urlscan.io logo urlscan.io
SecurityTrails logo

threatpost.com Open in urlscan Pro
35.173.160.135  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://t.co/i7rzaa85jI
Effective URL: https://threatpost.com/microsoft-exchange-exploited-cuba-ransomware/178665/?es_id=3416c12156
Submission: On March 22 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 118 IPs in 8 countries across 93 domains to perform 485 HTTP transactions. The main IP is 35.173.160.135, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is threatpost.com. The Cisco Umbrella rank of the primary domain is 152275.
TLS certificate: Issued by DigiCert TLS RSA SHA256 2020 CA1 on June 2nd 2021. Valid for: a year.
This is the only time threatpost.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 104.244.42.5 13414 (TWITTER)
1 1 67.199.248.10 396982 (GOOGLE-CL...)
34 35.173.160.135 14618 (AMAZON-AES)
9 18.66.139.84 16509 (AMAZON-02)
6 2a00:1450:400... 15169 (GOOGLE)
7 2606:4700:303... 13335 (CLOUDFLAR...)
13 2600:9000:225... 16509 (AMAZON-02)
10 2600:9000:249... 16509 (AMAZON-02)
9 2a00:1450:400... 15169 (GOOGLE)
1 185.85.15.31 200107 (KL-EXT)
5 18.66.109.174 16509 (AMAZON-02)
1 9 151.101.194.137 54113 (FASTLY)
5 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
13 142.250.181.226 15169 (GOOGLE)
1 104.111.219.144 16625 (AKAMAI-AS)
1 46.105.202.126 16276 (OVH)
3 52.213.251.128 16509 (AMAZON-02)
7 151.101.130.137 54113 (FASTLY)
9 3.132.161.168 16509 (AMAZON-02)
4 2a00:1450:400... 15169 (GOOGLE)
2 2606:4700:20:... 13335 (CLOUDFLAR...)
2 51.195.5.232 16276 (OVH)
6 2a00:1450:400... 15169 (GOOGLE)
3 6 2620:116:800d... 16509 (AMAZON-02)
1 199.232.136.157 54113 (FASTLY)
1 54.171.186.191 16509 (AMAZON-02)
2 15.188.95.229 16509 (AMAZON-02)
1 1 34.248.191.66 16509 (AMAZON-02)
4 2602:803:c004... 26667 (RUBICONPR...)
3 12 37.252.173.27 29990 (ASN-APPNEX)
3 185.64.189.112 62713 (AS-PUBMATIC)
3 52.29.1.115 16509 (AMAZON-02)
1 19 34.98.64.218 15169 (GOOGLE)
1 2606:4700::68... 13335 (CLOUDFLAR...)
9 52.215.175.9 16509 (AMAZON-02)
1 3.124.87.92 16509 (AMAZON-02)
3 18.156.195.47 16509 (AMAZON-02)
5 213.19.147.42 3356 (LEVEL3)
1 4 216.52.2.39 29791 (VOXEL-DOT...)
3 23.37.38.181 16625 (AKAMAI-AS)
1 3 145.40.89.200 54825 (PACKET)
2 7 134.209.129.254 14061 (DIGITALOC...)
1 2a00:1450:400... 15169 (GOOGLE)
31 2a00:1450:400... 15169 (GOOGLE)
1 2600:9000:249... 16509 (AMAZON-02)
1 104.244.42.131 13414 (TWITTER)
2 2a00:1450:400... 15169 (GOOGLE)
1 64.140.160.2 18450 (WEBNX)
2 2a00:1450:400... 15169 (GOOGLE)
1 18.195.249.59 16509 (AMAZON-02)
2 3 2606:4700::68... 13335 (CLOUDFLAR...)
1 2a02:26f0:fb:... 20940 (AKAMAI-ASN1)
1 2a00:1450:400... 15169 (GOOGLE)
4 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
3 5 2620:1ec:21::14 8068 (MICROSOFT...)
1 13.107.43.14 8068 (MICROSOFT...)
1 2 142.250.185.230 15169 (GOOGLE)
13 2a00:1450:400... 15169 (GOOGLE)
8 2a00:1450:400... 15169 (GOOGLE)
1 5 185.29.132.242 30419 (MEDIAMATH...)
1 2602:803:c004... 26667 (RUBICONPR...)
1 138.201.63.165 24940 (HETZNER-AS)
1 2.18.233.201 16625 (AKAMAI-AS)
1 4 88.99.165.19 24940 (HETZNER-AS)
2 10 23.37.42.132 16625 (AKAMAI-AS)
1 2600:1901:0:7... 15169 (GOOGLE)
13 2606:4700:20:... 13335 (CLOUDFLAR...)
4 37.157.3.28 198622 (ADFORM)
1 1 108.128.215.255 16509 (AMAZON-02)
5 25 142.250.185.130 15169 (GOOGLE)
2 4 35.244.174.68 15169 (GOOGLE)
3 35.227.252.103 15169 (GOOGLE)
4 4 192.82.242.209 62713 (AS-PUBMATIC)
4 6 69.173.144.165 26667 (RUBICONPR...)
15 37.157.2.249 198622 (ADFORM)
1 2a02:2638:1::2 44788 (ASN-CRITE...)
1 2a02:2638:1::4 44788 (ASN-CRITE...)
1 2606:4700:20:... 13335 (CLOUDFLAR...)
1 1 18.195.201.245 16509 (AMAZON-02)
7 2a02:2638:1::3 44788 (ASN-CRITE...)
1 178.250.2.148 44788 (ASN-CRITE...)
3 178.250.2.135 44788 (ASN-CRITE...)
2 178.250.0.162 44788 (ASN-CRITE...)
2 2606:4700:20:... 13335 (CLOUDFLAR...)
2 3 52.95.126.160 16509 (AMAZON-02)
3 3 69.173.144.138 26667 (RUBICONPR...)
4 7 209.54.180.3 16509 (AMAZON-02)
5 10 52.223.40.198 16509 (AMAZON-02)
1 85.114.131.234 24961 (MYLOC-AS ...)
4 4 84.200.5.215 31400 (ACCELERAT...)
1 78.46.85.162 24940 (HETZNER-AS)
1 46.4.41.145 24940 (HETZNER-AS)
1 104.111.239.217 16625 (AKAMAI-AS)
1 2 2a02:2638::1c 44788 (ASN-CRITE...)
2 178.250.0.157 44788 (ASN-CRITE...)
5 104.108.144.214 16625 (AKAMAI-AS)
3 10 104.108.145.8 16625 (AKAMAI-AS)
3 104.108.144.200 16625 (AKAMAI-AS)
5 8 3.126.56.137 16509 (AMAZON-02)
2 2 151.101.2.49 54113 (FASTLY)
5 5 18.184.26.136 16509 (AMAZON-02)
3 3 185.29.134.244 30419 (MEDIAMATH...)
4 4 37.157.6.246 198622 (ADFORM)
1 1 165.227.252.242 14061 (DIGITALOC...)
1 205.185.216.42 20446 (STACKPATH...)
3 6 13.248.245.213 16509 (AMAZON-02)
1 2620:1ec:48::44 8068 (MICROSOFT...)
2 3 2a05:d018:d29... 16509 (AMAZON-02)
2 2 18.159.83.65 16509 (AMAZON-02)
5 6 18.184.198.122 16509 (AMAZON-02)
2 2 54.87.192.123 ()
1 52.49.96.153 16509 (AMAZON-02)
1 2620:1ec:c11:... 8068 (MICROSOFT...)
3 3 70.42.32.159 22075 (AS-OUTBRAIN)
1 34.250.158.219 16509 (AMAZON-02)
2 67.202.105.24 ()
1 51.89.9.251 16276 (OVH)
2 185.86.137.121 201081 (SMARTADSE...)
1 1 216.52.2.19 30282 (AS-INAPCD...)
1 1 193.0.160.128 54312 (ROCKETFUEL)
3 178.162.133.149 60781 (LEASEWEB-...)
1 1 185.183.112.148 60350 (VP)
1 1 79.125.50.68 ()
1 3 185.86.139.114 201081 (SMARTADSE...)
1 164.132.158.126 16276 (OVH)
8 8 213.19.147.44 26120 (RHYTHMONE)
1 1 37.252.172.45 ()
1 14 34.242.212.194 ()
3 4 64.202.112.63 ()
1 1 54.159.94.231 ()
1 150.136.156.92 ()
1 38.91.45.7 ()
1 1 104.90.192.27 ()
2 2 54.72.57.179 ()
2 54.216.63.116 ()
1 1 74.214.196.131 ()
2 18.195.155.181 ()
1 1 124.146.215.50 ()
2 2 185.184.8.65 204995 (RTB-HOUSE...)
1 178.162.133.148 ()
2 2 54.234.50.35 ()
1 52.200.175.154 ()
1 69.173.151.100 ()
485 118
2    104.244.42.5 (United States)

ASN13414 (TWITTER, US)
t.co
1    67.199.248.10 (United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: bit.ly
bit.ly
34    35.173.160.135 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-35-173-160-135.compute-1.amazonaws.com
threatpost.com
kasperskycontenthub.com
9    18.66.139.84 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-139-84.fra60.r.cloudfront.net
tagan.adlightning.com
6    2a00:1450:4001:82b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagservices.com
7    2606:4700:3031::6815:456d (United States)

ASN13335 (CLOUDFLARENET, US)
qd.admetricspro.com
13    2600:9000:2250:f600:2:9275:3d40:93a1 (United States)

ASN16509 (AMAZON-02, US)
assets.threatpost.com
10    2600:9000:2490:9000:0:5c46:4f40:93a1 (United States)

ASN16509 (AMAZON-02, US)
media.threatpost.com
9    2a00:1450:4001:82f::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
1    185.85.15.31 (Germany)

ASN200107 (KL-EXT, CH)
media.kaspersky.com
5    18.66.109.174 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-109-174.fra56.r.cloudfront.net
c.amazon-adsystem.com
9    151.101.194.137 (United States)

ASN54113 (FASTLY, US)
cd.connatix.com
cds.connatix.com
capi.connatix.com
img.connatix.com
5    2a00:1450:4001:831::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
2    2a00:1450:4001:827::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.gstatic.com
13    142.250.181.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s56-in-f2.1e100.net
securepubads.g.doubleclick.net
partner.googleadservices.com
1    104.111.219.144 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-219-144.deploy.static.akamaitechnologies.com
secure.cdn.fastclick.net
1    46.105.202.126 (France)

ASN16276 (OVH, FR)
cdn.id5-sync.com
3    52.213.251.128 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-213-251-128.eu-west-1.compute.amazonaws.com
dpm.demdex.net
7    151.101.130.137 (United States)

ASN54113 (FASTLY, US)
lit.connatix.com
vid.connatix.com
9    3.132.161.168 (Columbus, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-132-161-168.us-east-2.compute.amazonaws.com
capi-tier-2-us-east-2.connatix.com
4    2a00:1450:4001:829::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
imasdk.googleapis.com
2    2606:4700:20::ac43:4bf1 (United States)

ASN13335 (CLOUDFLARENET, US)
script.4dex.io
2    51.195.5.232 (France)

ASN16276 (OVH, FR)
PTR: p15.id5-sync.com
id5-sync.com
6    2a00:1450:4001:829::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
6    2620:116:800d:21:3175:5196:e3fd:8c1d (United States)

ASN16509 (AMAZON-02, US)
secure.quantserve.com
pixel.quantserve.com
cms.quantserve.com
1    199.232.136.157 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)
static.ads-twitter.com
1    54.171.186.191 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-171-186-191.eu-west-1.compute.amazonaws.com
kaspersky.demdex.net
2    15.188.95.229 (Paris, France)

ASN16509 (AMAZON-02, US)
PTR: ec2-15-188-95-229.eu-west-3.compute.amazonaws.com
kaspersky.d3.sc.omtrdc.net
1    34.248.191.66 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-248-191-66.eu-west-1.compute.amazonaws.com
cm.everesttech.net
4    2602:803:c004:200::143 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)
fastlane.rubiconproject.com
12    37.252.173.27 (Frankfurt am Main, Germany)

ASN29990 (ASN-APPNEX, US)
PTR: 539.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
ib.adnxs.com
3    185.64.189.112 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)
hbopenbid.pubmatic.com
3    52.29.1.115 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-29-1-115.eu-central-1.compute.amazonaws.com
btlr.sharethrough.com
19    34.98.64.218 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 218.64.98.34.bc.googleusercontent.com
teachingaids-d.openx.net
u.openx.net
eu-u.openx.net
us-u.openx.net
gift-connect-d.openx.net
1    2606:4700::6812:372 (United States)

ASN13335 (CLOUDFLARENET, US)
mp.4dex.io
9    52.215.175.9 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-215-175-9.eu-west-1.compute.amazonaws.com
ads.servenobid.com
1    3.124.87.92 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-124-87-92.eu-central-1.compute.amazonaws.com
tlx.3lift.com
3    18.156.195.47 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-156-195-47.eu-central-1.compute.amazonaws.com
c2shb.ssp.yahoo.com
5    213.19.147.42 (United Kingdom)

ASN3356 (LEVEL3, US)
tag.1rx.io
4    216.52.2.39 (United States)

ASN29791 (VOXEL-DOT-NET, US)
ap.lijit.com
3    23.37.38.181 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-37-38-181.deploy.static.akamaitechnologies.com
htlb.casalemedia.com
3    145.40.89.200 (Ashburn, United States)

ASN54825 (PACKET, US)
prebid.a-mo.net
7    134.209.129.254 (North Bergen, United States)

ASN14061 (DIGITALOCEAN-ASN, US)
e.serverbid.com
1    2a00:1450:4001:828::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
s0.2mdn.net
31    2a00:1450:4001:831::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
pagead2.googlesyndication.com
1    2600:9000:2491:c00:6:44e3:f8c0:93a1 (United States)

ASN16509 (AMAZON-02, US)
rules.quantcount.com
1    104.244.42.131 (United States)

ASN13414 (TWITTER, US)
analytics.twitter.com
2    2a00:1450:400c:c06::9c (Brussels, Belgium)

ASN15169 (GOOGLE, US)
stats.g.doubleclick.net
1    64.140.160.2 (Ogden, United States)

ASN18450 (WEBNX, US)
PTR: threatintelligenceplatform.com
geo.ipify.org
2    2a00:1450:4001:812::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.de
1    18.195.249.59 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-195-249-59.eu-central-1.compute.amazonaws.com
ads.adaptv.advertising.com
3    2606:4700::6810:7aaf (United States)

ASN13335 (CLOUDFLARENET, US)
unpkg.com
1    2a02:26f0:fb::5f65:58e0 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
snap.licdn.com
1    2a00:1450:4001:802::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
adservice.google.de
4    2a00:1450:4001:810::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
adservice.google.com
1    2a00:1450:4001:808::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
048a6f26d92405f83648b837c96f4fc2.safeframe.googlesyndication.com
5    2620:1ec:21::14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
px.ads.linkedin.com
www.linkedin.com
1    13.107.43.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
px4.ads.linkedin.com
2    142.250.185.230 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s53-in-f6.1e100.net
9582686.fls.doubleclick.net
13    2a00:1450:4001:82a::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
tpc.googlesyndication.com
8    2a00:1450:4001:830::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
adservice.google.de
googleads.g.doubleclick.net
5    185.29.132.242 (United Kingdom)

ASN30419 (MEDIAMATH-INC, US)
tags.mathtag.com
1    2602:803:c004:200::153 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)
beacon-fra2.rubiconproject.com
1    138.201.63.165 (Reilingen, Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.165.63.201.138.clients.your-server.de
hal9000.redintelligence.net
1    2.18.233.201 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-233-201.deploy.static.akamaitechnologies.com
pixel.mathtag.com
4    88.99.165.19 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.19.165.99.88.clients.your-server.de
hal900028.redintelligence.net
10    23.37.42.132 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-37-42-132.deploy.static.akamaitechnologies.com
eus.rubiconproject.com
secure-assets.rubiconproject.com
1    2600:1901:0:76b9:: (Kansas City, United States)

ASN15169 (GOOGLE, US)
prod-rtb.ad4mat.net
13    2606:4700:20::681a:ad1 (United States)

ASN13335 (CLOUDFLARENET, US)
as.ad4m.at
ad4m.at
assets.ad4m.at
4    37.157.3.28 (Denmark)

ASN198622 (ADFORM, DK)
track.adform.net
1    108.128.215.255 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-108-128-215-255.eu-west-1.compute.amazonaws.com
pixel.everesttech.net
25    142.250.185.130 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s50-in-f2.1e100.net
cm.g.doubleclick.net
4    35.244.174.68 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 68.174.244.35.bc.googleusercontent.com
id.rlcdn.com
3    35.227.252.103 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 103.252.227.35.bc.googleusercontent.com
rtb.openx.net
4    192.82.242.209 (United States)

ASN62713 (AS-PUBMATIC, US)
image6.pubmatic.com
6    69.173.144.165 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)
pixel.rubiconproject.com
15    37.157.2.249 (Denmark)

ASN198622 (ADFORM, DK)
s1.adform.net
1    2a02:2638:1::2 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
rtb.nl.eu.criteo.com
1    2a02:2638:1::4 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
ads.eu.criteo.com
1    2606:4700:20::681a:71b (United States)

ASN13335 (CLOUDFLARENET, US)
static-de.ad4mat.net
1    18.195.201.245 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-195-201-245.eu-central-1.compute.amazonaws.com
d.agkn.com
7    2a02:2638:1::3 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
static.criteo.net
1    178.250.2.148 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
cat.nl.eu.criteo.com
3    178.250.2.135 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
PTR: pix.am5.vip.prod.criteo.com
pix.eu.criteo.net
2    178.250.0.162 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
csm.eu.criteo.net
2    2606:4700:20::ac43:4a81 (United States)

ASN13335 (CLOUDFLARENET, US)
ad4m.at
3    52.95.126.160 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
aax-eu.amazon-adsystem.com
3    69.173.144.138 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)
token.rubiconproject.com
7    209.54.180.3 (Ashburn, United States)

ASN16509 (AMAZON-02, US)
s.amazon-adsystem.com
10    52.223.40.198 (United States)

ASN16509 (AMAZON-02, US)
PTR: a6370ebea231e0c9a.awsglobalaccelerator.com
match.adsrvr.org
1    85.114.131.234 (Germany)

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)
PTR: srv21038.dus4.fastwebserver.de
cdn.contentspread.net
4    84.200.5.215 (Germany)

ASN31400 (ACCELERATED-IT, DE)
www.telefonica-partner.de
www.lead-alliance.net
1    78.46.85.162 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: nonstopads1.sunbonet.de
partner.o2online.de
1    46.4.41.145 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: nonstopads2.sunbonet.de
partner.blau.de
1    104.111.239.217 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-239-217.deploy.static.akamaitechnologies.com
www.awin1.com
2    2a02:2638::1c (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
gum.criteo.com
2    178.250.0.157 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
mug.criteo.com
5    104.108.144.214 (Berlin, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-108-144-214.deploy.static.akamaitechnologies.com
ads.pubmatic.com
10    104.108.145.8 (Berlin, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-108-145-8.deploy.static.akamaitechnologies.com
js-sec.indexww.com
ssum-sec.casalemedia.com
dsum-sec.casalemedia.com
3    104.108.144.200 (Berlin, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-108-144-200.deploy.static.akamaitechnologies.com
acdn.adnxs.com
8    3.126.56.137 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-126-56-137.eu-central-1.compute.amazonaws.com
ups.analytics.yahoo.com
2    151.101.2.49 (United States)

ASN54113 (FASTLY, US)
sync-tm.everesttech.net
5    18.184.26.136 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-184-26-136.eu-central-1.compute.amazonaws.com
pixel.advertising.com
3    185.29.134.244 (United Kingdom)

ASN30419 (MEDIAMATH-INC, US)
sync.mathtag.com
4    37.157.6.246 (Denmark)

ASN198622 (ADFORM, DK)
c1.adform.net
1    165.227.252.242 (North Bergen, United States)

ASN14061 (DIGITALOCEAN-ASN, US)
sync.serverbid.com
1    205.185.216.42 (United States)

ASN20446 (STACKPATH-CDN, US)
PTR: map2.hwcdn.net
serverbid-sync.nyc3.cdn.digitaloceanspaces.com
6    13.248.245.213 (United States)

ASN16509 (AMAZON-02, US)
PTR: a0f671730127a0812.awsglobalaccelerator.com
eb2.3lift.com
1    2620:1ec:48::44 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
public.servenobid.com
3    2a05:d018:d29:3605:a6cd:bbc5:ba08:db41 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
pr-bh.ybp.yahoo.com
2    18.159.83.65 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-159-83-65.eu-central-1.compute.amazonaws.com
pm.w55c.net
6    18.184.198.122 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-184-198-122.eu-central-1.compute.amazonaws.com
x.bidswitch.net
2    54.87.192.123 (None, )

ASN- ()
sync.srv.stackadapt.com
1    52.49.96.153 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-49-96-153.eu-west-1.compute.amazonaws.com
match.prod.bidr.io
1    2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
c.bing.com
3    70.42.32.159 (United States)

ASN22075 (AS-OUTBRAIN, US)
PTR: ny.outbrain.com
b1sync.zemanta.com
1    34.250.158.219 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-250-158-219.eu-west-1.compute.amazonaws.com
g2.gumgum.com
2    67.202.105.24 (None, )

ASN- ()
pixel.33across.com
ssc-cms.33across.com
1    51.89.9.251 (London, United Kingdom)

ASN16276 (OVH, FR)
PTR: ip251.ip-51-89-9.eu
onetag-sys.com
2    185.86.137.121 (France)

ASN201081 (SMARTADSERVER, FR)
ssbsync.smartadserver.com
1    216.52.2.19 (United States)

ASN30282 (AS-INAPCDN-OCY, US)
ce.lijit.com
1    193.0.160.128 (United States)

ASN54312 (ROCKETFUEL, US)
p.rfihub.com
3    178.162.133.149 (Rijswijk, Netherlands)

ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)
PTR: ams-1-sync.go.sonobi.com
sync.go.sonobi.com
1    185.183.112.148 (Paris, France)

ASN60350 (VP, FR)
sync.adotmob.com
1    79.125.50.68 (None, )

ASN- ()
d.adroll.com
3    185.86.139.114 (France)

ASN201081 (SMARTADSERVER, FR)
rtb-csync.smartadserver.com
1    164.132.158.126 (France)

ASN16276 (OVH, FR)
PTR: ip126.ip-164-132-158.eu
cookie-matching.mediarithmics.com
8    213.19.147.44 (United Kingdom)

ASN26120 (RHYTHMONE, US)
sync.1rx.io
sync.targeting.unrulymedia.com
1    37.252.172.45 (None, )

ASN- ()
secure.adnxs.com
14    34.242.212.194 (None, )

ASN- ()
rtb.gumgum.com
4    64.202.112.63 (None, )

ASN- ()
sync.outbrain.com
1    54.159.94.231 (None, )

ASN- ()
sync.ipredictive.com
1    150.136.156.92 (None, )

ASN- ()
sync.technoratimedia.com
1    38.91.45.7 (None, )

ASN- ()
match.deepintent.com
1    104.90.192.27 (None, )

ASN- ()
stags.bluekai.com
2    54.72.57.179 (None, )

ASN- ()
ad.360yield.com
2    54.216.63.116 (None, )

ASN- ()
usersync.gumgum.com
1    74.214.196.131 (None, )

ASN- ()
bh.contextweb.com
2    18.195.155.181 (None, )

ASN- ()
cs.emxdgt.com
1    124.146.215.50 (None, )

ASN- ()
tg.socdm.com
2    185.184.8.65 (Amsterdam, Netherlands)

ASN204995 (RTB-HOUSE-AMS, PL)
PTR: ip-185-184-8-65.rtbhouse.net
creativecdn.com
1    178.162.133.148 (None, )

ASN- ()
go.sonobi.com
2    54.234.50.35 (None, )

ASN- ()
i.liadm.com
1    52.200.175.154 (None, )

ASN- ()
i6.liadm.com
1    69.173.151.100 (None, )

ASN- ()
pixel-us-east.rubiconproject.com
Apex Domain
Subdomains		 Transfer
55 threatpost.com
threatpost.com — Cisco Umbrella Rank: 152275
assets.threatpost.com — Cisco Umbrella Rank: 415104
media.threatpost.com — Cisco Umbrella Rank: 280247
2 MB
45 googlesyndication.com
pagead2.googlesyndication.com — Cisco Umbrella Rank: 90
048a6f26d92405f83648b837c96f4fc2.safeframe.googlesyndication.com
tpc.googlesyndication.com — Cisco Umbrella Rank: 122
486 KB
45 doubleclick.net
securepubads.g.doubleclick.net — Cisco Umbrella Rank: 159
stats.g.doubleclick.net — Cisco Umbrella Rank: 68
9582686.fls.doubleclick.net — Cisco Umbrella Rank: 289584
googleads.g.doubleclick.net — Cisco Umbrella Rank: 38
cm.g.doubleclick.net — Cisco Umbrella Rank: 176
211 KB
25 rubiconproject.com
fastlane.rubiconproject.com — Cisco Umbrella Rank: 412
beacon-fra2.rubiconproject.com — Cisco Umbrella Rank: 14288
eus.rubiconproject.com — Cisco Umbrella Rank: 503
pixel.rubiconproject.com — Cisco Umbrella Rank: 289
token.rubiconproject.com — Cisco Umbrella Rank: 595
secure-assets.rubiconproject.com — Cisco Umbrella Rank: 944
pixel-us-east.rubiconproject.com
52 KB
25 connatix.com
cd.connatix.com — Cisco Umbrella Rank: 3021
cds.connatix.com — Cisco Umbrella Rank: 3082
capi.connatix.com — Cisco Umbrella Rank: 2633
lit.connatix.com — Cisco Umbrella Rank: 6531
capi-tier-2-us-east-2.connatix.com
vid.connatix.com — Cisco Umbrella Rank: 3623
img.connatix.com — Cisco Umbrella Rank: 3711
2 MB
23 adform.net
track.adform.net — Cisco Umbrella Rank: 3334
s1.adform.net — Cisco Umbrella Rank: 8028
c1.adform.net — Cisco Umbrella Rank: 524
178 KB
22 openx.net
teachingaids-d.openx.net — Cisco Umbrella Rank: 17237
rtb.openx.net — Cisco Umbrella Rank: 1359
u.openx.net — Cisco Umbrella Rank: 621
eu-u.openx.net — Cisco Umbrella Rank: 1751
us-u.openx.net — Cisco Umbrella Rank: 323
gift-connect-d.openx.net — Cisco Umbrella Rank: 11553
4 KB
17 gumgum.com
g2.gumgum.com — Cisco Umbrella Rank: 1487
rtb.gumgum.com
usersync.gumgum.com
5 KB
16 adnxs.com
ib.adnxs.com — Cisco Umbrella Rank: 205
acdn.adnxs.com — Cisco Umbrella Rank: 523
secure.adnxs.com
62 KB
15 ad4m.at
as.ad4m.at — Cisco Umbrella Rank: 2174
ad4m.at — Cisco Umbrella Rank: 1742
assets.ad4m.at — Cisco Umbrella Rank: 32740
572 KB
15 amazon-adsystem.com
c.amazon-adsystem.com — Cisco Umbrella Rank: 275
aax-eu.amazon-adsystem.com — Cisco Umbrella Rank: 1352
s.amazon-adsystem.com — Cisco Umbrella Rank: 260
48 KB
14 yahoo.com
c2shb.ssp.yahoo.com — Cisco Umbrella Rank: 682
ups.analytics.yahoo.com — Cisco Umbrella Rank: 268
pr-bh.ybp.yahoo.com — Cisco Umbrella Rank: 416
6 KB
13 google.com
www.google.com — Cisco Umbrella Rank: 2
adservice.google.com — Cisco Umbrella Rank: 57
5 KB
12 criteo.net
static.criteo.net — Cisco Umbrella Rank: 600
pix.eu.criteo.net — Cisco Umbrella Rank: 7328
csm.eu.criteo.net — Cisco Umbrella Rank: 7422
175 KB
12 pubmatic.com
hbopenbid.pubmatic.com — Cisco Umbrella Rank: 417
image6.pubmatic.com — Cisco Umbrella Rank: 571
ads.pubmatic.com — Cisco Umbrella Rank: 419
32 KB
11 1rx.io
tag.1rx.io — Cisco Umbrella Rank: 1169
sync.1rx.io — Cisco Umbrella Rank: 491 Failed
4 KB
10 adsrvr.org
match.adsrvr.org — Cisco Umbrella Rank: 293
4 KB
10 casalemedia.com
htlb.casalemedia.com — Cisco Umbrella Rank: 409
ssum-sec.casalemedia.com — Cisco Umbrella Rank: 476
dsum-sec.casalemedia.com
11 KB
10 servenobid.com
ads.servenobid.com — Cisco Umbrella Rank: 1811
public.servenobid.com — Cisco Umbrella Rank: 3714
7 KB
9 mathtag.com
tags.mathtag.com — Cisco Umbrella Rank: 2892
pixel.mathtag.com — Cisco Umbrella Rank: 1093
sync.mathtag.com — Cisco Umbrella Rank: 384
5 KB
9 adlightning.com
tagan.adlightning.com — Cisco Umbrella Rank: 1314
205 KB
8 serverbid.com
e.serverbid.com — Cisco Umbrella Rank: 2774
sync.serverbid.com — Cisco Umbrella Rank: 5262
1 KB
7 criteo.com
rtb.nl.eu.criteo.com — Cisco Umbrella Rank: 11348
ads.eu.criteo.com — Cisco Umbrella Rank: 7435
cat.nl.eu.criteo.com — Cisco Umbrella Rank: 9430
gum.criteo.com — Cisco Umbrella Rank: 347
mug.criteo.com — Cisco Umbrella Rank: 3185
44 KB
7 3lift.com
tlx.3lift.com — Cisco Umbrella Rank: 512
eb2.3lift.com — Cisco Umbrella Rank: 346
3 KB
7 admetricspro.com
qd.admetricspro.com — Cisco Umbrella Rank: 18070
325 KB
6 bidswitch.net
x.bidswitch.net — Cisco Umbrella Rank: 257
3 KB
6 linkedin.com
px.ads.linkedin.com — Cisco Umbrella Rank: 434
www.linkedin.com — Cisco Umbrella Rank: 609
px4.ads.linkedin.com — Cisco Umbrella Rank: 5153
4 KB
6 advertising.com
ads.adaptv.advertising.com — Cisco Umbrella Rank: 1091
pixel.advertising.com — Cisco Umbrella Rank: 307
2 KB
6 google.de
www.google.de — Cisco Umbrella Rank: 6433
adservice.google.de — Cisco Umbrella Rank: 8832
2 KB
6 quantserve.com
secure.quantserve.com — Cisco Umbrella Rank: 839
pixel.quantserve.com — Cisco Umbrella Rank: 381
cms.quantserve.com — Cisco Umbrella Rank: 929
12 KB
6 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 31
40 KB
6 googletagservices.com
www.googletagservices.com — Cisco Umbrella Rank: 147
207 KB
5 smartadserver.com
ssbsync.smartadserver.com — Cisco Umbrella Rank: 1266
rtb-csync.smartadserver.com — Cisco Umbrella Rank: 603
2 KB
5 redintelligence.net
hal9000.redintelligence.net — Cisco Umbrella Rank: 28803
hal900028.redintelligence.net — Cisco Umbrella Rank: 180551
8 KB
5 lijit.com
ap.lijit.com — Cisco Umbrella Rank: 594
ce.lijit.com — Cisco Umbrella Rank: 734
2 KB
5 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 54
380 KB
4 outbrain.com
sync.outbrain.com
1 KB
4 sonobi.com
sync.go.sonobi.com — Cisco Umbrella Rank: 843
go.sonobi.com
2 KB
4 rlcdn.com
id.rlcdn.com — Cisco Umbrella Rank: 565
1 KB
4 everesttech.net
cm.everesttech.net — Cisco Umbrella Rank: 878
pixel.everesttech.net — Cisco Umbrella Rank: 2828
sync-tm.everesttech.net — Cisco Umbrella Rank: 490
1 KB
4 googleapis.com
imasdk.googleapis.com — Cisco Umbrella Rank: 399
700 KB
4 demdex.net
dpm.demdex.net — Cisco Umbrella Rank: 184
kaspersky.demdex.net — Cisco Umbrella Rank: 215069
5 KB
3 liadm.com
i.liadm.com
i6.liadm.com
1 KB
3 zemanta.com
b1sync.zemanta.com — Cisco Umbrella Rank: 528
2 KB
3 indexww.com
js-sec.indexww.com — Cisco Umbrella Rank: 604
5 KB
3 unpkg.com
unpkg.com — Cisco Umbrella Rank: 821
2 KB
3 a-mo.net
prebid.a-mo.net — Cisco Umbrella Rank: 1055
830 B
3 sharethrough.com
btlr.sharethrough.com — Cisco Umbrella Rank: 989
337 B
3 4dex.io
script.4dex.io — Cisco Umbrella Rank: 1689
mp.4dex.io — Cisco Umbrella Rank: 2262
24 KB
3 id5-sync.com
cdn.id5-sync.com — Cisco Umbrella Rank: 1490
id5-sync.com — Cisco Umbrella Rank: 488
12 KB
2 creativecdn.com
creativecdn.com — Cisco Umbrella Rank: 614
695 B
2 emxdgt.com
cs.emxdgt.com
2 360yield.com
ad.360yield.com
624 B
2 unrulymedia.com
sync.targeting.unrulymedia.com
969 B
2 33across.com
pixel.33across.com
ssc-cms.33across.com
2 stackadapt.com
sync.srv.stackadapt.com
1 KB
2 w55c.net
pm.w55c.net — Cisco Umbrella Rank: 730
1 KB
2 lead-alliance.net
www.lead-alliance.net — Cisco Umbrella Rank: 46354
770 B
2 telefonica-partner.de
www.telefonica-partner.de — Cisco Umbrella Rank: 48610
573 B
2 ad4mat.net
prod-rtb.ad4mat.net — Cisco Umbrella Rank: 91678
static-de.ad4mat.net — Cisco Umbrella Rank: 128562
4 KB
2 googleadservices.com
partner.googleadservices.com — Cisco Umbrella Rank: 716
344 B
2 omtrdc.net
kaspersky.d3.sc.omtrdc.net — Cisco Umbrella Rank: 205395
561 B
2 gstatic.com
www.gstatic.com
283 KB
2 kasperskycontenthub.com
kasperskycontenthub.com — Cisco Umbrella Rank: 320047
1 KB
2 t.co
t.co — Cisco Umbrella Rank: 448
756 B
1 socdm.com
tg.socdm.com
693 B
1 contextweb.com
bh.contextweb.com
383 B
1 bluekai.com
stags.bluekai.com
1 KB
1 deepintent.com
match.deepintent.com
44 B
1 technoratimedia.com
sync.technoratimedia.com
293 B
1 ipredictive.com
sync.ipredictive.com
428 B
1 mediarithmics.com
cookie-matching.mediarithmics.com — Cisco Umbrella Rank: 1865
86 B
1 adroll.com
d.adroll.com
112 B
1 adotmob.com
sync.adotmob.com — Cisco Umbrella Rank: 1385
307 B
1 rfihub.com
p.rfihub.com — Cisco Umbrella Rank: 631
755 B
1 onetag-sys.com
onetag-sys.com — Cisco Umbrella Rank: 797
814 B
1 bing.com
c.bing.com — Cisco Umbrella Rank: 193
594 B
1 bidr.io
match.prod.bidr.io — Cisco Umbrella Rank: 462
430 B
1 digitaloceanspaces.com
serverbid-sync.nyc3.cdn.digitaloceanspaces.com — Cisco Umbrella Rank: 6046
5 KB
1 awin1.com
www.awin1.com — Cisco Umbrella Rank: 13937
704 B
1 blau.de
partner.blau.de — Cisco Umbrella Rank: 58770
1 KB
1 o2online.de
partner.o2online.de — Cisco Umbrella Rank: 51158
2 KB
1 contentspread.net
cdn.contentspread.net — Cisco Umbrella Rank: 45661
1 KB
1 agkn.com
d.agkn.com — Cisco Umbrella Rank: 492
759 B
1 licdn.com
snap.licdn.com — Cisco Umbrella Rank: 799
3 KB
1 ipify.org
geo.ipify.org — Cisco Umbrella Rank: 37428
599 B
1 twitter.com
analytics.twitter.com — Cisco Umbrella Rank: 464
459 B
1 quantcount.com
rules.quantcount.com — Cisco Umbrella Rank: 792
345 B
1 2mdn.net
s0.2mdn.net — Cisco Umbrella Rank: 246
17 KB
1 ads-twitter.com
static.ads-twitter.com — Cisco Umbrella Rank: 531
6 KB
1 fastclick.net
secure.cdn.fastclick.net — Cisco Umbrella Rank: 1623
17 KB
1 kaspersky.com
media.kaspersky.com — Cisco Umbrella Rank: 98638
48 KB
1 bit.ly
bit.ly — Cisco Umbrella Rank: 3926
329 B
485 93
Domain Requested by
32 threatpost.com t.co
threatpost.com
31 pagead2.googlesyndication.com srcdoc
threatpost.com
securepubads.g.doubleclick.net
tpc.googlesyndication.com
tagan.adlightning.com
pagead2.googlesyndication.com
googleads.g.doubleclick.net
www.googletagservices.com
25 cm.g.doubleclick.net 5 redirects googleads.g.doubleclick.net
threatpost.com
u.openx.net
eb2.3lift.com
ssum-sec.casalemedia.com
ssbsync.smartadserver.com
g2.gumgum.com
15 s1.adform.net track.adform.net
s1.adform.net
t.co
14 rtb.gumgum.com 1 redirects g2.gumgum.com
13 tpc.googlesyndication.com tagan.adlightning.com
googleads.g.doubleclick.net
13 assets.threatpost.com threatpost.com
assets.threatpost.com
12 ib.adnxs.com 3 redirects qd.admetricspro.com
cds.connatix.com
acdn.adnxs.com
11 securepubads.g.doubleclick.net tagan.adlightning.com
www.googletagservices.com
securepubads.g.doubleclick.net
threatpost.com
10 match.adsrvr.org 5 redirects threatpost.com
u.openx.net
eb2.3lift.com
ssum-sec.casalemedia.com
10 media.threatpost.com threatpost.com
9 ads.servenobid.com qd.admetricspro.com
public.servenobid.com
ssum-sec.casalemedia.com
ssbsync.smartadserver.com
g2.gumgum.com
9 capi-tier-2-us-east-2.connatix.com cd.connatix.com
9 www.google.com threatpost.com
tagan.adlightning.com
googleads.g.doubleclick.net
9 tagan.adlightning.com threatpost.com
tagan.adlightning.com
8 ups.analytics.yahoo.com 5 redirects
8 eus.rubiconproject.com threatpost.com
eus.rubiconproject.com
qd.admetricspro.com
g2.gumgum.com
serverbid-sync.nyc3.cdn.digitaloceanspaces.com
7 eu-u.openx.net u.openx.net
qd.admetricspro.com
eu-u.openx.net
7 s.amazon-adsystem.com 4 redirects eb2.3lift.com
ssum-sec.casalemedia.com
7 static.criteo.net ads.eu.criteo.com
7 e.serverbid.com 2 redirects qd.admetricspro.com
serverbid-sync.nyc3.cdn.digitaloceanspaces.com
7 qd.admetricspro.com threatpost.com
qd.admetricspro.com
6 sync.1rx.io public.servenobid.com
6 x.bidswitch.net 5 redirects eb2.3lift.com
6 eb2.3lift.com 3 redirects qd.admetricspro.com
eb2.3lift.com
6 us-u.openx.net 1 redirects u.openx.net
eu-u.openx.net
6 assets.ad4m.at as.ad4m.at
6 pixel.rubiconproject.com 4 redirects threatpost.com
g2.gumgum.com
6 www.google-analytics.com www.googletagmanager.com
www.google-analytics.com
threatpost.com
6 vid.connatix.com cd.connatix.com
cds.connatix.com
6 www.googletagservices.com threatpost.com
tagan.adlightning.com
googleads.g.doubleclick.net
5 pixel.advertising.com 5 redirects
5 ads.pubmatic.com cds.connatix.com
qd.admetricspro.com
g2.gumgum.com
serverbid-sync.nyc3.cdn.digitaloceanspaces.com
5 ad4m.at as.ad4m.at
ad4m.at
ssum-sec.casalemedia.com
5 googleads.g.doubleclick.net tagan.adlightning.com
googleads.g.doubleclick.net
5 tags.mathtag.com 1 redirects tagan.adlightning.com
threatpost.com
5 tag.1rx.io qd.admetricspro.com
cds.connatix.com
5 www.googletagmanager.com threatpost.com
www.googletagmanager.com
5 cds.connatix.com threatpost.com
cd.connatix.com
5 c.amazon-adsystem.com qd.admetricspro.com
c.amazon-adsystem.com
4 sync.outbrain.com 3 redirects g2.gumgum.com
4 dsum-sec.casalemedia.com 1 redirects ssum-sec.casalemedia.com
4 c1.adform.net 4 redirects
4 image6.pubmatic.com 4 redirects
4 id.rlcdn.com 2 redirects googleads.g.doubleclick.net
threatpost.com
4 track.adform.net hal900028.redintelligence.net
s1.adform.net
4 as.ad4m.at googleads.g.doubleclick.net
as.ad4m.at
ad4m.at
4 hal900028.redintelligence.net 1 redirects threatpost.com
tagan.adlightning.com
hal900028.redintelligence.net
4 px.ads.linkedin.com 2 redirects threatpost.com
eb2.3lift.com
4 adservice.google.com tagan.adlightning.com
9582686.fls.doubleclick.net
4 adservice.google.de tagan.adlightning.com
adservice.google.com
4 ap.lijit.com 1 redirects qd.admetricspro.com
public.servenobid.com
4 fastlane.rubiconproject.com qd.admetricspro.com
4 imasdk.googleapis.com cd.connatix.com
imasdk.googleapis.com
3 rtb-csync.smartadserver.com 1 redirects ssbsync.smartadserver.com
3 sync.go.sonobi.com public.servenobid.com
serverbid-sync.nyc3.cdn.digitaloceanspaces.com
3 ssum-sec.casalemedia.com 2 redirects public.servenobid.com
3 b1sync.zemanta.com 3 redirects
3 pr-bh.ybp.yahoo.com 2 redirects eu-u.openx.net
3 sync.mathtag.com 3 redirects
3 acdn.adnxs.com cds.connatix.com
qd.admetricspro.com
3 js-sec.indexww.com cds.connatix.com
qd.admetricspro.com
3 token.rubiconproject.com 3 redirects
3 aax-eu.amazon-adsystem.com 2 redirects
3 pix.eu.criteo.net ads.eu.criteo.com
3 rtb.openx.net googleads.g.doubleclick.net
eu-u.openx.net
3 unpkg.com 2 redirects
3 pixel.quantserve.com 2 redirects threatpost.com
3 prebid.a-mo.net 1 redirects qd.admetricspro.com
cds.connatix.com
3 htlb.casalemedia.com qd.admetricspro.com
cds.connatix.com
3 c2shb.ssp.yahoo.com qd.admetricspro.com
3 teachingaids-d.openx.net qd.admetricspro.com
cds.connatix.com
3 btlr.sharethrough.com qd.admetricspro.com
3 hbopenbid.pubmatic.com qd.admetricspro.com
cds.connatix.com
3 dpm.demdex.net media.kaspersky.com
threatpost.com
ssum-sec.casalemedia.com
2 i.liadm.com 2 redirects
2 creativecdn.com 2 redirects
2 cs.emxdgt.com g2.gumgum.com
serverbid-sync.nyc3.cdn.digitaloceanspaces.com
2 secure-assets.rubiconproject.com 2 redirects
2 usersync.gumgum.com g2.gumgum.com
2 ad.360yield.com 2 redirects
2 sync.targeting.unrulymedia.com 2 redirects
2 ssbsync.smartadserver.com public.servenobid.com
g2.gumgum.com
2 sync.srv.stackadapt.com 2 redirects
2 pm.w55c.net 2 redirects
2 sync-tm.everesttech.net 2 redirects
2 u.openx.net cds.connatix.com
2 mug.criteo.com
2 gum.criteo.com 1 redirects
2 www.lead-alliance.net 2 redirects
2 www.telefonica-partner.de 2 redirects
2 csm.eu.criteo.net ads.eu.criteo.com
2 cms.quantserve.com 1 redirects googleads.g.doubleclick.net
2 partner.googleadservices.com tagan.adlightning.com
2 9582686.fls.doubleclick.net 1 redirects www.googletagmanager.com
2 www.google.de threatpost.com
2 stats.g.doubleclick.net www.google-analytics.com
2 kaspersky.d3.sc.omtrdc.net media.kaspersky.com
2 id5-sync.com qd.admetricspro.com
cdn.id5-sync.com
2 script.4dex.io qd.admetricspro.com
script.4dex.io
2 img.connatix.com threatpost.com
2 www.gstatic.com www.google.com
2 kasperskycontenthub.com threatpost.com
2 t.co threatpost.com
1 pixel-us-east.rubiconproject.com serverbid-sync.nyc3.cdn.digitaloceanspaces.com
1 i6.liadm.com serverbid-sync.nyc3.cdn.digitaloceanspaces.com
1 gift-connect-d.openx.net serverbid-sync.nyc3.cdn.digitaloceanspaces.com
1 go.sonobi.com serverbid-sync.nyc3.cdn.digitaloceanspaces.com
1 tg.socdm.com 1 redirects
1 ssc-cms.33across.com g2.gumgum.com
1 bh.contextweb.com 1 redirects
1 stags.bluekai.com 1 redirects
1 match.deepintent.com g2.gumgum.com
1 sync.technoratimedia.com g2.gumgum.com
1 sync.ipredictive.com 1 redirects
1 secure.adnxs.com 1 redirects
1 cookie-matching.mediarithmics.com ssbsync.smartadserver.com
1 d.adroll.com 1 redirects
1 sync.adotmob.com 1 redirects
1 p.rfihub.com 1 redirects
1 ce.lijit.com 1 redirects
1 onetag-sys.com public.servenobid.com
1 pixel.33across.com public.servenobid.com
1 g2.gumgum.com public.servenobid.com
1 c.bing.com eb2.3lift.com
1 match.prod.bidr.io eu-u.openx.net
1 public.servenobid.com qd.admetricspro.com
1 serverbid-sync.nyc3.cdn.digitaloceanspaces.com qd.admetricspro.com
1 sync.serverbid.com 1 redirects
1 www.awin1.com as.ad4m.at
1 partner.blau.de as.ad4m.at
1 partner.o2online.de as.ad4m.at
1 cdn.contentspread.net hal900028.redintelligence.net
1 cat.nl.eu.criteo.com ads.eu.criteo.com
1 d.agkn.com 1 redirects
1 static-de.ad4mat.net as.ad4m.at
1 ads.eu.criteo.com googleads.g.doubleclick.net
1 rtb.nl.eu.criteo.com googleads.g.doubleclick.net
1 pixel.everesttech.net 1 redirects
1 prod-rtb.ad4mat.net googleads.g.doubleclick.net
1 pixel.mathtag.com tagan.adlightning.com
1 hal9000.redintelligence.net tagan.adlightning.com
1 beacon-fra2.rubiconproject.com tagan.adlightning.com
1 px4.ads.linkedin.com
1 www.linkedin.com 1 redirects
1 048a6f26d92405f83648b837c96f4fc2.safeframe.googlesyndication.com securepubads.g.doubleclick.net
1 snap.licdn.com www.googletagmanager.com
1 ads.adaptv.advertising.com cds.connatix.com
1 geo.ipify.org qd.admetricspro.com
1 analytics.twitter.com tagan.adlightning.com
1 rules.quantcount.com secure.quantserve.com
1 s0.2mdn.net imasdk.googleapis.com
1 tlx.3lift.com qd.admetricspro.com
1 mp.4dex.io qd.admetricspro.com
1 cm.everesttech.net 1 redirects
1 kaspersky.demdex.net tagan.adlightning.com
1 static.ads-twitter.com www.googletagmanager.com
1 secure.quantserve.com www.googletagmanager.com
1 lit.connatix.com cd.connatix.com
1 cdn.id5-sync.com tagan.adlightning.com
1 secure.cdn.fastclick.net tagan.adlightning.com
1 capi.connatix.com cd.connatix.com
1 cd.connatix.com 1 redirects
1 media.kaspersky.com threatpost.com
1 bit.ly 1 redirects
485 165
Subject Issuer Validity Valid
t.co
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2022-03-07 -
2023-03-06		 a year crt.sh
threatpost.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-06-02 -
2022-07-03		 a year crt.sh
*.adlightning.com
Amazon		 2021-06-24 -
2022-07-23		 a year crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2022-02-28 -
2022-05-23		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2021-08-11 -
2022-08-10		 a year crt.sh
assets.threatpost.com
Amazon		 2022-01-05 -
2023-02-03		 a year crt.sh
media.threatpost.com
Amazon		 2022-01-05 -
2023-02-03		 a year crt.sh
*.google.com
GTS CA 1C3		 2022-02-28 -
2022-05-23		 3 months crt.sh
kasperskycontenthub.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-06-02 -
2022-07-03		 a year crt.sh
www.google.com
GTS CA 1C3		 2022-02-28 -
2022-05-23		 3 months crt.sh
media.kaspersky.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-04-23 -
2022-04-28		 a year crt.sh
c.amazon-adsystem.com
Amazon		 2021-07-06 -
2022-06-27		 a year crt.sh
*.connatix.com
Go Daddy Secure Certificate Authority - G2		 2021-08-20 -
2022-09-21		 a year crt.sh
*.google-analytics.com
GTS CA 1C3		 2022-03-17 -
2022-06-09		 3 months crt.sh
*.gstatic.com
GTS CA 1C3		 2022-03-17 -
2022-06-09		 3 months crt.sh
secure.cdn.fastclick.net
DigiCert SHA2 Secure Server CA		 2022-01-15 -
2023-01-17		 a year crt.sh
cdn.id5-sync.com
R3		 2022-02-02 -
2022-05-03		 3 months crt.sh
*.demdex.net
DigiCert TLS RSA SHA256 2020 CA1		 2021-10-19 -
2022-11-19		 a year crt.sh
upload.video.google.com
GTS CA 1C3		 2022-02-28 -
2022-05-23		 3 months crt.sh
*.id5-sync.com
R3		 2022-03-08 -
2022-06-06		 3 months crt.sh
*.quantserve.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-09-22 -
2022-09-21		 a year crt.sh
ads-twitter.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-07-21 -
2022-07-26		 a year crt.sh
*.d3.sc.omtrdc.net
DigiCert TLS RSA SHA256 2020 CA1		 2022-02-17 -
2023-03-07		 a year crt.sh
*.rubiconproject.com
DigiCert TLS RSA SHA256 2020 CA1		 2022-03-08 -
2023-04-04		 a year crt.sh
*.adnxs.com
GeoTrust ECC CA 2018		 2022-02-11 -
2023-03-14		 a year crt.sh
*.pubmatic.com
DigiCert Baltimore TLS RSA SHA256 2020 CA1		 2021-08-04 -
2022-09-04		 a year crt.sh
*.sharethrough.com
Amazon		 2021-08-13 -
2022-09-11		 a year crt.sh
*.openx.net
GeoTrust RSA CA 2018		 2021-07-08 -
2022-08-08		 a year crt.sh
ads.servenobid.com
Amazon		 2021-06-28 -
2022-07-27		 a year crt.sh
*.3lift.com
Amazon		 2021-06-12 -
2022-07-11		 a year crt.sh
web.ssp.yahoo.com
DigiCert SHA2 High Assurance Server CA		 2022-03-08 -
2022-08-31		 6 months crt.sh
*.1rx.io
Sectigo RSA Domain Validation Secure Server CA		 2021-06-01 -
2022-07-02		 a year crt.sh
*.lijit.com
Go Daddy Secure Certificate Authority - G2		 2021-03-11 -
2022-04-12		 a year crt.sh
san.casalemedia.com
GeoTrust RSA CA 2018		 2021-12-12 -
2022-12-13		 a year crt.sh
*.a-mo.net
R3		 2022-02-18 -
2022-05-19		 3 months crt.sh
e.serverbid.com
R3		 2022-01-17 -
2022-04-17		 3 months crt.sh
*.doubleclick.net
GTS CA 1C3		 2022-02-28 -
2022-05-23		 3 months crt.sh
*.twitter.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2022-03-07 -
2023-03-06		 a year crt.sh
*.ipify.org
Sectigo RSA Domain Validation Secure Server CA		 2022-02-07 -
2023-03-10		 a year crt.sh
www.google.de
GTS CA 1C3		 2022-02-28 -
2022-05-23		 3 months crt.sh
*.v.ssp.yahoo.com
DigiCert SHA2 High Assurance Server CA		 2022-03-15 -
2022-09-07		 6 months crt.sh
snap.licdn.com
DigiCert SHA2 Secure Server CA		 2022-03-01 -
2023-03-01		 a year crt.sh
*.google.de
GTS CA 1C3		 2022-02-28 -
2022-05-23		 3 months crt.sh
tpc.googlesyndication.com
GTS CA 1C3		 2022-02-28 -
2022-05-23		 3 months crt.sh
*.mathtag.com
DigiCert SHA2 Secure Server CA		 2020-04-15 -
2022-04-22		 2 years crt.sh
redintelligence.net
R3		 2022-01-27 -
2022-04-27		 3 months crt.sh
pixel.mathtag.com
DigiCert SHA2 Secure Server CA		 2021-06-29 -
2022-07-07		 a year crt.sh
prod-rtb.ad4mat.net
GTS CA 1D4		 2022-02-19 -
2022-05-20		 3 months crt.sh
track.adform.net
DigiCert TLS RSA SHA256 2020 CA1		 2021-09-06 -
2022-10-07		 a year crt.sh
*.nl.eu.criteo.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2022-03-15 -
2022-06-13		 3 months crt.sh
*.eu.criteo.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2022-03-19 -
2022-06-18		 3 months crt.sh
*.rlcdn.com
Sectigo RSA Domain Validation Secure Server CA		 2022-02-03 -
2023-02-25		 a year crt.sh
*.criteo.net
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2022-02-02 -
2022-05-03		 3 months crt.sh
*.eu.criteo.net
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2022-02-03 -
2022-05-02		 3 months crt.sh
*.adsrvr.org
GlobalSign GCC R3 DV TLS CA 2020		 2021-03-18 -
2022-04-19		 a year crt.sh
contentspread.net
R3		 2022-01-27 -
2022-04-27		 3 months crt.sh
www.awin1.com
DigiCert SHA2 Secure Server CA		 2021-06-11 -
2022-06-16		 a year crt.sh
*.criteo.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2022-02-04 -
2022-05-03		 3 months crt.sh
cdn.adnxs.com
GeoTrust RSA CA 2018		 2021-12-10 -
2022-12-09		 a year crt.sh
*.nyc3.cdn.digitaloceanspaces.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-03-30 -
2022-04-30		 a year crt.sh
public.servenobid.com
DigiCert TLS RSA SHA256 2020 CA1		 2022-02-17 -
2023-02-17		 a year crt.sh
*.ybp.yahoo.com
DigiCert SHA2 High Assurance Server CA		 2022-01-18 -
2022-07-13		 6 months crt.sh
*.match.prod.bidr.io
Amazon		 2022-01-27 -
2023-02-25		 a year crt.sh
www.linkedin.com
DigiCert SHA2 Secure Server CA		 2022-03-01 -
2022-09-01		 6 months crt.sh
*.bidswitch.net
Sectigo RSA Domain Validation Secure Server CA		 2020-04-23 -
2022-05-04		 2 years crt.sh
www.bing.com
Microsoft RSA TLS CA 01		 2022-03-16 -
2022-09-16		 6 months crt.sh
*.gumgum.com
Amazon		 2021-06-05 -
2022-07-04		 a year crt.sh
*.33across.com
Sectigo RSA Domain Validation Secure Server CA		 2021-09-23 -
2022-09-30		 a year crt.sh
*.onetag-sys.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2022-01-10 -
2023-01-03		 a year crt.sh
*.smartadserver.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2022-01-25 -
2023-01-25		 a year crt.sh
*.go.sonobi.com
Go Daddy Secure Certificate Authority - G2		 2021-12-08 -
2023-01-09		 a year crt.sh
*.mediarithmics.com
Gandi Standard SSL CA 2		 2022-02-10 -
2023-03-01		 a year crt.sh
*.technoratimedia.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2021-09-17 -
2022-10-05		 a year crt.sh
*.deepintent.com
Go Daddy Secure Certificate Authority - G2		 2020-04-09 -
2022-06-08		 2 years crt.sh
*.ad-server.k8s.ie.ggops.com
Amazon		 2022-02-15 -
2023-03-16		 a year crt.sh
*.emxdgt.com
Go Daddy Secure Certificate Authority - G2		 2021-05-18 -
2022-06-19		 a year crt.sh

This page contains 72 frames:

Primary Page: https://threatpost.com/microsoft-exchange-exploited-cuba-ransomware/178665/?es_id=3416c12156
Frame ID: B7FAC2A4BCD40B3F74A7374D734F6F56
Requests: 150 HTTP requests in this frame

Frame: https://cds.connatix.com/p/155403/connatix.player.dc.js
Frame ID: 71BB313424211C81F57872901BAE2B28
Requests: 24 HTTP requests in this frame

Frame: https://kaspersky.demdex.net/dest5.html?d_nsid=0
Frame ID: 4E81D9FC8E7420B46DDA3A96C50EC151
Requests: 1 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.506.0_en.html
Frame ID: BB5874CBE176CEDF2AE7B3006A715464
Requests: 1 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.506.0_en.html
Frame ID: 6F681214678126FD8BC26E589CF0C3F2
Requests: 6 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.506.0_en.html
Frame ID: 197A893FBA0EBDA899D86483DF0C3076
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: DEF1B453535085233F367339453A5AC9
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: 3AA8A5C705A9486A323FDA1CAD19C9CC
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: D3156C785C382C9A9C464885B1EFEC06
Requests: 1 HTTP requests in this frame

Frame: https://cds.connatix.com/p/plugins/prebid6.7.0-1.js
Frame ID: 2218CB9DC724709907FB899BAD57CFCC
Requests: 19 HTTP requests in this frame

Frame: https://048a6f26d92405f83648b837c96f4fc2.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 175803603F451B1F172EEECBE9853EFE
Requests: 1 HTTP requests in this frame

Frame: https://9582686.fls.doubleclick.net/activityi;dc_pre=CL-_mNGZ2vYCFRcuGwodZ24PIA;src=9582686;type=globalc;cat=globa0;ord=7383836121686;gtm=2od3e0;auiddc=2004574560.1647968653;u1=B2C;u2=no_locale;u4=threatpost.com;u5=%2Fmicrosoft-exchange-exploited-cuba-ransomware%2F178665%2F;u6=;u7=18319297477328161013447771584748901028-1089484159.1647968652;u9=_microsoft-exchange-exploited-cuba-ransomware_178665_;~oref=https%3A%2F%2Fthreatpost.com%2Fmicrosoft-exchange-exploited-cuba-ransomware%2F178665%2F%3Fes_id%3D3416c12156
Frame ID: 209F3CE7B15BAE15FBA2E38E4C9B246C
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 6FEF94245786A278B28D10494545A790
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 41B7025479CA5B65A12FAA3B9A6FE90B
Requests: 2 HTTP requests in this frame

Frame: https://adservice.google.com/ddm/fls/i/dc_pre=CL-_mNGZ2vYCFRcuGwodZ24PIA;src=9582686;type=globalc;cat=globa0;ord=7383836121686;gtm=2od3e0;auiddc=2004574560.1647968653;u1=B2C;u2=no_locale;u4=threatpost.com;u5=%2Fmicrosoft-exchange-exploited-cuba-ransomware%2F178665%2F;u6=;u7=18319297477328161013447771584748901028-1089484159.1647968652;u9=_microsoft-exchange-exploited-cuba-ransomware_178665_;~oref=https%3A%2F%2Fthreatpost.com%2Fmicrosoft-exchange-exploited-cuba-ransomware%2F178665%2F%3Fes_id%3D3416c12156
Frame ID: 0E7E15B4B22954F26EE9C9B9B262B9B2
Requests: 1 HTTP requests in this frame

Frame: https://tagan.adlightning.com/math-aids-threatpost/bl-01880f1-bba75783.js
Frame ID: 6EB01740D30A84419AC4193338107EB3
Requests: 15 HTTP requests in this frame

Frame: https://tagan.adlightning.com/math-aids-threatpost/bl-01880f1-bba75783.js
Frame ID: 44BDCC159752E8A58CDFDF1840181370
Requests: 15 HTTP requests in this frame

Frame: https://tagan.adlightning.com/math-aids-threatpost/bl-01880f1-bba75783.js
Frame ID: 3EE05A498F0960E5F872C81DC721D36B
Requests: 14 HTTP requests in this frame

Frame: https://adservice.google.de/ddm/fls/i/dc_pre=CL-_mNGZ2vYCFRcuGwodZ24PIA;src=9582686;type=globalc;cat=globa0;ord=7383836121686;gtm=2od3e0;auiddc=2004574560.1647968653;u1=B2C;u2=no_locale;u4=threatpost.com;u5=%2Fmicrosoft-exchange-exploited-cuba-ransomware%2F178665%2F;u6=;u7=18319297477328161013447771584748901028-1089484159.1647968652;u9=_microsoft-exchange-exploited-cuba-ransomware_178665_;~oref=https%3A%2F%2Fthreatpost.com%2Fmicrosoft-exchange-exploited-cuba-ransomware%2F178665%2F%3Fes_id%3D3416c12156
Frame ID: B38B5D03B2875FC7F09E0F838D4DD42C
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20220317/r20190131/zrt_lookup.html
Frame ID: 12285F2347958D2C9F72CCF571CE6DB3
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-7500593236707325&output=html&h=90&slotname=5620800026&adk=2236077833&adf=776186316&pi=t.ma~as.5620800026&w=970&psa=0&format=970x90&url=https%3A%2F%2Fthreatpost.com%2Fmicrosoft-exchange-exploited-cuba-ransomware%2F178665%2F%3Fes_id%3D3416c12156&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1647968653645&bpp=4&bdt=526&idt=146&shv=r20220317&mjsv=m202203160101&ptt=9&saldr=aa&cookie=ID%3Dac77f1cb2d51f312-225019dc63cd000d%3AT%3D1647968652%3AS%3DALNI_MZVNcYYVU4ajyVYWPxLX0ExSRNsaQ&correlator=5352491261781&frm=23&ife=4&pv=2&ga_vid=1089484159.1647968652&ga_sid=1647968654&ga_hid=218466325&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=315&ady=8&biw=1600&bih=1200&isw=970&ish=90&ifk=1253437798&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31063246&oid=2&pvsid=2742303738312724&pem=596&tmod=1764735786&uas=0&nvt=1&ref=https%3A%2F%2Ft.co%2F&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C970%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.ktrct0ddjbwi&fsb=1&dtd=190
Frame ID: C7095B20D2767557E47CD407276F154D
Requests: 9 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-7500593236707325&output=html&h=250&slotname=7286959315&adk=2838937357&adf=776186307&pi=t.ma~as.7286959315&w=300&psa=0&format=300x250&url=https%3A%2F%2Fthreatpost.com%2Fmicrosoft-exchange-exploited-cuba-ransomware%2F178665%2F%3Fes_id%3D3416c12156&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1647968653748&bpp=7&bdt=554&idt=140&shv=r20220317&mjsv=m202203160101&ptt=9&saldr=aa&cookie=ID%3Dac77f1cb2d51f312-225019dc63cd000d%3AT%3D1647968652%3AS%3DALNI_MZVNcYYVU4ajyVYWPxLX0ExSRNsaQ&correlator=5352491261781&frm=23&ife=4&pv=1&ga_vid=1089484159.1647968652&ga_sid=1647968654&ga_hid=1254594487&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1082&ady=256&biw=1600&bih=1200&isw=300&ish=250&ifk=2439899007&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44759849%2C31065655&oid=2&pvsid=2071900859394315&pem=596&tmod=607578316&uas=0&nvt=1&ref=https%3A%2F%2Ft.co%2F&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.l7928iuzms5t&fsb=1&dtd=153
Frame ID: 6830AB0B6B9BE822DC6DF0C5D7B561DC
Requests: 10 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 35FE435F1E3A2CC0AC0B26CD36115634
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 4F2FB8B9965C675FD9201311BD723720
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 1F18A4666A7F55D70D0A287D65CBF330
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 8359B91EDFCA43A06830BF34171E92FE
Requests: 2 HTTP requests in this frame

Frame: https://hal900028.redintelligence.net/request_content.php?s=73840600174980904354386011906028&a=aa5a9e21
Frame ID: 7808A5E5CFB5E5B9227F43669F7EECD2
Requests: 10 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?&gdpr=0&geo=eu&co=de
Frame ID: CD6AA4972869849594E13FE51DBBE547
Requests: 10 HTTP requests in this frame

Frame: https://as.ad4m.at/ad/dr?ed=1jhch34kkrnh671rz3mc0cwefh24xr29e2s9w8g01fybcsyq9hk36j03czx1azm669x3xayzcgqfmt3c5j3ttaqka6k8s6h975zbhbs7xkt090dkv0q0wxchtf1k1x8smeznj8cbm5188ce9g03x41pa6wbkmjwd1ej5nravxgz8wewqgjs95nte4k3pzmc2vxbp4f64pazn3192m4k2agp7r93snretw457wspwge4j1y8sy8qpzm4rw97b6kt8r3bay64nf1mzvyv0zvqc0eey9g9tvjkq275d6pdrvbxdrzwprckgy2mp3pfnk1battv98kx4nx9jbx8kb6y5c0esgbrgwbt6gnbqfzajjanj8qrjcx812cdg2gthxkjebdv92eqsx8pf8ynwy58re0c92j7a15cfzfsahep5njqrv681ypjjg&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCjk71jQE6YvjROZHmxgO_p7HgA5DhgYRctqjCivACwI23ARABIABglar2gZQHggEXY2EtcHViLTc1MDA1OTMyMzY3MDczMjWgAcKu6N0DyAEJqQL31ZcPv3yyPqgDAaoElAJP0GI2VP4rfUMU7ywXi59Xq3tydjde3LVVdCWAHjntB9iprKCmFIbBqjf4tdTEr9ENTwv5vOM9uCNwgIRclJs_2O0I-HdycHUvsfwkKBWABUnJGbLoBRCmuu7t-UVoesvOsAfeYHhM46x9liKtbVHA1XHIm4j4HQr1omECjhpZfubBia7W-xdgoEtJDyh1yMaQXjIFyqXJ_Tnb6pxp8E2s73lxkcn0NHv0theoW_6mKnX9HnA87C84os75_yIF92rI2dUl3-hwXY4fi5U2FzE10FOlu5Iv-kRDfU_4Yq7jNBgfUV34kf1d8_AXC5PRTdarf8SxXBF-_FkgYmtoPzAOLI7FTw5Gia1ml1NpC6HVXoZbocOABry2mfOd_o_LMaAGIagHipixAqgHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_2C8EvCB_qxAFxA4MtUPO62dnFFuQ%26client%3Dca-pub-7500593236707325%26adurl%3D
Frame ID: D6A031CB763AD59B5DE23AD5FA5C48FC
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: AF1512E9B90A1404821C16BF08FE5F9C
Requests: 9 HTTP requests in this frame

Frame: https://ads.eu.criteo.com/delivery/r/afr.php?z=YjoBjQAN8RYIFWBvAABz6qphxwnEdqn_6dcMjw&u=%7CFd%2BOWspn0ZmLqZMCpm4gOgg6b3%2FzCKHZYU%2FTU%2Fvecmo%3D%7C&c1=jWCgqsKSUoWKRvDssmEQ3dRte9oWhU873PslWXxlgwqyDsvBp4X-0QD3WoDqftjeOi_RL70L9weyC34Yx855ByvuuaphRl6LIhhBOyuFdzgD_OILXvE-00gnsDsd9V53xvw75u57s_yRrH5TBJJnhwq0KPXCE2P85FSkj2lUdmMQDyWwwoVs9HvNFLW-AhiYZNhl4NbEdckFEuKnWvJuyLUvvwYOsCcoHLaJR9O3uVciWaOdrmn-tkr16woM0AlxFtEiEgwD8fxaxDIuMqeF_g1DLpa8Lv60UDigWmlpEniRJEyY-CwpC6wvlGngLUXSfSIWEUWvplQrQWAyP5N1PykQCxZ_7Xs7eszDedN-thbxS5yGCSaEy3EidxH0c7ST1OvMBjne2CyNE0T8HLJyz02ytIj-rEqlrMx2321aVHbDu8dwVqhXaTiX9yUeBBJAWVWjFpUQMN-V0Kghg1SxISxU2K8ADwlKzth-tPFRAak&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCP9vQjQE6YpbiN-_A1fAP6ueBqArJntKxXNWdkfdwwI23ARABIABglar2gZQHggEXY2EtcHViLTc1MDA1OTMyMzY3MDczMjWgAdW20uoDyAEJqQLF4l2CPHayPqgDAaoEkwJP0OGYFX6fKcIFrPpMS3w6GCiqhAXIFDSKYruZW2DWIZkbvt5t3k3ScrAaJ62tRN1SAbg-WGzRnNHUXVM7VmRnnMMh5eFxKhYULNthWi5KmQOUNQ9vo8kQbb-AF_Daj2xV5WuNQlB6xXsP_iLu-kt80DfgiPTUmIuKgsTEMuR5i8lcbLsb3vTnux_pa6va-M3u6MgQeiDcbTiNPz1mbYAqxZrvhQDZQNyL4zxhQblo-49T4UXY31JfdvIak-rYGM0zEvIauuqgWqtB1O-7NvM1shbNASTG7Qx2GUTt_oH78eQ1hyYcl-QItu9_yHUQQ7HK4VtMDmTDPGg3myYFLy_VAWl6hKNuymkgffbSX3Za2UOrBIAGmpSN-dWShNO_AaAGIagHipixAqgHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_1_3efGHjkrv1CoLtqm4bdvWHYa9Q%26client%3Dca-pub-7500593236707325%26adurl%3D
Frame ID: EEBCA95D72CDD0CD50A3FC80D771AFAF
Requests: 14 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 30B4AAD42FE46DD0E98678C4281E8289
Requests: 9 HTTP requests in this frame

Frame: https://ad4m.at/frame.html
Frame ID: CAE1C31D6E37547FEC745E35970F1E3A
Requests: 1 HTTP requests in this frame

Frame: https://as.ad4m.at/ad/rar?a=19458%2C161594%2C182000&b=PJ4HBfEbaJw4C9HjHbtMtPPxuZT9TkGCp%2CpVEU1f8gfmgx6akH4HmtztQQKhgTRT12UE%2CY2jcrfG3f5BXkfVH9HetQtReGtAT1TK1Tr&f=bwqTQfYZsxgPFYHbHzt8Cww8UxTJTJPSJ%2CJAYFzfk5t69XPTBH6H7tqCppVfXTgTrVSX%2CqGXsmf1WUJ5zAhZHgHDtRCXwgFPTgTq4s3&c=300&d=250&e=NhbHSjMuvY9e0Im09RbVsen17FyuU8yf&g=3616e875ad3bedb0bc34d78c52c48bce%2F267829142890532070&i=20774%2C20773%2C20703&j=14%2C14%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach43_TopRotaMonth&r=1647968654739&h=%252F%252Fas.ad4m.at%252Fdct%253Fed%253D1j6ka1bqbna4c05gnz9339w1ahgpt0dhp2c0dyhe8258qkqmz63s8jgjp6mpnhjrmc3qgmrh99se1rjd3v24kebhwk7qd52gwjtpmh8ap1016bn2zkn7qw9yee19d4mbxkt19rmyw81c77pezgm89f4v1yy7ax99wvkrfvfw41n5whpt67ew7vgnsr7mkrenyka4jyenhxc9v9j5x0ggtwmbqp7x2qc4xeba07kbz94ht0d1gmhr46f0f1q68e20mxtewpath9vyv7ehcs20%2526h%253Dhttps%25253A%25252F%25252Fadclick.g.doubleclick.net%25252Faclk%25253Fsa%25253DL%252526ai%25253DCjk71jQE6YvjROZHmxgO_p7HgA5DhgYRctqjCivACwI23ARABIABglar2gZQHggEXY2EtcHViLTc1MDA1OTMyMzY3MDczMjWgAcKu6N0DyAEJqQL31ZcPv3yyPqgDAaoElAJP0GI2VP4rfUMU7ywXi59Xq3tydjde3LVVdCWAHjntB9iprKCmFIbBqjf4tdTEr9ENTwv5vOM9uCNwgIRclJs_2O0I-HdycHUvsfwkKBWABUnJGbLoBRCmuu7t-UVoesvOsAfeYHhM46x9liKtbVHA1XHIm4j4HQr1omECjhpZfubBia7W-xdgoEtJDyh1yMaQXjIFyqXJ_Tnb6pxp8E2s73lxkcn0NHv0theoW_6mKnX9HnA87C84os75_yIF92rI2dUl3-hwXY4fi5U2FzE10FOlu5Iv-kRDfU_4Yq7jNBgfUV34kf1d8_AXC5PRTdarf8SxXBF-_FkgYmtoPzAOLI7FTw5Gia1ml1NpC6HVXoZbocOABry2mfOd_o_LMaAGIagHipixAqgHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%252526num%25253D1%252526sig%25253DAOD64_2C8EvCB_qxAFxA4MtUPO62dnFFuQ%252526client%25253Dca-pub-7500593236707325%252526adurl%25253D&y=1&z=0
Frame ID: 1BA440B3E168A827ECA66534F1A1CD13
Requests: 11 HTTP requests in this frame

Frame: https://s1.adform.net/Banners/Elements/Files/169192/10934888/10934888.js?ADFassetID=10934888&bv=514
Frame ID: 3E0FEBADB142D5E680D847B5D3FFB0B5
Requests: 13 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156858&gdpr=0&gdpr_consent=
Frame ID: 88C122D1D7607CCB94FDF45326D861C1
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156858&gdpr=0&gdpr_consent=
Frame ID: 7014DD230B3D6A53406F34FC496AA097
Requests: 1 HTTP requests in this frame

Frame: https://js-sec.indexww.com/um/ixmatch.html
Frame ID: 9492337BA004DD55D6113F67602FCC2A
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: 7D2AF701F6535FB5C37DC3356C8DFF2E
Requests: 3 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: 909461CC3F56B1122E1C57235EFEBEB8
Requests: 3 HTTP requests in this frame

Frame: https://u.openx.net/w/1.0/pd?gdpr=0&gdpr_consent=
Frame ID: EA1E2EC57EC3213490067B680FCB82C1
Requests: 7 HTTP requests in this frame

Frame: https://js-sec.indexww.com/um/ixmatch.html
Frame ID: F1CB70DC3BA0D163E9AD953115A60BAB
Requests: 1 HTTP requests in this frame

Frame: https://u.openx.net/w/1.0/pd?gdpr=0&gdpr_consent=
Frame ID: 7B39A2B0E0476A0453AE2337BADD3216
Requests: 7 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html
Frame ID: 303BBB8C56DC26F7A68BB70BDE5F6A73
Requests: 2 HTTP requests in this frame

Frame: https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/2000891.html
Frame ID: D6962AAC985FEC2DB55DF3443E526BC1
Requests: 8 HTTP requests in this frame

Frame: https://eb2.3lift.com/sync?&ld=1
Frame ID: E778C2C0041D80B4A62DF5BC23C1CAF3
Requests: 11 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156858&gdpr=0&gdpr_consent=
Frame ID: 47B8FD7384EFB12E409FDA9BC73699B2
Requests: 1 HTTP requests in this frame

Frame: https://js-sec.indexww.com/um/ixmatch.html
Frame ID: 91A53E9F5B98912DA7EEB6E9F163C4B0
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: E8B47C611336299A5ABC5F32978ACEF1
Requests: 3 HTTP requests in this frame

Frame: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=e1b1f5e1-3c2c-4287-9806-317cfbf3bd12&gdpr=0
Frame ID: 71B3D4CDB1817CC0D89CD3CB581EA888
Requests: 7 HTTP requests in this frame

Frame: https://ap.lijit.com/beacon?informer=13394437
Frame ID: 2027FE5FDB2901EB2D5A9E84C0A6F978
Requests: 1 HTTP requests in this frame

Frame: https://public.servenobid.com/sync.html
Frame ID: 61870E12B506DF9694573FE97FBD449B
Requests: 9 HTTP requests in this frame

Frame: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Frame ID: A08553DF7836C1E3DA24EAE3EFB2A57A
Requests: 16 HTTP requests in this frame

Frame: https://pixel.33across.com/ps?m=xch&rt=html&id=0010b00002Mq2FYAAZ&ru=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D304%26uid%3D33XUSERID33X
Frame ID: 91C7F6531DA94CE3B1504BB4D9E83E98
Requests: 1 HTTP requests in this frame

Frame: https://onetag-sys.com/usync/?pubId=694e68b73971b58&gdpr=0&gdpr_consent=&us_privacy=1YN-&https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D318%26uid%3D
Frame ID: 541135E0DE01B0B41F51076CB9B4A59F
Requests: 1 HTTP requests in this frame

Frame: https://ssbsync.smartadserver.com/api/sync?callerId=9&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D317%26uid%3D%24UID
Frame ID: 9C02D30E85E148E21C9F5480EA215252
Requests: 6 HTTP requests in this frame

Frame: https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D
Frame ID: 60175D00AAA915C4170EAB5FA797204F
Requests: 10 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usersync?b=mmh&i=47d7623a-018d-4801-97fb-bf20fad58601&gdpr=0&gdpr_consent=
Frame ID: 0D8816116BB6D98C9105876C1597719C
Requests: 1 HTTP requests in this frame

Frame: https://usersync.gumgum.com/usersync?b=atm&i=YjoBiwAAAE9XUwP0&gdpr=0&gdpr_consent=
Frame ID: 05916B47320EBCD39E9047E27DDB6965
Requests: 1 HTTP requests in this frame

Frame: https://cm.g.doubleclick.net/pixel?google_nid=gumgum_dbm&google_hm=ZV9mYWU5ODFkYy0xODI1LTRkYTYtYTljOC02YmMxMWM3YjI2OTE=&gdpr=0&gdpr_consent=
Frame ID: A8B1E3A08E7940810708FCE3609951CA
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=0&gdprConsent=
Frame ID: 4C4D9688A80EEA85123ADDF6249A716B
Requests: 1 HTTP requests in this frame

Frame: https://ssc-cms.33across.com/ps/?m=xch&rt=html&id=0013300001r0t9mAAA&ru=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dtta%26i%3D33XUSERID33X
Frame ID: 1AA822F6241BF3ACC66C4787BFFC22F1
Requests: 1 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usersync?b=ttd&i=07efa453-0fe4-4bae-a09b-a199ca5ac1e1&t=1650560658
Frame ID: E824D72E9563F3256B276FD3B25CB926
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?p=gumgum
Frame ID: A54FC79E1CA0F9BD9DDBE58B8D5CC3C6
Requests: 3 HTTP requests in this frame

Frame: https://cs.emxdgt.com/um?redirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Demx%26i%3D%24UID
Frame ID: 0B87268FEA28AC46C6EC7518F97E2090
Requests: 1 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usersync?b=sus&i=YjoBksCo8X8AAPG0N0cAAAAA
Frame ID: 1E8BA11A25AF9F20FB14C9F98F7F0A2F
Requests: 1 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usersync?b=rth&i=STC3uhAydmuhAZQevQe1&pi=gumgum&tc=1
Frame ID: E8D4648608F103FDC9283C131AFDB0DF
Requests: 1 HTTP requests in this frame

Frame: https://cs.emxdgt.com/um?ssp=pbs&redirect=https%3A%2F%2Fe.serverbid.com%2Fudb%2F9969%2Fsync%2Fi.gif%3FpartnerId%3D44%26userId%3D%24UID
Frame ID: 84A07457BD653E443A18582AD322DD89
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?p=17632&endpoint=us-east
Frame ID: BFF56974AD0F3FD6774E174997B51175
Requests: 3 HTTP requests in this frame

Frame: https://go.sonobi.com/uc.html?pubid=e55fb5d7c2
Frame ID: A8122EEC079AF7928D8253705FE19A7B
Requests: 1 HTTP requests in this frame

Frame: https://gift-connect-d.openx.net/w/1.0/cm?id=fd531c74-f5ed-4e60-8874-939fb2acafa1&r=https%3A%2F%2Fe.serverbid.com%2Fudb%2F9969%2Fsync%2Fi.gif%3FpartnerId%3D19%26userId%3D
Frame ID: 82C25194881CFBCA0B83AB9F40891F36
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156319&userIdMacro=PM_UID&predirect=https%3A%2F%2Fe.serverbid.com%2Fudb%2F9969%2Fsync%2Fi.gif%3FpartnerId%3D4%26userId%3DPM_UID
Frame ID: A9B9835AAD6DED7C6A7D3BDF786DE5BE
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Microsoft Exchange Server Bugs Exploited by 'Cuba' Ransomware Gang | Threatpost

