Aw==

Redirect headers

Location: https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=L1KV40W6-1J-GFAK
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: de8527bfa1ccfd6c1590da0d3b6cff52
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H2 200 rubicon
match.adsrvr.org/track/cmf/ Frame 915A 70 B
264 B 41ms
39ms Image
image/gif 15.197.193.217
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/rubicon
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 15.197.193.217 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a12b7a488abeaa9e4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 15:23:34 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H2

204

v1
ads.yahoo.com/cms/ Frame 915A
Redirect Chain

https://token.rubiconproject.com/token?pid=26594
https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=L1KV40W6-1J-GFAK&sigv=1&esig=2~aa44ccb19153c7c9be89c1d2f372fe98ef1f98a3

0
194 B

73ms
18ms

Image
text/plain

2a00:1288:80:807::1
YAHOO-DEB

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=L1KV40W6-1J-GFAK&sigv=1&esig=2~aa44ccb19153c7c9be89c1d2f372fe98ef1f98a3

Protocol

Server

2a00:1288:80:807::1 , United Kingdom, ASN203220 (YAHOO-DEB, GB),

Reverse DNS

Software

ATS /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:23:34 GMT
cache-control: no-store
x-content-type-options: nosniff
server: ATS
strict-transport-security: max-age=15552000
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-xss-protection: 1; mode=block

Redirect headers

Location: https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=L1KV40W6-1J-GFAK&sigv=1&esig=2~aa44ccb19153c7c9be89c1d2f372fe98ef1f98a3
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: de8527bfa1ccfd6c1590da0d3b6cff52
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H/1.1

204
No Content

tap.php
pixel.rubiconproject.com/ Frame 915A
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc
https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEEHUZ1hbN72gAKeuJaMHImE&google_cver=1

0
239 B

81ms
20ms

Image
image/gif

69.173.144.139
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEEHUZ1hbN72gAKeuJaMHImE&google_cver=1
Protocol: HTTP/1.1
Server: 69.173.144.139 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: 78e3bdce5107450057bade54d54a0a7e
Content-Type: image/gif

Redirect headers

pragma: no-cache
date: Mon, 04 Apr 2022 15:23:34 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEEHUZ1hbN72gAKeuJaMHImE&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 326
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 451 709414.gif
id.rlcdn.com/ Frame 915A 0
0 62ms
25ms Image
text/plain 35.244.174.68
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://id.rlcdn.com/709414.gif
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 68.174.244.35.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

GET
H2

200

usersync
rtb.gumgum.com/ Frame 4328
Redirect Chain

https://secure.adnxs.com/getuid?https://rtb.gumgum.com/usersync?b=apn&i=$UID
https://rtb.gumgum.com/usersync?b=apn&i=6514661878502015300

35 B
208 B

84ms
44ms

Image
image/gif

52.17.2.116
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.gumgum.com/usersync?b=apn&i=6514661878502015300
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Server: 52.17.2.116 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-17-2-116.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://g2.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 15:23:34 GMT
server: nginx
content-type: image/gif;charset=UTF-8
cache-control: private, no-store, must-revalidate, max-age=0
timing-allow-origin: *
content-length: 35
expires: 0

Redirect headers

Pragma: no-cache
Date: Mon, 04 Apr 2022 15:23:34 GMT
X-Proxy-Origin: 217.114.215.132; 217.114.215.132; 721.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid: e2b269be-4b25-4cb9-82ee-eabd7d47ce33
Server: nginx/1.21.3
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://rtb.gumgum.com/usersync?b=apn&i=6514661878502015300
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

usersync
rtb.gumgum.com/ Frame 4328
Redirect Chain

https://x.bidswitch.net/sync?ssp=gumgum2&user_id=e_1bea6735-db7d-4315-b350-f30157d5ad6a&gdpr=0&gdpr_consent=&us_privacy=1---
https://x.bidswitch.net/ul_cb/sync?ssp=gumgum2&user_id=e_1bea6735-db7d-4315-b350-f30157d5ad6a&gdpr=0&gdpr_consent=&us_privacy=1---
https://c1.adform.net/serving/cookie/match/?party=24&bidswitch_ssp_id=gumgum2
https://x.bidswitch.net/sync?dsp_id=70&user_id=1610214913330412716&ssp=gumgum2
https://rtb.gumgum.com/usersync?b=bsw&i=15890a4f-bb9f-4a45-aeff-f776621a0fce

35 B
208 B

44ms
43ms

Image
image/gif

52.17.2.116
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.gumgum.com/usersync?b=bsw&i=15890a4f-bb9f-4a45-aeff-f776621a0fce
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Server: 52.17.2.116 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-17-2-116.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://g2.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 15:23:34 GMT
server: nginx
content-type: image/gif;charset=UTF-8
cache-control: private, no-store, must-revalidate, max-age=0
timing-allow-origin: *
content-length: 35
expires: 0

Redirect headers

Location: //rtb.gumgum.com/usersync?b=bsw&i=15890a4f-bb9f-4a45-aeff-f776621a0fce
Date: Mon, 04 Apr 2022 15:23:34 GMT
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 0

GET
H2

204

um
cs.emxdgt.com/ Frame 4328
Redirect Chain

https://sync.outbrain.com/redirectObuid?platformId=GUMGU18H7EL9NI653I7DPEH51&gdpr=0&gdprConsent=&platformRdUrl=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dobn%26i%3D%7BOB_UID%7D%26r%3D%7BobRdUrl%7D
https://rtb.gumgum.com/usersync?b=obn&i=ENC%28hgMJHrnitVluyEbAFYEj1epiaxRkuPiKRkR3Vf-fMg7vMz6uPo3y5iuuWY1mR5k0%29&r=https%3A%2F%2Fsync.outbrain.com%2FsyncUser%3FplatformId%3D%7Bplatform_id%7D%26pla...
https://sync.outbrain.com/syncUser?platformId=GUMGU18H7EL9NI653I7DPEH51&platformUid=e_1bea6735-db7d-4315-b350-f30157d5ad6a&obuid=ENC(hgMJHrnitVluyEbAFYEj1epiaxRkuPiKRkR3Vf-fMg7vMz6uPo3y5iuuWY1mR5k0)
https://sync.outbrain.com/syncPartner?platformId=GUMGU18H7EL9NI653I7DPEH51
https://cs.emxdgt.com/um?gdpr=$GDPR_APPLIES&gdpr_consent=$CONSNT_STRING&redirect=https%3A%2F%2Fsync.outbrain.com%2Fcookie-sync%3Fp%3Demx%26uid%3D%24UID%26obUid%3DhgMJHrnitVluyEbAFYEj1epiaxRkuPiKRkR...

0
45 B

29ms
28ms

Image
text/html

18.195.155.181
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cs.emxdgt.com/um?gdpr=$GDPR_APPLIES&gdpr_consent=$CONSNT_STRING&redirect=https%3A%2F%2Fsync.outbrain.com%2Fcookie-sync%3Fp%3Demx%26uid%3D%24UID%26obUid%3DhgMJHrnitVluyEbAFYEj1epiaxRkuPiKRkR3Vf-fMg7vMz6uPo3y5iuuWY1mR5k0%0A
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Server: 18.195.155.181 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-155-181.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://g2.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:23:35 GMT
content-length: 0
content-type: text/html

Redirect headers

Location: https://cs.emxdgt.com/um?gdpr=$GDPR_APPLIES&gdpr_consent=$CONSNT_STRING&redirect=https%3A%2F%2Fsync.outbrain.com%2Fcookie-sync%3Fp%3Demx%26uid%3D%24UID%26obUid%3DhgMJHrnitVluyEbAFYEj1epiaxRkuPiKRkR3Vf-fMg7vMz6uPo3y5iuuWY1mR5k0%0A
Date: Mon, 04 Apr 2022 15:23:35 GMT
X-TraceId: b4dee07b95aa1f9c88ab833f3526475c
Content-Length: 0

GET
H2

200

usersync
rtb.gumgum.com/ Frame 4328
Redirect Chain

https://us-u.openx.net/w/1.0/cm?_={CACHEBUSTER}&id=47f31213-389c-4904-aaa6-9b11aab9c211&gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dopx%26i%3D
https://rtb.gumgum.com/usersync?b=opx&i=98b8b8f7-086d-45ba-a76a-187a8465940b

35 B
208 B

152ms
74ms

Image
image/gif

52.17.2.116
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.gumgum.com/usersync?b=opx&i=98b8b8f7-086d-45ba-a76a-187a8465940b
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Server: 52.17.2.116 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-17-2-116.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://g2.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 15:23:34 GMT
server: nginx
content-type: image/gif;charset=UTF-8
cache-control: private, no-store, must-revalidate, max-age=0
timing-allow-origin: *
content-length: 35
expires: 0

Redirect headers

date: Mon, 04 Apr 2022 15:23:34 GMT
content-encoding: gzip
server: OXGW/18.0.0
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://rtb.gumgum.com/usersync?b=opx&i=98b8b8f7-086d-45ba-a76a-187a8465940b
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
via: 1.1 google

GET
H2

200

usersync
rtb.gumgum.com/ Frame 4328
Redirect Chain

https://sync.srv.stackadapt.com/sync?nid=1&gdpr=0&gdpr_consent=
https://rtb.gumgum.com/usersync?b=sta&i=0-ba410093-0c40-4952-5006-10dbbeed70d7$ip$217.114.215.132

35 B
209 B

60ms
44ms

Image
image/gif

52.17.2.116
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.gumgum.com/usersync?b=sta&i=0-ba410093-0c40-4952-5006-10dbbeed70d7$ip$217.114.215.132
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Server: 52.17.2.116 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-17-2-116.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://g2.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 15:23:34 GMT
server: nginx
content-type: image/gif;charset=UTF-8
cache-control: private, no-store, must-revalidate, max-age=0
timing-allow-origin: *
content-length: 35
expires: 0

Redirect headers

Location: https://rtb.gumgum.com/usersync?b=sta&i=0-ba410093-0c40-4952-5006-10dbbeed70d7$ip$217.114.215.132
Date: Mon, 04 Apr 2022 15:23:34 GMT
Connection: keep-alive
Content-Length: 124
Content-Type: text/html; charset=utf-8

GET
H2

200

usersync
rtb.gumgum.com/ Frame 4328
Redirect Chain

https://pr-bh.ybp.yahoo.com/sync/gumgum?gdpr=0&gdpr_consent=
https://rtb.gumgum.com/usersync?b=oth&i=y-C3RWuT5E2pf_4_5pwwZyK64E3KlbFof7XE84~A

35 B
208 B

133ms
73ms

Image
image/gif

52.17.2.116
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.gumgum.com/usersync?b=oth&i=y-C3RWuT5E2pf_4_5pwwZyK64E3KlbFof7XE84~A
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Server: 52.17.2.116 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-17-2-116.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://g2.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 15:23:34 GMT
server: nginx
content-type: image/gif;charset=UTF-8
cache-control: private, no-store, must-revalidate, max-age=0
timing-allow-origin: *
content-length: 35
expires: 0

Redirect headers

date: Mon, 04 Apr 2022 15:23:34 GMT
referrer-policy: strict-origin-when-cross-origin
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=31536000
location: https://rtb.gumgum.com/usersync?b=oth&i=y-C3RWuT5E2pf_4_5pwwZyK64E3KlbFof7XE84~A
x-xss-protection: 1; mode=block
content-length: 0
x-content-type-options: nosniff

GET
H2

200

usersync
rtb.gumgum.com/ Frame 4328
Redirect Chain

https://sync.ipredictive.com/d/sync/cookie/generic?partner=gumgum&cspid=9&append=1&cb=${ADELPHIC_CACHE_BUSTER}&gdpr=0&gdpr_consent=&us_privacy=1---&redirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%...
https://rtb.gumgum.com/usersync?b=vnt&i=3163a4f0-b42b-11ec-9fec-dbd44b831426

35 B
208 B

45ms
44ms

Image
image/gif

52.17.2.116
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.gumgum.com/usersync?b=vnt&i=3163a4f0-b42b-11ec-9fec-dbd44b831426
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Server: 52.17.2.116 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-17-2-116.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://g2.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 15:23:34 GMT
server: nginx
content-type: image/gif;charset=UTF-8
cache-control: private, no-store, must-revalidate, max-age=0
timing-allow-origin: *
content-length: 35
expires: 0

Redirect headers

Location: https://rtb.gumgum.com/usersync?b=vnt&i=3163a4f0-b42b-11ec-9fec-dbd44b831426
Date: Mon, 04 Apr 2022 15:23:34 GMT
Server: Apache-Coyote/1.1
Connection: keep-alive
Content-Length: 0
X-CI-RTID: 3163a4f1-b42b-11ec-9fec-dbd44b831426

GET
H2 204 services
sync.technoratimedia.com/ Frame 4328 0
293 B 374ms
115ms Image
text/plain 129.159.70.95
ORACLE-BMC-31898

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.technoratimedia.com/services?srv=cs&pid=65&us_privacy=1---&cb=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dsnc%26i%3D%5BUSER_ID%5D
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 129.159.70.95 Ashburn, United States, ASN31898 (ORACLE-BMC-31898, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://g2.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:23:34 GMT
via: 1.1 varnish
server: nginx
age: 0
access-control-allow-methods: POST,GET,HEAD,OPTIONS
x-varnish: 355638731
access-control-allow-origin: https://g2.gumgum.com/
access-control-allow-credentials: true