Page URL History Show full URLs

  1. https://t.co/i7rzaa85jI Page URL
  2. https://bit.ly/3sNgtfy HTTP 301
    https://threatpost.com/microsoft-exchange-exploited-cuba-ransomware/178665/?es_id=3416c12156 Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
  • /wp-(?:content|includes)/
Overall confidence: 100%
Detected patterns
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • adnxs\.(?:net|com)
Overall confidence: 100%
Detected patterns
  • 2mdn\.net
Overall confidence: 100%
Detected patterns
  • googletagservices\.com/tag/js/gpt(?:_mobile)?\.js
Overall confidence: 100%
Detected patterns
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Overall confidence: 100%
Detected patterns
  • googlesyndication\.com/
  • 2mdn\.net
Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • <!-- (?:End )?Google Tag Manager -->
  • googletagmanager\.com/gtm\.js
  • googletagmanager\.com/gtag/js
Overall confidence: 100%
Detected patterns
  • snap\.licdn\.com/li\.lms-analytics/insight\.min\.js
Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.openx\.net
Overall confidence: 100%
Detected patterns
  • /prebid\.js
  • adnxs\.com/[^"]*(?:prebid|/pb\.js)
Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.pubmatic\.com
Overall confidence: 100%
Detected patterns
  • \.quantserve\.com/quant\.js
Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.rubiconproject\.com
Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Overall confidence: 100%
Detected patterns
  • /recaptcha/api\.js

Page Statistics

485
Requests

85 %
HTTPS

26 %
IPv6

93
Domains

165
Subdomains

118
IPs

8
Countries

7703 kB
Transfer

16052 kB
Size

114
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://t.co/i7rzaa85jI Page URL
  2. https://bit.ly/3sNgtfy HTTP 301
    https://threatpost.com/microsoft-exchange-exploited-cuba-ransomware/178665/?es_id=3416c12156 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 46
  • https://cd.connatix.com/connatix.player.js HTTP 302
  • https://cds.connatix.com/p/155403/connatix.player.dc.js
Request Chain 100
  • https://cm.everesttech.net/cm/dd?d_uuid=16727263815370216312414514698637638910 HTTP 302
  • https://dpm.demdex.net/ibs:dpid=411&dpuuid=YjoBiwAAAE9XUwP0
Request Chain 173
  • https://unpkg.com/web-vitals HTTP 302
  • https://unpkg.com/web-vitals@2.1.4 HTTP 302
  • https://unpkg.com/web-vitals@2.1.4/dist/web-vitals.umd.js
Request Chain 189
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=39138&time=1647968652582&url=https%3A%2F%2Fthreatpost.com%2Fmicrosoft-exchange-exploited-cuba-ransomware%2F178665%2F%3Fes_id%3D3416c12156 HTTP 302
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D39138%26time%3D1647968652582%26url%3Dhttps%253A%252F%252Fthreatpost.com%252Fmicrosoft-exchange-exploited-cuba-ransomware%252F178665%252F%253Fes_id%253D3416c12156%26liSync%3Dtrue HTTP 302
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=39138&time=1647968652582&url=https%3A%2F%2Fthreatpost.com%2Fmicrosoft-exchange-exploited-cuba-ransomware%2F178665%2F%3Fes_id%3D3416c12156&liSync=true HTTP 302
  • https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=39138&time=1647968652582&url=https%3A%2F%2Fthreatpost.com%2Fmicrosoft-exchange-exploited-cuba-ransomware%2F178665%2F%3Fes_id%3D3416c12156&liSync=true&e_ipv6=AQK_Q4PFsgef0gAAAX-ylg9zPIIXN2KPJgpMEVanimRy75oVCUXEVX01Nrupz8Irm4vV9X3D06JsFLXACh81iHzOKcWb8w
Request Chain 191
  • https://9582686.fls.doubleclick.net/activityi;src=9582686;type=globalc;cat=globa0;ord=7383836121686;gtm=2od3e0;auiddc=2004574560.1647968653;u1=B2C;u2=no_locale;u4=threatpost.com;u5=%2Fmicrosoft-exchange-exploited-cuba-ransomware%2F178665%2F;u6=;u7=18319297477328161013447771584748901028-1089484159.1647968652;u9=_microsoft-exchange-exploited-cuba-ransomware_178665_;~oref=https%3A%2F%2Fthreatpost.com%2Fmicrosoft-exchange-exploited-cuba-ransomware%2F178665%2F%3Fes_id%3D3416c12156 HTTP 302
  • https://9582686.fls.doubleclick.net/activityi;dc_pre=CL-_mNGZ2vYCFRcuGwodZ24PIA;src=9582686;type=globalc;cat=globa0;ord=7383836121686;gtm=2od3e0;auiddc=2004574560.1647968653;u1=B2C;u2=no_locale;u4=threatpost.com;u5=%2Fmicrosoft-exchange-exploited-cuba-ransomware%2F178665%2F;u6=;u7=18319297477328161013447771584748901028-1089484159.1647968652;u9=_microsoft-exchange-exploited-cuba-ransomware_178665_;~oref=https%3A%2F%2Fthreatpost.com%2Fmicrosoft-exchange-exploited-cuba-ransomware%2F178665%2F%3Fes_id%3D3416c12156
Request Chain 219
  • https://tags.mathtag.com/notify/img?exch=ruc&s_exch=ruc&id=5aW95q2jLzIzLyAvTVRnME1EYzBORGt0WlRreVlTMDBNakl6TFRBd01EQXRNREF3TURBd01EQXdNREF3LzUxMTUxODE1Nzg3MjEwMDA0NTYvMTAyNTQwMjEvMTEwOTU5ODEvOS9hb2FMVy1ieEdNQ3Q5NWt6RFBrUG1xUzNlMWFyQnJ3QlRoQVFwRmI0Ylg4LzEvOS8wLzAvMTg1MDc0Ny8wLzIyNjU4OS8xMTI2OTMxLzEvMC8wL01EQXdNREF3TURBdE1EQXdNQzB3TURBd0xUQXdNREF0TURBd01EQXdNREF3TURBdy8wLzAvMC8wLzAvNTExNTE4MTU3ODcyMTAwMDQ1Ni96cmgvMC85OTc5LzYvOTk5LzIvMjAwMToxYjYwOjEwMTA6Oi8wLjAwMC8xNjQ3OTY4NjUxLzE2NDc5ODEyNTEvOS8xOTI1NC8/b-m04Q3Gi5Ssprp8m3WWRDZQNcw&nodeid=2635&group=zrh&auctionid=5115181578721000456&shardkey=5115181578721000456&sid=11095981&cid=10254021&price=3DCF1372A27285C1&bp=a_cbebag&nfy_act=LD5wfn0&type=burl&client=c2s&src=imp&bfip=185.29.135.173 HTTP 302
  • https://tags.mathtag.com/ck-confirm?bid_id=5115181578721000456&node_id=2635&exch_id=9
Request Chain 241
  • https://hal900028.redintelligence.net/request.php?zone=anfzfndq19r8&nw=20&renderingType=javascript&namespace=2c878d31ee&subid=&uid=37bf87d1c0c21722&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&extVar[]=MMA_SSP%3Aruc&envData=&gdpr=0&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fexch_aid%3Ddd86ca5188370aa2ae277d791c6f572d14606175_15%26mt_aid%3D5115181578721000456%26mt_id%3D10254021%26mt_adid%3D226589%26mt_sid%3D11095981%26mt_exid%3D9%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3D47d7623a-018d-4801-97fb-bf20fad58601%26mt_cid%3D47d7623a-018d-4801-97fb-bf20fad58601%26mt_3pck%3Dhttps%253A%2F%2Fbeacon-nf.rubiconproject.com%2Fbeacon%2Fv2%2Ft%2F0%2Fa75dac81-9466-4a3b-b545-f230b68983b3%2F%26redirect%3D&documentReferer=https%3A%2F%2Fthreatpost.com%2Fmicrosoft-exchange-exploited-cuba-ransomware%2F178665%2F%3Fes_id%3D3416c12156&ancestorOrigins=https%3A%2F%2Fthreatpost.com&random=6756889401911&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0 HTTP 302
  • https://hal900028.redintelligence.net/request.php?zone=anfzfndq19r8&nw=20&renderingType=javascript&namespace=2c878d31ee&subid=&uid=37bf87d1c0c21722&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&extVar[]=MMA_SSP%3Aruc&envData=&gdpr=0&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fexch_aid%3Ddd86ca5188370aa2ae277d791c6f572d14606175_15%26mt_aid%3D5115181578721000456%26mt_id%3D10254021%26mt_adid%3D226589%26mt_sid%3D11095981%26mt_exid%3D9%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3D47d7623a-018d-4801-97fb-bf20fad58601%26mt_cid%3D47d7623a-018d-4801-97fb-bf20fad58601%26mt_3pck%3Dhttps%253A%2F%2Fbeacon-nf.rubiconproject.com%2Fbeacon%2Fv2%2Ft%2F0%2Fa75dac81-9466-4a3b-b545-f230b68983b3%2F%26redirect%3D&documentReferer=https%3A%2F%2Fthreatpost.com%2Fmicrosoft-exchange-exploited-cuba-ransomware%2F178665%2F%3Fes_id%3D3416c12156&ancestorOrigins=https%3A%2F%2Fthreatpost.com&random=6756889401911&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Request Chain 270
  • https://pixel.everesttech.net/1/m?url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Deverest%26google_hm%3D__EFGSURFER_USB64__%26google_push%3DAYg5qPL_s6oymH7uR-CuQEiJLdRC7d3c9RW3-2sr3EjWfcXG84X7G3tUZeMQiwJJDIJlgna5UpZE-QW3U8DEjYBd_La-sXsPQ5I&google_gid=CAESEMyWdv4R5jHXa_QMgBfKLTw&google_cver=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WWpvQml3QUFBRTlYVXdQMA&google_push=AYg5qPL_s6oymH7uR-CuQEiJLdRC7d3c9RW3-2sr3EjWfcXG84X7G3tUZeMQiwJJDIJlgna5UpZE-QW3U8DEjYBd_La-sXsPQ5I
Request Chain 271
  • https://id.rlcdn.com/466606.gif?cparams=google_push%3DAYg5qPJ4Rsx1Kelwpb0CH6bbEJcucJwkSPnq2SpGkN1Cd9LkR7x_bbKjHicWwZxFJHE_emb3mq2JIk7soikoYLdR4ySGEtf3hA&google_gid=CAESEK5z_MngaUxYdZxY05FaARg&google_cver=1 HTTP 307
  • https://id.rlcdn.com/1000.gif?memo=CK69HBoNCI6D6JEGEgUI6AcQAEIASm5nb29nbGVfcHVzaD1BWWc1cVBKNFJzeDFLZWx3cGIwQ0g2YmJFSmN1Y0p3a1NQbnEyU3BHa04xQ2Q5TGtSN3hfYmJLakhpY1d3WnhGSkhFX2VtYjNtcTJKSWs3c29pa29ZTGRSNHlTR0V0ZjNoQQ HTTP 307
  • https://cm.g.doubleclick.net/pixel?google_nid=liveramp&google_hm=WGMzMDcwQlFTczE5V0dMdUZZUXJTQTlwTVViSzJDdlFMVF84c0hBM0tRWWp5aDZzWQ==&google_push
Request Chain 273
  • https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEACqxLqgyHTmmuEjX4oKi3s&google_cver=1&google_push=AYg5qPLGIdRcueM_qB4SQNUXlK8EYzQOtOVIKh8BF2Rh8pZPFHpQ8QzRksA7MtOYAbyhARwL4JBXHPgSw1HT9dhhWxxfGqU-bUQ HTTP 302
  • https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEACqxLqgyHTmmuEjX4oKi3s&google_cver=1&google_push=AYg5qPLGIdRcueM_qB4SQNUXlK8EYzQOtOVIKh8BF2Rh8pZPFHpQ8QzRksA7MtOYAbyhARwL4JBXHPgSw1HT9dhhWxxfGqU-bUQ&rdf=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=6Mqsl4HIShaBDongFgVKdQ%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPLGIdRcueM_qB4SQNUXlK8EYzQOtOVIKh8BF2Rh8pZPFHpQ8QzRksA7MtOYAbyhARwL4JBXHPgSw1HT9dhhWxxfGqU-bUQ
Request Chain 274
  • https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEF7coMKGXqAQyfob6I9liJ0&google_cver=1&google_push=AYg5qPJEMOD8kW9cpb7FWPLSSqVTl96haXSMs5FV0vwLqKPF7V-iBwKaSOlbJVuPlvC3YQ34eXUDiXwP4jQ4l-nEVp8sek43ZNE HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDEyRFpIUlUtTy03SlJW&google_push=AYg5qPJEMOD8kW9cpb7FWPLSSqVTl96haXSMs5FV0vwLqKPF7V-iBwKaSOlbJVuPlvC3YQ34eXUDiXwP4jQ4l-nEVp8sek43ZNE
Request Chain 275
  • https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEJkLEZtPw0tnVRew374L2V4&google_cver=1&google_push=AYg5qPJaNyee3Gbro3hWe3rxAeY_g9aiOaNd6qSYKZKa_r120C_KakrbQVRLsNcyiWEmgHPCPMy2iRwiJOE-xZ_qXNO9FiSTB44 HTTP 302
  • https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_cver=1&google_gid=CAESEJkLEZtPw0tnVRew374L2V4&google_push=AYg5qPJaNyee3Gbro3hWe3rxAeY_g9aiOaNd6qSYKZKa_r120C_KakrbQVRLsNcyiWEmgHPCPMy2iRwiJOE-xZ_qXNO9FiSTB44&s=184023&C=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YjoBjhvAXocsZHzZFRdRxwAABHEAAAAB&google_cver=1&google_push=AYg5qPJaNyee3Gbro3hWe3rxAeY_g9aiOaNd6qSYKZKa_r120C_KakrbQVRLsNcyiWEmgHPCPMy2iRwiJOE-xZ_qXNO9FiSTB44&google_gid=CAESEJkLEZtPw0tnVRew374L2V4 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YjoBjhvAXocsZHzZFRdRxwAABHEAAAAB&google_cver=1&google_push=AYg5qPJaNyee3Gbro3hWe3rxAeY_g9aiOaNd6qSYKZKa_r120C_KakrbQVRLsNcyiWEmgHPCPMy2iRwiJOE-xZ_qXNO9FiSTB44&google_gid=CAESEJkLEZtPw0tnVRew374L2V4 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YjoBjhvAXocsZHzZFRdRxwAABHEAAAAB&google_cver=1&google_push=AYg5qPJaNyee3Gbro3hWe3rxAeY_g9aiOaNd6qSYKZKa_r120C_KakrbQVRLsNcyiWEmgHPCPMy2iRwiJOE-xZ_qXNO9FiSTB44&google_gid=CAESEJkLEZtPw0tnVRew374L2V4 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YjoBjhvAXocsZHzZFRdRxwAABHEAAAAB&google_cver=1&google_push=AYg5qPJaNyee3Gbro3hWe3rxAeY_g9aiOaNd6qSYKZKa_r120C_KakrbQVRLsNcyiWEmgHPCPMy2iRwiJOE-xZ_qXNO9FiSTB44&google_gid=CAESEJkLEZtPw0tnVRew374L2V4 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YjoBjhvAXocsZHzZFRdRxwAABHEAAAAB&google_cver=1&google_push=AYg5qPJaNyee3Gbro3hWe3rxAeY_g9aiOaNd6qSYKZKa_r120C_KakrbQVRLsNcyiWEmgHPCPMy2iRwiJOE-xZ_qXNO9FiSTB44&google_gid=CAESEJkLEZtPw0tnVRew374L2V4 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YjoBjhvAXocsZHzZFRdRxwAABHEAAAAB&google_cver=1&google_push=AYg5qPJaNyee3Gbro3hWe3rxAeY_g9aiOaNd6qSYKZKa_r120C_KakrbQVRLsNcyiWEmgHPCPMy2iRwiJOE-xZ_qXNO9FiSTB44&google_gid=CAESEJkLEZtPw0tnVRew374L2V4 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YjoBjhvAXocsZHzZFRdRxwAABHEAAAAB&google_cver=1&google_push=AYg5qPJaNyee3Gbro3hWe3rxAeY_g9aiOaNd6qSYKZKa_r120C_KakrbQVRLsNcyiWEmgHPCPMy2iRwiJOE-xZ_qXNO9FiSTB44&google_gid=CAESEJkLEZtPw0tnVRew374L2V4 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YjoBjhvAXocsZHzZFRdRxwAABHEAAAAB&google_cver=1&google_push=AYg5qPJaNyee3Gbro3hWe3rxAeY_g9aiOaNd6qSYKZKa_r120C_KakrbQVRLsNcyiWEmgHPCPMy2iRwiJOE-xZ_qXNO9FiSTB44&google_gid=CAESEJkLEZtPw0tnVRew374L2V4 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YjoBjhvAXocsZHzZFRdRxwAABHEAAAAB&google_cver=1&google_push=AYg5qPJaNyee3Gbro3hWe3rxAeY_g9aiOaNd6qSYKZKa_r120C_KakrbQVRLsNcyiWEmgHPCPMy2iRwiJOE-xZ_qXNO9FiSTB44&google_gid=CAESEJkLEZtPw0tnVRew374L2V4 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YjoBjhvAXocsZHzZFRdRxwAABHEAAAAB&google_cver=1&google_push=AYg5qPJaNyee3Gbro3hWe3rxAeY_g9aiOaNd6qSYKZKa_r120C_KakrbQVRLsNcyiWEmgHPCPMy2iRwiJOE-xZ_qXNO9FiSTB44&google_gid=CAESEJkLEZtPw0tnVRew374L2V4 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YjoBjhvAXocsZHzZFRdRxwAABHEAAAAB&google_cver=1&google_push=AYg5qPJaNyee3Gbro3hWe3rxAeY_g9aiOaNd6qSYKZKa_r120C_KakrbQVRLsNcyiWEmgHPCPMy2iRwiJOE-xZ_qXNO9FiSTB44&google_gid=CAESEJkLEZtPw0tnVRew374L2V4 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YjoBjhvAXocsZHzZFRdRxwAABHEAAAAB&google_cver=1&google_push=AYg5qPJaNyee3Gbro3hWe3rxAeY_g9aiOaNd6qSYKZKa_r120C_KakrbQVRLsNcyiWEmgHPCPMy2iRwiJOE-xZ_qXNO9FiSTB44&google_gid=CAESEJkLEZtPw0tnVRew374L2V4 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YjoBjhvAXocsZHzZFRdRxwAABHEAAAAB&google_cver=1&google_push=AYg5qPJaNyee3Gbro3hWe3rxAeY_g9aiOaNd6qSYKZKa_r120C_KakrbQVRLsNcyiWEmgHPCPMy2iRwiJOE-xZ_qXNO9FiSTB44&google_gid=CAESEJkLEZtPw0tnVRew374L2V4 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YjoBjhvAXocsZHzZFRdRxwAABHEAAAAB&google_cver=1&google_push=AYg5qPJaNyee3Gbro3hWe3rxAeY_g9aiOaNd6qSYKZKa_r120C_KakrbQVRLsNcyiWEmgHPCPMy2iRwiJOE-xZ_qXNO9FiSTB44&google_gid=CAESEJkLEZtPw0tnVRew374L2V4 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YjoBjhvAXocsZHzZFRdRxwAABHEAAAAB&google_cver=1&google_push=AYg5qPJaNyee3Gbro3hWe3rxAeY_g9aiOaNd6qSYKZKa_r120C_KakrbQVRLsNcyiWEmgHPCPMy2iRwiJOE-xZ_qXNO9FiSTB44&google_gid=CAESEJkLEZtPw0tnVRew374L2V4 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YjoBjhvAXocsZHzZFRdRxwAABHEAAAAB&google_cver=1&google_push=AYg5qPJaNyee3Gbro3hWe3rxAeY_g9aiOaNd6qSYKZKa_r120C_KakrbQVRLsNcyiWEmgHPCPMy2iRwiJOE-xZ_qXNO9FiSTB44&google_gid=CAESEJkLEZtPw0tnVRew374L2V4 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YjoBjhvAXocsZHzZFRdRxwAABHEAAAAB&google_cver=1&google_push=AYg5qPJaNyee3Gbro3hWe3rxAeY_g9aiOaNd6qSYKZKa_r120C_KakrbQVRLsNcyiWEmgHPCPMy2iRwiJOE-xZ_qXNO9FiSTB44&google_gid=CAESEJkLEZtPw0tnVRew374L2V4 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YjoBjhvAXocsZHzZFRdRxwAABHEAAAAB&google_cver=1&google_push=AYg5qPJaNyee3Gbro3hWe3rxAeY_g9aiOaNd6qSYKZKa_r120C_KakrbQVRLsNcyiWEmgHPCPMy2iRwiJOE-xZ_qXNO9FiSTB44&google_gid=CAESEJkLEZtPw0tnVRew374L2V4 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YjoBjhvAXocsZHzZFRdRxwAABHEAAAAB&google_cver=1&google_push=AYg5qPJaNyee3Gbro3hWe3rxAeY_g9aiOaNd6qSYKZKa_r120C_KakrbQVRLsNcyiWEmgHPCPMy2iRwiJOE-xZ_qXNO9FiSTB44&google_gid=CAESEJkLEZtPw0tnVRew374L2V4
Request Chain 294
  • https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEPWUMNLO1fWFhMIenVyQark&google_cver=1&google_push=AYg5qPIe_nVWoq3t3QegtAJFNDKLdO1FEmcxkNdP5ncbZOOxzcRXU4W7Cn7YYK8rhz_M1b9yIhazk-zHNrdcIfTmLOuRI6_LT5mJ HTTP 302
  • https://cm.g.doubleclick.net/pixel?&google_nid=B765081F39B1F7&google_push=AYg5qPIe_nVWoq3t3QegtAJFNDKLdO1FEmcxkNdP5ncbZOOxzcRXU4W7Cn7YYK8rhz_M1b9yIhazk-zHNrdcIfTmLOuRI6_LT5mJ&google_hm=b-5OYOw3mYKFrhIQ_YoYhA
Request Chain 295
  • https://d.agkn.com/pixel/2175/?google_gid=CAESEGz_hML0SIvBfx633Oiiz_4&google_cver=1&google_push=AYg5qPJtYFKqQo3qWKo5KS-IDxHF6XEuHlASJ1rxKXH2us5Zn79lpHtsbkMYKMbSN1fB6Y0bz8skPP3KnF-4vZ3y_WX_Aj15acvA HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=AYg5qPJtYFKqQo3qWKo5KS-IDxHF6XEuHlASJ1rxKXH2us5Zn79lpHtsbkMYKMbSN1fB6Y0bz8skPP3KnF-4vZ3y_WX_Aj15acvA&google_hm=Q0FFU0VHel9oTUwwU0l2QmZ4NjMzT2lpel80
Request Chain 298
  • https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEACqxLqgyHTmmuEjX4oKi3s&google_cver=1&google_push=AYg5qPKGwqlu7dZX5MM_8JrxvRbTUpoScGs786HU6Kdg2nNG8ToTGAOGyXusbrtkCWac3WJol6Bc-X0J8DxyfgTowsKv1BhusWQ HTTP 302
  • https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEACqxLqgyHTmmuEjX4oKi3s&google_cver=1&google_push=AYg5qPKGwqlu7dZX5MM_8JrxvRbTUpoScGs786HU6Kdg2nNG8ToTGAOGyXusbrtkCWac3WJol6Bc-X0J8DxyfgTowsKv1BhusWQ&rdf=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=nlBiZzz0Qt6o1g-pHp9AkA%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPKGwqlu7dZX5MM_8JrxvRbTUpoScGs786HU6Kdg2nNG8ToTGAOGyXusbrtkCWac3WJol6Bc-X0J8DxyfgTowsKv1BhusWQ
Request Chain 299
  • https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEF7coMKGXqAQyfob6I9liJ0&google_cver=1&google_push=AYg5qPLKWzwjPLCMP9RYlZ7QaQFseCQJLaK7P_o8_KVCZqLDttV4gxrSPhFMPJSJH9uhmEFuiuRFKAYiLVk2yY5IdlZjou90A_zB HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDEyRFpIUlUtTy03SlJW&google_push=AYg5qPLKWzwjPLCMP9RYlZ7QaQFseCQJLaK7P_o8_KVCZqLDttV4gxrSPhFMPJSJH9uhmEFuiuRFKAYiLVk2yY5IdlZjou90A_zB
Request Chain 300
  • https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEJkLEZtPw0tnVRew374L2V4&google_cver=1&google_push=AYg5qPITHwFX3NOrCFpN9ZaqPh4_9Q9OeK3BXlr0RGh07x5-4_9M9e-kQ7Nh-z0D6lSY24W3-MWd9HWbqN6Rad7-h57Su3kVyE6o HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YjoBjhvAXocsZHzZFRdRxwAABHEAAAAB&google_push=AYg5qPITHwFX3NOrCFpN9ZaqPh4_9Q9OeK3BXlr0RGh07x5-4_9M9e-kQ7Nh-z0D6lSY24W3-MWd9HWbqN6Rad7-h57Su3kVyE6o&google_gid=CAESEJkLEZtPw0tnVRew374L2V4&google_cver=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YjoBjhvAXocsZHzZFRdRxwAABHEAAAAB&google_push=AYg5qPITHwFX3NOrCFpN9ZaqPh4_9Q9OeK3BXlr0RGh07x5-4_9M9e-kQ7Nh-z0D6lSY24W3-MWd9HWbqN6Rad7-h57Su3kVyE6o&google_gid=CAESEJkLEZtPw0tnVRew374L2V4&google_cver=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YjoBjhvAXocsZHzZFRdRxwAABHEAAAAB&google_push=AYg5qPITHwFX3NOrCFpN9ZaqPh4_9Q9OeK3BXlr0RGh07x5-4_9M9e-kQ7Nh-z0D6lSY24W3-MWd9HWbqN6Rad7-h57Su3kVyE6o&google_gid=CAESEJkLEZtPw0tnVRew374L2V4&google_cver=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YjoBjhvAXocsZHzZFRdRxwAABHEAAAAB&google_push=AYg5qPITHwFX3NOrCFpN9ZaqPh4_9Q9OeK3BXlr0RGh07x5-4_9M9e-kQ7Nh-z0D6lSY24W3-MWd9HWbqN6Rad7-h57Su3kVyE6o&google_gid=CAESEJkLEZtPw0tnVRew374L2V4&google_cver=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YjoBjhvAXocsZHzZFRdRxwAABHEAAAAB&google_push=AYg5qPITHwFX3NOrCFpN9ZaqPh4_9Q9OeK3BXlr0RGh07x5-4_9M9e-kQ7Nh-z0D6lSY24W3-MWd9HWbqN6Rad7-h57Su3kVyE6o&google_gid=CAESEJkLEZtPw0tnVRew374L2V4&google_cver=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YjoBjhvAXocsZHzZFRdRxwAABHEAAAAB&google_push=AYg5qPITHwFX3NOrCFpN9ZaqPh4_9Q9OeK3BXlr0RGh07x5-4_9M9e-kQ7Nh-z0D6lSY24W3-MWd9HWbqN6Rad7-h57Su3kVyE6o&google_gid=CAESEJkLEZtPw0tnVRew374L2V4&google_cver=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YjoBjhvAXocsZHzZFRdRxwAABHEAAAAB&google_push=AYg5qPITHwFX3NOrCFpN9ZaqPh4_9Q9OeK3BXlr0RGh07x5-4_9M9e-kQ7Nh-z0D6lSY24W3-MWd9HWbqN6Rad7-h57Su3kVyE6o&google_gid=CAESEJkLEZtPw0tnVRew374L2V4&google_cver=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YjoBjhvAXocsZHzZFRdRxwAABHEAAAAB&google_push=AYg5qPITHwFX3NOrCFpN9ZaqPh4_9Q9OeK3BXlr0RGh07x5-4_9M9e-kQ7Nh-z0D6lSY24W3-MWd9HWbqN6Rad7-h57Su3kVyE6o&google_gid=CAESEJkLEZtPw0tnVRew374L2V4&google_cver=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YjoBjhvAXocsZHzZFRdRxwAABHEAAAAB&google_push=AYg5qPITHwFX3NOrCFpN9ZaqPh4_9Q9OeK3BXlr0RGh07x5-4_9M9e-kQ7Nh-z0D6lSY24W3-MWd9HWbqN6Rad7-h57Su3kVyE6o&google_gid=CAESEJkLEZtPw0tnVRew374L2V4&google_cver=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YjoBjhvAXocsZHzZFRdRxwAABHEAAAAB&google_push=AYg5qPITHwFX3NOrCFpN9ZaqPh4_9Q9OeK3BXlr0RGh07x5-4_9M9e-kQ7Nh-z0D6lSY24W3-MWd9HWbqN6Rad7-h57Su3kVyE6o&google_gid=CAESEJkLEZtPw0tnVRew374L2V4&google_cver=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YjoBjhvAXocsZHzZFRdRxwAABHEAAAAB&google_push=AYg5qPITHwFX3NOrCFpN9ZaqPh4_9Q9OeK3BXlr0RGh07x5-4_9M9e-kQ7Nh-z0D6lSY24W3-MWd9HWbqN6Rad7-h57Su3kVyE6o&google_gid=CAESEJkLEZtPw0tnVRew374L2V4&google_cver=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YjoBjhvAXocsZHzZFRdRxwAABHEAAAAB&google_push=AYg5qPITHwFX3NOrCFpN9ZaqPh4_9Q9OeK3BXlr0RGh07x5-4_9M9e-kQ7Nh-z0D6lSY24W3-MWd9HWbqN6Rad7-h57Su3kVyE6o&google_gid=CAESEJkLEZtPw0tnVRew374L2V4&google_cver=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YjoBjhvAXocsZHzZFRdRxwAABHEAAAAB&google_push=AYg5qPITHwFX3NOrCFpN9ZaqPh4_9Q9OeK3BXlr0RGh07x5-4_9M9e-kQ7Nh-z0D6lSY24W3-MWd9HWbqN6Rad7-h57Su3kVyE6o&google_gid=CAESEJkLEZtPw0tnVRew374L2V4&google_cver=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YjoBjhvAXocsZHzZFRdRxwAABHEAAAAB&google_push=AYg5qPITHwFX3NOrCFpN9ZaqPh4_9Q9OeK3BXlr0RGh07x5-4_9M9e-kQ7Nh-z0D6lSY24W3-MWd9HWbqN6Rad7-h57Su3kVyE6o&google_gid=CAESEJkLEZtPw0tnVRew374L2V4&google_cver=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YjoBjhvAXocsZHzZFRdRxwAABHEAAAAB&google_push=AYg5qPITHwFX3NOrCFpN9ZaqPh4_9Q9OeK3BXlr0RGh07x5-4_9M9e-kQ7Nh-z0D6lSY24W3-MWd9HWbqN6Rad7-h57Su3kVyE6o&google_gid=CAESEJkLEZtPw0tnVRew374L2V4&google_cver=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YjoBjhvAXocsZHzZFRdRxwAABHEAAAAB&google_push=AYg5qPITHwFX3NOrCFpN9ZaqPh4_9Q9OeK3BXlr0RGh07x5-4_9M9e-kQ7Nh-z0D6lSY24W3-MWd9HWbqN6Rad7-h57Su3kVyE6o&google_gid=CAESEJkLEZtPw0tnVRew374L2V4&google_cver=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YjoBjhvAXocsZHzZFRdRxwAABHEAAAAB&google_push=AYg5qPITHwFX3NOrCFpN9ZaqPh4_9Q9OeK3BXlr0RGh07x5-4_9M9e-kQ7Nh-z0D6lSY24W3-MWd9HWbqN6Rad7-h57Su3kVyE6o&google_gid=CAESEJkLEZtPw0tnVRew374L2V4&google_cver=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YjoBjhvAXocsZHzZFRdRxwAABHEAAAAB&google_push=AYg5qPITHwFX3NOrCFpN9ZaqPh4_9Q9OeK3BXlr0RGh07x5-4_9M9e-kQ7Nh-z0D6lSY24W3-MWd9HWbqN6Rad7-h57Su3kVyE6o&google_gid=CAESEJkLEZtPw0tnVRew374L2V4&google_cver=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YjoBjhvAXocsZHzZFRdRxwAABHEAAAAB&google_push=AYg5qPITHwFX3NOrCFpN9ZaqPh4_9Q9OeK3BXlr0RGh07x5-4_9M9e-kQ7Nh-z0D6lSY24W3-MWd9HWbqN6Rad7-h57Su3kVyE6o&google_gid=CAESEJkLEZtPw0tnVRew374L2V4&google_cver=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YjoBjhvAXocsZHzZFRdRxwAABHEAAAAB&google_push=AYg5qPITHwFX3NOrCFpN9ZaqPh4_9Q9OeK3BXlr0RGh07x5-4_9M9e-kQ7Nh-z0D6lSY24W3-MWd9HWbqN6Rad7-h57Su3kVyE6o&google_gid=CAESEJkLEZtPw0tnVRew374L2V4&google_cver=1
Request Chain 317
  • https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc&gdpr=0 HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&gdpr=0&put=CAESEKp-Qk_tZEv98P_muAoxG2A&google_cver=1
Request Chain 319
  • https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=&gdpr=0 HTTP 302
  • https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=&gdpr=0&dcc=t HTTP 302
  • https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=COJkjIbaQ4aiVgD_R8UJaQ&rk=usync-other&gdpr=0 HTTP 302
  • https://aax-eu.amazon-adsystem.com/s/ecm3?ex=rubiconprojectHMT&id=COJkjIbaQ4aiVgD_R8UJaQ&gdpr=0
Request Chain 320
  • https://token.rubiconproject.com/token?pid=25470&gdpr=0 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDEyRFpIUlUtTy03SlJW&gdpr=0
Request Chain 321
  • https://token.rubiconproject.com/token?pid=36584&gdpr=0 HTTP 302
  • https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=L12DZHRU-O-7JRV&gdpr=0
Request Chain 322
  • https://token.rubiconproject.com/token?pid=2249&pt=n&gdpr=0 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=NGYwODE0OTU2MTk0MjdhMzczNzNkYmQzYzI5NzcwNDJhY2U3MTlhNg&gdpr=0
Request Chain 323
  • https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=&gdpr=0 HTTP 302
  • https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=&gdpr=0&dcc=t HTTP 302
  • https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=YI9Xqh5aRl-RSAGBjAOgBQ&rk=usync-na&gdpr=0 HTTP 302
  • https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=YI9Xqh5aRl-RSAGBjAOgBQ&gdpr=0
Request Chain 332
  • https://www.telefonica-partner.de/tpv.php?t=117679V1226132702M&subid=oneidPJ4HBfEbaJw4C9HjHbtMtPPxuZT9TkGCponeid__asuidNhbHSjMuvY9e0Im09RbVsen17FyuU8yfasuid__suite_Netmix_Reach43_TopRotaMonth&gdpr_consent=&gdpr=0&gdpr_pd=0 HTTP 302
  • https://www.lead-alliance.net/tpv.php?t=117679V1226132702M&subid=oneidPJ4HBfEbaJw4C9HjHbtMtPPxuZT9TkGCponeid__asuidNhbHSjMuvY9e0Im09RbVsen17FyuU8yfasuid__suite_Netmix_Reach43_TopRotaMonth&gdpr_consent=&gdpr=0&gdpr_pd=0 HTTP 302
  • https://partner.o2online.de/a/?i=pview&client=o2&camp=pview&l=de&nw=lea1&affiliate=117679&s_id=2022032218041566049676117X117679V1226132702MSoneidPJ4HBfEbaJw4C9HjHbtMtPPxuZT9TkGCponeid__asuidNhbHSjMuvY9e0Im09RbVsen17FyuU8yfasuid__suite_Netmix_Reach43_TopRotaMonth&spid=2022032218041566049676117X117679V1226132702MSoneidPJ4HBfEbaJw4C9HjHbtMtPPxuZT9TkGCponeid__asuidNhbHSjMuvY9e0Im09RbVsen17FyuU8yfasuid__suite_Netmix_Reach43_TopRotaMonth&wfid=117679
Request Chain 335
  • https://www.telefonica-partner.de/tpv.php?t=117663V1225131106M&subid=oneidpVEU1f8gfmgx6akH4HmtztQQKhgTRT12UEoneid__asuidNhbHSjMuvY9e0Im09RbVsen17FyuU8yfasuid__suite_Netmix_Reach43_TopRotaMonth&gdpr_consent=&gdpr=0&gdpr_pd=0 HTTP 302
  • https://www.lead-alliance.net/tpv.php?t=117663V1225131106M&subid=oneidpVEU1f8gfmgx6akH4HmtztQQKhgTRT12UEoneid__asuidNhbHSjMuvY9e0Im09RbVsen17FyuU8yfasuid__suite_Netmix_Reach43_TopRotaMonth&gdpr_consent=&gdpr=0&gdpr_pd=0 HTTP 302
  • https://partner.blau.de/a/?i=pview&client=blau&camp=pview&l=de&nw=lea1&affiliate=117663&s_id=2022032218041566049676111X117663V1225131106MSoneidpVEU1f8gfmgx6akH4HmtztQQKhgTRT12UEoneid__asuidNhbHSjMuvY9e0Im09RbVsen17FyuU8yfasuid__suite_Netmix_Reach43_TopRotaMonth
Request Chain 359
  • https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fthreatpost.com%2F&domain=threatpost.com&cw=1&lsw=1 HTTP 302
  • https://mug.criteo.com/sid?cpp=0bfZzXxOQ2Z3ZUZ2ZVZTa3ArekdrN3gyWEdhazcvWE5UK0xHMnNzazRyT0dNNE10WGo1eHRQaFJWYlg2aUlqZm92WGRnMGlBSmxsUnFkTnk5SXNib090WmsxNFB0YlUwQUN0VlZ1VmJRRTV0N2hiTmE4M2svWUxDVkd5S2FwTkRHeDNDOVJNRllhSUVIUWpqdXF1RlRTY0gvMnpaa1lmalZvUXA5Uk5iRVBjbUtLQVYyYllIMzFUMExiRVRrazZBREtpTVNxZ01mVTlOVDhyNDNRWS82UElNTHluZXUyNWZWNEdXS2lkRTVUY0RNNHhJPXw&cppv=2
Request Chain 368
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=adaptv&ttd_tpi=1 HTTP 302
  • https://match.adsrvr.org/track/cmb/generic?ttd_pid=adaptv&ttd_tpi=1 HTTP 302
  • https://ups.analytics.yahoo.com/ups/55953/sync?uid=07efa453-0fe4-4bae-a09b-a199ca5ac1e1&_origin=1&gdpr=1&gdpr_consent=
Request Chain 369
  • https://sync-tm.everesttech.net/upi/pid/m7y5t93k?gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fpixel.advertising.com%2Fups%2F55986%2Fsync%3Fuid%3D%24%7BUSER_ID%7D%26_origin%3D0&gdpr=0&gdpr_consent= HTTP 302
  • https://pixel.advertising.com/ups/55986/sync?uid=YjoBiwAAAE9XUwP0&_origin=0&gdpr=0&gdpr_consent= HTTP 302
  • https://ups.analytics.yahoo.com/ups/55986/sync?uid=YjoBiwAAAE9XUwP0&_origin=0&gdpr=0&gdpr_consent=&apid=UP1aa28ddf-aa02-11ec-b5ae-065f72b997e2 HTTP 302
  • https://ups.analytics.yahoo.com/ups/55986/sync?uid=YjoBiwAAAE9XUwP0&_origin=0&gdpr=0&gdpr_consent=&apid=UP1aa28ddf-aa02-11ec-b5ae-065f72b997e2&verify=true
Request Chain 370
  • https://pixel.advertising.com/ups/57304/sync?gdpr=&gdpr_consent=&_origin=0&redir=true HTTP 302
  • https://pixel.advertising.com/ups/57304/sync?gdpr=&gdpr_consent=&_origin=0&redir=true&verify=true HTTP 302
  • https://ups.analytics.yahoo.com/ups/57304/sync?gdpr=&gdpr_consent=&_origin=0&redir=true&apid=UP1aa28ddf-aa02-11ec-b5ae-065f72b997e2 HTTP 302
  • https://ups.analytics.yahoo.com/ups/57304/sync?gdpr=&gdpr_consent=&_origin=0&redir=true&apid=UP1aa28ddf-aa02-11ec-b5ae-065f72b997e2&verify=true HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=adaptv_dbm&google_cm&google_hm=VVAxYWEyOGRkZi1hYTAyLTExZWMtYjVhZS0wNjVmNzJiOTk3ZTI%3D HTTP 302
  • https://pixel.advertising.com/ups/57304/sync?uid=CAESEI52o2WGClrXqa_yj_1gDAU&google_cver=1 HTTP 302
  • https://ups.analytics.yahoo.com/ups/57304/sync?uid=CAESEI52o2WGClrXqa_yj_1gDAU&google_cver=1&apid=UP1aa28ddf-aa02-11ec-b5ae-065f72b997e2
Request Chain 371
  • https://sync.mathtag.com/sync/img?mt_exid=5&redir=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D536872786%26val%3D%5BMM_UUID%5D HTTP 302
  • https://eu-u.openx.net/w/1.0/sd?id=536872786&val=47d7623a-018d-4801-97fb-bf20fad58601
Request Chain 372
  • https://pixel.quantserve.com/pixel/p-25CIknq_eSg16.gif?idmatch=0&gdpr=0 HTTP 302
  • https://us-u.openx.net/w/1.0/sd?id=537072956&&val=KpahNCyVqjYxkfQ0K5O_M33F8WMxl_Q2Kpx3tzir
Request Chain 373
  • https://c1.adform.net/serving/cookie/match?party=22 HTTP 302
  • https://eu-u.openx.net/w/1.0/sd?id=537113484&val=6967991161719458634
Request Chain 376
  • https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc HTTP 302
  • https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESECmT0e7PfZlOsxrWi-1gGew&google_cver=1
Request Chain 378
  • https://sync.mathtag.com/sync/img?mt_exid=5&redir=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D536872786%26val%3D%5BMM_UUID%5D HTTP 302
  • https://eu-u.openx.net/w/1.0/sd?id=536872786&val=47d7623a-018d-4801-97fb-bf20fad58601
Request Chain 379
  • https://pixel.quantserve.com/pixel/p-25CIknq_eSg16.gif?idmatch=0&gdpr=0 HTTP 302
  • https://us-u.openx.net/w/1.0/sd?id=537072956&&val=KpahNCyVqjYxkfQ0K5O_M33F8WMxl_Q2Kpx3tzir
Request Chain 380
  • https://c1.adform.net/serving/cookie/match?party=22 HTTP 302
  • https://eu-u.openx.net/w/1.0/sd?id=537113484&val=6967991161719458634
Request Chain 383
  • https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc HTTP 302
  • https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESECmT0e7PfZlOsxrWi-1gGew&google_cver=1
Request Chain 395
  • https://sync.serverbid.com/ss/2000891.html HTTP 302
  • https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/2000891.html
Request Chain 396
  • https://eb2.3lift.com/sync HTTP 302
  • https://eb2.3lift.com/sync?&ld=1
Request Chain 406
  • https://pm.w55c.net/ping_match.gif?ei=OPENX&rurl=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537072979%26val%3D_wfivefivec_ HTTP 302
  • https://pm.w55c.net/ping_match.gif?scc=1&ei=OPENX&rurl=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537072979%26val%3D_wfivefivec_ HTTP 302
  • https://eu-u.openx.net/w/1.0/sd?id=537072979&val=G0YYzYXu1NwHVD5
Request Chain 407
  • https://x.bidswitch.net/sync?ssp=openx HTTP 302
  • https://x.bidswitch.net/ul_cb/sync?ssp=openx HTTP 302
  • https://sync.srv.stackadapt.com/sync?nid=50&gdpr=&gdpr_consent=&gdpr_pd=&ssp=openx HTTP 302
  • https://x.bidswitch.net/sync?dsp_id=188&user_id=Eo1n_6jeRrx-hcfE2uUB_lQTr7c&user_group=1&ssp=openx HTTP 302
  • https://us-u.openx.net/w/1.0/sd?id=537072968&val=ab840884-0966-41c1-9fc9-f763e140d9eb&gdpr=&gdpr_consent=
Request Chain 408
  • https://ib.adnxs.com/getuid?https://eu-u.openx.net/w/1.0/sd?id=537072399&val=$UID HTTP 302
  • https://eu-u.openx.net/w/1.0/sd?id=537072399&val=2379099401653619541
Request Chain 412
  • https://eb2.3lift.com/ebda?sync=1&gdpr=1&cmp_cs= HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=Mjk1NzA4NDYxMjc5ODU2Njg5ODgxNg%3D%3D
Request Chain 414
  • https://eb2.3lift.com/sync/google/demand?sync=1&gdpr=1&gdpr_consent= HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=triplelift&gdpr=1&gdpr_consent=&us_privacy=&google_hm=Mjk1NzA4NDYxMjc5ODU2Njg5ODgxNg%3D%3D
Request Chain 416
  • https://pr-bh.ybp.yahoo.com/sync/triplelift/2957084612798566898816?gdpr=1&gdpr_consent= HTTP 302
  • https://eb2.3lift.com/xuid?mid=2662&xuid=y-PFr4KnxE2oQ3svpQnuQy_seP6w2h6q5vWtoTJ5SSkw--~A&dongle=0883
Request Chain 419
  • https://s.amazon-adsystem.com/x/757c0557066e95cfd4c7?gdpr=1&gdpr_consent=&uid=2957084612798566898816 HTTP 302
  • https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&dl=3lift&gdpr=1&gdpr_consent=&uid=2957084612798566898816&dcc=t
Request Chain 420
  • https://b1sync.zemanta.com/usersync/triplelift?gdpr=1&gdpr_consent= HTTP 302
  • https://eb2.3lift.com/xuid?mid=2460&dongle=dba8&xuid=&gdpr=1
Request Chain 426
  • https://ib.adnxs.com/getuid?https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D312%26uid%3D%24UID HTTP 302
  • https://ads.servenobid.com/sync?pid=312&uid=2379099401653619541
Request Chain 427
  • https://ce.lijit.com/merge?pid=273657&3pid=273657&gdpr=0&gdpr_consent=&us_privacy=1YN-&&location=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D310%26uid%3D%5BSOVRNID%5D HTTP 302
  • https://ads.servenobid.com/sync?pid=310&uid=ac980dfa20325f43a9edd625
Request Chain 429
  • https://sync.1rx.io/usersync2/rmpssp?sub=duration&redir=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D321%26uid%3D%5BRX_UUID%5D HTTP 302
  • https://sync.1rx.io/usersync2/rmpssp?sub=duration&zcc=1&redir=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D321%26uid%3D%5BRX_UUID%5D&cb=1647968658521 HTTP 302
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=8811928793 HTTP 302
  • https://sync.1rx.io/usersync/tradedesk/07efa453-0fe4-4bae-a09b-a199ca5ac1e1
Request Chain 430
  • https://p.rfihub.com/cm?pub=44007&in=1 HTTP 302
  • https://ads.servenobid.com/sync?pid=324&uid=5108559722826149862
Request Chain 432
  • https://prebid.a-mo.net/cchain/0?gdpr=0&gdpr_consent=&us_privacy=1YN-&&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D327%26uid%3D HTTP 302
  • https://ads.servenobid.com/sync?pid=327&uid=2b2f22e0-0f66-4031-8737-2f4fc4a7d227&gdpr=0&gdpr_consent=&us_privacy=1YN-
Request Chain 433
  • https://ups.analytics.yahoo.com/ups/58559/occ HTTP 302
  • https://ads.servenobid.com/sync?pid=337&uid=y-C7sD4utE2uEL7KkZ0eLoQPfscVlE_CPrw92EZNA-~A
Request Chain 434
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YjoBjhvAXocsZHzZFRdRxwAABHEAAAAB HTTP 302
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YjoBjhvAXocsZHzZFRdRxwAABHEAAAAB&dcc=t
Request Chain 437
  • https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D&gdpr=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=YjoBjhvAXocsZHzZFRdRxwAA HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEIeUElOF5gHpBtG1JBXzeqs&google_cver=1&gdpr=1
Request Chain 439
  • https://sync.adotmob.com/cookie/indexexchange?r=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum%3Fcm_dsp_id%3D13%26external_user_id%3D%7bamob_user_id%7d%26expiration%3D%5bEXPIRATION%5d&gdpr=1 HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=13&external_user_id=%7Bamob_user_id%7D&expiration=[EXPIRATION]&gdpr=1
Request Chain 441
  • https://d.adroll.com/cm/index/ssp?gdpr=1 HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=105&external_user_id=0
Request Chain 444
  • https://c1.adform.net/serving/cookie/match?party=10&sspurl=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D22%26partneruserid%3DYOUR_USER_ID&gdpr=0&gdpr_consent= HTTP 302
  • https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=22&partneruserid=6967991161719458634&gdpr=0&gdpr_consent=
Request Chain 446
  • https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=134&partneruserid=OB_OK&redirurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dsmart_adserver_eb%26google_hm%3DSMART_USER_ID_B64&gdpr=0&gdpr_consent= HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=smart_adserver_eb&google_hm=NTU5NDA4OTQ3OTA3MTk4MTY0Mw==&gdpr=0&gdpr_consent=
Request Chain 447
  • https://sync.1rx.io/usersync2/smartadserver?gdpr=0&gdpr_consent= HTTP 302
  • https://sync.1rx.io/usersync2/smartadserver?zcc=1&cb=1647968659189 HTTP 302
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=949080090 HTTP 302
  • https://sync.1rx.io/usersync/tradedesk/07efa453-0fe4-4bae-a09b-a199ca5ac1e1 HTTP 302
  • https://sync.targeting.unrulymedia.com/csync/RX-c9a8738f-14ca-4706-9e6f-a9541f892c23-003?redir=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fpartnerid%3D113%26partneruserid%3DRX-c9a8738f-14ca-4706-9e6f-a9541f892c23-003 HTTP 302
  • https://rtb-csync.smartadserver.com/redir/?partnerid=113&partneruserid=RX-c9a8738f-14ca-4706-9e6f-a9541f892c23-003
Request Chain 448
  • https://secure.adnxs.com/getuid?https://rtb.gumgum.com/usersync?b=apn&i=$UID HTTP 302
  • https://rtb.gumgum.com/usersync?b=apn&i=2379099401653619541
Request Chain 449
  • https://x.bidswitch.net/sync?ssp=gumgum2&user_id=e_fae981dc-1825-4da6-a9c8-6bc11c7b2691&gdpr=0&gdpr_consent=&us_privacy=1--- HTTP 302
  • https://c1.adform.net/serving/cookie/match/?party=24&bidswitch_ssp_id=gumgum2 HTTP 302
  • https://x.bidswitch.net/sync?dsp_id=70&user_id=6967991161719458634&ssp=gumgum2 HTTP 302
  • https://rtb.gumgum.com/usersync?b=bsw&i=ab840884-0966-41c1-9fc9-f763e140d9eb
Request Chain 450
  • https://sync.outbrain.com/redirectObuid?platformId=GUMGU18H7EL9NI653I7DPEH51&gdpr=0&gdprConsent=&platformRdUrl=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dobn%26i%3D%7BOB_UID%7D%26r%3D%7BobRdUrl%7D HTTP 302
  • https://rtb.gumgum.com/usersync?b=obn&i=ENC%28r0PELE_6hGDFPMd_VCH3T1jJA2mGMakaEEiAFWSRGpI6TNLlSas_x5uQyOYeVqHq%29&r=https%3A%2F%2Fsync.outbrain.com%2FsyncUser%3FplatformId%3D%7Bplatform_id%7D%26platformUid%3D%7Bplatform_uid%7D%26obuid%3DENC%28r0PELE_6hGDFPMd_VCH3T1jJA2mGMakaEEiAFWSRGpI6TNLlSas_x5uQyOYeVqHq%29 HTTP 302
  • https://sync.outbrain.com/syncUser?platformId=GUMGU18H7EL9NI653I7DPEH51&platformUid=e_fae981dc-1825-4da6-a9c8-6bc11c7b2691&obuid=ENC(r0PELE_6hGDFPMd_VCH3T1jJA2mGMakaEEiAFWSRGpI6TNLlSas_x5uQyOYeVqHq) HTTP 302
  • https://sync.outbrain.com/syncPartner?platformId=GUMGU18H7EL9NI653I7DPEH51 HTTP 302
  • https://ssum-sec.casalemedia.com/usermatchredir?s=193091&cb=https%3A%2F%2Fsync.outbrain.com%2Fcookie-sync%3Fp%3Dindxexcg%26uid%3D%24%7BUSER%7D%26obUid%3Dr0PELE_6hGDFPMd_VCH3T1jJA2mGMakaEEiAFWSRGpI6TNLlSas_x5uQyOYeVqHq HTTP 302
  • https://sync.outbrain.com/cookie-sync?p=indxexcg&uid=YjoBjhvAXocsZHzZFRdRxwAABHEAAAAB&obUid=r0PELE_6hGDFPMd_VCH3T1jJA2mGMakaEEiAFWSRGpI6TNLlSas_x5uQyOYeVqHq
Request Chain 451
  • https://us-u.openx.net/w/1.0/cm?_={CACHEBUSTER}&id=47f31213-389c-4904-aaa6-9b11aab9c211&gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dopx%26i%3D HTTP 302
  • https://rtb.gumgum.com/usersync?b=opx&i=8e1b3dfb-5bea-432a-8191-769d06ec6051
Request Chain 452
  • https://sync.srv.stackadapt.com/sync?nid=1&gdpr=0&gdpr_consent= HTTP 302
  • https://rtb.gumgum.com/usersync?b=sta&i=0-4fe39024-a5a1-4592-6d33-51cfc501da41$ip$84.19.175.183
Request Chain 453
  • https://pr-bh.ybp.yahoo.com/sync/gumgum?gdpr=0&gdpr_consent= HTTP 302
  • https://rtb.gumgum.com/usersync?b=oth&i=y-dPNuGjtE2pfFYHMogEb2FDt3ovuaW8eF1npt~A
Request Chain 454
  • https://sync.ipredictive.com/d/sync/cookie/generic?partner=gumgum&cspid=9&append=1&cb=${ADELPHIC_CACHE_BUSTER}&gdpr=0&gdpr_consent=&us_privacy=1---&redirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dvnt%26i%3D HTTP 302
  • https://rtb.gumgum.com/usersync?b=vnt&i=1c65c1c7-aa02-11ec-b3ae-b9599d422bef
Request Chain 457
  • https://b1sync.zemanta.com/usersync/gumgum/?puid=e_fae981dc-1825-4da6-a9c8-6bc11c7b2691&gdpr=0&gdpr_consent=&us_privacy=1--- HTTP 302
  • https://stags.bluekai.com/site/23178?id=tviPBarB3vcFY4f7kAcY&redir=https%3A%2F%2Fb1sync.zemanta.com%2Fusersync%2Fbluekai%2Fcallback%2F%3Fd%3DNB2HI4DTHIXS64TUMIXGO5LNM52W2LTDN5WS65LTMVZHG6LOMM7WEPL2MVWSMZLYMNUGC3THMU6WO5LNM52W2JTHMRYHEPJQEZUT25DWNFIEEYLSIIZXMY2GLE2GMN3LIFRVSJTVONPXA4TJOZQWG6J5GEWS2LI&gdpr=0&us_privacy=1--- HTTP 302
  • https://b1sync.zemanta.com/usersync/bluekai/callback/?d=NB2HI4DTHIXS64TUMIXGO5LNM52W2LTDN5WS65LTMVZHG6LOMM7WEPL2MVWSMZLYMNUGC3THMU6WO5LNM52W2JTHMRYHEPJQEZUT25DWNFIEEYLSIIZXMY2GLE2GMN3LIFRVSJTVONPXA4TJOZQWG6J5GEWS2LI HTTP 302
  • https://rtb.gumgum.com/usersync?b=zem&gdpr=0&i=tviPBarB3vcFY4f7kAcY&us_privacy=1---
Request Chain 458
  • https://ad.360yield.com/server_match?partner_id=N&r=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Didi%26i%3D%7BPUB_USER_ID%7D HTTP 302
  • https://ad.360yield.com/ul_cb/server_match?partner_id=N&r=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Didi%26i%3D%7BPUB_USER_ID%7D HTTP 302
  • https://usersync.gumgum.com/usersync?b=idi&i=17db3b66-1339-4242-99a7-779b82d2c20d
Request Chain 459
  • https://sync.1rx.io/usersync2/floor6&gdpr=0&gdpr_consent= HTTP 302
  • https://sync.1rx.io/usersync2/floor6?zcc=1&cb=1647968658181 HTTP 302
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=8869519110 HTTP 302
  • https://sync.1rx.io/usersync/tradedesk/07efa453-0fe4-4bae-a09b-a199ca5ac1e1 HTTP 302
  • https://sync.targeting.unrulymedia.com/csync/RX-d6bebc8d-0151-400f-b650-ff1591d8d401-003?redir=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Drhy%26i%3DRX-d6bebc8d-0151-400f-b650-ff1591d8d401-003 HTTP 302
  • https://rtb.gumgum.com/usersync?b=rhy&i=RX-d6bebc8d-0151-400f-b650-ff1591d8d401-003
Request Chain 460
  • https://bh.contextweb.com/bh/rtset?pid=558355&ev=1&rurl=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dpln%26i%3D%25%25VGUID%25%25 HTTP 302
  • https://rtb.gumgum.com/usersync?b=pln&i=qrlaFNWFYcaU&ev=1&pid=558355
Request Chain 463
  • https://sync.mathtag.com/sync/img?mt_exid=71&gdpr=0&gdpr_consent=&redir=https%3a%2f%2frtb.gumgum.com%2fusersync%3fb%3dmmh%26i%3d%5bMM_UUID%5d HTTP 302
  • https://rtb.gumgum.com/usersync?b=mmh&i=47d7623a-018d-4801-97fb-bf20fad58601&gdpr=0&gdpr_consent=
Request Chain 464
  • https://sync-tm.everesttech.net/upi/pid/URnmbSKM?redir=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Datm%26i%3D%24%7BTM_USER_ID%7D&gdpr=0&gdpr_consent= HTTP 302
  • https://usersync.gumgum.com/usersync?b=atm&i=YjoBiwAAAE9XUwP0&gdpr=0&gdpr_consent=
Request Chain 468
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=gumgum&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
  • https://rtb.gumgum.com/usersync?b=ttd&i=07efa453-0fe4-4bae-a09b-a199ca5ac1e1&t=1650560658
Request Chain 469
  • https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=gumgum HTTP 301
  • https://eus.rubiconproject.com/usync.html?p=gumgum
Request Chain 471
  • https://tg.socdm.com/aux/idsync?proto=gumgum HTTP 302
  • https://rtb.gumgum.com/usersync?b=sus&i=YjoBksCo8X8AAPG0N0cAAAAA
Request Chain 472
  • https://creativecdn.com/cm-notify?pi=gumgum HTTP 302
  • https://creativecdn.com/cm-notify?pi=gumgum&tc=1 HTTP 302
  • https://rtb.gumgum.com/usersync?b=rth&i=STC3uhAydmuhAZQevQe1&pi=gumgum&tc=1
Request Chain 474
  • https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=17632&endpoint=us-east HTTP 301
  • https://eus.rubiconproject.com/usync.html?p=17632&endpoint=us-east
Request Chain 478
  • https://ib.adnxs.com/getuid?https%3A%2F%2Fe.serverbid.com%2Fudb%2F9969%2Fsync%2Fi.gif%3FpartnerId%3D28%26userId%3D%24UID HTTP 302
  • https://e.serverbid.com/udb/9969/sync/i.gif?partnerId=28&userId=2379099401653619541
Request Chain 479
  • https://ssum-sec.casalemedia.com/usermatchredir?s=185073&cb=https%3A%2F%2Fe.serverbid.com%2Fudb%2F9969%2Fsync%2Fi.gif%3FpartnerId%3D1%26userId%3D HTTP 302
  • https://e.serverbid.com/udb/9969/sync/i.gif?partnerId=1&userId=YjoBjhvAXocsZHzZFRdRxwAA%261137
Request Chain 480
  • https://ap.lijit.com/pixel?redir=https%3A%2F%2Fe.serverbid.com%2Fudb%2F9969%2Fsync%2Fi.gif%3FpartnerId%3D24%26userId%3D%24UID HTTP 307
  • https://e.serverbid.com/udb/9969/sync/i.gif?partnerId=24&userId=ac980dfa20325f43a9edd625
Request Chain 482
  • https://pixel.advertising.com/ups/56621/occ HTTP 302
  • https://ups.analytics.yahoo.com/ups/56621/occ?apid=UP1aa28ddf-aa02-11ec-b5ae-065f72b997e2 HTTP 302
  • https://e.serverbid.com/udb/9969/sync/i.gif?partnerId=29&userId=UP1aa28ddf-aa02-11ec-b5ae-065f72b997e2
Request Chain 483
  • https://e.serverbid.com/udb/9969/match?redir=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dco%26nuid%3D HTTP 302
  • https://sync.go.sonobi.com/us.gif?nw=co&nuid=ue1-sb1-d02cc758-ed9a-41fe-afdc-553b2ab3763c
Request Chain 484
  • https://e.serverbid.com/udb/9969/match?redir=https%3A%2F%2Fi.liadm.com%2Fs%2F56939%3Fbidder_id%3D203802%26bidder_uuid%3D HTTP 302
  • https://i.liadm.com/s/56939?bidder_id=203802&bidder_uuid=ue1-sb1-d02cc758-ed9a-41fe-afdc-553b2ab3763c HTTP 303
  • https://i.liadm.com/s/56939?bidder_id=203802&bidder_uuid=ue1-sb1-d02cc758-ed9a-41fe-afdc-553b2ab3763c&_li_chk=true&previous_uuid=afac3f25786a4371914cefe83c2b36f6 HTTP 303
  • https://i6.liadm.com/s/56939?bidder_id=203802&bidder_uuid=ue1-sb1-d02cc758-ed9a-41fe-afdc-553b2ab3763c

485 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
i7rzaa85jI
t.co/ 		221 B
506 B 		Document
General
Check archive.org
Download Go to
Full URL
https://t.co/i7rzaa85jI
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.244.42.5 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_o /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=0
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

date
Tue, 22 Mar 2022 17:04:08 GMT
vary
Origin
server
tsa_o
expires
Tue, 22 Mar 2022 17:09:08 GMT
content-type
text/html; charset=utf-8
cache-control
private,max-age=300
content-length
174
content-encoding
gzip
x-xss-protection
0
strict-transport-security
max-age=0
x-response-time
118
x-connection-hash
252d7250d21680034bc456b813f2f392470c96aac7c399e147db89a6515de723
Primary Request /
threatpost.com/microsoft-exchange-exploited-cuba-ransomware/178665/
Redirect Chain
  • https://bit.ly/3sNgtfy
  • https://threatpost.com/microsoft-exchange-exploited-cuba-ransomware/178665/?es_id=3416c12156
92 KB
24 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://threatpost.com/microsoft-exchange-exploited-cuba-ransomware/178665/?es_id=3416c12156
Requested by
Host: t.co
URL: https://t.co/i7rzaa85jI
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx /
Resource Hash
313b821140699df9c1e7a43f1edbead2997932711913dbcb2eb72821b48888af
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://t.co/i7rzaa85jI

Response headers

Server
nginx
Date
Tue, 22 Mar 2022 17:04:09 GMT
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
Connection
close
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
X-XSS-Protection
1; mode=block
Link
<https://threatpost.com/wp-json/>; rel="https://api.w.org/" <https://threatpost.com/wp-json/wp/v2/posts/178665>; rel="alternate"; type="application/json" <https://threatpost.com/?p=178665>; rel=shortlink
X-Frame-Options
SAMEORIGIN
X-Debug-Auth
off
X-Request-Host
threatpost.com
x-cache-hit
HIT
Content-Encoding
gzip

Redirect headers

server
nginx
date
Tue, 22 Mar 2022 17:04:09 GMT
content-type
text/html; charset=utf-8
content-length
179
cache-control
private, max-age=90
content-security-policy
referrer always;
location
https://threatpost.com/microsoft-exchange-exploited-cuba-ransomware/178665/?es_id=3416c12156
referrer-policy
unsafe-url
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
museosans-900italic-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-900italic-webfont.woff2
Requested by
Host: threatpost.com
URL: https://threatpost.com/microsoft-exchange-exploited-cuba-ransomware/178665/?es_id=3416c12156
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx /
Resource Hash
8edaef698e025c37ba9e8d632a895d7252c62251df3f095d5cff17b6f3304854

Request headers

Referer
https://threatpost.com/microsoft-exchange-exploited-cuba-ransomware/178665/?es_id=3416c12156
Origin
https://threatpost.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date
Tue, 22 Mar 2022 17:04:10 GMT
Last-Modified
Fri, 18 Mar 2022 15:46:01 GMT
Server
nginx
ETag
"6234a939-3ca8"
Content-Type
font/woff2
Access-Control-Allow-Origin
*
Connection
close
Accept-Ranges
bytes
Content-Length
15528
museosans-900-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 		20 KB
21 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-900-webfont.woff2
Requested by
Host: threatpost.com
URL: https://threatpost.com/microsoft-exchange-exploited-cuba-ransomware/178665/?es_id=3416c12156
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx /
Resource Hash
4823c011e4b4cb4b7f35ced3ab09d57215ee243676d9bfcc24d10ec77d3db398

Request headers

Referer
https://threatpost.com/microsoft-exchange-exploited-cuba-ransomware/178665/?es_id=3416c12156
Origin
https://threatpost.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date
Tue, 22 Mar 2022 17:04:10 GMT
Last-Modified
Fri, 18 Mar 2022 15:46:00 GMT
Server
nginx
ETag
"6234a938-5124"
Content-Type
font/woff2
Access-Control-Allow-Origin
*
Connection
close
Accept-Ranges
bytes
Content-Length
20772
museosans-700italic-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 		15 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-700italic-webfont.woff2
Requested by
Host: threatpost.com
URL: https://threatpost.com/microsoft-exchange-exploited-cuba-ransomware/178665/?es_id=3416c12156
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx /
Resource Hash
859faa9b9ed0990288b2f393a102b1fe2668ac79088b113b6f0beaee521221eb

Request headers

Referer
https://threatpost.com/microsoft-exchange-exploited-cuba-ransomware/178665/?es_id=3416c12156
Origin
https://threatpost.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date
Tue, 22 Mar 2022 17:04:10 GMT
Last-Modified
Fri, 18 Mar 2022 15:46:01 GMT
Server
nginx
ETag
"6234a939-3dcc"
Content-Type
font/woff2
Access-Control-Allow-Origin
*
Connection
close
Accept-Ranges
bytes
Content-Length
15820
museosans-700-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 		20 KB
21 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-700-webfont.woff2
Requested by
Host: threatpost.com
URL: https://threatpost.com/microsoft-exchange-exploited-cuba-ransomware/178665/?es_id=3416c12156
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx /
Resource Hash
ae00ae9c862bc8b8923efd1d9a18befa912678a869d4dd01179a59ed3de731be

Request headers

Referer
https://threatpost.com/microsoft-exchange-exploited-cuba-ransomware/178665/?es_id=3416c12156
Origin
https://threatpost.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date
Tue, 22 Mar 2022 17:04:10 GMT
Last-Modified
Fri, 18 Mar 2022 15:46:01 GMT
Server
nginx
ETag
"6234a939-51a4"
Content-Type
font/woff2
Access-Control-Allow-Origin
*
Connection
close
Accept-Ranges
bytes
Content-Length
20900
museosans-500italic-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 		23 KB
23 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-500italic-webfont.woff2
Requested by
Host: threatpost.com
URL: https://threatpost.com/microsoft-exchange-exploited-cuba-ransomware/178665/?es_id=3416c12156
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx /
Resource Hash
17aee1fe3d7d16e647b97f568230c2ff36c1855ce35ce930c26aec5d2c58eaf4

Request headers

Referer
https://threatpost.com/microsoft-exchange-exploited-cuba-ransomware/178665/?es_id=3416c12156
Origin
https://threatpost.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date
Tue, 22 Mar 2022 17:04:10 GMT
Last-Modified
Fri, 18 Mar 2022 15:46:01 GMT
Server
nginx
ETag
"6234a939-5c74"
Content-Type
font/woff2
Access-Control-Allow-Origin
*
Connection
close
Accept-Ranges
bytes
Content-Length
23668
museosans-500-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 		20 KB
21 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-500-webfont.woff2
Requested by
Host: threatpost.com
URL: https://threatpost.com/microsoft-exchange-exploited-cuba-ransomware/178665/?es_id=3416c12156
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx /
Resource Hash
2de77164bb9924542e1dea4ee4a0ff27d40b51a3d7939dac7db11a95045c9b7d

Request headers

Referer
https://threatpost.com/microsoft-exchange-exploited-cuba-ransomware/178665/?es_id=3416c12156
Origin
https://threatpost.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date
Tue, 22 Mar 2022 17:04:10 GMT
Last-Modified
Fri, 18 Mar 2022 15:46:01 GMT
Server
nginx
ETag
"6234a939-5194"
Content-Type
font/woff2
Access-Control-Allow-Origin
*
Connection
close
Accept-Ranges
bytes
Content-Length
20884
museosans-300italic-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 		23 KB
23 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-300italic-webfont.woff2
Requested by
Host: threatpost.com
URL: https://threatpost.com/microsoft-exchange-exploited-cuba-ransomware/178665/?es_id=3416c12156
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx /
Resource Hash
f8a2b5b62eb722c3379b30cf0cc58d3176ee6be48036d6ad2aa838d2029c4189

Request headers

Referer
https://threatpost.com/microsoft-exchange-exploited-cuba-ransomware/178665/?es_id=3416c12156
Origin
https://threatpost.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date
Tue, 22 Mar 2022 17:04:10 GMT
Last-Modified
Fri, 18 Mar 2022 15:46:01 GMT
Server
nginx
ETag
"6234a939-5bac"
Content-Type
font/woff2
Access-Control-Allow-Origin
*
Connection
close
Accept-Ranges
bytes
Content-Length
23468
museosans-300-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 		20 KB
21 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-300-webfont.woff2
Requested by
Host: threatpost.com
URL: https://threatpost.com/microsoft-exchange-exploited-cuba-ransomware/178665/?es_id=3416c12156
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx /
Resource Hash
45ddc09b0ad6ab916bd9a0282070b161045e186fc025303f4aa1aa821fc45ac7

Request headers

Referer
https://threatpost.com/microsoft-exchange-exploited-cuba-ransomware/178665/?es_id=3416c12156
Origin
https://threatpost.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date
Tue, 22 Mar 2022 17:04:10 GMT
Last-Modified
Fri, 18 Mar 2022 15:46:01 GMT
Server
nginx
ETag
"6234a939-51b8"
Content-Type
font/woff2
Access-Control-Allow-Origin
*
Connection
close
Accept-Ranges
bytes
Content-Length
20920
museosans-100italic-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 		23 KB
23 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-100italic-webfont.woff2
Requested by
Host: threatpost.com
URL: https://threatpost.com/microsoft-exchange-exploited-cuba-ransomware/178665/?es_id=3416c12156
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx /
Resource Hash
038fc4d49a9191d416d49841f371b6e0b06bb40f719124099d40fe8f393b9e2c

Request headers

Referer
https://threatpost.com/microsoft-exchange-exploited-cuba-ransomware/178665/?es_id=3416c12156
Origin
https://threatpost.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date
Tue, 22 Mar 2022 17:04:10 GMT
Last-Modified
Fri, 18 Mar 2022 15:46:01 GMT
Server
nginx
ETag
"6234a939-5b34"
Content-Type
font/woff2
Access-Control-Allow-Origin
*
Connection
close
Accept-Ranges
bytes
Content-Length
23348
museosans-100-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 		20 KB
20 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-100-webfont.woff2
Requested by
Host: threatpost.com
URL: https://threatpost.com/microsoft-exchange-exploited-cuba-ransomware/178665/?es_id=3416c12156
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx /
Resource Hash
06fc565587b8b700936a1677218cb269a6cc31ca5f701eb45461e86a3d54d5c7

Request headers

Referer
https://threatpost.com/microsoft-exchange-exploited-cuba-ransomware/178665/?es_id=3416c12156
Origin
https://threatpost.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date
Tue, 22 Mar 2022 17:04:10 GMT
Last-Modified
Fri, 18 Mar 2022 15:46:00 GMT
Server
nginx
ETag
"6234a938-50c8"
Content-Type
font/woff2
Access-Control-Allow-Origin
*
Connection
close
Accept-Ranges
bytes
Content-Length
20680
op.js
tagan.adlightning.com/math-aids-threatpost/ 		45 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tagan.adlightning.com/math-aids-threatpost/op.js
Requested by
Host: threatpost.com
URL: https://threatpost.com/microsoft-exchange-exploited-cuba-ransomware/178665/?es_id=3416c12156
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.139.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-139-84.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
cc8bbf5ef793ba607a310a98f1b71958b6165a428013e71fcb25cdaba074847a

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-amz-version-id
vvEEFMWRXCQCRTOCAbz9Lh7NvM4iAr3f
content-encoding
gzip
etag
"82d46a47a71ba55c427ff0f6e98e2eb0"
age
1296
x-cache
Hit from cloudfront
content-length
18685
x-amz-meta-git_commit
7b120a5
last-modified
Tue, 22 Mar 2022 13:34:35 GMT
server
AmazonS3
date
Tue, 22 Mar 2022 16:42:35 GMT
content-type
application/javascript
via
1.1 a5a8e743f28968822c126102a78bb7c6.cloudfront.net (CloudFront)
cache-control
max-age=3600
x-amz-cf-pop
FRA60-P4
accept-ranges
bytes
x-amz-cf-id
AVsBzmmCI7_I02vSEGa4wt1wOMKDPrm6EvtJHkkXTsWIRb8haYjCbA==
gpt.js
www.googletagservices.com/tag/js/ 		82 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/tag/js/gpt.js
Requested by
Host: threatpost.com
URL: https://threatpost.com/microsoft-exchange-exploited-cuba-ransomware/178665/?es_id=3416c12156
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ed54c622898162bdb56dfb1bf5471c977b401a911a270ce95fd26299e33a6593
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 17:04:11 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
27962
x-xss-protection
0
server
sffe
etag
"1165 / 154 of 1000 / last-modified: 1647965886"
vary
Accept-Encoding
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type
text/javascript
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
expires
Tue, 22 Mar 2022 17:04:11 GMT
ros-layout.js
qd.admetricspro.com/js/threatpost/ 		26 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://qd.admetricspro.com/js/threatpost/ros-layout.js
Requested by
Host: threatpost.com
URL: https://threatpost.com/microsoft-exchange-exploited-cuba-ransomware/178665/?es_id=3416c12156
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3031::6815:456d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2a647d79b31b4b19f30c795aac862bcf5b424731c732e239775127b8ac4aae0a

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 17:04:09 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
564
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Wed, 09 Mar 2022 04:05:55 GMT
server
cloudflare
etag
W/"67e2-5d9c136d2119a-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0NMAPPaDO%2BH423dvrxmqvdu7XZh98Zap4ohL8oRQCL7aULqP7MEmgC3a0gP8RmUjT64s29j4elSavebHRlhEw0K2pb4TUQ22MAGU0rj%2BN3M3zKO%2FcC%2BCvQc93yqf8AGKFhAVgMLSWdZnNmxGNh4IROhU"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=14400
cf-ray
6f00813d493f8fd0-FRA
expires
Tue, 22 Mar 2022 16:57:15 GMT
cmp.js
qd.admetricspro.com/js/threatpost/ 		310 KB
90 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://qd.admetricspro.com/js/threatpost/cmp.js
Requested by
Host: threatpost.com
URL: https://threatpost.com/microsoft-exchange-exploited-cuba-ransomware/178665/?es_id=3416c12156
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3031::6815:456d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
519815bc4a3dd9a571cb56f57c7c6abfbda2b4e2de8c4b884a7535a1705438f2

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 17:04:10 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
563
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Tue, 01 Jun 2021 14:47:10 GMT
server
cloudflare
etag
W/"4d957-5c3b56abf6028-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Sgl%2BomLUQEi35GoEG0xwtu1CixUvzMztKusEtTo3yI0qlgV8JvsZEdOyRTi%2BkiLS7Nyylgg3Cx2sOkldXERkr2HilpUW67lH30iH0jiOLN5fnnxfw1Uq%2FNPWlv22MJsqEe%2FybjlsfV7l7YWbEmPhuwoE"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=14400
cf-ray
6f0081444d068fd0-FRA
expires
Tue, 22 Mar 2022 16:57:34 GMT
uspcmp.js
qd.admetricspro.com/js/threatpost/ 		148 KB
58 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://qd.admetricspro.com/js/threatpost/uspcmp.js
Requested by
Host: threatpost.com
URL: https://threatpost.com/microsoft-exchange-exploited-cuba-ransomware/178665/?es_id=3416c12156
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3031::6815:456d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1ae61ed61290f9bf2619f52667aafa622c805072c75765025f0b61a23862005f

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 17:04:10 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
563
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Sat, 08 Aug 2020 22:40:07 GMT
server
cloudflare
etag
W/"24e50-5ac65673cef1c-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rErZ8NiIvmnaps%2B12Tb%2FLuwbY956fSKcHaIOuu7UkM2uUcYetJeXbSO%2FVyoq2h7QyrUm96L6Drj5ZJvAPG4vUF2p2H03k0U2MEuqk3QDoW0dB7vGICtNOd4ONDcMTLauR2OGbBeOHxxvqhPNhEMrA%2FuH"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=14400
cf-ray
6f0081444d078fd0-FRA
expires
Tue, 22 Mar 2022 16:57:34 GMT
targeting.js
qd.admetricspro.com/js/threatpost/ 		393 B
551 B 		Script
General
Check archive.org
Download Go to
Full URL
https://qd.admetricspro.com/js/threatpost/targeting.js
Requested by
Host: threatpost.com
URL: https://threatpost.com/microsoft-exchange-exploited-cuba-ransomware/178665/?es_id=3416c12156
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3031::6815:456d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
03cc687f0c8a2d1694e509b91fcd6c62c0fbdbdbdb850b8007b8052f649c7f77

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 17:04:10 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
563
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Wed, 04 Aug 2021 21:50:12 GMT
server
cloudflare
etag
W/"189-5c8c2c96f96c7-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QPqVzNCDyBJGrImmVpq1tPoMyZbTAM9wMbXh512WzvGQfIpDyosz3ycO5f5%2FAeviwninuvUt3YiDwLuiMXtUWcXQYaviKacX6QtGRod7JQTr8fKsdE%2BQRQ6Ge8FapLvFjJ7HC4rrn5QSdizPauXsTloc"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=14400
cf-ray
6f0081444d098fd0-FRA
expires
Tue, 22 Mar 2022 16:58:16 GMT
prebid.js
qd.admetricspro.com/js/threatpost/ 		430 KB
124 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://qd.admetricspro.com/js/threatpost/prebid.js
Requested by
Host: threatpost.com
URL: https://threatpost.com/microsoft-exchange-exploited-cuba-ransomware/178665/?es_id=3416c12156
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3031::6815:456d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c8c03fd4dea0f2c83fa05b10dfd913bfcff51d05e0c6e84b7f340b857fdda517

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 17:04:10 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
563
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Thu, 14 Oct 2021 15:35:01 GMT
server
cloudflare
etag
W/"6b738-5ce51d26ef74c-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fAYSuNtvco0g577Xqt0nGcNlQVo%2BSMYxBt%2F3oTQ7IKYVmYmoMbdyxoSNsfe17W9zCvkCUrTsrGJfeTMBBzpT9H28cgx4ROqSYtJSCRPo9qeiqvjg9DVrXTDg4TArrF6670w8vKmU2rB9qUK%2Fh1F1ovwh"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=14400
cf-ray
6f0081444d0b8fd0-FRA
expires
Tue, 22 Mar 2022 16:57:34 GMT
engine.js
qd.admetricspro.com/js/threatpost/ 		35 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://qd.admetricspro.com/js/threatpost/engine.js
Requested by
Host: threatpost.com
URL: https://threatpost.com/microsoft-exchange-exploited-cuba-ransomware/178665/?es_id=3416c12156
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3031::6815:456d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6e6377776a1104aed9b11142115b22dcaad3cf78ae76d255e454b04b7189af32

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 17:04:09 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
564
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Mon, 24 Jan 2022 02:31:38 GMT
server
cloudflare
etag
W/"8cae-5d64ac49b9c1c-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kx8mJLvw3dw9xHfn8YNjT0I2d9gtPAE4ltODa1MktrC5b8YmWPHDcRktgXCvXANMU7X8ou73IXLW4v1ahU6Uzf7LI41yfqiV2%2FisE%2BW8Zf99rK5aQkDw%2FU%2BCLvzma6DZ8Lv%2FZDKTzSagY0xaBdefW2vW"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=14400
cf-ray
6f00813d49418fd0-FRA
expires
Tue, 22 Mar 2022 16:57:22 GMT
/
assets.threatpost.com/wp-content/plugins/bwp-minify/min/ 		294 KB
42 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=816b5101
Requested by
Host: threatpost.com
URL: https://threatpost.com/microsoft-exchange-exploited-cuba-ransomware/178665/?es_id=3416c12156
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2250:f600:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
62cbf085d014439b719c84c3d2f3222fde66e299c2da1b41dfc4dbb315db0456
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 17:04:10 GMT
content-encoding
gzip
x-amz-cf-pop
FRA60-P2
x-cache
Miss from cloudfront
content-length
42696
x-cache-hit
HIT
last-modified
Fri, 18 Mar 2022 15:46:01 GMT
server
nginx
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
text/css; charset=utf-8
via
1.1 1b3f5dc0b3c577dc5e7394bf12aed238.cloudfront.net (CloudFront)
cache-control
max-age=86400
x-debug-auth
off
x-request-host
assets.threatpost.com
x-amz-cf-id
ENByHriW3d9xrTBuOb4Y6QfYHQPrQEQWf4KPw7iwr6KSxyrycakHzg==
expires
Wed, 23 Mar 2022 16:42:34 GMT
jquery-1.12.4-wp.js
threatpost.com/wp-content/plugins/kaspersky-enable-jquery-migrate-helper/js/jquery/ 		95 KB
37 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://threatpost.com/wp-content/plugins/kaspersky-enable-jquery-migrate-helper/js/jquery/jquery-1.12.4-wp.js?ver=1.12.4-wp
Requested by
Host: threatpost.com
URL: https://threatpost.com/microsoft-exchange-exploited-cuba-ransomware/178665/?es_id=3416c12156
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx /
Resource Hash
3bb2621a4c0c710f6e78404473aebff8e115a28f8d53f44339b867c63ad93b26

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/microsoft-exchange-exploited-cuba-ransomware/178665/?es_id=3416c12156
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma
public
Date
Tue, 22 Mar 2022 17:04:10 GMT
Content-Encoding
gzip
Last-Modified
Fri, 18 Mar 2022 15:46:01 GMT
Server
nginx
ETag
W/"6234a939-17a56"
Transfer-Encoding
chunked
Content-Type
application/x-javascript
Cache-Control
max-age=604800, public
Connection
close
Expires
Tue, 29 Mar 2022 17:04:10 GMT
alert_text.js
threatpost.com/wp-content/plugins/kaspersky-cookies-notification/scripts/ 		107 B
461 B 		Script
General
Check archive.org
Download Go to
Full URL
https://threatpost.com/wp-content/plugins/kaspersky-cookies-notification/scripts/alert_text.js?ver=1647618361
Requested by
Host: threatpost.com
URL: https://threatpost.com/microsoft-exchange-exploited-cuba-ransomware/178665/?es_id=3416c12156
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx /
Resource Hash
68cdaaeccd079ab33df06d3e5fb47594a4458a6491d48a8ae2f394defb419eb5

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/microsoft-exchange-exploited-cuba-ransomware/178665/?es_id=3416c12156
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma
public
Date
Tue, 22 Mar 2022 17:04:10 GMT
Content-Encoding
gzip
Last-Modified
Fri, 18 Mar 2022 15:46:01 GMT
Server
nginx
ETag
W/"6234a939-6b"
Transfer-Encoding
chunked
Content-Type
application/x-javascript
Cache-Control
max-age=604800, public
Connection
close
Expires
Tue, 29 Mar 2022 17:04:10 GMT
alert.js
threatpost.com/wp-content/plugins/kaspersky-cookies-notification/scripts/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://threatpost.com/wp-content/plugins/kaspersky-cookies-notification/scripts/alert.js?ver=1647618361
Requested by
Host: threatpost.com
URL: https://threatpost.com/microsoft-exchange-exploited-cuba-ransomware/178665/?es_id=3416c12156
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx /
Resource Hash
500288356853c7199a27a6a2cdcd14b217d18dd9c8103272d8e6def6acbe2580

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/microsoft-exchange-exploited-cuba-ransomware/178665/?es_id=3416c12156
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma
public
Date
Tue, 22 Mar 2022 17:04:10 GMT
Content-Encoding
gzip
Last-Modified
Fri, 18 Mar 2022 15:46:01 GMT
Server
nginx
ETag
W/"6234a939-104a"
Transfer-Encoding
chunked
Content-Type
application/x-javascript
Cache-Control
max-age=604800, public
Connection
close
Expires
Tue, 29 Mar 2022 17:04:10 GMT
public.js
threatpost.com/wp-content/plugins/honeypot-comments/public/assets/js/ 		116 B
495 B 		Script
General
Check archive.org
Download Go to
Full URL
https://threatpost.com/wp-content/plugins/honeypot-comments/public/assets/js/public.js?ver=1.0.0
Requested by
Host: threatpost.com
URL: https://threatpost.com/microsoft-exchange-exploited-cuba-ransomware/178665/?es_id=3416c12156
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx /
Resource Hash
931dc539e87db7f509be9c77dfcc9b2baee0b91e5236aa04580ab14ed81e2cc0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/microsoft-exchange-exploited-cuba-ransomware/178665/?es_id=3416c12156
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma
public
Date
Tue, 22 Mar 2022 17:04:10 GMT
Content-Encoding
gzip
Last-Modified
Wed, 11 Jun 2014 19:20:42 GMT
Server
nginx
ETag
W/"5398ac0a-74"
Transfer-Encoding
chunked
Content-Type
application/x-javascript
Cache-Control
max-age=604800, public
Connection
close
Expires
Tue, 29 Mar 2022 17:04:10 GMT
kaspersky-twitter-pullquote.js
threatpost.com/wp-content/plugins/kspr_twitter_pullquote/js/ 		599 B
713 B 		Script
General
Check archive.org
Download Go to
Full URL
https://threatpost.com/wp-content/plugins/kspr_twitter_pullquote/js/kaspersky-twitter-pullquote.js?ver=1.0
Requested by
Host: threatpost.com
URL: https://threatpost.com/microsoft-exchange-exploited-cuba-ransomware/178665/?es_id=3416c12156
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx /
Resource Hash
1791bf831c158912a11ca40bcf5f3573fc54ec8f8343c37780dab679c0203d63

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/microsoft-exchange-exploited-cuba-ransomware/178665/?es_id=3416c12156
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma
public
Date
Tue, 22 Mar 2022 17:04:10 GMT
Content-Encoding
gzip
Last-Modified
Fri, 18 Mar 2022 15:45:59 GMT
Server
nginx
ETag
W/"6234a937-257"
Transfer-Encoding
chunked
Content-Type
application/x-javascript
Cache-Control
max-age=604800, public
Connection
close
Expires
Tue, 29 Mar 2022 17:04:10 GMT
loadmore.js
threatpost.com/wp-content/themes/threatpost-2018/assets/js/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://threatpost.com/wp-content/themes/threatpost-2018/assets/js/loadmore.js?ver=5.9.2
Requested by
Host: threatpost.com
URL: https://threatpost.com/microsoft-exchange-exploited-cuba-ransomware/178665/?es_id=3416c12156
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx /
Resource Hash
e0f1df7af81fd8eb920863093c426fdafd241b8d9aeb6126fb2fd24f36c061b3

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/microsoft-exchange-exploited-cuba-ransomware/178665/?es_id=3416c12156
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma
public
Date
Tue, 22 Mar 2022 17:04:10 GMT
Content-Encoding
gzip
Last-Modified
Fri, 18 Mar 2022 15:46:00 GMT
Server
nginx
ETag
W/"6234a938-11e7"
Transfer-Encoding
chunked
Content-Type
application/x-javascript
Cache-Control
max-age=604800, public
Connection
close
Expires
Tue, 29 Mar 2022 17:04:10 GMT
social-share.js
threatpost.com/wp-content/plugins/kaspersky-social-sharing/assets/js/ 		18 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://threatpost.com/wp-content/plugins/kaspersky-social-sharing/assets/js/social-share.js?ver=1.0.0
Requested by
Host: threatpost.com
URL: https://threatpost.com/microsoft-exchange-exploited-cuba-ransomware/178665/?es_id=3416c12156
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx /
Resource Hash
546be401414bcb20cdea07cdbcd806409b9629e4895737e214401948c40409f3

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/microsoft-exchange-exploited-cuba-ransomware/178665/?es_id=3416c12156
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma
public
Date
Tue, 22 Mar 2022 17:04:10 GMT
Content-Encoding
gzip
Last-Modified
Fri, 18 Mar 2022 15:46:00 GMT
Server
nginx
ETag
W/"6234a938-484d"
Transfer-Encoding
chunked
Content-Type
application/x-javascript
Cache-Control
max-age=604800, public
Connection
close
Expires
Tue, 29 Mar 2022 17:04:10 GMT
Castro-Cuba-cigar-scaled-e1645815753923.jpeg
media.threatpost.com/wp-content/uploads/sites/103/2022/02/25140208/ 		55 KB
56 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://media.threatpost.com/wp-content/uploads/sites/103/2022/02/25140208/Castro-Cuba-cigar-scaled-e1645815753923.jpeg
Requested by
Host: threatpost.com
URL: https://threatpost.com/microsoft-exchange-exploited-cuba-ransomware/178665/?es_id=3416c12156
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2490:9000:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
b2ca143af260276f80f6c9664e21857c44f745b6d06a62fd035d3e61729f6064

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 19:47:39 GMT
via
1.1 666eddda46892ed48d8d771b6142ac24.cloudfront.net (CloudFront), 1.1 dc85053069397a282d87170bb1bcab4a.cloudfront.net (CloudFront)
last-modified
Fri, 25 Feb 2022 19:02:34 GMT
server
AmazonS3
age
2150193
etag
"3a367d0fdc04c81cc18b9f69b078cba1"
x-cache
Hit from cloudfront
content-type
image/jpeg
cache-control
max-age=31536000
x-amz-cf-pop
FRA56-P2, FRA56-P6
accept-ranges
bytes
content-length
56661
x-amz-cf-id
k9SPEVS0DgKdWux0JrQQuM3RmcLNvB5gKSDK386vvt3KanjlQSEefw==
expires
Sat, 25 Feb 2023 19:02:33 GMT
infosec_insiders_in_article_promo.png
media.threatpost.com/wp-content/uploads/sites/103/2021/07/10165815/ 		20 KB
20 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://media.threatpost.com/wp-content/uploads/sites/103/2021/07/10165815/infosec_insiders_in_article_promo.png
Requested by
Host: threatpost.com
URL: https://threatpost.com/microsoft-exchange-exploited-cuba-ransomware/178665/?es_id=3416c12156
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2490:9000:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
bbe4e4e4e847a32bd717d963f0ac04b619a7a9cdd631a7454d9dfec16fbae73f

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Sun, 06 Feb 2022 01:13:48 GMT
via
1.1 6b4954a8411e7b2a232537f8000c5c9c.cloudfront.net (CloudFront), 1.1 dc85053069397a282d87170bb1bcab4a.cloudfront.net (CloudFront)
last-modified
Tue, 10 Aug 2021 20:58:17 GMT
server
AmazonS3
age
3858624
etag
"101ba02c43488b8b07cf42f9aa850f6a"
x-cache
Hit from cloudfront
content-type
image/png
cache-control
max-age=31536000
x-amz-cf-pop
FRA50-C1, FRA56-P6
accept-ranges
bytes
content-length
20484
x-amz-cf-id
AMmMtkLUDjL7r1ylK6vj0I4DMDNHPJGjTksF2xahicviRBjQGyEiwQ==
expires
Wed, 10 Aug 2022 20:58:15 GMT
api.js
www.google.com/recaptcha/ 		852 B
576 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api.js?hl=en&render=explicit
Requested by
Host: threatpost.com
URL: https://threatpost.com/microsoft-exchange-exploited-cuba-ransomware/178665/?es_id=3416c12156
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
0256c89fb00aecc8c1bab11c37e26c4d0d3a1b421b19f1301f439bc262f65687
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 17:04:11 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
GSE
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=300
cross-origin-resource-policy
cross-origin
content-security-policy
frame-ancestors 'self'
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
555
x-xss-protection
1; mode=block
expires
Tue, 22 Mar 2022 17:04:11 GMT
scripts.js
kasperskycontenthub.com/threatpost-global/wp-content/plugins/kaspersky-embeds/js/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://kasperskycontenthub.com/threatpost-global/wp-content/plugins/kaspersky-embeds/js/scripts.js?ver=1.0
Requested by
Host: threatpost.com
URL: https://threatpost.com/microsoft-exchange-exploited-cuba-ransomware/178665/?es_id=3416c12156
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx /
Resource Hash
b1f863d13dbad7d5240f577a73b47b06227d218909259042da95301e2eb8be55

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma
public
Date
Tue, 22 Mar 2022 17:04:11 GMT
Content-Encoding
gzip
Last-Modified
Fri, 18 Mar 2022 15:46:01 GMT
Server
nginx
ETag
W/"6234a939-828"
Transfer-Encoding
chunked
Content-Type
application/x-javascript
Cache-Control
max-age=604800, public
Connection
close
Expires
Tue, 29 Mar 2022 17:04:11 GMT
api.js
www.google.com/recaptcha/ 		852 B
968 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api.js?render=explicit&ver=202124050927
Requested by
Host: threatpost.com
URL: https://threatpost.com/microsoft-exchange-exploited-cuba-ransomware/178665/?es_id=3416c12156
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
c9d6a2a58b9c7f4ee284526ef182398d1686c5de84286fd58ae111b172d4d456
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 17:04:10 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
GSE
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=300
cross-origin-resource-policy
cross-origin
content-security-policy
frame-ancestors 'self'
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
555
x-xss-protection
1; mode=block
expires
Tue, 22 Mar 2022 17:04:10 GMT
main.js
threatpost.com/wp-content/plugins/kaspersky-gravity-forms-dynamic-recaptcha/assets/js/ 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://threatpost.com/wp-content/plugins/kaspersky-gravity-forms-dynamic-recaptcha/assets/js/main.js?ver=202124050927
Requested by
Host: threatpost.com
URL: https://threatpost.com/microsoft-exchange-exploited-cuba-ransomware/178665/?es_id=3416c12156
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx /
Resource Hash
4d52f37b83f70c5035632548c652508d793eec55e17f2ac19552f4fa19d323be

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/microsoft-exchange-exploited-cuba-ransomware/178665/?es_id=3416c12156
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma
public
Date
Tue, 22 Mar 2022 17:04:11 GMT
Content-Encoding
gzip
Last-Modified
Fri, 18 Mar 2022 15:46:01 GMT
Server
nginx
ETag
W/"6234a939-ab4"
Transfer-Encoding
chunked
Content-Type
application/x-javascript
Cache-Control
max-age=604800, public
Connection
close
Expires
Tue, 29 Mar 2022 17:04:11 GMT
s_code_single_suite.js
media.kaspersky.com/tracking/omniture/ 		172 KB
48 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://media.kaspersky.com/tracking/omniture/s_code_single_suite.js?ver=5.9.2
Requested by
Host: threatpost.com
URL: https://threatpost.com/microsoft-exchange-exploited-cuba-ransomware/178665/?es_id=3416c12156
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
185.85.15.31 , Germany, ASN200107 (KL-EXT, CH),
Reverse DNS
Software
/ Kaspersky Labs, Kaspersky Labs
Resource Hash
dba466c43a288cc89aa2166d63cd97219a544b6fadb70508323701819052dbb3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
etag
"019696dc39d81:0"
x-powered-by
Kaspersky Labs, Kaspersky Labs
content-length
49223
x-xss-protection
1; mode=block
last-modified
Thu, 17 Mar 2022 08:54:18 GMT
server
x-frame-options
SAMEORIGIN
date
Tue, 22 Mar 2022 17:04:10 GMT
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=3600
x-server
fr2/KLM8
accept-ranges
bytes
x-content-type-options
nosniff
main.js
threatpost.com/wp-content/themes/threatpost-2018/assets/js/ 		114 KB
40 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://threatpost.com/wp-content/themes/threatpost-2018/assets/js/main.js?ver=202107061113
Requested by
Host: threatpost.com
URL: https://threatpost.com/microsoft-exchange-exploited-cuba-ransomware/178665/?es_id=3416c12156
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx /
Resource Hash
4e0b5563ff1fc5175d65e11e1546bee1945486d65d76c9248bdd77487532dadf

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/microsoft-exchange-exploited-cuba-ransomware/178665/?es_id=3416c12156
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma
public
Date
Tue, 22 Mar 2022 17:04:11 GMT
Content-Encoding
gzip
Last-Modified
Fri, 18 Mar 2022 15:46:01 GMT
Server
nginx
ETag
W/"6234a939-1c643"
Transfer-Encoding
chunked
Content-Type
application/x-javascript
Cache-Control
max-age=604800, public
Connection
close
Expires
Tue, 29 Mar 2022 17:04:11 GMT
regenerator-runtime.min.js
threatpost.com/wp-includes/js/dist/vendor/ 		6 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://threatpost.com/wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.13.9
Requested by
Host: threatpost.com
URL: https://threatpost.com/microsoft-exchange-exploited-cuba-ransomware/178665/?es_id=3416c12156
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx /
Resource Hash
a3e64300797e8078baa41dbc49e2affc1d2bedd04a470f0c929ed7fac698fbcd

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/microsoft-exchange-exploited-cuba-ransomware/178665/?es_id=3416c12156
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma
public
Date
Tue, 22 Mar 2022 17:04:11 GMT
Content-Encoding
gzip
Last-Modified
Fri, 11 Mar 2022 00:51:39 GMT
Server
nginx
ETag
W/"622a9d1b-195e"
Transfer-Encoding
chunked
Content-Type
application/x-javascript
Cache-Control
max-age=604800, public
Connection
close
Expires
Tue, 29 Mar 2022 17:04:11 GMT
wp-polyfill.min.js
threatpost.com/wp-includes/js/dist/vendor/ 		19 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://threatpost.com/wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=3.15.0
Requested by
Host: threatpost.com
URL: https://threatpost.com/microsoft-exchange-exploited-cuba-ransomware/178665/?es_id=3416c12156
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx /
Resource Hash
e20ddb9ed1fa044cb624f0253bb06b13c92ed9915063bd63a5806440c6b1ce7c

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/microsoft-exchange-exploited-cuba-ransomware/178665/?es_id=3416c12156
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma
public
Date
Tue, 22 Mar 2022 17:04:11 GMT
Content-Encoding
gzip
Last-Modified
Fri, 11 Mar 2022 00:51:39 GMT
Server
nginx
ETag
W/"622a9d1b-4b3d"
Transfer-Encoding
chunked
Content-Type
application/x-javascript
Cache-Control
max-age=604800, public
Connection
close
Expires
Tue, 29 Mar 2022 17:04:11 GMT
dom-ready.min.js
threatpost.com/wp-includes/js/dist/ 		1 KB
989 B 		Script
General
Check archive.org
Download Go to
Full URL
https://threatpost.com/wp-includes/js/dist/dom-ready.min.js?ver=ecda74de0221e1c2ce5c57cbb5af09d5
Requested by
Host: threatpost.com
URL: https://threatpost.com/microsoft-exchange-exploited-cuba-ransomware/178665/?es_id=3416c12156
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx /
Resource Hash
e127aead57cd6625f795f8c41d8b7c463c2c50158e3a3dc398424db2b16bd5db

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/microsoft-exchange-exploited-cuba-ransomware/178665/?es_id=3416c12156
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma
public
Date
Tue, 22 Mar 2022 17:04:11 GMT
Content-Encoding
gzip
Last-Modified
Fri, 11 Mar 2022 00:51:39 GMT
Server
nginx
ETag
W/"622a9d1b-4e9"
Transfer-Encoding
chunked
Content-Type
application/x-javascript
Cache-Control
max-age=604800, public
Connection
close
Expires
Tue, 29 Mar 2022 17:04:11 GMT
hooks.min.js
threatpost.com/wp-includes/js/dist/ 		6 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://threatpost.com/wp-includes/js/dist/hooks.min.js?ver=1e58c8c5a32b2e97491080c5b10dc71c
Requested by
Host: threatpost.com
URL: https://threatpost.com/microsoft-exchange-exploited-cuba-ransomware/178665/?es_id=3416c12156
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx /
Resource Hash
e5935466216a250bb06338805b32ffb19eeda9042ead790ebc6e5dda27820adb

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/microsoft-exchange-exploited-cuba-ransomware/178665/?es_id=3416c12156
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma
public
Date
Tue, 22 Mar 2022 17:04:11 GMT
Content-Encoding
gzip
Last-Modified
Fri, 11 Mar 2022 00:51:39 GMT
Server
nginx
ETag
W/"622a9d1b-163a"
Transfer-Encoding
chunked
Content-Type
application/x-javascript
Cache-Control
max-age=604800, public
Connection
close
Expires
Tue, 29 Mar 2022 17:04:11 GMT
i18n.min.js
threatpost.com/wp-includes/js/dist/ 		10 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://threatpost.com/wp-includes/js/dist/i18n.min.js?ver=30fcecb428a0e8383d3776bcdd3a7834
Requested by
Host: threatpost.com
URL: https://threatpost.com/microsoft-exchange-exploited-cuba-ransomware/178665/?es_id=3416c12156
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx /
Resource Hash
22c90613db09ef65c964b143e6adbe584b42eae85c9b7a75fa27c22b25cccb90

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/microsoft-exchange-exploited-cuba-ransomware/178665/?es_id=3416c12156
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma
public
Date
Tue, 22 Mar 2022 17:04:11 GMT
Content-Encoding
gzip
Last-Modified
Fri, 11 Mar 2022 00:51:39 GMT
Server
nginx
ETag
W/"622a9d1b-28a7"
Transfer-Encoding
chunked
Content-Type
application/x-javascript
Cache-Control
max-age=604800, public
Connection
close
Expires
Tue, 29 Mar 2022 17:04:11 GMT
a11y.min.js
threatpost.com/wp-includes/js/dist/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://threatpost.com/wp-includes/js/dist/a11y.min.js?ver=68e470cf840f69530e9db3be229ad4b6
Requested by
Host: threatpost.com
URL: https://threatpost.com/microsoft-exchange-exploited-cuba-ransomware/178665/?es_id=3416c12156
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx /
Resource Hash
927e16d837ac9f46ddb4a64c8fea1cbe39343902c91b14e11b484e9b01f98cdd

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/microsoft-exchange-exploited-cuba-ransomware/178665/?es_id=3416c12156
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma
public
Date
Tue, 22 Mar 2022 17:04:11 GMT
Content-Encoding
gzip
Last-Modified
Fri, 11 Mar 2022 00:51:39 GMT
Server
nginx
ETag
W/"622a9d1b-bfd"
Transfer-Encoding
chunked
Content-Type
application/x-javascript
Cache-Control
max-age=604800, public
Connection
close
Expires
Tue, 29 Mar 2022 17:04:11 GMT
jquery.json.min.js
threatpost.com/wp-content/plugins/gravityforms/js/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://threatpost.com/wp-content/plugins/gravityforms/js/jquery.json.min.js?ver=2.5.16.3
Requested by
Host: threatpost.com
URL: https://threatpost.com/microsoft-exchange-exploited-cuba-ransomware/178665/?es_id=3416c12156
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx /
Resource Hash
693c8b61667ac94847264924178702a190c5113b41b82085dad0641f89e3f864

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/microsoft-exchange-exploited-cuba-ransomware/178665/?es_id=3416c12156
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma
public
Date
Tue, 22 Mar 2022 17:04:11 GMT
Content-Encoding
gzip
Last-Modified
Fri, 18 Mar 2022 15:46:01 GMT
Server
nginx
ETag
W/"6234a939-730"
Transfer-Encoding
chunked
Content-Type
application/x-javascript
Cache-Control
max-age=604800, public
Connection
close
Expires
Tue, 29 Mar 2022 17:04:11 GMT
gravityforms.min.js
threatpost.com/wp-content/plugins/gravityforms/js/ 		43 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://threatpost.com/wp-content/plugins/gravityforms/js/gravityforms.min.js?ver=2.5.16.3
Requested by
Host: threatpost.com
URL: https://threatpost.com/microsoft-exchange-exploited-cuba-ransomware/178665/?es_id=3416c12156
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx /
Resource Hash
69f0ade8cca67112ef495f707fb73c68fd5099a6cd9c51d9ba9ceda8dcca16f7

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/microsoft-exchange-exploited-cuba-ransomware/178665/?es_id=3416c12156
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma
public
Date
Tue, 22 Mar 2022 17:04:11 GMT
Content-Encoding
gzip
Last-Modified
Fri, 18 Mar 2022 15:46:01 GMT
Server
nginx
ETag
W/"6234a939-abe0"
Transfer-Encoding
chunked
Content-Type
application/x-javascript
Cache-Control
max-age=604800, public
Connection
close
Expires
Tue, 29 Mar 2022 17:04:11 GMT
conditional_logic.min.js
threatpost.com/wp-content/plugins/gravityforms/js/ 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://threatpost.com/wp-content/plugins/gravityforms/js/conditional_logic.min.js?ver=2.5.16.3
Requested by
Host: threatpost.com
URL: https://threatpost.com/microsoft-exchange-exploited-cuba-ransomware/178665/?es_id=3416c12156
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx /
Resource Hash
7104f88840a420f1702717d900db98910deb6141ad639bb7338b88993e989c72

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/microsoft-exchange-exploited-cuba-ransomware/178665/?es_id=3416c12156
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma
public
Date
Tue, 22 Mar 2022 17:04:11 GMT
Content-Encoding
gzip
Last-Modified
Fri, 18 Mar 2022 15:45:59 GMT
Server
nginx
ETag
W/"6234a937-213f"
Transfer-Encoding
chunked
Content-Type
application/x-javascript
Cache-Control
max-age=604800, public
Connection
close
Expires
Tue, 29 Mar 2022 17:04:11 GMT
placeholders.jquery.min.js
threatpost.com/wp-content/plugins/gravityforms/js/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://threatpost.com/wp-content/plugins/gravityforms/js/placeholders.jquery.min.js?ver=2.5.16.3
Requested by
Host: threatpost.com
URL: https://threatpost.com/microsoft-exchange-exploited-cuba-ransomware/178665/?es_id=3416c12156
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx /
Resource Hash
d62a7b7ec5313469ebff5c006b9068dc44d6d1c122cf787ffa29a10113b34060

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/microsoft-exchange-exploited-cuba-ransomware/178665/?es_id=3416c12156
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma
public
Date
Tue, 22 Mar 2022 17:04:11 GMT
Content-Encoding
gzip
Last-Modified
Fri, 18 Mar 2022 15:46:01 GMT
Server
nginx
ETag
W/"6234a939-121f"
Transfer-Encoding
chunked
Content-Type
application/x-javascript
Cache-Control
max-age=604800, public
Connection
close
Expires
Tue, 29 Mar 2022 17:04:11 GMT
apstag.js
c.amazon-adsystem.com/aax2/ 		134 KB
36 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://c.amazon-adsystem.com/aax2/apstag.js
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/engine.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.109.174 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-109-174.fra56.r.cloudfront.net
Software
Server /
Resource Hash
3ef5bfd224e0baa902eb88c94979cfaeccf2169a996c601fa3de4c3f3b33da01

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-amz-version-id
cDw9qPFdR3WLu_gch_nIk4UAdfcPuNG7
content-encoding
gzip
etag
4e3fad24a118a07cea7ce88b2721a583
age
659
x-cache
Hit from cloudfront
server
Server
x-amz-rid
1VBYZ8MH731FBW99P9BH
date
Tue, 22 Mar 2022 17:04:11 GMT
vary
Accept-Encoding
content-type
application/javascript
via
1.1 f7d063966b06905209f8790f5fd607e2.cloudfront.net (CloudFront)
cache-control
public, max-age=900
x-amz-cf-pop
FRA56-P5
accept-ranges
bytes
timing-allow-origin
*
x-amz-cf-id
Tl24J7K-L9XKL_mUIupvEhMGwwAH0MOZXwERj6YCxfNxXlYLT99R9A==
connatix.player.dc.js
cds.connatix.com/p/155403/ Frame 71BB
Redirect Chain
  • https://cd.connatix.com/connatix.player.js
  • https://cds.connatix.com/p/155403/connatix.player.dc.js
855 KB
199 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cds.connatix.com/p/155403/connatix.player.dc.js
Requested by
Host: threatpost.com
URL: https://threatpost.com/microsoft-exchange-exploited-cuba-ransomware/178665/?es_id=3416c12156
Protocol
H2
Server
151.101.194.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
a5c6db4b3bc25eee635355573d9cbd9be7e8f40b0f56f350eafa8a0f0c0213b5

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 17:04:10 GMT
content-encoding
br
last-modified
Tue, 22 Mar 2022 08:52:26 GMT
age
29233
etag
"ecf316b60f3b40672f84028062c804ab"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
access-control-max-age
86400
cache-control
public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges
bytes
content-length
203528

Redirect headers

location
https://cds.connatix.com/p/155403/connatix.player.dc.js
date
Tue, 22 Mar 2022 17:04:10 GMT
cache-control
no-cache, no-store, must-revalidate, max-age=0
accept-ranges
bytes
content-length
0
access-control-max-age
86400
hls.5b3b785f487abbe00eee.js
cds.connatix.com/p/155403/ Frame 71BB 		0
47 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://cds.connatix.com/p/155403/hls.5b3b785f487abbe00eee.js
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.194.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 17:04:10 GMT
content-encoding
br
last-modified
Tue, 22 Mar 2022 08:52:26 GMT
age
29233
etag
"182f65d040bfb9544bd8f71472475672"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
access-control-max-age
86400
cache-control
public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges
bytes
content-length
48258
/
kasperskycontenthub.com/ 		0
398 B 		Script
General
Check archive.org
Download Go to
Full URL
https://kasperskycontenthub.com/?dm=ed1f9e435dc885292eab65620c51f3fb&action=load&blogid=103&siteid=1&t=1128237645&back=https%3A%2F%2Fthreatpost.com%2Fmicrosoft-exchange-exploited-cuba-ransomware%2F178665%2F%3Fes_id%3D3416c12156
Requested by
Host: threatpost.com
URL: https://threatpost.com/microsoft-exchange-exploited-cuba-ransomware/178665/?es_id=3416c12156
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date
Tue, 22 Mar 2022 17:04:11 GMT
X-Content-Type-Options
nosniff
Server
nginx
X-Frame-Options
SAMEORIGIN
Connection
close
Content-Type
application/javascript
x-cache-hit
HIT
Transfer-Encoding
chunked
X-Debug-Auth
off
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Request-Host
kasperskycontenthub.com
X-XSS-Protection
1; mode=block
gtm.js
www.googletagmanager.com/ 		177 KB
59 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-PM29HLF
Requested by
Host: threatpost.com
URL: https://threatpost.com/microsoft-exchange-exploited-cuba-ransomware/178665/?es_id=3416c12156
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
86bb7e8315060a1db28a16e81984398ca1619a620e70d0127dae4cde64ca3d22
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 17:04:11 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
60423
x-xss-protection
0
last-modified
Tue, 22 Mar 2022 15:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Tue, 22 Mar 2022 17:04:11 GMT
gtm.js
www.googletagmanager.com/ 		502 KB
116 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-WZ7LJ3
Requested by
Host: threatpost.com
URL: https://threatpost.com/microsoft-exchange-exploited-cuba-ransomware/178665/?es_id=3416c12156
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
3179fba77f2b1d3278dc0545cb2aabef1953c6224e2bcf5f49dd2927b15ee451
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 17:04:11 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
118471
x-xss-protection
0
last-modified
Tue, 22 Mar 2022 15:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Tue, 22 Mar 2022 17:04:11 GMT
icons.svg
threatpost.com/wp-content/themes/threatpost-2018//assets/sprite/ 		13 KB
13 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://threatpost.com/wp-content/themes/threatpost-2018//assets/sprite/icons.svg
Requested by
Host: threatpost.com
URL: https://threatpost.com/microsoft-exchange-exploited-cuba-ransomware/178665/?es_id=3416c12156
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx /
Resource Hash
97f5070aadd9475bb56a49a7bc1114e9fe1b992b55f2b227502f35f8bba71d74

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/microsoft-exchange-exploited-cuba-ransomware/178665/?es_id=3416c12156
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date
Tue, 22 Mar 2022 17:04:11 GMT
Last-Modified
Fri, 18 Mar 2022 15:46:00 GMT
Server
nginx
ETag
"6234a938-328e"
Content-Type
image/svg+xml
Access-Control-Allow-Origin
*
Connection
close
Accept-Ranges
bytes
Content-Length
12942
icons.svg
threatpost.com/wp-content/themes/threatpost-2018/assets/sprite/ 		13 KB
13 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://threatpost.com/wp-content/themes/threatpost-2018/assets/sprite/icons.svg
Requested by
Host: threatpost.com
URL: https://threatpost.com/microsoft-exchange-exploited-cuba-ransomware/178665/?es_id=3416c12156
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx /
Resource Hash
97f5070aadd9475bb56a49a7bc1114e9fe1b992b55f2b227502f35f8bba71d74

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/microsoft-exchange-exploited-cuba-ransomware/178665/?es_id=3416c12156
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date
Tue, 22 Mar 2022 17:04:11 GMT
Last-Modified
Fri, 18 Mar 2022 15:46:01 GMT
Server
nginx
ETag
"6234a939-328e"
Content-Type
image/svg+xml
Access-Control-Allow-Origin
*
Connection
close
Accept-Ranges
bytes
Content-Length
12942
logo.png
assets.threatpost.com/wp-content/themes/threatpost-2018/assets/images/ 		19 KB
19 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.threatpost.com/wp-content/themes/threatpost-2018/assets/images/logo.png
Requested by
Host: assets.threatpost.com
URL: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=816b5101
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2250:f600:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
39af7c1116fb967a330e8770f775e6b5ee871add01ed45c98a1634911cebfb0a

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=816b5101
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
public
date
Tue, 22 Mar 2022 17:04:11 GMT
via
1.1 1b3f5dc0b3c577dc5e7394bf12aed238.cloudfront.net (CloudFront)
last-modified
Fri, 18 Mar 2022 15:46:01 GMT
server
nginx
x-amz-cf-pop
FRA60-P2
etag
"6234a939-4a32"
x-cache
Miss from cloudfront
content-type
image/png
cache-control
max-age=604800, public
accept-ranges
bytes
content-length
18994
x-amz-cf-id
8tJKDXXJbnHH4eB8m7v-mbm9u2XALGYKTD1_q_SArmjxSwdUizke2A==
expires
Tue, 29 Mar 2022 17:04:11 GMT
museosans-700-webfont.woff2
assets.threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 		20 KB
21 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://assets.threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-700-webfont.woff2
Requested by
Host: assets.threatpost.com
URL: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=816b5101
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2250:f600:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
ae00ae9c862bc8b8923efd1d9a18befa912678a869d4dd01179a59ed3de731be

Request headers

Referer
https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=816b5101
Origin
https://threatpost.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 17:04:11 GMT
via
1.1 7b314c2b827b3a655861e27775634208.cloudfront.net (CloudFront)
last-modified
Fri, 18 Mar 2022 15:46:01 GMT
server
nginx
x-amz-cf-pop
FRA60-P2
etag
"6234a939-51a4"
x-cache
Miss from cloudfront
content-type
font/woff2
access-control-allow-origin
*
accept-ranges
bytes
content-length
20900
x-amz-cf-id
-7Sx0PHO88Xcw-KS-en8oDzvg1KumCmn3ZV7g9qq-07IIjhD6vSG6g==
museosans-100-webfont.woff2
assets.threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 		20 KB
21 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://assets.threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-100-webfont.woff2
Requested by
Host: assets.threatpost.com
URL: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=816b5101
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2250:f600:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
06fc565587b8b700936a1677218cb269a6cc31ca5f701eb45461e86a3d54d5c7

Request headers

Referer
https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=816b5101
Origin
https://threatpost.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 17:04:11 GMT
via
1.1 7b314c2b827b3a655861e27775634208.cloudfront.net (CloudFront)
last-modified
Fri, 18 Mar 2022 15:46:01 GMT
server
nginx
x-amz-cf-pop
FRA60-P2
etag
"6234a939-50c8"
x-cache
Miss from cloudfront
content-type
font/woff2
access-control-allow-origin
*
accept-ranges
bytes
content-length
20680
x-amz-cf-id
mgYHv2FpIuib7yxzr1O36e5ustcTzZXvLFY-E48n_G8mxHgjDEcUOg==
museosans-300-webfont.woff2
assets.threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 		20 KB
21 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://assets.threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-300-webfont.woff2
Requested by
Host: assets.threatpost.com
URL: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=816b5101
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2250:f600:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
45ddc09b0ad6ab916bd9a0282070b161045e186fc025303f4aa1aa821fc45ac7

Request headers

Referer
https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=816b5101
Origin
https://threatpost.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 17:04:11 GMT
via
1.1 7b314c2b827b3a655861e27775634208.cloudfront.net (CloudFront)
last-modified
Fri, 18 Mar 2022 15:46:00 GMT
server
nginx
x-amz-cf-pop
FRA60-P2
etag
"6234a938-51b8"
x-cache
Miss from cloudfront
content-type
font/woff2
access-control-allow-origin
*
accept-ranges
bytes
content-length
20920
x-amz-cf-id
jHH1ikh4s5TFR4hFuzWM5pzB89mMlTZlq1i3qStauY4OPBJJhvyd9g==
museosans-500-webfont.woff2
assets.threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 		20 KB
21 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://assets.threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-500-webfont.woff2
Requested by
Host: assets.threatpost.com
URL: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=816b5101
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2250:f600:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
2de77164bb9924542e1dea4ee4a0ff27d40b51a3d7939dac7db11a95045c9b7d

Request headers

Referer
https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=816b5101
Origin
https://threatpost.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 17:04:11 GMT
via
1.1 7b314c2b827b3a655861e27775634208.cloudfront.net (CloudFront)
last-modified
Fri, 18 Mar 2022 15:46:01 GMT
server
nginx
x-amz-cf-pop
FRA60-P2
etag
"6234a939-5194"
x-cache
Miss from cloudfront
content-type
font/woff2
access-control-allow-origin
*
accept-ranges
bytes
content-length
20884
x-amz-cf-id
LKKGE2nBIpWKdQnrOcj_pdZSs3MG6ak60WYyqwUfkFRp1JckcgIsKA==
Lisa-Vaas-Headshot.jpg
media.threatpost.com/wp-content/uploads/sites/103/2021/05/05095532/ 		18 KB
19 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://media.threatpost.com/wp-content/uploads/sites/103/2021/05/05095532/Lisa-Vaas-Headshot.jpg
Requested by
Host: threatpost.com
URL: https://threatpost.com/microsoft-exchange-exploited-cuba-ransomware/178665/?es_id=3416c12156
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2490:9000:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
1d5a65e5129df0b4c89e73f205c6cb89cba0cd1d8e21a1512ca76b769634052d

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Thu, 20 Jan 2022 01:12:27 GMT
via
1.1 1f5757b46371746e677236d4fc67d364.cloudfront.net (CloudFront), 1.1 dc85053069397a282d87170bb1bcab4a.cloudfront.net (CloudFront)
last-modified
Tue, 25 May 2021 13:37:34 GMT
server
AmazonS3
age
5327505
etag
"78f8fd88850c65941db84cb8bf0d741d"
x-cache
Hit from cloudfront
content-type
image/jpeg
cache-control
max-age=31536000
x-amz-cf-pop
FRA53-C1, FRA56-P6
accept-ranges
bytes
content-length
18649
x-amz-cf-id
gpWqhhX3KF4ieMWWzEyyuegFZFPeHuCL7FMXGMc66YycThaefp16BQ==
expires
Wed, 25 May 2022 13:37:32 GMT
museosans-500italic-webfont.woff2
assets.threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 		23 KB
23 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://assets.threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-500italic-webfont.woff2
Requested by
Host: assets.threatpost.com
URL: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=816b5101
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2250:f600:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
17aee1fe3d7d16e647b97f568230c2ff36c1855ce35ce930c26aec5d2c58eaf4

Request headers

Referer
https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=816b5101
Origin
https://threatpost.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 17:04:11 GMT
via
1.1 7b314c2b827b3a655861e27775634208.cloudfront.net (CloudFront)
last-modified
Fri, 18 Mar 2022 15:46:01 GMT
server
nginx
x-amz-cf-pop
FRA60-P2
etag
"6234a939-5c74"
x-cache
Miss from cloudfront
content-type
font/woff2
access-control-allow-origin
*
accept-ranges
bytes
content-length
23668
x-amz-cf-id
9u55RR5K71DhEc4ylTipPipGMJ1AEACeIKWDMB8CEsG-idxgTr-7Yg==
Cuba-ransomware-shaming-site-e1645809565513.png
media.threatpost.com/wp-content/uploads/sites/103/2022/02/25121905/ 		651 KB
652 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://media.threatpost.com/wp-content/uploads/sites/103/2022/02/25121905/Cuba-ransomware-shaming-site-e1645809565513.png
Requested by
Host: threatpost.com
URL: https://threatpost.com/microsoft-exchange-exploited-cuba-ransomware/178665/?es_id=3416c12156
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2490:9000:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
91afa3567aa884da17309a3ff01218ae433c620505a481368f7be1c67d811f5f

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 19:48:12 GMT
via
1.1 a09186728c1bcdf0a561aedd92656804.cloudfront.net (CloudFront), 1.1 dc85053069397a282d87170bb1bcab4a.cloudfront.net (CloudFront)
last-modified
Fri, 25 Feb 2022 17:19:26 GMT
server
AmazonS3
age
2150160
etag
"fb03f9f4ed3b64032d7d824596000ee2"
x-cache
Hit from cloudfront
content-type
image/png
cache-control
max-age=31536000
x-amz-cf-pop
FRA50-C1, FRA56-P6
accept-ranges
bytes
content-length
666636
x-amz-cf-id
mmjAJiw1ydL-JkT4twc_0SdLRcyejJ513uM-sAWmRW_yu7kWkSHVPg==
expires
Sat, 25 Feb 2023 17:19:25 GMT
cuba-ransomware-victims-per-country-e1645809655324.png
media.threatpost.com/wp-content/uploads/sites/103/2022/02/25122040/ 		268 KB
269 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://media.threatpost.com/wp-content/uploads/sites/103/2022/02/25122040/cuba-ransomware-victims-per-country-e1645809655324.png
Requested by
Host: threatpost.com
URL: https://threatpost.com/microsoft-exchange-exploited-cuba-ransomware/178665/?es_id=3416c12156
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2490:9000:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
9b853de5258c4463d4c0326efe8a7523adb2705e0609e7a9dd33757d2c398812

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 19:48:18 GMT
via
1.1 32c8da10203574baccb74b8f771a7ffa.cloudfront.net (CloudFront), 1.1 dc85053069397a282d87170bb1bcab4a.cloudfront.net (CloudFront)
last-modified
Fri, 25 Feb 2022 17:20:56 GMT
server
AmazonS3
age
2150154
etag
"b73f92ef233e3d91218d32399b879000"
x-cache
Hit from cloudfront
content-type
image/png
cache-control
max-age=31536000
x-amz-cf-pop
FRA50-C1, FRA56-P6
accept-ranges
bytes
content-length
274410
x-amz-cf-id
QdLGplQ_P3cVIA3TJfh4JFFU-7_NGZCM3X1mnwxPHhxTdh9jFZJkvQ==
expires
Sat, 25 Feb 2023 17:20:55 GMT
14_kaspersky_secure_futures_magazine_composable_infrastructure-64x64.jpg
media.threatpost.com/wp-content/uploads/sites/103/2022/03/01154703/ 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://media.threatpost.com/wp-content/uploads/sites/103/2022/03/01154703/14_kaspersky_secure_futures_magazine_composable_infrastructure-64x64.jpg
Requested by
Host: threatpost.com
URL: https://threatpost.com/microsoft-exchange-exploited-cuba-ransomware/178665/?es_id=3416c12156
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2490:9000:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
7e75ade51afcae47ec8dedc46bd50962ebb58b46638a69951f1f494c5052fe14

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 08 Mar 2022 15:57:05 GMT
via
1.1 57d93b321db68494cc6755a0d3fb29cc.cloudfront.net (CloudFront), 1.1 dc85053069397a282d87170bb1bcab4a.cloudfront.net (CloudFront)
last-modified
Tue, 01 Mar 2022 20:47:09 GMT
server
AmazonS3
age
1213627
etag
"502f5a6c66ba05c0831f656eb6cc29dd"
x-cache
Hit from cloudfront
content-type
image/jpeg
cache-control
max-age=31536000
x-amz-cf-pop
FRA2-C2, FRA56-P6
accept-ranges
bytes
content-length
2476
x-amz-cf-id
NA1b5luC8QzaUiwBNC0jO6hhqnQVna_moHsOObLq5a8gK4RoRMADEw==
expires
Wed, 01 Mar 2023 20:47:08 GMT
checklist2-64x64.jpg
media.threatpost.com/wp-content/uploads/sites/103/2021/10/19100940/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://media.threatpost.com/wp-content/uploads/sites/103/2021/10/19100940/checklist2-64x64.jpg
Requested by
Host: threatpost.com
URL: https://threatpost.com/microsoft-exchange-exploited-cuba-ransomware/178665/?es_id=3416c12156
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2490:9000:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
7fd9983a3429d6ead1f66bf933770f9b790818b189e39ff0f2a0d3f590bbf67b

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 18:49:28 GMT
via
1.1 fb8c0300277bd0137c1693d3d64ab550.cloudfront.net (CloudFront), 1.1 dc85053069397a282d87170bb1bcab4a.cloudfront.net (CloudFront)
last-modified
Tue, 19 Oct 2021 14:09:44 GMT
server
AmazonS3
age
2153684
etag
"14bf40c9dffffaec5cd1337f170dac93"
x-cache
Hit from cloudfront
content-type
image/jpeg
cache-control
max-age=31536000
x-amz-cf-pop
FRA50-C1, FRA56-P6
accept-ranges
bytes
content-length
2112
x-amz-cf-id
_tyYMzvkMZmvQloWdwz-fsdRKgxkNaNZ0rJM4Bsqfo6bEqnknUem5w==
expires
Wed, 19 Oct 2022 14:09:43 GMT
5-Steps-For-Securing-Your-Remote-Work-Space-e1645021300212-64x64.jpg
media.threatpost.com/wp-content/uploads/sites/103/2021/09/09141032/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://media.threatpost.com/wp-content/uploads/sites/103/2021/09/09141032/5-Steps-For-Securing-Your-Remote-Work-Space-e1645021300212-64x64.jpg
Requested by
Host: threatpost.com
URL: https://threatpost.com/microsoft-exchange-exploited-cuba-ransomware/178665/?es_id=3416c12156
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2490:9000:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
1f3d8b57f69b73694c38ba6bbf8ddc46c8a5e52db401795fa8ab80643e14236d

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Thu, 24 Feb 2022 21:12:50 GMT
via
1.1 666eddda46892ed48d8d771b6142ac24.cloudfront.net (CloudFront), 1.1 dc85053069397a282d87170bb1bcab4a.cloudfront.net (CloudFront)
last-modified
Wed, 16 Feb 2022 14:21:42 GMT
server
AmazonS3
age
2231482
etag
"8d2fd78b5abc332b1098cc4de81608b9"
x-cache
Hit from cloudfront
content-type
image/jpeg
cache-control
max-age=31536000
x-amz-cf-pop
FRA56-P2, FRA56-P6
accept-ranges
bytes
content-length
1940
x-amz-cf-id
HiJWMZ0Q21T2jnYd2uvgRLSKDh24drmDtx2p-jxPoJcKknrqUJ02Eg==
expires
Thu, 16 Feb 2023 14:21:40 GMT
nuclear-bomb-explosion-1478796377Hhl-64x64.jpeg
media.threatpost.com/wp-content/uploads/sites/103/2021/09/29112739/ 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://media.threatpost.com/wp-content/uploads/sites/103/2021/09/29112739/nuclear-bomb-explosion-1478796377Hhl-64x64.jpeg
Requested by
Host: threatpost.com
URL: https://threatpost.com/microsoft-exchange-exploited-cuba-ransomware/178665/?es_id=3416c12156
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2490:9000:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
6c8e343da3b15a6a26e0367b83d1c97813863ea6e6a905bd9e69870bb0a0ebd0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 21:08:04 GMT
via
1.1 9c7c26f5beeb09381cea450ea3581b36.cloudfront.net (CloudFront), 1.1 dc85053069397a282d87170bb1bcab4a.cloudfront.net (CloudFront)
last-modified
Wed, 29 Sep 2021 15:27:43 GMT
server
AmazonS3
age
3527768
etag
"6d0d1a22dbbe088376115135bb5be675"
x-cache
Hit from cloudfront
content-type
image/jpeg
cache-control
max-age=31536000
x-amz-cf-pop
FRA50-C1, FRA56-P6
accept-ranges
bytes
content-length
2337
x-amz-cf-id
UUprWTLF3aiLVCy-GElLday8H1zMdp1E1j9eSR6mbbOVdj1dokqMBQ==
expires
Thu, 29 Sep 2022 15:27:42 GMT
mail-plane-light.svg
assets.threatpost.com/wp-content/themes/threatpost-2018/assets/images/ 		828 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.threatpost.com/wp-content/themes/threatpost-2018/assets/images/mail-plane-light.svg
Requested by
Host: assets.threatpost.com
URL: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=816b5101
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2250:f600:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
5a7ed822968963e31d88424c96387ad9f4fd4f4b5a5b581a33f65e3784d162cf

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=816b5101
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 17:04:11 GMT
via
1.1 1b3f5dc0b3c577dc5e7394bf12aed238.cloudfront.net (CloudFront)
last-modified
Fri, 18 Mar 2022 15:46:00 GMT
server
nginx
x-amz-cf-pop
FRA60-P2
etag
"6234a938-33c"
x-cache
Miss from cloudfront
content-type
image/svg+xml
access-control-allow-origin
*
accept-ranges
bytes
content-length
828
x-amz-cf-id
r9H1gekzbWUQwZsHgAP3DcHVjwiAfXV08I5N1QvHnRmT88enHps1hw==
museosans-700italic-webfont.woff2
assets.threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 		15 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://assets.threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-700italic-webfont.woff2
Requested by
Host: assets.threatpost.com
URL: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=816b5101
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2250:f600:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
859faa9b9ed0990288b2f393a102b1fe2668ac79088b113b6f0beaee521221eb

Request headers

Referer
https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=816b5101
Origin
https://threatpost.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 17:04:11 GMT
via
1.1 7b314c2b827b3a655861e27775634208.cloudfront.net (CloudFront)
last-modified
Fri, 18 Mar 2022 15:46:01 GMT
server
nginx
x-amz-cf-pop
FRA60-P2
etag
"6234a939-3dcc"
x-cache
Miss from cloudfront
content-type
font/woff2
access-control-allow-origin
*
accept-ranges
bytes
content-length
15820
x-amz-cf-id
pyFilVcxPEjMeY4HNp-ElTcQImWShJPN-eVxVnbHuwLJsPd2tdvQWQ==
player.css
cds.connatix.com/p/155403/ 		56 KB
9 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cds.connatix.com/p/155403/player.css
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.194.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
9310c3290722edb39dfc8e9065d9b52f8629a7d969e42868f0eac42b9b7edf3a

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 17:04:11 GMT
content-encoding
br
last-modified
Tue, 22 Mar 2022 08:52:26 GMT
age
29233
etag
"a69488f3f35ac4bbb9526cd82833f6e9"
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
access-control-max-age
86400
cache-control
public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges
bytes
content-length
8634
mail-plane-large-dark.svg
assets.threatpost.com/wp-content/themes/threatpost-2018/assets/images/ 		812 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.threatpost.com/wp-content/themes/threatpost-2018/assets/images/mail-plane-large-dark.svg
Requested by
Host: assets.threatpost.com
URL: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=816b5101
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2250:f600:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
a9d2b2df99c1a115d5394c70a898d8801092208dc582f8bd6fb01b35c30d6b22

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=816b5101
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 17:04:11 GMT
via
1.1 1b3f5dc0b3c577dc5e7394bf12aed238.cloudfront.net (CloudFront)
last-modified
Fri, 18 Mar 2022 15:46:01 GMT
server
nginx
x-amz-cf-pop
FRA60-P2
etag
"6234a939-32c"
x-cache
Miss from cloudfront
content-type
image/svg+xml
access-control-allow-origin
*
accept-ranges
bytes
content-length
812
x-amz-cf-id
FO9LXnE8DU3ASIS0ZFaeiC0R4BbVag7lyVjflnaAbDy23y2VAS_KCg==
logo-white.png
assets.threatpost.com/wp-content/themes/threatpost-2018/assets/images/ 		10 KB
10 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.threatpost.com/wp-content/themes/threatpost-2018/assets/images/logo-white.png
Requested by
Host: assets.threatpost.com
URL: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=816b5101
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2250:f600:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
e4058d4ee9da1ceaddfa91ddb63650ba67285f1bbfee487d9dfe648bced669a0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=816b5101
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
public
date
Tue, 22 Mar 2022 17:04:11 GMT
via
1.1 1b3f5dc0b3c577dc5e7394bf12aed238.cloudfront.net (CloudFront)
last-modified
Fri, 18 Mar 2022 15:46:00 GMT
server
nginx
x-amz-cf-pop
FRA60-P2
etag
"6234a938-260a"
x-cache
Miss from cloudfront
content-type
image/png
cache-control
max-age=604800, public
accept-ranges
bytes
content-length
9738
x-amz-cf-id
2qWO-z5zXEW_Wee__ZofYvdiDAfNIp5ehbDCA2_Zq9eSC51vL3Q_mQ==
expires
Tue, 29 Mar 2022 17:04:11 GMT
Log4J_shell_thrpst-e1643986376319-64x64.jpg
media.threatpost.com/wp-content/uploads/sites/103/2021/12/30110920/ 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://media.threatpost.com/wp-content/uploads/sites/103/2021/12/30110920/Log4J_shell_thrpst-e1643986376319-64x64.jpg
Requested by
Host: threatpost.com
URL: https://threatpost.com/microsoft-exchange-exploited-cuba-ransomware/178665/?es_id=3416c12156
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2490:9000:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
41f047950d4db7e04d250ebe65613aaaf482546a855d9321d1536ecb8ab6cccf

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Fri, 04 Feb 2022 18:59:05 GMT
via
1.1 e38834cd8f7f79ef118dc9bba0861780.cloudfront.net (CloudFront), 1.1 dc85053069397a282d87170bb1bcab4a.cloudfront.net (CloudFront)
last-modified
Fri, 04 Feb 2022 14:52:59 GMT
server
AmazonS3
age
3967507
etag
"8b8e89e4e306930920312db10e2c0dbf"
x-cache
Hit from cloudfront
content-type
image/jpeg
cache-control
max-age=31536000
x-amz-cf-pop
FRA50-C1, FRA56-P6
accept-ranges
bytes
content-length
2455
x-amz-cf-id
7fCWt-1xbH_hG9l7fkBVCzHqscZUAsJKjK8-zxM-C8HGKaEFvjcitw==
expires
Sat, 04 Feb 2023 14:52:57 GMT
b-7b120a5-9b871d4e.js
tagan.adlightning.com/math-aids-threatpost/ 		73 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.139.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-139-84.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
4658e1122a2190db712f6731d3e8c14b027f0a42bd7c1333b11d272f8e9ea3fd

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Sat, 05 Feb 2022 22:56:33 GMT
content-encoding
gzip
age
3866858
x-cache
Hit from cloudfront
content-length
28179
x-amz-meta-git_commit
7b120a5
last-modified
Mon, 16 Aug 2021 17:49:31 GMT
server
AmazonS3
etag
"c42a7ac1ac405f3f0cad04305cad5553"
x-amz-version-id
HCJNSpgvHPkSF2.YDap.Qx6PnxOllH79
via
1.1 a5a8e743f28968822c126102a78bb7c6.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
FRA60-P4
accept-ranges
bytes
content-type
application/javascript
x-amz-cf-id
h906jHkkzFYWV7ybe5QwCysS2ECnRoxMt-ZS88ZyLO1K5ojtCBxS0A==
bl-01880f1-bba75783.js
tagan.adlightning.com/math-aids-threatpost/ 		43 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tagan.adlightning.com/math-aids-threatpost/bl-01880f1-bba75783.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.139.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-139-84.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
d9497a4969d4b9f7ef88f6826a448db2639cc888b32b975798c541dcac895358

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 13:41:58 GMT
content-encoding
gzip
age
12134
x-cache
Hit from cloudfront
content-length
18625
x-amz-meta-git_commit
01880f1
last-modified
Tue, 22 Mar 2022 13:33:38 GMT
server
AmazonS3
etag
"5a11b117d1a5792b8eefa140d05f4514"
x-amz-version-id
1Cypxj6R6vOo5NSCX6LW51PFJwpw9iWK
via
1.1 a5a8e743f28968822c126102a78bb7c6.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
FRA60-P4
accept-ranges
bytes
content-type
application/javascript
x-amz-cf-id
NH6ZFjbZFZaaZFaMhNPUMToJ_1bTajuNclU1nx4-gud00pepiQGu_Q==
vendor-list.json
qd.admetricspro.com/js/cmp2/ 		256 KB
38 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://qd.admetricspro.com/js/cmp2/vendor-list.json
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/cmp.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3031::6815:456d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1aeb3ee07f4b462935c5d8047ff038c8e279d75f9be1dcd0b848ba68223a3ee2

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 17:04:11 GMT
content-encoding
br
cf-cache-status
DYNAMIC
last-modified
Mon, 31 May 2021 16:54:38 GMT
server
cloudflare
etag
W/"3ffae-5c3a314b5dcb2"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Z%2FNnzrh6yn5gXFfoWSGP%2FsYztrvJszNggyEXkloOTsF2LLii%2FEQQcAP8An7kSvzriQfGdEW9sjx2BcRSn1tuBLGEcwEh%2Ftn5eooyZDlgZ5pmGVLPhm4UAGlduYH31MmPhbeBwUpUn2kdlzhnCx1ru%2FRp"}],"group":"cf-nel","max_age":604800}
content-type
application/json
access-control-allow-origin
*
cache-control
max-age=600
cf-ray
6f0081457cb79128-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires
Tue, 22 Mar 2022 17:14:11 GMT
pls
capi.connatix.com/core/ Frame 71BB 		12 KB
6 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://capi.connatix.com/core/pls?v=155403
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.194.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
2e3e31715f10527d0363b739d9da4c196cad279ba07ef9fba7230d3f0c17f7c2

Request headers

Referer
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type
multipart/form-data

Response headers

date
Tue, 22 Mar 2022 17:04:11 GMT
content-encoding
gzip
vary
Accept-Encoding
content-type
application/x-protobuf
access-control-allow-origin
https://threatpost.com
access-control-max-age
86400
access-control-allow-credentials
true
accept-ranges
bytes
content-length
5593
recaptcha__en.js
www.gstatic.com/recaptcha/releases/zLD1nfkNCJC1kEswSRdSyd-p/ 		357 KB
141 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/recaptcha/releases/zLD1nfkNCJC1kEswSRdSyd-p/recaptcha__en.js
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?hl=en&render=explicit
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
41a65d5276c8d1b2c5f16f1a833a45e0a4882516f806938c340b6a93fb7a25bf
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://threatpost.com/
Origin
https://threatpost.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 13:23:36 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
13235
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
143864
x-xss-protection
0
last-modified
Mon, 14 Mar 2022 04:02:07 GMT
server
sffe
cross-origin-opener-policy
same-origin-allow-popups; report-to="recaptcha"
vary
Accept-Encoding
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Wed, 22 Mar 2023 13:23:36 GMT
pubads_impl_2022031601.js
securepubads.g.doubleclick.net/gpt/ 		365 KB
124 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022031601.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.181.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s56-in-f2.1e100.net
Software
sffe /
Resource Hash
5042f25c3eb1530880fa3b05325462c028492caf22141409999cdd7e6364b8ba
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 17:00:46 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
205
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
126823
x-xss-protection
0
last-modified
Wed, 16 Mar 2022 08:34:12 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type
text/javascript
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
expires
Wed, 22 Mar 2023 17:00:46 GMT
ppub_config
securepubads.g.doubleclick.net/pagead/ 		141 B
737 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=threatpost.com
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.181.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s56-in-f2.1e100.net
Software
cafe /
Resource Hash
d4c4215f41a4bb6f12e0d100854eecc6bc5c57ef23af0e945b8359d7727ae94e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin
*
date
Tue, 22 Mar 2022 17:04:11 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
101
x-xss-protection
0
expires
Tue, 22 Mar 2022 17:04:11 GMT
config
c.amazon-adsystem.com/cdn/prod/ 		662 B
1019 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.amazon-adsystem.com/cdn/prod/config?src=600&u=https%3A%2F%2Fthreatpost.com&pubid=cb8cfc89-e83e-44aa-a3a2-ff78eda781ef
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.109.174 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-109-174.fra56.r.cloudfront.net
Software
Server /
Resource Hash
6493fe707262fb8d9bc0e4d487e319fc9ebe7de26ebe7e3b4f58a5d17f03a9ea

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:00:56 GMT
via
1.1 f7d063966b06905209f8790f5fd607e2.cloudfront.net (CloudFront)
server
Server
age
10995
x-cache
Hit from cloudfront
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://threatpost.com
cache-control
max-age=21550, s-maxage=21600
access-control-allow-credentials
true
x-amz-cf-pop
FRA56-P5
content-length
662
x-amz-cf-id
P3fJpbW9nn3K744Jzi6Pz-PRsqs8TlgHICF4J06exrOsWzX-hc3IMQ==
aps_csm.js
c.amazon-adsystem.com/bao-csm/aps-comm/ 		6 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.109.174 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-109-174.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-amz-version-id
khsXo6Z3HSo5bHNWbmb1eMp88IHhxPc.
content-encoding
gzip
etag
W/"a4d296427fc806b21335359e398c025c"
age
44655
x-cache
Hit from cloudfront
access-control-max-age
3000
access-control-allow-origin
*
last-modified
Thu, 17 Mar 2022 02:21:48 GMT
server
AmazonS3
date
Tue, 22 Mar 2022 17:04:11 GMT
vary
Origin
access-control-allow-methods
GET
content-type
application/javascript
via
1.1 f7d063966b06905209f8790f5fd607e2.cloudfront.net (CloudFront)
cache-control
public, max-age=86400
x-amz-cf-pop
FRA56-P5
x-amz-cf-id
ixNVa2CA8FU28qwmM0C4ee3L9kkedVkRy5cqBKuVZGrUsd9KHDw8oA==
pubcid.min.js
secure.cdn.fastclick.net/js/pubcid/latest/ 		53 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://secure.cdn.fastclick.net/js/pubcid/latest/pubcid.min.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.111.219.144 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-219-144.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
a4350fed8ed92bbf4f462fc245028928ac33afa25d2231b28c334b91cd0d3952

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 17:04:11 GMT
content-encoding
gzip
last-modified
Tue, 01 Jun 2021 17:06:57 GMT
server
Apache
etag
"d398-5c3b75e9ebb41-gzip"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=900
accept-ranges
bytes
content-length
17087
expires
Tue, 22 Mar 2022 17:19:11 GMT
id5-api.js
cdn.id5-sync.com/api/1.0/ 		40 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.id5-sync.com/api/1.0/id5-api.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
46.105.202.126 , France, ASN16276 (OVH, FR),
Reverse DNS
Software
/
Resource Hash
9476350068dbd8b61373906f6d9dba49ed31ed5d64d6ee2d48da082c44a447dc
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
content-encoding
br
x-cacheable
Matched cache
x-cdn-pop-ip
137.74.120.0/27
date
Tue, 22 Mar 2022 16:34:03 GMT
content-type
text/javascript;charset=utf-8
cache-control
max-age=3600
x-cdn-pop
sbg
content-disposition
attachment;filename="id5-api.js"
accept-ranges
bytes
content-length
11181
x-request-id
1057293697
recaptcha__de.js
www.gstatic.com/recaptcha/releases/zLD1nfkNCJC1kEswSRdSyd-p/ 		360 KB
142 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/recaptcha/releases/zLD1nfkNCJC1kEswSRdSyd-p/recaptcha__de.js
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?render=explicit&ver=202124050927
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
b7aaea908b866c1619b9bf156a002c22b717a771bf22d9a2965151f9cf969670
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://threatpost.com/
Origin
https://threatpost.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 16:38:52 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
1519
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
145350
x-xss-protection
0
last-modified
Mon, 14 Mar 2022 04:02:07 GMT
server
sffe
cross-origin-opener-policy
same-origin-allow-popups; report-to="recaptcha"
vary
Accept-Encoding
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Wed, 22 Mar 2023 16:38:52 GMT
id
dpm.demdex.net/ 		368 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://dpm.demdex.net/id?d_visid_ver=4.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=983502BE532960BE0A490D4C%40AdobeOrg&d_nsid=0&ts=1647968651356
Requested by
Host: media.kaspersky.com
URL: https://media.kaspersky.com/tracking/omniture/s_code_single_suite.js?ver=5.9.2
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.213.251.128 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-213-251-128.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
48f684b1c6a0f325b1267cc4eaa3deb616fee0fa45bb860ee8901a45010dfaa3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://threatpost.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

DCS
dcs-prod-irl1-1-v030-004bed570.edge-irl1.demdex.com UNKNOWN
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
content-encoding
gzip
X-TID
aEdUVS8/Rn8=
Vary
Origin
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin
https://threatpost.com
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json;charset=utf-8
Content-Length
311
Expires
Thu, 01 Jan 1970 00:00:00 UTC
blockedDomains_6.bin
lit.connatix.com/08d79ac9-d151-59b7-8ffc-1666f862d246/ Frame 71BB 		88 B
326 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://lit.connatix.com/08d79ac9-d151-59b7-8ffc-1666f862d246/blockedDomains_6.bin
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.130.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
7ee7be21d91af71ca9589c2044eb2f4666ac9f7427e73c6dea7d4d0d870b8af4

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 17:04:11 GMT
content-encoding
gzip
last-modified
Tue, 08 Mar 2022 17:33:26 GMT
age
1207774
etag
"1f2b4300f4f8d9e0c60e2712121468eb"
vary
Accept-Encoding
content-type
application/octet-stream
access-control-allow-origin
*
access-control-max-age
86400
cache-control
public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges
bytes
content-length
90
sr
capi-tier-2-us-east-2.connatix.com/tr/ Frame 71BB 		0
315 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://capi-tier-2-us-east-2.connatix.com/tr/sr?v=155403
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.132.161.168 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-132-161-168.us-east-2.compute.amazonaws.com
Software
Kestrel /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type
multipart/form-data

Response headers

date
Tue, 22 Mar 2022 17:04:11 GMT
content-encoding
gzip
server
Kestrel
vary
Accept-Encoding
content-type
application/x-protobuf
access-control-allow-origin
https://threatpost.com
access-control-allow-credentials
true
Connection
keep-alive
Content-Length
20
gpt.js
securepubads.g.doubleclick.net/tag/js/ 		82 KB
27 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/tag/js/gpt.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.181.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s56-in-f2.1e100.net
Software
sffe /
Resource Hash
ed54c622898162bdb56dfb1bf5471c977b401a911a270ce95fd26299e33a6593
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 17:04:11 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
27962
x-xss-protection
0
server
sffe
etag
"1165 / 791 of 1000 / last-modified: 1647965886"
vary
Accept-Encoding
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type
text/javascript
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
expires
Tue, 22 Mar 2022 17:04:11 GMT
4_media.bin
vid.connatix.com/pid-c2ecd04f-0dca-4ffa-8761-d93b34717380/60764267-557e-410f-85cb-f102d92ee134/ef307068-0463-4e5f-834a-5a5b2fa0c2c2/ Frame 71BB 		564 B
432 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://vid.connatix.com/pid-c2ecd04f-0dca-4ffa-8761-d93b34717380/60764267-557e-410f-85cb-f102d92ee134/ef307068-0463-4e5f-834a-5a5b2fa0c2c2/4_media.bin
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.130.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
000534b93b673a9f7011852121ebf219825ee163bc363e325cd186701ae8c2ea

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 17:04:11 GMT
content-encoding
gzip
last-modified
Thu, 25 Feb 2021 19:07:21 GMT
age
99041
etag
"70df3a2b99ff1e2acba37a1eb6ba6eba"
vary
Accept-Encoding
content-type
application/octet-stream
access-control-allow-origin
*
access-control-max-age
86400
cache-control
public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges
bytes
content-length
342
ima3.js
imasdk.googleapis.com/js/sdkloader/ Frame 71BB 		371 KB
124 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://imasdk.googleapis.com/js/sdkloader/ima3.js
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
9e3f824116bf1ec3acc0dd7c003055cfb201ab314633e5874a4c4df752bfa018
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 17:04:11 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
cross-origin-opener-policy
same-origin; report-to="ads-doubleclick-instream-static"
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type
text/javascript
cache-control
private, max-age=900, stale-while-revalidate=3600
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
126251
x-xss-protection
0
expires
Tue, 22 Mar 2022 17:04:11 GMT
1.png
img.connatix.com/pid-c2ecd04f-0dca-4ffa-8761-d93b34717380/c2ecd04f-0dca-4ffa-8761-d93b34717380/ 		6 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.connatix.com/pid-c2ecd04f-0dca-4ffa-8761-d93b34717380/c2ecd04f-0dca-4ffa-8761-d93b34717380/1.png
Requested by
Host: threatpost.com
URL: https://threatpost.com/microsoft-exchange-exploited-cuba-ransomware/178665/?es_id=3416c12156
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.194.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
739ab1cbd5fc795c806cfbc012e937834a1d566f02ed72ff02af2700c0629eb4

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 17:04:11 GMT
content-encoding
br
age
1763648
etag
"CDlq0wWU2N6Hha9Y1OkqKS7K/JyWAUvXYL5GlZ2se8g"
access-control-max-age
86400
fastly-io-info
ifsz=8114 idim=288x42 ifmt=png ofsz=6487 odim=288x42 ofmt=png
access-control-allow-origin
*
cache-control
max-age=2592000, public
fastly-stats
io=1
accept-ranges
bytes
content-type
image/png
content-length
6487
gtm.js
www.googletagmanager.com/ 		422 KB
106 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-T45JW6B&l=dataLayer
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WZ7LJ3
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
1a269646d629d1fd1ceb7a14b095140b058d573222ceea941042fa2342de9b4a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 17:04:11 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
108135
x-xss-protection
0
last-modified
Tue, 22 Mar 2022 15:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Tue, 22 Mar 2022 17:04:11 GMT
localstore.js
script.4dex.io/ 		483 B
945 B 		Script
General
Check archive.org
Download Go to
Full URL
https://script.4dex.io/localstore.js
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::ac43:4bf1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e8fe64429e5900c16c7f8dd7861704e2f4d38e00cbb16bc18820b46d92461389

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 17:04:11 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
28096
x-amz-request-id
tx936e37cd1550438eac0ae-00623993ca
x-amz-id-2
tx936e37cd1550438eac0ae-00623993ca
last-modified
Tue, 22 Mar 2022 09:15:21 GMT
server
cloudflare
etag
W/"922cffdd75f7192f75231d92684885aa"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2l%2FrFN95suttyg2SmHfqNw%2FKxN5soxPxIRLR%2B9iQZg5rb703cN8h4UpsP2vUb%2FeEUyXDZwvE6uvixzAaIH%2BzvxQIUY7f%2BVZ1YXjUDdJfzWciIeqiEREyMGBevKgvp5%2FgIT3Mbq2M9ZhgF3lY"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=1800
x-amz-version-id
1647940521027959
cf-ray
6f0081484a149119-FRA
724.json
id5-sync.com/g/v2/ 		213 B
532 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://id5-sync.com/g/v2/724.json
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
51.195.5.232 , France, ASN16276 (OVH, FR),
Reverse DNS
p15.id5-sync.com
Software
/
Resource Hash
1519e74bee985af48ce5e93e81b74e7093d6051c716833ed06264abbbdef89c2
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Referer
https://threatpost.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type
text/plain

Response headers

Access-Control-Allow-Origin
https://threatpost.com
Date
Tue, 22 Mar 2022 17:04:10 GMT
Access-Control-Allow-Credentials
true
Vary
Origin
Transfer-Encoding
chunked
Strict-Transport-Security
max-age=63072000; includeSubDomains; preload
Content-Type
application/json;charset=UTF-8
bid
c.amazon-adsystem.com/e/dtb/ 		64 B
531 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fthreatpost.com%2Fmicrosoft-exchange-exploited-cuba-ransomware%2F178665%2F%3Fes_id%3D3416c12156&pr=https%3A%2F%2Ft.co%2F&pid=0TcF6BNQBI735&cb=0&ws=1600x1200&v=7.74.0&t=1200&slots=%5B%7B%22sd%22%3A%22div-gpt-ad-6794670-2%22%2C%22s%22%3A%5B%22728x90%22%2C%22970x250%22%2C%22970x90%22%5D%2C%22sn%22%3A%22%2F22404337467%2C21707124336%2Fthreatpost-970x250-ATF%22%7D%2C%7B%22sd%22%3A%22div-gpt-ad-6794670-3%22%2C%22s%22%3A%5B%22300x250%22%2C%22336x280%22%5D%2C%22sn%22%3A%22%2F22404337467%2C21707124336%2Fthreatpost-300x250-ATF%22%7D%2C%7B%22sd%22%3A%22div-gpt-ad-6794670-5%22%2C%22s%22%3A%5B%22300x250%22%2C%22300x600%22%5D%2C%22sn%22%3A%22%2F22404337467%2C21707124336%2Fthreatpost-300x600-ATF%22%7D%2C%7B%22sd%22%3A%22div-gpt-ad-6794670-1%22%2C%22s%22%3A%5B%222x2%22%5D%2C%22sn%22%3A%22%2F22404337467%2C21707124336%2Fthreatpost-2x2-Skin%22%7D%5D&pubid=cb8cfc89-e83e-44aa-a3a2-ff78eda781ef&gdpre=0&gdprl=%7B%22status%22%3A%22tcfv2-success%22%7D
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.109.174 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-109-174.fra56.r.cloudfront.net
Software
Server /
Resource Hash
d278491b1de51ad826d16be5ab27b1746999c02d45200f107218427e34eed798
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 17:04:11 GMT
via
1.1 f7d063966b06905209f8790f5fd607e2.cloudfront.net (CloudFront)
server
Server
x-amz-cf-pop
FRA56-P5
x-amz-rid
4V6JS92TM6G1DAV85RXJ
vary
Accept-Encoding,User-Agent
x-cache
Miss from cloudfront
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
https://threatpost.com
access-control-allow-credentials
true
permissions-policy
interest-cohort=()
strict-transport-security
max-age=47474747; includeSubDomains; preload
timing-allow-origin
*
content-length
64
x-amz-cf-id
r6bmFoBcqtuWIM7sDWo7S-zrSy20xJ2KnB1gjG1r893ni2_Nzqf6qQ==
analytics.js
www.google-analytics.com/ 		49 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PM29HLF
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 02 Nov 2021 17:39:06 GMT
server
Golfe2
age
3565
date
Tue, 22 Mar 2022 16:04:46 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
20006
expires
Tue, 22 Mar 2022 18:04:46 GMT
quant.js
secure.quantserve.com/ 		24 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://secure.quantserve.com/quant.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PM29HLF
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:116:800d:21:3175:5196:e3fd:8c1d , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
8d6580af877387b05d9ffac3ebeacfe25a7728c77adef6d9b32fd72ccbe21468

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 17:04:11 GMT
content-encoding
gzip
etag
"u2JtyZzqnTXwzBUswy2r+w=="
vary
Accept-Encoding
content-type
application/javascript
cache-control
private, max-age=604800
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
expires
Tue, 29 Mar 2022 17:04:11 GMT
uwt.js
static.ads-twitter.com/ 		14 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.ads-twitter.com/uwt.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PM29HLF
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
199.232.136.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
4da3e3aa30b5b06390d7e7e3fcfb16d648909eb429d161c2748bd6d79a7ec5fb

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 17:04:11 GMT
content-encoding
gzip
last-modified
Fri, 18 Mar 2022 17:03:16 GMT
etag
"8dc11b7ca1d5ed9ec3b1ab1beb621c75+gzip+gzip"
vary
Accept-Encoding,Host
x-tw-cdn
FT
p3p
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
cache-control
no-cache
x-cache
HIT, HIT
accept-ranges
bytes
content-type
application/javascript; charset=utf-8
content-length
5410
x-served-by
cache-iad-kcgs7200054-IAD, cache-hhn11530-HHN
dest5.html
kaspersky.demdex.net/ Frame 4E81 		7 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://kaspersky.demdex.net/dest5.html?d_nsid=0
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.171.186.191 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-171-186-191.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/

Response headers

Accept-Ranges
bytes
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding
gzip
Content-Type
text/html;charset=UTF-8
date
Tue, 22 Mar 2022 17:04:11 GMT
DCS
dcs-prod-irl1-1-v030-0197a4123.edge-irl1.demdex.com UNKNOWN
Expires
Thu, 01 Jan 1970 00:00:00 UTC
last-modified
Tue, 15 Mar 2022 12:08:41 GMT
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
vary
accept-encoding
X-TID
XcP5+hHoT4k=
Content-Length
2791
Connection
keep-alive
id
kaspersky.d3.sc.omtrdc.net/ 		2 B
316 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://kaspersky.d3.sc.omtrdc.net/id?d_visid_ver=4.4.0&d_fieldgroup=A&mcorgid=983502BE532960BE0A490D4C%40AdobeOrg&mid=18319297477328161013447771584748901028&ts=1647968651565
Requested by
Host: media.kaspersky.com
URL: https://media.kaspersky.com/tracking/omniture/s_code_single_suite.js?ver=5.9.2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
15.188.95.229 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-15-188-95-229.eu-west-3.compute.amazonaws.com
Software
jag /
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://threatpost.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

date
Tue, 22 Mar 2022 17:04:11 GMT
x-content-type-options
nosniff
server
jag
xserver
anedge-7f6b754cd4-pdplf
vary
Origin
x-c
main-1629.I879dac.M0-556
p3p
CP="This is not a P3P policy"
access-control-allow-origin
https://threatpost.com
cache-control
no-cache, no-store, max-age=0, no-transform, private
access-control-allow-credentials
true
content-type
application/x-javascript;charset=utf-8
content-length
2
x-xss-protection
1; mode=block
ibs:dpid=411&dpuuid=YjoBiwAAAE9XUwP0
dpm.demdex.net/
Redirect Chain
  • https://cm.everesttech.net/cm/dd?d_uuid=16727263815370216312414514698637638910
  • https://dpm.demdex.net/ibs:dpid=411&dpuuid=YjoBiwAAAE9XUwP0
42 B
945 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dpm.demdex.net/ibs:dpid=411&dpuuid=YjoBiwAAAE9XUwP0
Requested by
Host: threatpost.com
URL: https://threatpost.com/microsoft-exchange-exploited-cuba-ransomware/178665/?es_id=3416c12156
Protocol
HTTP/1.1
Server
52.213.251.128 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-213-251-128.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

DCS
dcs-prod-irl1-2-v030-00570eae8.edge-irl1.demdex.com UNKNOWN
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
content-encoding
gzip
X-Content-Type-Options
nosniff
X-TID
Hp/bs2xORWQ=
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Type
image/gif
Content-Length
59
Expires
Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

Location
https://dpm.demdex.net/ibs:dpid=411&dpuuid=YjoBiwAAAE9XUwP0
Date
Tue, 22 Mar 2022 17:04:11 GMT
Cache-Control
no-cache
Server
AMO-cookiemap/1.1
Connection
keep-alive
Content-Length
0
P3P
CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
fastlane.json
fastlane.rubiconproject.com/a/api/ 		620 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=19254&site_id=300372&zone_id=1509502&size_id=2&alt_size_ids=55%2C57&p_pos=atf&gdpr=0&rp_schain=1.0,1!admetricspro.com,1005,1,,,&rf=https%3A%2F%2Fthreatpost.com%2Fmicrosoft-exchange-exploited-cuba-ransomware%2F178665%2F%3Fes_id%3D3416c12156&kw=Hacks%2CMalware%2CVulnerabilities%2CWebSecurity%2CMobileSecurity%2CPrivacy&tg_i.ref=https%3A%2F%2Fthreatpost.com%2Fmicrosoft-exchange-exploited-cuba-ransomware%2F178665%2F%3Fes_id%3D3416c12156&tg_i.page=https%3A%2F%2Fthreatpost.com%2Fmicrosoft-exchange-exploited-cuba-ransomware%2F178665%2F&tg_i.domain=threatpost.com&tg_i.dfp_ad_unit_code=22404337467%2C21707124336%2Fthreatpost-970x250-ATF&tg_i.pbadslot=22404337467%2C21707124336%2Fthreatpost-970x250-ATF&tk_flint=pbjs_lite_v5.17.0&x_source.tid=9d9590ad-2490-4b5c-84d0-d3b10391b9d7&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.3233591156704394
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
2602:803:c004:200::143 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.21.4 /
Resource Hash
54a9e419219bd73c62f2a4bf2b8e33242551b41837fab5fa239992b39d4cfaad