GET
H2 200 142
match.deepintent.com/usersync/ Frame 4328 0
44 B 345ms
111ms Image
text/plain 169.197.150.7
DEEPINTENT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.deepintent.com/usersync/142
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 169.197.150.7 , United States, ASN398989 (DEEPINTENT, US),
Reverse DNS: g.deepintent.com
Software: a /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://g2.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:23:33 GMT
content-length: 0
server: a

GET
H2

200

usersync
rtb.gumgum.com/ Frame 4328
Redirect Chain

https://b1sync.zemanta.com/usersync/gumgum/?puid=e_1bea6735-db7d-4315-b350-f30157d5ad6a&gdpr=0&gdpr_consent=&us_privacy=1---
https://stags.bluekai.com/site/23178?id=uK08ugMwTq4CJva-tS_m&redir=https%3A%2F%2Fb1sync.zemanta.com%2Fusersync%2Fbluekai%2Fcallback%2F%3Fd%3DNB2HI4DTHIXS64TUMIXGO5LNM52W2LTDN5WS65LTMVZHG6LOMM7WEPL2...
https://b1sync.zemanta.com/usersync/bluekai/callback/?d=NB2HI4DTHIXS64TUMIXGO5LNM52W2LTDN5WS65LTMVZHG6LOMM7WEPL2MVWSMZLYMNUGC3THMU6WO5LNM52W2JTHMRYHEPJQEZUT25KLGA4HKZ2NO5KHCNCDJJ3GCLLUKNPW2JTVONPXA...
https://rtb.gumgum.com/usersync?b=zem&gdpr=0&i=uK08ugMwTq4CJva-tS_m&us_privacy=1---

35 B
208 B

44ms
44ms

Image
image/gif

52.17.2.116
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.gumgum.com/usersync?b=zem&gdpr=0&i=uK08ugMwTq4CJva-tS_m&us_privacy=1---
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Server: 52.17.2.116 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-17-2-116.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://g2.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 15:23:34 GMT
server: nginx
content-type: image/gif;charset=UTF-8
cache-control: private, no-store, must-revalidate, max-age=0
timing-allow-origin: *
content-length: 35
expires: 0

Redirect headers

Pragma: no-cache
Date: Mon, 04 Apr 2022 15:23:34 GMT
P3p: CP="We do not support P3P header."
Location: https://rtb.gumgum.com/usersync?b=zem&gdpr=0&i=uK08ugMwTq4CJva-tS_m&us_privacy=1---
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=utf-8
Content-Length: 118
Expires: Thu, 01 Dec 1994 16:00:00 GMT

GET
H/1.1

200
OK

usersync
usersync.gumgum.com/ Frame 4328
Redirect Chain

https://ad.360yield.com/server_match?partner_id=N&r=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Didi%26i%3D%7BPUB_USER_ID%7D
https://usersync.gumgum.com/usersync?b=idi&i=b5235344-2801-4be6-831c-ac1c698528b6

35 B
296 B

205ms
47ms

Image
image/gif

34.241.76.6
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://usersync.gumgum.com/usersync?b=idi&i=b5235344-2801-4be6-831c-ac1c698528b6
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: HTTP/1.1
Server: 34.241.76.6 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-241-76-6.eu-west-1.compute.amazonaws.com
Software: envoy /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://g2.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 15:23:33 GMT
server: envoy
content-type: image/gif
cache-control: private, no-store, must-revalidate, max-age=0
x-envoy-upstream-service-time: 5
x-region: ireland
content-length: 35
expires: 0

Redirect headers

location: https://usersync.gumgum.com/usersync?b=idi&i=b5235344-2801-4be6-831c-ac1c698528b6
date: Mon, 04 Apr 2022 15:23:34 GMT
access-control-allow-origin: *
content-type: text/plain
content-length: 0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

GET

floor6
sync.1rx.io/usersync2/ Frame 4328
Redirect Chain

https://sync.1rx.io/usersync2/floor6&gdpr=0&gdpr_consent=
https://sync.1rx.io/usersync2/floor6?zcc=1&cb=1649085814362

0
0

GET
H2

200

usersync
rtb.gumgum.com/ Frame 4328
Redirect Chain

https://bh.contextweb.com/bh/rtset?pid=558355&ev=1&rurl=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dpln%26i%3D%25%25VGUID%25%25
https://rtb.gumgum.com/usersync?b=pln&i=2GYb886yGFWr&ev=1&pid=558355

35 B
208 B

44ms
44ms

Image
image/gif

52.17.2.116
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.gumgum.com/usersync?b=pln&i=2GYb886yGFWr&ev=1&pid=558355
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Server: 52.17.2.116 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-17-2-116.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://g2.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 15:23:34 GMT
server: nginx
content-type: image/gif;charset=UTF-8
cache-control: private, no-store, must-revalidate, max-age=0
timing-allow-origin: *
content-length: 35
expires: 0

Redirect headers

strict-transport-security: max-age=15768000
server: Jetty(9.4.14.v20181114)
p3p: policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
content-language: de-DE
location: https://rtb.gumgum.com/usersync?b=pln&i=2GYb886yGFWr&ev=1&pid=558355
cache-control: private, max-age=0, no-cache, no-store
cw-server: bh-deployment-7597cd5c75-29gdj
expires: -1

GET
H/1.1 200
OK sync
ssbsync.smartadserver.com/api/ Frame 4328 0
75 B 32ms
29ms Image
text/plain 185.86.139.93
SMARTADSERVER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ssbsync.smartadserver.com/api/sync?callerId=15
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.139.93 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://g2.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:23:33 GMT
content-length: 0

GET
H2 200 sync
ads.servenobid.com/ Frame 4328 0
358 B 50ms
45ms Image
image/avif 79.125.2.154
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.servenobid.com/sync?pid=309&uid=e_1bea6735-db7d-4315-b350-f30157d5ad6a
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 79.125.2.154 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-79-125-2-154.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://g2.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:23:34 GMT
amp-access-control-allow-source-origin: *
content-type: image/avif;charset=ISO-8859-1
access-control-allow-origin: *
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 0

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame AB9C 42 B
64 B 52ms
51ms Fetch
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuEamFmySZ3Ik92RBgU08KW4ATL_edQq-uC92fNuO7PtJJ1YCjKR1jFg9xLWPDHYBZ9ozdWaBMZeN-_rNLASr3NbZVHh3F6&sig=Cg0ArKJSzOBqDPrMuOdJEAE&id=lidar2&mcvt=1008&p=0,0,90,728&mtos=1008,1008,1008,1008,1008&tos=1008,0,0,0,0&v=20220330&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=34&adk=3037181502&rs=6&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0%3D&vs=4&r=v&rst=1649085812794&rpt=478&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ad.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 15:23:34 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame C305 42 B
64 B 52ms
52ms Fetch
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvRsqaOFIewsdleFk_hAdn-QKvgi7ZanpnTrOiXvFirSouH3xWo1DX_kVUfu5y3hYoBMwzCVZo-9PFMgSyV6Z3LT5v7jfX5&sig=Cg0ArKJSzG4c8_ix-yjTEAE&id=lidar2&mcvt=1009&p=0,0,250,300&mtos=1009,1009,1009,1009,1009&tos=1009,0,0,0,0&v=20220330&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=34&adk=2004672148&rs=6&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0%3D&vs=4&r=v&rst=1649085812824&rpt=473&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ad.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 15:23:34 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame B82E 32 KB
10 KB 21ms
19ms Script
text/html 104.89.20.125
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=17632&endpoint=us-east
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.89.20.125 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-89-20-125.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: b7781f6fa62c80c336671d895754a77ce8d0f5e9fe30e0b1f40d08c66261408b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/usync.html?p=17632&endpoint=us-east
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date: Mon, 04 Apr 2022 15:23:34 GMT
Content-Encoding: gzip
Last-Modified: Wed, 02 Mar 2022 16:28:01 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=20376
Connection: keep-alive
Content-Type: text/html; charset=UTF-8
Content-Length: 9541
Expires: Mon, 04 Apr 2022 21:03:10 GMT

GET
H2

200

usersync Show response
rtb.gumgum.com/ Frame 8452
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=71&gdpr=0&gdpr_consent=&redir=https%3a%2f%2frtb.gumgum.com%2fusersync%3fb%3dmmh%26i%3d%5bMM_UUID%5d
https://rtb.gumgum.com/usersync?b=mmh&i=3039624b-0d74-4700-b428-ff9fe7626b72&gdpr=0&gdpr_consent=

35 B
208 B

132ms
45ms

Document
image/gif

52.17.2.116
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb.gumgum.com/usersync?b=mmh&i=3039624b-0d74-4700-b428-ff9fe7626b72&gdpr=0&gdpr_consent=
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.17.2.116 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-17-2-116.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://g2.gumgum.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

cache-control: private, no-store, must-revalidate, max-age=0
content-length: 35
content-type: image/gif;charset=UTF-8
date: Mon, 04 Apr 2022 15:23:34 GMT
expires: 0
pragma: no-cache
server: nginx
timing-allow-origin: *

Redirect headers

Access-Control-Allow-Origin: *
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 0
Content-Type: image/gif
Date: Mon, 04 Apr 2022 15:23:34 GMT
Expires: Mon, 04 Apr 2022 15:23:33 GMT
Keep-Alive: timeout=360
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Server: MT3 4320 2f2dfe5 master cdg-pixel-x9 config:1.0.0
location: https://rtb.gumgum.com/usersync?b=mmh&i=3039624b-0d74-4700-b428-ff9fe7626b72&gdpr=0&gdpr_consent=

GET
H/1.1

200
OK

usersync Show response
usersync.gumgum.com/ Frame 79E8
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/URnmbSKM?redir=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Datm%26i%3D%24%7BTM_USER_ID%7D&gdpr=0&gdpr_consent=
https://usersync.gumgum.com/usersync?b=atm&i=YksNbwAAAK5spAP0&gdpr=0&gdpr_consent=

35 B
296 B

183ms
45ms

Document
image/gif

34.241.76.6
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://usersync.gumgum.com/usersync?b=atm&i=YksNbwAAAK5spAP0&gdpr=0&gdpr_consent=
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.241.76.6 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-241-76-6.eu-west-1.compute.amazonaws.com
Software: envoy /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://g2.gumgum.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

cache-control: private, no-store, must-revalidate, max-age=0
content-length: 35
content-type: image/gif
date: Mon, 04 Apr 2022 15:23:33 GMT
expires: 0
pragma: no-cache
server: envoy
x-envoy-upstream-service-time: 5
x-region: ireland

Redirect headers

accept-ranges: bytes
cache-control: no-cache
content-length: 0
date: Mon, 04 Apr 2022 15:23:34 GMT
location: https://usersync.gumgum.com/usersync?b=atm&i=YksNbwAAAK5spAP0&gdpr=0&gdpr_consent=
pragma: no-cache
retry-after: 0
server: Varnish
via: 1.1 varnish
x-cache: HIT
x-cache-hits: 0
x-served-by: cache-hhn4057-HHN
x-timer: S1649085814.381850,VS0,VE0

GET
H3 200 pixel Show response
cm.g.doubleclick.net/ Frame 82FB 170 B
188 B 29ms
27ms Document
image/png 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=gumgum_dbm&google_hm=ZV8xYmVhNjczNS1kYjdkLTQzMTUtYjM1MC1mMzAxNTdkNWFkNmE=&gdpr=0&gdpr_consent=

Requested by

Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://g2.gumgum.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: no-cache, must-revalidate
content-length: 170
content-type: image/png
cross-origin-resource-policy: cross-origin
date: Mon, 04 Apr 2022 15:23:34 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
server: HTTP server (unknown)
x-xss-protection: 0

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame 3BD5 15 KB
6 KB 37ms
34ms Document
text/html 2.20.85.92
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=0&gdprConsent=
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.20.85.92 Milan, Italy, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-20-85-92.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://g2.gumgum.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

accept-ranges: bytes
cache-control: max-age=37972
content-encoding: gzip
content-length: 5549
content-type: text/html; charset=UTF-8
date: Mon, 04 Apr 2022 15:23:34 GMT
etag: "1300708-3de4-5d6ef246ef4cf"
expires: Tue, 05 Apr 2022 01:56:26 GMT
last-modified: Tue, 01 Feb 2022 06:38:00 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: Apache/2.2.15 (CentOS)
vary: Accept-Encoding

GET
H2

200

usersync Show response
rtb.gumgum.com/ Frame EF20
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=gumgum&ttd_tpi=1&gdpr=0&gdpr_consent=
https://rtb.gumgum.com/usersync?b=ttd&i=6766d44e-e80f-4f86-93fa-4ff419910582&t=1651677814

35 B
208 B

147ms
73ms

Document
image/gif

52.17.2.116
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb.gumgum.com/usersync?b=ttd&i=6766d44e-e80f-4f86-93fa-4ff419910582&t=1651677814
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.17.2.116 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-17-2-116.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://g2.gumgum.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

cache-control: private, no-store, must-revalidate, max-age=0
content-length: 35
content-type: image/gif;charset=UTF-8
date: Mon, 04 Apr 2022 15:23:34 GMT
expires: 0
pragma: no-cache
server: nginx
timing-allow-origin: *