Request headers

Referer
https://threatpost.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Tue, 22 Mar 2022 17:04:11 GMT
Server
nginx/1.21.4
Vary
Accept-Encoding
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
https://threatpost.com
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json
Content-Length
620
Expires
Wed, 17 Sep 1975 21:32:10 GMT
fastlane.json
fastlane.rubiconproject.com/a/api/ 		618 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=19254&site_id=300372&zone_id=1509502&size_id=15&alt_size_ids=16&p_pos=atf&gdpr=0&rp_schain=1.0,1!admetricspro.com,1005,1,,,&rf=https%3A%2F%2Fthreatpost.com%2Fmicrosoft-exchange-exploited-cuba-ransomware%2F178665%2F%3Fes_id%3D3416c12156&kw=Hacks%2CMalware%2CVulnerabilities%2CWebSecurity%2CMobileSecurity%2CPrivacy&tg_i.ref=https%3A%2F%2Fthreatpost.com%2Fmicrosoft-exchange-exploited-cuba-ransomware%2F178665%2F%3Fes_id%3D3416c12156&tg_i.page=https%3A%2F%2Fthreatpost.com%2Fmicrosoft-exchange-exploited-cuba-ransomware%2F178665%2F&tg_i.domain=threatpost.com&tg_i.dfp_ad_unit_code=22404337467%2C21707124336%2Fthreatpost-300x250-ATF&tg_i.pbadslot=22404337467%2C21707124336%2Fthreatpost-300x250-ATF&tk_flint=pbjs_lite_v5.17.0&x_source.tid=d3182866-09cd-47ea-ad72-52ec8591cfc9&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.596136934227157
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
2602:803:c004:200::143 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.21.4 /
Resource Hash
6466791cf754e6da0d9d565e7bac368c4b3f769c50e9217e9fdd2f51ee64cc96

Request headers

Referer
https://threatpost.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Tue, 22 Mar 2022 17:04:11 GMT
Server
nginx/1.21.4
Vary
Accept-Encoding
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
https://threatpost.com
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json
Content-Length
618
Expires
Wed, 17 Sep 1975 21:32:10 GMT
fastlane.json
fastlane.rubiconproject.com/a/api/ 		4 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=19254&site_id=300372&zone_id=1509506&size_id=15&alt_size_ids=10&p_pos=atf&gdpr=0&rp_schain=1.0,1!admetricspro.com,1005,1,,,&rf=https%3A%2F%2Fthreatpost.com%2Fmicrosoft-exchange-exploited-cuba-ransomware%2F178665%2F%3Fes_id%3D3416c12156&kw=Hacks%2CMalware%2CVulnerabilities%2CWebSecurity%2CMobileSecurity%2CPrivacy&tg_i.ref=https%3A%2F%2Fthreatpost.com%2Fmicrosoft-exchange-exploited-cuba-ransomware%2F178665%2F%3Fes_id%3D3416c12156&tg_i.page=https%3A%2F%2Fthreatpost.com%2Fmicrosoft-exchange-exploited-cuba-ransomware%2F178665%2F&tg_i.domain=threatpost.com&tg_i.dfp_ad_unit_code=22404337467%2C21707124336%2Fthreatpost-300x600-ATF&tg_i.pbadslot=22404337467%2C21707124336%2Fthreatpost-300x600-ATF&tk_flint=pbjs_lite_v5.17.0&x_source.tid=167a6200-7ad8-41ca-b66f-23000eddffc1&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.8500491441157345
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
2602:803:c004:200::143 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.21.4 /
Resource Hash
be086712f6cae12fd0f4a95cb6b1b2cb6c569bc504516ecc05eb3be71a757aca

Request headers

Referer
https://threatpost.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Tue, 22 Mar 2022 17:04:11 GMT
Content-Encoding
gzip
Server
nginx/1.21.4
Vary
Accept-Encoding
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
https://threatpost.com
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json
Content-Length
1927
Expires
Wed, 17 Sep 1975 21:32:10 GMT
fastlane.json
fastlane.rubiconproject.com/a/api/ 		618 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=19254&site_id=300372&zone_id=1509502&size_id=15&alt_size_ids=10&p_pos=atf&gdpr=0&rp_schain=1.0,1!admetricspro.com,1005,1,,,&rf=https%3A%2F%2Fthreatpost.com%2Fmicrosoft-exchange-exploited-cuba-ransomware%2F178665%2F%3Fes_id%3D3416c12156&kw=Hacks%2CMalware%2CVulnerabilities%2CWebSecurity%2CMobileSecurity%2CPrivacy&tg_i.ref=https%3A%2F%2Fthreatpost.com%2Fmicrosoft-exchange-exploited-cuba-ransomware%2F178665%2F%3Fes_id%3D3416c12156&tg_i.page=https%3A%2F%2Fthreatpost.com%2Fmicrosoft-exchange-exploited-cuba-ransomware%2F178665%2F&tg_i.domain=threatpost.com&tg_i.dfp_ad_unit_code=22404337467%2C21707124336%2Fthreatpost-300x600-ATF&tg_i.pbadslot=22404337467%2C21707124336%2Fthreatpost-300x600-ATF&tk_flint=pbjs_lite_v5.17.0&x_source.tid=167a6200-7ad8-41ca-b66f-23000eddffc1&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.6636496674699215
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
2602:803:c004:200::143 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.21.4 /
Resource Hash
f953aa715cd5c236fc63ca2b6a4d41728b1fd5d6e3fcb787a3017350a353f9de

Request headers

Referer
https://threatpost.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Tue, 22 Mar 2022 17:04:11 GMT
Server
nginx/1.21.4
Vary
Accept-Encoding
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
https://threatpost.com
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json
Content-Length
618
Expires
Wed, 17 Sep 1975 21:32:10 GMT
prebid
ib.adnxs.com/ut/v3/ 		358 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
37.252.173.27 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
539.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
4d4138094a66166c74f098ef434d802977ae5edcfdc1817917681e27fc245604
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://threatpost.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Tue, 22 Mar 2022 17:04:11 GMT
X-Proxy-Origin
84.19.175.183; 84.19.175.183; 539.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid
05a0de44-701b-43ab-b896-dd436089d9f3
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
https://threatpost.com
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json; charset=utf-8
Content-Length
358
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
translator
hbopenbid.pubmatic.com/ 		0
59 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://threatpost.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://threatpost.com
date
Tue, 22 Mar 2022 17:04:11 GMT
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
v1
btlr.sharethrough.com/universal/ 		0
112 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.29.1.115 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-29-1-115.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://threatpost.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://threatpost.com
date
Tue, 22 Mar 2022 17:04:11 GMT
access-control-allow-credentials
true
vary
Origin
v1
btlr.sharethrough.com/universal/ 		0
113 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.29.1.115 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-29-1-115.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://threatpost.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://threatpost.com
date
Tue, 22 Mar 2022 17:04:11 GMT
access-control-allow-credentials
true
vary
Origin
v1
btlr.sharethrough.com/universal/ 		0
112 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.29.1.115 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-29-1-115.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://threatpost.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://threatpost.com
date
Tue, 22 Mar 2022 17:04:11 GMT
access-control-allow-credentials
true
vary
Origin
arj
teachingaids-d.openx.net/w/1.0/ 		174 B
589 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://teachingaids-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fthreatpost.com%2Fmicrosoft-exchange-exploited-cuba-ransomware%2F178665%2F%3Fes_id%3D3416c12156&ch=UTF-8&res=1600x1200x24&ifr=false&tz=0&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=9d9590ad-2490-4b5c-84d0-d3b10391b9d7%2C9d9590ad-2490-4b5c-84d0-d3b10391b9d7%2Cd3182866-09cd-47ea-ad72-52ec8591cfc9%2C167a6200-7ad8-41ca-b66f-23000eddffc1%2C167a6200-7ad8-41ca-b66f-23000eddffc1&nocache=1647968651591&gdpr=0&x_gdpr_f=1&pubcid=aa8aa6d2-da78-448b-bc3c-ae98aa9b52ea&schain=1.0%2C1!admetricspro.com%2C1005%2C1%2C%2C%2C&aus=728x90%2C970x250%2C970x90%7C728x90%2C970x250%2C970x90%7C300x250%2C336x280%7C300x250%2C300x600%7C300x250%2C300x600&divids=div-gpt-ad-6794670-2%2Cdiv-gpt-ad-6794670-2%2Cdiv-gpt-ad-6794670-3%2Cdiv-gpt-ad-6794670-5%2Cdiv-gpt-ad-6794670-5&aucs=%252F22404337467%252C21707124336%252Fthreatpost-970x250-ATF%2C%252F22404337467%252C21707124336%252Fthreatpost-970x250-ATF%2C%252F22404337467%252C21707124336%252Fthreatpost-300x250-ATF%2C%252F22404337467%252C21707124336%252Fthreatpost-300x600-ATF%2C%252F22404337467%252C21707124336%252Fthreatpost-300x600-ATF&auid=540932704%2C540932709%2C540932713%2C540932715%2C540932720
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/17.2.1 /
Resource Hash
0bdedf4de67a788512b33af8e500efd5405c93774e2a6675826141539e177902

Request headers

Referer
https://threatpost.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Tue, 22 Mar 2022 17:04:11 GMT
content-encoding
gzip
server
OXGW/17.2.1
vary
Accept, Accept-Encoding
p3p
CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin
https://threatpost.com
cache-control
private, max-age=0, no-cache
access-control-allow-credentials
true
content-type
application/json
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
163
via
1.1 google
expires
Mon, 26 Jul 1997 05:00:00 GMT
prebid
mp.4dex.io/ 		99 B
544 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://mp.4dex.io/prebid
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:372 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
28a8168af946fb062e331a3f3848657243206a4060a841dd6a69afd3a49d79c0

Request headers

Referer
https://threatpost.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type
text/plain

Response headers

cf-ray
6f008148d9159b5e-FRA
pragma
no-cache
date
Tue, 22 Mar 2022 17:04:11 GMT
via
1.1 google
cf-cache-status
DYNAMIC
x-warn
Selecting bids. No selected bids
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin, Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
https://threatpost.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-encoding
gzip
server
cloudflare
expires
0
adreq
ads.servenobid.com/ 		548 B
606 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ads.servenobid.com/adreq?cb=7091
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.215.175.9 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-215-175-9.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
cd3767c9daaaaf6b31ba6dd8821d1cf09594ffdddb05a60b81d960aa4e2f44e9

Request headers

Referer
https://threatpost.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type
text/plain

Response headers

date
Tue, 22 Mar 2022 17:04:11 GMT
content-encoding
gzip
amp-access-control-allow-source-origin
*
vary
accept-encoding
content-type
application/json
access-control-allow-origin
https://threatpost.com
access-control-expose-headers
AMP-Access-Control-Allow-Source-Origin
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials
true
auction
tlx.3lift.com/header/ 		19 B
466 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://tlx.3lift.com/header/auction?lib=prebid&v=5.17.0&referrer=https%3A%2F%2Fthreatpost.com%2Fmicrosoft-exchange-exploited-cuba-ransomware%2F178665%2F%3Fes_id%3D3416c12156&tmax=1200&gdpr=false
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.124.87.92 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-124-87-92.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://threatpost.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Tue, 22 Mar 2022 17:04:11 GMT
accept-ch
sec-ch-width,sec-ch-save-data,sec-ch-device-memory,sec-ch-dpr,sec-ch-prefers-color-scheme,sec-ch-ua-bitness,sec-ch-ect,sec-ch-downlink,sec-ch-rtt,sec-ch-ua-arch,sec-ch-viewport-width,sec-ch-ua-platform-version,sec-ch-ua-full-version,sec-ch-ua-model,sec-ch-viewport-height
content-type
application/json; charset=utf-8
access-control-allow-origin
https://threatpost.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-length
19
x-xss-protection
0
expires
Thu, 15 Oct 1992 20:10:00 GMT
bidRequest
c2shb.ssp.yahoo.com/ 		62 B
291 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a9695ad017373d9b19cda6b03bc00b5&pos=threatpost.com_desktop_728x90-atf&cmd=bid&secure=1
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
18.156.195.47 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-156-195-47.eu-central-1.compute.amazonaws.com
Software
ATS/9.1.0.33 /
Resource Hash
792811a00eade422dc7f0b340a43724ad4577dd08b2887d63d1004706ede3acb

Request headers

Referer
https://threatpost.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type
text/plain

Response headers

date
Tue, 22 Mar 2022 17:04:11 GMT
server
ATS/9.1.0.33
age
0
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods
POST,GET,HEAD,OPTIONS
content-type
application/json;charset=utf-8
access-control-allow-origin
https://threatpost.com
access-control-allow-credentials
true
content-length
62
bidRequest
c2shb.ssp.yahoo.com/ 		62 B
92 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a9695ad017373d9b19cda6b03bc00b5&pos=threatpost.com_desktop_300x250-atf&cmd=bid&secure=1
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
18.156.195.47 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-156-195-47.eu-central-1.compute.amazonaws.com
Software
ATS/9.1.0.33 /
Resource Hash
18869b437725dc8f2fb681c69779c0842803f75d9ea3c3ade5f8adbe180368a3

Request headers

Referer
https://threatpost.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type
text/plain

Response headers

date
Tue, 22 Mar 2022 17:04:11 GMT
server
ATS/9.1.0.33
age
0
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods
POST,GET,HEAD,OPTIONS
content-type
application/json;charset=utf-8
access-control-allow-origin
https://threatpost.com
access-control-allow-credentials
true
content-length
62
bidRequest
c2shb.ssp.yahoo.com/ 		62 B
92 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a9695ad017373d9b19cda6b03bc00b5&pos=threatpost.com_desktop_300x600-atf&cmd=bid&secure=1
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
18.156.195.47 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-156-195-47.eu-central-1.compute.amazonaws.com
Software
ATS/9.1.0.33 /
Resource Hash
586d278cacddc631e76c607d451977f7be7ec1186b890a153ba403ad0b36ada6

Request headers

Referer
https://threatpost.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type
text/plain

Response headers

date
Tue, 22 Mar 2022 17:04:11 GMT
server
ATS/9.1.0.33
age
0
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods
POST,GET,HEAD,OPTIONS
content-type
application/json;charset=utf-8
access-control-allow-origin
https://threatpost.com
access-control-allow-credentials
true
content-length
62
mvo
tag.1rx.io/rmp/216477/0/ 		0
170 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://tag.1rx.io/rmp/216477/0/mvo?z=1r&hbv=5.17,2.1
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
213.19.147.42 , United Kingdom, ASN3356 (LEVEL3, US),
Reverse DNS
Software
Tengine /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://threatpost.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://threatpost.com
pragma
no-cache
date
Tue, 22 Mar 2022 17:04:11 GMT
cache-control
private, max-age=0, no-cache, no-store
access-control-allow-credentials
true
server
Tengine
bid
ap.lijit.com/rtb/ 		94 B
744 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ap.lijit.com/rtb/bid?src=prebid_prebid_5.17.0
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
216.52.2.39 , United States, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software
/
Resource Hash
bf00b900c3cc8692e726772624db21f004d08605251e1cb84e716a48b3d0a7e3

Request headers

Referer
https://threatpost.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type
text/plain

Response headers

Date
Tue, 22 Mar 2022 17:04:11 GMT
Content-Encoding
gzip
Vary
Accept-Encoding, User-Agent
Access-Control-Allow-Methods
GET, POST, DELETE, PUT
Content-Type
application/json
Access-Control-Allow-Origin
https://threatpost.com
Access-Control-Allow-Credentials
true
X-Sovrn-Pod
ad_ap7ams1
Access-Control-Allow-Headers
X-Requested-With, Content-Type
Content-Length
100
cygnus
htlb.casalemedia.com/ 		1 KB
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://htlb.casalemedia.com/cygnus?s=438654&v=7.2&ac=j&sd=1&r=%7B%22id%22%3A%225152bd52db94bd8%22%2C%22site%22%3A%7B%22ref%22%3A%22https%3A%2F%2Fthreatpost.com%2Fmicrosoft-exchange-exploited-cuba-ransomware%2F178665%2F%3Fes_id%3D3416c12156%22%2C%22page%22%3A%22https%3A%2F%2Fthreatpost.com%2Fmicrosoft-exchange-exploited-cuba-ransomware%2F178665%2F%22%2C%22domain%22%3A%22threatpost.com%22%2C%22publisher%22%3A%7B%22domain%22%3A%22threatpost.com%22%7D%2C%22keywords%22%3A%22Hacks%2CMalware%2CVulnerabilities%2CWebSecurity%2CMobileSecurity%2CPrivacy%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%2C%22ixdiag%22%3A%7B%22msd%22%3A4%2C%22msi%22%3A4%2C%22mfu%22%3A0%2C%22bu%22%3A3%2C%22iu%22%3A0%2C%22nu%22%3A0%2C%22ou%22%3A0%2C%22allu%22%3A3%2C%22ren%22%3Afalse%2C%22version%22%3A%225.17.0%22%2C%22userIds%22%3A%5B%5D%2C%22fpd%22%3Atrue%7D%7D%2C%22imp%22%3A%5B%7B%22id%22%3A%22525f615fd21d2b%22%2C%22banner%22%3A%7B%22topframe%22%3A1%2C%22format%22%3A%5B%7B%22w%22%3A728%2C%22h%22%3A90%2C%22ext%22%3A%7B%22siteID%22%3A%22438654%22%2C%22dfp_ad_unit_code%22%3A%22%2F22404337467%2C21707124336%2Fthreatpost-970x250-ATF%22%2C%22sid%22%3A%22728x90%22%7D%7D%2C%7B%22w%22%3A970%2C%22h%22%3A250%2C%22ext%22%3A%7B%22siteID%22%3A%22438654%22%2C%22dfp_ad_unit_code%22%3A%22%2F22404337467%2C21707124336%2Fthreatpost-970x250-ATF%22%2C%22sid%22%3A%22970x250%22%7D%7D%2C%7B%22w%22%3A970%2C%22h%22%3A90%2C%22ext%22%3A%7B%22siteID%22%3A%22438654%22%2C%22dfp_ad_unit_code%22%3A%22%2F22404337467%2C21707124336%2Fthreatpost-970x250-ATF%22%2C%22sid%22%3A%22970x90%22%7D%7D%5D%7D%7D%2C%7B%22id%22%3A%2253a3a2175cfc395%22%2C%22banner%22%3A%7B%22topframe%22%3A1%2C%22format%22%3A%5B%7B%22w%22%3A300%2C%22h%22%3A250%2C%22ext%22%3A%7B%22siteID%22%3A%22438649%22%2C%22dfp_ad_unit_code%22%3A%22%2F22404337467%2C21707124336%2Fthreatpost-300x250-ATF%22%2C%22sid%22%3A%22300x250%22%7D%7D%2C%7B%22w%22%3A336%2C%22h%22%3A280%2C%22ext%22%3A%7B%22siteID%22%3A%22438649%22%2C%22dfp_ad_unit_code%22%3A%22%2F22404337467%2C21707124336%2Fthreatpost-300x250-ATF%22%2C%22sid%22%3A%22336x280%22%7D%7D%5D%7D%7D%2C%7B%22id%22%3A%22548e714ce564f44%22%2C%22banner%22%3A%7B%22topframe%22%3A1%2C%22format%22%3A%5B%7B%22w%22%3A300%2C%22h%22%3A250%2C%22ext%22%3A%7B%22siteID%22%3A%22438650%22%2C%22dfp_ad_unit_code%22%3A%22%2F22404337467%2C21707124336%2Fthreatpost-300x600-ATF%22%2C%22sid%22%3A%22300x250%22%7D%7D%2C%7B%22w%22%3A300%2C%22h%22%3A600%2C%22ext%22%3A%7B%22siteID%22%3A%22438650%22%2C%22dfp_ad_unit_code%22%3A%22%2F22404337467%2C21707124336%2Fthreatpost-300x600-ATF%22%2C%22sid%22%3A%22300x600%22%7D%7D%5D%7D%7D%5D%2C%22source%22%3A%7B%22ext%22%3A%7B%22schain%22%3A%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22admetricspro.com%22%2C%22sid%22%3A%221005%22%2C%22hp%22%3A1%7D%5D%7D%7D%7D%2C%22regs%22%3A%7B%22ext%22%3A%7B%22gdpr%22%3A0%7D%7D%2C%22user%22%3A%7B%22ext%22%3A%7B%22consent%22%3A%22%22%7D%7D%7D
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.37.38.181 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-37-38-181.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
691caac6f6dff7d861775fc681453b85395bdbc549aa1355e445d6acc5513436

Request headers

Referer
https://threatpost.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Tue, 22 Mar 2022 17:04:11 GMT
x-ak-initial-geo
CC:[DE], RC:[HE], CN:[EU], CIP:[84.19.175.183], XFF:[]
server
Apache
content-type
application/json
access-control-allow-origin
https://threatpost.com
x-cs-client-geo
12
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
true
content-length
1136
x-ak-client-geo
12
expires
Tue, 22 Mar 2022 17:04:11 GMT
c
prebid.a-mo.net/a/ 		0
348 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebid.a-mo.net/a/c
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
145.40.89.200 Ashburn, United States, ASN54825 (PACKET, US),
Reverse DNS
Software
envoy /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://threatpost.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://threatpost.com
date
Tue, 22 Mar 2022 17:04:11 GMT
cache-control
max-age=0, private, must-revalidate
access-control-allow-credentials
true
server
envoy
x-envoy-upstream-service-time
378
vary
origin, Accept-Encoding
v2
e.serverbid.com/api/ 		711 B
984 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://e.serverbid.com/api/v2
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
134.209.129.254 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
/
Resource Hash
f4b064d961dd5c30917481f9cf22f400d352737e7dac10d70e574877eef1e8ea

Request headers

Referer
https://threatpost.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://threatpost.com
date
Tue, 22 Mar 2022 17:04:11 GMT
access-control-allow-credentials
true
content-length
711
vary
Origin
content-type
application/json
hls.5b3b785f487abbe00eee.js
cds.connatix.com/p/155403/ Frame 71BB 		162 KB
47 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cds.connatix.com/p/155403/hls.5b3b785f487abbe00eee.js
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.194.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
e2c4332b6cd0fea250e89907921adaf7e597b52808cf19c995d6173ae0263f21

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 17:04:11 GMT
content-encoding
br
last-modified
Tue, 22 Mar 2022 08:52:26 GMT
age
29234
etag
"182f65d040bfb9544bd8f71472475672"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
access-control-max-age
86400
cache-control
public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges
bytes
content-length
48258
724.json
id5-sync.com/g/v2/ 		213 B
532 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://id5-sync.com/g/v2/724.json
Requested by
Host: cdn.id5-sync.com
URL: https://cdn.id5-sync.com/api/1.0/id5-api.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
51.195.5.232 , France, ASN16276 (OVH, FR),
Reverse DNS
p15.id5-sync.com
Software
/
Resource Hash
4df2735a9ad88a85c6ad203d1f1a2e677797e28afb4b4b4e540a32a6435db8da
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Referer
https://threatpost.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type
text/plain

Response headers

Access-Control-Allow-Origin
https://threatpost.com
Date
Tue, 22 Mar 2022 17:04:10 GMT
Access-Control-Allow-Credentials
true
Vary
Origin
Transfer-Encoding
chunked
Strict-Transport-Security
max-age=63072000; includeSubDomains; preload
Content-Type
application/json;charset=UTF-8
adagio.js
script.4dex.io/ 		72 KB
23 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://script.4dex.io/adagio.js
Requested by
Host: script.4dex.io
URL: https://script.4dex.io/localstore.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::ac43:4bf1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3373dca69883fd4d5298c955d822359a23e9c3658b63e06b483e251c10024f21

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 17:04:11 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
27194
access-control-max-age
3000
access-control-allow-methods
GET
x-amz-request-id
tx6f2ea791109f4903a1561-0062399424
x-amz-id-2
tx6f2ea791109f4903a1561-0062399424
last-modified
Tue, 22 Mar 2022 09:15:19 GMT
server
cloudflare
etag
W/"f6062b9ed3c12dab430d5d33afafadb4"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=369NbHXrPW5cIPxzQsH29Ch%2BpTRKbn6YOyxVg1lGKO%2B1CDE5sMH4Skr0wwHc5MzMWdsjvf7qel4%2BlPOBSxowkB%2F4BJ%2BPkATQtKdhYeC%2F1rEeJLr%2BDyc7mAyBdS%2Fskrk6p6Zn4pmRSlMxnoPR"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=1800
access-control-allow-credentials
true
x-amz-version-id
1647940519211847
cf-ray
6f0081496c679974-FRA
access-control-allow-headers
Authorization
bridge3.506.0_en.html
imasdk.googleapis.com/js/core/ Frame BB58 		591 KB
192 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://imasdk.googleapis.com/js/core/bridge3.506.0_en.html
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
974feb3b255709419aa9d75228aee116a3a57e4fec91ee42cdceea855b198530
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
cross-origin-resource-policy
cross-origin
cross-origin-opener-policy
same-origin; report-to="ads-doubleclick-instream-static"
report-to
{"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-length
196692
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
date
Fri, 18 Mar 2022 20:25:13 GMT
expires
Sat, 18 Mar 2023 20:25:13 GMT
cache-control
public, max-age=31536000
last-modified
Fri, 18 Mar 2022 20:22:23 GMT
content-type
text/html
age
333538
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
client.js
s0.2mdn.net/instream/video/ Frame 71BB 		44 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/instream/video/client.js
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
d0bffc7261df1454c5e05475cda7d9e6647318dc6c3936767e1252bfe8849c54
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 17:04:13 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
16746
x-xss-protection
0
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Tue, 22 Mar 2022 17:04:13 GMT
truncated
/ Frame 71BB 		43 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type
image/gif
bridge3.506.0_en.html
imasdk.googleapis.com/js/core/ Frame 6F68 		591 KB
192 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://imasdk.googleapis.com/js/core/bridge3.506.0_en.html
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
974feb3b255709419aa9d75228aee116a3a57e4fec91ee42cdceea855b198530
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
cross-origin-resource-policy
cross-origin
cross-origin-opener-policy
same-origin; report-to="ads-doubleclick-instream-static"
report-to
{"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-length
196692
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
date
Fri, 18 Mar 2022 20:25:13 GMT
expires
Sat, 18 Mar 2023 20:25:13 GMT
cache-control
public, max-age=31536000
last-modified
Fri, 18 Mar 2022 20:22:23 GMT
content-type
text/html
age
333538
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
bridge3.506.0_en.html
imasdk.googleapis.com/js/core/ Frame 197A 		591 KB
192 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://imasdk.googleapis.com/js/core/bridge3.506.0_en.html
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
974feb3b255709419aa9d75228aee116a3a57e4fec91ee42cdceea855b198530
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
cross-origin-resource-policy
cross-origin
cross-origin-opener-policy
same-origin; report-to="ads-doubleclick-instream-static"
report-to
{"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-length
196692
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
date
Fri, 18 Mar 2022 20:25:13 GMT
expires
Sat, 18 Mar 2023 20:25:13 GMT
cache-control
public, max-age=31536000
last-modified
Fri, 18 Mar 2022 20:22:23 GMT
content-type
text/html
age
333538
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
collect
www.google-analytics.com/j/ 		2 B
22 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j96&aip=1&a=1318610405&t=pageview&_s=1&dl=https%3A%2F%2Fthreatpost.com%2Fmicrosoft-exchange-exploited-cuba-ransomware%2F178665%2F%3Fes_id%3D3416c12156&dr=https%3A%2F%2Ft.co%2F&ul=en-us&de=UTF-8&dt=Microsoft%20Exchange%20Server%20Bugs%20Exploited%20by%20%27Cuba%27%20Ransomware%20Gang%20%7C%20Threatpost&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEABAAAAAC~&jid=856190754&gjid=2101852673&cid=1089484159.1647968652&tid=UA-35676203-21&_gid=2089365594.1647968652&_r=1&gtm=2wg3e0PM29HLF&z=668013034
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://threatpost.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Tue, 22 Mar 2022 17:04:11 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://threatpost.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/ 		35 B
55 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google-analytics.com/collect?v=1&_v=j96&aip=1&a=1318610405&t=event&ni=0&_s=1&dl=https%3A%2F%2Fthreatpost.com%2Fmicrosoft-exchange-exploited-cuba-ransomware%2F178665%2F%3Fes_id%3D3416c12156&dr=https%3A%2F%2Ft.co%2F&ul=en-us&de=UTF-8&dt=Microsoft%20Exchange%20Server%20Bugs%20Exploited%20by%20%27Cuba%27%20Ransomware%20Gang%20%7C%20Threatpost&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=VISIBILITY&ea=elementVisibility%20%2F%20%5BHeader%5D%20%2F%20Social%20Networks%20View&_u=YEDAAEABAAAAAC~&jid=&gjid=&cid=1089484159.1647968652&tid=UA-35676203-21&_gid=2089365594.1647968652&gtm=2wg3e0PM29HLF&z=697806783
Requested by
Host: threatpost.com
URL: https://threatpost.com/microsoft-exchange-exploited-cuba-ransomware/178665/?es_id=3416c12156
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 22 Mar 2022 12:37:55 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
15976
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
omweb-v1.js
pagead2.googlesyndication.com/omsdk/releases/live/ Frame DEF1 		37 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Requested by
Host: srcdoc
URL: about:srcdoc
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e2511b147f3cf95f742758d3e2062eac98f5265a859dc07959eb8a32f0a2f528
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 16:25:28 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
2323
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
12861
x-xss-protection
0
last-modified
Tue, 26 Oct 2021 20:08:54 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="omsdk-team-release-policy"
vary
Accept-Encoding
report-to
{"group":"omsdk-team-release-policy","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/omsdk-team-release-policy"}]}
content-type
text/javascript
cache-control
public, max-age=3600
accept-ranges
bytes
expires
Tue, 22 Mar 2022 17:25:28 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 71BB 		0
234 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?aot=ob&tte=f&lid=158&sdkv=h.3.506.0&e=44758348%2C44758374&id=ima_html5&c=1176466654127127&domain
Requested by
Host: threatpost.com
URL: https://threatpost.com/microsoft-exchange-exploited-cuba-ransomware/178665/?es_id=3416c12156
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 22 Mar 2022 17:04:11 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
omweb-v1.js
pagead2.googlesyndication.com/omsdk/releases/live/ Frame 3AA8 		37 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Requested by
Host: srcdoc
URL: about:srcdoc
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e2511b147f3cf95f742758d3e2062eac98f5265a859dc07959eb8a32f0a2f528
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 16:25:28 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
2323
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
12861
x-xss-protection
0
last-modified
Tue, 26 Oct 2021 20:08:54 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="omsdk-team-release-policy"
vary
Accept-Encoding
report-to
{"group":"omsdk-team-release-policy","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/omsdk-team-release-policy"}]}
content-type
text/javascript
cache-control
public, max-age=3600
accept-ranges
bytes
expires
Tue, 22 Mar 2022 17:25:28 GMT
omweb-v1.js
pagead2.googlesyndication.com/omsdk/releases/live/ Frame D315 		37 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Requested by
Host: srcdoc
URL: about:srcdoc
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e2511b147f3cf95f742758d3e2062eac98f5265a859dc07959eb8a32f0a2f528
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 16:25:28 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
2323
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
12861
x-xss-protection
0
last-modified
Tue, 26 Oct 2021 20:08:54 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="omsdk-team-release-policy"
vary
Accept-Encoding
report-to
{"group":"omsdk-team-release-policy","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/omsdk-team-release-policy"}]}
content-type
text/javascript
cache-control
public, max-age=3600
accept-ranges
bytes
expires
Tue, 22 Mar 2022 17:25:28 GMT
rules-p-_7kVx0t9Jqj90.js
rules.quantcount.com/ 		2 B
345 B 		Script
General
Check archive.org
Download Go to
Full URL
https://rules.quantcount.com/rules-p-_7kVx0t9Jqj90.js
Requested by
Host: secure.quantserve.com
URL: https://secure.quantserve.com/quant.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2491:c00:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 16:07:15 GMT
via
1.1 0f58c45e6baa63e9e5e13528986aaf40.cloudfront.net (CloudFront)
server
AmazonS3
age
3415
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=3600
cross-origin-resource-policy
cross-origin
x-cache
Hit from cloudfront
x-amz-cf-pop
FRA56-P7
content-length
2
x-amz-cf-id
BQoXmIU5ywl5ZO5KdpB5ht0PPAiLk469vJbLdnS9rj6zzFboRcTMbg==
ao
capi-tier-2-us-east-2.connatix.com/tr/ Frame 71BB 		0
315 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://capi-tier-2-us-east-2.connatix.com/tr/ao?v=155403
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.132.161.168 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-132-161-168.us-east-2.compute.amazonaws.com
Software
Kestrel /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type
multipart/form-data

Response headers

date
Tue, 22 Mar 2022 17:04:11 GMT
content-encoding
gzip
server
Kestrel
vary
Accept-Encoding
content-type
application/x-protobuf
access-control-allow-origin
https://threatpost.com
access-control-allow-credentials
true
Connection
keep-alive
Content-Length
20
g
capi-tier-2-us-east-2.connatix.com/rtb/ Frame 71BB 		1 KB
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://capi-tier-2-us-east-2.connatix.com/rtb/g?v=155403
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.132.161.168 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-132-161-168.us-east-2.compute.amazonaws.com
Software
Kestrel /
Resource Hash
8525db5c5cd8da3a6cf7bf41edd870e664b509a6ea9ccb1671837e4cac845c67

Request headers

Referer
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type
multipart/form-data

Response headers

date
Tue, 22 Mar 2022 17:04:11 GMT
content-encoding
gzip
server
Kestrel
vary
Accept-Encoding
content-type
application/x-protobuf
access-control-allow-origin
https://threatpost.com
access-control-allow-credentials
true
Connection
keep-alive
Content-Length
836
bid
c.amazon-adsystem.com/e/dtb/ 		23 B
492 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fthreatpost.com%2Fmicrosoft-exchange-exploited-cuba-ransomware%2F178665%2F%3Fes_id%3D3416c12156&pr=https%3A%2F%2Ft.co%2F&pid=0TcF6BNQBI735&cb=1&ws=1600x1200&v=7.74.0&t=2000&slots=%5B%7B%22id%22%3A%22Amazon_400x225%22%2C%22mt%22%3A%22v%22%7D%5D&cfgv=1&pubid=cb8cfc89-e83e-44aa-a3a2-ff78eda781ef&gdpre=0&gdprl=%7B%22status%22%3A%22tcfv2-success%22%7D
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.109.174 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-109-174.fra56.r.cloudfront.net
Software
Server /
Resource Hash
89b4aa9e9bf8516c2ab7b5134f65d47b02071637259a14c9f60dccc207e05ce4
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 17:04:11 GMT
via
1.1 f7d063966b06905209f8790f5fd607e2.cloudfront.net (CloudFront)
server
Server
x-amz-cf-pop
FRA56-P5
x-amz-rid
JTJKBH4MB6HV8ZX9NPCF
vary
Accept-Encoding,User-Agent
x-cache
Miss from cloudfront
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
https://threatpost.com
access-control-allow-credentials
true
permissions-policy
interest-cohort=()
strict-transport-security
max-age=47474747; includeSubDomains; preload
timing-allow-origin
*
content-length
23
x-amz-cf-id
NEUDcqae9BGFfKlDq9pAD6RI3GYIHGJIPoZyc3bNyZH86mgtch_vcQ==
ps
capi-tier-2-us-east-2.connatix.com/tr/ Frame 71BB 		0
315 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://capi-tier-2-us-east-2.connatix.com/tr/ps?v=155403
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.132.161.168 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-132-161-168.us-east-2.compute.amazonaws.com
Software
Kestrel /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type
multipart/form-data

Response headers

date
Tue, 22 Mar 2022 17:04:11 GMT
content-encoding
gzip
server
Kestrel
vary
Accept-Encoding
content-type
application/x-protobuf
access-control-allow-origin
https://threatpost.com
access-control-allow-credentials
true
Connection
keep-alive
Content-Length
20
1_th.jpg
img.connatix.com/pid-c2ecd04f-0dca-4ffa-8761-d93b34717380/60764267-557e-410f-85cb-f102d92ee134/ef307068-0463-4e5f-834a-5a5b2fa0c2c2/ 		9 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.connatix.com/pid-c2ecd04f-0dca-4ffa-8761-d93b34717380/60764267-557e-410f-85cb-f102d92ee134/ef307068-0463-4e5f-834a-5a5b2fa0c2c2/1_th.jpg?crop=400:225,smart&width=400&height=225&format=jpeg&quality=60&fit=crop
Requested by
Host: threatpost.com
URL: https://threatpost.com/microsoft-exchange-exploited-cuba-ransomware/178665/?es_id=3416c12156
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.194.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
cd15fce4fea0424cb366fd9656840130ca1ed7fe60d4fd927e81da09c817efe0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 17:04:11 GMT
content-encoding
br
age
254912
etag
"PqL+097QdBoh8bcaDpxczLJmxbe+ojWcvhJkBWHN0iw"
access-control-max-age
86400
fastly-io-info
ifsz=93413 idim=2560x1440 ifmt=jpeg ofsz=9088 odim=400x225 ofmt=jpeg
access-control-allow-origin
*
cache-control
max-age=2592000, public
fastly-stats
io=1
accept-ranges
bytes
content-type
image/jpeg
content-length
8672
adsct
analytics.twitter.com/i/ 		31 B
459 B 		Script
General
Check archive.org
Download Go to
Full URL
https://analytics.twitter.com/i/adsct?type=javascript&version=2.0.4&p_id=Twitter&p_user_id=0&txn_id=ntt0j&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&event_id=6a5622d5-8f36-49b0-8e6e-28b207182e46&tw_document_href=https%3A%2F%2Fthreatpost.com%2Fmicrosoft-exchange-exploited-cuba-ransomware%2F178665%2F%3Fes_id%3D3416c12156&tpx_cb=twttr.conversion.loadPixels
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.244.42.131 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_o /
Resource Hash
df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf
Security Headers
Name Value
Strict-Transport-Security max-age=631138519

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-response-time
110
date
Tue, 22 Mar 2022 17:04:11 GMT
content-encoding
gzip
server
tsa_o
strict-transport-security
max-age=631138519
p3p
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
cache-control
no-cache, no-store, max-age=0
x-connection-hash
6f0e2696170fd74c2ff24f7dd7131c43fae55d239ba3314ce5655917a796355e
content-type
application/javascript;charset=utf-8
content-length
57
adsct
t.co/i/ 		43 B
250 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://t.co/i/adsct?type=javascript&version=2.0.4&p_id=Twitter&p_user_id=0&txn_id=ntt0j&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&event_id=6a5622d5-8f36-49b0-8e6e-28b207182e46&tw_document_href=https%3A%2F%2Fthreatpost.com%2Fmicrosoft-exchange-exploited-cuba-ransomware%2F178665%2F%3Fes_id%3D3416c12156
Requested by
Host: threatpost.com
URL: https://threatpost.com/microsoft-exchange-exploited-cuba-ransomware/178665/?es_id=3416c12156
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.244.42.5 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_o /
Resource Hash
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-response-time
111
date
Tue, 22 Mar 2022 17:04:11 GMT
server
tsa_o
strict-transport-security
max-age=0
content-type
image/gif;charset=utf-8
cache-control
no-cache, no-store, max-age=0
x-connection-hash
252d7250d21680034bc456b813f2f392470c96aac7c399e147db89a6515de723
content-length
43
prebid6.7.0-1.js
cds.connatix.com/p/plugins/ Frame 2218 		456 KB
119 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cds.connatix.com/p/plugins/prebid6.7.0-1.js
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.194.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
084885652dacd1b70a7979e7631caa6fe5985a5c1b872c28dd890d9ea39cec3d

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 17:04:11 GMT
content-encoding
br
last-modified
Wed, 09 Feb 2022 14:06:45 GMT
age
1835590
etag
"c647c6ead685f3c1b8ba4c8a5de1eb5a"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
access-control-max-age
86400
cache-control
public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges
bytes
content-length
121193
collect
stats.g.doubleclick.net/j/ 		4 B
441 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-35676203-21&cid=1089484159.1647968652&jid=856190754&gjid=2101852673&_gid=2089365594.1647968652&_u=YEBAAEAAAAAAAC~&z=1643442271
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c06::9c Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://threatpost.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
date
Tue, 22 Mar 2022 17:04:12 GMT
content-type
text/plain
access-control-allow-origin
https://threatpost.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
flipboard.svg
assets.threatpost.com/wp-content/plugins/kaspersky-social-sharing/assets/img/ 		236 B
563 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.threatpost.com/wp-content/plugins/kaspersky-social-sharing/assets/img/flipboard.svg
Requested by
Host: assets.threatpost.com
URL: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=816b5101
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2250:f600:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
506d565f94cecbb486394c545a96e8459217f8d045496b511e8c815142abfc70

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=816b5101
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 17:04:12 GMT
via
1.1 1b3f5dc0b3c577dc5e7394bf12aed238.cloudfront.net (CloudFront)
last-modified
Fri, 18 Mar 2022 15:46:01 GMT
server
nginx
x-amz-cf-pop
FRA60-P2
etag
"6234a939-ec"
x-cache
Miss from cloudfront
content-type
image/svg+xml
access-control-allow-origin
*
accept-ranges
bytes
content-length
236
x-amz-cf-id
bdCjrJhhOo4pjDe7gGZ3izAA8dhyVGLoL_Wz_qi0JAbYwNkYelteoQ==
fontawesome-webfont.woff2
assets.threatpost.com/wp-content/plugins/kaspersky-social-sharing/assets/fonts/ 		75 KB
76 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://assets.threatpost.com/wp-content/plugins/kaspersky-social-sharing/assets/fonts/fontawesome-webfont.woff2?v=4.7.0
Requested by
Host: assets.threatpost.com
URL: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=816b5101
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2250:f600:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

Request headers

Referer
https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=816b5101
Origin
https://threatpost.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 17:04:12 GMT
via
1.1 7b314c2b827b3a655861e27775634208.cloudfront.net (CloudFront)
last-modified
Fri, 18 Mar 2022 15:46:00 GMT
server
nginx
x-amz-cf-pop
FRA60-P2
etag
"6234a938-12d68"
x-cache
Miss from cloudfront
content-type
font/woff2
access-control-allow-origin
*
accept-ranges
bytes
content-length
77160
x-amz-cf-id
Fo9wjLD5XMX2Vvf78xJbA5xwpPLqmQBG-epqnV9el-jwH-MWzodInA==
v1
geo.ipify.org/api/ 		385 B
599 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://geo.ipify.org/api/v1?apiKey=at_riPAQYz3EiQ6JhsH05bmtozma13RA
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/uspcmp.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
64.140.160.2 Ogden, United States, ASN18450 (WEBNX, US),
Reverse DNS
threatintelligenceplatform.com
Software
nginx /
Resource Hash
bc09f410bee268466a27e0c698d45192d5f24b6f099fe434ca49d045690857e4
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date
Tue, 22 Mar 2022 17:04:12 GMT
Content-Encoding
gzip
Vary
Accept-Encoding
Server
nginx
X-Frame-Options
SAMEORIGIN
Content-Type
application/json
Access-Control-Allow-Origin
*
Cache-Control
no-cache, private
Transfer-Encoding
chunked
Connection
keep-alive
playlist.m3u8
vid.connatix.com/pid-c2ecd04f-0dca-4ffa-8761-d93b34717380/60764267-557e-410f-85cb-f102d92ee134/ef307068-0463-4e5f-834a-5a5b2fa0c2c2/420c8e20-44a8-4f63-b6b7-d7d274ec53c4_/ Frame 71BB 		309 B
272 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://vid.connatix.com/pid-c2ecd04f-0dca-4ffa-8761-d93b34717380/60764267-557e-410f-85cb-f102d92ee134/ef307068-0463-4e5f-834a-5a5b2fa0c2c2/420c8e20-44a8-4f63-b6b7-d7d274ec53c4_/playlist.m3u8
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/155403/hls.5b3b785f487abbe00eee.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.130.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
05a58707d25ec9885faf81f026410f37d3757c0689d56b7ec1fc8b2f9cffb9d1

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 17:04:12 GMT
content-encoding
gzip
last-modified
Thu, 25 Feb 2021 19:07:21 GMT
age
104583
etag
"8a966507b13615ecdc1330a4bc9dcfe1"
vary
Accept-Encoding
content-type
application/x-mpegURL
access-control-allow-origin
*
access-control-max-age
86400
cache-control
public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges
bytes
content-length
164
truncated
/ Frame 6F68 		43 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type
image/gif
ga-audiences
www.google.com/ads/ 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-35676203-21&cid=1089484159.1647968652&jid=856190754&_u=YEBAAEAAAAAAAC~&z=1432375699
Requested by
Host: threatpost.com
URL: https://threatpost.com/microsoft-exchange-exploited-cuba-ransomware/178665/?es_id=3416c12156
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 22 Mar 2022 17:04:12 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/ 		42 B
501 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-35676203-21&cid=1089484159.1647968652&jid=856190754&_u=YEBAAEAAAAAAAC~&z=1432375699
Requested by
Host: threatpost.com
URL: https://threatpost.com/microsoft-exchange-exploited-cuba-ransomware/178665/?es_id=3416c12156
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 22 Mar 2022 17:04:12 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
0.m3u8
vid.connatix.com/pid-c2ecd04f-0dca-4ffa-8761-d93b34717380/60764267-557e-410f-85cb-f102d92ee134/ef307068-0463-4e5f-834a-5a5b2fa0c2c2/420c8e20-44a8-4f63-b6b7-d7d274ec53c4_/ Frame 71BB 		663 B
366 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://vid.connatix.com/pid-c2ecd04f-0dca-4ffa-8761-d93b34717380/60764267-557e-410f-85cb-f102d92ee134/ef307068-0463-4e5f-834a-5a5b2fa0c2c2/420c8e20-44a8-4f63-b6b7-d7d274ec53c4_/0.m3u8
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/155403/hls.5b3b785f487abbe00eee.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.130.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
0bfedb04af9d9d5a5b3854e8d0b725055afc75cbd354233154419aabfef86182

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 17:04:12 GMT
content-encoding
gzip
last-modified
Thu, 25 Feb 2021 19:07:20 GMT
age
104581
etag
"d1d2eb82745f471ef693b83434131ca0"
vary
Accept-Encoding
content-type
application/x-mpegURL
access-control-allow-origin
*
access-control-max-age
86400
cache-control
public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges
bytes
content-length
274
avjp
teachingaids-d.openx.net/v/1.0/ Frame 2218 		106 B
127 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://teachingaids-d.openx.net/v/1.0/avjp?ju=https%3A%2F%2Fthreatpost.com%2Fmicrosoft-exchange-exploited-cuba-ransomware%2F178665%2F%3Fes_id%3D3416c12156&ch=UTF-8&res=1600x1200x24&ifr=true&tz=0&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=6ef56f21-cc0d-4edc-b383-90a391ec997e&nocache=1647968652324&gdpr=0&pubcid=8c46dcb1-a3f5-432d-9bd7-8037f979c723&schain=1.0%2C1!admetricspro.com%2C1005%2C1%2C%2C%2C&openrtb=%7B%22imp%22%3A%5B%7B%22video%22%3A%7B%22w%22%3A400%2C%22h%22%3A225%2C%22skippable%22%3Atrue%2C%22mimes%22%3A%5B%22video%2Fmp4%22%2C%22video%2Fwebm%22%2C%22application%2Fjavascript%22%2C%22video%2Fogg%22%2C%22video%2Fmpeg%22%5D%2C%22protocols%22%3A%5B5%2C2%2C3%2C6%5D%2C%22linearity%22%3A1%2C%22api%22%3A%5B1%2C2%5D%2C%22maxduration%22%3A180%7D%7D%5D%7D&auid=540882779&vwd=400&vht=225&aumfs=250
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.7.0-1.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/17.2.1 /
Resource Hash
730fa1f3e8b3c4a223c4e69f4a27e690a4552f96ab97dba05b943dff44967658

Request headers

Referer
https://threatpost.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Tue, 22 Mar 2022 17:04:12 GMT
via
1.1 google
server
OXGW/17.2.1
p3p
CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin
https://threatpost.com
cache-control
private, max-age=0, no-cache
access-control-allow-credentials
true
content-type
application/json
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
106
expires
Mon, 26 Jul 1997 05:00:00 GMT
avjp
teachingaids-d.openx.net/v/1.0/ Frame 2218 		106 B
127 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://teachingaids-d.openx.net/v/1.0/avjp?ju=https%3A%2F%2Fthreatpost.com%2Fmicrosoft-exchange-exploited-cuba-ransomware%2F178665%2F%3Fes_id%3D3416c12156&ch=UTF-8&res=1600x1200x24&ifr=true&tz=0&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=9c38351c-3bd5-4670-8eb8-6eddb8e1dd17&nocache=1647968652328&gdpr=0&pubcid=8c46dcb1-a3f5-432d-9bd7-8037f979c723&schain=1.0%2C1!admetricspro.com%2C1005%2C1%2C%2C%2C&openrtb=%7B%22imp%22%3A%5B%7B%22video%22%3A%7B%22w%22%3A400%2C%22h%22%3A225%2C%22skippable%22%3Atrue%2C%22mimes%22%3A%5B%22video%2Fmp4%22%2C%22video%2Fwebm%22%2C%22application%2Fjavascript%22%2C%22video%2Fogg%22%2C%22video%2Fmpeg%22%5D%2C%22protocols%22%3A%5B5%2C2%2C3%2C6%5D%2C%22linearity%22%3A1%2C%22api%22%3A%5B1%2C2%5D%2C%22maxduration%22%3A180%7D%7D%5D%7D&auid=540882778&vwd=400&vht=225&aumfs=250
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.7.0-1.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/17.2.1 /
Resource Hash
730fa1f3e8b3c4a223c4e69f4a27e690a4552f96ab97dba05b943dff44967658

Request headers

Referer
https://threatpost.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Tue, 22 Mar 2022 17:04:12 GMT
via
1.1 google
server
OXGW/17.2.1
p3p
CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin
https://threatpost.com
cache-control
private, max-age=0, no-cache
access-control-allow-credentials
true
content-type
application/json
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
106
expires
Mon, 26 Jul 1997 05:00:00 GMT
openrtb
ads.adaptv.advertising.com/rtb/ Frame 2218 		0
215 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ads.adaptv.advertising.com/rtb/openrtb?ext_id=TeachingAidsLLC
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.7.0-1.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.195.249.59 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-195-249-59.eu-central-1.compute.amazonaws.com
Software
adaptv/1.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://threatpost.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://threatpost.com
access-control-allow-credentials
true
server
adaptv/1.0
Connection
keep-alive
content-length
0
content-type
application/json
mvo
tag.1rx.io/rmp/216475/0/ Frame 2218 		0
170 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://tag.1rx.io/rmp/216475/0/mvo?z=1r&hbv=6.7,2.1
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.7.0-1.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
213.19.147.42 , United Kingdom, ASN3356 (LEVEL3, US),
Reverse DNS
Software
Tengine /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://threatpost.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://threatpost.com
pragma
no-cache
date
Tue, 22 Mar 2022 17:04:12 GMT
cache-control
private, max-age=0, no-cache, no-store
access-control-allow-credentials
true
server
Tengine
prebid
ib.adnxs.com/ut/v3/ Frame 2218 		139 B
829 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.7.0-1.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
37.252.173.27 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
539.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
b3428e41fe5542b09a67df3642b7f1644ff146dc305bc1b02e561785ce6ce2cb
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://threatpost.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Tue, 22 Mar 2022 17:04:12 GMT
X-Proxy-Origin
84.19.175.183; 84.19.175.183; 539.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid
aec21eda-1b54-4ed4-953d-d272045f6f7d
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
https://threatpost.com
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json; charset=utf-8
Content-Length
139
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
c
prebid.a-mo.net/a/ Frame 2218 		0
229 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebid.a-mo.net/a/c
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.7.0-1.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
145.40.89.200 Ashburn, United States, ASN54825 (PACKET, US),
Reverse DNS
Software
envoy /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://threatpost.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://threatpost.com
date
Tue, 22 Mar 2022 17:04:12 GMT
cache-control
max-age=0, private, must-revalidate
access-control-allow-credentials
true
server
envoy
x-envoy-upstream-service-time
214
vary
origin, Accept-Encoding
translator
hbopenbid.pubmatic.com/ Frame 2218 		0
115 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.7.0-1.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://threatpost.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://threatpost.com
date
Tue, 22 Mar 2022 17:04:12 GMT
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
mvo
tag.1rx.io/rmp/233098/0/ Frame 2218 		0
170 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://tag.1rx.io/rmp/233098/0/mvo?z=1r&hbv=6.7,2.1
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.7.0-1.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
213.19.147.42 , United Kingdom, ASN3356 (LEVEL3, US),
Reverse DNS
Software
Tengine /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://threatpost.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://threatpost.com
pragma
no-cache
date
Tue, 22 Mar 2022 17:04:12 GMT
cache-control
private, max-age=0, no-cache, no-store
access-control-allow-credentials
true
server
Tengine
cygnus
htlb.casalemedia.com/ Frame 2218 		37 B
330 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://htlb.casalemedia.com/cygnus?s=435871&v=8.1&ac=j&sd=1&nf=1&t=900&r=%7B%22id%22%3A%22179797bd069a792%22%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fthreatpost.com%2Fmicrosoft-exchange-exploited-cuba-ransomware%2F178665%2F%3Fes_id%3D3416c12156%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%2C%22ixdiag%22%3A%7B%22msd%22%3A0%2C%22msi%22%3A0%2C%22mfu%22%3A0%2C%22bu%22%3A0%2C%22iu%22%3A1%2C%22nu%22%3A0%2C%22ou%22%3A0%2C%22allu%22%3A1%2C%22ren%22%3Afalse%2C%22version%22%3A%226.7.0%22%2C%22userIds%22%3A%5B%22pubcid%22%5D%2C%22dms%22%3Atrue%7D%7D%2C%22imp%22%3A%5B%7B%22id%22%3A%22187074fd1fbcb7b%22%2C%22ext%22%3A%7B%22siteID%22%3A%22435871%22%2C%22sid%22%3A%22400x225%22%2C%22fl%22%3A%22x%22%7D%2C%22video%22%3A%7B%22mimes%22%3A%5B%22video%2Fmp4%22%2C%22video%2Fwebm%22%2C%22application%2Fjavascript%22%2C%22video%2Fogg%22%2C%22video%2Fmpeg%22%5D%2C%22minduration%22%3A0%2C%22maxduration%22%3A180%2C%22protocols%22%3A%5B1%2C2%2C3%2C4%2C5%2C6%2C7%2C8%5D%2C%22playerSize%22%3A%5B%5B400%2C225%5D%5D%2C%22linearity%22%3A1%2C%22api%22%3A%5B1%2C2%5D%2C%22skip%22%3A1%2C%22skipmin%22%3A31%2C%22skipafter%22%3A5%2C%22placement%22%3A1%2C%22w%22%3A400%2C%22h%22%3A225%7D%2C%22bidfloor%22%3A0.25%2C%22bidfloorcur%22%3A%22USD%22%7D%5D%2C%22at%22%3A1%2C%22source%22%3A%7B%22ext%22%3A%7B%22schain%22%3A%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22admetricspro.com%22%2C%22hp%22%3A1%2C%22sid%22%3A%221005%22%2C%22rid%22%3A%22d1dea3f0-65fa-4cd0-9ce2-aa7086f0c3ee%22%7D%5D%7D%7D%7D%2C%22user%22%3A%7B%22eids%22%3A%5B%7B%22source%22%3A%22pubcid.org%22%2C%22uids%22%3A%5B%7B%22id%22%3A%228c46dcb1-a3f5-432d-9bd7-8037f979c723%22%7D%5D%7D%5D%2C%22ext%22%3A%7B%22consent%22%3A%22%22%7D%7D%2C%22regs%22%3A%7B%22ext%22%3A%7B%22gdpr%22%3A0%7D%7D%7D
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.7.0-1.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.37.38.181 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-37-38-181.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
1e8faae2a140d61541f0a6ab2f253a981e56ce2d03ab8c90e7fcc70398bb1921

Request headers

Referer
https://threatpost.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Tue, 22 Mar 2022 17:04:12 GMT
x-ak-initial-geo
CC:[DE], RC:[HE], CN:[EU], CIP:[84.19.175.183], XFF:[]
server
Apache
content-type
application/json
access-control-allow-origin
https://threatpost.com
x-cs-client-geo
12
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
true
content-length
37
x-ak-client-geo
12
expires
Tue, 22 Mar 2022 17:04:12 GMT
mvo
tag.1rx.io/rmp/233148/0/ Frame 2218 		0
170 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://tag.1rx.io/rmp/233148/0/mvo?z=1r&hbv=6.7,2.1
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.7.0-1.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
213.19.147.42 , United Kingdom, ASN3356 (LEVEL3, US),
Reverse DNS
Software
Tengine /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://threatpost.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://threatpost.com
pragma
no-cache
date
Tue, 22 Mar 2022 17:04:12 GMT
cache-control
private, max-age=0, no-cache, no-store
access-control-allow-credentials
true
server
Tengine
translator
hbopenbid.pubmatic.com/ Frame 2218 		0
59 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.7.0-1.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://threatpost.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://threatpost.com
date
Tue, 22 Mar 2022 17:04:11 GMT
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
mvo
tag.1rx.io/rmp/216476/0/ Frame 2218 		0
170 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://tag.1rx.io/rmp/216476/0/mvo?z=1r&hbv=6.7,2.1
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.7.0-1.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
213.19.147.42 , United Kingdom, ASN3356 (LEVEL3, US),
Reverse DNS
Software
Tengine /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://threatpost.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://threatpost.com
pragma
no-cache
date
Tue, 22 Mar 2022 17:04:12 GMT
cache-control
private, max-age=0, no-cache, no-store
access-control-allow-credentials
true
server
Tengine
cygnus
htlb.casalemedia.com/ Frame 2218 		37 B
330 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://htlb.casalemedia.com/cygnus?s=435870&v=8.1&ac=j&sd=1&nf=1&t=900&r=%7B%22id%22%3A%222584df26469e85b%22%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fthreatpost.com%2Fmicrosoft-exchange-exploited-cuba-ransomware%2F178665%2F%3Fes_id%3D3416c12156%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%2C%22ixdiag%22%3A%7B%22msd%22%3A0%2C%22msi%22%3A0%2C%22mfu%22%3A0%2C%22bu%22%3A0%2C%22iu%22%3A1%2C%22nu%22%3A0%2C%22ou%22%3A0%2C%22allu%22%3A1%2C%22ren%22%3Afalse%2C%22version%22%3A%226.7.0%22%2C%22userIds%22%3A%5B%22pubcid%22%5D%2C%22dms%22%3Atrue%7D%7D%2C%22imp%22%3A%5B%7B%22id%22%3A%2226a9559fb43cb24%22%2C%22ext%22%3A%7B%22siteID%22%3A%22435870%22%2C%22sid%22%3A%22400x225%22%2C%22fl%22%3A%22x%22%7D%2C%22video%22%3A%7B%22mimes%22%3A%5B%22video%2Fmp4%22%2C%22video%2Fwebm%22%2C%22application%2Fjavascript%22%2C%22video%2Fogg%22%2C%22video%2Fmpeg%22%5D%2C%22minduration%22%3A0%2C%22maxduration%22%3A180%2C%22protocols%22%3A%5B1%2C2%2C3%2C4%2C5%2C6%2C7%2C8%5D%2C%22playerSize%22%3A%5B%5B400%2C225%5D%5D%2C%22linearity%22%3A1%2C%22api%22%3A%5B1%2C2%5D%2C%22skip%22%3A1%2C%22skipmin%22%3A31%2C%22skipafter%22%3A5%2C%22placement%22%3A1%2C%22w%22%3A400%2C%22h%22%3A225%7D%2C%22bidfloor%22%3A0.25%2C%22bidfloorcur%22%3A%22USD%22%7D%5D%2C%22at%22%3A1%2C%22source%22%3A%7B%22ext%22%3A%7B%22schain%22%3A%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22admetricspro.com%22%2C%22hp%22%3A1%2C%22sid%22%3A%221005%22%2C%22rid%22%3A%22d1dea3f0-65fa-4cd0-9ce2-aa7086f0c3ee%22%7D%5D%7D%7D%7D%2C%22user%22%3A%7B%22eids%22%3A%5B%7B%22source%22%3A%22pubcid.org%22%2C%22uids%22%3A%5B%7B%22id%22%3A%228c46dcb1-a3f5-432d-9bd7-8037f979c723%22%7D%5D%7D%5D%2C%22ext%22%3A%7B%22consent%22%3A%22%22%7D%7D%2C%22regs%22%3A%7B%22ext%22%3A%7B%22gdpr%22%3A0%7D%7D%7D
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.7.0-1.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.37.38.181 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-37-38-181.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
3a09ed3cebf7bca4c4bdfd98a02b1a4f52de2e1358c4ce912ccfca58bf2e3473

Request headers

Referer
https://threatpost.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Tue, 22 Mar 2022 17:04:12 GMT
x-ak-initial-geo
CC:[DE], RC:[HE], CN:[EU], CIP:[84.19.175.183], XFF:[]
server
Apache
content-type
application/json
access-control-allow-origin
https://threatpost.com
x-cs-client-geo
12
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
true
content-length
37
x-ak-client-geo
12
expires
Tue, 22 Mar 2022 17:04:12 GMT
prebid
ib.adnxs.com/ut/v3/ Frame 2218 		144 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.7.0-1.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
37.252.173.27 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
539.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
c53d0656ecd4cf25ee7c34f78c8f5393cb2f58d5295aca093966082d4e5e2922
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://threatpost.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Tue, 22 Mar 2022 17:04:12 GMT
X-Proxy-Origin
84.19.175.183; 84.19.175.183; 539.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid
5009e2f1-98c5-4635-beff-9cfe7a54510d
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
https://threatpost.com
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json; charset=utf-8
Content-Length
144
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
pixel;r=1443719179;source=gtm;rf=0;a=p-_7kVx0t9Jqj90;url=https%3A%2F%2Fthreatpost.com%2Fmicrosoft-exchange-exploited-cuba-ransomware%2F178665%2F%3Fes_id%3D3416c12156;ref=https%3A%2F%2Ft.co%2F;uht=2...
pixel.quantserve.com/ 		35 B
371 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.quantserve.com/pixel;r=1443719179;source=gtm;rf=0;a=p-_7kVx0t9Jqj90;url=https%3A%2F%2Fthreatpost.com%2Fmicrosoft-exchange-exploited-cuba-ransomware%2F178665%2F%3Fes_id%3D3416c12156;ref=https%3A%2F%2Ft.co%2F;uht=2;fpan=1;fpa=P0-1193366930-1647968652376;pbc=8c46dcb1-a3f5-432d-9bd7-8037f979c723;ns=0;ce=1;qjs=1;qv=a98acd33-20220316110313;cm=;gdpr=0;us_privacy=1---;d=threatpost.com;je=0;sr=1600x1200x24;dst=0;et=1647968652375;tzo=0;ogl=image.https%3A%2F%2Fmedia%252Ethreatpost%252Ecom%2Fwp-content%2Fuploads%2Fsites%2F103%2F2022%2F02%2F25140208%2FCastr%2Ctype.article%2Ctitle.Microsoft%20Exchange%20Server%20Bugs%20Exploited%20by%20'Cuba'%20Ransomware%20Gang%2Cdescription.The%20ransomware%20gang%20known%20as%20Cuba%20is%20increasingly%20shifting%20to%20exploiting%20Exchang%2Curl.https%3A%2F%2Fthreatpost%252Ecom%2Fmicrosoft-exchange-exploited-cuba-ransomware%2F178665%2F
Requested by
Host: threatpost.com
URL: https://threatpost.com/microsoft-exchange-exploited-cuba-ransomware/178665/?es_id=3416c12156
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:116:800d:21:3175:5196:e3fd:8c1d , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
Security Headers
Name Value
Strict-Transport-Security max-age=86400

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 22 Mar 2022 17:04:12 GMT
strict-transport-security
max-age=86400
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control
private, no-cache, no-store, proxy-revalidate
content-type
image/gif
content-length
35
expires
Fri, 04 Aug 1978 12:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 6F68 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?aot=ib&tte=f&lid=158&sdkv=h.3.506.0&id=ima_html5&c=4050227070911873&domain=threatpost.com
Requested by
Host: threatpost.com
URL: https://threatpost.com/microsoft-exchange-exploited-cuba-ransomware/178665/?es_id=3416c12156
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://imasdk.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 22 Mar 2022 17:04:12 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 6F68 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?blob=nullPromise&lid=155&sdkv=h.3.506.0&id=ima_html5&c=4050227070911873&domain=threatpost.com
Requested by
Host: threatpost.com
URL: https://threatpost.com/microsoft-exchange-exploited-cuba-ransomware/178665/?es_id=3416c12156
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://imasdk.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 22 Mar 2022 17:04:12 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
0.mp4
vid.connatix.com/pid-c2ecd04f-0dca-4ffa-8761-d93b34717380/60764267-557e-410f-85cb-f102d92ee134/ef307068-0463-4e5f-834a-5a5b2fa0c2c2/420c8e20-44a8-4f63-b6b7-d7d274ec53c4_/ Frame 71BB 		1 KB
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://vid.connatix.com/pid-c2ecd04f-0dca-4ffa-8761-d93b34717380/60764267-557e-410f-85cb-f102d92ee134/ef307068-0463-4e5f-834a-5a5b2fa0c2c2/420c8e20-44a8-4f63-b6b7-d7d274ec53c4_/0.mp4
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/155403/hls.5b3b785f487abbe00eee.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.130.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
bc0d86e571cbeec18addc5cc8aff1d56fd8578c9b786d63959f5920d39a4a9ef

Request headers

Referer
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Range
bytes=0-1361

Response headers

date
Tue, 22 Mar 2022 17:04:12 GMT
last-modified
Thu, 25 Feb 2021 19:07:20 GMT
fastly-original-body-size
1048576
age
60531
etag
"ebf67fc0670047f95a6ee1cc45de537f"
access-control-max-age
86400
content-type
video/mp4
Content-Range
bytes 0-1361/5532983
cache-control
public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges
bytes
access-control-allow-origin
*
Content-Length
1362
0.mp4
vid.connatix.com/pid-c2ecd04f-0dca-4ffa-8761-d93b34717380/60764267-557e-410f-85cb-f102d92ee134/ef307068-0463-4e5f-834a-5a5b2fa0c2c2/420c8e20-44a8-4f63-b6b7-d7d274ec53c4_/ Frame 71BB 		684 KB
685 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://vid.connatix.com/pid-c2ecd04f-0dca-4ffa-8761-d93b34717380/60764267-557e-410f-85cb-f102d92ee134/ef307068-0463-4e5f-834a-5a5b2fa0c2c2/420c8e20-44a8-4f63-b6b7-d7d274ec53c4_/0.mp4
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/155403/hls.5b3b785f487abbe00eee.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.130.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
99946091c7fac1b214395c8184a5528f35b657816e109f08269492755904602d

Request headers

Referer
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Range
bytes=1362-701914

Response headers

date
Tue, 22 Mar 2022 17:04:12 GMT
last-modified
Thu, 25 Feb 2021 19:07:20 GMT
fastly-original-body-size
1048576
age
60531
etag
"ebf67fc0670047f95a6ee1cc45de537f"
access-control-max-age
86400
content-type
video/mp4
Content-Range
bytes 1362-701914/5532983
cache-control
public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges
bytes
access-control-allow-origin
*
Content-Length
700553
web-vitals.umd.js
unpkg.com/web-vitals@2.1.4/dist/
Redirect Chain
  • https://unpkg.com/web-vitals
  • https://unpkg.com/web-vitals@2.1.4
  • https://unpkg.com/web-vitals@2.1.4/dist/web-vitals.umd.js
5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://unpkg.com/web-vitals@2.1.4/dist/web-vitals.umd.js
Protocol
H2
Server
2606:4700::6810:7aaf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
52cac1193a3683e35353723a38e01a9bcc0c5f9bf2be42d29c96905527c7923d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 17:04:12 GMT
via
1.1 fly.io
x-content-type-options
nosniff
cf-cache-status
HIT
age
5237505
fly-request-id
01FSX6G4BV26459PNH2WD5M7Q3
content-encoding
br
vary
Accept-Encoding
last-modified
Sat, 26 Oct 1985 08:15:00 GMT
server
cloudflare
etag
W/"120b-0F8cYs4ysxGP6ebngBlASGivDqM"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
cf-ray
6f00814f0d829960-FRA

Redirect headers

date
Tue, 22 Mar 2022 17:04:12 GMT
via
1.1 fly.io
x-content-type-options
nosniff
cf-cache-status
HIT
fly-request-id
01FSXAPQCR787H8XM1CH5RFGZ6
server
cloudflare
age
5233094
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept, Accept-Encoding
content-type
text/plain; charset=utf-8
location
/web-vitals@2.1.4/dist/web-vitals.umd.js
cache-control
public, max-age=31536000
strict-transport-security
max-age=31536000; includeSubDomains; preload
cf-ray
6f00814eacb59960-FRA
access-control-allow-origin
*
collect
www.google-analytics.com/j/ 		2 B
22 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j96&a=1318610405&t=pageview&_s=1&dl=https%3A%2F%2Fthreatpost.com%2Fmicrosoft-exchange-exploited-cuba-ransomware%2F178665%2F%3Fes_id%3D3416c12156&dr=https%3A%2F%2Ft.co%2F&dp=%2Fmicrosoft-exchange-exploited-cuba-ransomware%2F178665%2F%3Fes_id%3D3416c12156&ul=en-us&de=UTF-8&dt=Microsoft%20Exchange%20Server%20Bugs%20Exploited%20by%20%27Cuba%27%20Ransomware%20Gang%20%7C%20Threatpost&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aEDAAEABAAAAAC~&jid=1455640793&gjid=379296890&cid=1089484159.1647968652&uid=18319297477328161013447771584748901028&tid=UA-63997723-2&_gid=2089365594.1647968652&_r=1&gtm=2wg3e0WZ7LJ3&cd14=no_locale&cd15=18319297477328161013447771584748901028&cd53=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F99.0.4844.51%20Safari%2F537.36&cd16=1089484159.1647968652&z=1623125190
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://threatpost.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Tue, 22 Mar 2022 17:04:12 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://threatpost.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2
expires
Fri, 01 Jan 1990 00:00:00 GMT
analytics.js
www.google-analytics.com/ 		49 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WZ7LJ3
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 02 Nov 2021 17:39:06 GMT
server
Golfe2
age
3566
date
Tue, 22 Mar 2022 16:04:46 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
20006
expires
Tue, 22 Mar 2022 18:04:46 GMT
insight.min.js
snap.licdn.com/li.lms-analytics/ 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-T45JW6B&l=dataLayer
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:fb::5f65:58e0 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
5d5cf5a4a5b7c02915bc261dca0c755d29beda0c0c3a005c78c1682c9934bb3c

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date
Tue, 22 Mar 2022 17:04:12 GMT
Content-Encoding
gzip
Last-Modified
Fri, 18 Mar 2022 23:45:34 GMT
X-CDN
AKAM
Vary
Accept-Encoding
Content-Type
application/x-javascript;charset=utf-8
Cache-Control
max-age=76008
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
3104
js
www.googletagmanager.com/gtag/ 		89 KB
36 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=DC-9582686
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-T45JW6B&l=dataLayer
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
18723c0affc96643eb764a47d0beb6f0b00028759cac15d69b9b480ba8756866
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 17:04:12 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
36564
x-xss-protection
0
last-modified
Tue, 22 Mar 2022 15:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Tue, 22 Mar 2022 17:04:12 GMT
g
capi-tier-2-us-east-2.connatix.com/rtb/ Frame 71BB 		0
315 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://capi-tier-2-us-east-2.connatix.com/rtb/g?v=155403
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.132.161.168 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-132-161-168.us-east-2.compute.amazonaws.com
Software
Kestrel /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type
multipart/form-data

Response headers

date
Tue, 22 Mar 2022 17:04:11 GMT
content-encoding
gzip
server
Kestrel
vary
Accept-Encoding
content-type
application/x-protobuf
access-control-allow-origin
https://threatpost.com
access-control-allow-credentials
true
Connection
keep-alive
Content-Length
20
collect
stats.g.doubleclick.net/j/ 		4 B
25 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-63997723-2&cid=1089484159.1647968652&jid=1455640793&uid=18319297477328161013447771584748901028&gjid=379296890&_gid=2089365594.1647968652&_u=aEDAAEABAAAAAC~&z=532085952
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:400c:c06::9c Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://threatpost.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
date
Tue, 22 Mar 2022 17:04:12 GMT
content-type
text/plain
access-control-allow-origin
https://threatpost.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
js
www.googletagmanager.com/gtag/ 		170 KB
63 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-YP1JLG57CH&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=DC-9582686
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
e2b3dac20813dbe78bbb7660dc82b2d319f554f6633bef620a70df1fd17fa80a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 17:04:12 GMT
content-encoding
br
server
Google Tag Manager
access-control-allow-headers
Cache-Control
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; includeSubDomains
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
64306
x-xss-protection
0
expires
Tue, 22 Mar 2022 17:04:12 GMT
integrator.js
adservice.google.de/adsid/ 		107 B
792 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.de/adsid/integrator.js?domain=threatpost.com
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin
*
date
Tue, 22 Mar 2022 17:04:12 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ 		107 B
549 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=threatpost.com
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin
*
date
Tue, 22 Mar 2022 17:04:12 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
ads
securepubads.g.doubleclick.net/gampad/ 		58 KB
11 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?pvsid=4273038097581862&correlator=3227318434021092&eid=31065613%2C31063247%2C31065654%2C31064019&output=ldjh&gdfp_req=1&vrg=2022031601&ptt=17&impl=fifs&gdpr=0&us_privacy=1---&tfua=0&tfcd=0&iu_parts=22404337467%3A21707124336%2Cthreatpost-970x250-ATF%2Cthreatpost-300x250-ATF%2Cthreatpost-300x600-ATF%2Cthreatpost-2x2-Skin%2Cthreatpost-AdX-Interstitial&enc_prev_ius=%2F0%2F1%2C%2F0%2F2%2C%2F0%2F3%2C%2F0%2F4%2C%2F0%2F5&prev_iu_szs=728x90%7C970x250%7C970x90%2C300x250%7C336x280%2C300x250%7C300x600%2C2x2%2C1x1&ifi=1&adks=4166723991%2C1414505084%2C1356251026%2C3771495681%2C2643643476&sfv=1-0-38&ecs=20220322&ists=1&fas=0%2C0%2C0%2C0%2C8&fsapi=false&prev_scp=amznbid%3D2%26amznp%3D2%26hb_adid_ix%3D65b0c2003463c51%26hb_bidder_ix%3Dix%26dyn_bids%3D0.01%26hb_adid%3D65b0c2003463c51%26hb_bidder%3Dix%7Camznbid%3D2%26amznp%3D2%7Camznbid%3D2%26amznp%3D2%26hb_adid_rubicon%3D64f510053872e43%26hb_bidder_rubicon%3Drubicon%26dyn_bids%3D0.21%26hb_adid%3D64f510053872e43%26hb_bidder%3Drubicon%7Camznbid%3D2%26amznp%3D2%7C&eri=1&cust_params=urlhost%3Dhttps%253A%252F%252Fthreatpost.com%252F%26urlpath%3D%252Fmicrosoft-exchange-exploited-cuba-ransomware%252F178665%252F%26urlquery%3Dgoogfc%26contentid%3D178665%26category%3Dmalware-2%26contenttags%3D&sc=1&cookie_enabled=1&abxe=1&dt=1647968652560&lmt=1647968652&dlt=1647968649731&idt=1762&biw=1600&bih=1200&adxs=436%2C1082%2C1082%2C0%2C-9&adys=8%2C166%2C899%2C8%2C-9&oid=2&ucis=1%7C2%7C3%7C4%7C5&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&url=https%3A%2F%2Fthreatpost.com%2Fmicrosoft-exchange-exploited-cuba-ransomware%2F178665%2F%3Fes_id%3D3416c12156&ref=https%3A%2F%2Ft.co%2F&frm=20&vis=1&scr_x=0&scr_y=0&psz=728x0%7C300x0%7C300x0%7C1600x0%7C0x-1&msz=728x0%7C300x0%7C300x0%7C1600x0%7C0x-1&fws=0%2C0%2C0%2C0%2C2&ohw=0%2C0%2C0%2C0%2C0&ga_vid=1089484159.1647968652&ga_sid=1647968653&ga_hid=1318610405&ga_fc=true&btvi=0%7C0%7C0%7C0%7C-1&nvt=1
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022031601.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.181.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s56-in-f2.1e100.net
Software
cafe /
Resource Hash
305b314447da6ffa4a2e1c102e41ac656be7b329d07eb49abb3eb70aac5f0a8e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 17:04:13 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2,-2,-2,-2,-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
11599
x-xss-protection
0
google-lineitem-id
5792876106,5792816763,5697900663,-2,-2
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
138364533266,138364955038,138350331414,-2,-2
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://threatpost.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
sodar
pagead2.googlesyndication.com/getconfig/ 		13 KB
10 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022031601&st=env
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022031601.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ed3e5be0acdbc20fe5841a6046856a2e2b6be961d7541534f0654c82487a5140
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin
*
date
Tue, 22 Mar 2022 17:04:12 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
10319
x-xss-protection
0
container.html
048a6f26d92405f83648b837c96f4fc2.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 1758 		6 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://048a6f26d92405f83648b837c96f4fc2.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022031601.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
cross-origin-resource-policy
cross-origin
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin
*
content-length
3108
date
Tue, 22 Mar 2022 17:04:12 GMT
expires
Wed, 22 Mar 2023 17:04:12 GMT
cache-control
public, immutable, max-age=31536000
last-modified
Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
pubads_impl_page_level_ads_2022031601.js
securepubads.g.doubleclick.net/gpt/ 		35 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gpt/pubads_impl_page_level_ads_2022031601.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022031601.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.181.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s56-in-f2.1e100.net
Software
sffe /
Resource Hash
36d48b0e122a1698e9501ed19b684dbc79d0e754d3ce390183d9f21433fb82eb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 16 Mar 2022 16:53:29 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
519043
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13275
x-xss-protection
0
last-modified
Wed, 16 Mar 2022 08:34:12 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type
text/javascript
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
expires
Thu, 16 Mar 2023 16:53:29 GMT
ga-audiences
www.google.com/ads/ 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-63997723-2&cid=1089484159.1647968652&jid=1455640793&_u=aEDAAEABAAAAAC~&z=866783093
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 22 Mar 2022 17:04:12 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/ 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-63997723-2&cid=1089484159.1647968652&jid=1455640793&_u=aEDAAEABAAAAAC~&z=866783093
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 22 Mar 2022 17:04:12 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
px4.ads.linkedin.com/
Redirect Chain
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=39138&time=1647968652582&url=https%3A%2F%2Fthreatpost.com%2Fmicrosoft-exchange-exploited-cuba-ransomware%2F178665%2F%3Fes_id%3D3416c12156
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D39138%26time%3D1647968652582%26url%3Dhttps%253A%252F%252Fthreatpost.com%252Fmicro...
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=39138&time=1647968652582&url=https%3A%2F%2Fthreatpost.com%2Fmicrosoft-exchange-exploited-cuba-ransomware%2F178665%2F%3Fes_id%3D3416c12156&liSync=true
  • https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=39138&time=1647968652582&url=https%3A%2F%2Fthreatpost.com%2Fmicrosoft-exchange-exploited-cuba-ransomware%2F178665%2F%3Fes_id%3D3416c12156&liSync=...
0
264 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=39138&time=1647968652582&url=https%3A%2F%2Fthreatpost.com%2Fmicrosoft-exchange-exploited-cuba-ransomware%2F178665%2F%3Fes_id%3D3416c12156&liSync=true&e_ipv6=AQK_Q4PFsgef0gAAAX-ylg9zPIIXN2KPJgpMEVanimRy75oVCUXEVX01Nrupz8Irm4vV9X3D06JsFLXACh81iHzOKcWb8w
Protocol
H2
Server
13.107.43.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 17:04:13 GMT
x-li-pop
afd-prod-lor1-x
x-msedge-ref
Ref A: B7268F5AD2FB4686A0E90D0E4B83A679 Ref B: VIEEDGE2715 Ref C: 2022-03-22T17:04:13Z
linkedin-action
1
x-cache
CONFIG_NOCACHE
content-type
application/javascript
x-li-proto
http/2
content-length
0
x-li-uuid
AAXa0ZowqQWGD+TTctt3yA==
x-li-fabric
prod-lor1

Redirect headers

date
Tue, 22 Mar 2022 17:04:12 GMT
x-li-pop
afd-prod-lor1-x
x-msedge-ref
Ref A: 6E77CD171D3C443CAC55F6684CFBCCB7 Ref B: FRAEDGE1110 Ref C: 2022-03-22T17:04:13Z
linkedin-action
1
x-cache
CONFIG_NOCACHE
x-li-fabric
prod-lor1
location
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=39138&time=1647968652582&url=https%3A%2F%2Fthreatpost.com%2Fmicrosoft-exchange-exploited-cuba-ransomware%2F178665%2F%3Fes_id%3D3416c12156&liSync=true&e_ipv6=AQK_Q4PFsgef0gAAAX-ylg9zPIIXN2KPJgpMEVanimRy75oVCUXEVX01Nrupz8Irm4vV9X3D06JsFLXACh81iHzOKcWb8w
x-li-proto
http/2
content-length
0
x-li-uuid
AAXa0ZosFQMGozUq6JORtA==
0.mp4
vid.connatix.com/pid-c2ecd04f-0dca-4ffa-8761-d93b34717380/60764267-557e-410f-85cb-f102d92ee134/ef307068-0463-4e5f-834a-5a5b2fa0c2c2/420c8e20-44a8-4f63-b6b7-d7d274ec53c4_/ Frame 71BB 		678 KB
678 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://vid.connatix.com/pid-c2ecd04f-0dca-4ffa-8761-d93b34717380/60764267-557e-410f-85cb-f102d92ee134/ef307068-0463-4e5f-834a-5a5b2fa0c2c2/420c8e20-44a8-4f63-b6b7-d7d274ec53c4_/0.mp4
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/155403/hls.5b3b785f487abbe00eee.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.130.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
9fd852bccb255cff4e7127941e55802da997f77a45e91de2c22658e204714d3d

Request headers

Referer
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Range
bytes=701915-1395688

Response headers

date
Tue, 22 Mar 2022 17:04:12 GMT
last-modified
Thu, 25 Feb 2021 19:07:20 GMT
fastly-original-body-size
1048576
age
60531
etag
"ebf67fc0670047f95a6ee1cc45de537f"
access-control-max-age
86400
content-type
video/mp4
Content-Range
bytes 701915-1395688/5532983
cache-control
public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges
bytes
access-control-allow-origin
*
Content-Length
693774
activityi;dc_pre=CL-_mNGZ2vYCFRcuGwodZ24PIA;src=9582686;type=globalc;cat=globa0;ord=7383836121686;gtm=2od3e0;auiddc=2004574560.1647968653;u1=B2C;u2=no_locale;u4=threatpost.com;u5=%2Fmicrosoft-excha...
9582686.fls.doubleclick.net/ Frame 209F
Redirect Chain
  • https://9582686.fls.doubleclick.net/activityi;src=9582686;type=globalc;cat=globa0;ord=7383836121686;gtm=2od3e0;auiddc=2004574560.1647968653;u1=B2C;u2=no_locale;u4=threatpost.com;u5=%2Fmicrosoft-exc...
  • https://9582686.fls.doubleclick.net/activityi;dc_pre=CL-_mNGZ2vYCFRcuGwodZ24PIA;src=9582686;type=globalc;cat=globa0;ord=7383836121686;gtm=2od3e0;auiddc=2004574560.1647968653;u1=B2C;u2=no_locale;u4=...
783 B
542 B 		Document
General
Check archive.org
Download Go to
Full URL
https://9582686.fls.doubleclick.net/activityi;dc_pre=CL-_mNGZ2vYCFRcuGwodZ24PIA;src=9582686;type=globalc;cat=globa0;ord=7383836121686;gtm=2od3e0;auiddc=2004574560.1647968653;u1=B2C;u2=no_locale;u4=threatpost.com;u5=%2Fmicrosoft-exchange-exploited-cuba-ransomware%2F178665%2F;u6=;u7=18319297477328161013447771584748901028-1089484159.1647968652;u9=_microsoft-exchange-exploited-cuba-ransomware_178665_;~oref=https%3A%2F%2Fthreatpost.com%2Fmicrosoft-exchange-exploited-cuba-ransomware%2F178665%2F%3Fes_id%3D3416c12156?
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=DC-9582686
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.230 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f6.1e100.net
Software
cafe /
Resource Hash
52423131f99541e0a3cf300f660d657022ac546469ac4c6301ea91abf915a4c7
Security Headers
Name Value
Strict-Transport-Security max-age=21600
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
about:blank

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
date
Tue, 22 Mar 2022 17:04:12 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
cache-control
no-cache, must-revalidate
strict-transport-security
max-age=21600
content-type
text/html; charset=UTF-8
pragma
no-cache
x-content-type-options
nosniff
content-encoding
gzip
server
cafe
content-length
517
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

Redirect headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
date
Tue, 22 Mar 2022 17:04:12 GMT
pragma
no-cache
expires
Fri, 01 Jan 1990 00:00:00 GMT
cache-control
no-cache, must-revalidate
follow-only-when-prerender-shown
1
strict-transport-security
max-age=21600
location
https://9582686.fls.doubleclick.net/activityi;dc_pre=CL-_mNGZ2vYCFRcuGwodZ24PIA;src=9582686;type=globalc;cat=globa0;ord=7383836121686;gtm=2od3e0;auiddc=2004574560.1647968653;u1=B2C;u2=no_locale;u4=threatpost.com;u5=%2Fmicrosoft-exchange-exploited-cuba-ransomware%2F178665%2F;u6=;u7=18319297477328161013447771584748901028-1089484159.1647968652;u9=_microsoft-exchange-exploited-cuba-ransomware_178665_;~oref=https%3A%2F%2Fthreatpost.com%2Fmicrosoft-exchange-exploited-cuba-ransomware%2F178665%2F%3Fes_id%3D3416c12156?
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
server
cafe
content-length
0
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
mq
capi-tier-2-us-east-2.connatix.com/tr/ Frame 71BB 		0
315 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://capi-tier-2-us-east-2.connatix.com/tr/mq?v=155403
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.132.161.168 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-132-161-168.us-east-2.compute.amazonaws.com
Software
Kestrel /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type
multipart/form-data

Response headers

date
Tue, 22 Mar 2022 17:04:12 GMT
content-encoding
gzip
server
Kestrel
vary
Accept-Encoding
content-type
application/x-protobuf
access-control-allow-origin
https://threatpost.com
access-control-allow-credentials
true
Connection
keep-alive
Content-Length
20
sodar2.js
tpc.googlesyndication.com/sodar/ 		17 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 17:04:12 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6386
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
etag
"1637097310169751"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Tue, 22 Mar 2022 17:04:12 GMT
collect
www.google-analytics.com/g/ 		0
17 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/g/collect?v=2&tid=G-YP1JLG57CH&gtm=2oe3e0&_p=1318610405&sr=1600x1200&ul=en-us&cid=1089484159.1647968652&_s=1&dl=https%3A%2F%2Fthreatpost.com%2Fmicrosoft-exchange-exploited-cuba-ransomware%2F178665%2F%3Fes_id%3D3416c12156&dr=https%3A%2F%2Ft.co%2F&dt=Microsoft%20Exchange%20Server%20Bugs%20Exploited%20by%20%27Cuba%27%20Ransomware%20Gang%20%7C%20Threatpost&sid=1647968652&sct=1&seg=0&en=page_view&_fv=1&_ss=1&ep.pageType=other&ep.businessType=b2c&ep.siteType=Default&ep.siteClass=Websites&ep.siteLocale=%5BNULL%5D&ep.pageName=websites%20%3E%20microsoft-exchange-exploited-cuba-ransomware%2F178665&ep.campaign=&ep.acCampaignId=&ep.omnitureVisitorId=18319297477328161013447771584748901028
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-YP1JLG57CH&l=dataLayer&cx=c
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 22 Mar 2022 17:04:12 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://threatpost.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
runner.html
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 6FEF 		13 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
cross-origin-resource-policy
cross-origin
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length
5046
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
date
Tue, 22 Mar 2022 17:03:31 GMT
expires
Wed, 22 Mar 2023 17:03:31 GMT
cache-control
public, max-age=31536000
last-modified
Mon, 21 Jun 2021 20:47:05 GMT
content-type
text/html
age
41
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
aframe
www.google.com/recaptcha/api2/ Frame 41B7 		783 B
536 B 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/aframe
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
5572b134dbd94f6c9a2a848ec54441904efbbe567c902610c7d83803d847aafa
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-Llg5ZKPuwloD5A1Fe3T8PQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/

Response headers

cross-origin-resource-policy
cross-origin
cross-origin-embedder-policy
require-corp
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires
Tue, 22 Mar 2022 17:04:12 GMT
date
Tue, 22 Mar 2022 17:04:12 GMT
cache-control
private, max-age=300
content-type
text/html; charset=utf-8
content-security-policy
script-src 'report-sample' 'nonce-Llg5ZKPuwloD5A1Fe3T8PQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding
gzip
x-content-type-options
nosniff
x-xss-protection
1; mode=block
content-length
514
server
GSE
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
s99200673017662
kaspersky.d3.sc.omtrdc.net/b/ss/kaspersky-single-suite/1/JS-2.22.3/ 		43 B
245 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://kaspersky.d3.sc.omtrdc.net/b/ss/kaspersky-single-suite/1/JS-2.22.3/s99200673017662?AQB=1&ndh=1&pf=1&t=22%2F2%2F2022%2017%3A4%3A12%202%200&mid=18319297477328161013447771584748901028&aamlh=6&ce=UTF-8&ns=kaspersky&cdp=2&pageName=websites%20%3E%20microsoft-exchange-exploited-cuba-ransomware%2F178665&g=https%3A%2F%2Fthreatpost.com%2Fmicrosoft-exchange-exploited-cuba-ransomware%2F178665%2F%3Fes_id%3D3416c12156&r=https%3A%2F%2Ft.co%2F&cc=USD&ch=websites&server=threatpost.com&aamb=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&c2=other&c3=b2c&v3=websites%20%3E%20microsoft-exchange-exploited-cuba-ransomware%2F178665&v9=https%3A%2F%2Fthreatpost.com%2Fmicrosoft-exchange-exploited-cuba-ransomware%2F178665%2F%3Fes_id%3D3416c12156&c20=url&c29=v1%3As_code_single_suite.js%3AtrackPageView%20%3E%20sng.t%3Ap&c30=v1%3A20220317%3A287%3ANextGen%3A%5BNULL%5D&c31=https%3A%2F%2Fthreatpost.com%2Fmicrosoft-exchange-exploited-cuba-ransomware%2F178665%2F&v35=https%3A%2F%2Ft.co%2F&v44=D%3Dv3&c47=Default&v47=D%3Dc47&c51=Websites&c57=%5BNULL%5D&v57=D%3Dc57&c58=Microsoft%20Exchange%20Server%20Bugs%20Exploited%20by%20%27Cuba%27%20Ransomware%20Gang%20%7C%20Threatpost&v71=v1%3APage%20View%3A%5BNULL%5D&v113=18319297477328161013447771584748901028&v116=1089484159.1647968652&v125=0.1021273963315894_1647968651359&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&mcorgid=983502BE532960BE0A490D4C%40AdobeOrg&AQE=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
15.188.95.229 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-15-188-95-229.eu-west-3.compute.amazonaws.com
Software
jag /
Resource Hash
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 17:04:12 GMT
x-content-type-options
nosniff
x-c
main-1629.I879dac.M0-556
p3p
CP="This is not a P3P policy"
content-length
43
x-xss-protection
1; mode=block
pragma
no-cache
last-modified
Wed, 23 Mar 2022 17:04:12 GMT
server
jag
xserver
anedge-7f6b754cd4-9nj4p
etag
3538985734049759232-4619676364337896263
vary
*
content-type
image/gif;charset=utf-8
access-control-allow-origin
*
cache-control
no-cache, no-store, max-age=0, no-transform, private
expires
Mon, 21 Mar 2022 17:04:12 GMT
sodar
pagead2.googlesyndication.com/pagead/ Frame 41B7 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022031601&jk=4273038097581862&rc=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers
c9SOW3fm-cIOlp3tvRsibzkEuEO1MqMyQpfRRVluBWQ.js
pagead2.googlesyndication.com/bg/ Frame 6FEF 		35 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/c9SOW3fm-cIOlp3tvRsibzkEuEO1MqMyQpfRRVluBWQ.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
73d48e5b77e6f9c20e969dedbd1b226f3904b843b532a3324297d145596e0564
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 17:00:49 GMT
content-encoding
br
x-content-type-options
nosniff
age
204
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13819
x-xss-protection
0
last-modified
Mon, 14 Mar 2022 11:18:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Wed, 22 Mar 2023 17:00:49 GMT
dc_pre=CL-_mNGZ2vYCFRcuGwodZ24PIA;src=9582686;type=globalc;cat=globa0;ord=7383836121686;gtm=2od3e0;auiddc=2004574560.1647968653;u1=B2C;u2=no_locale;u4=threatpost.com;u5=%2Fmicrosoft-exchange-exploi...
adservice.google.com/ddm/fls/i/ Frame 0E7E 		782 B
539 B 		Document
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/ddm/fls/i/dc_pre=CL-_mNGZ2vYCFRcuGwodZ24PIA;src=9582686;type=globalc;cat=globa0;ord=7383836121686;gtm=2od3e0;auiddc=2004574560.1647968653;u1=B2C;u2=no_locale;u4=threatpost.com;u5=%2Fmicrosoft-exchange-exploited-cuba-ransomware%2F178665%2F;u6=;u7=18319297477328161013447771584748901028-1089484159.1647968652;u9=_microsoft-exchange-exploited-cuba-ransomware_178665_;~oref=https%3A%2F%2Fthreatpost.com%2Fmicrosoft-exchange-exploited-cuba-ransomware%2F178665%2F%3Fes_id%3D3416c12156
Requested by
Host: 9582686.fls.doubleclick.net
URL: https://9582686.fls.doubleclick.net/activityi;dc_pre=CL-_mNGZ2vYCFRcuGwodZ24PIA;src=9582686;type=globalc;cat=globa0;ord=7383836121686;gtm=2od3e0;auiddc=2004574560.1647968653;u1=B2C;u2=no_locale;u4=threatpost.com;u5=%2Fmicrosoft-exchange-exploited-cuba-ransomware%2F178665%2F;u6=;u7=18319297477328161013447771584748901028-1089484159.1647968652;u9=_microsoft-exchange-exploited-cuba-ransomware_178665_;~oref=https%3A%2F%2Fthreatpost.com%2Fmicrosoft-exchange-exploited-cuba-ransomware%2F178665%2F%3Fes_id%3D3416c12156?
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9a60524bc2a69ac0775f978a67d221fa8074a484e1733eb15b2aef2b17437b58
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://9582686.fls.doubleclick.net/

Response headers

p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
date
Tue, 22 Mar 2022 17:04:13 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
cache-control
no-cache, must-revalidate
content-type
text/html; charset=UTF-8
pragma
no-cache
x-content-type-options
nosniff
content-encoding
gzip
server
cafe
content-length
516
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
generate_204
tpc.googlesyndication.com/ Frame 6FEF 		0
9 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/generate_204?7oVgog
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 17:04:13 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
bl-01880f1-bba75783.js
tagan.adlightning.com/math-aids-threatpost/ Frame 6EB0 		43 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tagan.adlightning.com/math-aids-threatpost/bl-01880f1-bba75783.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.139.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-139-84.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
d9497a4969d4b9f7ef88f6826a448db2639cc888b32b975798c541dcac895358

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 13:41:58 GMT
content-encoding
gzip
age
12136
x-cache
Hit from cloudfront
content-length
18625
x-amz-meta-git_commit
01880f1
last-modified
Tue, 22 Mar 2022 13:33:38 GMT
server
AmazonS3
etag
"5a11b117d1a5792b8eefa140d05f4514"
x-amz-version-id
1Cypxj6R6vOo5NSCX6LW51PFJwpw9iWK
via
1.1 a5a8e743f28968822c126102a78bb7c6.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
FRA60-P4
accept-ranges
bytes
content-type
application/javascript
x-amz-cf-id
-AYMH-GcLR2h48iaIF3xwpO7O-NhatnKSDO7GAoD-8PBWA11okyhFg==
b-7b120a5-9b871d4e.js
tagan.adlightning.com/math-aids-threatpost/ Frame 6EB0 		73 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.139.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-139-84.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
4658e1122a2190db712f6731d3e8c14b027f0a42bd7c1333b11d272f8e9ea3fd

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Sat, 05 Feb 2022 22:56:33 GMT
content-encoding
gzip
age
3866860
x-cache
Hit from cloudfront
content-length
28179
x-amz-meta-git_commit
7b120a5
last-modified
Mon, 16 Aug 2021 17:49:31 GMT
server
AmazonS3
etag
"c42a7ac1ac405f3f0cad04305cad5553"
x-amz-version-id
HCJNSpgvHPkSF2.YDap.Qx6PnxOllH79
via
1.1 a5a8e743f28968822c126102a78bb7c6.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
FRA60-P4
accept-ranges
bytes
content-type
application/javascript
x-amz-cf-id
sX1-EDT7CmRaxZPSsyBF5gHYRj_-2E164ZgarDl4ojgc7JchWXnbHw==
adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/ Frame 6EB0 		156 KB
53 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
86ae68aea16cebbd7a8214dea5ee65c4316b52c4b231d4082f238c25f1be4064
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 17:04:13 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
54713
x-xss-protection
0
server
cafe
etag
13629547279407696417
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Tue, 22 Mar 2022 17:04:13 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 6EB0 		118 KB
36 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f74c04529f8d5f9c248eda87caec654de5e5c61dd40e9ac4696b026d2841b131
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 17:04:13 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
36708
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1647862282720048"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Tue, 22 Mar 2022 17:04:13 GMT
bl-01880f1-bba75783.js
tagan.adlightning.com/math-aids-threatpost/ Frame 44BD 		43 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tagan.adlightning.com/math-aids-threatpost/bl-01880f1-bba75783.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.139.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-139-84.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
d9497a4969d4b9f7ef88f6826a448db2639cc888b32b975798c541dcac895358

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 13:41:58 GMT
content-encoding
gzip
age
12136
x-cache
Hit from cloudfront
content-length
18625
x-amz-meta-git_commit
01880f1
last-modified
Tue, 22 Mar 2022 13:33:38 GMT
server
AmazonS3
etag
"5a11b117d1a5792b8eefa140d05f4514"
x-amz-version-id
1Cypxj6R6vOo5NSCX6LW51PFJwpw9iWK
via
1.1 a5a8e743f28968822c126102a78bb7c6.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
FRA60-P4
accept-ranges
bytes
content-type
application/javascript
x-amz-cf-id
xehL7FfTU-f594AdMzoVIg8WlHjttJN8cOzhE3LQU1fCllLPS54oxg==
b-7b120a5-9b871d4e.js
tagan.adlightning.com/math-aids-threatpost/ Frame 44BD 		73 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.139.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-139-84.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
4658e1122a2190db712f6731d3e8c14b027f0a42bd7c1333b11d272f8e9ea3fd

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Sat, 05 Feb 2022 22:56:33 GMT
content-encoding
gzip
age
3866860
x-cache
Hit from cloudfront
content-length
28179
x-amz-meta-git_commit
7b120a5
last-modified
Mon, 16 Aug 2021 17:49:31 GMT
server
AmazonS3
etag
"c42a7ac1ac405f3f0cad04305cad5553"
x-amz-version-id
HCJNSpgvHPkSF2.YDap.Qx6PnxOllH79
via
1.1 a5a8e743f28968822c126102a78bb7c6.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
FRA60-P4
accept-ranges
bytes
content-type
application/javascript
x-amz-cf-id
Qx_aGA4wKtAk0bPHLSPTKWIlMCOOEPs0DFkbted7DfLd9IxbRS6dgw==
adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/ Frame 44BD 		156 KB
53 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
fec7809f7eaf8060a7b8ca2ad29a622f558d341527e5fc585ef4ac9c3344c19a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 17:04:13 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
54715
x-xss-protection
0
server
cafe
etag
147616920267374940
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Tue, 22 Mar 2022 17:04:13 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 44BD 		118 KB
36 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f74c04529f8d5f9c248eda87caec654de5e5c61dd40e9ac4696b026d2841b131
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 17:04:13 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
36708
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1647862282720048"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Tue, 22 Mar 2022 17:04:13 GMT
bl-01880f1-bba75783.js
tagan.adlightning.com/math-aids-threatpost/ Frame 3EE0 		43 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tagan.adlightning.com/math-aids-threatpost/bl-01880f1-bba75783.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.139.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-139-84.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
d9497a4969d4b9f7ef88f6826a448db2639cc888b32b975798c541dcac895358

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 13:41:58 GMT
content-encoding
gzip
age
12136
x-cache
Hit from cloudfront
content-length
18625
x-amz-meta-git_commit
01880f1
last-modified
Tue, 22 Mar 2022 13:33:38 GMT
server
AmazonS3
etag
"5a11b117d1a5792b8eefa140d05f4514"
x-amz-version-id
1Cypxj6R6vOo5NSCX6LW51PFJwpw9iWK
via
1.1 a5a8e743f28968822c126102a78bb7c6.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
FRA60-P4
accept-ranges
bytes
content-type
application/javascript
x-amz-cf-id
dzudWdIiWwUZhcQB--mhRDxcTlwCRH_cwY3blk5NkfrYNPTf1usSqQ==
b-7b120a5-9b871d4e.js
tagan.adlightning.com/math-aids-threatpost/ Frame 3EE0 		73 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.139.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-139-84.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
4658e1122a2190db712f6731d3e8c14b027f0a42bd7c1333b11d272f8e9ea3fd

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Sat, 05 Feb 2022 22:56:33 GMT
content-encoding
gzip
age
3866860
x-cache
Hit from cloudfront
content-length
28179
x-amz-meta-git_commit
7b120a5
last-modified
Mon, 16 Aug 2021 17:49:31 GMT
server
AmazonS3
etag
"c42a7ac1ac405f3f0cad04305cad5553"
x-amz-version-id
HCJNSpgvHPkSF2.YDap.Qx6PnxOllH79
via
1.1 a5a8e743f28968822c126102a78bb7c6.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
FRA60-P4
accept-ranges
bytes
content-type
application/javascript
x-amz-cf-id
elNiE_RnVknQ9DQUXOdB-Izu3kXD33PSIqWvyRPsonE6xXjIcm_-sw==
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 3EE0 		118 KB
36 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f74c04529f8d5f9c248eda87caec654de5e5c61dd40e9ac4696b026d2841b131
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 17:04:13 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
36708
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1647862282720048"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Tue, 22 Mar 2022 17:04:13 GMT
dc_pre=CL-_mNGZ2vYCFRcuGwodZ24PIA;src=9582686;type=globalc;cat=globa0;ord=7383836121686;gtm=2od3e0;auiddc=2004574560.1647968653;u1=B2C;u2=no_locale;u4=threatpost.com;u5=%2Fmicrosoft-exchange-exploi...
adservice.google.de/ddm/fls/i/ Frame B38B 		194 B
199 B 		Document
General
Check archive.org
Download Go to
Full URL
https://adservice.google.de/ddm/fls/i/dc_pre=CL-_mNGZ2vYCFRcuGwodZ24PIA;src=9582686;type=globalc;cat=globa0;ord=7383836121686;gtm=2od3e0;auiddc=2004574560.1647968653;u1=B2C;u2=no_locale;u4=threatpost.com;u5=%2Fmicrosoft-exchange-exploited-cuba-ransomware%2F178665%2F;u6=;u7=18319297477328161013447771584748901028-1089484159.1647968652;u9=_microsoft-exchange-exploited-cuba-ransomware_178665_;~oref=https%3A%2F%2Fthreatpost.com%2Fmicrosoft-exchange-exploited-cuba-ransomware%2F178665%2F%3Fes_id%3D3416c12156
Requested by
Host: adservice.google.com
URL: https://adservice.google.com/ddm/fls/i/dc_pre=CL-_mNGZ2vYCFRcuGwodZ24PIA;src=9582686;type=globalc;cat=globa0;ord=7383836121686;gtm=2od3e0;auiddc=2004574560.1647968653;u1=B2C;u2=no_locale;u4=threatpost.com;u5=%2Fmicrosoft-exchange-exploited-cuba-ransomware%2F178665%2F;u6=;u7=18319297477328161013447771584748901028-1089484159.1647968652;u9=_microsoft-exchange-exploited-cuba-ransomware_178665_;~oref=https%3A%2F%2Fthreatpost.com%2Fmicrosoft-exchange-exploited-cuba-ransomware%2F178665%2F%3Fes_id%3D3416c12156
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
05978957c6c8b028f2785dc77271c286bfac76e30b7bcd7e835c2927fbe897cf
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://adservice.google.com/

Response headers

p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
date
Tue, 22 Mar 2022 17:04:13 GMT
expires
Tue, 22 Mar 2022 17:04:13 GMT
cache-control
private, max-age=0
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
gzip
server
cafe
content-length
177
x-xss-protection
0
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
view
securepubads.g.doubleclick.net/pcs/ Frame 6EB0 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstJRVd5g31jQ500-xAAXRmAjz1mI81I73H5P3r9ywQvIvYNS0SLcojJL44IdhW671UwdZ_QW4v7S-Rngb_FTmn_Bkc5tfUCyosKW_wSOnYNXpLW_lhm5FteoxxxAjbciSZaVeoLi7RMbDq-nGbghtbeBdjud9Rh5-qpb5MHxjgFlYrYx9riaCLuxYnKrARbkYlMACG6Ga83TtewgggLOfylYRsaHmRYpbWaocBvjG5I0Q-qTpcOQlTlQNPzcs0mdYPKUwEgYyU8eY1XBkN58XdNC3dTgDf7uv0eMro6_bhc2EnWvrM5BdI_TVS5kzBdpkYHSEx4&sai=AMfl-YTkUv9PjlX3mpvjN5Wv8sqNOJasFQnq_PjCxDOjMdtPxwA4BE7QXc0Vg_yeq_fIx8vruVczKSwB9xqSmWJijSUp8RliwM4HWLO7H37LVufbeWKW9KFEcMVjDbFd6Ygt&sig=Cg0ArKJSzEthfldYkLeLEAE&uach_m=[UACH]&urlfix=1&adurl=
Requested by
Host: threatpost.com
URL: https://threatpost.com/microsoft-exchange-exploited-cuba-ransomware/178665/?es_id=3416c12156
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.181.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s56-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin
*
date
Tue, 22 Mar 2022 17:04:13 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
expires
Tue, 22 Mar 2022 17:04:13 GMT
view
securepubads.g.doubleclick.net/pcs/ Frame 44BD 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjss0i08yWFBYWcudxHaFXF-pj6BR4buYWAc0wFbu38jlPn3cj4-FlG4Qw88oXHu76EE6tZ5QsMPZb0_bBRmZ0DvueWVDSH8Cr19EnvbXJ_C6lShzOux5Z5PoV2UVtrLRNkEdrdyUbbY2-aA24J9n4eMy7JMGkFl-7mt3KyZS2BQKlvc217hXR-KlgWnsVQ7egDdmfhJklCq1wjuGZqzeWbKDrUAkWMdilZDNaEzqcZT3XFPuug3ht68X4E3ZSuE1zBScAym0Ob8ItxOWRaRhlyuffEUqVw7sZ8X2s2nayzg8EYWVr1Sv6EXLe1XA_dlFMqgxo4op&sai=AMfl-YQBh0_S15338DhLw7Kk3TKYjnZwgK9H4QDLGO8Obtih6Cg6109E9j1kP3K_TJaGwCKRAUUFUA39zPytoanhFc2d2q5b1uQy5NXn5mvZeukXfBIM0xsh4zNb9Y8KVxex&sig=Cg0ArKJSzOv8ErIXDtuDEAE&uach_m=[UACH]&urlfix=1&adurl=
Requested by
Host: threatpost.com
URL: https://threatpost.com/microsoft-exchange-exploited-cuba-ransomware/178665/?es_id=3416c12156
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.181.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s56-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin
*
date
Tue, 22 Mar 2022 17:04:13 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
view
securepubads.g.doubleclick.net/pcs/ Frame 3EE0 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuUonZh3Jx74wpLlYEi8ircygDEAMxS-pyHWP_Yg3DVaC9ix4BVxfzwdkkC6ETVsczQV6chygp7XpTITK_PCeXF07YZ-wZ_KoH-4p0C0T1GQ33ohLvbMJtTdYNFuKe8RMOXZzr6_mcbaoGdTLT08bDDlE3FURfBqqcgavBtx0hd2nMZuDwziwZwbKUVW8r_wqMHZAhI31--spqvrO_amiqtQ9gECzy9qoGssI6R3tnYiBkaJ7zRer6F7MM--wFtU4ITIV4TLvUYJpG8aoz9bGT4h1LuVSuehL0uviDtK2aqhEJsY51S7T4MZbm0m-xRPtmr1EJJ_A&sai=AMfl-YSPTUceCC8l5M6CJnvEzDuxriSJgxyTdISawD_PPxlU8Gkl8_Yd_0ujkahtE34qxZTWz8LSWcbB0ThbKcKETy4B9WCjaZlGef0iQP3KxcNGNtbfrWH4s9WoBhwxKxfx&sig=Cg0ArKJSzHD_cfKNt3twEAE&uach_m=[UACH]&urlfix=1&adurl=
Requested by
Host: threatpost.com
URL: https://threatpost.com/microsoft-exchange-exploited-cuba-ransomware/178665/?es_id=3416c12156
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.181.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s56-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin
*
date
Tue, 22 Mar 2022 17:04:13 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
js
tags.mathtag.com/notify/ Frame 3EE0 		2 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.mathtag.com/notify/js?exch=ruc&s_exch=ruc&id=5aW95q2jLzIzLyAvTVRnME1EYzBORGt0WlRreVlTMDBNakl6TFRBd01EQXRNREF3TURBd01EQXdNREF3LzUxMTUxODE1Nzg3MjEwMDA0NTYvMTAyNTQwMjEvMTEwOTU5ODEvOS9hb2FMVy1ieEdNQ3Q5NWt6RFBrUG1vUkFHdG5kS1hYVFR1QVhVc3NrTFlzLzEvOS8wLzAvMTg1MDc0Ny8wLzIyNjU4OS8xMTI2OTMxLzEvMC8wL01EQXdNREF3TURBdE1EQXdNQzB3TURBd0xUQXdNREF0TURBd01EQXdNREF3TURBdy8wLzAvMC8wLzAvNTExNTE4MTU3ODcyMTAwMDQ1Ni96cmgvMC85OTc5LzYvOTk5LzIvMjAwMToxYjYwOjEwMTA6Oi8wLjAwMC8xNjQ3OTY4NjUxLzE2NDc5ODEyNTEvOS8xOTI1NC8/gMBcmbtorpW0sZHYO6cVdBJ1WDY&nodeid=2635&group=zrh&auctionid=5115181578721000456&shardkey=5115181578721000456&sid=11095981&cid=10254021&bp=a_cbebag&nfy_act=LD5weg&type=adm&client=c2s&bfip=185.29.135.173&3pck=https%3A%2F%2Fbeacon-nf.rubiconproject.com%2Fbeacon%2Fv2%2Ft%2F0%2Fa75dac81-9466-4a3b-b545-f230b68983b3%2F
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.29.132.242 , United Kingdom, ASN30419 (MEDIAMATH-INC, US),
Reverse DNS
Software
MMBD/3.305.0 /
Resource Hash
bb649525d38068d2573d0f579a48c10d8353c061f8600ceaec5eb5831e603205

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date
Tue, 22 Mar 2022 17:04:13 GMT
Content-Encoding
gzip
x-mm-bid-request-time
1647968651
Last-Modified
Tue, 22 Mar 2022 17:04:11 GMT
Server
MMBD/3.305.0
x-mm-latency
15 (14)
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
x-mm-dbg
Count
Cache-Control
no-cache
x-mm-host
zrh-router-x25, zrh-bidder-x149
Connection
close
Content-Type
application/x-javascript; charset=UTF-8
Expires
Tue, 22 Mar 2022 17:04:12 GMT
a75dac81-9466-4a3b-b545-f230b68983b3
beacon-fra2.rubiconproject.com/beacon/d/ Frame 3EE0 		43 B
354 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://beacon-fra2.rubiconproject.com/beacon/d/a75dac81-9466-4a3b-b545-f230b68983b3?oo=0&accountId=19254&siteId=300372&zoneId=1509506&sizeId=15&e=6A1E40E384DA563B0F82D808526AFA34FD775EA0B4AD048A2C1DE7CD9BD2460EDF0EEB7A3544726C3502C7FA0C39A788172DB22D3B21A9B5A505AAAE49DBDC8652A59F40E01BF5CD7C745B4570A46B3A6B51619D6F07682ECD60F05FCFFA7BA8934F9410960143224D94624B9DD1DF6A6783CE33B171D8FB743AC39ABE8F2776F8173AA165278123F6D3C10008731379EEC4B2C13E56150523A113333567533375797F1F9737B4E184C09700C36A70B5923AEAB1C60CE30FCDA10306204D320B
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
2602:803:c004:200::153 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 22 Mar 2022 17:04:12 GMT
X-Content-Type-Options
nosniff
X-Frame-Options
DENY
Content-Type
image/avif
Cache-Control
private, max-age=0, no-cache
Connection
keep-alive
Content-Length
43
X-XSS-Protection
1; mode=block
Expires
01 Jan 1970 10:00:00 GMT
ck-confirm
tags.mathtag.com/ Frame 3EE0
Redirect Chain
  • https://tags.mathtag.com/notify/img?exch=ruc&s_exch=ruc&id=5aW95q2jLzIzLyAvTVRnME1EYzBORGt0WlRreVlTMDBNakl6TFRBd01EQXRNREF3TURBd01EQXdNREF3LzUxMTUxODE1Nzg3MjEwMDA0NTYvMTAyNTQwMjEvMTEwOTU5ODEvOS9hb2...
  • https://tags.mathtag.com/ck-confirm?bid_id=5115181578721000456&node_id=2635&exch_id=9
49 B
330 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tags.mathtag.com/ck-confirm?bid_id=5115181578721000456&node_id=2635&exch_id=9
Requested by
Host: threatpost.com
URL: https://threatpost.com/microsoft-exchange-exploited-cuba-ransomware/178665/?es_id=3416c12156
Protocol
HTTP/1.1
Server
185.29.132.242 , United Kingdom, ASN30419 (MEDIAMATH-INC, US),
Reverse DNS
Software
MMBD/3.305.0 /
Resource Hash
1cd58a827318c4a29b32a0db15c8c39d5651b42d8cad227519ad81bce4adb944

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date
Tue, 22 Mar 2022 17:04:13 GMT
Server
MMBD/3.305.0
Content-Type
image/gif
Cache-Control
no-cache
x-mm-host
zrh-router-x44, zrh-bidder-x149
Connection
keep-alive
Keep-Alive
timeout=360
Content-Length
49
Expires
Tue, 22 Mar 2022 17:04:12 GMT

Redirect headers

Date
Tue, 22 Mar 2022 17:04:13 GMT
x-mm-bid-request-time
1647968651
Last-Modified
Tue, 22 Mar 2022 17:04:11 GMT
Server
MMBD/3.305.0
x-mm-latency
14 (14)
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Location
https://tags.mathtag.com/ck-confirm?bid_id=5115181578721000456&node_id=2635&exch_id=9
x-mm-dbg
Count
Cache-Control
no-cache
x-mm-host
zrh-router-x27, zrh-bidder-x149
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Keep-Alive
timeout=360
Content-Length
85
Expires
Tue, 22 Mar 2022 17:04:12 GMT
show_ads_impl_with_ama_fy2019.js
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202203160101/ Frame 6EB0 		297 KB
107 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202203160101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-7500593236707325&plah=threatpost.com
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
f613f6ee0f690f54eaac0aaf0848719bf61f6cf4cbc62e9fae71e13540d5b21d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 17:04:13 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
109610
x-xss-protection
0
server
cafe
etag
6219925997705072461
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin
*
expires
Tue, 22 Mar 2022 17:04:13 GMT
zrt_lookup.html
googleads.g.doubleclick.net/pagead/html/r20220317/r20190131/ Frame 1228 		10 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/html/r20220317/r20190131/zrt_lookup.html
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
0ce5fc08d0f617e71e1d61bcd79fc7cc1855f4221945b0c09ac774685fe7f52c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
vary
Accept-Encoding
x-content-type-options
nosniff
content-encoding
gzip
server
cafe
content-length
4502
x-xss-protection
0
date
Mon, 21 Mar 2022 23:16:13 GMT
expires
Mon, 04 Apr 2022 23:16:13 GMT
cache-control
public, max-age=1209600
age
64080
etag
4044455266028820542
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
truncated
/ Frame 6EB0 		214 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
959a32aa29a32e5580067baa9916638d03942863f257f008254d0a0379848359

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ Frame 44BD 		212 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
f3fb9a3c3e9feb0d4855d71ab7f9ec2f80003c83a714e5b74f96726b9c0ae8c7

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type
image/png
show_ads_impl_with_ama_fy2019.js
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202203160101/ Frame 44BD 		297 KB
107 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202203160101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-7500593236707325&plah=threatpost.com
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
f613f6ee0f690f54eaac0aaf0848719bf61f6cf4cbc62e9fae71e13540d5b21d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 17:04:13 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
109610
x-xss-protection
0
server
cafe
etag
6219925997705072461
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin
*
expires
Tue, 22 Mar 2022 17:04:13 GMT
view
securepubads.g.doubleclick.net/pcs/ Frame 6EB0 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsud971xHVYMiYGy0ydvjKyHiRXotJ4tUmaAG-LhT-fpP3pr4LCbh2W5V6s0BBCXHsbsMXGgU3FQE795yy_Z1g5gJCJLL7nSB-rpzP8y73QzSQ9lkL6B5i8jmnZVC1-hh61CNveAIo9y0M-e_S4jEzi8vcTY_oR0-HCbvreDo3k50llgfXy54bhEFGznKABsKs4QKIBAH4GkINx-ORlSXHrUbXbgv5A4383UdnOoC2C4RxrtX2T5nLw3bn6HhzKXz9bxLpeYQ-jZnu-NEiPpaW44xcK5plgKmls6hWooqFoVzkN-PpMOkN_WDZh2SoFAfPKDmVMLqQA&sai=AMfl-YQHx6xp_yc7WnZg9G8uV6PTUjRovXB6qB4j3IWc-M6pGqJ7FPWwbVxz7N0GUdTBu6t50Fkw2eBS_ci_UgQjWVTeWKDFnMiSoHn6uo7mSICSnWpM_FLXc9w_cJyaqSTQ&sig=Cg0ArKJSzFfs17eGUNH9EAE&uach_m=[UACH]&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0%3D&adurl=
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.181.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s56-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin
*
date
Tue, 22 Mar 2022 17:04:13 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
expires
Tue, 22 Mar 2022 17:04:13 GMT
anfzfndq19r8
hal9000.redintelligence.net/zone/ Frame 3EE0 		10 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://hal9000.redintelligence.net/zone/anfzfndq19r8?subid=&gdpr=0&gdpr_consent=&rnd=5115181578721000456&extVar[]=DOUBLEBORDER:1&extVar[]=MMA_SSP:ruc&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fexch_aid%3Ddd86ca5188370aa2ae277d791c6f572d14606175_15%26mt_aid%3D5115181578721000456%26mt_id%3D10254021%26mt_adid%3D226589%26mt_sid%3D11095981%26mt_exid%3D9%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3D47d7623a-018d-4801-97fb-bf20fad58601%26mt_cid%3D47d7623a-018d-4801-97fb-bf20fad58601%26mt_3pck%3Dhttps%253A%2F%2Fbeacon-nf.rubiconproject.com%2Fbeacon%2Fv2%2Ft%2F0%2Fa75dac81-9466-4a3b-b545-f230b68983b3%2F%26redirect%3D
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
138.201.63.165 Reilingen, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.165.63.201.138.clients.your-server.de
Software
Apache /
Resource Hash
acd94635d3d4e525be70a94dd02b05d50c11cacab7bd792b8fe44e7956c95dd6

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date
Tue, 22 Mar 2022 17:04:13 GMT
Content-Encoding
gzip
Server
Apache
Connection
close
Content-Length
2961
Vary
Accept-Encoding
Content-Type
text/html; charset=UTF-8
ck-confirm
tags.mathtag.com/ Frame 3EE0 		49 B
330 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tags.mathtag.com/ck-confirm?bid_id=5115181578721000456&node_id=2635&exch_id=9
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.29.132.242 , United Kingdom, ASN30419 (MEDIAMATH-INC, US),
Reverse DNS
Software
MMBD/3.305.0 /
Resource Hash
1cd58a827318c4a29b32a0db15c8c39d5651b42d8cad227519ad81bce4adb944

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date
Tue, 22 Mar 2022 17:04:13 GMT
Server
MMBD/3.305.0
Content-Type
image/gif
Cache-Control
no-cache
x-mm-host
zrh-router-x74, zrh-bidder-x149
Connection
keep-alive
Keep-Alive
timeout=360
Content-Length
49
Expires
Tue, 22 Mar 2022 17:04:12 GMT
img
pixel.mathtag.com/event/ Frame 3EE0 		43 B
405 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.mathtag.com/event/img?mt_id=1368875&mt_adid=216764&v1=9&v2=5115181578721000456&v3=1126931&v4=11095981&v5=10254021&mt_nsync=1&no_attr=1
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.233.201 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-233-201.deploy.static.akamaitechnologies.com
Software
MT3 4281 354de82 master zrh-pixel-x28 config:1.0.0 /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date
Tue, 22 Mar 2022 17:04:13 GMT
Server
MT3 4281 354de82 master zrh-pixel-x28 config:1.0.0
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin
*
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Tue, 22 Mar 2022 17:04:12 GMT
img
tags.mathtag.com/event/ Frame 3EE0 		49 B
330 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tags.mathtag.com/event/img?type=mmImpTrack&exch=ruc&bid=5115181578721000456&st=11095981&time=1647968653&nodeid=2635
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.29.132.242 , United Kingdom, ASN30419 (MEDIAMATH-INC, US),
Reverse DNS
Software
MMBD/3.305.0 /
Resource Hash
1cd58a827318c4a29b32a0db15c8c39d5651b42d8cad227519ad81bce4adb944

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date
Tue, 22 Mar 2022 17:04:13 GMT
Server
MMBD/3.305.0
Content-Type
image/gif
Cache-Control
no-cache
x-mm-host
zrh-router-x36, zrh-bidder-x149
Connection
keep-alive
Keep-Alive
timeout=360
Content-Length
49
Expires
Tue, 22 Mar 2022 17:04:12 GMT
cookie.js
partner.googleadservices.com/gampad/ Frame 6EB0 		12 B
247 B 		Script
General
Check archive.org
Download Go to
Full URL
https://partner.googleadservices.com/gampad/cookie.js?domain=threatpost.com&callback=_gfp_s_&client=ca-pub-7500593236707325&cookie=ID%3Dac77f1cb2d51f312-225019dc63cd000d%3AT%3D1647968652%3AS%3DALNI_MZVNcYYVU4ajyVYWPxLX0ExSRNsaQ
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.181.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s56-in-f2.1e100.net
Software
cafe /
Resource Hash
daa795332e5dbcf893adf2d5f3349f02b8c1cb957ff3b5f4c11b742e33c3376f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 17:04:13 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type
text/javascript; charset=UTF-8
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
32
x-xss-protection
0
integrator.js
adservice.google.de/adsid/ Frame 6EB0 		107 B
122 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.de/adsid/integrator.js?domain=threatpost.com
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin
*
date
Tue, 22 Mar 2022 17:04:13 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ Frame 6EB0 		107 B
122 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=threatpost.com
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin
*
date
Tue, 22 Mar 2022 17:04:13 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
ads
googleads.g.doubleclick.net/pagead/ Frame C709 		26 KB
11 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-7500593236707325&output=html&h=90&slotname=5620800026&adk=2236077833&adf=776186316&pi=t.ma~as.5620800026&w=970&psa=0&format=970x90&url=https%3A%2F%2Fthreatpost.com%2Fmicrosoft-exchange-exploited-cuba-ransomware%2F178665%2F%3Fes_id%3D3416c12156&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1647968653645&bpp=4&bdt=526&idt=146&shv=r20220317&mjsv=m202203160101&ptt=9&saldr=aa&cookie=ID%3Dac77f1cb2d51f312-225019dc63cd000d%3AT%3D1647968652%3AS%3DALNI_MZVNcYYVU4ajyVYWPxLX0ExSRNsaQ&correlator=5352491261781&frm=23&ife=4&pv=2&ga_vid=1089484159.1647968652&ga_sid=1647968654&ga_hid=218466325&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=315&ady=8&biw=1600&bih=1200&isw=970&ish=90&ifk=1253437798&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31063246&oid=2&pvsid=2742303738312724&pem=596&tmod=1764735786&uas=0&nvt=1&ref=https%3A%2F%2Ft.co%2F&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C970%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.ktrct0ddjbwi&fsb=1&dtd=190
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
c25bf49c61f00bba07dbe379f040dcbf51b9eae7666da1843ca904340475faeb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
br
date
Tue, 22 Mar 2022 17:04:14 GMT
server
cafe
content-length
11656
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
sodar
pagead2.googlesyndication.com/getconfig/ Frame 6EB0 		14 KB
10 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20220317&st=env
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202203160101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-7500593236707325&plah=threatpost.com
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
159f3212e66e8f9ccb7d370ce7d1ce25d0db48d443fd05b3c8dba01bbca41da2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin
*
date
Tue, 22 Mar 2022 17:04:13 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
10516
x-xss-protection
0
view
securepubads.g.doubleclick.net/pcs/ Frame 44BD 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsulxGeZClsNUFlXML_wn0yEnsVyPUZIErbj-yD3JhH7C7rb5LB6zN3BPXg4ssIWbNYgKPyW8Pz0L44_-iTy15ghBbEHcRpRoQOip2u_R23qR3_KrRPHR0lqIVd0QKihNj0fuckG-iqqPYqxNoWg6X9mcTPpPt0aMd_RSd1KRKOSREdxt1LTa6tlmm2Evf1MUMwmpd0XdYzgzb6tLXiqQtZMdyEFlMz10YjfKHSoYgcJtUgDxDs2fsM8s9joUCSncyhCly5eiBWQMiYI4oBBi_2fHQ3xykEByzgWodB5Hw4AYZx_nMEEaS4af0vDKNP3swqp9MaW7dI&sai=AMfl-YQ4afTAPWQOIioXPWNQG-_I8p8F9ymDQR8Ne2eqGV8iRC6Q2ht0VnwirsChguji8GrD2dmuuckOuI5HE6ccMjeEp_yZUB4Z3OxrdXvPRukQuNxb3HBFh9wWJ0CpIaSM&sig=Cg0ArKJSzOIjYOCLQSJNEAE&uach_m=[UACH]&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0%3D&adurl=
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.181.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s56-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin
*
date
Tue, 22 Mar 2022 17:04:13 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
expires
Tue, 22 Mar 2022 17:04:13 GMT
cookie.js
partner.googleadservices.com/gampad/ Frame 44BD 		12 B
97 B 		Script
General
Check archive.org
Download Go to
Full URL
https://partner.googleadservices.com/gampad/cookie.js?domain=threatpost.com&callback=_gfp_s_&client=ca-pub-7500593236707325&cookie=ID%3Dac77f1cb2d51f312-225019dc63cd000d%3AT%3D1647968652%3AS%3DALNI_MZVNcYYVU4ajyVYWPxLX0ExSRNsaQ
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.181.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s56-in-f2.1e100.net
Software
cafe /
Resource Hash
daa795332e5dbcf893adf2d5f3349f02b8c1cb957ff3b5f4c11b742e33c3376f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 17:04:13 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type
text/javascript; charset=UTF-8
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
32
x-xss-protection
0
integrator.js
adservice.google.de/adsid/ Frame 44BD 		107 B
122 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.de/adsid/integrator.js?domain=threatpost.com
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin
*
date
Tue, 22 Mar 2022 17:04:13 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ Frame 44BD 		107 B
122 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=threatpost.com
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin
*
date
Tue, 22 Mar 2022 17:04:13 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
ads
googleads.g.doubleclick.net/pagead/ Frame 6830 		29 KB
12 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-7500593236707325&output=html&h=250&slotname=7286959315&adk=2838937357&adf=776186307&pi=t.ma~as.7286959315&w=300&psa=0&format=300x250&url=https%3A%2F%2Fthreatpost.com%2Fmicrosoft-exchange-exploited-cuba-ransomware%2F178665%2F%3Fes_id%3D3416c12156&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1647968653748&bpp=7&bdt=554&idt=140&shv=r20220317&mjsv=m202203160101&ptt=9&saldr=aa&cookie=ID%3Dac77f1cb2d51f312-225019dc63cd000d%3AT%3D1647968652%3AS%3DALNI_MZVNcYYVU4ajyVYWPxLX0ExSRNsaQ&correlator=5352491261781&frm=23&ife=4&pv=1&ga_vid=1089484159.1647968652&ga_sid=1647968654&ga_hid=1254594487&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1082&ady=256&biw=1600&bih=1200&isw=300&ish=250&ifk=2439899007&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44759849%2C31065655&oid=2&pvsid=2071900859394315&pem=596&tmod=607578316&uas=0&nvt=1&ref=https%3A%2F%2Ft.co%2F&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.l7928iuzms5t&fsb=1&dtd=153
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
5dac1435bece8d11aac3600f01f8c4493a33efe86f9222649e1d18702200f1e3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
br
date
Tue, 22 Mar 2022 17:04:14 GMT
server
cafe
content-length
12736
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
sodar
pagead2.googlesyndication.com/getconfig/ Frame 44BD 		14 KB
10 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20220317&st=env
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202203160101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-7500593236707325&plah=threatpost.com
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
bb27930784fb481d87869b25fb27303ebfae88d69b220424b3168fd6f76cbca9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin
*
date
Tue, 22 Mar 2022 17:04:13 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
10504
x-xss-protection
0
request.php
hal900028.redintelligence.net/ Frame 3EE0
Redirect Chain
  • https://hal900028.redintelligence.net/request.php?zone=anfzfndq19r8&nw=20&renderingType=javascript&namespace=2c878d31ee&subid=&uid=37bf87d1c0c21722&screenSize=1600x1200&screenSizeAvail=1600x1200&cl...
  • https://hal900028.redintelligence.net/request.php?zone=anfzfndq19r8&nw=20&renderingType=javascript&namespace=2c878d31ee&subid=&uid=37bf87d1c0c21722&screenSize=1600x1200&screenSizeAvail=1600x1200&cl...
613 B
937 B 		Script
General
Check archive.org
Download Go to
Full URL
https://hal900028.redintelligence.net/request.php?zone=anfzfndq19r8&nw=20&renderingType=javascript&namespace=2c878d31ee&subid=&uid=37bf87d1c0c21722&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&extVar[]=MMA_SSP%3Aruc&envData=&gdpr=0&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fexch_aid%3Ddd86ca5188370aa2ae277d791c6f572d14606175_15%26mt_aid%3D5115181578721000456%26mt_id%3D10254021%26mt_adid%3D226589%26mt_sid%3D11095981%26mt_exid%3D9%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3D47d7623a-018d-4801-97fb-bf20fad58601%26mt_cid%3D47d7623a-018d-4801-97fb-bf20fad58601%26mt_3pck%3Dhttps%253A%2F%2Fbeacon-nf.rubiconproject.com%2Fbeacon%2Fv2%2Ft%2F0%2Fa75dac81-9466-4a3b-b545-f230b68983b3%2F%26redirect%3D&documentReferer=https%3A%2F%2Fthreatpost.com%2Fmicrosoft-exchange-exploited-cuba-ransomware%2F178665%2F%3Fes_id%3D3416c12156&ancestorOrigins=https%3A%2F%2Fthreatpost.com&random=6756889401911&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Requested by
Host: threatpost.com
URL: https://threatpost.com/microsoft-exchange-exploited-cuba-ransomware/178665/?es_id=3416c12156
Protocol
HTTP/1.1
Server
88.99.165.19 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.19.165.99.88.clients.your-server.de
Software
Apache /
Resource Hash
9333cbc41ddd28fb91de26042e944b4ef267714050b7a8fa766b53c94cfcd367

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 22 Mar 2022 17:04:14 GMT
Content-Encoding
gzip
Server
Apache
Vary
Accept-Encoding
P3P
CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Cache-Control
no-store, no-cache, must-revalidate, max-age=0
X-NEORY-SubId
73840600174980904354386011906028
Connection
close
Content-Type
application/x-javascript; charset=utf-8
Content-Length
331
Expires
Tue, 22 Mar 2022 17:04:14 +0100

Redirect headers

Pragma
no-cache
Date
Tue, 22 Mar 2022 17:04:13 GMT
Server
Apache
P3P
CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Location
request.php?zone=anfzfndq19r8&nw=20&renderingType=javascript&namespace=2c878d31ee&subid=&uid=37bf87d1c0c21722&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&extVar[]=MMA_SSP%3Aruc&envData=&gdpr=0&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fexch_aid%3Ddd86ca5188370aa2ae277d791c6f572d14606175_15%26mt_aid%3D5115181578721000456%26mt_id%3D10254021%26mt_adid%3D226589%26mt_sid%3D11095981%26mt_exid%3D9%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3D47d7623a-018d-4801-97fb-bf20fad58601%26mt_cid%3D47d7623a-018d-4801-97fb-bf20fad58601%26mt_3pck%3Dhttps%253A%2F%2Fbeacon-nf.rubiconproject.com%2Fbeacon%2Fv2%2Ft%2F0%2Fa75dac81-9466-4a3b-b545-f230b68983b3%2F%26redirect%3D&documentReferer=https%3A%2F%2Fthreatpost.com%2Fmicrosoft-exchange-exploited-cuba-ransomware%2F178665%2F%3Fes_id%3D3416c12156&ancestorOrigins=https%3A%2F%2Fthreatpost.com&random=6756889401911&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Cache-Control
no-store, no-cache, must-revalidate, max-age=0
Connection
close
Content-Type
text/html; charset=UTF-8
Content-Length
0
Expires
Tue, 22 Mar 2022 17:04:13 +0100
sodar2.js
tpc.googlesyndication.com/sodar/ Frame 6EB0 		17 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 17:04:13 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6386
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
etag
"1637097310169751"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Tue, 22 Mar 2022 17:04:13 GMT
sodar2.js
tpc.googlesyndication.com/sodar/ Frame 44BD 		17 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 17:04:13 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6386
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
etag
"1637097310169751"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Tue, 22 Mar 2022 17:04:13 GMT
runner.html
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 35FE 		13 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
cross-origin-resource-policy
cross-origin
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length
5046
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
date
Tue, 22 Mar 2022 17:03:31 GMT
expires
Wed, 22 Mar 2023 17:03:31 GMT
cache-control
public, max-age=31536000
last-modified
Mon, 21 Jun 2021 20:47:05 GMT
content-type
text/html
age
42
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
aframe
www.google.com/recaptcha/api2/ Frame 4F2F 		783 B
536 B 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/aframe
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
c793ce272ba6b491d266abacf96563ca2f88c4eaf594ef71ea63285e3e0e8184
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-NI55bOpIyBPiC3Dk8CoJZA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/

Response headers

cross-origin-resource-policy
cross-origin
cross-origin-embedder-policy
require-corp
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires
Tue, 22 Mar 2022 17:04:13 GMT
date
Tue, 22 Mar 2022 17:04:13 GMT
cache-control
private, max-age=300
content-type
text/html; charset=utf-8
content-security-policy
script-src 'report-sample' 'nonce-NI55bOpIyBPiC3Dk8CoJZA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding
gzip
x-content-type-options
nosniff
x-xss-protection
1; mode=block
content-length
514
server
GSE
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
gen_204
pagead2.googlesyndication.com/pagead/ 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=225&t=2&li=gpt_2022031601&jk=4273038097581862&bg=!RkWlRQHNAAba2mK92to7ACkAdvg8WqRYP7_Jbi5D7vSjcpiDcYjM9jPoHTpVj2diE68iTQO-wWBtkQIAAAEAUgAAAAJoAQcKAChrZIaMbPLdhPeTwFfyCBalgWon4O3G0qBCIRqjzZgi_g7WZzkyaQ3lmQLTDCqfD8bL9ku9XoVRmcvO-G7H2jobU1BcppgeT-_CxG_S-4fTZqENxgTVxZPb-YbM6dtT8l6mpDR22pCKVrSubdpqxUO6NBMW8GYsom1v7pv07iwrM-4kg7cQUs4U8RFKDG4nhHXVKIDffSI4F82EEcuATkvAdzhnW_siFEAZEGF-SxuL5T4n4Kcpubq9uc3zxTWOK2qJ0UZQo89smv2aKAjPkxvxoQU6W1nv6qzJB5532MUuLWb_WcrYDugUhibZPyO2d-VLUpZOWypPzPOvNsrJN-hyptH6ztgkDmJM9DAiQSioA2u8pZknT-7Ap3Cm36kqek-zvuNPB39YBjYLB5tQXLLjkJ3R7KuhGkBSljXV41N7kzED6UvfYLxEc__RA6udJhrTObNrgo7sLF_sB5DKACgLyf--0oiRMEop8l1aJfLokUEICnRJgYhgE9lDhOUmFLc2kgn6dGv-9RrdwKFVZhTRfaRS1oCLp3Ebp17-_uYhdRgtr8DnNyBwVhQsYzL5rRHW7BKC0MCCv0A8_5uzjpbGJ8T7X6d7DIAq8ZjaCcbBOdilumbQSa2tOCvnNB_Rq_q-EDsmi8RCegf3C_05tByGGcIcd8DJLXceMUZu6AucKmBxtzW3PyBncFhsN6Ey2pRFuUS9WWU-fXgXKAUZjhbeXtbR9T7gji_aAgF6ZvePi3oP-rSc0T_SOI1iSBcJ6xrOm22tdZb4u5vWX_SgB0E2nZLjOf1QsYXVAiztv7kHpevEyGCUOBsavuCzO_63klHH7QWvMlLj2pCJJGYBagncGN73UKV1yO96aBpIGSQuESP6lVa04bVr9YYQ3ATcBA7D4MIwGIMbMR9H83dq7FRqENALhcZEx3j5g3GwXHHnmFZdjgHrtaF0_QYdZk76dt3csGI2GOkDYu2IF_M5IW_VPk-qEbzHVrWyjCFsDFsghw6iJMyHZAjwDHfHu8CK
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 22 Mar 2022 17:04:14 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
sv
capi-tier-2-us-east-2.connatix.com/tr/ Frame 71BB 		0
315 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://capi-tier-2-us-east-2.connatix.com/tr/sv?v=155403
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.132.161.168 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-132-161-168.us-east-2.compute.amazonaws.com
Software
Kestrel /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type
multipart/form-data

Response headers

date
Tue, 22 Mar 2022 17:04:13 GMT
content-encoding
gzip
server
Kestrel
vary
Accept-Encoding
content-type
application/x-protobuf
access-control-allow-origin
https://threatpost.com
access-control-allow-credentials
true
Connection
keep-alive
Content-Length
20
runner.html
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 1F18 		13 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
cross-origin-resource-policy
cross-origin
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length
5046
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
date
Tue, 22 Mar 2022 17:03:31 GMT
expires
Wed, 22 Mar 2023 17:03:31 GMT
cache-control
public, max-age=31536000
last-modified
Mon, 21 Jun 2021 20:47:05 GMT
content-type
text/html
age
43
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
aframe
www.google.com/recaptcha/api2/ Frame 8359 		783 B
535 B 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/aframe
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
7407dd4307d1c72e6ea9270e475e28e7d625a34609372de2318210de300bc1f0
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-PgxeIDQRQOkwF9oBnNli3g' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/

Response headers

cross-origin-resource-policy
cross-origin
cross-origin-embedder-policy
require-corp
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires
Tue, 22 Mar 2022 17:04:14 GMT
date
Tue, 22 Mar 2022 17:04:14 GMT
cache-control
private, max-age=300
content-type
text/html; charset=utf-8
content-security-policy
script-src 'report-sample' 'nonce-PgxeIDQRQOkwF9oBnNli3g' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding
gzip
x-content-type-options
nosniff
x-xss-protection
1; mode=block
content-length
513
server
GSE
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
sodar
pagead2.googlesyndication.com/pagead/ Frame 4F2F 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20220317&jk=2742303738312724&rc=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers
c9SOW3fm-cIOlp3tvRsibzkEuEO1MqMyQpfRRVluBWQ.js
pagead2.googlesyndication.com/bg/ Frame 35FE 		35 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/c9SOW3fm-cIOlp3tvRsibzkEuEO1MqMyQpfRRVluBWQ.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
73d48e5b77e6f9c20e969dedbd1b226f3904b843b532a3324297d145596e0564
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 17:00:49 GMT
content-encoding
br
x-content-type-options
nosniff
age
205
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13819
x-xss-protection
0
last-modified
Mon, 14 Mar 2022 11:18:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Wed, 22 Mar 2023 17:00:49 GMT
c9SOW3fm-cIOlp3tvRsibzkEuEO1MqMyQpfRRVluBWQ.js
pagead2.googlesyndication.com/bg/ Frame 1F18 		35 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/c9SOW3fm-cIOlp3tvRsibzkEuEO1MqMyQpfRRVluBWQ.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
73d48e5b77e6f9c20e969dedbd1b226f3904b843b532a3324297d145596e0564
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 17:00:49 GMT
content-encoding
br
x-content-type-options
nosniff
age
205
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13819
x-xss-protection
0
last-modified
Mon, 14 Mar 2022 11:18:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Wed, 22 Mar 2023 17:00:49 GMT
sodar
pagead2.googlesyndication.com/pagead/ Frame 8359 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20220317&jk=2071900859394315&rc=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers
request_content.php
hal900028.redintelligence.net/ Frame 7808 		4 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://hal900028.redintelligence.net/request_content.php?s=73840600174980904354386011906028&a=aa5a9e21
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
88.99.165.19 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.19.165.99.88.clients.your-server.de
Software
Apache /
Resource Hash
b78fe2d1ef3f12d09d47c22e86e61fe48ec8103c1a4bb54b46f39c53f47d9845

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/

Response headers

Date
Tue, 22 Mar 2022 17:04:14 GMT
Server
Apache
Cache-Control
no-store, no-cache, must-revalidate, max-age=0
Expires
Tue, 22 Mar 2022 17:04:14 +0100
Pragma
no-cache
P3P
CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Vary
Accept-Encoding
Content-Encoding
gzip
Content-Length
1527
Connection
close
Content-Type
text/html; charset=utf-8
usync.html
eus.rubiconproject.com/ Frame CD6A 		281 B
554 B 		Document
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.html?&gdpr=0&geo=eu&co=de
Requested by
Host: threatpost.com
URL: https://threatpost.com/microsoft-exchange-exploited-cuba-ransomware/178665/?es_id=3416c12156
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.37.42.132 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-37-42-132.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/

Response headers

Server
Apache/2.2.15 (CentOS)
Last-Modified
Tue, 14 Dec 2021 23:07:59 GMT
ETag
"402b2-119-5d32342a551c0"
Accept-Ranges
bytes
Content-Encoding
gzip
Content-Length
233
Content-Type
text/html; charset=UTF-8
Date
Tue, 22 Mar 2022 17:04:14 GMT
Connection
keep-alive
Vary
Accept-Encoding
view
securepubads.g.doubleclick.net/pcs/ Frame 3EE0 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstWoqikWVkEeODQak4xZEw-1d4KteR9MJKbhTwqQwWf3xcEpl6KQCt08hY4JmNqHqVd5hRdfHPQv0FKohH1vrIFbbhWbgCvCUW84riKGpaTKYylUEk87HS8QtVqcYNOn0lEdYP36Um0gD0FvlcWSPk0iyu74k89VM4bflkDqmT3ZQkdiyyDzRRq8ImQ3uTP0-CqQgK5toccNN6ofFzuFBFkebphTPenCEqEpOFJu5ox2F-gxN9en8M4V7vgihtC6L-Kvmn7HyWAFE3iBcDRDPtpc_YzH3pKLcuuB-SHq8hcuNUwZo-_ctTAcbjQUZrPxrFKN76yffui&sai=AMfl-YS0HrDLX5u--kIl7OgjY7nrkzoMiDjRJ_17jtdq5kV8jHSWSVecodpF0nBKZUU_jTymX1UkRwmqGaAXwOMFJIMxr2_BsiCmoMfyZhJfz-ufONaM9vBILqmjs3-aQPpA&sig=Cg0ArKJSzLWnXjo7R4PfEAE&uach_m=[UACH]&urlfix=1&adurl=
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.181.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s56-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin
*
date
Tue, 22 Mar 2022 17:04:14 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
expires
Tue, 22 Mar 2022 17:04:14 GMT
truncated
/ Frame 3EE0 		215 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
109d746955fb2197e3107d5f7adefa3b07f9ffe5e039ef7344e8d60f73e44b33

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type
image/png
window_focus_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220317/r20110914/client/ Frame 6830 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220317/r20110914/client/window_focus_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-7500593236707325&output=html&h=250&slotname=7286959315&adk=2838937357&adf=776186307&pi=t.ma~as.7286959315&w=300&psa=0&format=300x250&url=https%3A%2F%2Fthreatpost.com%2Fmicrosoft-exchange-exploited-cuba-ransomware%2F178665%2F%3Fes_id%3D3416c12156&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1647968653748&bpp=7&bdt=554&idt=140&shv=r20220317&mjsv=m202203160101&ptt=9&saldr=aa&cookie=ID%3Dac77f1cb2d51f312-225019dc63cd000d%3AT%3D1647968652%3AS%3DALNI_MZVNcYYVU4ajyVYWPxLX0ExSRNsaQ&correlator=5352491261781&frm=23&ife=4&pv=1&ga_vid=1089484159.1647968652&ga_sid=1647968654&ga_hid=1254594487&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1082&ady=256&biw=1600&bih=1200&isw=300&ish=250&ifk=2439899007&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44759849%2C31065655&oid=2&pvsid=2071900859394315&pem=596&tmod=607578316&uas=0&nvt=1&ref=https%3A%2F%2Ft.co%2F&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.l7928iuzms5t&fsb=1&dtd=153
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
68026f99511fbc5c2275b7068b5fac19797d638977ffb9db12c5c1523614c18f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 16:58:09 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
365
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1233
x-xss-protection
0
server
cafe
etag
16517525077337815633
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Tue, 05 Apr 2022 16:58:09 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 6830 		118 KB
36 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-7500593236707325&output=html&h=250&slotname=7286959315&adk=2838937357&adf=776186307&pi=t.ma~as.7286959315&w=300&psa=0&format=300x250&url=https%3A%2F%2Fthreatpost.com%2Fmicrosoft-exchange-exploited-cuba-ransomware%2F178665%2F%3Fes_id%3D3416c12156&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1647968653748&bpp=7&bdt=554&idt=140&shv=r20220317&mjsv=m202203160101&ptt=9&saldr=aa&cookie=ID%3Dac77f1cb2d51f312-225019dc63cd000d%3AT%3D1647968652%3AS%3DALNI_MZVNcYYVU4ajyVYWPxLX0ExSRNsaQ&correlator=5352491261781&frm=23&ife=4&pv=1&ga_vid=1089484159.1647968652&ga_sid=1647968654&ga_hid=1254594487&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1082&ady=256&biw=1600&bih=1200&isw=300&ish=250&ifk=2439899007&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44759849%2C31065655&oid=2&pvsid=2071900859394315&pem=596&tmod=607578316&uas=0&nvt=1&ref=https%3A%2F%2Ft.co%2F&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.l7928iuzms5t&fsb=1&dtd=153
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f74c04529f8d5f9c248eda87caec654de5e5c61dd40e9ac4696b026d2841b131
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 17:04:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
36708
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1647862282720048"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Tue, 22 Mar 2022 17:04:14 GMT
qs_click_protection_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220317/r20110914/client/ Frame 6830 		15 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220317/r20110914/client/qs_click_protection_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-7500593236707325&output=html&h=250&slotname=7286959315&adk=2838937357&adf=776186307&pi=t.ma~as.7286959315&w=300&psa=0&format=300x250&url=https%3A%2F%2Fthreatpost.com%2Fmicrosoft-exchange-exploited-cuba-ransomware%2F178665%2F%3Fes_id%3D3416c12156&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1647968653748&bpp=7&bdt=554&idt=140&shv=r20220317&mjsv=m202203160101&ptt=9&saldr=aa&cookie=ID%3Dac77f1cb2d51f312-225019dc63cd000d%3AT%3D1647968652%3AS%3DALNI_MZVNcYYVU4ajyVYWPxLX0ExSRNsaQ&correlator=5352491261781&frm=23&ife=4&pv=1&ga_vid=1089484159.1647968652&ga_sid=1647968654&ga_hid=1254594487&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1082&ady=256&biw=1600&bih=1200&isw=300&ish=250&ifk=2439899007&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44759849%2C31065655&oid=2&pvsid=2071900859394315&pem=596&tmod=607578316&uas=0&nvt=1&ref=https%3A%2F%2Ft.co%2F&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.l7928iuzms5t&fsb=1&dtd=153
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ecc2e585ea072abb205881f3aad6f36e92d556537e7100a8a128ddbc75edb436
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 17:00:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
227
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6407
x-xss-protection
0
server
cafe
etag
6055885685211612390
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Tue, 05 Apr 2022 17:00:27 GMT
l
www.google.com/ads/measurement/ Frame 6830 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/measurement/l?ebcid=ALh7CaSK6i6EMRddahrHa2Hgsk6YyA9btKaK7n0mDMcLfOoB8hYKoLZW600KPhZOaNC0M5_kpHxg_FJXpqIL7lS25B18KYKMPA
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-7500593236707325&output=html&h=250&slotname=7286959315&adk=2838937357&adf=776186307&pi=t.ma~as.7286959315&w=300&psa=0&format=300x250&url=https%3A%2F%2Fthreatpost.com%2Fmicrosoft-exchange-exploited-cuba-ransomware%2F178665%2F%3Fes_id%3D3416c12156&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1647968653748&bpp=7&bdt=554&idt=140&shv=r20220317&mjsv=m202203160101&ptt=9&saldr=aa&cookie=ID%3Dac77f1cb2d51f312-225019dc63cd000d%3AT%3D1647968652%3AS%3DALNI_MZVNcYYVU4ajyVYWPxLX0ExSRNsaQ&correlator=5352491261781&frm=23&ife=4&pv=1&ga_vid=1089484159.1647968652&ga_sid=1647968654&ga_hid=1254594487&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1082&ady=256&biw=1600&bih=1200&isw=300&ish=250&ifk=2439899007&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44759849%2C31065655&oid=2&pvsid=2071900859394315&pem=596&tmod=607578316&uas=0&nvt=1&ref=https%3A%2F%2Ft.co%2F&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.l7928iuzms5t&fsb=1&dtd=153
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers
adview
googleads.g.doubleclick.net/pagead/ Frame 6830 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/adview?ai=Ct245jQE6YvjROZHmxgO_p7HgA5DhgYRctqjCivACwI23ARABIABglar2gZQHggEXY2EtcHViLTc1MDA1OTMyMzY3MDczMjWgAcKu6N0DyAEJqQL31ZcPv3yyPqgDAaoEkQJP0GI2VP4rfUMU7ywXi59Xq3tydjde3LVVdCWAHjntB9iprKCmFIbBqjf4tdTEr9ENTwv5vOM9uCNwgIRclJs_2O0I-HdycHUvsfwkKBWABUnJGbLoBRCmuu7t-UVoesvOsAfeYHhM46x9liKtbVHA1XHIm4j4HQr1omECjhpZfubBia7W-xdgoEtJDyh1yMaQXjIFyqXJ_Tnb6pxp8E2s73lxkcn0NHv0theoW_6mKnX9HnA87C84os75_yIF92rI2dUl3-hwXY4fi5U2FzE10FOlu5Iv-kRDfU_4Yq7jNBgfUV34kf1d8_AXSZHw3wFS-IR521noJhCykFJ8NZ0EApYYz8wPG1XyiX9x3n1KHk6ABry2mfOd_o_LMaAGIagHipixAqgHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBABgAoB-gsCCAGADAHQFQGAFwGyFxoKGBIUcHViLTc1MDA1OTMyMzY3MDczMjUYAA&sigh=133f3v7EQnQ&uach_m=[UACH]&cid=CAQSPACNIrLMZY9Zlyj_ko8ob3EVks-KM1XsGHy_DL-N1fMJA60ooHwxBkTWJZMis6ji7GgU8xE5DqQ3YL12eRgB
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-7500593236707325&output=html&h=250&slotname=7286959315&adk=2838937357&adf=776186307&pi=t.ma~as.7286959315&w=300&psa=0&format=300x250&url=https%3A%2F%2Fthreatpost.com%2Fmicrosoft-exchange-exploited-cuba-ransomware%2F178665%2F%3Fes_id%3D3416c12156&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1647968653748&bpp=7&bdt=554&idt=140&shv=r20220317&mjsv=m202203160101&ptt=9&saldr=aa&cookie=ID%3Dac77f1cb2d51f312-225019dc63cd000d%3AT%3D1647968652%3AS%3DALNI_MZVNcYYVU4ajyVYWPxLX0ExSRNsaQ&correlator=5352491261781&frm=23&ife=4&pv=1&ga_vid=1089484159.1647968652&ga_sid=1647968654&ga_hid=1254594487&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1082&ady=256&biw=1600&bih=1200&isw=300&ish=250&ifk=2439899007&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44759849%2C31065655&oid=2&pvsid=2071900859394315&pem=596&tmod=607578316&uas=0&nvt=1&ref=https%3A%2F%2Ft.co%2F&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.l7928iuzms5t&fsb=1&dtd=153
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-7500593236707325&output=html&h=250&slotname=7286959315&adk=2838937357&adf=776186307&pi=t.ma~as.7286959315&w=300&psa=0&format=300x250&url=https%3A%2F%2Fthreatpost.com%2Fmicrosoft-exchange-exploited-cuba-ransomware%2F178665%2F%3Fes_id%3D3416c12156&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1647968653748&bpp=7&bdt=554&idt=140&shv=r20220317&mjsv=m202203160101&ptt=9&saldr=aa&cookie=ID%3Dac77f1cb2d51f312-225019dc63cd000d%3AT%3D1647968652%3AS%3DALNI_MZVNcYYVU4ajyVYWPxLX0ExSRNsaQ&correlator=5352491261781&frm=23&ife=4&pv=1&ga_vid=1089484159.1647968652&ga_sid=1647968654&ga_hid=1254594487&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1082&ady=256&biw=1600&bih=1200&isw=300&ish=250&ifk=2439899007&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44759849%2C31065655&oid=2&pvsid=2071900859394315&pem=596&tmod=607578316&uas=0&nvt=1&ref=https%3A%2F%2Ft.co%2F&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.l7928iuzms5t&fsb=1&dtd=153
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin
*
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
date
Tue, 22 Mar 2022 17:04:14 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
winResponse
prod-rtb.ad4mat.net/ Frame 6830 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://prod-rtb.ad4mat.net/winResponse?a=1j7bhcectdk713cypy9f149v44p4x12m1rdmmr6jany211hejpfrdkwqjmpqjbv2m47fvx79z6e6ht5z4txc2xcf9e6tnq1sq8nf237t7vp3s7e3x0wxf0fk7vy9aw56swqgfa4gy44dp51ymf848n1nqafxgmfhh20se8h8ex3zk2g9s1m26bbgb5nqcjyt0f7xxpy1f6h75ysxqe6cf8yw0j7psmw11k9ft177vts6vxhtcdc1wzf9pab13bp702c945387h4m71tk9rdq65hqmva8ff6ke07jpdg1c9qz5mfcyv1skwngvg2fbygjxhxpx8tmpwwpmb0j5sdehs51smjw0tqwxv13pdyvd9fys3w1d206g0zkhh223ap9xfz232as8crbc5h6f043veetfafj6&b=YjoBjQAOaPgKcbMRAAxTvxpwiaWkcz2vJKHDSQ
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-7500593236707325&output=html&h=250&slotname=7286959315&adk=2838937357&adf=776186307&pi=t.ma~as.7286959315&w=300&psa=0&format=300x250&url=https%3A%2F%2Fthreatpost.com%2Fmicrosoft-exchange-exploited-cuba-ransomware%2F178665%2F%3Fes_id%3D3416c12156&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1647968653748&bpp=7&bdt=554&idt=140&shv=r20220317&mjsv=m202203160101&ptt=9&saldr=aa&cookie=ID%3Dac77f1cb2d51f312-225019dc63cd000d%3AT%3D1647968652%3AS%3DALNI_MZVNcYYVU4ajyVYWPxLX0ExSRNsaQ&correlator=5352491261781&frm=23&ife=4&pv=1&ga_vid=1089484159.1647968652&ga_sid=1647968654&ga_hid=1254594487&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1082&ady=256&biw=1600&bih=1200&isw=300&ish=250&ifk=2439899007&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44759849%2C31065655&oid=2&pvsid=2071900859394315&pem=596&tmod=607578316&uas=0&nvt=1&ref=https%3A%2F%2Ft.co%2F&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.l7928iuzms5t&fsb=1&dtd=153
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:1901:0:76b9:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

access-control-allow-origin
*
date
Tue, 22 Mar 2022 17:04:14 GMT
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-type
image/gif
dr
as.ad4m.at/ad/ Frame D6A0 		2 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://as.ad4m.at/ad/dr?ed=1jhch34kkrnh671rz3mc0cwefh24xr29e2s9w8g01fybcsyq9hk36j03czx1azm669x3xayzcgqfmt3c5j3ttaqka6k8s6h975zbhbs7xkt090dkv0q0wxchtf1k1x8smeznj8cbm5188ce9g03x41pa6wbkmjwd1ej5nravxgz8wewqgjs95nte4k3pzmc2vxbp4f64pazn3192m4k2agp7r93snretw457wspwge4j1y8sy8qpzm4rw97b6kt8r3bay64nf1mzvyv0zvqc0eey9g9tvjkq275d6pdrvbxdrzwprckgy2mp3pfnk1battv98kx4nx9jbx8kb6y5c0esgbrgwbt6gnbqfzajjanj8qrjcx812cdg2gthxkjebdv92eqsx8pf8ynwy58re0c92j7a15cfzfsahep5njqrv681ypjjg&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCjk71jQE6YvjROZHmxgO_p7HgA5DhgYRctqjCivACwI23ARABIABglar2gZQHggEXY2EtcHViLTc1MDA1OTMyMzY3MDczMjWgAcKu6N0DyAEJqQL31ZcPv3yyPqgDAaoElAJP0GI2VP4rfUMU7ywXi59Xq3tydjde3LVVdCWAHjntB9iprKCmFIbBqjf4tdTEr9ENTwv5vOM9uCNwgIRclJs_2O0I-HdycHUvsfwkKBWABUnJGbLoBRCmuu7t-UVoesvOsAfeYHhM46x9liKtbVHA1XHIm4j4HQr1omECjhpZfubBia7W-xdgoEtJDyh1yMaQXjIFyqXJ_Tnb6pxp8E2s73lxkcn0NHv0theoW_6mKnX9HnA87C84os75_yIF92rI2dUl3-hwXY4fi5U2FzE10FOlu5Iv-kRDfU_4Yq7jNBgfUV34kf1d8_AXC5PRTdarf8SxXBF-_FkgYmtoPzAOLI7FTw5Gia1ml1NpC6HVXoZbocOABry2mfOd_o_LMaAGIagHipixAqgHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_2C8EvCB_qxAFxA4MtUPO62dnFFuQ%26client%3Dca-pub-7500593236707325%26adurl%3D
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-7500593236707325&output=html&h=250&slotname=7286959315&adk=2838937357&adf=776186307&pi=t.ma~as.7286959315&w=300&psa=0&format=300x250&url=https%3A%2F%2Fthreatpost.com%2Fmicrosoft-exchange-exploited-cuba-ransomware%2F178665%2F%3Fes_id%3D3416c12156&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1647968653748&bpp=7&bdt=554&idt=140&shv=r20220317&mjsv=m202203160101&ptt=9&saldr=aa&cookie=ID%3Dac77f1cb2d51f312-225019dc63cd000d%3AT%3D1647968652%3AS%3DALNI_MZVNcYYVU4ajyVYWPxLX0ExSRNsaQ&correlator=5352491261781&frm=23&ife=4&pv=1&ga_vid=1089484159.1647968652&ga_sid=1647968654&ga_hid=1254594487&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1082&ady=256&biw=1600&bih=1200&isw=300&ish=250&ifk=2439899007&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44759849%2C31065655&oid=2&pvsid=2071900859394315&pem=596&tmod=607578316&uas=0&nvt=1&ref=https%3A%2F%2Ft.co%2F&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.l7928iuzms5t&fsb=1&dtd=153
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:ad1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
186248360142bef9529bc39ba77ee731901f8205fd07b71130be0b6ecc57d5ea
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri *;child-src *;connect-src *;default-src 'self';font-src *;form-action 'none';frame-ancestors * data:;frame-src *;img-src * data:;manifest-src 'none';media-src 'none';navigate-to *;object-src 'none';prefetch-src 'none';script-src * 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';worker-src 'none'
Strict-Transport-Security max-age=86400; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/