Redirect headers

cache-control: private,no-cache, must-revalidate
content-length: 209
content-type: text/html
date: Mon, 04 Apr 2022 15:23:34 GMT
location: https://rtb.gumgum.com/usersync?b=ttd&i=6766d44e-e80f-4f86-93fa-4ff419910582&t=1651677814
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
pragma: no-cache
x-aspnet-version: 4.0.30319

GET
H/1.1

200
OK

usync.html Show response
eus.rubiconproject.com/ Frame F4CF
Redirect Chain

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=gumgum
https://eus.rubiconproject.com/usync.html?p=gumgum

281 B
554 B

16ms
16ms

Document
text/html

104.89.20.125
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html?p=gumgum
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.89.20.125 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-89-20-125.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://g2.gumgum.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Accept-Ranges: bytes
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Mon, 04 Apr 2022 15:23:34 GMT
ETag: "40014-119-5d32342a551c0"
Last-Modified: Tue, 14 Dec 2021 23:07:59 GMT
Server: Apache/2.2.15 (CentOS)
Vary: Accept-Encoding

Redirect headers

access-control-allow-credentials: true
access-control-allow-origin: *
content-length: 0
date: Mon, 04 Apr 2022 15:23:34 GMT
location: https://eus.rubiconproject.com/usync.html?p=gumgum
server: AkamaiGHost

GET
H/1.1

200
OK

usersync Show response
usersync.gumgum.com/ Frame D60D
Redirect Chain

https://cs.emxdgt.com/um?redirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Demx%26i%3D%24UID&gdpr=0&gdpr_consent=
https://ib.adnxs.com/getuid?https://cs.emxdgt.com/umcheck?apnxid=$UID&redirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Demx%26i%3D%24EMXUID
https://cs.emxdgt.com/umcheck?apnxid=6514661878502015300&redirect=https://usersync.gumgum.com/usersync?b=emx&i=$EMXUID
https://usersync.gumgum.com/usersync?b=emx&uid=6514661878502015300brt18711649085814339617f1

35 B
296 B

141ms
41ms

Document
image/gif

34.241.76.6
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://usersync.gumgum.com/usersync?b=emx&uid=6514661878502015300brt18711649085814339617f1
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.241.76.6 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-241-76-6.eu-west-1.compute.amazonaws.com
Software: envoy /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://g2.gumgum.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

cache-control: private, no-store, must-revalidate, max-age=0
content-length: 35
content-type: image/gif
date: Mon, 04 Apr 2022 15:23:33 GMT
expires: 0
pragma: no-cache
server: envoy
x-envoy-upstream-service-time: 0
x-region: ireland

Redirect headers

content-length: 0
content-type: text/html
date: Mon, 04 Apr 2022 15:23:34 GMT
location: https://usersync.gumgum.com/usersync?b=emx&uid=6514661878502015300brt18711649085814339617f1

GET
H2

200

usersync Show response
rtb.gumgum.com/ Frame 895C
Redirect Chain

https://tg.socdm.com/aux/idsync?proto=gumgum
https://rtb.gumgum.com/usersync?b=sus&i=YksNdsCo5tAAAMJwevEAAAAA

35 B
208 B

45ms
44ms

Document
image/gif

52.17.2.116
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb.gumgum.com/usersync?b=sus&i=YksNdsCo5tAAAMJwevEAAAAA
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.17.2.116 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-17-2-116.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://g2.gumgum.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

cache-control: private, no-store, must-revalidate, max-age=0
content-length: 35
content-type: image/gif;charset=UTF-8
date: Mon, 04 Apr 2022 15:23:35 GMT
expires: 0
pragma: no-cache
server: nginx
timing-allow-origin: *

Redirect headers

Cache-Control: private
Connection: keep-alive
Content-Length: 0
Date: Mon, 04 Apr 2022 15:23:34 GMT
Location: https://rtb.gumgum.com/usersync?b=sus&i=YksNdsCo5tAAAMJwevEAAAAA
P3P: CP="See also http://www.scaleout.jp/privacy/"
Server: nginx
X-SO-Ads-Time: 3
X-SO-Cluster-ID: 38
X-SO-HostName: m-ad151.dc4p.scaleout.jp
X-SO-IP: 217.114.215.132
X-SO-Key: YksNdsCo5tAAAMJwevEAAAAA
X-SO-LB-Data: {"ban":false,"clean_query":"\/aux\/idsync?proto=gumgum","cluster_id":38,"gdpr":true,"ipv4":"0.0.0.0","key":"YksNdsCo5tAAAMJwevEAAAAA","privacy_sensitive":true,"uid":"","upstream_id":"m-ad151"}
X-SO-LB-Hostname: a-tgng40012.dc2p.scaleout.jp
X-SO-Upstream-ID: m-ad151

GET
H2

200

usersync Show response
rtb.gumgum.com/ Frame 5072
Redirect Chain

https://creativecdn.com/cm-notify?pi=gumgum
https://creativecdn.com/cm-notify?pi=gumgum&tc=1
https://rtb.gumgum.com/usersync?b=rth&i=E9H03ZLi7ugWcW0gJcGL&pi=gumgum&tc=1

35 B
208 B

59ms
45ms

Document
image/gif

52.17.2.116
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb.gumgum.com/usersync?b=rth&i=E9H03ZLi7ugWcW0gJcGL&pi=gumgum&tc=1
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.17.2.116 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-17-2-116.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://g2.gumgum.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

cache-control: private, no-store, must-revalidate, max-age=0
content-length: 35
content-type: image/gif;charset=UTF-8
date: Mon, 04 Apr 2022 15:23:34 GMT
expires: 0
pragma: no-cache
server: nginx
timing-allow-origin: *

Redirect headers

cache-control: no-cache, no-store, must-revalidate, private, max-age=0
content-length: 0
date: Mon, 04 Apr 2022 15:23:34 GMT Mon, 04 Apr 2022 15:23:34 GMT
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://rtb.gumgum.com/usersync?b=rth&i=E9H03ZLi7ugWcW0gJcGL&pi=gumgum&tc=1
pragma: no-cache

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame F4CF 32 KB
10 KB 18ms
18ms Script
text/html 104.89.20.125
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=gumgum
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.89.20.125 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-89-20-125.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: b7781f6fa62c80c336671d895754a77ce8d0f5e9fe30e0b1f40d08c66261408b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/usync.html?p=gumgum
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date: Mon, 04 Apr 2022 15:23:34 GMT
Content-Encoding: gzip
Last-Modified: Wed, 02 Mar 2022 16:28:01 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=20376
Connection: keep-alive
Content-Type: text/html; charset=UTF-8
Content-Length: 9541
Expires: Mon, 04 Apr 2022 21:03:10 GMT

GET
H/1.1 204
No Content sync.php
pixel-us-east.rubiconproject.com/exchange/ Frame B82E 0
239 B 490ms
109ms Image
image/gif 69.173.151.100
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel-us-east.rubiconproject.com/exchange/sync.php?p=17632&khaos=L1KV40W6-1J-GFAK
Requested by: Host: serverbid-sync.nyc3.cdn.digitaloceanspaces.com
URL: https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/2000891.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 69.173.151.100 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: 4f2e9ddc15e6cc2c3861f8e2683d2514
Content-Type: image/gif

GET
H2 200 sync
ads.servenobid.com/ Frame 61A7 0
343 B 43ms
38ms Image
image/avif 79.125.2.154
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.servenobid.com/sync?pid=317&uid=6022361112205237142&gdpr=0&gdpr_consent=
Requested by: Host: ssbsync.smartadserver.com
URL: https://ssbsync.smartadserver.com/api/sync?callerId=9&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D317%26uid%3D%24UID
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 79.125.2.154 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-79-125-2-154.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssbsync.smartadserver.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:23:34 GMT
amp-access-control-allow-source-origin: *
content-type: image/avif;charset=ISO-8859-1
access-control-allow-origin: *
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 0

GET
H/1.1

200
OK

/
rtb-csync.smartadserver.com/redir/ Frame 61A7
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=smart-adserver&ttd_tpi=1&gdpr=0&gdpr_consent=
https://rtb-csync.smartadserver.com/redir/?partnerid=75&issi=1&partneruserid=6766d44e-e80f-4f86-93fa-4ff419910582&gdpr=1&gdpr_consent=

43 B
163 B

80ms
27ms

Image
image/gif

185.86.139.115
SMARTADSERVER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb-csync.smartadserver.com/redir/?partnerid=75&issi=1&partneruserid=6766d44e-e80f-4f86-93fa-4ff419910582&gdpr=1&gdpr_consent=
Requested by: Host: ssbsync.smartadserver.com
URL: https://ssbsync.smartadserver.com/api/sync?callerId=9&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D317%26uid%3D%24UID
Protocol: HTTP/1.1
Server: 185.86.139.115 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssbsync.smartadserver.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:23:34 GMT
transfer-encoding: chunked
content-type: image/gif

Redirect headers

pragma: no-cache
date: Mon, 04 Apr 2022 15:23:34 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://rtb-csync.smartadserver.com/redir/?partnerid=75&issi=1&partneruserid=6766d44e-e80f-4f86-93fa-4ff419910582&gdpr=1&gdpr_consent=
cache-control: private,no-cache, must-revalidate
content-type: text/html
content-length: 299

GET
H/1.1

200
OK

/
rtb-csync.smartadserver.com/redir/ Frame 61A7
Redirect Chain

https://secure.adnxs.com/getuid?https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D86%26partneruserid%3D$UID&gdpr=0&gdpr_consent=
https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=86&partneruserid=6514661878502015300&gdpr=0&gdpr_consent=

43 B
408 B

82ms
28ms

Image
image/gif

185.86.139.115
SMARTADSERVER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=86&partneruserid=6514661878502015300&gdpr=0&gdpr_consent=
Requested by: Host: ssbsync.smartadserver.com
URL: https://ssbsync.smartadserver.com/api/sync?callerId=9&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D317%26uid%3D%24UID
Protocol: HTTP/1.1
Server: 185.86.139.115 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssbsync.smartadserver.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 15:23:34 GMT
cache-control: no-cache,no-store
content-type: image/gif
transfer-encoding: chunked
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"

Redirect headers

Pragma: no-cache
Date: Mon, 04 Apr 2022 15:23:34 GMT
X-Proxy-Origin: 217.114.215.132; 217.114.215.132; 721.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid: 9cce8125-2cea-431e-8c18-2bb247b234d4
Server: nginx/1.21.3
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=86&partneruserid=6514661878502015300&gdpr=0&gdpr_consent=
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

/
rtb-csync.smartadserver.com/redir/ Frame 61A7
Redirect Chain

https://sync.1rx.io/usersync2/smartadserver?gdpr=0&gdpr_consent=
https://sync.1rx.io/usersync2/smartadserver?zcc=1&cb=1649085814529
https://rtb-csync.smartadserver.com/redir/?partnerid=113&partneruserid=OPTOUT

43 B
163 B

49ms
27ms

Image
image/gif

185.86.139.115
SMARTADSERVER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb-csync.smartadserver.com/redir/?partnerid=113&partneruserid=OPTOUT
Requested by: Host: ssbsync.smartadserver.com
URL: https://ssbsync.smartadserver.com/api/sync?callerId=9&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D317%26uid%3D%24UID
Protocol: HTTP/1.1
Server: 185.86.139.115 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssbsync.smartadserver.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:23:33 GMT
transfer-encoding: chunked
content-type: image/gif

Redirect headers

pragma: no-cache
date: Mon, 04 Apr 2022 15:23:34 GMT
server: Tengine
etag: OPTOUT
content-type: text/html
location: https://rtb-csync.smartadserver.com/redir/?partnerid=113&partneruserid=OPTOUT
cache-control: no-store, no-cache, must-revalidate
expires: 0

GET
H/1.1

200
OK

dcm
s.amazon-adsystem.com/ Frame 61A7
Redirect Chain

https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=135&partneruserid=TAM_OK&redirurl=https%3A%2F%2Fs.amazon-adsystem.com%2Fdcm%3Fpid%3D72348060-38ad-4586-8e4f-f1e2a8e789b3%26id%3DSMART_USE...
https://s.amazon-adsystem.com/dcm?pid=72348060-38ad-4586-8e4f-f1e2a8e789b3&id=6022361112205237142&gdpr=0&gdpr_consent=

43 B
932 B

117ms
117ms

Image
image/gif

209.54.180.144
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/dcm?pid=72348060-38ad-4586-8e4f-f1e2a8e789b3&id=6022361112205237142&gdpr=0&gdpr_consent=

Requested by

Host: ssbsync.smartadserver.com
URL: https://ssbsync.smartadserver.com/api/sync?callerId=9&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D317%26uid%3D%24UID

Protocol

HTTP/1.1

Server

209.54.180.144 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssbsync.smartadserver.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 04 Apr 2022 15:23:34 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: PA465JZ0K7693RB5PQBS
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

location: https://s.amazon-adsystem.com/dcm?pid=72348060-38ad-4586-8e4f-f1e2a8e789b3&id=6022361112205237142&gdpr=0&gdpr_consent=
pragma: no-cache
date: Mon, 04 Apr 2022 15:23:34 GMT
cache-control: no-cache,no-store
content-length: 0
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"