Response headers

date
Tue, 22 Mar 2022 17:04:14 GMT
content-type
text/html; charset=utf-8
pragma
no-cache
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate
referrer-policy
same-origin
content-security-policy
block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri *;child-src *;connect-src *;default-src 'self';font-src *;form-action 'none';frame-ancestors * data:;frame-src *;img-src * data:;manifest-src 'none';media-src 'none';navigate-to *;object-src 'none';prefetch-src 'none';script-src * 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';worker-src 'none'
surrogate-control
no-store
nel
{"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0","include_subdomains":true}
cross-origin-embedder-policy
unsafe-none
strict-transport-security
max-age=86400; includeSubDomains; preload
report-to
{"endpoints":[{"url":"/ad/vre"}],"group":"report-endpoint","max_age":86400}
cross-origin-resource-policy
cross-origin
expires
0
x-content-type-options
nosniff
cross-origin-opener-policy
unsafe-none
x-download-options
noopen
x-xss-protection
1; mode=block
vary
accept-encoding
feature-policy
geolocation 'none';midi 'none';sync-xhr 'none';microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';fullscreen 'none';payment 'none';accelerometer 'none';usb 'none';autoplay 'self'
via
1.1 google
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
6f0081593a7b9137-FRA
content-encoding
br
cookie_push_onload.html
pagead2.googlesyndication.com/pagead/s/ Frame AF15 		1 KB
749 B 		Document
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-7500593236707325&output=html&h=250&slotname=7286959315&adk=2838937357&adf=776186307&pi=t.ma~as.7286959315&w=300&psa=0&format=300x250&url=https%3A%2F%2Fthreatpost.com%2Fmicrosoft-exchange-exploited-cuba-ransomware%2F178665%2F%3Fes_id%3D3416c12156&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1647968653748&bpp=7&bdt=554&idt=140&shv=r20220317&mjsv=m202203160101&ptt=9&saldr=aa&cookie=ID%3Dac77f1cb2d51f312-225019dc63cd000d%3AT%3D1647968652%3AS%3DALNI_MZVNcYYVU4ajyVYWPxLX0ExSRNsaQ&correlator=5352491261781&frm=23&ife=4&pv=1&ga_vid=1089484159.1647968652&ga_sid=1647968654&ga_hid=1254594487&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1082&ady=256&biw=1600&bih=1200&isw=300&ish=250&ifk=2439899007&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44759849%2C31065655&oid=2&pvsid=2071900859394315&pem=596&tmod=607578316&uas=0&nvt=1&ref=https%3A%2F%2Ft.co%2F&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.l7928iuzms5t&fsb=1&dtd=153
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/

Response headers

p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
vary
Accept-Encoding
x-content-type-options
nosniff
content-encoding
gzip
server
cafe
content-length
724
x-xss-protection
0
date
Tue, 22 Mar 2022 13:26:12 GMT
expires
Wed, 23 Mar 2022 13:26:12 GMT
cache-control
public, max-age=86400
age
13082
etag
48472445140208031
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
/
track.adform.net/adfscript/ Frame 7808 		747 B
941 B 		Script
General
Check archive.org
Download Go to
Full URL
https://track.adform.net/adfscript/?bn=53432684;click=https%3A%2F%2Fhal900028.redintelligence.net%2Fc%2Fpcw1gnelwdw9crj%3Ftprde%3D
Requested by
Host: hal900028.redintelligence.net
URL: https://hal900028.redintelligence.net/request_content.php?s=73840600174980904354386011906028&a=aa5a9e21
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.3.28 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
ff2748af686617f41cfcbeac491d5b816ab946d75a82f28a7da9a2f2525962f0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://hal900028.redintelligence.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 22 Mar 2022 17:04:14 GMT
content-encoding
gzip
server
nginx
vary
Accept-Encoding
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, no-transform
strict-transport-security
max-age=31536000; includeSubDomains
content-type
text/javascript; charset=utf-8
content-length
548
expires
-1
generate_204
tpc.googlesyndication.com/ Frame 35FE 		0
9 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/generate_204?84QSDQ
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 17:04:14 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
viewability
hal900028.redintelligence.net/ Frame 7808 		0
150 B 		Script
General
Check archive.org
Download Go to
Full URL
https://hal900028.redintelligence.net/viewability?s=73840600174980904354386011906028&a=dcc885f6&vb=m
Requested by
Host: hal900028.redintelligence.net
URL: https://hal900028.redintelligence.net/request_content.php?s=73840600174980904354386011906028&a=aa5a9e21
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
88.99.165.19 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.19.165.99.88.clients.your-server.de
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://hal900028.redintelligence.net/request_content.php?s=73840600174980904354386011906028&a=aa5a9e21
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date
Tue, 22 Mar 2022 17:04:14 GMT
Server
Apache
Connection
close
Content-Length
0
Content-Type
text/html; charset=UTF-8
dpixel
cms.quantserve.com/ Frame AF15 		35 B
362 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEPWUMNLO1fWFhMIenVyQark&google_cver=1&google_push=AYg5qPIEWXyIMOTU5VaLEoLYfLImoCBPo5-9FrGJ32R0hsvvySFG0ac8mHd3xwGg_hFq3BMZB_bTXQHKYNen3iR-pH0k8o-CWA
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-7500593236707325&output=html&h=250&slotname=7286959315&adk=2838937357&adf=776186307&pi=t.ma~as.7286959315&w=300&psa=0&format=300x250&url=https%3A%2F%2Fthreatpost.com%2Fmicrosoft-exchange-exploited-cuba-ransomware%2F178665%2F%3Fes_id%3D3416c12156&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1647968653748&bpp=7&bdt=554&idt=140&shv=r20220317&mjsv=m202203160101&ptt=9&saldr=aa&cookie=ID%3Dac77f1cb2d51f312-225019dc63cd000d%3AT%3D1647968652%3AS%3DALNI_MZVNcYYVU4ajyVYWPxLX0ExSRNsaQ&correlator=5352491261781&frm=23&ife=4&pv=1&ga_vid=1089484159.1647968652&ga_sid=1647968654&ga_hid=1254594487&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1082&ady=256&biw=1600&bih=1200&isw=300&ish=250&ifk=2439899007&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44759849%2C31065655&oid=2&pvsid=2071900859394315&pem=596&tmod=607578316&uas=0&nvt=1&ref=https%3A%2F%2Ft.co%2F&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.l7928iuzms5t&fsb=1&dtd=153
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:116:800d:21:3175:5196:e3fd:8c1d , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
Security Headers
Name Value
Strict-Transport-Security max-age=86400

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 22 Mar 2022 17:04:14 GMT
strict-transport-security
max-age=86400
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control
private, no-cache, no-store, proxy-revalidate
content-type
image/gif
content-length
35
expires
Fri, 04 Aug 1978 12:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame AF15
Redirect Chain
  • https://pixel.everesttech.net/1/m?url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Deverest%26google_hm%3D__EFGSURFER_USB64__%26google_push%3DAYg5qPL_s6oymH7uR-CuQEiJLdRC7d3c9RW3-2sr3Ej...
  • https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WWpvQml3QUFBRTlYVXdQMA&google_push=AYg5qPL_s6oymH7uR-CuQEiJLdRC7d3c9RW3-2sr3EjWfcXG84X7G3tUZeMQiwJJDIJlgna5UpZE-QW3U8DEjYBd_La-sXsPQ5I
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WWpvQml3QUFBRTlYVXdQMA&google_push=AYg5qPL_s6oymH7uR-CuQEiJLdRC7d3c9RW3-2sr3EjWfcXG84X7G3tUZeMQiwJJDIJlgna5UpZE-QW3U8DEjYBd_La-sXsPQ5I
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-7500593236707325&output=html&h=250&slotname=7286959315&adk=2838937357&adf=776186307&pi=t.ma~as.7286959315&w=300&psa=0&format=300x250&url=https%3A%2F%2Fthreatpost.com%2Fmicrosoft-exchange-exploited-cuba-ransomware%2F178665%2F%3Fes_id%3D3416c12156&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1647968653748&bpp=7&bdt=554&idt=140&shv=r20220317&mjsv=m202203160101&ptt=9&saldr=aa&cookie=ID%3Dac77f1cb2d51f312-225019dc63cd000d%3AT%3D1647968652%3AS%3DALNI_MZVNcYYVU4ajyVYWPxLX0ExSRNsaQ&correlator=5352491261781&frm=23&ife=4&pv=1&ga_vid=1089484159.1647968652&ga_sid=1647968654&ga_hid=1254594487&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1082&ady=256&biw=1600&bih=1200&isw=300&ish=250&ifk=2439899007&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44759849%2C31065655&oid=2&pvsid=2071900859394315&pem=596&tmod=607578316&uas=0&nvt=1&ref=https%3A%2F%2Ft.co%2F&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.l7928iuzms5t&fsb=1&dtd=153
Protocol
H3
Server
142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 22 Mar 2022 17:04:14 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WWpvQml3QUFBRTlYVXdQMA&google_push=AYg5qPL_s6oymH7uR-CuQEiJLdRC7d3c9RW3-2sr3EjWfcXG84X7G3tUZeMQiwJJDIJlgna5UpZE-QW3U8DEjYBd_La-sXsPQ5I
Date
Tue, 22 Mar 2022 17:04:14 GMT
Server
Apache
Connection
keep-alive
Content-Length
390
Content-Type
text/html; charset=iso-8859-1
pixel
cm.g.doubleclick.net/ Frame AF15
Redirect Chain
  • https://id.rlcdn.com/466606.gif?cparams=google_push%3DAYg5qPJ4Rsx1Kelwpb0CH6bbEJcucJwkSPnq2SpGkN1Cd9LkR7x_bbKjHicWwZxFJHE_emb3mq2JIk7soikoYLdR4ySGEtf3hA&google_gid=CAESEK5z_MngaUxYdZxY05FaARg&googl...
  • https://id.rlcdn.com/1000.gif?memo=CK69HBoNCI6D6JEGEgUI6AcQAEIASm5nb29nbGVfcHVzaD1BWWc1cVBKNFJzeDFLZWx3cGIwQ0g2YmJFSmN1Y0p3a1NQbnEyU3BHa04xQ2Q5TGtSN3hfYmJLakhpY1d3WnhGSkhFX2VtYjNtcTJKSWs3c29pa29ZTG...
  • https://cm.g.doubleclick.net/pixel?google_nid=liveramp&google_hm=WGMzMDcwQlFTczE5V0dMdUZZUXJTQTlwTVViSzJDdlFMVF84c0hBM0tRWWp5aDZzWQ==&google_push
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=liveramp&google_hm=WGMzMDcwQlFTczE5V0dMdUZZUXJTQTlwTVViSzJDdlFMVF84c0hBM0tRWWp5aDZzWQ==&google_push
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-7500593236707325&output=html&h=250&slotname=7286959315&adk=2838937357&adf=776186307&pi=t.ma~as.7286959315&w=300&psa=0&format=300x250&url=https%3A%2F%2Fthreatpost.com%2Fmicrosoft-exchange-exploited-cuba-ransomware%2F178665%2F%3Fes_id%3D3416c12156&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1647968653748&bpp=7&bdt=554&idt=140&shv=r20220317&mjsv=m202203160101&ptt=9&saldr=aa&cookie=ID%3Dac77f1cb2d51f312-225019dc63cd000d%3AT%3D1647968652%3AS%3DALNI_MZVNcYYVU4ajyVYWPxLX0ExSRNsaQ&correlator=5352491261781&frm=23&ife=4&pv=1&ga_vid=1089484159.1647968652&ga_sid=1647968654&ga_hid=1254594487&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1082&ady=256&biw=1600&bih=1200&isw=300&ish=250&ifk=2439899007&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44759849%2C31065655&oid=2&pvsid=2071900859394315&pem=596&tmod=607578316&uas=0&nvt=1&ref=https%3A%2F%2Ft.co%2F&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.l7928iuzms5t&fsb=1&dtd=153
Protocol
H3
Server
142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 22 Mar 2022 17:04:14 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date
Tue, 22 Mar 2022 17:04:14 GMT
via
1.1 google
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location
https://cm.g.doubleclick.net/pixel?google_nid=liveramp&google_hm=WGMzMDcwQlFTczE5V0dMdUZZUXJTQTlwTVViSzJDdlFMVF84c0hBM0tRWWp5aDZzWQ==&google_push
cache-control
no-cache, no-store
timing-allow-origin
*
alt-svc
clear
content-length
0
dds
rtb.openx.net/sync/ Frame AF15 		43 B
351 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb.openx.net/sync/dds?google_gid=CAESEFrmmbymvRyo4L9YYQms9hs&google_cver=1&google_push=AYg5qPJfbzEQbo0soVTyrod0y_voz9CTZpBaleSxRjaNt9menHMnB6vPV6qUeW0AIlVvaI2tlhW9iT2SV3sD2Osao-mInI4Enw
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-7500593236707325&output=html&h=250&slotname=7286959315&adk=2838937357&adf=776186307&pi=t.ma~as.7286959315&w=300&psa=0&format=300x250&url=https%3A%2F%2Fthreatpost.com%2Fmicrosoft-exchange-exploited-cuba-ransomware%2F178665%2F%3Fes_id%3D3416c12156&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1647968653748&bpp=7&bdt=554&idt=140&shv=r20220317&mjsv=m202203160101&ptt=9&saldr=aa&cookie=ID%3Dac77f1cb2d51f312-225019dc63cd000d%3AT%3D1647968652%3AS%3DALNI_MZVNcYYVU4ajyVYWPxLX0ExSRNsaQ&correlator=5352491261781&frm=23&ife=4&pv=1&ga_vid=1089484159.1647968652&ga_sid=1647968654&ga_hid=1254594487&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1082&ady=256&biw=1600&bih=1200&isw=300&ish=250&ifk=2439899007&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44759849%2C31065655&oid=2&pvsid=2071900859394315&pem=596&tmod=607578316&uas=0&nvt=1&ref=https%3A%2F%2Ft.co%2F&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.l7928iuzms5t&fsb=1&dtd=153
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.227.252.103 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
103.252.227.35.bc.googleusercontent.com
Software
Cowboy /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 22 Mar 2022 17:04:13 GMT
via
1.1 google
server
Cowboy
vary
Origin
p3p
CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin
null
access-control-expose-headers
cache-control
private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials
true
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
x-request-id
8s4k32tghtk46cm5hjvb1qnf6f374dbl
pixel
cm.g.doubleclick.net/ Frame AF15
Redirect Chain
  • https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
  • https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
  • https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=6Mqsl4HIShaBDongFgVKdQ%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=6Mqsl4HIShaBDongFgVKdQ%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPLGIdRcueM_qB4SQNUXlK8EYzQOtOVIKh8BF2Rh8pZPFHpQ8QzRksA7MtOYAbyhARwL4JBXHPgSw1HT9dhhWxxfGqU-bUQ
Protocol
H3
Server
142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 22 Mar 2022 17:04:15 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=6Mqsl4HIShaBDongFgVKdQ%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPLGIdRcueM_qB4SQNUXlK8EYzQOtOVIKh8BF2Rh8pZPFHpQ8QzRksA7MtOYAbyhARwL4JBXHPgSw1HT9dhhWxxfGqU-bUQ
date
Tue, 22 Mar 2022 17:04:14 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length
0
content-type
text/html; charset=UTF-8
pixel
cm.g.doubleclick.net/ Frame AF15
Redirect Chain
  • https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEF7coMKGXqAQyfob6I9liJ0&google_cver=1&google_push=AYg5qPJEMOD8kW9cpb7FWPLSSqVTl96haXSMs5FV0vwLqKPF7V-iBwKaSOlbJVuPlvC3YQ34eXU...
  • https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDEyRFpIUlUtTy03SlJW&google_push=AYg5qPJEMOD8kW9cpb7FWPLSSqVTl96haXSMs5FV0vwLqKPF7V-iBwKaSOlbJVuPlvC3YQ34eXUDiXwP4jQ4l-nEVp8sek43ZNE
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDEyRFpIUlUtTy03SlJW&google_push=AYg5qPJEMOD8kW9cpb7FWPLSSqVTl96haXSMs5FV0vwLqKPF7V-iBwKaSOlbJVuPlvC3YQ34eXUDiXwP4jQ4l-nEVp8sek43ZNE
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-7500593236707325&output=html&h=250&slotname=7286959315&adk=2838937357&adf=776186307&pi=t.ma~as.7286959315&w=300&psa=0&format=300x250&url=https%3A%2F%2Fthreatpost.com%2Fmicrosoft-exchange-exploited-cuba-ransomware%2F178665%2F%3Fes_id%3D3416c12156&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1647968653748&bpp=7&bdt=554&idt=140&shv=r20220317&mjsv=m202203160101&ptt=9&saldr=aa&cookie=ID%3Dac77f1cb2d51f312-225019dc63cd000d%3AT%3D1647968652%3AS%3DALNI_MZVNcYYVU4ajyVYWPxLX0ExSRNsaQ&correlator=5352491261781&frm=23&ife=4&pv=1&ga_vid=1089484159.1647968652&ga_sid=1647968654&ga_hid=1254594487&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1082&ady=256&biw=1600&bih=1200&isw=300&ish=250&ifk=2439899007&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44759849%2C31065655&oid=2&pvsid=2071900859394315&pem=596&tmod=607578316&uas=0&nvt=1&ref=https%3A%2F%2Ft.co%2F&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.l7928iuzms5t&fsb=1&dtd=153
Protocol
H3
Server
142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 22 Mar 2022 17:04:14 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma
no-cache
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDEyRFpIUlUtTy03SlJW&google_push=AYg5qPJEMOD8kW9cpb7FWPLSSqVTl96haXSMs5FV0vwLqKPF7V-iBwKaSOlbJVuPlvC3YQ34eXUDiXwP4jQ4l-nEVp8sek43ZNE
Cache-Control
no-cache,no-store,must-revalidate
Content-Type
text/html
content-length
0
X-RPHost
704c1e4d3fcc922a3031d436b584678b
Expires
0
pixel
cm.g.doubleclick.net/ Frame AF15
Redirect Chain
  • https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEJkLEZtPw0tnVRew374L2V4&google_cver=1&googl...
  • https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_cver=1&google_gid=CAESEJkLEZtPw0tnVRew374L2V4&google_push=AY...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YjoBjhvAXocsZHzZFRdRxwAABHEAAAAB&google_cver=1&google_push=AYg5qPJaNyee3Gbro3hWe3rxAeY_g9aiOaNd6qSYKZKa_r120C_KakrbQVRLsNcyiWEmgHPCPMy2...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YjoBjhvAXocsZHzZFRdRxwAABHEAAAAB&google_cver=1&google_push=AYg5qPJaNyee3Gbro3hWe3rxAeY_g9aiOaNd6qSYKZKa_r120C_KakrbQVRLsNcyiWEmgHPCPMy2...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YjoBjhvAXocsZHzZFRdRxwAABHEAAAAB&google_cver=1&google_push=AYg5qPJaNyee3Gbro3hWe3rxAeY_g9aiOaNd6qSYKZKa_r120C_KakrbQVRLsNcyiWEmgHPCPMy2...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YjoBjhvAXocsZHzZFRdRxwAABHEAAAAB&google_cver=1&google_push=AYg5qPJaNyee3Gbro3hWe3rxAeY_g9aiOaNd6qSYKZKa_r120C_KakrbQVRLsNcyiWEmgHPCPMy2...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YjoBjhvAXocsZHzZFRdRxwAABHEAAAAB&google_cver=1&google_push=AYg5qPJaNyee3Gbro3hWe3rxAeY_g9aiOaNd6qSYKZKa_r120C_KakrbQVRLsNcyiWEmgHPCPMy2...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YjoBjhvAXocsZHzZFRdRxwAABHEAAAAB&google_cver=1&google_push=AYg5qPJaNyee3Gbro3hWe3rxAeY_g9aiOaNd6qSYKZKa_r120C_KakrbQVRLsNcyiWEmgHPCPMy2...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YjoBjhvAXocsZHzZFRdRxwAABHEAAAAB&google_cver=1&google_push=AYg5qPJaNyee3Gbro3hWe3rxAeY_g9aiOaNd6qSYKZKa_r120C_KakrbQVRLsNcyiWEmgHPCPMy2...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YjoBjhvAXocsZHzZFRdRxwAABHEAAAAB&google_cver=1&google_push=AYg5qPJaNyee3Gbro3hWe3rxAeY_g9aiOaNd6qSYKZKa_r120C_KakrbQVRLsNcyiWEmgHPCPMy2...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YjoBjhvAXocsZHzZFRdRxwAABHEAAAAB&google_cver=1&google_push=AYg5qPJaNyee3Gbro3hWe3rxAeY_g9aiOaNd6qSYKZKa_r120C_KakrbQVRLsNcyiWEmgHPCPMy2...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YjoBjhvAXocsZHzZFRdRxwAABHEAAAAB&google_cver=1&google_push=AYg5qPJaNyee3Gbro3hWe3rxAeY_g9aiOaNd6qSYKZKa_r120C_KakrbQVRLsNcyiWEmgHPCPMy2...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YjoBjhvAXocsZHzZFRdRxwAABHEAAAAB&google_cver=1&google_push=AYg5qPJaNyee3Gbro3hWe3rxAeY_g9aiOaNd6qSYKZKa_r120C_KakrbQVRLsNcyiWEmgHPCPMy2...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YjoBjhvAXocsZHzZFRdRxwAABHEAAAAB&google_cver=1&google_push=AYg5qPJaNyee3Gbro3hWe3rxAeY_g9aiOaNd6qSYKZKa_r120C_KakrbQVRLsNcyiWEmgHPCPMy2...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YjoBjhvAXocsZHzZFRdRxwAABHEAAAAB&google_cver=1&google_push=AYg5qPJaNyee3Gbro3hWe3rxAeY_g9aiOaNd6qSYKZKa_r120C_KakrbQVRLsNcyiWEmgHPCPMy2...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YjoBjhvAXocsZHzZFRdRxwAABHEAAAAB&google_cver=1&google_push=AYg5qPJaNyee3Gbro3hWe3rxAeY_g9aiOaNd6qSYKZKa_r120C_KakrbQVRLsNcyiWEmgHPCPMy2...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YjoBjhvAXocsZHzZFRdRxwAABHEAAAAB&google_cver=1&google_push=AYg5qPJaNyee3Gbro3hWe3rxAeY_g9aiOaNd6qSYKZKa_r120C_KakrbQVRLsNcyiWEmgHPCPMy2...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YjoBjhvAXocsZHzZFRdRxwAABHEAAAAB&google_cver=1&google_push=AYg5qPJaNyee3Gbro3hWe3rxAeY_g9aiOaNd6qSYKZKa_r120C_KakrbQVRLsNcyiWEmgHPCPMy2...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YjoBjhvAXocsZHzZFRdRxwAABHEAAAAB&google_cver=1&google_push=AYg5qPJaNyee3Gbro3hWe3rxAeY_g9aiOaNd6qSYKZKa_r120C_KakrbQVRLsNcyiWEmgHPCPMy2...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YjoBjhvAXocsZHzZFRdRxwAABHEAAAAB&google_cver=1&google_push=AYg5qPJaNyee3Gbro3hWe3rxAeY_g9aiOaNd6qSYKZKa_r120C_KakrbQVRLsNcyiWEmgHPCPMy2...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YjoBjhvAXocsZHzZFRdRxwAABHEAAAAB&google_cver=1&google_push=AYg5qPJaNyee3Gbro3hWe3rxAeY_g9aiOaNd6qSYKZKa_r120C_KakrbQVRLsNcyiWEmgHPCPMy2...
0
0
attr
cm.g.doubleclick.net/pixel/ Frame AF15 		0
232 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel/attr?d=AHNF13LE91tYJ8cQRCHK4-7UczxiPJyRScvKYF-tlXe6vIb0BQ655GBeU-JNw3OaHFj5IaE14XnZ
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-7500593236707325&output=html&h=250&slotname=7286959315&adk=2838937357&adf=776186307&pi=t.ma~as.7286959315&w=300&psa=0&format=300x250&url=https%3A%2F%2Fthreatpost.com%2Fmicrosoft-exchange-exploited-cuba-ransomware%2F178665%2F%3Fes_id%3D3416c12156&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1647968653748&bpp=7&bdt=554&idt=140&shv=r20220317&mjsv=m202203160101&ptt=9&saldr=aa&cookie=ID%3Dac77f1cb2d51f312-225019dc63cd000d%3AT%3D1647968652%3AS%3DALNI_MZVNcYYVU4ajyVYWPxLX0ExSRNsaQ&correlator=5352491261781&frm=23&ife=4&pv=1&ga_vid=1089484159.1647968652&ga_sid=1647968654&ga_hid=1254594487&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1082&ady=256&biw=1600&bih=1200&isw=300&ish=250&ifk=2439899007&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44759849%2C31065655&oid=2&pvsid=2071900859394315&pem=596&tmod=607578316&uas=0&nvt=1&ref=https%3A%2F%2Ft.co%2F&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.l7928iuzms5t&fsb=1&dtd=153
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 17:04:14 GMT
server
HTTP server (unknown)
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
content-type
text/html
generate_204
tpc.googlesyndication.com/ Frame 1F18 		0
9 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/generate_204?53DNbQ
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 17:04:14 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
truncated
/ Frame 6830 		218 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
798f030b71236e3e0558470a585a697e360328ed6000f3ec35574e4cc373b6a2

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type
image/png
usync.js
eus.rubiconproject.com/ Frame CD6A 		32 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.js
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?&gdpr=0&geo=eu&co=de
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.37.42.132 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-37-42-132.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash
85fae6da7be6b2a4299638f9a7de6d7df6e1746186532465ef1c228faaf9a0bb

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/usync.html?&gdpr=0&geo=eu&co=de
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date
Tue, 22 Mar 2022 17:04:14 GMT
Content-Encoding
gzip
Last-Modified
Wed, 02 Mar 2022 16:27:58 GMT
Server
Apache/2.2.15 (CentOS)
X-Powered-By
PHP/5.3.3
Vary
Accept-Encoding
p3p
CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control
max-age=60305
Connection
keep-alive
Content-Type
text/html; charset=UTF-8
Content-Length
9540
Expires
Wed, 23 Mar 2022 09:49:19 GMT
default.css
as.ad4m.at/ad/style/0.1.18/one-ad/ Frame D6A0 		81 KB
11 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://as.ad4m.at/ad/style/0.1.18/one-ad/default.css
Requested by
Host: as.ad4m.at
URL: https://as.ad4m.at/ad/dr?ed=1jhch34kkrnh671rz3mc0cwefh24xr29e2s9w8g01fybcsyq9hk36j03czx1azm669x3xayzcgqfmt3c5j3ttaqka6k8s6h975zbhbs7xkt090dkv0q0wxchtf1k1x8smeznj8cbm5188ce9g03x41pa6wbkmjwd1ej5nravxgz8wewqgjs95nte4k3pzmc2vxbp4f64pazn3192m4k2agp7r93snretw457wspwge4j1y8sy8qpzm4rw97b6kt8r3bay64nf1mzvyv0zvqc0eey9g9tvjkq275d6pdrvbxdrzwprckgy2mp3pfnk1battv98kx4nx9jbx8kb6y5c0esgbrgwbt6gnbqfzajjanj8qrjcx812cdg2gthxkjebdv92eqsx8pf8ynwy58re0c92j7a15cfzfsahep5njqrv681ypjjg&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCjk71jQE6YvjROZHmxgO_p7HgA5DhgYRctqjCivACwI23ARABIABglar2gZQHggEXY2EtcHViLTc1MDA1OTMyMzY3MDczMjWgAcKu6N0DyAEJqQL31ZcPv3yyPqgDAaoElAJP0GI2VP4rfUMU7ywXi59Xq3tydjde3LVVdCWAHjntB9iprKCmFIbBqjf4tdTEr9ENTwv5vOM9uCNwgIRclJs_2O0I-HdycHUvsfwkKBWABUnJGbLoBRCmuu7t-UVoesvOsAfeYHhM46x9liKtbVHA1XHIm4j4HQr1omECjhpZfubBia7W-xdgoEtJDyh1yMaQXjIFyqXJ_Tnb6pxp8E2s73lxkcn0NHv0theoW_6mKnX9HnA87C84os75_yIF92rI2dUl3-hwXY4fi5U2FzE10FOlu5Iv-kRDfU_4Yq7jNBgfUV34kf1d8_AXC5PRTdarf8SxXBF-_FkgYmtoPzAOLI7FTw5Gia1ml1NpC6HVXoZbocOABry2mfOd_o_LMaAGIagHipixAqgHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_2C8EvCB_qxAFxA4MtUPO62dnFFuQ%26client%3Dca-pub-7500593236707325%26adurl%3D
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:20::681a:ad1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0442de55e3838ce2b8cfca9a7ad2a6bcecfd94844453c13b38d7a9f1d31944b9
Security Headers
Name Value
Strict-Transport-Security max-age=86400; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://as.ad4m.at/ad/dr?ed=1jhch34kkrnh671rz3mc0cwefh24xr29e2s9w8g01fybcsyq9hk36j03czx1azm669x3xayzcgqfmt3c5j3ttaqka6k8s6h975zbhbs7xkt090dkv0q0wxchtf1k1x8smeznj8cbm5188ce9g03x41pa6wbkmjwd1ej5nravxgz8wewqgjs95nte4k3pzmc2vxbp4f64pazn3192m4k2agp7r93snretw457wspwge4j1y8sy8qpzm4rw97b6kt8r3bay64nf1mzvyv0zvqc0eey9g9tvjkq275d6pdrvbxdrzwprckgy2mp3pfnk1battv98kx4nx9jbx8kb6y5c0esgbrgwbt6gnbqfzajjanj8qrjcx812cdg2gthxkjebdv92eqsx8pf8ynwy58re0c92j7a15cfzfsahep5njqrv681ypjjg&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCjk71jQE6YvjROZHmxgO_p7HgA5DhgYRctqjCivACwI23ARABIABglar2gZQHggEXY2EtcHViLTc1MDA1OTMyMzY3MDczMjWgAcKu6N0DyAEJqQL31ZcPv3yyPqgDAaoElAJP0GI2VP4rfUMU7ywXi59Xq3tydjde3LVVdCWAHjntB9iprKCmFIbBqjf4tdTEr9ENTwv5vOM9uCNwgIRclJs_2O0I-HdycHUvsfwkKBWABUnJGbLoBRCmuu7t-UVoesvOsAfeYHhM46x9liKtbVHA1XHIm4j4HQr1omECjhpZfubBia7W-xdgoEtJDyh1yMaQXjIFyqXJ_Tnb6pxp8E2s73lxkcn0NHv0theoW_6mKnX9HnA87C84os75_yIF92rI2dUl3-hwXY4fi5U2FzE10FOlu5Iv-kRDfU_4Yq7jNBgfUV34kf1d8_AXC5PRTdarf8SxXBF-_FkgYmtoPzAOLI7FTw5Gia1ml1NpC6HVXoZbocOABry2mfOd_o_LMaAGIagHipixAqgHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_2C8EvCB_qxAFxA4MtUPO62dnFFuQ%26client%3Dca-pub-7500593236707325%26adurl%3D
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 17:04:14 GMT
via
1.1 google
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0","include_subdomains":true}
age
682393
cross-origin-embedder-policy
unsafe-none
cf-polished
origSize=83581
surrogate-control
no-store
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=86400; includeSubDomains; preload
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection
1; mode=block
pragma
no-cache
referrer-policy
same-origin
expires
0
last-modified
Mon, 14 Mar 2022 19:31:01 GMT
server
cloudflare
cross-origin-opener-policy
unsafe-none
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-download-options
noopen
report-to
{"endpoints":[{"url":"/ad/vre"}],"group":"report-endpoint","max_age":86400}
content-type
text/css; charset=utf-8
vary
Accept-Encoding
cache-control
max-age=3600, must-revalidate, proxy-revalidate
cf-ray
6f00815a3a6c68ec-FRA
cf-bgj
minify
r62eglto.js
ad4m.at/ Frame D6A0 		35 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ad4m.at/r62eglto.js
Requested by
Host: as.ad4m.at
URL: https://as.ad4m.at/ad/dr?ed=1jhch34kkrnh671rz3mc0cwefh24xr29e2s9w8g01fybcsyq9hk36j03czx1azm669x3xayzcgqfmt3c5j3ttaqka6k8s6h975zbhbs7xkt090dkv0q0wxchtf1k1x8smeznj8cbm5188ce9g03x41pa6wbkmjwd1ej5nravxgz8wewqgjs95nte4k3pzmc2vxbp4f64pazn3192m4k2agp7r93snretw457wspwge4j1y8sy8qpzm4rw97b6kt8r3bay64nf1mzvyv0zvqc0eey9g9tvjkq275d6pdrvbxdrzwprckgy2mp3pfnk1battv98kx4nx9jbx8kb6y5c0esgbrgwbt6gnbqfzajjanj8qrjcx812cdg2gthxkjebdv92eqsx8pf8ynwy58re0c92j7a15cfzfsahep5njqrv681ypjjg&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCjk71jQE6YvjROZHmxgO_p7HgA5DhgYRctqjCivACwI23ARABIABglar2gZQHggEXY2EtcHViLTc1MDA1OTMyMzY3MDczMjWgAcKu6N0DyAEJqQL31ZcPv3yyPqgDAaoElAJP0GI2VP4rfUMU7ywXi59Xq3tydjde3LVVdCWAHjntB9iprKCmFIbBqjf4tdTEr9ENTwv5vOM9uCNwgIRclJs_2O0I-HdycHUvsfwkKBWABUnJGbLoBRCmuu7t-UVoesvOsAfeYHhM46x9liKtbVHA1XHIm4j4HQr1omECjhpZfubBia7W-xdgoEtJDyh1yMaQXjIFyqXJ_Tnb6pxp8E2s73lxkcn0NHv0theoW_6mKnX9HnA87C84os75_yIF92rI2dUl3-hwXY4fi5U2FzE10FOlu5Iv-kRDfU_4Yq7jNBgfUV34kf1d8_AXC5PRTdarf8SxXBF-_FkgYmtoPzAOLI7FTw5Gia1ml1NpC6HVXoZbocOABry2mfOd_o_LMaAGIagHipixAqgHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_2C8EvCB_qxAFxA4MtUPO62dnFFuQ%26client%3Dca-pub-7500593236707325%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:ad1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7ddcdb425051dbc349b91079fe450031f1c28e182aa24974ddfa20a92b4facbd

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-goog-hash
crc32c=i40RNw==, md5=nlnmslSy2ZaL7/XdQ+Tixw==
date
Tue, 22 Mar 2022 17:04:14 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
5702
x-guploader-uploadid
ADPycdud40uO2Mf_WWaUQzp9I1nh9IXeGBItqXtMCs0VcfCRXQz1OChOrnOKdaxujHYAlenXrW_xURgYSHENuQAL-YN_EnuFLw
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
gzip
cf-bgj
minify
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Tue, 15 Mar 2022 15:28:50 GMT
server
cloudflare
etag
W/"9e59e6b254b2d9968beff5dd43e4e2c7"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FKpDyXOQxrRqdf5JrsGkxEBGAzEbxf1BtcZVDQW5MLtQe%2FKCTI%2BI6j0rr9zqV9%2FgfJcxnUHqv3jOP0wOvYADuNEdje%2F6v29yuWtPkVwSrRi3GdvyzyjVsUOjijNrRGWSTNR8ADM%3D"}],"group":"cf-nel","max_age":604800}
x-goog-generation
1647358130172556
content-type
application/javascript; charset=utf-8
cache-control
public, max-age=3600, must-revalidate, stale-while-revalidate=300
x-goog-stored-content-length
11881
cf-ray
6f00815a2bc89137-FRA
expires
Tue, 22 Mar 2022 15:29:12 GMT
bootstrap.js
s1.adform.net/stoat/626/s1.adform.net/ Frame 7808 		33 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js
Requested by
Host: track.adform.net
URL: https://track.adform.net/adfscript/?bn=53432684;click=https%3A%2F%2Fhal900028.redintelligence.net%2Fc%2Fpcw1gnelwdw9crj%3Ftprde%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.2.249 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
3d0bf782b47dcd079eedf6bb34ecb0742c114a4e4b90e37a58a412482101b475

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://hal900028.redintelligence.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 17:04:14 GMT
content-encoding
gzip
last-modified
Thu, 10 Feb 2022 15:16:56 GMT
server
nginx
x-cache-status
HIT
vary
Accept-Encoding
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=100000
expires
Wed, 23 Mar 2022 19:58:34 GMT
window_focus_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220317/r20110914/client/ Frame C709 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220317/r20110914/client/window_focus_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-7500593236707325&output=html&h=90&slotname=5620800026&adk=2236077833&adf=776186316&pi=t.ma~as.5620800026&w=970&psa=0&format=970x90&url=https%3A%2F%2Fthreatpost.com%2Fmicrosoft-exchange-exploited-cuba-ransomware%2F178665%2F%3Fes_id%3D3416c12156&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1647968653645&bpp=4&bdt=526&idt=146&shv=r20220317&mjsv=m202203160101&ptt=9&saldr=aa&cookie=ID%3Dac77f1cb2d51f312-225019dc63cd000d%3AT%3D1647968652%3AS%3DALNI_MZVNcYYVU4ajyVYWPxLX0ExSRNsaQ&correlator=5352491261781&frm=23&ife=4&pv=2&ga_vid=1089484159.1647968652&ga_sid=1647968654&ga_hid=218466325&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=315&ady=8&biw=1600&bih=1200&isw=970&ish=90&ifk=1253437798&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31063246&oid=2&pvsid=2742303738312724&pem=596&tmod=1764735786&uas=0&nvt=1&ref=https%3A%2F%2Ft.co%2F&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C970%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.ktrct0ddjbwi&fsb=1&dtd=190
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
68026f99511fbc5c2275b7068b5fac19797d638977ffb9db12c5c1523614c18f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 16:58:09 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
365
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1233
x-xss-protection
0
server
cafe
etag
16517525077337815633
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Tue, 05 Apr 2022 16:58:09 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame C709 		118 KB
36 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-7500593236707325&output=html&h=90&slotname=5620800026&adk=2236077833&adf=776186316&pi=t.ma~as.5620800026&w=970&psa=0&format=970x90&url=https%3A%2F%2Fthreatpost.com%2Fmicrosoft-exchange-exploited-cuba-ransomware%2F178665%2F%3Fes_id%3D3416c12156&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1647968653645&bpp=4&bdt=526&idt=146&shv=r20220317&mjsv=m202203160101&ptt=9&saldr=aa&cookie=ID%3Dac77f1cb2d51f312-225019dc63cd000d%3AT%3D1647968652%3AS%3DALNI_MZVNcYYVU4ajyVYWPxLX0ExSRNsaQ&correlator=5352491261781&frm=23&ife=4&pv=2&ga_vid=1089484159.1647968652&ga_sid=1647968654&ga_hid=218466325&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=315&ady=8&biw=1600&bih=1200&isw=970&ish=90&ifk=1253437798&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31063246&oid=2&pvsid=2742303738312724&pem=596&tmod=1764735786&uas=0&nvt=1&ref=https%3A%2F%2Ft.co%2F&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C970%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.ktrct0ddjbwi&fsb=1&dtd=190
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f74c04529f8d5f9c248eda87caec654de5e5c61dd40e9ac4696b026d2841b131
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 17:04:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
36708
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1647862282720048"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Tue, 22 Mar 2022 17:04:14 GMT
qs_click_protection_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220317/r20110914/client/ Frame C709 		15 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220317/r20110914/client/qs_click_protection_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-7500593236707325&output=html&h=90&slotname=5620800026&adk=2236077833&adf=776186316&pi=t.ma~as.5620800026&w=970&psa=0&format=970x90&url=https%3A%2F%2Fthreatpost.com%2Fmicrosoft-exchange-exploited-cuba-ransomware%2F178665%2F%3Fes_id%3D3416c12156&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1647968653645&bpp=4&bdt=526&idt=146&shv=r20220317&mjsv=m202203160101&ptt=9&saldr=aa&cookie=ID%3Dac77f1cb2d51f312-225019dc63cd000d%3AT%3D1647968652%3AS%3DALNI_MZVNcYYVU4ajyVYWPxLX0ExSRNsaQ&correlator=5352491261781&frm=23&ife=4&pv=2&ga_vid=1089484159.1647968652&ga_sid=1647968654&ga_hid=218466325&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=315&ady=8&biw=1600&bih=1200&isw=970&ish=90&ifk=1253437798&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31063246&oid=2&pvsid=2742303738312724&pem=596&tmod=1764735786&uas=0&nvt=1&ref=https%3A%2F%2Ft.co%2F&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C970%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.ktrct0ddjbwi&fsb=1&dtd=190
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ecc2e585ea072abb205881f3aad6f36e92d556537e7100a8a128ddbc75edb436
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 17:00:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
227
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6407
x-xss-protection
0
server
cafe
etag
6055885685211612390
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Tue, 05 Apr 2022 17:00:27 GMT
l
www.google.com/ads/measurement/ Frame C709 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/measurement/l?ebcid=ALh7CaQmeoJkhCaNlUpaaJLYrqw6ZAA1TCLKiEf5NGRE5QhGBTeqw6wc6i9_ufw6hacEl1Zxw_T1JdCTdsJEgqow2iwpQeEkYA
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-7500593236707325&output=html&h=90&slotname=5620800026&adk=2236077833&adf=776186316&pi=t.ma~as.5620800026&w=970&psa=0&format=970x90&url=https%3A%2F%2Fthreatpost.com%2Fmicrosoft-exchange-exploited-cuba-ransomware%2F178665%2F%3Fes_id%3D3416c12156&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1647968653645&bpp=4&bdt=526&idt=146&shv=r20220317&mjsv=m202203160101&ptt=9&saldr=aa&cookie=ID%3Dac77f1cb2d51f312-225019dc63cd000d%3AT%3D1647968652%3AS%3DALNI_MZVNcYYVU4ajyVYWPxLX0ExSRNsaQ&correlator=5352491261781&frm=23&ife=4&pv=2&ga_vid=1089484159.1647968652&ga_sid=1647968654&ga_hid=218466325&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=315&ady=8&biw=1600&bih=1200&isw=970&ish=90&ifk=1253437798&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31063246&oid=2&pvsid=2742303738312724&pem=596&tmod=1764735786&uas=0&nvt=1&ref=https%3A%2F%2Ft.co%2F&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C970%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.ktrct0ddjbwi&fsb=1&dtd=190
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers
adview
googleads.g.doubleclick.net/pagead/ Frame C709 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/adview?ai=C3yPmjQE6YpbiN-_A1fAP6ueBqArJntKxXNWdkfdwwI23ARABIABglar2gZQHggEXY2EtcHViLTc1MDA1OTMyMzY3MDczMjWgAdW20uoDyAEJqQLF4l2CPHayPqgDAaoEkAJP0OGYFX6fKcIFrPpMS3w6GCiqhAXIFDSKYruZW2DWIZkbvt5t3k3ScrAaJ62tRN1SAbg-WGzRnNHUXVM7VmRnnMMh5eFxKhYULNthWi5KmQOUNQ9vo8kQbb-AF_Daj2xV5WuNQlB6xXsP_iLu-kt80DfgiPTUmIuKgsTEMuR5i8lcbLsb3vTnux_pa6va-M3u6MgQeiDcbTiNPz1mbYAqxZrvhQDZQNyL4zxhQblo-49T4UXY31JfdvIak-rYGM0zEvIauuqgWqtB1O-7NvM1shbNASTG7Qx2GUTt_oH78eQ1hyYcl-QItu89ylSCxD5W8uTQGscTAc7PkjIPmSX7GevOTJ7IONY-Ue5X9fJJZoAGmpSN-dWShNO_AaAGIagHipixAqgHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBABgAoB-gsCCAGADAHQFQGAFwGyFxoKGBIUcHViLTc1MDA1OTMyMzY3MDczMjUYAA&sigh=cYSOeXXX2G0&uach_m=[UACH]&cid=CAQSPACNIrLMuc7H-872DmGCDr6hJfj85VUfM12RWdiMN-EQhfwj1F534JMb7lRQL0t1JVFB-leOMGUGq5nynBgB
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-7500593236707325&output=html&h=90&slotname=5620800026&adk=2236077833&adf=776186316&pi=t.ma~as.5620800026&w=970&psa=0&format=970x90&url=https%3A%2F%2Fthreatpost.com%2Fmicrosoft-exchange-exploited-cuba-ransomware%2F178665%2F%3Fes_id%3D3416c12156&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1647968653645&bpp=4&bdt=526&idt=146&shv=r20220317&mjsv=m202203160101&ptt=9&saldr=aa&cookie=ID%3Dac77f1cb2d51f312-225019dc63cd000d%3AT%3D1647968652%3AS%3DALNI_MZVNcYYVU4ajyVYWPxLX0ExSRNsaQ&correlator=5352491261781&frm=23&ife=4&pv=2&ga_vid=1089484159.1647968652&ga_sid=1647968654&ga_hid=218466325&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=315&ady=8&biw=1600&bih=1200&isw=970&ish=90&ifk=1253437798&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31063246&oid=2&pvsid=2742303738312724&pem=596&tmod=1764735786&uas=0&nvt=1&ref=https%3A%2F%2Ft.co%2F&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C970%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.ktrct0ddjbwi&fsb=1&dtd=190
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-7500593236707325&output=html&h=90&slotname=5620800026&adk=2236077833&adf=776186316&pi=t.ma~as.5620800026&w=970&psa=0&format=970x90&url=https%3A%2F%2Fthreatpost.com%2Fmicrosoft-exchange-exploited-cuba-ransomware%2F178665%2F%3Fes_id%3D3416c12156&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1647968653645&bpp=4&bdt=526&idt=146&shv=r20220317&mjsv=m202203160101&ptt=9&saldr=aa&cookie=ID%3Dac77f1cb2d51f312-225019dc63cd000d%3AT%3D1647968652%3AS%3DALNI_MZVNcYYVU4ajyVYWPxLX0ExSRNsaQ&correlator=5352491261781&frm=23&ife=4&pv=2&ga_vid=1089484159.1647968652&ga_sid=1647968654&ga_hid=218466325&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=315&ady=8&biw=1600&bih=1200&isw=970&ish=90&ifk=1253437798&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31063246&oid=2&pvsid=2742303738312724&pem=596&tmod=1764735786&uas=0&nvt=1&ref=https%3A%2F%2Ft.co%2F&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C970%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.ktrct0ddjbwi&fsb=1&dtd=190
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin
*
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
date
Tue, 22 Mar 2022 17:04:14 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
notify
rtb.nl.eu.criteo.com/google/auction/ Frame C709 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://rtb.nl.eu.criteo.com/google/auction/notify?profile=14&payload=U6zDEufCMMoHWp2DYgICAAAA6R0Y4Slcr5_SA7eTt3r0AxCNATpi21ajHlcA6WkGoFkAEg&wp=YjoBjQAN8RYIFWBvAABz6qphxwnEdqn_6dcMjw
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-7500593236707325&output=html&h=90&slotname=5620800026&adk=2236077833&adf=776186316&pi=t.ma~as.5620800026&w=970&psa=0&format=970x90&url=https%3A%2F%2Fthreatpost.com%2Fmicrosoft-exchange-exploited-cuba-ransomware%2F178665%2F%3Fes_id%3D3416c12156&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1647968653645&bpp=4&bdt=526&idt=146&shv=r20220317&mjsv=m202203160101&ptt=9&saldr=aa&cookie=ID%3Dac77f1cb2d51f312-225019dc63cd000d%3AT%3D1647968652%3AS%3DALNI_MZVNcYYVU4ajyVYWPxLX0ExSRNsaQ&correlator=5352491261781&frm=23&ife=4&pv=2&ga_vid=1089484159.1647968652&ga_sid=1647968654&ga_hid=218466325&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=315&ady=8&biw=1600&bih=1200&isw=970&ish=90&ifk=1253437798&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31063246&oid=2&pvsid=2742303738312724&pem=596&tmod=1764735786&uas=0&nvt=1&ref=https%3A%2F%2Ft.co%2F&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C970%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.ktrct0ddjbwi&fsb=1&dtd=190
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:1::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 17:04:12 GMT
server
Kestrel
server-processing-duration-in-ticks
207102
content-length
0
strict-transport-security
max-age=31536000; preload;
afr.php
ads.eu.criteo.com/delivery/r/ Frame EEBC 		120 KB
42 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ads.eu.criteo.com/delivery/r/afr.php?z=YjoBjQAN8RYIFWBvAABz6qphxwnEdqn_6dcMjw&u=%7CFd%2BOWspn0ZmLqZMCpm4gOgg6b3%2FzCKHZYU%2FTU%2Fvecmo%3D%7C&c1=jWCgqsKSUoWKRvDssmEQ3dRte9oWhU873PslWXxlgwqyDsvBp4X-0QD3WoDqftjeOi_RL70L9weyC34Yx855ByvuuaphRl6LIhhBOyuFdzgD_OILXvE-00gnsDsd9V53xvw75u57s_yRrH5TBJJnhwq0KPXCE2P85FSkj2lUdmMQDyWwwoVs9HvNFLW-AhiYZNhl4NbEdckFEuKnWvJuyLUvvwYOsCcoHLaJR9O3uVciWaOdrmn-tkr16woM0AlxFtEiEgwD8fxaxDIuMqeF_g1DLpa8Lv60UDigWmlpEniRJEyY-CwpC6wvlGngLUXSfSIWEUWvplQrQWAyP5N1PykQCxZ_7Xs7eszDedN-thbxS5yGCSaEy3EidxH0c7ST1OvMBjne2CyNE0T8HLJyz02ytIj-rEqlrMx2321aVHbDu8dwVqhXaTiX9yUeBBJAWVWjFpUQMN-V0Kghg1SxISxU2K8ADwlKzth-tPFRAak&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCP9vQjQE6YpbiN-_A1fAP6ueBqArJntKxXNWdkfdwwI23ARABIABglar2gZQHggEXY2EtcHViLTc1MDA1OTMyMzY3MDczMjWgAdW20uoDyAEJqQLF4l2CPHayPqgDAaoEkwJP0OGYFX6fKcIFrPpMS3w6GCiqhAXIFDSKYruZW2DWIZkbvt5t3k3ScrAaJ62tRN1SAbg-WGzRnNHUXVM7VmRnnMMh5eFxKhYULNthWi5KmQOUNQ9vo8kQbb-AF_Daj2xV5WuNQlB6xXsP_iLu-kt80DfgiPTUmIuKgsTEMuR5i8lcbLsb3vTnux_pa6va-M3u6MgQeiDcbTiNPz1mbYAqxZrvhQDZQNyL4zxhQblo-49T4UXY31JfdvIak-rYGM0zEvIauuqgWqtB1O-7NvM1shbNASTG7Qx2GUTt_oH78eQ1hyYcl-QItu9_yHUQQ7HK4VtMDmTDPGg3myYFLy_VAWl6hKNuymkgffbSX3Za2UOrBIAGmpSN-dWShNO_AaAGIagHipixAqgHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_1_3efGHjkrv1CoLtqm4bdvWHYa9Q%26client%3Dca-pub-7500593236707325%26adurl%3D
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-7500593236707325&output=html&h=90&slotname=5620800026&adk=2236077833&adf=776186316&pi=t.ma~as.5620800026&w=970&psa=0&format=970x90&url=https%3A%2F%2Fthreatpost.com%2Fmicrosoft-exchange-exploited-cuba-ransomware%2F178665%2F%3Fes_id%3D3416c12156&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1647968653645&bpp=4&bdt=526&idt=146&shv=r20220317&mjsv=m202203160101&ptt=9&saldr=aa&cookie=ID%3Dac77f1cb2d51f312-225019dc63cd000d%3AT%3D1647968652%3AS%3DALNI_MZVNcYYVU4ajyVYWPxLX0ExSRNsaQ&correlator=5352491261781&frm=23&ife=4&pv=2&ga_vid=1089484159.1647968652&ga_sid=1647968654&ga_hid=218466325&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=315&ady=8&biw=1600&bih=1200&isw=970&ish=90&ifk=1253437798&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31063246&oid=2&pvsid=2742303738312724&pem=596&tmod=1764735786&uas=0&nvt=1&ref=https%3A%2F%2Ft.co%2F&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C970%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.ktrct0ddjbwi&fsb=1&dtd=190
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:1::4 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
107f31a9de321ef2dd1d88de16784e0c1b7f9e7172673c1b7048491142028345
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/

Response headers

date
Tue, 22 Mar 2022 17:04:14 GMT
content-type
text/html
server
Kestrel
cache-control
private, max-age=0, no-cache
pragma
no-cache
expires
Mon, 26 Jul 1997 05:00:00 GMT
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
access-control-max-age
1000
cross-origin-resource-policy
cross-origin
p3p
CP='CUR ADM OUR NOR STA NID'
report-to
{"endpoints":[{"url":"https://csm.eu.criteo.net/heavyad?cppv=3&cpp=4wblQBmSJUoYbQPbgj24rskHZhmeQiGzxl7cL-55f1geGC7pw_23XYWGs_OiWrjPoSdbXc5Qrn9wljDCwqx9QQkCvuwKbYXX0SKS0u0dkPs7waNDUt29oQepCxJ7SWClbw57vWfsAJVBhkD_DoLS2p4OZU5tfe2akrWnoVt0ZICnyRSFMrIaZDOQdqMrkRFG2awvouWUGxp5mzK8KVKj9mscYe8gAlhmG2pdg-JQKZjUi7AN_5gqQaXXjKviMSX8LGFaxA"}], "max_age": 86400}
link
<pix.eu.criteo.net>; rel=preconnect; crossorigin, <static.criteo.net>; rel=preconnect; crossorigin
server-processing-duration-in-ticks
20583913
strict-transport-security
max-age=31536000; preload;
content-encoding
gzip
vary
Accept-Encoding
cookie_push_onload.html
pagead2.googlesyndication.com/pagead/s/ Frame 30B4 		1 KB
749 B 		Document
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-7500593236707325&output=html&h=90&slotname=5620800026&adk=2236077833&adf=776186316&pi=t.ma~as.5620800026&w=970&psa=0&format=970x90&url=https%3A%2F%2Fthreatpost.com%2Fmicrosoft-exchange-exploited-cuba-ransomware%2F178665%2F%3Fes_id%3D3416c12156&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1647968653645&bpp=4&bdt=526&idt=146&shv=r20220317&mjsv=m202203160101&ptt=9&saldr=aa&cookie=ID%3Dac77f1cb2d51f312-225019dc63cd000d%3AT%3D1647968652%3AS%3DALNI_MZVNcYYVU4ajyVYWPxLX0ExSRNsaQ&correlator=5352491261781&frm=23&ife=4&pv=2&ga_vid=1089484159.1647968652&ga_sid=1647968654&ga_hid=218466325&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=315&ady=8&biw=1600&bih=1200&isw=970&ish=90&ifk=1253437798&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31063246&oid=2&pvsid=2742303738312724&pem=596&tmod=1764735786&uas=0&nvt=1&ref=https%3A%2F%2Ft.co%2F&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C970%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.ktrct0ddjbwi&fsb=1&dtd=190
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/

Response headers

p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
vary
Accept-Encoding
x-content-type-options
nosniff
content-encoding
gzip
server
cafe
content-length
724
x-xss-protection
0
date
Tue, 22 Mar 2022 13:26:12 GMT
expires
Wed, 23 Mar 2022 13:26:12 GMT
cache-control
public, max-age=86400
age
13082
etag
48472445140208031
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
adchoices_default.png
static-de.ad4mat.net/ads/img/ad_markers_folder/ Frame D6A0 		3 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static-de.ad4mat.net/ads/img/ad_markers_folder/adchoices_default.png
Requested by
Host: as.ad4m.at
URL: https://as.ad4m.at/ad/style/0.1.18/one-ad/default.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:71b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2eeaed1b310e214596abec926291c1a41c6333ddaeac312886fc0b5930d71f0e

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-goog-hash
crc32c=v7nNsg==, md5=eUyE0w4hPsahRNZCFfB1UQ==
date
Tue, 22 Mar 2022 17:04:14 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
4872936
x-guploader-uploadid
ADPycdvuqSd5z7x-P6zciDvJguhfevnTZzPv-sFvdv4VVTj2cCVUndir5fZqBzjNPOlq80uW-sAFhIkV33WDoT1aRSnwIseHrQ
x-goog-storage-class
STANDARD
x-goog-custom-time
1970-01-01T00:00:00Z
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
3262
x-goog-meta-
last-modified
Wed, 09 Jun 2021 12:35:14 GMT
server
cloudflare
etag
"794c84d30e213ec6a144d64215f07551"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IQAVBACAF46wZR7NXwLZX2mfu64YkeMZ%2B5eo8nt6xwY0KyB4bI2e7tFYjhrLSFSj%2FIDDskqLspwpUKN6WS5fno54atuEbvLw99XW%2Fggl%2BzRJ6OlqhF%2FMcUFoWnvdr2O7%2BCoilzS%2FlA8iVwgsgdNwF9vY"}],"group":"cf-nel","max_age":604800}
x-goog-generation
1623242114099744
content-type
image/png
cache-control
public, max-age=31536000, immutable
x-goog-stored-content-length
3262
accept-ranges
bytes
cf-ray
6f00815b0da86957-FRA
expires
Wed, 25 Jan 2023 07:28:38 GMT
frame.html
ad4m.at/ Frame CAE1 		2 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ad4m.at/frame.html
Requested by
Host: ad4m.at
URL: https://ad4m.at/r62eglto.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:20::681a:ad1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d12a71cd626ac8f0fc91e6f1b98280cfb49fd724f2dcc118d192adff9a0154b4

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

date
Tue, 22 Mar 2022 17:04:14 GMT
content-type
text/html; charset=utf-8
x-guploader-uploadid
ADPycdtpjC_BIP2JYJZvmIEVoowNNyTqNe6BE0JRdKJ1uhQ6k3Yfe6DPCN0GjBPS_zYil04QuBTjwG5dQACzvgbqPw78EHDYzg
x-goog-generation
1588777770164783
x-goog-metageneration
3
x-goog-stored-content-encoding
identity
x-goog-stored-content-length
1681
x-goog-meta-
x-goog-custom-time
1970-01-01T00:00:00Z
content-language
en
x-goog-hash
crc32c=iTDHew== md5=c2ZaqCqAXxKd4MgeeQDU8g==
x-goog-storage-class
MULTI_REGIONAL
expires
Tue, 22 Mar 2022 18:04:14 GMT
cache-control
public, max-age=3600
age
2418299
last-modified
Wed, 06 May 2020 15:09:30 GMT
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status
HIT
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jGbvSWupJ688Y320c19L7AqSt%2FtChA2%2F7cXUols%2FDX5yUmSKqDyrWymQVAK%2BUya0yvQcvD8UPqK%2BHltUrsMkj1BaApD%2FEXJ42OeV1ZRdj0MoZtsDVn6uDf2fHynjHJdhz8byvEI%3D"}],"group":"cf-nel","max_age":604800}
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary
Accept-Encoding
server
cloudflare
cf-ray
6f00815adb7968ec-FRA
content-encoding
br
truncated
/ Frame C709 		211 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
0a76f8e1e50098918d8f52e400ae8d4b3ead04416b1e2d9d4931125f360ebbf4

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type
image/png
pixel
cm.g.doubleclick.net/ Frame 30B4
Redirect Chain
  • https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEPWUMNLO1fWFhMIenVyQark&google_cver=1&google_push=AYg5qPIe_nVWoq3t3QegtAJFNDKLdO1FEmcxkNdP5ncbZOOxzcRXU4W7Cn...
  • https://cm.g.doubleclick.net/pixel?&google_nid=B765081F39B1F7&google_push=AYg5qPIe_nVWoq3t3QegtAJFNDKLdO1FEmcxkNdP5ncbZOOxzcRXU4W7Cn7YYK8rhz_M1b9yIhazk-zHNrdcIfTmLOuRI6_LT5mJ&google_hm=b-5OYOw3mYKF...
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?&google_nid=B765081F39B1F7&google_push=AYg5qPIe_nVWoq3t3QegtAJFNDKLdO1FEmcxkNdP5ncbZOOxzcRXU4W7Cn7YYK8rhz_M1b9yIhazk-zHNrdcIfTmLOuRI6_LT5mJ&google_hm=b-5OYOw3mYKFrhIQ_YoYhA
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-7500593236707325&output=html&h=90&slotname=5620800026&adk=2236077833&adf=776186316&pi=t.ma~as.5620800026&w=970&psa=0&format=970x90&url=https%3A%2F%2Fthreatpost.com%2Fmicrosoft-exchange-exploited-cuba-ransomware%2F178665%2F%3Fes_id%3D3416c12156&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1647968653645&bpp=4&bdt=526&idt=146&shv=r20220317&mjsv=m202203160101&ptt=9&saldr=aa&cookie=ID%3Dac77f1cb2d51f312-225019dc63cd000d%3AT%3D1647968652%3AS%3DALNI_MZVNcYYVU4ajyVYWPxLX0ExSRNsaQ&correlator=5352491261781&frm=23&ife=4&pv=2&ga_vid=1089484159.1647968652&ga_sid=1647968654&ga_hid=218466325&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=315&ady=8&biw=1600&bih=1200&isw=970&ish=90&ifk=1253437798&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31063246&oid=2&pvsid=2742303738312724&pem=596&tmod=1764735786&uas=0&nvt=1&ref=https%3A%2F%2Ft.co%2F&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C970%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.ktrct0ddjbwi&fsb=1&dtd=190
Protocol
H3
Server
142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 22 Mar 2022 17:04:14 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location
https://cm.g.doubleclick.net/pixel?&google_nid=B765081F39B1F7&google_push=AYg5qPIe_nVWoq3t3QegtAJFNDKLdO1FEmcxkNdP5ncbZOOxzcRXU4W7Cn7YYK8rhz_M1b9yIhazk-zHNrdcIfTmLOuRI6_LT5mJ&google_hm=b-5OYOw3mYKFrhIQ_YoYhA
pragma
no-cache
date
Tue, 22 Mar 2022 17:04:14 GMT
cache-control
private, no-cache, no-store, proxy-revalidate
content-length
0
strict-transport-security
max-age=86400
expires
Fri, 04 Aug 1978 12:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame 30B4
Redirect Chain
  • https://d.agkn.com/pixel/2175/?google_gid=CAESEGz_hML0SIvBfx633Oiiz_4&google_cver=1&google_push=AYg5qPJtYFKqQo3qWKo5KS-IDxHF6XEuHlASJ1rxKXH2us5Zn79lpHtsbkMYKMbSN1fB6Y0bz8skPP3KnF-4vZ3y_WX_Aj15acvA
  • https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=AYg5qPJtYFKqQo3qWKo5KS-IDxHF6XEuHlASJ1rxKXH2us5Zn79lpHtsbkMYKMbSN1fB6Y0bz8skPP3KnF-4vZ3y_WX_Aj15acvA&google_hm=Q0FFU0VHel9oTUwwU0l2Q...
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=AYg5qPJtYFKqQo3qWKo5KS-IDxHF6XEuHlASJ1rxKXH2us5Zn79lpHtsbkMYKMbSN1fB6Y0bz8skPP3KnF-4vZ3y_WX_Aj15acvA&google_hm=Q0FFU0VHel9oTUwwU0l2QmZ4NjMzT2lpel80
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-7500593236707325&output=html&h=90&slotname=5620800026&adk=2236077833&adf=776186316&pi=t.ma~as.5620800026&w=970&psa=0&format=970x90&url=https%3A%2F%2Fthreatpost.com%2Fmicrosoft-exchange-exploited-cuba-ransomware%2F178665%2F%3Fes_id%3D3416c12156&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1647968653645&bpp=4&bdt=526&idt=146&shv=r20220317&mjsv=m202203160101&ptt=9&saldr=aa&cookie=ID%3Dac77f1cb2d51f312-225019dc63cd000d%3AT%3D1647968652%3AS%3DALNI_MZVNcYYVU4ajyVYWPxLX0ExSRNsaQ&correlator=5352491261781&frm=23&ife=4&pv=2&ga_vid=1089484159.1647968652&ga_sid=1647968654&ga_hid=218466325&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=315&ady=8&biw=1600&bih=1200&isw=970&ish=90&ifk=1253437798&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31063246&oid=2&pvsid=2742303738312724&pem=596&tmod=1764735786&uas=0&nvt=1&ref=https%3A%2F%2Ft.co%2F&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C970%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.ktrct0ddjbwi&fsb=1&dtd=190
Protocol
H3
Server
142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 22 Mar 2022 17:04:14 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Tue, 22 Mar 2022 17:04:14 GMT
Server
Apache-Coyote/1.1
P3P
CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location
https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=AYg5qPJtYFKqQo3qWKo5KS-IDxHF6XEuHlASJ1rxKXH2us5Zn79lpHtsbkMYKMbSN1fB6Y0bz8skPP3KnF-4vZ3y_WX_Aj15acvA&google_hm=Q0FFU0VHel9oTUwwU0l2QmZ4NjMzT2lpel80
Cache-Control
no-cache, must-revalidate
Connection
keep-alive
Content-Length
0
Expires
Sat, 01 Jan 2000 00:00:00 GMT
466606.gif
id.rlcdn.com/ Frame 30B4 		42 B
317 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://id.rlcdn.com/466606.gif?cparams=google_push%3DAYg5qPIJAdTvmjTaW_Kwz967_C7lWSv3QWs9L-d0rMLr9s3mW1KhMs1vDUye_JKTjrfFEb3DLjkaYZ7QtpmVK3bU0bTeDemjFBuO&google_gid=CAESEK5z_MngaUxYdZxY05FaARg&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-7500593236707325&output=html&h=90&slotname=5620800026&adk=2236077833&adf=776186316&pi=t.ma~as.5620800026&w=970&psa=0&format=970x90&url=https%3A%2F%2Fthreatpost.com%2Fmicrosoft-exchange-exploited-cuba-ransomware%2F178665%2F%3Fes_id%3D3416c12156&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1647968653645&bpp=4&bdt=526&idt=146&shv=r20220317&mjsv=m202203160101&ptt=9&saldr=aa&cookie=ID%3Dac77f1cb2d51f312-225019dc63cd000d%3AT%3D1647968652%3AS%3DALNI_MZVNcYYVU4ajyVYWPxLX0ExSRNsaQ&correlator=5352491261781&frm=23&ife=4&pv=2&ga_vid=1089484159.1647968652&ga_sid=1647968654&ga_hid=218466325&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=315&ady=8&biw=1600&bih=1200&isw=970&ish=90&ifk=1253437798&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31063246&oid=2&pvsid=2742303738312724&pem=596&tmod=1764735786&uas=0&nvt=1&ref=https%3A%2F%2Ft.co%2F&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C970%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.ktrct0ddjbwi&fsb=1&dtd=190
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
68.174.244.35.bc.googleusercontent.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin
*
date
Tue, 22 Mar 2022 17:04:14 GMT
via
1.1 google
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
cache-control
no-cache, no-store
content-type
image/gif
alt-svc
clear
content-length
42
dds
rtb.openx.net/sync/ Frame 30B4 		43 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb.openx.net/sync/dds?google_gid=CAESEFrmmbymvRyo4L9YYQms9hs&google_cver=1&google_push=AYg5qPKAPptsgxhE9An3ce8SYyyrO1Mg_3EnAoiq3lKcUeJhm6O5Ok0WA1DepWTYpRochOLlN78IaSPvbyuc3eEqo6v0jiAqk2Wy
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-7500593236707325&output=html&h=90&slotname=5620800026&adk=2236077833&adf=776186316&pi=t.ma~as.5620800026&w=970&psa=0&format=970x90&url=https%3A%2F%2Fthreatpost.com%2Fmicrosoft-exchange-exploited-cuba-ransomware%2F178665%2F%3Fes_id%3D3416c12156&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1647968653645&bpp=4&bdt=526&idt=146&shv=r20220317&mjsv=m202203160101&ptt=9&saldr=aa&cookie=ID%3Dac77f1cb2d51f312-225019dc63cd000d%3AT%3D1647968652%3AS%3DALNI_MZVNcYYVU4ajyVYWPxLX0ExSRNsaQ&correlator=5352491261781&frm=23&ife=4&pv=2&ga_vid=1089484159.1647968652&ga_sid=1647968654&ga_hid=218466325&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=315&ady=8&biw=1600&bih=1200&isw=970&ish=90&ifk=1253437798&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31063246&oid=2&pvsid=2742303738312724&pem=596&tmod=1764735786&uas=0&nvt=1&ref=https%3A%2F%2Ft.co%2F&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C970%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.ktrct0ddjbwi&fsb=1&dtd=190
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.227.252.103 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
103.252.227.35.bc.googleusercontent.com
Software
Cowboy /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 22 Mar 2022 17:04:14 GMT
via
1.1 google
server
Cowboy
vary
Origin
p3p
CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin
null
access-control-expose-headers
cache-control
private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials
true
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
x-request-id
qifnf8c0ksfnka7oi8p68384njn4geac
pixel
cm.g.doubleclick.net/ Frame 30B4
Redirect Chain
  • https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
  • https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
  • https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=nlBiZzz0Qt6o1g-pHp9AkA%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=nlBiZzz0Qt6o1g-pHp9AkA%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPKGwqlu7dZX5MM_8JrxvRbTUpoScGs786HU6Kdg2nNG8ToTGAOGyXusbrtkCWac3WJol6Bc-X0J8DxyfgTowsKv1BhusWQ
Protocol
H3
Server
142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 22 Mar 2022 17:04:15 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=nlBiZzz0Qt6o1g-pHp9AkA%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPKGwqlu7dZX5MM_8JrxvRbTUpoScGs786HU6Kdg2nNG8ToTGAOGyXusbrtkCWac3WJol6Bc-X0J8DxyfgTowsKv1BhusWQ
date
Tue, 22 Mar 2022 17:04:14 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length
0
content-type
text/html; charset=UTF-8
pixel
cm.g.doubleclick.net/ Frame 30B4
Redirect Chain
  • https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEF7coMKGXqAQyfob6I9liJ0&google_cver=1&google_push=AYg5qPLKWzwjPLCMP9RYlZ7QaQFseCQJLaK7P_o8_KVCZqLDttV4gxrSPhFMPJSJH9uhmEFuiuR...
  • https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDEyRFpIUlUtTy03SlJW&google_push=AYg5qPLKWzwjPLCMP9RYlZ7QaQFseCQJLaK7P_o8_KVCZqLDttV4gxrSPhFMPJSJH9uhmEFuiuRFKAYiLVk2yY5IdlZjou90A_zB
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDEyRFpIUlUtTy03SlJW&google_push=AYg5qPLKWzwjPLCMP9RYlZ7QaQFseCQJLaK7P_o8_KVCZqLDttV4gxrSPhFMPJSJH9uhmEFuiuRFKAYiLVk2yY5IdlZjou90A_zB
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-7500593236707325&output=html&h=90&slotname=5620800026&adk=2236077833&adf=776186316&pi=t.ma~as.5620800026&w=970&psa=0&format=970x90&url=https%3A%2F%2Fthreatpost.com%2Fmicrosoft-exchange-exploited-cuba-ransomware%2F178665%2F%3Fes_id%3D3416c12156&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1647968653645&bpp=4&bdt=526&idt=146&shv=r20220317&mjsv=m202203160101&ptt=9&saldr=aa&cookie=ID%3Dac77f1cb2d51f312-225019dc63cd000d%3AT%3D1647968652%3AS%3DALNI_MZVNcYYVU4ajyVYWPxLX0ExSRNsaQ&correlator=5352491261781&frm=23&ife=4&pv=2&ga_vid=1089484159.1647968652&ga_sid=1647968654&ga_hid=218466325&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=315&ady=8&biw=1600&bih=1200&isw=970&ish=90&ifk=1253437798&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31063246&oid=2&pvsid=2742303738312724&pem=596&tmod=1764735786&uas=0&nvt=1&ref=https%3A%2F%2Ft.co%2F&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C970%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.ktrct0ddjbwi&fsb=1&dtd=190
Protocol
H3
Server
142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 22 Mar 2022 17:04:14 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma
no-cache
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDEyRFpIUlUtTy03SlJW&google_push=AYg5qPLKWzwjPLCMP9RYlZ7QaQFseCQJLaK7P_o8_KVCZqLDttV4gxrSPhFMPJSJH9uhmEFuiuRFKAYiLVk2yY5IdlZjou90A_zB
Cache-Control
no-cache,no-store,must-revalidate
Content-Type
text/html
content-length
0
X-RPHost
704c1e4d3fcc922a3031d436b584678b
Expires
0
pixel
cm.g.doubleclick.net/ Frame 30B4
Redirect Chain
  • https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEJkLEZtPw0tnVRew374L2V4&google_cver=1&googl...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YjoBjhvAXocsZHzZFRdRxwAABHEAAAAB&google_push=AYg5qPITHwFX3NOrCFpN9ZaqPh4_9Q9OeK3BXlr0RGh07x5-4_9M9e-kQ7Nh-z0D6lSY24W3-MWd9HWbqN6Rad7-h5...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YjoBjhvAXocsZHzZFRdRxwAABHEAAAAB&google_push=AYg5qPITHwFX3NOrCFpN9ZaqPh4_9Q9OeK3BXlr0RGh07x5-4_9M9e-kQ7Nh-z0D6lSY24W3-MWd9HWbqN6Rad7-h5...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YjoBjhvAXocsZHzZFRdRxwAABHEAAAAB&google_push=AYg5qPITHwFX3NOrCFpN9ZaqPh4_9Q9OeK3BXlr0RGh07x5-4_9M9e-kQ7Nh-z0D6lSY24W3-MWd9HWbqN6Rad7-h5...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YjoBjhvAXocsZHzZFRdRxwAABHEAAAAB&google_push=AYg5qPITHwFX3NOrCFpN9ZaqPh4_9Q9OeK3BXlr0RGh07x5-4_9M9e-kQ7Nh-z0D6lSY24W3-MWd9HWbqN6Rad7-h5...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YjoBjhvAXocsZHzZFRdRxwAABHEAAAAB&google_push=AYg5qPITHwFX3NOrCFpN9ZaqPh4_9Q9OeK3BXlr0RGh07x5-4_9M9e-kQ7Nh-z0D6lSY24W3-MWd9HWbqN6Rad7-h5...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YjoBjhvAXocsZHzZFRdRxwAABHEAAAAB&google_push=AYg5qPITHwFX3NOrCFpN9ZaqPh4_9Q9OeK3BXlr0RGh07x5-4_9M9e-kQ7Nh-z0D6lSY24W3-MWd9HWbqN6Rad7-h5...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YjoBjhvAXocsZHzZFRdRxwAABHEAAAAB&google_push=AYg5qPITHwFX3NOrCFpN9ZaqPh4_9Q9OeK3BXlr0RGh07x5-4_9M9e-kQ7Nh-z0D6lSY24W3-MWd9HWbqN6Rad7-h5...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YjoBjhvAXocsZHzZFRdRxwAABHEAAAAB&google_push=AYg5qPITHwFX3NOrCFpN9ZaqPh4_9Q9OeK3BXlr0RGh07x5-4_9M9e-kQ7Nh-z0D6lSY24W3-MWd9HWbqN6Rad7-h5...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YjoBjhvAXocsZHzZFRdRxwAABHEAAAAB&google_push=AYg5qPITHwFX3NOrCFpN9ZaqPh4_9Q9OeK3BXlr0RGh07x5-4_9M9e-kQ7Nh-z0D6lSY24W3-MWd9HWbqN6Rad7-h5...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YjoBjhvAXocsZHzZFRdRxwAABHEAAAAB&google_push=AYg5qPITHwFX3NOrCFpN9ZaqPh4_9Q9OeK3BXlr0RGh07x5-4_9M9e-kQ7Nh-z0D6lSY24W3-MWd9HWbqN6Rad7-h5...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YjoBjhvAXocsZHzZFRdRxwAABHEAAAAB&google_push=AYg5qPITHwFX3NOrCFpN9ZaqPh4_9Q9OeK3BXlr0RGh07x5-4_9M9e-kQ7Nh-z0D6lSY24W3-MWd9HWbqN6Rad7-h5...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YjoBjhvAXocsZHzZFRdRxwAABHEAAAAB&google_push=AYg5qPITHwFX3NOrCFpN9ZaqPh4_9Q9OeK3BXlr0RGh07x5-4_9M9e-kQ7Nh-z0D6lSY24W3-MWd9HWbqN6Rad7-h5...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YjoBjhvAXocsZHzZFRdRxwAABHEAAAAB&google_push=AYg5qPITHwFX3NOrCFpN9ZaqPh4_9Q9OeK3BXlr0RGh07x5-4_9M9e-kQ7Nh-z0D6lSY24W3-MWd9HWbqN6Rad7-h5...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YjoBjhvAXocsZHzZFRdRxwAABHEAAAAB&google_push=AYg5qPITHwFX3NOrCFpN9ZaqPh4_9Q9OeK3BXlr0RGh07x5-4_9M9e-kQ7Nh-z0D6lSY24W3-MWd9HWbqN6Rad7-h5...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YjoBjhvAXocsZHzZFRdRxwAABHEAAAAB&google_push=AYg5qPITHwFX3NOrCFpN9ZaqPh4_9Q9OeK3BXlr0RGh07x5-4_9M9e-kQ7Nh-z0D6lSY24W3-MWd9HWbqN6Rad7-h5...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YjoBjhvAXocsZHzZFRdRxwAABHEAAAAB&google_push=AYg5qPITHwFX3NOrCFpN9ZaqPh4_9Q9OeK3BXlr0RGh07x5-4_9M9e-kQ7Nh-z0D6lSY24W3-MWd9HWbqN6Rad7-h5...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YjoBjhvAXocsZHzZFRdRxwAABHEAAAAB&google_push=AYg5qPITHwFX3NOrCFpN9ZaqPh4_9Q9OeK3BXlr0RGh07x5-4_9M9e-kQ7Nh-z0D6lSY24W3-MWd9HWbqN6Rad7-h5...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YjoBjhvAXocsZHzZFRdRxwAABHEAAAAB&google_push=AYg5qPITHwFX3NOrCFpN9ZaqPh4_9Q9OeK3BXlr0RGh07x5-4_9M9e-kQ7Nh-z0D6lSY24W3-MWd9HWbqN6Rad7-h5...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YjoBjhvAXocsZHzZFRdRxwAABHEAAAAB&google_push=AYg5qPITHwFX3NOrCFpN9ZaqPh4_9Q9OeK3BXlr0RGh07x5-4_9M9e-kQ7Nh-z0D6lSY24W3-MWd9HWbqN6Rad7-h5...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YjoBjhvAXocsZHzZFRdRxwAABHEAAAAB&google_push=AYg5qPITHwFX3NOrCFpN9ZaqPh4_9Q9OeK3BXlr0RGh07x5-4_9M9e-kQ7Nh-z0D6lSY24W3-MWd9HWbqN6Rad7-h5...
0
0
attr
cm.g.doubleclick.net/pixel/ Frame 30B4 		0
12 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel/attr?d=AHNF13J7FVDQIQ2OuJHGVJMzKK7RtMmAqALAh4YIhROje9Xnf7bXaVowCTHBoJL-fcnsndM-Epsm
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-7500593236707325&output=html&h=90&slotname=5620800026&adk=2236077833&adf=776186316&pi=t.ma~as.5620800026&w=970&psa=0&format=970x90&url=https%3A%2F%2Fthreatpost.com%2Fmicrosoft-exchange-exploited-cuba-ransomware%2F178665%2F%3Fes_id%3D3416c12156&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1647968653645&bpp=4&bdt=526&idt=146&shv=r20220317&mjsv=m202203160101&ptt=9&saldr=aa&cookie=ID%3Dac77f1cb2d51f312-225019dc63cd000d%3AT%3D1647968652%3AS%3DALNI_MZVNcYYVU4ajyVYWPxLX0ExSRNsaQ&correlator=5352491261781&frm=23&ife=4&pv=2&ga_vid=1089484159.1647968652&ga_sid=1647968654&ga_hid=218466325&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=315&ady=8&biw=1600&bih=1200&isw=970&ish=90&ifk=1253437798&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31063246&oid=2&pvsid=2742303738312724&pem=596&tmod=1764735786&uas=0&nvt=1&ref=https%3A%2F%2Ft.co%2F&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C970%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.ktrct0ddjbwi&fsb=1&dtd=190
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 17:04:14 GMT
server
HTTP server (unknown)
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
content-type
text/html
privacy_small.svg
static.criteo.net/flash/icon/ Frame EEBC 		2 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.criteo.net/flash/icon/privacy_small.svg
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=YjoBjQAN8RYIFWBvAABz6qphxwnEdqn_6dcMjw&u=%7CFd%2BOWspn0ZmLqZMCpm4gOgg6b3%2FzCKHZYU%2FTU%2Fvecmo%3D%7C&c1=jWCgqsKSUoWKRvDssmEQ3dRte9oWhU873PslWXxlgwqyDsvBp4X-0QD3WoDqftjeOi_RL70L9weyC34Yx855ByvuuaphRl6LIhhBOyuFdzgD_OILXvE-00gnsDsd9V53xvw75u57s_yRrH5TBJJnhwq0KPXCE2P85FSkj2lUdmMQDyWwwoVs9HvNFLW-AhiYZNhl4NbEdckFEuKnWvJuyLUvvwYOsCcoHLaJR9O3uVciWaOdrmn-tkr16woM0AlxFtEiEgwD8fxaxDIuMqeF_g1DLpa8Lv60UDigWmlpEniRJEyY-CwpC6wvlGngLUXSfSIWEUWvplQrQWAyP5N1PykQCxZ_7Xs7eszDedN-thbxS5yGCSaEy3EidxH0c7ST1OvMBjne2CyNE0T8HLJyz02ytIj-rEqlrMx2321aVHbDu8dwVqhXaTiX9yUeBBJAWVWjFpUQMN-V0Kghg1SxISxU2K8ADwlKzth-tPFRAak&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCP9vQjQE6YpbiN-_A1fAP6ueBqArJntKxXNWdkfdwwI23ARABIABglar2gZQHggEXY2EtcHViLTc1MDA1OTMyMzY3MDczMjWgAdW20uoDyAEJqQLF4l2CPHayPqgDAaoEkwJP0OGYFX6fKcIFrPpMS3w6GCiqhAXIFDSKYruZW2DWIZkbvt5t3k3ScrAaJ62tRN1SAbg-WGzRnNHUXVM7VmRnnMMh5eFxKhYULNthWi5KmQOUNQ9vo8kQbb-AF_Daj2xV5WuNQlB6xXsP_iLu-kt80DfgiPTUmIuKgsTEMuR5i8lcbLsb3vTnux_pa6va-M3u6MgQeiDcbTiNPz1mbYAqxZrvhQDZQNyL4zxhQblo-49T4UXY31JfdvIak-rYGM0zEvIauuqgWqtB1O-7NvM1shbNASTG7Qx2GUTt_oH78eQ1hyYcl-QItu9_yHUQQ7HK4VtMDmTDPGg3myYFLy_VAWl6hKNuymkgffbSX3Za2UOrBIAGmpSN-dWShNO_AaAGIagHipixAqgHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_1_3efGHjkrv1CoLtqm4bdvWHYa9Q%26client%3Dca-pub-7500593236707325%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 17:04:14 GMT
content-encoding
gzip
last-modified
Tue, 11 Feb 2020 14:30:28 GMT
server
nginx
cross-origin-embedder-policy
require-corp
etag
W/"5e42ba84-6aa"
strict-transport-security
max-age=31536000; preload;
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=31104000, public
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
expires
Fri, 17 Mar 2023 17:04:14 GMT
adchoices_de.svg
static.criteo.net/flash/icon/ Frame EEBC 		2 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.criteo.net/flash/icon/adchoices_de.svg
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=YjoBjQAN8RYIFWBvAABz6qphxwnEdqn_6dcMjw&u=%7CFd%2BOWspn0ZmLqZMCpm4gOgg6b3%2FzCKHZYU%2FTU%2Fvecmo%3D%7C&c1=jWCgqsKSUoWKRvDssmEQ3dRte9oWhU873PslWXxlgwqyDsvBp4X-0QD3WoDqftjeOi_RL70L9weyC34Yx855ByvuuaphRl6LIhhBOyuFdzgD_OILXvE-00gnsDsd9V53xvw75u57s_yRrH5TBJJnhwq0KPXCE2P85FSkj2lUdmMQDyWwwoVs9HvNFLW-AhiYZNhl4NbEdckFEuKnWvJuyLUvvwYOsCcoHLaJR9O3uVciWaOdrmn-tkr16woM0AlxFtEiEgwD8fxaxDIuMqeF_g1DLpa8Lv60UDigWmlpEniRJEyY-CwpC6wvlGngLUXSfSIWEUWvplQrQWAyP5N1PykQCxZ_7Xs7eszDedN-thbxS5yGCSaEy3EidxH0c7ST1OvMBjne2CyNE0T8HLJyz02ytIj-rEqlrMx2321aVHbDu8dwVqhXaTiX9yUeBBJAWVWjFpUQMN-V0Kghg1SxISxU2K8ADwlKzth-tPFRAak&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCP9vQjQE6YpbiN-_A1fAP6ueBqArJntKxXNWdkfdwwI23ARABIABglar2gZQHggEXY2EtcHViLTc1MDA1OTMyMzY3MDczMjWgAdW20uoDyAEJqQLF4l2CPHayPqgDAaoEkwJP0OGYFX6fKcIFrPpMS3w6GCiqhAXIFDSKYruZW2DWIZkbvt5t3k3ScrAaJ62tRN1SAbg-WGzRnNHUXVM7VmRnnMMh5eFxKhYULNthWi5KmQOUNQ9vo8kQbb-AF_Daj2xV5WuNQlB6xXsP_iLu-kt80DfgiPTUmIuKgsTEMuR5i8lcbLsb3vTnux_pa6va-M3u6MgQeiDcbTiNPz1mbYAqxZrvhQDZQNyL4zxhQblo-49T4UXY31JfdvIak-rYGM0zEvIauuqgWqtB1O-7NvM1shbNASTG7Qx2GUTt_oH78eQ1hyYcl-QItu9_yHUQQ7HK4VtMDmTDPGg3myYFLy_VAWl6hKNuymkgffbSX3Za2UOrBIAGmpSN-dWShNO_AaAGIagHipixAqgHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_1_3efGHjkrv1CoLtqm4bdvWHYa9Q%26client%3Dca-pub-7500593236707325%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 17:04:14 GMT
content-encoding
gzip
last-modified
Tue, 11 Feb 2020 14:27:58 GMT
server
nginx
cross-origin-embedder-policy
require-corp
etag
W/"5e42b9ee-763"
strict-transport-security
max-age=31536000; preload;
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=31104000, public
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
expires
Fri, 17 Mar 2023 17:04:14 GMT
close_button.svg
static.criteo.net/flash/icon/ Frame EEBC 		308 B
636 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.criteo.net/flash/icon/close_button.svg
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=YjoBjQAN8RYIFWBvAABz6qphxwnEdqn_6dcMjw&u=%7CFd%2BOWspn0ZmLqZMCpm4gOgg6b3%2FzCKHZYU%2FTU%2Fvecmo%3D%7C&c1=jWCgqsKSUoWKRvDssmEQ3dRte9oWhU873PslWXxlgwqyDsvBp4X-0QD3WoDqftjeOi_RL70L9weyC34Yx855ByvuuaphRl6LIhhBOyuFdzgD_OILXvE-00gnsDsd9V53xvw75u57s_yRrH5TBJJnhwq0KPXCE2P85FSkj2lUdmMQDyWwwoVs9HvNFLW-AhiYZNhl4NbEdckFEuKnWvJuyLUvvwYOsCcoHLaJR9O3uVciWaOdrmn-tkr16woM0AlxFtEiEgwD8fxaxDIuMqeF_g1DLpa8Lv60UDigWmlpEniRJEyY-CwpC6wvlGngLUXSfSIWEUWvplQrQWAyP5N1PykQCxZ_7Xs7eszDedN-thbxS5yGCSaEy3EidxH0c7ST1OvMBjne2CyNE0T8HLJyz02ytIj-rEqlrMx2321aVHbDu8dwVqhXaTiX9yUeBBJAWVWjFpUQMN-V0Kghg1SxISxU2K8ADwlKzth-tPFRAak&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCP9vQjQE6YpbiN-_A1fAP6ueBqArJntKxXNWdkfdwwI23ARABIABglar2gZQHggEXY2EtcHViLTc1MDA1OTMyMzY3MDczMjWgAdW20uoDyAEJqQLF4l2CPHayPqgDAaoEkwJP0OGYFX6fKcIFrPpMS3w6GCiqhAXIFDSKYruZW2DWIZkbvt5t3k3ScrAaJ62tRN1SAbg-WGzRnNHUXVM7VmRnnMMh5eFxKhYULNthWi5KmQOUNQ9vo8kQbb-AF_Daj2xV5WuNQlB6xXsP_iLu-kt80DfgiPTUmIuKgsTEMuR5i8lcbLsb3vTnux_pa6va-M3u6MgQeiDcbTiNPz1mbYAqxZrvhQDZQNyL4zxhQblo-49T4UXY31JfdvIak-rYGM0zEvIauuqgWqtB1O-7NvM1shbNASTG7Qx2GUTt_oH78eQ1hyYcl-QItu9_yHUQQ7HK4VtMDmTDPGg3myYFLy_VAWl6hKNuymkgffbSX3Za2UOrBIAGmpSN-dWShNO_AaAGIagHipixAqgHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_1_3efGHjkrv1CoLtqm4bdvWHYa9Q%26client%3Dca-pub-7500593236707325%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 17:04:14 GMT
last-modified
Fri, 14 Feb 2020 13:51:32 GMT
server
nginx
cross-origin-embedder-policy
require-corp
etag
"5e46a5e4-134"
strict-transport-security
max-age=31536000; preload;
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=31104000, public
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
timing-allow-origin
*
content-length
308
expires
Fri, 17 Mar 2023 17:04:14 GMT
back_button.svg
static.criteo.net/flash/icon/ Frame EEBC 		507 B
835 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.criteo.net/flash/icon/back_button.svg
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=YjoBjQAN8RYIFWBvAABz6qphxwnEdqn_6dcMjw&u=%7CFd%2BOWspn0ZmLqZMCpm4gOgg6b3%2FzCKHZYU%2FTU%2Fvecmo%3D%7C&c1=jWCgqsKSUoWKRvDssmEQ3dRte9oWhU873PslWXxlgwqyDsvBp4X-0QD3WoDqftjeOi_RL70L9weyC34Yx855ByvuuaphRl6LIhhBOyuFdzgD_OILXvE-00gnsDsd9V53xvw75u57s_yRrH5TBJJnhwq0KPXCE2P85FSkj2lUdmMQDyWwwoVs9HvNFLW-AhiYZNhl4NbEdckFEuKnWvJuyLUvvwYOsCcoHLaJR9O3uVciWaOdrmn-tkr16woM0AlxFtEiEgwD8fxaxDIuMqeF_g1DLpa8Lv60UDigWmlpEniRJEyY-CwpC6wvlGngLUXSfSIWEUWvplQrQWAyP5N1PykQCxZ_7Xs7eszDedN-thbxS5yGCSaEy3EidxH0c7ST1OvMBjne2CyNE0T8HLJyz02ytIj-rEqlrMx2321aVHbDu8dwVqhXaTiX9yUeBBJAWVWjFpUQMN-V0Kghg1SxISxU2K8ADwlKzth-tPFRAak&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCP9vQjQE6YpbiN-_A1fAP6ueBqArJntKxXNWdkfdwwI23ARABIABglar2gZQHggEXY2EtcHViLTc1MDA1OTMyMzY3MDczMjWgAdW20uoDyAEJqQLF4l2CPHayPqgDAaoEkwJP0OGYFX6fKcIFrPpMS3w6GCiqhAXIFDSKYruZW2DWIZkbvt5t3k3ScrAaJ62tRN1SAbg-WGzRnNHUXVM7VmRnnMMh5eFxKhYULNthWi5KmQOUNQ9vo8kQbb-AF_Daj2xV5WuNQlB6xXsP_iLu-kt80DfgiPTUmIuKgsTEMuR5i8lcbLsb3vTnux_pa6va-M3u6MgQeiDcbTiNPz1mbYAqxZrvhQDZQNyL4zxhQblo-49T4UXY31JfdvIak-rYGM0zEvIauuqgWqtB1O-7NvM1shbNASTG7Qx2GUTt_oH78eQ1hyYcl-QItu9_yHUQQ7HK4VtMDmTDPGg3myYFLy_VAWl6hKNuymkgffbSX3Za2UOrBIAGmpSN-dWShNO_AaAGIagHipixAqgHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_1_3efGHjkrv1CoLtqm4bdvWHYa9Q%26client%3Dca-pub-7500593236707325%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
8f9a7962cf58f27b89c0627d094ee1b631ec118675f9eae1dc06031353360422
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 17:04:14 GMT
last-modified
Thu, 01 Apr 2021 14:03:13 GMT
server
nginx
cross-origin-embedder-policy
require-corp
etag
"6065d2a1-1fb"
strict-transport-security
max-age=31536000; preload;
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=31104000, public
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
timing-allow-origin
*
content-length
507
expires
Fri, 17 Mar 2023 17:04:14 GMT
lg.php
cat.nl.eu.criteo.com/m/delivery/ Frame EEBC 		43 B
348 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cat.nl.eu.criteo.com/m/delivery/lg.php?cppv=3&cpp=NQHFmVh2xsUvmVH_uSX0XMq6enLYfyOgcwW5dASBV0bHYDdBLCTCve0AsR3JeGsmhzGhMJ55aI-ddBVyl5b3cF5IJzvYYlJzZBvCrusZ4Z7AUYmMt-nVG5XlHoS82KJmZDBF-vSBmEW1V_rH3dq-TibwZcxkrsOWDxaDnCvXNt6vUmJRwsRdDxTdXpX5tqvj1Upjbb0YDa1K5BfWNrPRxpvwPTRu8IZ2koK6P4xiLsq_3Lnr0k6U05Y7cqZB-ItNRlHd0Hg3JiJMjtEk1TVUFVDONjHux4BSm6pKRQSpHKyVnmNno1gklavxqSjatykgDaMeobtnsCk-ZFlkEeWt_uvtvedBu5IbLyr3thVzNibPL1zSawnckFVAeofP-YeOXjnzskEps5MpQm86k8-xzbu4iHUwuJrIIsMIJSbieUnekNnBYHu1lktSD5PsDDnifIkZ_w
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=YjoBjQAN8RYIFWBvAABz6qphxwnEdqn_6dcMjw&u=%7CFd%2BOWspn0ZmLqZMCpm4gOgg6b3%2FzCKHZYU%2FTU%2Fvecmo%3D%7C&c1=jWCgqsKSUoWKRvDssmEQ3dRte9oWhU873PslWXxlgwqyDsvBp4X-0QD3WoDqftjeOi_RL70L9weyC34Yx855ByvuuaphRl6LIhhBOyuFdzgD_OILXvE-00gnsDsd9V53xvw75u57s_yRrH5TBJJnhwq0KPXCE2P85FSkj2lUdmMQDyWwwoVs9HvNFLW-AhiYZNhl4NbEdckFEuKnWvJuyLUvvwYOsCcoHLaJR9O3uVciWaOdrmn-tkr16woM0AlxFtEiEgwD8fxaxDIuMqeF_g1DLpa8Lv60UDigWmlpEniRJEyY-CwpC6wvlGngLUXSfSIWEUWvplQrQWAyP5N1PykQCxZ_7Xs7eszDedN-thbxS5yGCSaEy3EidxH0c7ST1OvMBjne2CyNE0T8HLJyz02ytIj-rEqlrMx2321aVHbDu8dwVqhXaTiX9yUeBBJAWVWjFpUQMN-V0Kghg1SxISxU2K8ADwlKzth-tPFRAak&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCP9vQjQE6YpbiN-_A1fAP6ueBqArJntKxXNWdkfdwwI23ARABIABglar2gZQHggEXY2EtcHViLTc1MDA1OTMyMzY3MDczMjWgAdW20uoDyAEJqQLF4l2CPHayPqgDAaoEkwJP0OGYFX6fKcIFrPpMS3w6GCiqhAXIFDSKYruZW2DWIZkbvt5t3k3ScrAaJ62tRN1SAbg-WGzRnNHUXVM7VmRnnMMh5eFxKhYULNthWi5KmQOUNQ9vo8kQbb-AF_Daj2xV5WuNQlB6xXsP_iLu-kt80DfgiPTUmIuKgsTEMuR5i8lcbLsb3vTnux_pa6va-M3u6MgQeiDcbTiNPz1mbYAqxZrvhQDZQNyL4zxhQblo-49T4UXY31JfdvIak-rYGM0zEvIauuqgWqtB1O-7NvM1shbNASTG7Qx2GUTt_oH78eQ1hyYcl-QItu9_yHUQQ7HK4VtMDmTDPGg3myYFLy_VAWl6hKNuymkgffbSX3Za2UOrBIAGmpSN-dWShNO_AaAGIagHipixAqgHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_1_3efGHjkrv1CoLtqm4bdvWHYa9Q%26client%3Dca-pub-7500593236707325%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.2.148 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 22 Mar 2022 17:04:14 GMT
server
Kestrel
strict-transport-security
max-age=31536000; preload;
p3p
CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
cache-control
no-cache
cross-origin-resource-policy
cross-origin
server-processing-duration-in-ticks
3122942
content-type
image/gif
expires
Mon, 26 Jul 1997 05:00:00 GMT
animejs.js
static.criteo.net/animejs/ Frame EEBC 		12 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.criteo.net/animejs/animejs.js
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=YjoBjQAN8RYIFWBvAABz6qphxwnEdqn_6dcMjw&u=%7CFd%2BOWspn0ZmLqZMCpm4gOgg6b3%2FzCKHZYU%2FTU%2Fvecmo%3D%7C&c1=jWCgqsKSUoWKRvDssmEQ3dRte9oWhU873PslWXxlgwqyDsvBp4X-0QD3WoDqftjeOi_RL70L9weyC34Yx855ByvuuaphRl6LIhhBOyuFdzgD_OILXvE-00gnsDsd9V53xvw75u57s_yRrH5TBJJnhwq0KPXCE2P85FSkj2lUdmMQDyWwwoVs9HvNFLW-AhiYZNhl4NbEdckFEuKnWvJuyLUvvwYOsCcoHLaJR9O3uVciWaOdrmn-tkr16woM0AlxFtEiEgwD8fxaxDIuMqeF_g1DLpa8Lv60UDigWmlpEniRJEyY-CwpC6wvlGngLUXSfSIWEUWvplQrQWAyP5N1PykQCxZ_7Xs7eszDedN-thbxS5yGCSaEy3EidxH0c7ST1OvMBjne2CyNE0T8HLJyz02ytIj-rEqlrMx2321aVHbDu8dwVqhXaTiX9yUeBBJAWVWjFpUQMN-V0Kghg1SxISxU2K8ADwlKzth-tPFRAak&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCP9vQjQE6YpbiN-_A1fAP6ueBqArJntKxXNWdkfdwwI23ARABIABglar2gZQHggEXY2EtcHViLTc1MDA1OTMyMzY3MDczMjWgAdW20uoDyAEJqQLF4l2CPHayPqgDAaoEkwJP0OGYFX6fKcIFrPpMS3w6GCiqhAXIFDSKYruZW2DWIZkbvt5t3k3ScrAaJ62tRN1SAbg-WGzRnNHUXVM7VmRnnMMh5eFxKhYULNthWi5KmQOUNQ9vo8kQbb-AF_Daj2xV5WuNQlB6xXsP_iLu-kt80DfgiPTUmIuKgsTEMuR5i8lcbLsb3vTnux_pa6va-M3u6MgQeiDcbTiNPz1mbYAqxZrvhQDZQNyL4zxhQblo-49T4UXY31JfdvIak-rYGM0zEvIauuqgWqtB1O-7NvM1shbNASTG7Qx2GUTt_oH78eQ1hyYcl-QItu9_yHUQQ7HK4VtMDmTDPGg3myYFLy_VAWl6hKNuymkgffbSX3Za2UOrBIAGmpSN-dWShNO_AaAGIagHipixAqgHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_1_3efGHjkrv1CoLtqm4bdvWHYa9Q%26client%3Dca-pub-7500593236707325%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
a2e14a498cfcc1b6920f069a9d657ad3c6fbbe217dd26dbfe54815db5107fed6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 17:04:14 GMT
content-encoding
gzip
last-modified
Tue, 26 Mar 2019 17:44:11 GMT
server
nginx
cross-origin-embedder-policy
require-corp
etag
W/"5c9a64eb-3181"
strict-transport-security
max-age=31536000; preload;
content-type
text/javascript
access-control-allow-origin
*
cache-control
max-age=31104000, public
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
expires
Fri, 17 Mar 2023 17:04:14 GMT
img
pix.eu.criteo.net/img/ Frame EEBC 		73 KB
73 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pix.eu.criteo.net/img/img?m=0&partner=93301&q=80&r=0&u=http%3A%2F%2Fstatic.nl.eu.criteo.net%2Fdesign%2Fdt%2F93301%2F220308%2F8135cf59197a4aaeaf077ce3c95d7012_uranium_banners_1200_628px.jpg&v=3&s=HZbeXGaHiwgEBZbMhh2-H80A
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=YjoBjQAN8RYIFWBvAABz6qphxwnEdqn_6dcMjw&u=%7CFd%2BOWspn0ZmLqZMCpm4gOgg6b3%2FzCKHZYU%2FTU%2Fvecmo%3D%7C&c1=jWCgqsKSUoWKRvDssmEQ3dRte9oWhU873PslWXxlgwqyDsvBp4X-0QD3WoDqftjeOi_RL70L9weyC34Yx855ByvuuaphRl6LIhhBOyuFdzgD_OILXvE-00gnsDsd9V53xvw75u57s_yRrH5TBJJnhwq0KPXCE2P85FSkj2lUdmMQDyWwwoVs9HvNFLW-AhiYZNhl4NbEdckFEuKnWvJuyLUvvwYOsCcoHLaJR9O3uVciWaOdrmn-tkr16woM0AlxFtEiEgwD8fxaxDIuMqeF_g1DLpa8Lv60UDigWmlpEniRJEyY-CwpC6wvlGngLUXSfSIWEUWvplQrQWAyP5N1PykQCxZ_7Xs7eszDedN-thbxS5yGCSaEy3EidxH0c7ST1OvMBjne2CyNE0T8HLJyz02ytIj-rEqlrMx2321aVHbDu8dwVqhXaTiX9yUeBBJAWVWjFpUQMN-V0Kghg1SxISxU2K8ADwlKzth-tPFRAak&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCP9vQjQE6YpbiN-_A1fAP6ueBqArJntKxXNWdkfdwwI23ARABIABglar2gZQHggEXY2EtcHViLTc1MDA1OTMyMzY3MDczMjWgAdW20uoDyAEJqQLF4l2CPHayPqgDAaoEkwJP0OGYFX6fKcIFrPpMS3w6GCiqhAXIFDSKYruZW2DWIZkbvt5t3k3ScrAaJ62tRN1SAbg-WGzRnNHUXVM7VmRnnMMh5eFxKhYULNthWi5KmQOUNQ9vo8kQbb-AF_Daj2xV5WuNQlB6xXsP_iLu-kt80DfgiPTUmIuKgsTEMuR5i8lcbLsb3vTnux_pa6va-M3u6MgQeiDcbTiNPz1mbYAqxZrvhQDZQNyL4zxhQblo-49T4UXY31JfdvIak-rYGM0zEvIauuqgWqtB1O-7NvM1shbNASTG7Qx2GUTt_oH78eQ1hyYcl-QItu9_yHUQQ7HK4VtMDmTDPGg3myYFLy_VAWl6hKNuymkgffbSX3Za2UOrBIAGmpSN-dWShNO_AaAGIagHipixAqgHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_1_3efGHjkrv1CoLtqm4bdvWHYa9Q%26client%3Dca-pub-7500593236707325%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
pix.am5.vip.prod.criteo.com
Software
Finatra /
Resource Hash
5088414f9c14d5edb1807485a06097481409917ea4d1415edef8bdfbfbb3053d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 17:04:14 GMT
last-modified
Wed, 4 Jun 2008 06:06:06 GMT
server
Finatra
vary
Origin
content-type
image/webp
cache-control
public, max-age=29896151
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; preload;
timing-allow-origin
*
content-length
74492
expires
Fri, 03 Mar 2023 17:33:26 GMT
img
pix.eu.criteo.net/img/ Frame EEBC 		16 KB
17 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pix.eu.criteo.net/img/img?h=176&m=0&partner=93301&q=80&r=0&u=http%3A%2F%2Fstatic.nl.eu.criteo.net%2Fdesign%2Fdt%2F93301%2F220308%2Ffab7ecdb83454ac8bef590f953ff843d_an-logo-green.png&v=3&w=1936&s=z4LO4IC_zuRkjp_Uw7lNKr2R
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=YjoBjQAN8RYIFWBvAABz6qphxwnEdqn_6dcMjw&u=%7CFd%2BOWspn0ZmLqZMCpm4gOgg6b3%2FzCKHZYU%2FTU%2Fvecmo%3D%7C&c1=jWCgqsKSUoWKRvDssmEQ3dRte9oWhU873PslWXxlgwqyDsvBp4X-0QD3WoDqftjeOi_RL70L9weyC34Yx855ByvuuaphRl6LIhhBOyuFdzgD_OILXvE-00gnsDsd9V53xvw75u57s_yRrH5TBJJnhwq0KPXCE2P85FSkj2lUdmMQDyWwwoVs9HvNFLW-AhiYZNhl4NbEdckFEuKnWvJuyLUvvwYOsCcoHLaJR9O3uVciWaOdrmn-tkr16woM0AlxFtEiEgwD8fxaxDIuMqeF_g1DLpa8Lv60UDigWmlpEniRJEyY-CwpC6wvlGngLUXSfSIWEUWvplQrQWAyP5N1PykQCxZ_7Xs7eszDedN-thbxS5yGCSaEy3EidxH0c7ST1OvMBjne2CyNE0T8HLJyz02ytIj-rEqlrMx2321aVHbDu8dwVqhXaTiX9yUeBBJAWVWjFpUQMN-V0Kghg1SxISxU2K8ADwlKzth-tPFRAak&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCP9vQjQE6YpbiN-_A1fAP6ueBqArJntKxXNWdkfdwwI23ARABIABglar2gZQHggEXY2EtcHViLTc1MDA1OTMyMzY3MDczMjWgAdW20uoDyAEJqQLF4l2CPHayPqgDAaoEkwJP0OGYFX6fKcIFrPpMS3w6GCiqhAXIFDSKYruZW2DWIZkbvt5t3k3ScrAaJ62tRN1SAbg-WGzRnNHUXVM7VmRnnMMh5eFxKhYULNthWi5KmQOUNQ9vo8kQbb-AF_Daj2xV5WuNQlB6xXsP_iLu-kt80DfgiPTUmIuKgsTEMuR5i8lcbLsb3vTnux_pa6va-M3u6MgQeiDcbTiNPz1mbYAqxZrvhQDZQNyL4zxhQblo-49T4UXY31JfdvIak-rYGM0zEvIauuqgWqtB1O-7NvM1shbNASTG7Qx2GUTt_oH78eQ1hyYcl-QItu9_yHUQQ7HK4VtMDmTDPGg3myYFLy_VAWl6hKNuymkgffbSX3Za2UOrBIAGmpSN-dWShNO_AaAGIagHipixAqgHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_1_3efGHjkrv1CoLtqm4bdvWHYa9Q%26client%3Dca-pub-7500593236707325%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
pix.am5.vip.prod.criteo.com
Software
Finatra /
Resource Hash
9f92debf1f188193097eb6cac698f1f2365d0e74edc4a3b8dde44a0ef87ad925
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 17:04:13 GMT
last-modified
Wed, 4 Jun 2008 06:06:06 GMT
server
Finatra
vary
Origin
content-type
image/png
cache-control
public, max-age=29895817
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; preload;
timing-allow-origin
*
content-length
16695
expires
Fri, 03 Mar 2023 17:27:52 GMT
all
csm.eu.criteo.net/ Frame EEBC 		0
128 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://csm.eu.criteo.net/all?cppv=3&cpp=4wblQBmSJUoYbQPbgj24rskHZhmeQiGzxl7cL-55f1geGC7pw_23XYWGs_OiWrjPoSdbXc5Qrn9wljDCwqx9QQkCvuwKbYXX0SKS0u0dkPs7waNDUt29oQepCxJ7SWClbw57vWfsAJVBhkD_DoLS2p4OZU5tfe2akrWnoVt0ZICnyRSFMrIaZDOQdqMrkRFG2awvouWUGxp5mzK8KVKj9mscYe8gAlhmG2pdg-JQKZjUi7AN_5gqQaXXjKviMSX8LGFaxA&sds=2&rev=80956&sendBeacon=true
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=YjoBjQAN8RYIFWBvAABz6qphxwnEdqn_6dcMjw&u=%7CFd%2BOWspn0ZmLqZMCpm4gOgg6b3%2FzCKHZYU%2FTU%2Fvecmo%3D%7C&c1=jWCgqsKSUoWKRvDssmEQ3dRte9oWhU873PslWXxlgwqyDsvBp4X-0QD3WoDqftjeOi_RL70L9weyC34Yx855ByvuuaphRl6LIhhBOyuFdzgD_OILXvE-00gnsDsd9V53xvw75u57s_yRrH5TBJJnhwq0KPXCE2P85FSkj2lUdmMQDyWwwoVs9HvNFLW-AhiYZNhl4NbEdckFEuKnWvJuyLUvvwYOsCcoHLaJR9O3uVciWaOdrmn-tkr16woM0AlxFtEiEgwD8fxaxDIuMqeF_g1DLpa8Lv60UDigWmlpEniRJEyY-CwpC6wvlGngLUXSfSIWEUWvplQrQWAyP5N1PykQCxZ_7Xs7eszDedN-thbxS5yGCSaEy3EidxH0c7ST1OvMBjne2CyNE0T8HLJyz02ytIj-rEqlrMx2321aVHbDu8dwVqhXaTiX9yUeBBJAWVWjFpUQMN-V0Kghg1SxISxU2K8ADwlKzth-tPFRAak&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCP9vQjQE6YpbiN-_A1fAP6ueBqArJntKxXNWdkfdwwI23ARABIABglar2gZQHggEXY2EtcHViLTc1MDA1OTMyMzY3MDczMjWgAdW20uoDyAEJqQLF4l2CPHayPqgDAaoEkwJP0OGYFX6fKcIFrPpMS3w6GCiqhAXIFDSKYruZW2DWIZkbvt5t3k3ScrAaJ62tRN1SAbg-WGzRnNHUXVM7VmRnnMMh5eFxKhYULNthWi5KmQOUNQ9vo8kQbb-AF_Daj2xV5WuNQlB6xXsP_iLu-kt80DfgiPTUmIuKgsTEMuR5i8lcbLsb3vTnux_pa6va-M3u6MgQeiDcbTiNPz1mbYAqxZrvhQDZQNyL4zxhQblo-49T4UXY31JfdvIak-rYGM0zEvIauuqgWqtB1O-7NvM1shbNASTG7Qx2GUTt_oH78eQ1hyYcl-QItu9_yHUQQ7HK4VtMDmTDPGg3myYFLy_VAWl6hKNuymkgffbSX3Za2UOrBIAGmpSN-dWShNO_AaAGIagHipixAqgHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_1_3efGHjkrv1CoLtqm4bdvWHYa9Q%26client%3Dca-pub-7500593236707325%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.0.162 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Finatra /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Referer
https://ads.eu.criteo.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

access-control-allow-origin
*
date
Tue, 22 Mar 2022 17:04:14 GMT
cross-origin-resource-policy
cross-origin
server
Finatra
content-length
0
strict-transport-security
max-age=31536000; preload;
criteo_logo_2021.svg
static.criteo.net/flash/icon/ Frame EEBC 		2 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.criteo.net/flash/icon/criteo_logo_2021.svg
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=YjoBjQAN8RYIFWBvAABz6qphxwnEdqn_6dcMjw&u=%7CFd%2BOWspn0ZmLqZMCpm4gOgg6b3%2FzCKHZYU%2FTU%2Fvecmo%3D%7C&c1=jWCgqsKSUoWKRvDssmEQ3dRte9oWhU873PslWXxlgwqyDsvBp4X-0QD3WoDqftjeOi_RL70L9weyC34Yx855ByvuuaphRl6LIhhBOyuFdzgD_OILXvE-00gnsDsd9V53xvw75u57s_yRrH5TBJJnhwq0KPXCE2P85FSkj2lUdmMQDyWwwoVs9HvNFLW-AhiYZNhl4NbEdckFEuKnWvJuyLUvvwYOsCcoHLaJR9O3uVciWaOdrmn-tkr16woM0AlxFtEiEgwD8fxaxDIuMqeF_g1DLpa8Lv60UDigWmlpEniRJEyY-CwpC6wvlGngLUXSfSIWEUWvplQrQWAyP5N1PykQCxZ_7Xs7eszDedN-thbxS5yGCSaEy3EidxH0c7ST1OvMBjne2CyNE0T8HLJyz02ytIj-rEqlrMx2321aVHbDu8dwVqhXaTiX9yUeBBJAWVWjFpUQMN-V0Kghg1SxISxU2K8ADwlKzth-tPFRAak&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCP9vQjQE6YpbiN-_A1fAP6ueBqArJntKxXNWdkfdwwI23ARABIABglar2gZQHggEXY2EtcHViLTc1MDA1OTMyMzY3MDczMjWgAdW20uoDyAEJqQLF4l2CPHayPqgDAaoEkwJP0OGYFX6fKcIFrPpMS3w6GCiqhAXIFDSKYruZW2DWIZkbvt5t3k3ScrAaJ62tRN1SAbg-WGzRnNHUXVM7VmRnnMMh5eFxKhYULNthWi5KmQOUNQ9vo8kQbb-AF_Daj2xV5WuNQlB6xXsP_iLu-kt80DfgiPTUmIuKgsTEMuR5i8lcbLsb3vTnux_pa6va-M3u6MgQeiDcbTiNPz1mbYAqxZrvhQDZQNyL4zxhQblo-49T4UXY31JfdvIak-rYGM0zEvIauuqgWqtB1O-7NvM1shbNASTG7Qx2GUTt_oH78eQ1hyYcl-QItu9_yHUQQ7HK4VtMDmTDPGg3myYFLy_VAWl6hKNuymkgffbSX3Za2UOrBIAGmpSN-dWShNO_AaAGIagHipixAqgHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_1_3efGHjkrv1CoLtqm4bdvWHYa9Q%26client%3Dca-pub-7500593236707325%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 17:04:14 GMT
content-encoding
gzip
last-modified
Thu, 27 May 2021 13:21:59 GMT
server
nginx
cross-origin-embedder-policy
require-corp
etag
W/"60af9cf7-891"
strict-transport-security
max-age=31536000; preload;
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=31104000, public
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
expires
Fri, 17 Mar 2023 17:04:14 GMT
privacy.svg
static.criteo.net/flash/icon/ Frame EEBC 		2 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.criteo.net/flash/icon/privacy.svg
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=YjoBjQAN8RYIFWBvAABz6qphxwnEdqn_6dcMjw&u=%7CFd%2BOWspn0ZmLqZMCpm4gOgg6b3%2FzCKHZYU%2FTU%2Fvecmo%3D%7C&c1=jWCgqsKSUoWKRvDssmEQ3dRte9oWhU873PslWXxlgwqyDsvBp4X-0QD3WoDqftjeOi_RL70L9weyC34Yx855ByvuuaphRl6LIhhBOyuFdzgD_OILXvE-00gnsDsd9V53xvw75u57s_yRrH5TBJJnhwq0KPXCE2P85FSkj2lUdmMQDyWwwoVs9HvNFLW-AhiYZNhl4NbEdckFEuKnWvJuyLUvvwYOsCcoHLaJR9O3uVciWaOdrmn-tkr16woM0AlxFtEiEgwD8fxaxDIuMqeF_g1DLpa8Lv60UDigWmlpEniRJEyY-CwpC6wvlGngLUXSfSIWEUWvplQrQWAyP5N1PykQCxZ_7Xs7eszDedN-thbxS5yGCSaEy3EidxH0c7ST1OvMBjne2CyNE0T8HLJyz02ytIj-rEqlrMx2321aVHbDu8dwVqhXaTiX9yUeBBJAWVWjFpUQMN-V0Kghg1SxISxU2K8ADwlKzth-tPFRAak&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCP9vQjQE6YpbiN-_A1fAP6ueBqArJntKxXNWdkfdwwI23ARABIABglar2gZQHggEXY2EtcHViLTc1MDA1OTMyMzY3MDczMjWgAdW20uoDyAEJqQLF4l2CPHayPqgDAaoEkwJP0OGYFX6fKcIFrPpMS3w6GCiqhAXIFDSKYruZW2DWIZkbvt5t3k3ScrAaJ62tRN1SAbg-WGzRnNHUXVM7VmRnnMMh5eFxKhYULNthWi5KmQOUNQ9vo8kQbb-AF_Daj2xV5WuNQlB6xXsP_iLu-kt80DfgiPTUmIuKgsTEMuR5i8lcbLsb3vTnux_pa6va-M3u6MgQeiDcbTiNPz1mbYAqxZrvhQDZQNyL4zxhQblo-49T4UXY31JfdvIak-rYGM0zEvIauuqgWqtB1O-7NvM1shbNASTG7Qx2GUTt_oH78eQ1hyYcl-QItu9_yHUQQ7HK4VtMDmTDPGg3myYFLy_VAWl6hKNuymkgffbSX3Za2UOrBIAGmpSN-dWShNO_AaAGIagHipixAqgHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_1_3efGHjkrv1CoLtqm4bdvWHYa9Q%26client%3Dca-pub-7500593236707325%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 17:04:14 GMT
content-encoding
gzip
last-modified
Wed, 19 Feb 2020 10:57:21 GMT
server
nginx
cross-origin-embedder-policy
require-corp
etag
W/"5e4d1491-646"
strict-transport-security
max-age=31536000; preload;
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=31104000, public
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
expires
Fri, 17 Mar 2023 17:04:14 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 6830 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?v=3&s=pagead&action=load3pas&it=bdt.554,req.153,bpp.7,fb.395,e2e.865,fs.165,reqs.166,ress.395,rese.396&srt=231&e=&id=csi_pagead&gqid=jQE6YvD6OJi51fAPj-mHgAg&qqid=CLjM4NGZ2vYCFRGzcQodv1MMPA&rt=lb.209,ol.470
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 22 Mar 2022 17:04:14 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
track.adform.net/adfserve/ Frame 7808 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://track.adform.net/adfserve/?CC=1&bn=53432684;click=https%3A%2F%2Fhal900028.redintelligence.net%2Fc%2Fpcw1gnelwdw9crj%3Ftprde%3D;js=1;adfxid=1x;8012;set=en-US|en-US|1600X1200|0|300|250|24|8|3|7|1|;cmpgdpr=;cmpgdprconsent=;fd=0|0&CREFURL=https%3A%2F%2Fthreatpost.com
Requested by
Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.3.28 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
25aeecc916b32c01cf4d37c7de9b6f9438f5e6cb67b97c33c7893cbbc719880c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://hal900028.redintelligence.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 22 Mar 2022 17:04:14 GMT
content-encoding
gzip
server
nginx
vary
Accept-Encoding
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, no-transform
strict-transport-security
max-age=31536000; includeSubDomains
content-type
text/javascript; charset=utf-8
content-length
2050
expires
-1
rs
ad4m.at/ Frame D6A0 		2 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://ad4m.at/rs
Requested by
Host: ad4m.at
URL: https://ad4m.at/r62eglto.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
803d45d072549f3f0282de85c64772dc5d85807cc7e9099595b6853b601195ae

Request headers

Referer
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type
application/json

Response headers

cf-ray
6f00815bfb5b9a23-FRA
date
Tue, 22 Mar 2022 17:04:14 GMT
via
1.1 google
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zLk6sZAk8g7cUZ%2FqiGh8lImt6%2FXM6aZXTyDO6gbEwp%2BQpEaN6V%2BbOQvtae6oPbctB8KymLzWll1DC9hPEypsUHmLnuqygOQ14bKX5S1qNY3KhBz5qjFKLg%2BUL6tRoyjVJgSxIz0%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/plain
access-control-allow-origin
https://as.ad4m.at
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
access-control-allow-credentials
true
content-encoding
br
x-backend-server
aa-reachservice-group-europe-west1-6p4n
rs
ad4m.at/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://ad4m.at/rs
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Method
POST
Access-Control-Request-Headers
content-type
Origin
https://as.ad4m.at
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

date
Tue, 22 Mar 2022 17:04:14 GMT
content-type
text/plain
content-length
24
access-control-allow-origin
https://as.ad4m.at
access-control-allow-credentials
true
access-control-max-age
1800
access-control-allow-methods
GET,PATCH,POST,OPTIONS,DELETE
access-control-allow-headers
content-type
allow
HEAD,POST,GET,OPTIONS
x-backend-server
aa-reachservice-group-europe-west1-6p4n
via
1.1 google
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FS3n2S%2BsY8TqO92JvW6Z%2FfazpnNynaAtt1jPVRXGU%2FDIOzsG%2FR34nlkb7KUmQznIpDYwfthIkGYMLoK5vT67GRFCqFpFBmWYXF4jbJrov9KDt2jY7WO1oYMsYMwC2EKgWS2cJvw%3D"}],"group":"cf-nel","max_age":604800}
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
cf-ray
6f00815bbacc9a23-FRA
tap.php
pixel.rubiconproject.com/ Frame CD6A
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc&gdpr=0
  • https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&gdpr=0&put=CAESEKp-Qk_tZEv98P_muAoxG2A&google_cver=1
0
239 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&gdpr=0&put=CAESEKp-Qk_tZEv98P_muAoxG2A&google_cver=1
Requested by
Host: threatpost.com
URL: https://threatpost.com/microsoft-exchange-exploited-cuba-ransomware/178665/?es_id=3416c12156
Protocol
HTTP/1.1
Server
69.173.144.165 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost
704c1e4d3fcc922a3031d436b584678b
Content-Type
image/gif

Redirect headers

pragma
no-cache
date
Tue, 22 Mar 2022 17:04:14 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&gdpr=0&put=CAESEKp-Qk_tZEv98P_muAoxG2A&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
337
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
709414.gif
id.rlcdn.com/ Frame CD6A 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://id.rlcdn.com/709414.gif?gdpr=0
Requested by
Host: threatpost.com
URL: https://threatpost.com/microsoft-exchange-exploited-cuba-ransomware/178665/?es_id=3416c12156
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
68.174.244.35.bc.googleusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers
ecm3
aax-eu.amazon-adsystem.com/s/ Frame CD6A
Redirect Chain
  • https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=&gdpr=0
  • https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=&gdpr=0&dcc=t
  • https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=COJkjIbaQ4aiVgD_R8UJaQ&rk=usync-other&gdpr=0
  • https://aax-eu.amazon-adsystem.com/s/ecm3?ex=rubiconprojectHMT&id=COJkjIbaQ4aiVgD_R8UJaQ&gdpr=0
43 B
556 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aax-eu.amazon-adsystem.com/s/ecm3?ex=rubiconprojectHMT&id=COJkjIbaQ4aiVgD_R8UJaQ&gdpr=0
Protocol
HTTP/1.1
Server
52.95.126.160 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 22 Mar 2022 17:04:15 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
QS9WB09X515N0RRDGQNM
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Location
https://aax-eu.amazon-adsystem.com/s/ecm3?ex=rubiconprojectHMT&id=COJkjIbaQ4aiVgD_R8UJaQ&gdpr=0
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
704c1e4d3fcc922a3031d436b584678b
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
pixel
cm.g.doubleclick.net/ Frame CD6A
Redirect Chain
  • https://token.rubiconproject.com/token?pid=25470&gdpr=0
  • https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDEyRFpIUlUtTy03SlJW&gdpr=0
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDEyRFpIUlUtTy03SlJW&gdpr=0
Requested by
Host: threatpost.com
URL: https://threatpost.com/microsoft-exchange-exploited-cuba-ransomware/178665/?es_id=3416c12156
Protocol
H3
Server
142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 22 Mar 2022 17:04:14 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDEyRFpIUlUtTy03SlJW&gdpr=0
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
78e3bdce5107450057bade54d54a0a7e
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
setuid
px.ads.linkedin.com/ Frame CD6A
Redirect Chain
  • https://token.rubiconproject.com/token?pid=36584&gdpr=0
  • https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=L12DZHRU-O-7JRV&gdpr=0
0
173 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=L12DZHRU-O-7JRV&gdpr=0
Requested by
Host: threatpost.com
URL: https://threatpost.com/microsoft-exchange-exploited-cuba-ransomware/178665/?es_id=3416c12156
Protocol
H2
Server
2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 17:04:14 GMT
x-li-pop
afd-prod-lor1-x
x-msedge-ref
Ref A: 7C68D9A99B81451E992B3891B49EEE23 Ref B: FRAEDGE1110 Ref C: 2022-03-22T17:04:14Z
linkedin-action
1
x-cache
CONFIG_NOCACHE
x-li-fabric
prod-lor1
x-li-proto
http/2
content-length
0
x-li-uuid
AAXa0ZpGMJZ/W8ZKbWipHA==

Redirect headers

Location
https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=L12DZHRU-O-7JRV&gdpr=0
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
78e3bdce5107450057bade54d54a0a7e
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
pixel
cm.g.doubleclick.net/ Frame CD6A
Redirect Chain
  • https://token.rubiconproject.com/token?pid=2249&pt=n&gdpr=0
  • https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=NGYwODE0OTU2MTk0MjdhMzczNzNkYmQzYzI5NzcwNDJhY2U3MTlhNg&gdpr=0
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=NGYwODE0OTU2MTk0MjdhMzczNzNkYmQzYzI5NzcwNDJhY2U3MTlhNg&gdpr=0
Requested by
Host: threatpost.com
URL: https://threatpost.com/microsoft-exchange-exploited-cuba-ransomware/178665/?es_id=3416c12156
Protocol
H3
Server
142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 22 Mar 2022 17:04:14 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=NGYwODE0OTU2MTk0MjdhMzczNzNkYmQzYzI5NzcwNDJhY2U3MTlhNg&gdpr=0
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
3bafef7aa4e37890defcd73f0a080481
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
ecm3
s.amazon-adsystem.com/ Frame CD6A
Redirect Chain
  • https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=&gdpr=0
  • https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=&gdpr=0&dcc=t
  • https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=YI9Xqh5aRl-RSAGBjAOgBQ&rk=usync-na&gdpr=0
  • https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=YI9Xqh5aRl-RSAGBjAOgBQ&gdpr=0
43 B
556 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=YI9Xqh5aRl-RSAGBjAOgBQ&gdpr=0
Protocol
HTTP/1.1
Server
209.54.180.3 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 22 Mar 2022 17:04:15 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
ZNYXK4Y359S9HTTW1KYR
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Location
https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=YI9Xqh5aRl-RSAGBjAOgBQ&gdpr=0
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
704c1e4d3fcc922a3031d436b584678b
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
rubicon
match.adsrvr.org/track/cmf/ Frame CD6A 		70 B
265 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.adsrvr.org/track/cmf/rubicon?gdpr=0
Requested by
Host: threatpost.com
URL: https://threatpost.com/microsoft-exchange-exploited-cuba-ransomware/178665/?es_id=3416c12156
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.223.40.198 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a6370ebea231e0c9a.awsglobalaccelerator.com
Software
/
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 22 Mar 2022 17:04:14 GMT
cache-control
private,no-cache, must-revalidate
x-aspnet-version
4.0.30319
content-type
image/gif
content-length
70
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
truncated
/ Frame 7808 		43 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type
image/gif
addDoubleBorder.js
cdn.contentspread.net/24i/tools/js/ Frame 7808 		851 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.contentspread.net/24i/tools/js/addDoubleBorder.js
Requested by
Host: hal900028.redintelligence.net
URL: https://hal900028.redintelligence.net/request_content.php?s=73840600174980904354386011906028&a=aa5a9e21
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
85.114.131.234 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),
Reverse DNS
srv21038.dus4.fastwebserver.de
Software
nginx /
Resource Hash
abaa484421865309a7781e540844f1b5260ed131080f8dd9f083d8f18beea107

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://hal900028.redintelligence.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date
Tue, 22 Mar 2022 17:04:14 GMT
Last-Modified
Tue, 03 May 2016 20:54:50 GMT
Server
nginx
ETag
"5729101a-353"
Content-Type
application/javascript
Connection
close
Accept-Ranges
bytes
Content-Length
851
Standard
s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.219/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/ Frame 7808 		90 KB
39 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.219/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard
Requested by
Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.2.249 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
f7e06ae449bdd4ebece6e26cdb36840f7cb19f28b57bbb6b8647a54535557d3f

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://hal900028.redintelligence.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 17:04:14 GMT
content-encoding
gzip
last-modified
Thu, 10 Feb 2022 15:16:56 GMT
server
nginx
x-cache-status
HIT
vary
Accept-Encoding
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=100000
expires
Wed, 23 Mar 2022 19:59:04 GMT
rar
as.ad4m.at/ad/ Frame 1BA4 		6 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://as.ad4m.at/ad/rar?a=19458%2C161594%2C182000&b=PJ4HBfEbaJw4C9HjHbtMtPPxuZT9TkGCp%2CpVEU1f8gfmgx6akH4HmtztQQKhgTRT12UE%2CY2jcrfG3f5BXkfVH9HetQtReGtAT1TK1Tr&f=bwqTQfYZsxgPFYHbHzt8Cww8UxTJTJPSJ%2CJAYFzfk5t69XPTBH6H7tqCppVfXTgTrVSX%2CqGXsmf1WUJ5zAhZHgHDtRCXwgFPTgTq4s3&c=300&d=250&e=NhbHSjMuvY9e0Im09RbVsen17FyuU8yf&g=3616e875ad3bedb0bc34d78c52c48bce%2F267829142890532070&i=20774%2C20773%2C20703&j=14%2C14%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach43_TopRotaMonth&r=1647968654739&h=%252F%252Fas.ad4m.at%252Fdct%253Fed%253D1j6ka1bqbna4c05gnz9339w1ahgpt0dhp2c0dyhe8258qkqmz63s8jgjp6mpnhjrmc3qgmrh99se1rjd3v24kebhwk7qd52gwjtpmh8ap1016bn2zkn7qw9yee19d4mbxkt19rmyw81c77pezgm89f4v1yy7ax99wvkrfvfw41n5whpt67ew7vgnsr7mkrenyka4jyenhxc9v9j5x0ggtwmbqp7x2qc4xeba07kbz94ht0d1gmhr46f0f1q68e20mxtewpath9vyv7ehcs20%2526h%253Dhttps%25253A%25252F%25252Fadclick.g.doubleclick.net%25252Faclk%25253Fsa%25253DL%252526ai%25253DCjk71jQE6YvjROZHmxgO_p7HgA5DhgYRctqjCivACwI23ARABIABglar2gZQHggEXY2EtcHViLTc1MDA1OTMyMzY3MDczMjWgAcKu6N0DyAEJqQL31ZcPv3yyPqgDAaoElAJP0GI2VP4rfUMU7ywXi59Xq3tydjde3LVVdCWAHjntB9iprKCmFIbBqjf4tdTEr9ENTwv5vOM9uCNwgIRclJs_2O0I-HdycHUvsfwkKBWABUnJGbLoBRCmuu7t-UVoesvOsAfeYHhM46x9liKtbVHA1XHIm4j4HQr1omECjhpZfubBia7W-xdgoEtJDyh1yMaQXjIFyqXJ_Tnb6pxp8E2s73lxkcn0NHv0theoW_6mKnX9HnA87C84os75_yIF92rI2dUl3-hwXY4fi5U2FzE10FOlu5Iv-kRDfU_4Yq7jNBgfUV34kf1d8_AXC5PRTdarf8SxXBF-_FkgYmtoPzAOLI7FTw5Gia1ml1NpC6HVXoZbocOABry2mfOd_o_LMaAGIagHipixAqgHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%252526num%25253D1%252526sig%25253DAOD64_2C8EvCB_qxAFxA4MtUPO62dnFFuQ%252526client%25253Dca-pub-7500593236707325%252526adurl%25253D&y=1&z=0
Requested by
Host: ad4m.at
URL: https://ad4m.at/r62eglto.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:20::681a:ad1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6633839a8fbf35935ae2364c63926d1978a4aca90130cba35cc0f9b9bbf5a7fb
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri *;child-src *;connect-src *;default-src 'self';font-src *;form-action 'none';frame-ancestors * data:;frame-src *;img-src * data:;manifest-src 'none';media-src 'none';navigate-to *;object-src 'none';prefetch-src 'none';script-src * 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';worker-src 'none'
Strict-Transport-Security max-age=86400; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://as.ad4m.at/ad/dr?ed=1jhch34kkrnh671rz3mc0cwefh24xr29e2s9w8g01fybcsyq9hk36j03czx1azm669x3xayzcgqfmt3c5j3ttaqka6k8s6h975zbhbs7xkt090dkv0q0wxchtf1k1x8smeznj8cbm5188ce9g03x41pa6wbkmjwd1ej5nravxgz8wewqgjs95nte4k3pzmc2vxbp4f64pazn3192m4k2agp7r93snretw457wspwge4j1y8sy8qpzm4rw97b6kt8r3bay64nf1mzvyv0zvqc0eey9g9tvjkq275d6pdrvbxdrzwprckgy2mp3pfnk1battv98kx4nx9jbx8kb6y5c0esgbrgwbt6gnbqfzajjanj8qrjcx812cdg2gthxkjebdv92eqsx8pf8ynwy58re0c92j7a15cfzfsahep5njqrv681ypjjg&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCjk71jQE6YvjROZHmxgO_p7HgA5DhgYRctqjCivACwI23ARABIABglar2gZQHggEXY2EtcHViLTc1MDA1OTMyMzY3MDczMjWgAcKu6N0DyAEJqQL31ZcPv3yyPqgDAaoElAJP0GI2VP4rfUMU7ywXi59Xq3tydjde3LVVdCWAHjntB9iprKCmFIbBqjf4tdTEr9ENTwv5vOM9uCNwgIRclJs_2O0I-HdycHUvsfwkKBWABUnJGbLoBRCmuu7t-UVoesvOsAfeYHhM46x9liKtbVHA1XHIm4j4HQr1omECjhpZfubBia7W-xdgoEtJDyh1yMaQXjIFyqXJ_Tnb6pxp8E2s73lxkcn0NHv0theoW_6mKnX9HnA87C84os75_yIF92rI2dUl3-hwXY4fi5U2FzE10FOlu5Iv-kRDfU_4Yq7jNBgfUV34kf1d8_AXC5PRTdarf8SxXBF-_FkgYmtoPzAOLI7FTw5Gia1ml1NpC6HVXoZbocOABry2mfOd_o_LMaAGIagHipixAqgHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_2C8EvCB_qxAFxA4MtUPO62dnFFuQ%26client%3Dca-pub-7500593236707325%26adurl%3D

Response headers

date
Tue, 22 Mar 2022 17:04:14 GMT
content-type
text/html; charset=utf-8
x-download-options
noopen
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate
feature-policy
geolocation 'none';midi 'none';sync-xhr 'none';microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';fullscreen 'none';payment 'none';accelerometer 'none';usb 'none';autoplay 'self'
report-to
{"endpoints":[{"url":"/ad/vre"}],"group":"report-endpoint","max_age":86400}
pragma
no-cache
x-xss-protection
1; mode=block
strict-transport-security
max-age=86400; includeSubDomains; preload
referrer-policy
same-origin
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
cross-origin-opener-policy
unsafe-none
content-security-policy
block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri *;child-src *;connect-src *;default-src 'self';font-src *;form-action 'none';frame-ancestors * data:;frame-src *;img-src * data:;manifest-src 'none';media-src 'none';navigate-to *;object-src 'none';prefetch-src 'none';script-src * 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';worker-src 'none'
cross-origin-embedder-policy
unsafe-none
surrogate-control
no-store
nel
{"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0","include_subdomains":true}
vary
accept-encoding
expires
0
via
1.1 google
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
6f00815c7ee068ec-FRA
content-encoding
br
default.css
as.ad4m.at/ad/style/0.1.18/one-ad/ Frame 1BA4 		81 KB
11 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://as.ad4m.at/ad/style/0.1.18/one-ad/default.css
Requested by
Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=19458%2C161594%2C182000&b=PJ4HBfEbaJw4C9HjHbtMtPPxuZT9TkGCp%2CpVEU1f8gfmgx6akH4HmtztQQKhgTRT12UE%2CY2jcrfG3f5BXkfVH9HetQtReGtAT1TK1Tr&f=bwqTQfYZsxgPFYHbHzt8Cww8UxTJTJPSJ%2CJAYFzfk5t69XPTBH6H7tqCppVfXTgTrVSX%2CqGXsmf1WUJ5zAhZHgHDtRCXwgFPTgTq4s3&c=300&d=250&e=NhbHSjMuvY9e0Im09RbVsen17FyuU8yf&g=3616e875ad3bedb0bc34d78c52c48bce%2F267829142890532070&i=20774%2C20773%2C20703&j=14%2C14%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach43_TopRotaMonth&r=1647968654739&h=%252F%252Fas.ad4m.at%252Fdct%253Fed%253D1j6ka1bqbna4c05gnz9339w1ahgpt0dhp2c0dyhe8258qkqmz63s8jgjp6mpnhjrmc3qgmrh99se1rjd3v24kebhwk7qd52gwjtpmh8ap1016bn2zkn7qw9yee19d4mbxkt19rmyw81c77pezgm89f4v1yy7ax99wvkrfvfw41n5whpt67ew7vgnsr7mkrenyka4jyenhxc9v9j5x0ggtwmbqp7x2qc4xeba07kbz94ht0d1gmhr46f0f1q68e20mxtewpath9vyv7ehcs20%2526h%253Dhttps%25253A%25252F%25252Fadclick.g.doubleclick.net%25252Faclk%25253Fsa%25253DL%252526ai%25253DCjk71jQE6YvjROZHmxgO_p7HgA5DhgYRctqjCivACwI23ARABIABglar2gZQHggEXY2EtcHViLTc1MDA1OTMyMzY3MDczMjWgAcKu6N0DyAEJqQL31ZcPv3yyPqgDAaoElAJP0GI2VP4rfUMU7ywXi59Xq3tydjde3LVVdCWAHjntB9iprKCmFIbBqjf4tdTEr9ENTwv5vOM9uCNwgIRclJs_2O0I-HdycHUvsfwkKBWABUnJGbLoBRCmuu7t-UVoesvOsAfeYHhM46x9liKtbVHA1XHIm4j4HQr1omECjhpZfubBia7W-xdgoEtJDyh1yMaQXjIFyqXJ_Tnb6pxp8E2s73lxkcn0NHv0theoW_6mKnX9HnA87C84os75_yIF92rI2dUl3-hwXY4fi5U2FzE10FOlu5Iv-kRDfU_4Yq7jNBgfUV34kf1d8_AXC5PRTdarf8SxXBF-_FkgYmtoPzAOLI7FTw5Gia1ml1NpC6HVXoZbocOABry2mfOd_o_LMaAGIagHipixAqgHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%252526num%25253D1%252526sig%25253DAOD64_2C8EvCB_qxAFxA4MtUPO62dnFFuQ%252526client%25253Dca-pub-7500593236707325%252526adurl%25253D&y=1&z=0
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:20::681a:ad1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0442de55e3838ce2b8cfca9a7ad2a6bcecfd94844453c13b38d7a9f1d31944b9
Security Headers
Name Value
Strict-Transport-Security max-age=86400; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://as.ad4m.at/ad/rar?a=19458%2C161594%2C182000&b=PJ4HBfEbaJw4C9HjHbtMtPPxuZT9TkGCp%2CpVEU1f8gfmgx6akH4HmtztQQKhgTRT12UE%2CY2jcrfG3f5BXkfVH9HetQtReGtAT1TK1Tr&f=bwqTQfYZsxgPFYHbHzt8Cww8UxTJTJPSJ%2CJAYFzfk5t69XPTBH6H7tqCppVfXTgTrVSX%2CqGXsmf1WUJ5zAhZHgHDtRCXwgFPTgTq4s3&c=300&d=250&e=NhbHSjMuvY9e0Im09RbVsen17FyuU8yf&g=3616e875ad3bedb0bc34d78c52c48bce%2F267829142890532070&i=20774%2C20773%2C20703&j=14%2C14%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach43_TopRotaMonth&r=1647968654739&h=%252F%252Fas.ad4m.at%252Fdct%253Fed%253D1j6ka1bqbna4c05gnz9339w1ahgpt0dhp2c0dyhe8258qkqmz63s8jgjp6mpnhjrmc3qgmrh99se1rjd3v24kebhwk7qd52gwjtpmh8ap1016bn2zkn7qw9yee19d4mbxkt19rmyw81c77pezgm89f4v1yy7ax99wvkrfvfw41n5whpt67ew7vgnsr7mkrenyka4jyenhxc9v9j5x0ggtwmbqp7x2qc4xeba07kbz94ht0d1gmhr46f0f1q68e20mxtewpath9vyv7ehcs20%2526h%253Dhttps%25253A%25252F%25252Fadclick.g.doubleclick.net%25252Faclk%25253Fsa%25253DL%252526ai%25253DCjk71jQE6YvjROZHmxgO_p7HgA5DhgYRctqjCivACwI23ARABIABglar2gZQHggEXY2EtcHViLTc1MDA1OTMyMzY3MDczMjWgAcKu6N0DyAEJqQL31ZcPv3yyPqgDAaoElAJP0GI2VP4rfUMU7ywXi59Xq3tydjde3LVVdCWAHjntB9iprKCmFIbBqjf4tdTEr9ENTwv5vOM9uCNwgIRclJs_2O0I-HdycHUvsfwkKBWABUnJGbLoBRCmuu7t-UVoesvOsAfeYHhM46x9liKtbVHA1XHIm4j4HQr1omECjhpZfubBia7W-xdgoEtJDyh1yMaQXjIFyqXJ_Tnb6pxp8E2s73lxkcn0NHv0theoW_6mKnX9HnA87C84os75_yIF92rI2dUl3-hwXY4fi5U2FzE10FOlu5Iv-kRDfU_4Yq7jNBgfUV34kf1d8_AXC5PRTdarf8SxXBF-_FkgYmtoPzAOLI7FTw5Gia1ml1NpC6HVXoZbocOABry2mfOd_o_LMaAGIagHipixAqgHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%252526num%25253D1%252526sig%25253DAOD64_2C8EvCB_qxAFxA4MtUPO62dnFFuQ%252526client%25253Dca-pub-7500593236707325%252526adurl%25253D&y=1&z=0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 17:04:14 GMT
via
1.1 google
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0","include_subdomains":true}
age
682393
cross-origin-embedder-policy
unsafe-none
cf-polished
origSize=83581
surrogate-control
no-store
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=86400; includeSubDomains; preload
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection
1; mode=block
pragma
no-cache
referrer-policy
same-origin
expires
0
last-modified
Mon, 14 Mar 2022 19:31:01 GMT
server
cloudflare
cross-origin-opener-policy
unsafe-none
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-download-options
noopen
report-to
{"endpoints":[{"url":"/ad/vre"}],"group":"report-endpoint","max_age":86400}
content-type
text/css; charset=utf-8
vary
Accept-Encoding
cache-control
max-age=3600, must-revalidate, proxy-revalidate
cf-ray
6f00815d183d68ec-FRA
cf-bgj
minify
D694B3AB12381C049B127B34DC11A792684BA8B6EE8B598D6E4045678591B7D0DC6B2CEF7528F06BB05FC11826A1D16CF24DA68FCFC2416343996FBFC05A3155
assets.ad4m.at/logo/ Frame 1BA4 		53 KB
54 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.ad4m.at/logo/D694B3AB12381C049B127B34DC11A792684BA8B6EE8B598D6E4045678591B7D0DC6B2CEF7528F06BB05FC11826A1D16CF24DA68FCFC2416343996FBFC05A3155
Requested by
Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=19458%2C161594%2C182000&b=PJ4HBfEbaJw4C9HjHbtMtPPxuZT9TkGCp%2CpVEU1f8gfmgx6akH4HmtztQQKhgTRT12UE%2CY2jcrfG3f5BXkfVH9HetQtReGtAT1TK1Tr&f=bwqTQfYZsxgPFYHbHzt8Cww8UxTJTJPSJ%2CJAYFzfk5t69XPTBH6H7tqCppVfXTgTrVSX%2CqGXsmf1WUJ5zAhZHgHDtRCXwgFPTgTq4s3&c=300&d=250&e=NhbHSjMuvY9e0Im09RbVsen17FyuU8yf&g=3616e875ad3bedb0bc34d78c52c48bce%2F267829142890532070&i=20774%2C20773%2C20703&j=14%2C14%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach43_TopRotaMonth&r=1647968654739&h=%252F%252Fas.ad4m.at%252Fdct%253Fed%253D1j6ka1bqbna4c05gnz9339w1ahgpt0dhp2c0dyhe8258qkqmz63s8jgjp6mpnhjrmc3qgmrh99se1rjd3v24kebhwk7qd52gwjtpmh8ap1016bn2zkn7qw9yee19d4mbxkt19rmyw81c77pezgm89f4v1yy7ax99wvkrfvfw41n5whpt67ew7vgnsr7mkrenyka4jyenhxc9v9j5x0ggtwmbqp7x2qc4xeba07kbz94ht0d1gmhr46f0f1q68e20mxtewpath9vyv7ehcs20%2526h%253Dhttps%25253A%25252F%25252Fadclick.g.doubleclick.net%25252Faclk%25253Fsa%25253DL%252526ai%25253DCjk71jQE6YvjROZHmxgO_p7HgA5DhgYRctqjCivACwI23ARABIABglar2gZQHggEXY2EtcHViLTc1MDA1OTMyMzY3MDczMjWgAcKu6N0DyAEJqQL31ZcPv3yyPqgDAaoElAJP0GI2VP4rfUMU7ywXi59Xq3tydjde3LVVdCWAHjntB9iprKCmFIbBqjf4tdTEr9ENTwv5vOM9uCNwgIRclJs_2O0I-HdycHUvsfwkKBWABUnJGbLoBRCmuu7t-UVoesvOsAfeYHhM46x9liKtbVHA1XHIm4j4HQr1omECjhpZfubBia7W-xdgoEtJDyh1yMaQXjIFyqXJ_Tnb6pxp8E2s73lxkcn0NHv0theoW_6mKnX9HnA87C84os75_yIF92rI2dUl3-hwXY4fi5U2FzE10FOlu5Iv-kRDfU_4Yq7jNBgfUV34kf1d8_AXC5PRTdarf8SxXBF-_FkgYmtoPzAOLI7FTw5Gia1ml1NpC6HVXoZbocOABry2mfOd_o_LMaAGIagHipixAqgHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%252526num%25253D1%252526sig%25253DAOD64_2C8EvCB_qxAFxA4MtUPO62dnFFuQ%252526client%25253Dca-pub-7500593236707325%252526adurl%25253D&y=1&z=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:ad1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f7cdf71044448cb736733f5163fff96081d51ba4101567d61d22ee5998a7a399

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-goog-hash
crc32c=V11ayA==, md5=Cid9We/KA2mmmDZF4nNlng==
date
Tue, 22 Mar 2022 17:04:14 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
65461
cf-polished
origFmt=png, origSize=115129
x-guploader-uploadid
ADPycdtRM1_9jMJhXg-Mt_e670bA-WcGaQweP5ZOysds8vdkiBITvTSVJBnH7fMIl6jk0j9Bue0zWyiqjnuPDN5XBqb8P1POtw
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
54564
last-modified
Tue, 09 Feb 2021 15:11:24 GMT
server
cloudflare
etag
"0a277d59efca0369a6983645e273659e"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=W0u4nYO3FUKNg6verr9%2BpOqX7UqJ5Ymi7KSzn5Qdw5JW%2BtJqVT89JbBely8FFwlQpmCsaZaJACk1j2BKWiL0%2F8mdkp9NYOt%2BmYl1qHFTmE9nfg45dT4YybgCW5618SNByElgRj%2F6%2B3H%2BI9vz"}],"group":"cf-nel","max_age":604800}
x-goog-generation
1612883484779402
content-type
image/webp
expires
Wed, 23 Mar 2022 17:04:14 GMT
cache-control
public, max-age=86400
x-goog-stored-content-length
115129
accept-ranges
bytes
cf-ray
6f00815d48529137-FRA
cf-bgj
imgq:85,h2pri
1D53E9CF3821E81F5644C8C6FD10FC3C1E53F2F21748B14D50333BD8E08058E50BE70BEE9D071C4FD38992D3B57467DAA70308BF0B8E9E5A740263D0F5C9EE6D
assets.ad4m.at/product_image/ Frame 1BA4 		21 KB
22 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.ad4m.at/product_image/1D53E9CF3821E81F5644C8C6FD10FC3C1E53F2F21748B14D50333BD8E08058E50BE70BEE9D071C4FD38992D3B57467DAA70308BF0B8E9E5A740263D0F5C9EE6D
Requested by
Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=19458%2C161594%2C182000&b=PJ4HBfEbaJw4C9HjHbtMtPPxuZT9TkGCp%2CpVEU1f8gfmgx6akH4HmtztQQKhgTRT12UE%2CY2jcrfG3f5BXkfVH9HetQtReGtAT1TK1Tr&f=bwqTQfYZsxgPFYHbHzt8Cww8UxTJTJPSJ%2CJAYFzfk5t69XPTBH6H7tqCppVfXTgTrVSX%2CqGXsmf1WUJ5zAhZHgHDtRCXwgFPTgTq4s3&c=300&d=250&e=NhbHSjMuvY9e0Im09RbVsen17FyuU8yf&g=3616e875ad3bedb0bc34d78c52c48bce%2F267829142890532070&i=20774%2C20773%2C20703&j=14%2C14%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach43_TopRotaMonth&r=1647968654739&h=%252F%252Fas.ad4m.at%252Fdct%253Fed%253D1j6ka1bqbna4c05gnz9339w1ahgpt0dhp2c0dyhe8258qkqmz63s8jgjp6mpnhjrmc3qgmrh99se1rjd3v24kebhwk7qd52gwjtpmh8ap1016bn2zkn7qw9yee19d4mbxkt19rmyw81c77pezgm89f4v1yy7ax99wvkrfvfw41n5whpt67ew7vgnsr7mkrenyka4jyenhxc9v9j5x0ggtwmbqp7x2qc4xeba07kbz94ht0d1gmhr46f0f1q68e20mxtewpath9vyv7ehcs20%2526h%253Dhttps%25253A%25252F%25252Fadclick.g.doubleclick.net%25252Faclk%25253Fsa%25253DL%252526ai%25253DCjk71jQE6YvjROZHmxgO_p7HgA5DhgYRctqjCivACwI23ARABIABglar2gZQHggEXY2EtcHViLTc1MDA1OTMyMzY3MDczMjWgAcKu6N0DyAEJqQL31ZcPv3yyPqgDAaoElAJP0GI2VP4rfUMU7ywXi59Xq3tydjde3LVVdCWAHjntB9iprKCmFIbBqjf4tdTEr9ENTwv5vOM9uCNwgIRclJs_2O0I-HdycHUvsfwkKBWABUnJGbLoBRCmuu7t-UVoesvOsAfeYHhM46x9liKtbVHA1XHIm4j4HQr1omECjhpZfubBia7W-xdgoEtJDyh1yMaQXjIFyqXJ_Tnb6pxp8E2s73lxkcn0NHv0theoW_6mKnX9HnA87C84os75_yIF92rI2dUl3-hwXY4fi5U2FzE10FOlu5Iv-kRDfU_4Yq7jNBgfUV34kf1d8_AXC5PRTdarf8SxXBF-_FkgYmtoPzAOLI7FTw5Gia1ml1NpC6HVXoZbocOABry2mfOd_o_LMaAGIagHipixAqgHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%252526num%25253D1%252526sig%25253DAOD64_2C8EvCB_qxAFxA4MtUPO62dnFFuQ%252526client%25253Dca-pub-7500593236707325%252526adurl%25253D&y=1&z=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:ad1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ea39dba2b498dfe4e18255e241acf246f9229c8deb54e5b2530cadb51a25bd58

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-goog-hash
crc32c=dV1e1g==, md5=OdUvFkjawxXrzJxPpO1XKA==
date
Tue, 22 Mar 2022 17:04:14 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
63607
cf-polished
qual=85, origFmt=jpeg, origSize=60655
x-guploader-uploadid
ADPycdsLC_336vGw4WCvNf-AR1xFXz6OmPMsjDfFv7I9RwKwczJ8jsTt37JQljdVS8EX4SHLouJjlMtfxYcIP6wHiEo
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
21982
last-modified
Fri, 11 Dec 2020 13:58:13 GMT
server
cloudflare
etag
"39d52f1648dac315ebcc9c4fa4ed5728"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8rGh1mvWuBsOZX5bKtkcVVFCy8JfObP3U3AfgFqiTqQut8PWn3ug6tQIMgmAyxSrAxGBSAyFvVRvbaWpbuzouzDm9E1k%2FysllcU189C%2B7xyow45k8jApVbAAPh5nEWeFkpF9SALeSccycxkh"}],"group":"cf-nel","max_age":604800}
x-goog-generation
1607695093714344
content-type
image/webp
expires
Wed, 23 Mar 2022 17:04:14 GMT
cache-control
public, max-age=86400
x-goog-stored-content-length
60655
accept-ranges
bytes
cf-ray
6f00815d48559137-FRA
cf-bgj
imgq:85,h2pri
/
partner.o2online.de/a/ Frame 1BA4
Redirect Chain
  • https://www.telefonica-partner.de/tpv.php?t=117679V1226132702M&subid=oneidPJ4HBfEbaJw4C9HjHbtMtPPxuZT9TkGCponeid__asuidNhbHSjMuvY9e0Im09RbVsen17FyuU8yfasuid__suite_Netmix_Reach43_TopRotaMonth&gdpr_...
  • https://www.lead-alliance.net/tpv.php?t=117679V1226132702M&subid=oneidPJ4HBfEbaJw4C9HjHbtMtPPxuZT9TkGCponeid__asuidNhbHSjMuvY9e0Im09RbVsen17FyuU8yfasuid__suite_Netmix_Reach43_TopRotaMonth&gdpr_cons...
  • https://partner.o2online.de/a/?i=pview&client=o2&camp=pview&l=de&nw=lea1&affiliate=117679&s_id=2022032218041566049676117X117679V1226132702MSoneidPJ4HBfEbaJw4C9HjHbtMtPPxuZT9TkGCponeid__asuidNhbHSjM...
49 B
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://partner.o2online.de/a/?i=pview&client=o2&camp=pview&l=de&nw=lea1&affiliate=117679&s_id=2022032218041566049676117X117679V1226132702MSoneidPJ4HBfEbaJw4C9HjHbtMtPPxuZT9TkGCponeid__asuidNhbHSjMuvY9e0Im09RbVsen17FyuU8yfasuid__suite_Netmix_Reach43_TopRotaMonth&spid=2022032218041566049676117X117679V1226132702MSoneidPJ4HBfEbaJw4C9HjHbtMtPPxuZT9TkGCponeid__asuidNhbHSjMuvY9e0Im09RbVsen17FyuU8yfasuid__suite_Netmix_Reach43_TopRotaMonth&wfid=117679
Requested by
Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=19458%2C161594%2C182000&b=PJ4HBfEbaJw4C9HjHbtMtPPxuZT9TkGCp%2CpVEU1f8gfmgx6akH4HmtztQQKhgTRT12UE%2CY2jcrfG3f5BXkfVH9HetQtReGtAT1TK1Tr&f=bwqTQfYZsxgPFYHbHzt8Cww8UxTJTJPSJ%2CJAYFzfk5t69XPTBH6H7tqCppVfXTgTrVSX%2CqGXsmf1WUJ5zAhZHgHDtRCXwgFPTgTq4s3&c=300&d=250&e=NhbHSjMuvY9e0Im09RbVsen17FyuU8yf&g=3616e875ad3bedb0bc34d78c52c48bce%2F267829142890532070&i=20774%2C20773%2C20703&j=14%2C14%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach43_TopRotaMonth&r=1647968654739&h=%252F%252Fas.ad4m.at%252Fdct%253Fed%253D1j6ka1bqbna4c05gnz9339w1ahgpt0dhp2c0dyhe8258qkqmz63s8jgjp6mpnhjrmc3qgmrh99se1rjd3v24kebhwk7qd52gwjtpmh8ap1016bn2zkn7qw9yee19d4mbxkt19rmyw81c77pezgm89f4v1yy7ax99wvkrfvfw41n5whpt67ew7vgnsr7mkrenyka4jyenhxc9v9j5x0ggtwmbqp7x2qc4xeba07kbz94ht0d1gmhr46f0f1q68e20mxtewpath9vyv7ehcs20%2526h%253Dhttps%25253A%25252F%25252Fadclick.g.doubleclick.net%25252Faclk%25253Fsa%25253DL%252526ai%25253DCjk71jQE6YvjROZHmxgO_p7HgA5DhgYRctqjCivACwI23ARABIABglar2gZQHggEXY2EtcHViLTc1MDA1OTMyMzY3MDczMjWgAcKu6N0DyAEJqQL31ZcPv3yyPqgDAaoElAJP0GI2VP4rfUMU7ywXi59Xq3tydjde3LVVdCWAHjntB9iprKCmFIbBqjf4tdTEr9ENTwv5vOM9uCNwgIRclJs_2O0I-HdycHUvsfwkKBWABUnJGbLoBRCmuu7t-UVoesvOsAfeYHhM46x9liKtbVHA1XHIm4j4HQr1omECjhpZfubBia7W-xdgoEtJDyh1yMaQXjIFyqXJ_Tnb6pxp8E2s73lxkcn0NHv0theoW_6mKnX9HnA87C84os75_yIF92rI2dUl3-hwXY4fi5U2FzE10FOlu5Iv-kRDfU_4Yq7jNBgfUV34kf1d8_AXC5PRTdarf8SxXBF-_FkgYmtoPzAOLI7FTw5Gia1ml1NpC6HVXoZbocOABry2mfOd_o_LMaAGIagHipixAqgHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%252526num%25253D1%252526sig%25253DAOD64_2C8EvCB_qxAFxA4MtUPO62dnFFuQ%252526client%25253Dca-pub-7500593236707325%252526adurl%25253D&y=1&z=0
Protocol
HTTP/1.1
Server
78.46.85.162 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
nonstopads1.sunbonet.de
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
1cd58a827318c4a29b32a0db15c8c39d5651b42d8cad227519ad81bce4adb944

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date
Tue, 22 Mar 2022 17:04:15 GMT
X-NODEIP
78.46.85.162
Server
nginx/1.10.3 (Ubuntu)
RM-PrivacyPolicy
https://www.nonstoppartner.net/
P3P
policyref="https://a.nonstoppartner.net/w3c/p3p.a.xml", CP="NOI CUR OUR STP"
Connection
keep-alive
Content-Type
image/gif
Keep-Alive
timeout=10
Content-Length
49