POST
H/1.1 200
OK st Show response
capi-tier-2-us-east-2.connatix.com/tr/ Frame FAC5 0
315 B 109ms
109ms XHR
application/x-protobuf 3.14.222.76
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://capi-tier-2-us-east-2.connatix.com/tr/st?v=157383
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.14.222.76 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-14-222-76.us-east-2.compute.amazonaws.com
Software: Kestrel /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: multipart/form-data

Response headers

date: Mon, 04 Apr 2022 15:23:34 GMT
content-encoding: gzip
server: Kestrel
vary: Accept-Encoding
content-type: application/x-protobuf
access-control-allow-origin: https://threatpost.com
access-control-allow-credentials: true
Connection: keep-alive
Content-Length: 20

GET
H/1.1 204
No Content sync.php
pixel.rubiconproject.com/exchange/ Frame F4CF 0
239 B 21ms
21ms Image
image/gif 69.173.144.139
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/exchange/sync.php?p=gumgum&khaos=L1KV40W6-1J-GFAK
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 69.173.144.139 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: 78e3bdce5107450057bade54d54a0a7e
Content-Type: image/gif

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame 037D 0
747 B 104ms
103ms Script
text/html 185.33.223.38
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.223.38 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

400.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 04 Apr 2022 15:23:34 GMT
X-Proxy-Origin: 217.114.215.132; 217.114.215.132; 400.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid: 088b7456-cfb5-467e-8fc4-11b661003b3b
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 bid Show response
c.amazon-adsystem.com/e/dtb/ 23 B
492 B 57ms
57ms XHR
text/javascript 65.9.62.173
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.62.173 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-62-173.fra56.r.cloudfront.net

Software

Server /

Resource Hash

5d7c7d25a0da74c0dd466120c3c09bd94cb982fc66ebc4a78675339f37323bf5

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 15:23:38 GMT
via: 1.1 cc763905c39a59494c951c09271b0422.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: FRA56-C1
x-amz-rid: BMEQ266EXZ0MRJNN18G9
vary: Accept-Encoding,User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://threatpost.com
access-control-allow-credentials: true
permissions-policy: interest-cohort=()
strict-transport-security: max-age=47474747; includeSubDomains; preload
timing-allow-origin: *
content-length: 23
x-amz-cf-id: h-Y5UoJIBT0xOUZPNZ0sOKxGzFmO8YWyWFQN2h7ejaJqMOSQk_t__g==

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: ads.servenobid.com
URL: https://ads.servenobid.com/adreq?cb=10832

Domain: cm.g.doubleclick.net
URL: https://cm.g.doubleclick.net/pixel?gdpr=0&google_nid=casale_media2_dsp_secure&google_cm&google_hm=YksNct4UTVn3MBHk14kPKAAA

Domain: cm.g.doubleclick.net
URL: https://cm.g.doubleclick.net/pixel?gdpr=0&google_nid=casale_media2_dsp_secure&google_cm&google_hm=YksNct4UTVn3MBHk14kPKAAA

Domain: cm.g.doubleclick.net
URL: https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=NDNlYWNmNGQtZTkwZi0yMzQ4LWQ1ZjEtNTIyZTg2ZDc1YjJk

Domain: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20220330/r20110914/elements/html/omrhp.js

Domain: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20220330/r20110914/abg_lite.js

Domain: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adi/N7171.3054164TW_ORGANIC/B27119434.326276386;dc_ver=85.248;dc_eid=40004000;sz=728x90;u_sd=1;gdpr=0;dc_adk=3037181502;ord=xhg51e;click=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCZ2xNcA1LYoLAK9DugAfQt7zwCo3TqLRp6q_FpsoPv87z_QgQASD5m_GEAWCV4qaCsAfIAQmoAwGqBJgCT9BGSceuREMVWcwQxYcpenxyIUDC__EvH-MFc98Cb6zA7dOefx5gjBtyrFt0-Jd2orNvIJNOnefKaCfbvvVQiWZHj9jyEYqw_XjAy4tFrXQHzAxc9LR6jiEyyX60ghhnp-6ddFutHrkBEDp8LFXXo8YvrIrYdI5TnNroXns_o6R_n5esyfQjIBUlihO7lTw5OXfqPRco0mUIjxiEwiHkhecF8q5JCTx0xtgGw-GbdBNTmYdGVQ5kAgtosyNGBRNJR4l7akNPRJVHF8HH4lEc-z4oKygGm6SFN11l73xUTzg5E-984Romvx7cfaytXplAakB8TcHP_Qqh0CQ-CTUADQYSGDfb2XDviGW8eko2uadbn_CUZtcDaMAE5Oi8uo0E4AQDkAYBoAZNgAegzvb6AqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiIYRABGB2ACgOYCwHICwGADAGwE7iu4Q7QEwDYEwPYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAASJ-RoFvgNbJcoxvsfsAoUoIjVl3Dd7I-hmomqxElX-VcMLspX01JcbQ%26sig%3DAOD64_1f1njkMJ8_CdhANxZovO9Gft20wA%26client%3Dca-pub-4113681882311455%26dbm_c%3DAKAmf-Bb04MlEHYS2AzS-5upnHE7hgCqARHH3Di9GqTH9OPOH-gxDPhwOa8hn2v1LFTmguyFbOTgEda0s-plogMC4NucvvJ_Giy2mYgkc7ntZoS1gw2EblBKkFzNkiuz1KGMRLtc9TF-xsWrAObbjufv_914blFSJw%26cry%3D1%26dbm_d%3DAKAmf-DF-z3fMs-deO4gm4pjceRzoDkQzggITd-lnDvX78OyQtrpD18DAbKxJmfVCXL9EwgiUENvjOJp0bD60TA5szobPKAwH44_S7SIu7L20mUDFmMH5oNCLmB4oXjAlzh-zvUdKg3VbpBHY1DSZhcbv8WHByLg8Z-RuKISX-k_UY6cQc7BDuTfwkPV9cgTi66NypTF5LejFyXC1hAKFXTcUg3JHf5zfUEfTAD3Ik_hDW1rWgZcdzK0QfcRWYqS1AIAdY9ZQRN4rahCSBEKUklhIN0ggdrlW_VVPzT_qZITsrdpG8tv09EzMeajKGt_b9WKggezU9c-aMHITsSKMvIEeH17S2sR-1TZJjjU4BLHe9fQu-jCDk0vXQyn0DVHmPsYKGltIKkCTrTyf-SQzMb4Xzm4zz_Ir2-9AU-x2NW1wOT6wzc4tOdANh1FkN4AuvJw4OAvhbsRoOvdpv35A1rfmCFHmwWIxI1GufibVvwurO-0y-vYNNxsrloTTH1GlfvarrXxq0pvzB6suQxzJyp4Gx2WZUDggJbeON5lq7oqieU3LRS3yE4%26adurl%3D;uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.;dc_rfl=1,https%3A%2F%2Fthreatpost.com%2F$0;xdt=1;crlt=8g4DImoWCr;gcsr=m;sttr=102;prcl=s

Domain: cm.g.doubleclick.net
URL: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YksNct4UTVn3MBHk14kPKAAABKAAAAAB&google_gid=CAESEFjkvGfbgY-IoY230gun_ig&google_cver=1&google_push=AYg5qPIfFTziByOSwvTFvDdJT68kZT9pP8WrqEiemy76MfVTJj6UjvcKMcg4S0ciyxQ3VWpX8_Lku5iZlRJEwSTgkzYMsPqAExc

Domain: cm.g.doubleclick.net
URL: https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=tSNTRCgBS-aDHKwcaYUotg&google_push=AYg5qPJ9B7Zpv4yEly-RqVLprWL_4UmI-J7Oz_SeshWJ9o123DSHuKrNhNZ1L5yuimJhcegsWnN7iVs1AkNeOY3Jtcr8yGLXInk9

Domain: um.wbtrk.net
URL: https://um.wbtrk.net/doubleclick/user/match?google_gid=CAESEL3bsXsr4bZCgtrHvG3nnQI&google_cver=1&google_push=AYg5qPLOSAMGKtnekkzVnSWUztmto1yrNnPXhxt2zdAwwJAKIFmqvy7BTFaRJUQutPPEnT1xBLp9Np_VnMq8Cuprw7ncVr6rA59A

Domain: cm.g.doubleclick.net
URL: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YksNct4UTVn3MBHk14kPKAAABKAAAAAB&google_push=AYg5qPJfVcORVVnsql0PQX8sYkjRZQDRXpom5JYfDer9GleXIFsJSvCddYbHJETAanXnzQg7I12RnHEJoVPZZmEe7hdjFCLZO9ZS&google_cver=1&google_gid=CAESEFjkvGfbgY-IoY230gun_ig

Domain: ads.avads.net
URL: https://ads.avads.net/sync/ggl?google_gid=CAESELuKv_sr6LN9-hQqW4Xy8-A&google_cver=1&google_push=AYg5qPKtngWZIqOUtkT9e_RAFh0mVmyDezW8lzq9XgH_00CWry4rmrb4dWF0f-AVF1oJeFSbZrKbG5NpqeSrNl4-Tz7sZ6eXKU6N

Domain: sync.inmobi.com
URL: https://sync.inmobi.com/gob?google_gid=CAESELzQTW8ExOXHVCPjLUdPSv0&google_cver=1&google_push=AYg5qPIH4fFAPDDsSNRnfjGV59yhbpQkUOReJ4pGRhBaTiN4oZ16oVEJ53oLvrhecpKM9jwpJyUtp0QVRbHtKjsYnxjyXsMokAoukA

Domain: sync.1rx.io
URL: https://sync.1rx.io/usersync2/floor6?zcc=1&cb=1649085814362

Verdicts & Comments Add Verdict or Comment

424 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

120 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.3lift.com/sync	1970-01-20 04:14:21	Name: sync Value: CgoIoQEQ16iyqf8vCgoIgQIQ16iyqf8vCgoI4gEQ16iyqf8vCgoI5gEQ16iyqf8vCgoIhwIQ16iyqf8vCgkICRDXqLKp_y8KCQg6ENeosqn_LwoJCAsQ16iyqf8vCgoIjAIQ16iyqf8vCgkIXxDXqLKp_y8=
i.liadm.com/s	1970-01-20 02:47:57	Name: _li_ss Value: MgkI_____wcQ_BE
.threatpost.com/	1970-01-20 02:04:47	Name: _cs_mk Value: 0.79949758806652_1649085807360
.demdex.net/	1970-01-20 06:23:57	Name: demdex Value: 60126495426056198183468076719881961345
.threatpost.com/	1969-12-31 23:59:59	Name: AMCVS_983502BE532960BE0A490D4C%40AdobeOrg Value: 1
.threatpost.com/	1970-01-20 02:06:12	Name: _gid Value: GA1.2.140132761.1649085808
.threatpost.com/	1970-01-20 02:04:45	Name: _gat_UA-35676203-21 Value: 1
.everesttech.net/	1970-01-20 10:50:21	Name: everest_g_v2 Value: g_surferid~YksNbwAAAK5spAP0
.dpm.demdex.net/	1970-01-20 06:23:57	Name: dpm Value: 60126495426056198183468076719881961345
.adnxs.com/	1970-01-20 04:14:21	Name: icu Value: ChgIzLJhEAoYASABKAEw75qskgY4AUABSAEQ75qskgYYAA..
.adnxs.com/	1970-01-20 04:14:21	Name: uuid2 Value: 6514661878502015300
.rubiconproject.com/	1970-01-20 10:50:21	Name: khaos Value: L1KV40W6-1J-GFAK
.rubiconproject.com/	1970-01-20 10:50:21	Name: audit Value: 1\|hLZGFuTafB03tU6JsKMbdszzH/SUMvpGs1wMD2ZZQDIcPxm3GZEWzBRYRrVfmsM2azGDAnZkjgciW6Q58jarRAvAG15loFpV9ffqWu8FjBY=
e.serverbid.com/	1970-01-20 10:50:21	Name: azk Value: ue1-sb1-859639ea-eeac-4fdf-adab-ad9aacf957ef
.twitter.com/	1970-01-20 19:35:57	Name: personalization_id Value: "v1_uZ5OVllPqdxLBgznscfd4A=="
.t.co/	1970-01-20 19:35:57	Name: muc_ads Value: f02f60dc-0390-4cc6-a136-659f66fed07a
.threatpost.com/	1970-01-20 19:37:24	Name: AMCV_983502BE532960BE0A490D4C%40AdobeOrg Value: 1585540135%7CMCIDTS%7C19087%7CMCMID%7C67137029763871488484502456997303030235%7CMCAAMLH-1649690607%7C6%7CMCAAMB-1649690607%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1649093007s%7CNONE%7CMCAID%7CNONE%7CMCSYNCSOP%7C411-19094%7CvVersion%7C4.4.0
.quantserve.com/	1970-01-20 11:35:00	Name: mc Value: 624b0d70-10c66-71d8b-a3180
threatpost.com/	1970-01-20 02:47:57	Name: _pbjs_userid_consent_data Value: 6683316680106290
.threatpost.com/	1970-01-20 06:23:57	Name: _pubcid Value: bc2923de-89ff-421b-9ac7-c07f2812a6b0
.threatpost.com/	1970-01-20 11:29:14	Name: __qca Value: P0-396542707-1649085808038
.openx.net/	1970-01-20 10:50:21	Name: i Value: bc2923de-89ff-421b-9ac7-c07f2812a6b0\|1649085808
.threatpost.com/	1970-01-20 02:04:45	Name: _gat_UA-63997723-2 Value: 1
threatpost.com/	1970-01-21 02:04:45	Name: CookieConsent Value: {stamp:1510405861=='\|Cnecessary:true\|Cpreferences:true\|Cstatistics:true\|Cmarketing:true\|Cver:1\|Cutc:410478640\|Cregion:'not_gdpr'}
prebid.a-mo.net/	1970-01-20 10:50:21	Name: __amc Value: 2_1649085807_1649085808
threatpost.com/	1970-01-20 10:50:21	Name: usprivacy Value: 1---
.threatpost.com/	1970-01-20 04:14:21	Name: _gcl_au Value: 1.1.923006472.1649085809
.threatpost.com/	1970-01-20 19:35:57	Name: _ga_YP1JLG57CH Value: GS1.1.1649085808.1.0.1649085808.0
.threatpost.com/	1970-01-20 19:35:57	Name: _ga Value: GA1.1.1480618513.1649085808
.linkedin.com/	1970-01-20 02:47:57	Name: UserMatchHistory Value: AQJp-WDs5cOUqgAAAX_1LIAO6wcCztCEPCpqh4Oc__WRUyaIoGLkS2JCgfw7kphQl8rWFU_rRbiLow
.linkedin.com/	1970-01-20 02:47:57	Name: AnalyticsSyncHistory Value: AQLce_PQ72GXnAAAAX_1LIAOGpdQPUcjvUV19Y2vi00fXO-ZKjFV_asYJ5FjHtSIMJat-JeUs3oRynQ-TPj7kA
.ads.linkedin.com/	1969-12-31 23:59:59	Name: lang Value: v=2&lang=en-us
.linkedin.com/	1970-01-20 19:36:39	Name: bcookie Value: "v=2&644ffc6a-2042-4c30-8492-903964241d81"
.linkedin.com/	1970-01-20 02:06:12	Name: lidc Value: "b=OGST09:s=O:r=O:a=O:p=O:g=2228:u=1:x=1:i=1649085808:t=1649172208:v=2:sig=AQGfylZjyQSWe6HS6eLA5oprSDBRSW6P"
.threatpost.com/	1969-12-31 23:59:59	Name: s_cc Value: true
.linkedin.com/	1969-12-31 23:59:59	Name: lang Value: v=2&lang=de-de
.www.linkedin.com/	1970-01-20 19:36:39	Name: bscookie Value: "v=1&202204041523287e18e369-b32c-4076-8a7f-bd5331299770AQHICcmHX07vfMdapdt2clU0UQr4FRs3"
.linkedin.com/	1970-01-20 19:27:43	Name: li_gc Value: MTswOzE2NDkwODU4MDg7MjswMjEe5RTv6f7+ieSbFrL9qaHl/ZBPTX4zGtQyX8fbsUmZRQ==
.doubleclick.net/	1970-01-20 11:26:21	Name: IDE Value: AHWqTUneK7bIUkozgUc3hYMPkWM4MaWuW0tL9vHzrusByy0D1Mqy8Ax667oOMXCqVy0
.casalemedia.com/	1970-01-20 04:14:21	Name: CMPS Value: 3193
.casalemedia.com/	1970-01-20 10:50:21	Name: CMID Value: YksNct4UTVn3MBHk14kPKAAA
.adnxs.com/	1970-01-20 04:14:21	Name: anj Value: dTM7k!M41.D>6NRF']wIg2Ilaqb!5U!]tbPl1M>e)ZlrFUfJ+tGXxoTReXymKAgUCN$%7_Ka5Q@E>DRj_K@EDGJ9?]3If)y3KL9D3I?+g5b$9n
.casalemedia.com/	1970-01-20 04:14:21	Name: CMPRO Value: 1184
.threatpost.com/	1970-01-20 11:26:21	Name: __gads Value: ID=37d2fa86691c1002:T=1649085808:S=ALNI_MbbeTjLAlHmApdlQb37VLn_2PODWw
.openx.net/	1970-01-20 02:26:21	Name: pd Value: v2\|1649085812\|gekin0vNiygu
.advertising.com/	1970-01-20 10:51:48	Name: APID Value: UP301e2d0f-b42b-11ec-8de4-0254f87e0f0c
.yahoo.com/	1970-01-20 10:50:43	Name: A3 Value: d=AQABBHQNS2ICELcdfIqEL0Dknuw91emW_bQFEgEBAQFeTGJUYgAAAAAA_eMAAA&S=AQAAAiQ5ugdGp2amx3Rf4aaJRDY
.spotxchange.com/	1970-01-20 10:50:25	Name: audience Value: 30246e75-b42b-11ec-9926-10ffbde80206
ads.stickyadstv.com/	1970-01-20 02:47:57	Name: UID Value: d63f995c618fda5d324a93489a4b3725
ads.stickyadstv.com/	1969-12-31 23:59:59	Name: sessionId Value: 93d1527c4ea96975b6652eb60e146
.adform.net/	1970-01-20 02:47:57	Name: C Value: 1
ads.stickyadstv.com/	1970-01-20 03:31:09	Name: uid-bp-159 Value: CAESEBjn2XVVVGKDIijCYLfWxVo
.adform.net/	1970-01-20 03:31:09	Name: uid Value: 1610214913330412716
.fwmrm.net/	1970-01-20 06:23:57	Name: _uid Value: "pc023_7082769630838436178"
.mathtag.com/	1970-01-20 11:30:41	Name: uuid Value: 3039624b-0d74-4700-b428-ff9fe7626b72
.threatpost.com/	1970-01-20 11:26:21	Name: cto_bundle Value: Xg6Yk19yRVhqNXpCdjVxaVBpbFpaQ3JiSXg0c2FEdUpiME9MYlZrJTJGRlFucnczZTQ3eDAwblJZT21aUnpSM213NmRJJTJCczloNDQwa0tSaHZMVmwxYSUyQmE3V3pxZ3A3QkJCU2xyJTJCc1Y1bVdIU00wYjRnY2dSQU1qWXU3JTJGemRIdyUyQnBvRiUyQmNW
.threatpost.com/	1970-01-20 11:26:21	Name: cto_bidid Value: rjnzal96TVBKTWk1MWdDV2cxYkdIaExjNXJZYkslMkJVelQ2JTJGQnBUbzdoRUZIUU92eHQzeVZQUGxkOUl1bERRYllDeFVNTmhYQ240NHFmQnNJODFXZEVJSkg2TGclM0QlM0Q
.adfarm1.adition.com/	1970-01-20 04:14:21	Name: UserID1 Value: 7082769630863947916
ads.stickyadstv.com/	1970-01-20 03:31:09	Name: uid-bp-36033 Value: pc023_7082769630838436178
ads.stickyadstv.com/	1970-01-20 03:31:09	Name: MRM_UID Value: pc023_7082769630838436178
.rfihub.com/	1969-12-31 23:59:59	Name: ruds Value: H4sIAAAAAAAAAOMSNjS3sDQ1NDIxNjU1MzE1NDQ1MxXiM9Q1TM6PSjdPDEoy9AsBABoennIlAAAA
.rfihub.com/	1970-01-20 11:26:21	Name: rud Value: H4sIAAAAAAAAAOMSNjS3sDQ1NDIxNjU1MzE1NDQ1MxXiM9Q1TM6PSjdPDEoy9AuR4jU0M7E0sDC1MDSyNDMEAAfVJJk0AAAA
.rfihub.com/	1969-12-31 23:59:59	Name: euds Value: H4sIAAAAAAAAAOOSMXR2dA12dS7IC3d3Mi0stPRMzzEwSsp2Mkr3cwUAtGYDZh4AAAA
.adsrvr.org/	1970-01-20 10:50:21	Name: TDID Value: 6766d44e-e80f-4f86-93fa-4ff419910582
.doubleclick.net/	1970-01-20 02:04:49	Name: DSID Value: NO_DATA
.ctnsnet.com/	1970-01-20 10:50:21	Name: cid_6862d849b8ae436a89c60c6e463cfd06 Value: 1
.mts.ru/	1970-01-20 10:37:24	Name: dspid Value: fd127087-8aa9-48e2-b0e8-22a1e52d992e
.360yield.com/	1970-01-20 04:14:21	Name: tuuid Value: b5235344-2801-4be6-831c-ac1c698528b6
.360yield.com/	1970-01-20 04:14:21	Name: tuuid_lu Value: 1649085813
ads.stickyadstv.com/	1970-01-20 03:31:09	Name: uid-bp-892 Value: 6766d44e-e80f-4f86-93fa-4ff419910582
.tribalfusion.com/	1970-01-20 04:14:21	Name: ANON_ID Value: aInseFqkaHbBykt9ZbxaSjibG3QRewZdyevwNqaRyHW05h7u5cfBADs3Zd8f6pZdxuJPuwPO28VXZaX29fs3d6bJv
.mts.ru/	1970-01-23 16:28:45	Name: mts_id Value: a450996b-2117-48e4-9f14-e363d913fe09
.mts.ru/	1970-01-23 16:28:45	Name: mts_id_last_sync Value: 1649085813
sync.srv.stackadapt.com/	1970-01-20 10:50:21	Name: sa-user-id Value: s%3A0-ba410093-0c40-4952-5006-10dbbeed70d7.m8Kxs%2F80Z2NIOJr6RZhAkXnutpO1Z1RGHj0pIthvkEA
.srv.stackadapt.com/	1970-01-20 10:50:21	Name: sa-user-id-v2 Value: s%3AukEAkwxASVJQBhDbvu1w19ly14Q.7LaCnhCiAR0jhboNZeeq5U72oTNYVt2kONe%2B2DJm2JE
.bidr.io/	1970-01-20 11:33:19	Name: bito Value: AADQjU7ElhsAADW9ogSpdQ
.bidr.io/	1970-01-20 11:33:19	Name: bitoIsSecure Value: ok
ads.stickyadstv.com/	1970-01-20 02:47:57	Name: uid-bp-26913 Value: AADQjU7ElhsAADW9ogSpdQ
.3lift.com/	1970-01-20 04:14:21	Name: tluid Value: 2688687070551306239907
ads.stickyadstv.com/	1970-01-20 02:47:57	Name: uid-bp-717 Value: y-G.k8dvRE2oMGb3s0w1HKWHQ8A5qYOwBIOvxOVTkl~A
.w55c.net/	1970-01-20 11:33:33	Name: wfivefivec Value: TNComNIS1NBoyh5
.bing.com/	1970-01-20 11:26:21	Name: MUID Value: 3D958A011AD36B7F11EC9B7D1B016A45
.w55c.net/	1970-01-20 02:47:57	Name: matchfreewheel Value: 5
ads.stickyadstv.com/	1970-01-20 03:31:09	Name: uid-bp-23329 Value: TNComNIS1NBoyh5
.casalemedia.com/	1970-01-20 02:06:12	Name: CMST Value: YksNcmJLDXYA
.servenobid.com/	1970-01-20 02:14:50	Name: pid_337 Value: y-v35Ej1xE2uGW7DM0QxSfCOl9FKU.jDYzIXXQYq4-~A
.quantserve.com/	1970-01-20 04:14:21	Name: d Value: EEQBFgHpJYEPisMK67gQ
.analytics.yahoo.com/	1970-01-20 10:50:21	Name: IDSYNC Value: "1762~2453:18wq~2453:18yx~2453:196n~2453:17ot~2453"
.rfihub.com/	1970-01-20 11:26:21	Name: eud Value: H4sIAAAAAAAAAOOSMXR2dA12dS7IC3d3Mi0stPRMzzEwSsp2Mkr3cw3iNTQzsTSwMLUwNLI0M3zFiMI3OiWO4JsYmRoBALxXdkRNAAAA
.servenobid.com/	1970-01-20 02:14:50	Name: pid_333 Value: YksNct4UTVn3MBHk14kPKAAABKAAAAAB
.a-mo.net/	1970-01-20 10:50:21	Name: amuid2 Value: 6317f8ea-5e59-44f3-aeee-0d12d3cb3af6
.gumgum.com/	1970-01-20 10:50:21	Name: vst Value: e_1bea6735-db7d-4315-b350-f30157d5ad6a
.go.sonobi.com/	1969-12-31 23:59:59	Name: HAPLB5G Value: s56128\|YksNe
.servenobid.com/	1970-01-20 02:14:50	Name: pid_324 Value: 1789512435564511565
.servenobid.com/	1970-01-20 02:14:50	Name: pid_327 Value: 6317f8ea-5e59-44f3-aeee-0d12d3cb3af6
.emxdgt.com/	1970-01-20 02:47:57	Name: euid Value: 18711649085814339617f1
.servenobid.com/	1970-01-20 02:14:50	Name: pid_309 Value: e_1bea6735-db7d-4315-b350-f30157d5ad6a
.servenobid.com/	1970-01-20 02:14:50	Name: pid_312 Value: 6514661878502015300
.bidswitch.net/	1970-01-20 10:50:21	Name: tuuid Value: 15890a4f-bb9f-4a45-aeff-f776621a0fce
.bidswitch.net/	1970-01-20 10:50:21	Name: c Value: 1649085814
.bidswitch.net/	1970-01-20 10:50:21	Name: tuuid_lu Value: 1649085814
.creativecdn.com/	1970-01-20 10:50:21	Name: u Value: E9H03ZLi7ugWcW0gJcGL
.creativecdn.com/	1970-01-20 10:50:21	Name: ts Value: 1649085814
.emxdgt.com/	1970-01-20 02:47:57	Name: eapn_id Value: 6514661878502015300
.smartadserver.com/	1970-01-20 11:35:00	Name: pid Value: 6022361112205237142
.zemanta.com/	1970-01-20 10:50:21	Name: zuid Value: uK08ugMwTq4CJva-tS_m
.servenobid.com/	1970-01-20 02:14:50	Name: pid_317 Value: 6022361112205237142
.adsrvr.org/	1970-01-20 10:50:21	Name: TDCPM Value: CAEYASABKAIyCwj-xKWJupbLOhAFOAFaDnNtYXJ0LWFkc2VydmVyYAI.
.amazon-adsystem.com/	1970-01-22 00:00:55	Name: ad-privacy Value: 0
.smartadserver.com/	1970-01-20 11:35:00	Name: csync Value: 86:6514661878502015300
.lijit.com/	1970-01-20 10:50:21	Name: ljt_reader Value: 0df219cae5e4fef18b8d9d71
.casalemedia.com/	1970-01-20 10:50:21	Name: CMRUM3 Value: f1624b0d7605a0&40624b0d7605a0&2d624b0d722760&27624b0d760b40&49624b0d7605a0&98624b0d762760f8d37842-44f9-4de5-9988-24bb337c2c3f&41624b0d7605a0&e6624b0d762760&51624b0d762760Jzt31SFtdIc8OHPUJz9ugCBte9U8aHCGKTkGvejb
bh.contextweb.com/	1969-12-31 23:59:59	Name: INGRESSCOOKIE Value: 22ed77b396f3e85a
.technoratimedia.com/	1970-01-21 21:52:45	Name: tads_uid Value: GDPR
.outbrain.com/	1970-01-20 04:14:21	Name: obuid Value: be723a24-c214-4d61-9b5d-8da7b8f2634f
.amazon-adsystem.com/	1970-01-20 08:36:26	Name: ad-id Value: A08i3GLDyUt1sxdgMsro65I
.ipredictive.com/	1970-01-20 10:50:21	Name: cu Value: 3163a4f0-b42b-11ec-9fec-dbd44b831426\|1649085814685
.lijit.com/	1970-01-20 10:50:21	Name: _ljtrtb_273657 Value: 273657
.servenobid.com/	1970-01-20 02:14:50	Name: pid_310 Value: 0df219cae5e4fef18b8d9d71
.liadm.com/	1970-01-20 19:35:57	Name: lidid Value: a7355131-26a3-4cde-be65-cc3d3a77013b

26 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	URL: https://qd.admetricspro.com/js/threatpost/uspcmp.js(Line 7) Message: Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://threatpost.com') does not match the recipient window's origin ('https://js-sec.indexww.com').
security	error	URL: https://qd.admetricspro.com/js/threatpost/uspcmp.js(Line 7) Message: Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://threatpost.com') does not match the recipient window's origin ('https://js-sec.indexww.com').
security	error	URL: https://qd.admetricspro.com/js/threatpost/uspcmp.js(Line 7) Message: Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://threatpost.com') does not match the recipient window's origin ('https://ads.pubmatic.com').
security	error	URL: https://qd.admetricspro.com/js/threatpost/uspcmp.js(Line 7) Message: Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://threatpost.com') does not match the recipient window's origin ('https://ads.pubmatic.com').
security	error	URL: https://qd.admetricspro.com/js/threatpost/uspcmp.js(Line 7) Message: Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://threatpost.com') does not match the recipient window's origin ('https://js-sec.indexww.com').
security	error	URL: https://qd.admetricspro.com/js/threatpost/uspcmp.js(Line 7) Message: Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://threatpost.com') does not match the recipient window's origin ('https://ads.pubmatic.com').
javascript	warning	URL: https://threatpost.com/google-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch/179103/ Message: The resource https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-500italic-webfont.woff2 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript	warning	URL: https://threatpost.com/google-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch/179103/ Message: The resource https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-900-webfont.woff2 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript	warning	URL: https://threatpost.com/google-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch/179103/ Message: The resource https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-100italic-webfont.woff2 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript	warning	URL: https://threatpost.com/google-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch/179103/ Message: The resource https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-700-webfont.woff2 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript	warning	URL: https://threatpost.com/google-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch/179103/ Message: The resource https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-700italic-webfont.woff2 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript	warning	URL: https://threatpost.com/google-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch/179103/ Message: The resource https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-500-webfont.woff2 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript	warning	URL: https://threatpost.com/google-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch/179103/ Message: The resource https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-100-webfont.woff2 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript	warning	URL: https://threatpost.com/google-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch/179103/ Message: The resource https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-900italic-webfont.woff2 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript	warning	URL: https://threatpost.com/google-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch/179103/ Message: The resource https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-300italic-webfont.woff2 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript	warning	URL: https://threatpost.com/google-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch/179103/ Message: The resource https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-300-webfont.woff2 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
security	error	URL: https://qd.admetricspro.com/js/threatpost/uspcmp.js(Line 7) Message: Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://threatpost.com') does not match the recipient window's origin ('https://eus.rubiconproject.com').
network	error	URL: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YksNct4UTVn3MBHk14kPKAAABKAAAAAB&google_gid=CAESEFjkvGfbgY-IoY230gun_ig&google_cver=1&google_push=AYg5qPIfFTziByOSwvTFvDdJT68kZT9pP8WrqEiemy76MfVTJj6UjvcKMcg4S0ciyxQ3VWpX8_Lku5iZlRJEwSTgkzYMsPqAExc Message: Failed to load resource: net::ERR_TOO_MANY_REDIRECTS
network	error	URL: https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=tSNTRCgBS-aDHKwcaYUotg&google_push=AYg5qPJ9B7Zpv4yEly-RqVLprWL_4UmI-J7Oz_SeshWJ9o123DSHuKrNhNZ1L5yuimJhcegsWnN7iVs1AkNeOY3Jtcr8yGLXInk9 Message: Failed to load resource: net::ERR_TOO_MANY_REDIRECTS
network	error	URL: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YksNct4UTVn3MBHk14kPKAAABKAAAAAB&google_push=AYg5qPJfVcORVVnsql0PQX8sYkjRZQDRXpom5JYfDer9GleXIFsJSvCddYbHJETAanXnzQg7I12RnHEJoVPZZmEe7hdjFCLZO9ZS&google_cver=1&google_gid=CAESEFjkvGfbgY-IoY230gun_ig Message: Failed to load resource: net::ERR_TOO_MANY_REDIRECTS
network	error	URL: https://sync.1rx.io/usersync2/rmpssp?sub=duration&redir=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D321%26uid%3D%5BRX_UUID%5D Message: Failed to load resource: the server responded with a status of 502 ()
security	error	URL: https://qd.admetricspro.com/js/threatpost/uspcmp.js(Line 7) Message: Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://threatpost.com') does not match the recipient window's origin ('https://ads.pubmatic.com').
network	error	URL: https://id.rlcdn.com/709414.gif Message: Failed to load resource: the server responded with a status of 451 ()
security	error	URL: https://qd.admetricspro.com/js/threatpost/uspcmp.js(Line 7) Message: Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://threatpost.com') does not match the recipient window's origin ('https://eus.rubiconproject.com').
security	error	URL: https://qd.admetricspro.com/js/threatpost/uspcmp.js(Line 7) Message: Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://threatpost.com') does not match the recipient window's origin ('https://ads.pubmatic.com').
security	error	URL: https://qd.admetricspro.com/js/threatpost/uspcmp.js(Line 7) Message: Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://threatpost.com') does not match the recipient window's origin ('https://eus.rubiconproject.com').

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

1f2e7.v.fwmrm.net
451daedf90a855d34971a630bdaefb94.safeframe.googlesyndication.com
9582686.fls.doubleclick.net
a.rfihub.com
a.tribalfusion.com
aax-eu.amazon-adsystem.com
acdn.adnxs.com
ad.360yield.com
ad.doubleclick.net
ads.avads.net
ads.pubmatic.com
ads.servenobid.com
ads.stickyadstv.com
ads.yahoo.com
ads.yieldmo.com
adservice.google.com
adservice.google.de
analytics.twitter.com
ap.lijit.com
assets.threatpost.com
b1sync.zemanta.com
bh.contextweb.com
btlr.sharethrough.com
c.amazon-adsystem.com
c.bing.com
c1.adform.net
c2shb.pubgw.yahoo.com
c2shb.ssp.yahoo.com
capi-tier-2-us-east-2.connatix.com
capi.connatix.com
casale-match.dotomi.com
cc.adingo.jp
cd.connatix.com
cdn.id5-sync.com
cds.connatix.com
ce.lijit.com
cm.adgrx.com
cm.everesttech.net
cm.g.doubleclick.net
cms.quantserve.com
code.createjs.com
creativecdn.com
cs.chocolateplatform.com
cs.emxdgt.com
dclk-match.dotomi.com
dpm.demdex.net
dsp.adfarm1.adition.com
dsum-sec.casalemedia.com
dsum.casalemedia.com
e.serverbid.com
eb2.3lift.com
eu-u.openx.net
eus.rubiconproject.com
fastlane.rubiconproject.com
fonts.googleapis.com
g2.gumgum.com
gcm.ctnsnet.com
geo.ipify.org
gift-connect-d.openx.net
go.sonobi.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
gum.criteo.com
hbopenbid.pubmatic.com
htlb.casalemedia.com
i.liadm.com
i6.liadm.com
ib.adnxs.com
id.rlcdn.com
id5-sync.com
imasdk.googleapis.com
img.connatix.com
ins.connatix.com
js-sec.indexww.com
kaspersky.d3.sc.omtrdc.net
kaspersky.demdex.net
kasperskycontenthub.com
lit.connatix.com
match.adsrvr.org
match.deepintent.com
match.prod.bidr.io
math-aids-threatpost-tagan.adlightning.com
media.kaspersky.com
media.threatpost.com
mp.4dex.io
mug.criteo.com
onetag-sys.com
p.rfihub.com
pagead2.googlesyndication.com
partners.tremorhub.com
pixel-sync.sitescout.com
pixel-us-east.rubiconproject.com
pixel.33across.com
pixel.advertising.com
pixel.quantserve.com
pixel.rubiconproject.com
pm.w55c.net
pr-bh.ybp.yahoo.com
prebid.a-mo.net
public.servenobid.com
px.ads.linkedin.com
px4.ads.linkedin.com
qd.admetricspro.com
rtb-csync.smartadserver.com
rtb.gumgum.com
rules.quantcount.com
s.amazon-adsystem.com
s.tribalfusion.com
s0.2mdn.net
script.4dex.io
secure-assets.rubiconproject.com
secure.adnxs.com
secure.cdn.fastclick.net
secure.quantserve.com
securepubads.g.doubleclick.net
serverbid-sync.nyc3.cdn.digitaloceanspaces.com
sm.rtb.mts.ru
snap.licdn.com
ssbsync.smartadserver.com
ssp.adriver.ru
ssum-sec.casalemedia.com
stags.bluekai.com
static.ads-twitter.com
stats.g.doubleclick.net
sync-tm.everesttech.net
sync.1rx.io
sync.extend.tv
sync.go.sonobi.com
sync.inmobi.com
sync.ipredictive.com
sync.mathtag.com
sync.outbrain.com
sync.search.spotxchange.com
sync.serverbid.com
sync.srv.stackadapt.com
sync.teads.tv
sync.technoratimedia.com
t.co
tag.1rx.io
tagan.adlightning.com
teachingaids-d.openx.net
tech.rtb.mts.ru
tg.socdm.com
threatpost.com
tlx.3lift.com
token.rubiconproject.com
tpc.googlesyndication.com
u.openx.net
um.wbtrk.net
unpkg.com
ups.analytics.yahoo.com
us-u.openx.net
usersync.gumgum.com
vid.connatix.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
www.linkedin.com
x.bidswitch.net
ad.doubleclick.net
ads.avads.net
ads.servenobid.com
cm.g.doubleclick.net
pagead2.googlesyndication.com
sync.1rx.io
sync.inmobi.com
um.wbtrk.net
104.244.42.131
104.244.42.5
104.89.20.125
104.89.31.187
104.89.42.102
129.159.70.95
13.107.42.14
13.115.149.166
13.248.245.213
13.36.218.177
134.209.129.254
134.209.131.220
142.250.181.226
142.250.185.226
142.250.185.230
142.250.186.66
145.40.89.200
15.197.193.217
151.101.129.108
151.101.130.137
151.101.2.137
151.101.66.49
154.54.250.49
159.203.145.121
169.197.150.7
178.162.133.148
178.162.133.149
178.250.0.157
18.157.232.7
18.184.26.136
18.195.155.181
18.196.121.26
18.235.91.242
185.184.8.90
185.29.134.244
185.33.221.91
185.33.223.38
185.64.189.112
185.85.15.31
185.86.139.115
185.86.139.93
185.94.180.125
193.0.160.128
198.148.27.140
199.232.136.157
2.18.234.233
2.20.85.164
2.20.85.92
202.241.208.54
205.185.216.42
209.54.180.144
213.19.147.43
213.19.147.44
213.87.44.187
217.66.147.164
23.32.59.34
23.35.228.247
23.35.233.56
2600:1f18:444a:4680:5b76:7408:bdd4:1592
2600:1f18:612b:4216:99f2:7ef8:5bca:944d
2600:9000:2057:1200:2:9275:3d40:93a1
2600:9000:206f:b800:6:44e3:f8c0:93a1
2600:9000:21f3:da00:0:5c46:4f40:93a1
2602:803:c004:200::140
2606:4700:20::681a:9a9
2606:4700:3031::6815:456d
2606:4700::6810:7eaf
2606:4700::6812:272
2606:4700::6812:d05
2620:116:800d:21:fcb8:22d2:d390:5f1b
2620:1ec:21::14
2620:1ec:bdf::44
2620:1ec:c11::200
2a00:1288:80:807::1
2a00:1450:4001:808::200a
2a00:1450:4001:808::200e
2a00:1450:4001:80e::200a
2a00:1450:4001:811::2002
2a00:1450:4001:812::2001
2a00:1450:4001:812::2002
2a00:1450:4001:813::2004
2a00:1450:4001:827::2003
2a00:1450:4001:828::2002
2a00:1450:4001:828::2006
2a00:1450:4001:82a::2001
2a00:1450:4001:82f::2008
2a00:1450:4001:831::2002
2a00:1450:4001:831::2003
2a00:1450:400c:c01::9c
2a02:2638::1c
2a02:26f0:3500:7::17d8:4dc9
2a02:26f0:ef::5c7b:c2a1
2a02:fa8:8806:20::2040
2a05:d018:d29:3605:2e02:fe1c:9c40:529
3.122.208.3
3.122.58.191
3.126.56.137
3.14.222.76
34.232.92.67
34.241.76.6
34.248.191.66
34.248.76.8
35.173.160.135
35.186.193.173
35.244.159.8
35.244.174.68
37.157.4.28
46.105.202.126
51.195.5.40
51.75.86.98
52.17.2.116
52.213.21.147
52.28.203.152
52.71.178.197
52.94.220.185
54.154.15.255
54.155.65.255
54.194.228.85
54.84.59.198
63.251.14.14
63.34.46.247
64.140.160.2
64.74.236.31
65.9.62.173
65.9.66.117
65.9.66.69
66.155.71.150
67.202.105.21
69.173.144.138
69.173.144.139
69.173.151.100
70.42.32.31
72.251.232.228
79.125.2.154
81.222.128.215
85.114.159.93
96.16.141.156
01cf2b2ba01cfd3c1be27c8da811054c4adbe2af875a5bc2aeabb304a9b7972d
029dfc35f37b961c2f49e3d1165c656f92dab5c52721891257f99ad67a69fd6e
02f9d93789c1c6eb90e5a580da466fb57aa49759c8a2caac2a945744eb66f60f
037dd36c7b23a7cdab949ce0bbdd15dc6962c96638c6da41ecdfeb6db74fe400
038fc4d49a9191d416d49841f371b6e0b06bb40f719124099d40fe8f393b9e2c
03cc687f0c8a2d1694e509b91fcd6c62c0fbdbdbdb850b8007b8052f649c7f77
0480e99ef32d730897e546bbd434dd634eeb6ca4bb79b47d3c09f5b26c22c073
05978957c6c8b028f2785dc77271c286bfac76e30b7bcd7e835c2927fbe897cf
05a58707d25ec9885faf81f026410f37d3757c0689d56b7ec1fc8b2f9cffb9d1
05a8c9fcf4de3fce82d6c670ece5dba2ef3b2e2d700f5a114107f3fee44dcf49
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
06fc565587b8b700936a1677218cb269a6cc31ca5f701eb45461e86a3d54d5c7
084885652dacd1b70a7979e7631caa6fe5985a5c1b872c28dd890d9ea39cec3d
0849eef021b381cb3f64d424bdd29839513dbb4e964aef0420136906426a18de
085f299301d3258baf25d3cdaf1ff539b13a00169b765b1c8abaabc5fe353d2b
09c83d88c4cf129848d0022e19abf1920c99a0512d3e5b818c60a66cb68fb764
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
171d552ced7daf557a3bcb4cd294ed6c71d50417062128b318495bbb00078a03
176570d8ab47dab888bec2f9014db7ac8a979f78281a44dd1e8a80a3a4d45e2e
1791bf831c158912a11ca40bcf5f3573fc54ec8f8343c37780dab679c0203d63
17aee1fe3d7d16e647b97f568230c2ff36c1855ce35ce930c26aec5d2c58eaf4
17c36e9523e8b97999649b89a0f8480d574d7a1fe1dd4f3d8fe841e5649cd0c5
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
1a125096dce20357e3049f8166f66af69a0e57f5f802696000ab095613703e8f
1ae61ed61290f9bf2619f52667aafa622c805072c75765025f0b61a23862005f
1aeb3ee07f4b462935c5d8047ff038c8e279d75f9be1dcd0b848ba68223a3ee2
1e046a89bb90f44dadb24f5fdfbe412b5f6d320b790f7317fad956b193234726
1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4
1f3d8b57f69b73694c38ba6bbf8ddc46c8a5e52db401795fa8ab80643e14236d
22c90613db09ef65c964b143e6adbe584b42eae85c9b7a75fa27c22b25cccb90
28f18d39406a4b70dfa6cd479fe03f7ed918ca5c05cee26b87d9e1626cea1ed9
2a647d79b31b4b19f30c795aac862bcf5b424731c732e239775127b8ac4aae0a
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
2b48c43b818236ec743b95a9188a77284e7e4dccd91d58d64ca044488647bf7d
2c469a897d1eee15915927ef811838f80ba761e8219154de620fc4e638dd5cc3
2d81a5cbabc401e26f9796b2d542a96518680646804cf45b744ff15f7d04a741
2de77164bb9924542e1dea4ee4a0ff27d40b51a3d7939dac7db11a95045c9b7d
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
2f9ff07c1365531108b5f2cf03ffa0cc9c95e116e34228c04601584090381aa8
31330c5a5574b4c0c22dd5852c22b66f253faf0181f9a2686e26990e11993e6c
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7
3373dca69883fd4d5298c955d822359a23e9c3658b63e06b483e251c10024f21
369c67a5afb2ffa25d4480b3781a938e7fe7c5633f89d36570e2c1cc23c49eff
3788f6d78d3779c5cb9799b5a5194c8e4f56de10b3c7cc962dd4ff56a006c076
37a31642af0a7fe695ed0fd68a06a55af44e854d083dc7f5d0e70535f0189ae0
38c6190408c68bd61af02cd3aa31e2ac3461f4af4b1f91d991a6b93e073f8c76
39af7c1116fb967a330e8770f775e6b5ee871add01ed45c98a1634911cebfb0a
3b9d39edb2591de65a095117689dd79effa44a7cf3e0a594d01c978b2f05d00e
3bb2621a4c0c710f6e78404473aebff8e115a28f8d53f44339b867c63ad93b26
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd
3d6ac6672cf649dfef31809888f605403ef9c8bcca4afe58f524dfe2c1a0faa3
3ef5bfd224e0baa902eb88c94979cfaeccf2169a996c601fa3de4c3f3b33da01
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390
40b972a48b99b2f07e7c5462d75f0b2c9e65f70d110e807ff46e8bb9a22f5c57
41f047950d4db7e04d250ebe65613aaaf482546a855d9321d1536ecb8ab6cccf
420508fc523520f35de5c851905543294123d7676b5a5668744691f2abe9e730
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
442e04d29e831cccad0690c929d9c3bd176d17319a91be696a134aad5341b723
45ddc09b0ad6ab916bd9a0282070b161045e186fc025303f4aa1aa821fc45ac7
463187e6623e8c2bada952641a689f60c637e92fb2727e83b35318a7d3e2ab14
4658e1122a2190db712f6731d3e8c14b027f0a42bd7c1333b11d272f8e9ea3fd
480a52724fb3cb5ff84d11dc6e298c35e0c118d56662e6393d20c02b030ebfb8
4823c011e4b4cb4b7f35ced3ab09d57215ee243676d9bfcc24d10ec77d3db398
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
48c564de3356352b7ab96436dde08f74a9a97262e6041f59ab6bcdb3e8ee9171
4a18b0faf6a447454e134730303202f8416b72f1d4f744b1d3b4646636240eb7
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840
4d52f37b83f70c5035632548c652508d793eec55e17f2ac19552f4fa19d323be
4d94a0f51bade076fa154e469f12563fcee377fd94d79ca6d080d231e0e8b1d1
4da3e3aa30b5b06390d7e7e3fcfb16d648909eb429d161c2748bd6d79a7ec5fb
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4e0b5563ff1fc5175d65e11e1546bee1945486d65d76c9248bdd77487532dadf
4ed257b6a66a4f688863fc524916553700aac538de647baddffcc27b10403dcb
500288356853c7199a27a6a2cdcd14b217d18dd9c8103272d8e6def6acbe2580
503a1dd70b8b9c286875f5f7de72bce93c664b79f3fcfeefa1150d2384df33a0
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
506d565f94cecbb486394c545a96e8459217f8d045496b511e8c815142abfc70
519815bc4a3dd9a571cb56f57c7c6abfbda2b4e2de8c4b884a7535a1705438f2
52cac1193a3683e35353723a38e01a9bcc0c5f9bf2be42d29c96905527c7923d
546be401414bcb20cdea07cdbcd806409b9629e4895737e214401948c40409f3
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
55f56026d86468db4135723445d1df3498809ce536fa7a518b2847d7e6a27a96
56e21c0b93290490c1b1bcd3c541dc358b4f5bb43b24d954dc075e82fe48dcaf
57f23d924134c1e69cb19609ee15c7b1fd54da5ec1b39cc7422ef08d025a51f0
583930898275cde93516bd1fe38ac6c7e03c2cd95d63ff087b95f4a5ec26db6f
590bd102c53da3b756f9f8c590dde6983d070ad9ccbdd8900e8503692e6cb2dc
5a7ed822968963e31d88424c96387ad9f4fd4f4b5a5b581a33f65e3784d162cf
5acdc1f4922888ced2af3577fd5bde7ea69a95e465eae69a3f62c65cd1abedef
5c0f884d82f6d3a7bf887f9be1c661a4ae8814baee671971390c774e2e492dbc
5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b
5d5cf5a4a5b7c02915bc261dca0c755d29beda0c0c3a005c78c1682c9934bb3c
5d7c7d25a0da74c0dd466120c3c09bd94cb982fc66ebc4a78675339f37323bf5
5ee2a16d4f8f9629ae75e0f94473f8601a4e0bf9527ba4467a094926e0947505
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
62cbf085d014439b719c84c3d2f3222fde66e299c2da1b41dfc4dbb315db0456
6493fe707262fb8d9bc0e4d487e319fc9ebe7de26ebe7e3b4f58a5d17f03a9ea
659a16a868127e3d1a8464ab4989bf7b70368c56c80bf46caea3bf7b0147f033
68026f99511fbc5c2275b7068b5fac19797d638977ffb9db12c5c1523614c18f
68cc26362c0cc4baa161311ed8f92a440624b120f844cecef402a4c7f94bf39d
68cdaaeccd079ab33df06d3e5fb47594a4458a6491d48a8ae2f394defb419eb5
693c8b61667ac94847264924178702a190c5113b41b82085dad0641f89e3f864
69f0ade8cca67112ef495f707fb73c68fd5099a6cd9c51d9ba9ceda8dcca16f7
6ab252c8b2e19890361a35f5e81a8ed4c19ae6add6878d844ee08952d22ff450
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6b982d6e086f55ba0d055165418341ec19a8ed922ed63326cc6e25b156271fcd
6be067b7743a9176f3e4a9c65ed07e43e72dad23e127b5ffde1caa4d84b0b0f6
6c8e343da3b15a6a26e0367b83d1c97813863ea6e6a905bd9e69870bb0a0ebd0
6e6377776a1104aed9b11142115b22dcaad3cf78ae76d255e454b04b7189af32
7104f88840a420f1702717d900db98910deb6141ad639bb7338b88993e989c72
730fa1f3e8b3c4a223c4e69f4a27e690a4552f96ab97dba05b943dff44967658
7337a38ce3a732e5243bd354ad12d96b4d5512e283a8dd70d129b730d7a5d3d3
739ab1cbd5fc795c806cfbc012e937834a1d566f02ed72ff02af2700c0629eb4
755c9fc29f92242ec74a963de3c01f5ccc4eb97f5254d64c64a0e8e7d54c8d1c
75749bcc96610e4e7a84996bacc0496fb9a6a39540f17685594348d7a3971f1c
762fbd0ed8d039b77a774a8f040600d6c1d9c9a23fb5bee6015c2b5729f75fe1
7a487d46a028c374c609924015d8c7ef6dd28b613a3739aa97ed2080984775bb
7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8
7c3b96f238042f73d0bedf5877fa02eb834e89649bbd122e2f10cc35238173cf
7c7c702463dc6941f4d9749347a5ea4dbe32bf7f97488272681d40c4068fd557
7d01c79518ec7aa4d8f9edc39a5535df85d418029deda2bc4e555b295d939049
7e75ade51afcae47ec8dedc46bd50962ebb58b46638a69951f1f494c5052fe14
7fd9983a3429d6ead1f66bf933770f9b790818b189e39ff0f2a0d3f590bbf67b
814b138dca87e7cd9e819cd883468e9927702abe51065a9f95c09409b3f3dbd1
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
83acf5a563525cb07d2525242b01c943cfdf33e88bbc07a822260a01107c130a
84bd5c5ee263222372ea62269eb1814c32b3a241bd37fcb5d6b7c5584590c8ee
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
859faa9b9ed0990288b2f393a102b1fe2668ac79088b113b6f0beaee521221eb
85b25a6edcc9b07991470245715aefe2ed0dadd8b72acbd873a3c81ed1ab9149
89a370ec5e14151929119f741332c04f59c96b4c511a9f5ea4472f1707d16b37
89b4aa9e9bf8516c2ab7b5134f65d47b02071637259a14c9f60dccc207e05ce4
89d538c36cf602eba0a7634d92b4ba8fe05a79bbd7c2721f490bcf993ba3ebf6
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
8ad716d4a479f84be58f7e2f4b725950c205e0f22f353be89cfc8e1e6fc07e13
8ccda7f7ccdafbd9a5875d1b3372b38ff6dcc6de393cd99e1834ac18e5fabaaf
8d5938a91cc56334ad31696d108fda4f631da0f8fba7589a7d9a1bc1ee91dc9b
8d6580af877387b05d9ffac3ebeacfe25a7728c77adef6d9b32fd72ccbe21468
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8da979458600536726a4bfca5e105c96a405e0740c16e55a7d6cc59108706417
8e36ade1e2725c86985ac1387988cdb6e5476ed30393890055c6d18f518dfb9d
8edaef698e025c37ba9e8d632a895d7252c62251df3f095d5cff17b6f3304854
8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5
8fb4a4f4521a94032afdb851a8612f898a1e8a40705d06df03ddfa932d3ca274
9151903cf1fcdcfd19720c440d6673f56d6cc5c6806f2aea26fbc654f95cb903
927e16d837ac9f46ddb4a64c8fea1cbe39343902c91b14e11b484e9b01f98cdd
931dc539e87db7f509be9c77dfcc9b2baee0b91e5236aa04580ab14ed81e2cc0
94706947fc97a408c79e7ce545dbe0915dacdc1a0e94944e83f68862c866aeab
9476350068dbd8b61373906f6d9dba49ed31ed5d64d6ee2d48da082c44a447dc
97f5070aadd9475bb56a49a7bc1114e9fe1b992b55f2b227502f35f8bba71d74
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
99d75855bd913a43cbe2485a1a57a6ff3b30f27e93c24aa03a50d6e3bc90253d
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9c2cd57fc33e43d8a3b951095eee1988fbe9ade5603046cff11a378f7460d85e
9c4ec1cb9472a75fd57990b7823fc13fd069e3b926ae5c9aed78cac65f943166
9e89048f0456e3b02cedb7cf76410b3576a32bad0f1cc024640f01e1339b3a71
9fc2e3c5c08c80a2e9d0c4dd44492a4938a6a7da0665c2e15f41472cff60e8ec
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a0d01991879875adad900b371a341342baf6deca280896fb406ad48360caa6e1
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a14ba71f9395672c003d0245f1baa9873636299552b7edab1c25a1c9bd7694ed
a184671c97c60a8bc92aa2950c751217f5a3be42ebf19333ea3b566aab3612e7
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
a23e44d9d02a2a9641a9bd3b47693656054c00b71890aed2fa7fc90151750f73
a2494ba238dc52ba44ec629445988a7b4e595a8795f6f79f6d3d5b4f91f6c850
a3e64300797e8078baa41dbc49e2affc1d2bedd04a470f0c929ed7fac698fbcd
a42c2a6356b0c9ce958723f2253a958ea49926c876d51eb6017afe3ffa459d94
a4350fed8ed92bbf4f462fc245028928ac33afa25d2231b28c334b91cd0d3952
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
a8b859c337ba140cd427e7018d90d06c09eeea5b94659ce387d7df29edcf836f
a9d2b2df99c1a115d5394c70a898d8801092208dc582f8bd6fb01b35c30d6b22
a9d82b1f790c96b18b50fe7eff489a57f644cd60a4c12adeac385dcb8dd23bb2
aa0992b4e17a3324d53313c014452f8636a4c6b1b84d3187886c386140911535
aa71287395c21792215380546956b9250d13e83e6337207b57637e557ce1e6ad
aac2dd9f70c9c52e69e9b3751581824c3e5376a404563ba2f350aaab6ee43c91
ab7475d461d9f613ef90faa375ec3387987dd7536af23c13cacd6be9c0c0e370
abfb1f15c2cb3df79d00d5c685c6840b8f5c91ecebb41650eacb4611aeff6071
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
acb1e3d8b8d6ad15775258df31190c5b390c2e954004969e8d8e629971e36a6c
ad466bf5bd3260297c0582435e86872bec1ea288884d96aecb461d53025fb69b
ae00ae9c862bc8b8923efd1d9a18befa912678a869d4dd01179a59ed3de731be
aeb4476ed7fb51c861603882be58248c659a8765c6cd9170c8304df68fc3b0ee
af0604469e47b50e494a840868c655f755b5da5116874cd4bd9bb26b9bdbb245
afde443c0e71ebed5be4869cf9f6bee4cbb8a864130f6738c7f2228a675f088d
b0c35bcc511183abbaf158b20f6f4a85a54cf4353b4df88163dc9425d97e4ca6
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b1ed25b06e9dc8a8fdf322a31ec753509f7f53a97907cb5048444d0c25361820
b1f863d13dbad7d5240f577a73b47b06227d218909259042da95301e2eb8be55
b6e3cf334d6180897d5c94ca6da8f819944b286a00a06904cc1527053a3f5eca
b7781f6fa62c80c336671d895754a77ce8d0f5e9fe30e0b1f40d08c66261408b
b7927c45da6f16a94e5463c3c5e980e3182c80e834541b5a4a70374948d06663
b8e352006cc3bc3c7c2206316ef5ecc3a319959d6b6a3b4da9702afd1dff10de
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bc12347103da4da2ac30f8b4defd567679284e0bad691a54fad78ad804fc9c27
bcdf010ba3dc61605c33de9b33e7e76dbc3bb4326dcec49f33970345e517fb25
bdfd60b477fc3a53026309cc91965dae061323c4a99562dabdd08831147528b2
bfb48a9884ea1ce7b47da60b4a99b5a8eec9d1007be88eb938c0c62198fef1e8
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
c3970f8ab86dce74caf210c248b24920cd504608043efaa14256cc016666da6e
c63cd86699646244db347b2746e3a3fde58f17d7d6189f4c054cc9a648ecd202
c8742eb0bd710587edec894c84e82c8372ef6b8040c3081c8aa230024e107fee
c885d2a7e4dcce408a2016d99033cf485700d0c17a8a9c7070376b80bf408d80
c8b7aa14f73e2f279bb0901f1938820a56594b04aa6898d12362486ab58cd4e0
c8c03fd4dea0f2c83fa05b10dfd913bfcff51d05e0c6e84b7f340b857fdda517
c9377b8af573396ce123e5b2721d3dd004abdaf9b5d590a6f83bc645326350e1
ca38cd9407ae288717edd25a803756b478d9b40481ad7148155f0931abe49840
caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c
ce14c0afa6c9a2db0b2abcd223acda784bdead49ed4d5949d1985e69b20e160e
d072a09604e6a1fea8ef42203503771aa36b63a3c91fd1059966e26e6f5812b3
d0bffc7261df1454c5e05475cda7d9e6647318dc6c3936767e1252bfe8849c54
d278491b1de51ad826d16be5ab27b1746999c02d45200f107218427e34eed798
d40a2cf12ea21acda522d8dc8ab7129f169a6d23ff557b10ac40bb865fea0fd7
d4c4215f41a4bb6f12e0d100854eecc6bc5c57ef23af0e945b8359d7727ae94e
d58198a3d9dcac61549b296427023797e40de39b3b3bf0105ed7bb96202a9018
d593fdf64289375adaa96b87ebf4c4beec2995d730e3601254e0a226808bfe57
d62a7b7ec5313469ebff5c006b9068dc44d6d1c122cf787ffa29a10113b34060
d7b77231b46dc7c7249d85e788540c2f7bb585ae43a167c0320c86dd6f7983a0
d8bd1954d35c36441c577e571af12e327da0115465a35f85bca7f6976ad49dda
dd85d36e65e3602aea07ead6d94b8fbe2ed5bbe3473f0fb1512f54ab359e8b03
ddbf19b4a1dc1544982a2859a72c0a5480b20ed16c6a82f0a02b83c846627f29
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf
dfcd4bd02a71994b7f5d7df2ce2bcaeb7266a9e901555dc82af84e700e0f05e5
dff2681d8f5f16b61b464b599d7c62f61efe496b54a77044145495bc8cad36d0
e0f1df7af81fd8eb920863093c426fdafd241b8d9aeb6126fb2fd24f36c061b3
e11dced993be3d8dc0b83a9532f0423d64ef189d577b91a7f9794b653ba435bd
e127aead57cd6625f795f8c41d8b7c463c2c50158e3a3dc398424db2b16bd5db
e208ef089c772279edf49733f265b4781ce4cbbfc83a8e6ce797b7b36aee146f
e20ddb9ed1fa044cb624f0253bb06b13c92ed9915063bd63a5806440c6b1ce7c
e2511b147f3cf95f742758d3e2062eac98f5265a859dc07959eb8a32f0a2f528
e2835af998d5ef885bfa14a1b1995c7724d5b6a76f545b4a491763bff6f0dac5
e2c4332b6cd0fea250e89907921adaf7e597b52808cf19c995d6173ae0263f21
e34f3c96e1eae99e2fc8b8f0c8f608bf3d8822872bf36246c4360a024a8527d5
e36e52f2dea526e013e72de047c397cb01506cae0394f2365a365ed549508cb9
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4058d4ee9da1ceaddfa91ddb63650ba67285f1bbfee487d9dfe648bced669a0
e439bebf8de2df0582273906d2c1dceff2387c661efb2152ef1c28420ce4e7e5
e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e
e5935466216a250bb06338805b32ffb19eeda9042ead790ebc6e5dda27820adb
e88135bd901d05162fb708390be2c2cfd3c5d279418faf5fb99e77ead81cd9bb
e895df88a898c42d0a462314157b881f614bf4c66bed9fd4113c980b5fdb020d
e8fe64429e5900c16c7f8dd7861704e2f4d38e00cbb16bc18820b46d92461389
e998d70d54146b70fbd8882efdd0682978dbc337f03a6e22367cb97aadf9e573
ea4feec0041895844cfcde210c65f7f6ac292458e5b412f7f0d5ef01792bea21
eb3c904f3fe6bdcb1bc5f5955cf0681c7b54d31acdb6015c6a39928805cdbadf
ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152
ecc2e585ea072abb205881f3aad6f36e92d556537e7100a8a128ddbc75edb436
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
efc1f6c6bfaa91b75a02c46b21fb9f62b860663e54ee63a46d35cea3d75a9633
effb8cfbba4b5f42d4f41c2520b3c1e28a8ccd0b9176423a56d57046f2d50238
f0e1ec797405914aa02b0dc7f1530b5fe6c9a8e7a6b76d34dee37a051db04e59
f20700868112cc667cdc2609b5ef9421a542d9c393aa8321517d7e18fdc471ac
f3526a0dfc8a25fe1f7a46a9a4beb8cd19b90cf877c97ab14edaf728ad134434
f3d66b78ca0c93adf48dec8533da3c4db538cc648dc60e383d5fd0b666859206
f4b064d961dd5c30917481f9cf22f400d352737e7dac10d70e574877eef1e8ea
f56272ce9e4b643808c03656845ec7b3f3b17fcd5633420b1912874751b8fe9e
f57b665fd1cf39f583765bbe2ab26050ea2fe934808ca9477804de22bff02222
f5eea1c9406e22225635f46d7ddde71a450b2337a7cd0b25ff834aef95734258
f78a2306382111c023adb75e9f54aa7a5ac504b55851fb36038a3193e107c7fb
f8a2b5b62eb722c3379b30cf0cc58d3176ee6be48036d6ad2aa838d2029c4189
fc13d99478d069c058c37d39f160adebe866ccb682702f4ea8cad462cf54040c
fda93a9ac28a125c30b9e09dd90d5a12093089ceb697a1a157c3905f44d66490
ffccd2a23cfd8028df1154bca2f74d09337660b524c84263f35699af2c88a828

threatpost.com Open in urlscan Pro 35.173.160.135 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

581 Requests

83 %HTTPS

26 %IPv6

97 Domains

162 Subdomains

108 IPs

12 Countries

7126 kBTransfer

17243 kBSize

120 Cookies

20 Outgoing links

Redirected requests

581 HTTP transactions Everything HTML Script AJAX CSS Image Expand all -1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

threatpost.com Open in urlscan Pro
35.173.160.135 Public Scan

Screenshot
Live screenshot

Full Image

581
Requests

83 %
HTTPS

26 %
IPv6

97
Domains

162
Subdomains

108
IPs

12
Countries

7126 kB
Transfer

17243 kB
Size

120
Cookies

581 HTTP transactions
-1 data transactions