Redirect headers

location
https://partner.o2online.de/a/?i=pview&client=o2&camp=pview&l=de&nw=lea1&affiliate=117679&s_id=2022032218041566049676117X117679V1226132702MSoneidPJ4HBfEbaJw4C9HjHbtMtPPxuZT9TkGCponeid__asuidNhbHSjMuvY9e0Im09RbVsen17FyuU8yfasuid__suite_Netmix_Reach43_TopRotaMonth&spid=2022032218041566049676117X117679V1226132702MSoneidPJ4HBfEbaJw4C9HjHbtMtPPxuZT9TkGCponeid__asuidNhbHSjMuvY9e0Im09RbVsen17FyuU8yfasuid__suite_Netmix_Reach43_TopRotaMonth&wfid=117679
date
Tue, 22 Mar 2022 17:04:15 GMT
x-content-type-options
nosniff
server
nginx
x-xss-protection
1; mode=block
content-type
text/html; charset=UTF-8
DF9A32151D42BCC835EC0C9BE62CF0094313EE46FD4E5D3DC0F1217B7F8F1AD49F0F4DDF5D50AE1511A12D11F97A6BCA3DF8CE9D056CE7A3DC11AF6ED1255D71
assets.ad4m.at/logo/ Frame 1BA4 		9 KB
10 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.ad4m.at/logo/DF9A32151D42BCC835EC0C9BE62CF0094313EE46FD4E5D3DC0F1217B7F8F1AD49F0F4DDF5D50AE1511A12D11F97A6BCA3DF8CE9D056CE7A3DC11AF6ED1255D71
Requested by
Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=19458%2C161594%2C182000&b=PJ4HBfEbaJw4C9HjHbtMtPPxuZT9TkGCp%2CpVEU1f8gfmgx6akH4HmtztQQKhgTRT12UE%2CY2jcrfG3f5BXkfVH9HetQtReGtAT1TK1Tr&f=bwqTQfYZsxgPFYHbHzt8Cww8UxTJTJPSJ%2CJAYFzfk5t69XPTBH6H7tqCppVfXTgTrVSX%2CqGXsmf1WUJ5zAhZHgHDtRCXwgFPTgTq4s3&c=300&d=250&e=NhbHSjMuvY9e0Im09RbVsen17FyuU8yf&g=3616e875ad3bedb0bc34d78c52c48bce%2F267829142890532070&i=20774%2C20773%2C20703&j=14%2C14%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach43_TopRotaMonth&r=1647968654739&h=%252F%252Fas.ad4m.at%252Fdct%253Fed%253D1j6ka1bqbna4c05gnz9339w1ahgpt0dhp2c0dyhe8258qkqmz63s8jgjp6mpnhjrmc3qgmrh99se1rjd3v24kebhwk7qd52gwjtpmh8ap1016bn2zkn7qw9yee19d4mbxkt19rmyw81c77pezgm89f4v1yy7ax99wvkrfvfw41n5whpt67ew7vgnsr7mkrenyka4jyenhxc9v9j5x0ggtwmbqp7x2qc4xeba07kbz94ht0d1gmhr46f0f1q68e20mxtewpath9vyv7ehcs20%2526h%253Dhttps%25253A%25252F%25252Fadclick.g.doubleclick.net%25252Faclk%25253Fsa%25253DL%252526ai%25253DCjk71jQE6YvjROZHmxgO_p7HgA5DhgYRctqjCivACwI23ARABIABglar2gZQHggEXY2EtcHViLTc1MDA1OTMyMzY3MDczMjWgAcKu6N0DyAEJqQL31ZcPv3yyPqgDAaoElAJP0GI2VP4rfUMU7ywXi59Xq3tydjde3LVVdCWAHjntB9iprKCmFIbBqjf4tdTEr9ENTwv5vOM9uCNwgIRclJs_2O0I-HdycHUvsfwkKBWABUnJGbLoBRCmuu7t-UVoesvOsAfeYHhM46x9liKtbVHA1XHIm4j4HQr1omECjhpZfubBia7W-xdgoEtJDyh1yMaQXjIFyqXJ_Tnb6pxp8E2s73lxkcn0NHv0theoW_6mKnX9HnA87C84os75_yIF92rI2dUl3-hwXY4fi5U2FzE10FOlu5Iv-kRDfU_4Yq7jNBgfUV34kf1d8_AXC5PRTdarf8SxXBF-_FkgYmtoPzAOLI7FTw5Gia1ml1NpC6HVXoZbocOABry2mfOd_o_LMaAGIagHipixAqgHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%252526num%25253D1%252526sig%25253DAOD64_2C8EvCB_qxAFxA4MtUPO62dnFFuQ%252526client%25253Dca-pub-7500593236707325%252526adurl%25253D&y=1&z=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:ad1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5eeedf9055f9efab9127642b4c44135be9f404caa7ce08e51a5ea734dfd28828

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-goog-hash
crc32c=euqM8A==, md5=F0uw3DVkfiBLCaoSCWVgSg==
date
Tue, 22 Mar 2022 17:04:14 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
62017
cf-polished
origFmt=png, origSize=24833
x-guploader-uploadid
ADPycduEPPHedAIe0AgPHQxXyd0148iEPNC-lfGGuGL_voQQgi27-1p15Ya5iLoyVQNfQE9IgtVpYPe-jFoFFtTYMKo
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
9258
last-modified
Tue, 09 Feb 2021 15:11:57 GMT
server
cloudflare
etag
"174bb0dc35647e204b09aa120965604a"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=M9pBrQZvseK4Jgwt15zolS9lNixgDXQOMoDgvUOWVuCjuF%2FNFmh01rwrMqd6%2FH6OANBczu9Dx%2BvE4d%2B3wD1MaPsOj7Lsh2D1qxDa5SBH5UAzm5JFb68J9r5uSphb1GomdGob6cVMFxZZQZ4K"}],"group":"cf-nel","max_age":604800}
x-goog-generation
1612883517528266
content-type
image/webp
expires
Wed, 23 Mar 2022 17:04:14 GMT
cache-control
public, max-age=86400
x-goog-stored-content-length
24833
accept-ranges
bytes
cf-ray
6f00815d48569137-FRA
cf-bgj
imgq:85,h2pri
109EE3CB1BE1B04C85A5224FE47F7D1E6FD7C4CC910F5788D57230F6604B337EE8DFD5BDB0744F893DBC4BBF672B71FDD0A7B81C19E57D2AE8FA59F3BBFD7681
assets.ad4m.at/product_image/ Frame 1BA4 		20 KB
21 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.ad4m.at/product_image/109EE3CB1BE1B04C85A5224FE47F7D1E6FD7C4CC910F5788D57230F6604B337EE8DFD5BDB0744F893DBC4BBF672B71FDD0A7B81C19E57D2AE8FA59F3BBFD7681
Requested by
Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=19458%2C161594%2C182000&b=PJ4HBfEbaJw4C9HjHbtMtPPxuZT9TkGCp%2CpVEU1f8gfmgx6akH4HmtztQQKhgTRT12UE%2CY2jcrfG3f5BXkfVH9HetQtReGtAT1TK1Tr&f=bwqTQfYZsxgPFYHbHzt8Cww8UxTJTJPSJ%2CJAYFzfk5t69XPTBH6H7tqCppVfXTgTrVSX%2CqGXsmf1WUJ5zAhZHgHDtRCXwgFPTgTq4s3&c=300&d=250&e=NhbHSjMuvY9e0Im09RbVsen17FyuU8yf&g=3616e875ad3bedb0bc34d78c52c48bce%2F267829142890532070&i=20774%2C20773%2C20703&j=14%2C14%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach43_TopRotaMonth&r=1647968654739&h=%252F%252Fas.ad4m.at%252Fdct%253Fed%253D1j6ka1bqbna4c05gnz9339w1ahgpt0dhp2c0dyhe8258qkqmz63s8jgjp6mpnhjrmc3qgmrh99se1rjd3v24kebhwk7qd52gwjtpmh8ap1016bn2zkn7qw9yee19d4mbxkt19rmyw81c77pezgm89f4v1yy7ax99wvkrfvfw41n5whpt67ew7vgnsr7mkrenyka4jyenhxc9v9j5x0ggtwmbqp7x2qc4xeba07kbz94ht0d1gmhr46f0f1q68e20mxtewpath9vyv7ehcs20%2526h%253Dhttps%25253A%25252F%25252Fadclick.g.doubleclick.net%25252Faclk%25253Fsa%25253DL%252526ai%25253DCjk71jQE6YvjROZHmxgO_p7HgA5DhgYRctqjCivACwI23ARABIABglar2gZQHggEXY2EtcHViLTc1MDA1OTMyMzY3MDczMjWgAcKu6N0DyAEJqQL31ZcPv3yyPqgDAaoElAJP0GI2VP4rfUMU7ywXi59Xq3tydjde3LVVdCWAHjntB9iprKCmFIbBqjf4tdTEr9ENTwv5vOM9uCNwgIRclJs_2O0I-HdycHUvsfwkKBWABUnJGbLoBRCmuu7t-UVoesvOsAfeYHhM46x9liKtbVHA1XHIm4j4HQr1omECjhpZfubBia7W-xdgoEtJDyh1yMaQXjIFyqXJ_Tnb6pxp8E2s73lxkcn0NHv0theoW_6mKnX9HnA87C84os75_yIF92rI2dUl3-hwXY4fi5U2FzE10FOlu5Iv-kRDfU_4Yq7jNBgfUV34kf1d8_AXC5PRTdarf8SxXBF-_FkgYmtoPzAOLI7FTw5Gia1ml1NpC6HVXoZbocOABry2mfOd_o_LMaAGIagHipixAqgHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%252526num%25253D1%252526sig%25253DAOD64_2C8EvCB_qxAFxA4MtUPO62dnFFuQ%252526client%25253Dca-pub-7500593236707325%252526adurl%25253D&y=1&z=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:ad1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
eb4369fd4035cfcdb0909dfe5bd140d66231b1f4c6fab17c2b802a4edbf54449

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-goog-hash
crc32c=HwscaQ==, md5=QEKMkuOfQyYKQIg2TmID3Q==
date
Tue, 22 Mar 2022 17:04:14 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
65445
cf-polished
qual=85, origFmt=jpeg, origSize=109711
x-guploader-uploadid
ADPycds5BN9rvwH78JHZOFL6EeqA3OYWSIsTTRuD9lb-5sk1imA0P0yl9j84pIFi9gc5NzswKizaHJOVigyHiRUWehc
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
20822
last-modified
Thu, 21 Oct 2021 08:32:12 GMT
server
cloudflare
etag
"40428c92e39f43260a4088364e6203dd"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aTZKPSyamovuWw9kl1TRUMgFR4zz2asUYbjsh%2FxXxjPLp7%2BLz5Gu%2BuKSunNDirtanL5RXASSjF7fkyaoTI1xfMIVI1G4acgJKUoBpI3%2BuUkNdW49QZK%2Bk8jAcGehXlJ5e2%2BgaITOi7350KQD"}],"group":"cf-nel","max_age":604800}
x-goog-generation
1634805132458381
content-type
image/webp
expires
Wed, 23 Mar 2022 17:04:14 GMT
cache-control
public, max-age=86400
x-goog-stored-content-length
109711
accept-ranges
bytes
cf-ray
6f00815d48589137-FRA
cf-bgj
imgq:85,h2pri
/
partner.blau.de/a/ Frame 1BA4
Redirect Chain
  • https://www.telefonica-partner.de/tpv.php?t=117663V1225131106M&subid=oneidpVEU1f8gfmgx6akH4HmtztQQKhgTRT12UEoneid__asuidNhbHSjMuvY9e0Im09RbVsen17FyuU8yfasuid__suite_Netmix_Reach43_TopRotaMonth&gdpr...
  • https://www.lead-alliance.net/tpv.php?t=117663V1225131106M&subid=oneidpVEU1f8gfmgx6akH4HmtztQQKhgTRT12UEoneid__asuidNhbHSjMuvY9e0Im09RbVsen17FyuU8yfasuid__suite_Netmix_Reach43_TopRotaMonth&gdpr_con...
  • https://partner.blau.de/a/?i=pview&client=blau&camp=pview&l=de&nw=lea1&affiliate=117663&s_id=2022032218041566049676111X117663V1225131106MSoneidpVEU1f8gfmgx6akH4HmtztQQKhgTRT12UEoneid__asuidNhbHSjMu...
49 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://partner.blau.de/a/?i=pview&client=blau&camp=pview&l=de&nw=lea1&affiliate=117663&s_id=2022032218041566049676111X117663V1225131106MSoneidpVEU1f8gfmgx6akH4HmtztQQKhgTRT12UEoneid__asuidNhbHSjMuvY9e0Im09RbVsen17FyuU8yfasuid__suite_Netmix_Reach43_TopRotaMonth
Requested by
Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=19458%2C161594%2C182000&b=PJ4HBfEbaJw4C9HjHbtMtPPxuZT9TkGCp%2CpVEU1f8gfmgx6akH4HmtztQQKhgTRT12UE%2CY2jcrfG3f5BXkfVH9HetQtReGtAT1TK1Tr&f=bwqTQfYZsxgPFYHbHzt8Cww8UxTJTJPSJ%2CJAYFzfk5t69XPTBH6H7tqCppVfXTgTrVSX%2CqGXsmf1WUJ5zAhZHgHDtRCXwgFPTgTq4s3&c=300&d=250&e=NhbHSjMuvY9e0Im09RbVsen17FyuU8yf&g=3616e875ad3bedb0bc34d78c52c48bce%2F267829142890532070&i=20774%2C20773%2C20703&j=14%2C14%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach43_TopRotaMonth&r=1647968654739&h=%252F%252Fas.ad4m.at%252Fdct%253Fed%253D1j6ka1bqbna4c05gnz9339w1ahgpt0dhp2c0dyhe8258qkqmz63s8jgjp6mpnhjrmc3qgmrh99se1rjd3v24kebhwk7qd52gwjtpmh8ap1016bn2zkn7qw9yee19d4mbxkt19rmyw81c77pezgm89f4v1yy7ax99wvkrfvfw41n5whpt67ew7vgnsr7mkrenyka4jyenhxc9v9j5x0ggtwmbqp7x2qc4xeba07kbz94ht0d1gmhr46f0f1q68e20mxtewpath9vyv7ehcs20%2526h%253Dhttps%25253A%25252F%25252Fadclick.g.doubleclick.net%25252Faclk%25253Fsa%25253DL%252526ai%25253DCjk71jQE6YvjROZHmxgO_p7HgA5DhgYRctqjCivACwI23ARABIABglar2gZQHggEXY2EtcHViLTc1MDA1OTMyMzY3MDczMjWgAcKu6N0DyAEJqQL31ZcPv3yyPqgDAaoElAJP0GI2VP4rfUMU7ywXi59Xq3tydjde3LVVdCWAHjntB9iprKCmFIbBqjf4tdTEr9ENTwv5vOM9uCNwgIRclJs_2O0I-HdycHUvsfwkKBWABUnJGbLoBRCmuu7t-UVoesvOsAfeYHhM46x9liKtbVHA1XHIm4j4HQr1omECjhpZfubBia7W-xdgoEtJDyh1yMaQXjIFyqXJ_Tnb6pxp8E2s73lxkcn0NHv0theoW_6mKnX9HnA87C84os75_yIF92rI2dUl3-hwXY4fi5U2FzE10FOlu5Iv-kRDfU_4Yq7jNBgfUV34kf1d8_AXC5PRTdarf8SxXBF-_FkgYmtoPzAOLI7FTw5Gia1ml1NpC6HVXoZbocOABry2mfOd_o_LMaAGIagHipixAqgHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%252526num%25253D1%252526sig%25253DAOD64_2C8EvCB_qxAFxA4MtUPO62dnFFuQ%252526client%25253Dca-pub-7500593236707325%252526adurl%25253D&y=1&z=0
Protocol
HTTP/1.1
Server
46.4.41.145 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
nonstopads2.sunbonet.de
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
1cd58a827318c4a29b32a0db15c8c39d5651b42d8cad227519ad81bce4adb944

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date
Tue, 22 Mar 2022 17:04:15 GMT
X-NODEIP
46.4.41.145
Server
nginx/1.10.3 (Ubuntu)
RM-PrivacyPolicy
https://www.nonstoppartner.net/
P3P
policyref="https://a.nonstoppartner.net/w3c/p3p.a.xml", CP="NOI CUR OUR STP"
Connection
keep-alive
Content-Type
image/gif
Keep-Alive
timeout=10
Content-Length
49

Redirect headers

location
https://partner.blau.de/a/?i=pview&client=blau&camp=pview&l=de&nw=lea1&affiliate=117663&s_id=2022032218041566049676111X117663V1225131106MSoneidpVEU1f8gfmgx6akH4HmtztQQKhgTRT12UEoneid__asuidNhbHSjMuvY9e0Im09RbVsen17FyuU8yfasuid__suite_Netmix_Reach43_TopRotaMonth
date
Tue, 22 Mar 2022 17:04:15 GMT
x-content-type-options
nosniff
server
nginx
x-xss-protection
1; mode=block
content-type
text/html; charset=UTF-8
C46E36494CD11571AD6096436563A935A4EF86E9E013CC4B9F0AD882C02907C50D011AD030C69BCB573604CFA07F783CB4ADC16C72A9B72EB614A2172586C052
assets.ad4m.at/logo/ Frame 1BA4 		39 KB
39 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.ad4m.at/logo/C46E36494CD11571AD6096436563A935A4EF86E9E013CC4B9F0AD882C02907C50D011AD030C69BCB573604CFA07F783CB4ADC16C72A9B72EB614A2172586C052
Requested by
Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=19458%2C161594%2C182000&b=PJ4HBfEbaJw4C9HjHbtMtPPxuZT9TkGCp%2CpVEU1f8gfmgx6akH4HmtztQQKhgTRT12UE%2CY2jcrfG3f5BXkfVH9HetQtReGtAT1TK1Tr&f=bwqTQfYZsxgPFYHbHzt8Cww8UxTJTJPSJ%2CJAYFzfk5t69XPTBH6H7tqCppVfXTgTrVSX%2CqGXsmf1WUJ5zAhZHgHDtRCXwgFPTgTq4s3&c=300&d=250&e=NhbHSjMuvY9e0Im09RbVsen17FyuU8yf&g=3616e875ad3bedb0bc34d78c52c48bce%2F267829142890532070&i=20774%2C20773%2C20703&j=14%2C14%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach43_TopRotaMonth&r=1647968654739&h=%252F%252Fas.ad4m.at%252Fdct%253Fed%253D1j6ka1bqbna4c05gnz9339w1ahgpt0dhp2c0dyhe8258qkqmz63s8jgjp6mpnhjrmc3qgmrh99se1rjd3v24kebhwk7qd52gwjtpmh8ap1016bn2zkn7qw9yee19d4mbxkt19rmyw81c77pezgm89f4v1yy7ax99wvkrfvfw41n5whpt67ew7vgnsr7mkrenyka4jyenhxc9v9j5x0ggtwmbqp7x2qc4xeba07kbz94ht0d1gmhr46f0f1q68e20mxtewpath9vyv7ehcs20%2526h%253Dhttps%25253A%25252F%25252Fadclick.g.doubleclick.net%25252Faclk%25253Fsa%25253DL%252526ai%25253DCjk71jQE6YvjROZHmxgO_p7HgA5DhgYRctqjCivACwI23ARABIABglar2gZQHggEXY2EtcHViLTc1MDA1OTMyMzY3MDczMjWgAcKu6N0DyAEJqQL31ZcPv3yyPqgDAaoElAJP0GI2VP4rfUMU7ywXi59Xq3tydjde3LVVdCWAHjntB9iprKCmFIbBqjf4tdTEr9ENTwv5vOM9uCNwgIRclJs_2O0I-HdycHUvsfwkKBWABUnJGbLoBRCmuu7t-UVoesvOsAfeYHhM46x9liKtbVHA1XHIm4j4HQr1omECjhpZfubBia7W-xdgoEtJDyh1yMaQXjIFyqXJ_Tnb6pxp8E2s73lxkcn0NHv0theoW_6mKnX9HnA87C84os75_yIF92rI2dUl3-hwXY4fi5U2FzE10FOlu5Iv-kRDfU_4Yq7jNBgfUV34kf1d8_AXC5PRTdarf8SxXBF-_FkgYmtoPzAOLI7FTw5Gia1ml1NpC6HVXoZbocOABry2mfOd_o_LMaAGIagHipixAqgHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%252526num%25253D1%252526sig%25253DAOD64_2C8EvCB_qxAFxA4MtUPO62dnFFuQ%252526client%25253Dca-pub-7500593236707325%252526adurl%25253D&y=1&z=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:ad1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dded8f8315bfa1c937330c6d23a5883248d37e189635b093e93e096e594ad5d9

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-goog-hash
crc32c=E3pl4w==, md5=aKDSgUdJtYIMnFy3kSz8CQ==
date
Tue, 22 Mar 2022 17:04:14 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
64594
cf-polished
origFmt=png, origSize=59160
x-guploader-uploadid
ADPycdv1slhhCv_umfzL_EFDeJJN-29GGDuz7fk3xnNTkkFkrcC1C302K4SzSJaBsBJDDEIri19R5F-K6JKjWqqGCGBDJo2_aA
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
39746
last-modified
Wed, 12 Feb 2020 10:33:43 GMT
server
cloudflare
etag
"68a0d2814749b5820c9c5cb7912cfc09"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NnLyn4LdczQXfM8zB6qy3wBf8BMfz3mXSyj0oJf74kUL1mEFGDsGZRImo6VMMSR3srT5X8skiXwkITJXKVX5VPWu2b6BqaT7fztPoZ7EN3xGn5BVwlqK0FD81x7RZdxN2dqtFNnyc2PMzJX5"}],"group":"cf-nel","max_age":604800}
x-goog-generation
1581503623525394
content-type
image/webp
expires
Wed, 23 Mar 2022 17:04:14 GMT
cache-control
public, max-age=86400
x-goog-stored-content-length
59160
accept-ranges
bytes
cf-ray
6f00815d485b9137-FRA
cf-bgj
imgq:85,h2pri
3A1416EE928727CAA262D55B41C53B838E063DB8190E91AD28C25ED5A196521B7E995F4FF8A87D4E3E3AE2959912A928F43AB1C2988064014D978C88D75E9BD5
assets.ad4m.at/product_image/ Frame 1BA4 		381 KB
382 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.ad4m.at/product_image/3A1416EE928727CAA262D55B41C53B838E063DB8190E91AD28C25ED5A196521B7E995F4FF8A87D4E3E3AE2959912A928F43AB1C2988064014D978C88D75E9BD5
Requested by
Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=19458%2C161594%2C182000&b=PJ4HBfEbaJw4C9HjHbtMtPPxuZT9TkGCp%2CpVEU1f8gfmgx6akH4HmtztQQKhgTRT12UE%2CY2jcrfG3f5BXkfVH9HetQtReGtAT1TK1Tr&f=bwqTQfYZsxgPFYHbHzt8Cww8UxTJTJPSJ%2CJAYFzfk5t69XPTBH6H7tqCppVfXTgTrVSX%2CqGXsmf1WUJ5zAhZHgHDtRCXwgFPTgTq4s3&c=300&d=250&e=NhbHSjMuvY9e0Im09RbVsen17FyuU8yf&g=3616e875ad3bedb0bc34d78c52c48bce%2F267829142890532070&i=20774%2C20773%2C20703&j=14%2C14%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach43_TopRotaMonth&r=1647968654739&h=%252F%252Fas.ad4m.at%252Fdct%253Fed%253D1j6ka1bqbna4c05gnz9339w1ahgpt0dhp2c0dyhe8258qkqmz63s8jgjp6mpnhjrmc3qgmrh99se1rjd3v24kebhwk7qd52gwjtpmh8ap1016bn2zkn7qw9yee19d4mbxkt19rmyw81c77pezgm89f4v1yy7ax99wvkrfvfw41n5whpt67ew7vgnsr7mkrenyka4jyenhxc9v9j5x0ggtwmbqp7x2qc4xeba07kbz94ht0d1gmhr46f0f1q68e20mxtewpath9vyv7ehcs20%2526h%253Dhttps%25253A%25252F%25252Fadclick.g.doubleclick.net%25252Faclk%25253Fsa%25253DL%252526ai%25253DCjk71jQE6YvjROZHmxgO_p7HgA5DhgYRctqjCivACwI23ARABIABglar2gZQHggEXY2EtcHViLTc1MDA1OTMyMzY3MDczMjWgAcKu6N0DyAEJqQL31ZcPv3yyPqgDAaoElAJP0GI2VP4rfUMU7ywXi59Xq3tydjde3LVVdCWAHjntB9iprKCmFIbBqjf4tdTEr9ENTwv5vOM9uCNwgIRclJs_2O0I-HdycHUvsfwkKBWABUnJGbLoBRCmuu7t-UVoesvOsAfeYHhM46x9liKtbVHA1XHIm4j4HQr1omECjhpZfubBia7W-xdgoEtJDyh1yMaQXjIFyqXJ_Tnb6pxp8E2s73lxkcn0NHv0theoW_6mKnX9HnA87C84os75_yIF92rI2dUl3-hwXY4fi5U2FzE10FOlu5Iv-kRDfU_4Yq7jNBgfUV34kf1d8_AXC5PRTdarf8SxXBF-_FkgYmtoPzAOLI7FTw5Gia1ml1NpC6HVXoZbocOABry2mfOd_o_LMaAGIagHipixAqgHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%252526num%25253D1%252526sig%25253DAOD64_2C8EvCB_qxAFxA4MtUPO62dnFFuQ%252526client%25253Dca-pub-7500593236707325%252526adurl%25253D&y=1&z=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:ad1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9003fef55e3576f4a0a0238398fe166e7ee41975e55dd3ba079066eea0fb291d

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-goog-hash
crc32c=7K8YCA==, md5=h7XbqynNpVDqQyWo3WfcwA==
date
Tue, 22 Mar 2022 17:04:14 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
63191
cf-polished
origFmt=png, origSize=609525
x-guploader-uploadid
ADPycdsdbMrMVV-1SoXMEk6tSjK2nbI8g8MFxdKi7BSdakbe57bxMD1fWji72ZkaLfWNi344FS33CJK7mBIxzMMgjvU
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
390038
last-modified
Wed, 23 Feb 2022 15:34:53 GMT
server
cloudflare
etag
"87b5dbab29cda550ea4325a8dd67dcc0"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hMZJAnwAPT1XrzfHyA179cT3E9VxUEG8F92FqhJFJX%2FuWP8TPRzvCKBlFmTWZSRG%2F3oSrbvGsWM6DZ3FM3lPCyWsavIR2ddcMQQQBUMz40AH4uLu33eLWOGEaHWWOFUB5tjMKpHmwREyxPjU"}],"group":"cf-nel","max_age":604800}
x-goog-generation
1645630493382906
content-type
image/webp
expires
Wed, 23 Mar 2022 17:04:14 GMT
cache-control
public, max-age=86400
x-goog-stored-content-length
609525
accept-ranges
bytes
cf-ray
6f00815d485a9137-FRA
cf-bgj
imgq:85,h2pri
cshow.php
www.awin1.com/ Frame 1BA4 		43 B
704 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.awin1.com/cshow.php?s=2480620&v=14363&q=359541&r=412871&pv=1&pref3=oneidY2jcrfG3f5BXkfVH9HetQtReGtAT1TK1Troneid__asuidNhbHSjMuvY9e0Im09RbVsen17FyuU8yfasuid__suite_Netmix_Reach43_TopRotaMonth&gdpr_consent=&gdpr=0&gdpr_pd={{IAB_CONSENT_PD}
Requested by
Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=19458%2C161594%2C182000&b=PJ4HBfEbaJw4C9HjHbtMtPPxuZT9TkGCp%2CpVEU1f8gfmgx6akH4HmtztQQKhgTRT12UE%2CY2jcrfG3f5BXkfVH9HetQtReGtAT1TK1Tr&f=bwqTQfYZsxgPFYHbHzt8Cww8UxTJTJPSJ%2CJAYFzfk5t69XPTBH6H7tqCppVfXTgTrVSX%2CqGXsmf1WUJ5zAhZHgHDtRCXwgFPTgTq4s3&c=300&d=250&e=NhbHSjMuvY9e0Im09RbVsen17FyuU8yf&g=3616e875ad3bedb0bc34d78c52c48bce%2F267829142890532070&i=20774%2C20773%2C20703&j=14%2C14%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach43_TopRotaMonth&r=1647968654739&h=%252F%252Fas.ad4m.at%252Fdct%253Fed%253D1j6ka1bqbna4c05gnz9339w1ahgpt0dhp2c0dyhe8258qkqmz63s8jgjp6mpnhjrmc3qgmrh99se1rjd3v24kebhwk7qd52gwjtpmh8ap1016bn2zkn7qw9yee19d4mbxkt19rmyw81c77pezgm89f4v1yy7ax99wvkrfvfw41n5whpt67ew7vgnsr7mkrenyka4jyenhxc9v9j5x0ggtwmbqp7x2qc4xeba07kbz94ht0d1gmhr46f0f1q68e20mxtewpath9vyv7ehcs20%2526h%253Dhttps%25253A%25252F%25252Fadclick.g.doubleclick.net%25252Faclk%25253Fsa%25253DL%252526ai%25253DCjk71jQE6YvjROZHmxgO_p7HgA5DhgYRctqjCivACwI23ARABIABglar2gZQHggEXY2EtcHViLTc1MDA1OTMyMzY3MDczMjWgAcKu6N0DyAEJqQL31ZcPv3yyPqgDAaoElAJP0GI2VP4rfUMU7ywXi59Xq3tydjde3LVVdCWAHjntB9iprKCmFIbBqjf4tdTEr9ENTwv5vOM9uCNwgIRclJs_2O0I-HdycHUvsfwkKBWABUnJGbLoBRCmuu7t-UVoesvOsAfeYHhM46x9liKtbVHA1XHIm4j4HQr1omECjhpZfubBia7W-xdgoEtJDyh1yMaQXjIFyqXJ_Tnb6pxp8E2s73lxkcn0NHv0theoW_6mKnX9HnA87C84os75_yIF92rI2dUl3-hwXY4fi5U2FzE10FOlu5Iv-kRDfU_4Yq7jNBgfUV34kf1d8_AXC5PRTdarf8SxXBF-_FkgYmtoPzAOLI7FTw5Gia1ml1NpC6HVXoZbocOABry2mfOd_o_LMaAGIagHipixAqgHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%252526num%25253D1%252526sig%25253DAOD64_2C8EvCB_qxAFxA4MtUPO62dnFFuQ%252526client%25253Dca-pub-7500593236707325%252526adurl%25253D&y=1&z=0
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.111.239.217 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-239-217.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
Security Headers
Name Value
Strict-Transport-Security max-age=86400

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 22 Mar 2022 17:04:14 GMT
Strict-Transport-Security
max-age=86400
P3P
policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Cache-Control
no-store, no-cache, max-age=0, must-revalidate
Awin-Akamai-Rule-Set
default
Node
Helix
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
0
activeview
pagead2.googlesyndication.com/pcs/ Frame 6EB0 		42 B
64 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvDM1rRivmX3kvYUciLGIOq6ae940G1ADWf_U1DPeAhnJduyW1FYkSzeQwhPFseIOEwoLuLDiWZLfrh9RQFUGdNK42e08IwWc6Ol5wZVtWXHYTYYZDc&sig=Cg0ArKJSzEsq0srPjUqjEAE&id=lidar2&mcvt=1024&p=8,315,98,1285&mtos=1024,1024,1024,1024,1024&tos=1024,0,0,0,0&v=20220321&bin=7&avms=nio&bs=1600,1200&mc=1&vu=1&app=0&itpl=19&adk=4166723991&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0%3D&vs=4&r=v&rst=1647968653119&rpt=689&isd=0&lsd=0&met=ie&wmsd=0
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 22 Mar 2022 17:04:14 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
activeview
pagead2.googlesyndication.com/pcs/ Frame 44BD 		42 B
64 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstDnm0vzp7cs8zs8YzR4Nf3Rpa1EsjdbX9aG_Leb9dRVnrZUXpWXZyUfWgokTJ6hcXsXmueDrT0CMX5mTt_H1-C_8bbRCAPuZ5ykEdQ_7Wx3DAznnte&sig=Cg0ArKJSzFWzLTeKuTCjEAE&id=lidar2&mcvt=1010&p=256,1082,506,1382&mtos=1010,1010,1010,1010,1010&tos=1010,0,0,0,0&v=20220321&bin=7&avms=nio&bs=1600,1200&mc=1&vu=1&app=0&itpl=19&adk=1414505084&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0%3D&vs=4&r=v&rst=1647968653195&rpt=697&isd=0&lsd=0&met=ie&wmsd=0
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 22 Mar 2022 17:04:14 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
sodar
pagead2.googlesyndication.com/pagead/ Frame 6EB0 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20220317&jk=2742303738312724&bg=!GhmlGV3NAAba2mK92to7ACkAdvg8WvoH0JdtVDxuBYetmJbxEQ1dU-30ZsG18ZzlEqPiNjBafr58UAIAAAE6UgAAAAJoAQeZAu7RmYlSDCnJZ7Rw1ID3gaMsdK0LN1gWy72grI61tGK_mUmSJg9b_T-2v_2uk8g6nzPjdtOkYerXNaeN5BpZliUWKVFOckOO0SOoYbfVAIfvo2PNr4TmF2ouCYQHR8QlOOS3qv56ajjOsamzEk04Gi4ImQ1Tj6IPk-9jueajBd92xHpZy8u8Snd8zvY43UEaMSBycLiV2FclZtV8ruNOHFxaRRTeBPLIblBzCY09KMqH89tdK2sSKq3FF8-3e9TLwxBJzPL0iwp4SzePorjs_27jrCg00UufCkthHcbzGPMX-YgAT3GOVCgvExQuYUCwhZniY3HfC6bxPT6AmnMS-ecx1IYSzYuSsUXBIJ-DIev2YA94CQXgcwJFUsjZh1xaOSrjjnX_0-1Zj9x1Njmp4oYkD6FXxOELy_g_lPivaQi8N6zJot9ZmXkDyMdnTxWHE_rsWx5BMJ04e5oJ6bIeGdPl9LCsfZmVp6reYuiQomJvXhR0xUcZy3tVRe-veN30WDEsjrWNZjYK8ef6ctgkmrSzlUfiPEwX1TOHlOcdw00jQH7XBPMlkeEksL6pJ2BT3cvfw0YG8ivMtxhYI3eluqAD_XQ2sYyQ8Zzq2sPPMPnOgcG3t7ntmv_5FngigHAFv8htcvEeqlJhEqv4yKOFN3yMQF6zpStUNFUbVD8Dj47wNUEgbgpmTpe-k1OwJzbWPlyf0D_XuJty6MnuTxNGD-zbbi1vcJR5nTuWp1pvW7kxuHxB932lcq6CYEOSVWu3F0mxThfOwlZlS8xL8j-JQZWrBDOlIhIDZkvTxtNiadGZRFR0GLAWpx5tJyDQYXdMMS3H2SSFl_yxttxAEzQ51i-E67EsWBXRtC3Buw4jV5lrfkA8Q_NLdGRHcj8xBz-5DixV8yfvm7ckL-WOip7uR8F_EdpF-SOspnXgMR7GNfP3ZaRDCPneiV7iTgBdxeBvPjBtAydHXdsVPe5XniAZTJj9ZPz42d_FRQst0DF68mY
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers
sodar
pagead2.googlesyndication.com/pagead/ Frame 44BD 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20220317&jk=2071900859394315&bg=!w8ClwITNAAba2mK92to7ACkAdvg8WhlTOOgvC8jOSsVonOgiCz_YrBnVAX0IKjcNqwwYzs7sqxZGjQIAAAFZUgAAAAJoAQeZAtzQStAsQ0uvtjXkolIVii8nrd_KU4mJ7Zg8c2Rt1lw8w24Xtt6oATb4gly9pfGWsnN6O54S6r3wm9D4fch_xIBbC8BO4ZZGiss2b050Bvova_75DiXSRNcjN5O8vH6zPainB9Gw3tE7mjisK60HnHvVGBAxJviCH5n1E1ouObA7tr78JjuTKi5h7jNHHyaRUy7WF5P_w7IPHSgG1Qc9Wjb3e1ODRHyXoe6ZwNlV52FDvei1-jLSW_Gvys17Q-TAjjDj2R0h7NmND8pus1jSTZVpOczVejei1t82WNutfLvV0dZTK1mXt93eCtNHQtAdCxUo93seCVJpTfWFUV1SFGPxGh4ctFZxNE-m_HNwExV-NDJnxZCgBSwsyEV8ozZ15x2XOpnCGtvXobBZCN3fnLVfXBY4ZFtXTuNSoKoHa6q6VTfRqPZzRS78W2vp30ZWH5n6tUig4xT5aWwcgalY20EvPUD3tCfyE3hZkOg0XHHAR8SILJhhJ2AcNimiSkN9ODrfjmoUfgePZRwJuyq0etHCIvYEJ-P-nA4CVC9nRWVnTfN9aWaVNbCPEKsJIpWGHXrrj1ZWFLttmSrEOQJnvcWi2ydeF5HohS_4uHedzhh1AI-hLOViDslx2v4zZEbrKWv2xcr3gAmmpDxLl70VlA7bsB1KhbZvZLPzKKADKymIlTSXn6VJMfSLzcyW9_QGodDHVzSKYZ-HYNKOtBdwDl6BHEJ6b_IZBkPV-VjCMrAt39b2HLvPtYHwX4IDuvmY06V1bdZnoM5qJTztk9tVNicgr6QgbawiaMtO869G7IXKvTN_qDX1vwJ62Ymjbw8FxnHueSmGSu00DxX8XdBi8IMr4IPNGXgmMqZmIIuFvib8DGR8CnFyskXPIc9TnebGjx-st8qAqw-sNc0lD_5dauLDnMdQx8TBDQY08ZqhGdLOt6XuQrFbIxVAMaVqxmyjIHQZtJ2logUwkJ8Ejm0
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers
/
track.adform.net/csimpr/ Frame 7808 		35 B
478 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://track.adform.net/csimpr/?bn=53432684&csi=X32-YmNqyqq1vTyDtDoUrv-Cl3p3rYjhMvhLgDu405DrygPkIxxfk1hbHbuj5QkVClH9yhj9l6t3ryBSFtYDYN6vWmW1dlSa0
Requested by
Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.3.28 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://hal900028.redintelligence.net/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Tue, 22 Mar 2022 17:04:15 GMT
server
nginx
access-control-max-age
86400
access-control-allow-methods
GET, POST
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
https://hal900028.redintelligence.net
cache-control
no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
access-control-allow-headers
Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
expires
-1
10934888.js
s1.adform.net/Banners/Elements/Files/169192/10934888/ Frame 3E0F 		7 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s1.adform.net/Banners/Elements/Files/169192/10934888/10934888.js?ADFassetID=10934888&bv=514
Requested by
Host: t.co
URL: https://t.co/i7rzaa85jI
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.2.249 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
231e1618b08aae5d9d5b3f092f085e33febe7384f7af9045be5b2249537a8998
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://hal900028.redintelligence.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 17:04:15 GMT
content-encoding
gzip
last-modified
Thu, 24 Feb 2022 10:45:33 GMT
server
nginx
etag
W/"621761cd-1acb"
x-cache-status
HIT
strict-transport-security
max-age=0
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
*
cache-control
public, max-age=604800
content-type
application/x-javascript
Adform.DHTML.js
s1.adform.net/banners/scripts/rmb/ Frame 3E0F 		30 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s1.adform.net/banners/scripts/rmb/Adform.DHTML.js?bv=626
Requested by
Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.219/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.2.249 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
bea63616949c80ff0dfdbb1e8547f1585882fc691483317b06441688e3e5f14a

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://hal900028.redintelligence.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 17:04:15 GMT
content-encoding
gzip
last-modified
Fri, 14 May 2021 12:35:29 GMT
server
nginx
etag
W/"609e6e91-76d9"
x-cache-status
HIT
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
*
cache-control
public, max-age=604800
content-type
application/x-javascript
logo1_linie.png
s1.adform.net/Banners/Elements/Files/169192/10934888/bvpath_514/images/ Frame 3E0F 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s1.adform.net/Banners/Elements/Files/169192/10934888/bvpath_514/images/logo1_linie.png
Requested by
Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.219/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.2.249 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
50604a203baaf1edd1b3d350c630499075965d87e6d6887728bab43b100b3713
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://hal900028.redintelligence.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 17:04:15 GMT
last-modified
Thu, 24 Feb 2022 10:45:32 GMT
server
nginx
etag
"621761cc-668"
x-cache-status
HIT
strict-transport-security
max-age=0
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
*
cache-control
public, max-age=604800
accept-ranges
bytes
content-type
image/png
content-length
1640
logo1.png
s1.adform.net/Banners/Elements/Files/169192/10934888/bvpath_514/images/ Frame 3E0F 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s1.adform.net/Banners/Elements/Files/169192/10934888/bvpath_514/images/logo1.png
Requested by
Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.219/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.2.249 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
1b4a069b868106f39da94ddf6d6d2c8304b0110a70b97e5c747d30d43038b3ca
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://hal900028.redintelligence.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 17:04:15 GMT
last-modified
Thu, 24 Feb 2022 10:45:35 GMT
server
nginx
etag
"621761cf-f40"
x-cache-status
HIT
strict-transport-security
max-age=0
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
*
cache-control
public, max-age=604800
accept-ranges
bytes
content-type
image/png
content-length
3904
bg.jpg
s1.adform.net/Banners/Elements/Files/169192/10934888/bvpath_514/images/ Frame 3E0F 		23 KB
24 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s1.adform.net/Banners/Elements/Files/169192/10934888/bvpath_514/images/bg.jpg
Requested by
Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.219/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.2.249 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
f45fd1efa6863170bf04a86322ec937b1f3f5fe9ee13e8f0610fe815eb620493
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://hal900028.redintelligence.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 17:04:15 GMT
last-modified
Thu, 24 Feb 2022 10:45:33 GMT
server
nginx
etag
"621761cd-5dd1"
x-cache-status
HIT
strict-transport-security
max-age=0
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
*
cache-control
public, max-age=604800
accept-ranges
bytes
content-type
image/jpeg
content-length
24017
seite.png
s1.adform.net/Banners/Elements/Files/169192/10934888/bvpath_514/images/ Frame 3E0F 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s1.adform.net/Banners/Elements/Files/169192/10934888/bvpath_514/images/seite.png
Requested by
Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.219/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.2.249 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
b4a961e9038c9208b716f476adaf003aa3e343a54a86e1ff28a6af4daec5dbbd
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://hal900028.redintelligence.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 17:04:15 GMT
last-modified
Thu, 24 Feb 2022 10:45:33 GMT
server
nginx
etag
"621761cd-663"
x-cache-status
HIT
strict-transport-security
max-age=0
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
*
cache-control
public, max-age=604800
accept-ranges
bytes
content-type
image/png
content-length
1635
motiv.png
s1.adform.net/Banners/Elements/Files/169192/10934888/bvpath_514/images/ Frame 3E0F 		39 KB
40 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s1.adform.net/Banners/Elements/Files/169192/10934888/bvpath_514/images/motiv.png
Requested by
Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.219/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.2.249 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
730b744969336011e2a5861625a0a99d5a584aa7bd0752cacf3b2ae9ceae904d
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://hal900028.redintelligence.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 17:04:15 GMT
last-modified
Thu, 24 Feb 2022 10:45:35 GMT
server
nginx
etag
"621761cf-9d43"
x-cache-status
HIT
strict-transport-security
max-age=0
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
*
cache-control
public, max-age=604800
accept-ranges
bytes
content-type
image/png
content-length
40259
txt1.png
s1.adform.net/Banners/Elements/Files/169192/10934888/bvpath_514/images/ Frame 3E0F 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s1.adform.net/Banners/Elements/Files/169192/10934888/bvpath_514/images/txt1.png
Requested by
Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.219/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.2.249 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
78fb80c489d30f33e123785f2850d346a207eb2794e2fdd7e2b003cf362d2c18
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://hal900028.redintelligence.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 17:04:15 GMT
last-modified
Thu, 24 Feb 2022 10:45:35 GMT
server
nginx
etag
"621761cf-10af"
x-cache-status
HIT
strict-transport-security
max-age=0
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
*
cache-control
public, max-age=604800
accept-ranges
bytes
content-type
image/png
content-length
4271
sto.png
s1.adform.net/Banners/Elements/Files/169192/10934888/bvpath_514/images/ Frame 3E0F 		11 KB
11 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s1.adform.net/Banners/Elements/Files/169192/10934888/bvpath_514/images/sto.png
Requested by
Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.219/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.2.249 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
9fe6d16f4ad0b4d0a03a097114529029f15236e1997b9d076bd023ed3e2109a0
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://hal900028.redintelligence.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 17:04:15 GMT
last-modified
Thu, 24 Feb 2022 10:45:33 GMT
server
nginx
etag
"621761cd-2c31"
x-cache-status
HIT
strict-transport-security
max-age=0
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
*
cache-control
public, max-age=604800
accept-ranges
bytes
content-type
image/png
content-length
11313
legal.png
s1.adform.net/Banners/Elements/Files/169192/10934888/bvpath_514/images/ Frame 3E0F 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s1.adform.net/Banners/Elements/Files/169192/10934888/bvpath_514/images/legal.png
Requested by
Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.219/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.2.249 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
f966536fe730c95248acf14d5d804c423899cff991176a5c7b7e2d6df810878d
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://hal900028.redintelligence.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 17:04:15 GMT
last-modified
Thu, 24 Feb 2022 10:45:33 GMT
server
nginx
etag
"621761cd-ecb"
x-cache-status
HIT
strict-transport-security
max-age=0
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
*
cache-control
public, max-age=604800
accept-ranges
bytes
content-type
image/png
content-length
3787
logo2.png
s1.adform.net/Banners/Elements/Files/169192/10934888/bvpath_514/images/ Frame 3E0F 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s1.adform.net/Banners/Elements/Files/169192/10934888/bvpath_514/images/logo2.png
Requested by
Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.219/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.2.249 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
daeda32073fc7e2215fc40f3e14a49f734714cc5fdaf60e1e05c55012911b442
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://hal900028.redintelligence.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 17:04:15 GMT
last-modified
Thu, 24 Feb 2022 10:45:32 GMT
server
nginx
etag
"621761cc-c0f"
x-cache-status
HIT
strict-transport-security
max-age=0
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
*
cache-control
public, max-age=604800
accept-ranges
bytes
content-type
image/png
content-length
3087
txt2.png
s1.adform.net/Banners/Elements/Files/169192/10934888/bvpath_514/images/ Frame 3E0F 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s1.adform.net/Banners/Elements/Files/169192/10934888/bvpath_514/images/txt2.png
Requested by
Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.219/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.2.249 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
3fedf49c8893615a7660b7c258f8dcb34e730c1b63e251d3c97b30bac9367fb7
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://hal900028.redintelligence.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 17:04:15 GMT
last-modified
Thu, 24 Feb 2022 10:45:33 GMT
server
nginx
etag
"621761cd-8b8"
x-cache-status
HIT
strict-transport-security
max-age=0
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
*
cache-control
public, max-age=604800
accept-ranges
bytes
content-type
image/png
content-length
2232
cta.png
s1.adform.net/Banners/Elements/Files/169192/10934888/bvpath_514/images/ Frame 3E0F 		5 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s1.adform.net/Banners/Elements/Files/169192/10934888/bvpath_514/images/cta.png
Requested by
Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.219/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.2.249 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
f29b415b03edf0f023a6aec953bd860f0b4cd6621cff589e8e26ead15ea4c11b
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://hal900028.redintelligence.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 17:04:15 GMT
last-modified
Thu, 24 Feb 2022 10:45:32 GMT
server
nginx
etag
"621761cc-15e2"
x-cache-status
HIT
strict-transport-security
max-age=0
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
*
cache-control
public, max-age=604800
accept-ranges
bytes
content-type
image/png
content-length
5602
activeview
pagead2.googlesyndication.com/pcs/ Frame 6830 		42 B
64 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsu1VGKwK0fYwinJakkYhqwAhTiW95o8mfhcPsTKei2puS4sfUvky-Ar97mhPMttee6x3NXRVYUtQqmZtWOK2Pba_w&sig=Cg0ArKJSzOwOfWmo4A9UEAE&cid=CAASF-RozmM0etTX8wrmyEE_WgN3rsAIHecL&id=lidar2&mcvt=1000&p=0,0,250,300&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20220321&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=2838937357&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0%3D&vs=4&r=v&rst=1647968653912&rpt=361&met=ie&wmsd=0
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 22 Mar 2022 17:04:15 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
json
gum.criteo.com/sid/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fthreatpost.com%2F&domain=threatpost.com&cw=1&lsw=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638::1c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Accept
*/*
Access-Control-Request-Method
GET
Access-Control-Request-Headers
content-type
Origin
https://threatpost.com
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
content-type
application/json; charset=utf-8
expires
0
access-control-allow-origin
https://threatpost.com
access-control-allow-headers
content-type
access-control-allow-credentials
true
access-control-allow-methods
GET
server-processing-duration-in-ticks
1374
date
Tue, 22 Mar 2022 17:04:14 GMT
strict-transport-security
max-age=31536000; preload;
content-encoding
gzip
vary
Accept-Encoding
sid
mug.criteo.com/ Frame 2218
Redirect Chain
  • https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fthreatpost.com%2F&domain=threatpost.com&cw=1&lsw=1
  • https://mug.criteo.com/sid?cpp=0bfZzXxOQ2Z3ZUZ2ZVZTa3ArekdrN3gyWEdhazcvWE5UK0xHMnNzazRyT0dNNE10WGo1eHRQaFJWYlg2aUlqZm92WGRnMGlBSmxsUnFkTnk5SXNib090WmsxNFB0YlUwQUN0VlZ1VmJRRTV0N2hiTmE4M2svWUxDVkd5S2...
347 B
617 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://mug.criteo.com/sid?cpp=0bfZzXxOQ2Z3ZUZ2ZVZTa3ArekdrN3gyWEdhazcvWE5UK0xHMnNzazRyT0dNNE10WGo1eHRQaFJWYlg2aUlqZm92WGRnMGlBSmxsUnFkTnk5SXNib090WmsxNFB0YlUwQUN0VlZ1VmJRRTV0N2hiTmE4M2svWUxDVkd5S2FwTkRHeDNDOVJNRllhSUVIUWpqdXF1RlRTY0gvMnpaa1lmalZvUXA5Uk5iRVBjbUtLQVYyYllIMzFUMExiRVRrazZBREtpTVNxZ01mVTlOVDhyNDNRWS82UElNTHluZXUyNWZWNEdXS2lkRTVUY0RNNHhJPXw&cppv=2
Protocol
H2
Server
178.250.0.157 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
/
Resource Hash
03d9ae825dfa61ceff2101d4833b51d5ac5945416608781bbf77611f52808593
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 22 Mar 2022 17:04:15 GMT
content-encoding
gzip
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/json; charset=utf-8
access-control-allow-origin
null
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
server-processing-duration-in-ticks
3561
strict-transport-security
max-age=31536000; preload;
expires
0

Redirect headers

pragma
no-cache
date
Tue, 22 Mar 2022 17:04:14 GMT
location
https://mug.criteo.com/sid?cpp=0bfZzXxOQ2Z3ZUZ2ZVZTa3ArekdrN3gyWEdhazcvWE5UK0xHMnNzazRyT0dNNE10WGo1eHRQaFJWYlg2aUlqZm92WGRnMGlBSmxsUnFkTnk5SXNib090WmsxNFB0YlUwQUN0VlZ1VmJRRTV0N2hiTmE4M2svWUxDVkd5S2FwTkRHeDNDOVJNRllhSUVIUWpqdXF1RlRTY0gvMnpaa1lmalZvUXA5Uk5iRVBjbUtLQVYyYllIMzFUMExiRVRrazZBREtpTVNxZ01mVTlOVDhyNDNRWS82UElNTHluZXUyNWZWNEdXS2lkRTVUY0RNNHhJPXw&cppv=2
strict-transport-security
max-age=31536000; preload;
access-control-allow-methods
GET
content-type
text/html; charset=utf-8
access-control-allow-origin
https://threatpost.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
server-processing-duration-in-ticks
1657
content-length
482
expires
0
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 88C1 		15 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156858&gdpr=0&gdpr_consent=
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.7.0-1.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.108.144.214 Berlin, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-108-144-214.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/

Response headers

last-modified
Tue, 01 Feb 2022 06:38:00 GMT
etag
"1300708-3de4-5d6ef246ef4cf"
server
Apache/2.2.15 (CentOS)
accept-ranges
bytes
content-encoding
gzip
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length
5549
content-type
text/html; charset=UTF-8
cache-control
max-age=101334
expires
Wed, 23 Mar 2022 21:13:09 GMT
date
Tue, 22 Mar 2022 17:04:15 GMT
vary
Accept-Encoding
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 7014 		15 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156858&gdpr=0&gdpr_consent=
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.7.0-1.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.108.144.214 Berlin, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-108-144-214.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/

Response headers

last-modified
Tue, 01 Feb 2022 06:38:00 GMT
etag
"1300708-3de4-5d6ef246ef4cf"
server
Apache/2.2.15 (CentOS)
accept-ranges
bytes
content-encoding
gzip
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length
5549
content-type
text/html; charset=UTF-8
cache-control
max-age=101334
expires
Wed, 23 Mar 2022 21:13:09 GMT
date
Tue, 22 Mar 2022 17:04:15 GMT
vary
Accept-Encoding
ixmatch.html
js-sec.indexww.com/um/ Frame 9492 		3 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://js-sec.indexww.com/um/ixmatch.html
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.7.0-1.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.108.145.8 Berlin, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-108-145-8.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
7c3b96f238042f73d0bedf5877fa02eb834e89649bbd122e2f10cc35238173cf

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/

Response headers

Server
Apache
Last-Modified
Fri, 18 Feb 2022 16:05:37 GMT
ETag
"e20015-b6b-5d84d0db0c30a"
Accept-Ranges
bytes
P3P
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type
text/html; charset=UTF-8
Vary
Accept-Encoding
Content-Encoding
gzip
Date
Tue, 22 Mar 2022 17:04:15 GMT
Content-Length
1388
Connection
keep-alive
async_usersync.html
acdn.adnxs.com/dmp/ Frame 7D2A 		52 KB
17 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://acdn.adnxs.com/dmp/async_usersync.html
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.7.0-1.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.108.144.200 Berlin, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-108-144-200.deploy.static.akamaitechnologies.com
Software
nginx/1.13.10 /
Resource Hash
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/

Response headers

Last-Modified
Wed, 02 Dec 2020 20:56:47 GMT
ETag
"5fc7ff8f-cf34"
Server
nginx/1.13.10
Content-Type
text/html
Access-Control-Allow-Origin
*
Content-Encoding
gzip
Content-Length
17053
Cache-Control
max-age=86402
Expires
Wed, 23 Mar 2022 17:04:17 GMT
Date
Tue, 22 Mar 2022 17:04:15 GMT
Connection
keep-alive
Vary
Accept-Encoding
async_usersync.html
acdn.adnxs.com/dmp/ Frame 9094 		52 KB
17 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://acdn.adnxs.com/dmp/async_usersync.html
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.7.0-1.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.108.144.200 Berlin, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-108-144-200.deploy.static.akamaitechnologies.com
Software
nginx/1.13.10 /
Resource Hash
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/

Response headers

Last-Modified
Wed, 02 Dec 2020 20:56:47 GMT
ETag
"5fc7ff8f-cf34"
Server
nginx/1.13.10
Content-Type
text/html
Access-Control-Allow-Origin
*
Content-Encoding
gzip
Content-Length
17053
Cache-Control
max-age=86402
Expires
Wed, 23 Mar 2022 17:04:17 GMT
Date
Tue, 22 Mar 2022 17:04:15 GMT
Connection
keep-alive
Vary
Accept-Encoding
pd
u.openx.net/w/1.0/ Frame EA1E 		668 B
733 B 		Document
General
Check archive.org
Download Go to
Full URL
https://u.openx.net/w/1.0/pd?gdpr=0&gdpr_consent=
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.7.0-1.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/17.2.1 /
Resource Hash
b0a82a5c72e1f243bd8bb09c65dc39341378c5baf5b3d8b7371ff58cdfaff319

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/

Response headers

vary
Accept, Accept-Encoding
server
OXGW/17.2.1
p3p
CP="CUR ADM OUR NOR STA NID"
date
Tue, 22 Mar 2022 17:04:15 GMT
content-type
text/html
content-length
422
content-encoding
gzip
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
ixmatch.html
js-sec.indexww.com/um/ Frame F1CB 		3 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://js-sec.indexww.com/um/ixmatch.html
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.7.0-1.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.108.145.8 Berlin, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-108-145-8.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
7c3b96f238042f73d0bedf5877fa02eb834e89649bbd122e2f10cc35238173cf

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/

Response headers

Server
Apache
Last-Modified
Fri, 18 Feb 2022 16:05:37 GMT
ETag
"e20015-b6b-5d84d0db0c30a"
Accept-Ranges
bytes
P3P
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type
text/html; charset=UTF-8
Vary
Accept-Encoding
Content-Encoding
gzip
Date
Tue, 22 Mar 2022 17:04:15 GMT
Content-Length
1388
Connection
keep-alive
pd
u.openx.net/w/1.0/ Frame 7B39 		668 B
722 B 		Document
General
Check archive.org
Download Go to
Full URL
https://u.openx.net/w/1.0/pd?gdpr=0&gdpr_consent=
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.7.0-1.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/17.2.1 /
Resource Hash
b0a82a5c72e1f243bd8bb09c65dc39341378c5baf5b3d8b7371ff58cdfaff319

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/

Response headers

vary
Accept, Accept-Encoding
server
OXGW/17.2.1
p3p
CP="CUR ADM OUR NOR STA NID"
date
Tue, 22 Mar 2022 17:04:15 GMT
content-type
text/html
content-length
422
content-encoding
gzip
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
sync
ups.analytics.yahoo.com/ups/55953/ Frame 2218
Redirect Chain
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=adaptv&ttd_tpi=1
  • https://match.adsrvr.org/track/cmb/generic?ttd_pid=adaptv&ttd_tpi=1
  • https://ups.analytics.yahoo.com/ups/55953/sync?uid=07efa453-0fe4-4bae-a09b-a199ca5ac1e1&_origin=1&gdpr=1&gdpr_consent=
0
15 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ups.analytics.yahoo.com/ups/55953/sync?uid=07efa453-0fe4-4bae-a09b-a199ca5ac1e1&_origin=1&gdpr=1&gdpr_consent=
Protocol
H2
Server
3.126.56.137 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-126-56-137.eu-central-1.compute.amazonaws.com
Software
ATS/9.1.0.33 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 17:04:15 GMT
server
ATS/9.1.0.33
age
0
strict-transport-security
max-age=31536000
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

Redirect headers

pragma
no-cache
date
Tue, 22 Mar 2022 17:04:15 GMT
x-aspnet-version
4.0.30319
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location
https://ups.analytics.yahoo.com/ups/55953/sync?uid=07efa453-0fe4-4bae-a09b-a199ca5ac1e1&_origin=1&gdpr=1&gdpr_consent=
cache-control
private,no-cache, must-revalidate
content-type
text/html
content-length
267
sync
ups.analytics.yahoo.com/ups/55986/ Frame 2218
Redirect Chain
  • https://sync-tm.everesttech.net/upi/pid/m7y5t93k?gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fpixel.advertising.com%2Fups%2F55986%2Fsync%3Fuid%3D%24%7BUSER_ID%7D%26_origin%3D0&gdpr=0&gdpr_consent=
  • https://pixel.advertising.com/ups/55986/sync?uid=YjoBiwAAAE9XUwP0&_origin=0&gdpr=0&gdpr_consent=
  • https://ups.analytics.yahoo.com/ups/55986/sync?uid=YjoBiwAAAE9XUwP0&_origin=0&gdpr=0&gdpr_consent=&apid=UP1aa28ddf-aa02-11ec-b5ae-065f72b997e2
  • https://ups.analytics.yahoo.com/ups/55986/sync?uid=YjoBiwAAAE9XUwP0&_origin=0&gdpr=0&gdpr_consent=&apid=UP1aa28ddf-aa02-11ec-b5ae-065f72b997e2&verify=true
0
122 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ups.analytics.yahoo.com/ups/55986/sync?uid=YjoBiwAAAE9XUwP0&_origin=0&gdpr=0&gdpr_consent=&apid=UP1aa28ddf-aa02-11ec-b5ae-065f72b997e2&verify=true
Protocol
H2
Server
3.126.56.137 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-126-56-137.eu-central-1.compute.amazonaws.com
Software
ATS/9.1.0.33 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 17:04:15 GMT
server
ATS/9.1.0.33
age
0
strict-transport-security
max-age=31536000
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

Redirect headers

location
https://ups.analytics.yahoo.com/ups/55986/sync?uid=YjoBiwAAAE9XUwP0&_origin=0&gdpr=0&gdpr_consent=&apid=UP1aa28ddf-aa02-11ec-b5ae-065f72b997e2&verify=true
date
Tue, 22 Mar 2022 17:04:15 GMT
server
ATS/9.1.0.33
age
0
content-length
0
strict-transport-security
max-age=31536000
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
sync
ups.analytics.yahoo.com/ups/57304/ Frame 2218
Redirect Chain
  • https://pixel.advertising.com/ups/57304/sync?gdpr=&gdpr_consent=&_origin=0&redir=true
  • https://pixel.advertising.com/ups/57304/sync?gdpr=&gdpr_consent=&_origin=0&redir=true&verify=true
  • https://ups.analytics.yahoo.com/ups/57304/sync?gdpr=&gdpr_consent=&_origin=0&redir=true&apid=UP1aa28ddf-aa02-11ec-b5ae-065f72b997e2
  • https://ups.analytics.yahoo.com/ups/57304/sync?gdpr=&gdpr_consent=&_origin=0&redir=true&apid=UP1aa28ddf-aa02-11ec-b5ae-065f72b997e2&verify=true
  • https://cm.g.doubleclick.net/pixel?google_nid=adaptv_dbm&google_cm&google_hm=VVAxYWEyOGRkZi1hYTAyLTExZWMtYjVhZS0wNjVmNzJiOTk3ZTI%3D
  • https://pixel.advertising.com/ups/57304/sync?uid=CAESEI52o2WGClrXqa_yj_1gDAU&google_cver=1
  • https://ups.analytics.yahoo.com/ups/57304/sync?uid=CAESEI52o2WGClrXqa_yj_1gDAU&google_cver=1&apid=UP1aa28ddf-aa02-11ec-b5ae-065f72b997e2
0
133 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ups.analytics.yahoo.com/ups/57304/sync?uid=CAESEI52o2WGClrXqa_yj_1gDAU&google_cver=1&apid=UP1aa28ddf-aa02-11ec-b5ae-065f72b997e2
Protocol
H2
Server
3.126.56.137 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-126-56-137.eu-central-1.compute.amazonaws.com
Software
ATS/9.1.0.33 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 17:04:15 GMT
server
ATS/9.1.0.33
age
0
strict-transport-security
max-age=31536000
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

Redirect headers

location
https://ups.analytics.yahoo.com/ups/57304/sync?uid=CAESEI52o2WGClrXqa_yj_1gDAU&google_cver=1&apid=UP1aa28ddf-aa02-11ec-b5ae-065f72b997e2
date
Tue, 22 Mar 2022 17:04:15 GMT
content-length
0
strict-transport-security
max-age=31536000
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
sd
eu-u.openx.net/w/1.0/ Frame EA1E
Redirect Chain
  • https://sync.mathtag.com/sync/img?mt_exid=5&redir=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D536872786%26val%3D%5BMM_UUID%5D
  • https://eu-u.openx.net/w/1.0/sd?id=536872786&val=47d7623a-018d-4801-97fb-bf20fad58601
43 B
61 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://eu-u.openx.net/w/1.0/sd?id=536872786&val=47d7623a-018d-4801-97fb-bf20fad58601
Requested by
Host: u.openx.net
URL: https://u.openx.net/w/1.0/pd?gdpr=0&gdpr_consent=
Protocol
H3
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/17.2.1 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 22 Mar 2022 17:04:16 GMT
via
1.1 google
server
OXGW/17.2.1
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

Date
Tue, 22 Mar 2022 17:04:15 GMT
Server
MT3 4267 dd20a5c master cdg-pixel-x24 config:1.0.0
Access-Control-Allow-Origin
*
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location
https://eu-u.openx.net/w/1.0/sd?id=536872786&val=47d7623a-018d-4801-97fb-bf20fad58601
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Keep-Alive
timeout=360
Content-Length
0
Expires
Tue, 22 Mar 2022 17:04:14 GMT
sd
us-u.openx.net/w/1.0/ Frame EA1E
Redirect Chain
  • https://pixel.quantserve.com/pixel/p-25CIknq_eSg16.gif?idmatch=0&gdpr=0
  • https://us-u.openx.net/w/1.0/sd?id=537072956&&val=KpahNCyVqjYxkfQ0K5O_M33F8WMxl_Q2Kpx3tzir
43 B
106 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://us-u.openx.net/w/1.0/sd?id=537072956&&val=KpahNCyVqjYxkfQ0K5O_M33F8WMxl_Q2Kpx3tzir
Requested by
Host: u.openx.net
URL: https://u.openx.net/w/1.0/pd?gdpr=0&gdpr_consent=
Protocol
H2
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/17.2.1 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 22 Mar 2022 17:04:15 GMT
via
1.1 google
server
OXGW/17.2.1
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma
no-cache
date
Tue, 22 Mar 2022 17:04:15 GMT
strict-transport-security
max-age=86400
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
location
https://us-u.openx.net/w/1.0/sd?id=537072956&&val=KpahNCyVqjYxkfQ0K5O_M33F8WMxl_Q2Kpx3tzir
cache-control
private, no-cache, no-store, proxy-revalidate
content-length
0
expires
Fri, 04 Aug 1978 12:00:00 GMT
sd
eu-u.openx.net/w/1.0/ Frame EA1E
Redirect Chain
  • https://c1.adform.net/serving/cookie/match?party=22
  • https://eu-u.openx.net/w/1.0/sd?id=537113484&val=6967991161719458634
43 B
106 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://eu-u.openx.net/w/1.0/sd?id=537113484&val=6967991161719458634
Requested by
Host: u.openx.net
URL: https://u.openx.net/w/1.0/pd?gdpr=0&gdpr_consent=
Protocol
H2
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/17.2.1 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 22 Mar 2022 17:04:15 GMT
via
1.1 google
server
OXGW/17.2.1
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma
no-cache
date
Tue, 22 Mar 2022 17:04:15 GMT
server
nginx
location
https://eu-u.openx.net/w/1.0/sd?id=537113484&val=6967991161719458634
access-control-max-age
86400
access-control-allow-methods
GET
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length
0
expires
-1
openx
match.adsrvr.org/track/cmf/ Frame EA1E 		70 B
264 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.adsrvr.org/track/cmf/openx?oxid=7926998b-73ff-7b7c-e6ea-6670cebc6117&gdpr=0
Requested by
Host: u.openx.net
URL: https://u.openx.net/w/1.0/pd?gdpr=0&gdpr_consent=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.223.40.198 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a6370ebea231e0c9a.awsglobalaccelerator.com
Software
/
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 22 Mar 2022 17:04:15 GMT
cache-control
private,no-cache, must-revalidate
x-aspnet-version
4.0.30319
content-type
image/gif
content-length
70
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
pixel
cm.g.doubleclick.net/ Frame EA1E 		170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=NTU0OTRhNDEtYmE4OC0yNWQ4LWYzMGEtM2NjOTA0NWVhZjc3
Requested by
Host: u.openx.net
URL: https://u.openx.net/w/1.0/pd?gdpr=0&gdpr_consent=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 22 Mar 2022 17:04:15 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
sd
us-u.openx.net/w/1.0/ Frame EA1E
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc
  • https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESECmT0e7PfZlOsxrWi-1gGew&google_cver=1
43 B
106 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESECmT0e7PfZlOsxrWi-1gGew&google_cver=1
Requested by
Host: u.openx.net
URL: https://u.openx.net/w/1.0/pd?gdpr=0&gdpr_consent=
Protocol
H2
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/17.2.1 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 22 Mar 2022 17:04:15 GMT
via
1.1 google
server
OXGW/17.2.1
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma
no-cache
date
Tue, 22 Mar 2022 17:04:15 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESECmT0e7PfZlOsxrWi-1gGew&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
295
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
activeview
pagead2.googlesyndication.com/pcs/ Frame C709 		42 B
64 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstoZezI5LfbGZ_mhhjwfsOP07d610d9FgvIHFbJFY7a4Csj596GMQymsD8RQhBXnihP5212afxJ2ttSjpiH3vP_&sig=Cg0ArKJSzFkT8OBA8ve4EAE&cid=CAASF-Rom8sXCAuFC0jCSFwbNyBoewmPQxOn&id=lidar2&mcvt=1001&p=0,0,90,970&mtos=1001,1001,1001,1001,1001&tos=1001,0,0,0,0&v=20220321&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=2236077833&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0%3D&vs=4&r=v&rst=1647968653851&rpt=655&met=ie&wmsd=0
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 22 Mar 2022 17:04:15 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
sd
eu-u.openx.net/w/1.0/ Frame 7B39
Redirect Chain
  • https://sync.mathtag.com/sync/img?mt_exid=5&redir=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D536872786%26val%3D%5BMM_UUID%5D
  • https://eu-u.openx.net/w/1.0/sd?id=536872786&val=47d7623a-018d-4801-97fb-bf20fad58601
43 B
61 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://eu-u.openx.net/w/1.0/sd?id=536872786&val=47d7623a-018d-4801-97fb-bf20fad58601
Requested by
Host: u.openx.net
URL: https://u.openx.net/w/1.0/pd?gdpr=0&gdpr_consent=
Protocol
H3
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/17.2.1 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 22 Mar 2022 17:04:16 GMT
via
1.1 google
server
OXGW/17.2.1
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

Date
Tue, 22 Mar 2022 17:04:15 GMT
Server
MT3 4267 dd20a5c master cdg-pixel-x7 config:1.0.0
Access-Control-Allow-Origin
*
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location
https://eu-u.openx.net/w/1.0/sd?id=536872786&val=47d7623a-018d-4801-97fb-bf20fad58601
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Keep-Alive
timeout=360
Content-Length
0
Expires
Tue, 22 Mar 2022 17:04:14 GMT
sd
us-u.openx.net/w/1.0/ Frame 7B39
Redirect Chain
  • https://pixel.quantserve.com/pixel/p-25CIknq_eSg16.gif?idmatch=0&gdpr=0
  • https://us-u.openx.net/w/1.0/sd?id=537072956&&val=KpahNCyVqjYxkfQ0K5O_M33F8WMxl_Q2Kpx3tzir
43 B
122 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://us-u.openx.net/w/1.0/sd?id=537072956&&val=KpahNCyVqjYxkfQ0K5O_M33F8WMxl_Q2Kpx3tzir
Requested by
Host: u.openx.net
URL: https://u.openx.net/w/1.0/pd?gdpr=0&gdpr_consent=
Protocol
H2
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/17.2.1 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 22 Mar 2022 17:04:15 GMT
via
1.1 google
server
OXGW/17.2.1
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma
no-cache
date
Tue, 22 Mar 2022 17:04:15 GMT
strict-transport-security
max-age=86400
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
location
https://us-u.openx.net/w/1.0/sd?id=537072956&&val=KpahNCyVqjYxkfQ0K5O_M33F8WMxl_Q2Kpx3tzir
cache-control
private, no-cache, no-store, proxy-revalidate
content-length
0
expires
Fri, 04 Aug 1978 12:00:00 GMT
sd
eu-u.openx.net/w/1.0/ Frame 7B39
Redirect Chain
  • https://c1.adform.net/serving/cookie/match?party=22
  • https://eu-u.openx.net/w/1.0/sd?id=537113484&val=6967991161719458634
43 B
106 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://eu-u.openx.net/w/1.0/sd?id=537113484&val=6967991161719458634
Requested by
Host: u.openx.net
URL: https://u.openx.net/w/1.0/pd?gdpr=0&gdpr_consent=
Protocol
H2
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/17.2.1 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 22 Mar 2022 17:04:15 GMT
via
1.1 google
server
OXGW/17.2.1
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma
no-cache
date
Tue, 22 Mar 2022 17:04:15 GMT
server
nginx
location
https://eu-u.openx.net/w/1.0/sd?id=537113484&val=6967991161719458634
access-control-max-age
86400
access-control-allow-methods
GET
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length
0
expires
-1
openx
match.adsrvr.org/track/cmf/ Frame 7B39 		70 B
264 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.adsrvr.org/track/cmf/openx?oxid=7926998b-73ff-7b7c-e6ea-6670cebc6117&gdpr=0
Requested by
Host: u.openx.net
URL: https://u.openx.net/w/1.0/pd?gdpr=0&gdpr_consent=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.223.40.198 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a6370ebea231e0c9a.awsglobalaccelerator.com
Software
/
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 22 Mar 2022 17:04:15 GMT
cache-control
private,no-cache, must-revalidate
x-aspnet-version
4.0.30319
content-type
image/gif
content-length
70
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
pixel
cm.g.doubleclick.net/ Frame 7B39 		170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=NTU0OTRhNDEtYmE4OC0yNWQ4LWYzMGEtM2NjOTA0NWVhZjc3
Requested by
Host: u.openx.net
URL: https://u.openx.net/w/1.0/pd?gdpr=0&gdpr_consent=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 22 Mar 2022 17:04:15 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
sd
us-u.openx.net/w/1.0/ Frame 7B39
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc
  • https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESECmT0e7PfZlOsxrWi-1gGew&google_cver=1
43 B
106 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESECmT0e7PfZlOsxrWi-1gGew&google_cver=1
Requested by
Host: u.openx.net
URL: https://u.openx.net/w/1.0/pd?gdpr=0&gdpr_consent=
Protocol
H2
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/17.2.1 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 22 Mar 2022 17:04:15 GMT
via
1.1 google
server
OXGW/17.2.1
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma
no-cache
date
Tue, 22 Mar 2022 17:04:15 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESECmT0e7PfZlOsxrWi-1gGew&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
295
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
all
csm.eu.criteo.net/ Frame EEBC 		0
127 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://csm.eu.criteo.net/all?cppv=3&cpp=4wblQBmSJUoYbQPbgj24rskHZhmeQiGzxl7cL-55f1geGC7pw_23XYWGs_OiWrjPoSdbXc5Qrn9wljDCwqx9QQkCvuwKbYXX0SKS0u0dkPs7waNDUt29oQepCxJ7SWClbw57vWfsAJVBhkD_DoLS2p4OZU5tfe2akrWnoVt0ZICnyRSFMrIaZDOQdqMrkRFG2awvouWUGxp5mzK8KVKj9mscYe8gAlhmG2pdg-JQKZjUi7AN_5gqQaXXjKviMSX8LGFaxA&sds=2&rev=80956&sendBeacon=true
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=YjoBjQAN8RYIFWBvAABz6qphxwnEdqn_6dcMjw&u=%7CFd%2BOWspn0ZmLqZMCpm4gOgg6b3%2FzCKHZYU%2FTU%2Fvecmo%3D%7C&c1=jWCgqsKSUoWKRvDssmEQ3dRte9oWhU873PslWXxlgwqyDsvBp4X-0QD3WoDqftjeOi_RL70L9weyC34Yx855ByvuuaphRl6LIhhBOyuFdzgD_OILXvE-00gnsDsd9V53xvw75u57s_yRrH5TBJJnhwq0KPXCE2P85FSkj2lUdmMQDyWwwoVs9HvNFLW-AhiYZNhl4NbEdckFEuKnWvJuyLUvvwYOsCcoHLaJR9O3uVciWaOdrmn-tkr16woM0AlxFtEiEgwD8fxaxDIuMqeF_g1DLpa8Lv60UDigWmlpEniRJEyY-CwpC6wvlGngLUXSfSIWEUWvplQrQWAyP5N1PykQCxZ_7Xs7eszDedN-thbxS5yGCSaEy3EidxH0c7ST1OvMBjne2CyNE0T8HLJyz02ytIj-rEqlrMx2321aVHbDu8dwVqhXaTiX9yUeBBJAWVWjFpUQMN-V0Kghg1SxISxU2K8ADwlKzth-tPFRAak&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCP9vQjQE6YpbiN-_A1fAP6ueBqArJntKxXNWdkfdwwI23ARABIABglar2gZQHggEXY2EtcHViLTc1MDA1OTMyMzY3MDczMjWgAdW20uoDyAEJqQLF4l2CPHayPqgDAaoEkwJP0OGYFX6fKcIFrPpMS3w6GCiqhAXIFDSKYruZW2DWIZkbvt5t3k3ScrAaJ62tRN1SAbg-WGzRnNHUXVM7VmRnnMMh5eFxKhYULNthWi5KmQOUNQ9vo8kQbb-AF_Daj2xV5WuNQlB6xXsP_iLu-kt80DfgiPTUmIuKgsTEMuR5i8lcbLsb3vTnux_pa6va-M3u6MgQeiDcbTiNPz1mbYAqxZrvhQDZQNyL4zxhQblo-49T4UXY31JfdvIak-rYGM0zEvIauuqgWqtB1O-7NvM1shbNASTG7Qx2GUTt_oH78eQ1hyYcl-QItu9_yHUQQ7HK4VtMDmTDPGg3myYFLy_VAWl6hKNuymkgffbSX3Za2UOrBIAGmpSN-dWShNO_AaAGIagHipixAqgHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_1_3efGHjkrv1CoLtqm4bdvWHYa9Q%26client%3Dca-pub-7500593236707325%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.0.162 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Finatra /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Referer
https://ads.eu.criteo.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

access-control-allow-origin
*
date
Tue, 22 Mar 2022 17:04:14 GMT
cross-origin-resource-policy
cross-origin
server
Finatra
content-length
0
strict-transport-security
max-age=31536000; preload;
async_usersync
ib.adnxs.com/ Frame 9094 		0
743 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/async_usersync?cbfn=queuePixels
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
37.252.173.27 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
539.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://acdn.adnxs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 22 Mar 2022 17:04:15 GMT
X-Proxy-Origin
84.19.175.183; 84.19.175.183; 539.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid
5f0dc948-c3de-4b48-b123-97b3d3c7d01b
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
async_usersync
ib.adnxs.com/ Frame 7D2A 		0
743 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/async_usersync?cbfn=queuePixels
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
37.252.173.27 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
539.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://acdn.adnxs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 22 Mar 2022 17:04:15 GMT
X-Proxy-Origin
84.19.175.183; 84.19.175.183; 539.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid
bdb5ec40-daac-4cb3-804b-12faef81c238
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
sid
mug.criteo.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://mug.criteo.com/sid?cpp=0bfZzXxOQ2Z3ZUZ2ZVZTa3ArekdrN3gyWEdhazcvWE5UK0xHMnNzazRyT0dNNE10WGo1eHRQaFJWYlg2aUlqZm92WGRnMGlBSmxsUnFkTnk5SXNib090WmsxNFB0YlUwQUN0VlZ1VmJRRTV0N2hiTmE4M2svWUxDVkd5S2FwTkRHeDNDOVJNRllhSUVIUWpqdXF1RlRTY0gvMnpaa1lmalZvUXA5Uk5iRVBjbUtLQVYyYllIMzFUMExiRVRrazZBREtpTVNxZ01mVTlOVDhyNDNRWS82UElNTHluZXUyNWZWNEdXS2lkRTVUY0RNNHhJPXw&cppv=2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.0.157 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Accept
*/*
Access-Control-Request-Method
GET
Access-Control-Request-Headers
content-type
Origin
null
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
content-type
application/json; charset=utf-8
expires
0
access-control-allow-origin
null
access-control-allow-headers
content-type
access-control-allow-credentials
true
access-control-allow-methods
GET
server-processing-duration-in-ticks
1291
date
Tue, 22 Mar 2022 17:04:15 GMT
strict-transport-security
max-age=31536000; preload;
content-encoding
gzip
vary
Accept-Encoding
img
pix.eu.criteo.net/img/ Frame EEBC 		73 KB
73 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pix.eu.criteo.net/img/img?m=0&partner=93301&q=80&r=0&u=http%3A%2F%2Fstatic.nl.eu.criteo.net%2Fdesign%2Fdt%2F93301%2F220308%2F8135cf59197a4aaeaf077ce3c95d7012_uranium_banners_1200_628px.jpg&v=3&s=HZbeXGaHiwgEBZbMhh2-H80A
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
pix.am5.vip.prod.criteo.com
Software
Finatra /
Resource Hash
5088414f9c14d5edb1807485a06097481409917ea4d1415edef8bdfbfbb3053d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 17:04:15 GMT
last-modified
Wed, 4 Jun 2008 06:06:06 GMT
server
Finatra
vary
Origin
content-type
image/webp
cache-control
public, max-age=29896149
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; preload;
timing-allow-origin
*
content-length
74492
expires
Fri, 03 Mar 2023 17:33:26 GMT
abt
capi-tier-2-us-east-2.connatix.com/tr/ Frame 71BB 		0
315 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://capi-tier-2-us-east-2.connatix.com/tr/abt?v=155403
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.132.161.168 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-132-161-168.us-east-2.compute.amazonaws.com
Software
Kestrel /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type
multipart/form-data

Response headers

date
Tue, 22 Mar 2022 17:04:16 GMT
content-encoding
gzip
server
Kestrel
vary
Accept-Encoding
content-type
application/x-protobuf
access-control-allow-origin
https://threatpost.com
access-control-allow-credentials
true
Connection
keep-alive
Content-Length
20
async_usersync
ib.adnxs.com/ Frame 9094 		0
743 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/async_usersync?cbfn=queuePixels
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
37.252.173.27 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
539.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://acdn.adnxs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 22 Mar 2022 17:04:16 GMT
X-Proxy-Origin
84.19.175.183; 84.19.175.183; 539.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid
17a7c8c1-1bc1-467a-8cc8-08b151c2a8be
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
async_usersync
ib.adnxs.com/ Frame 7D2A 		0
743 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/async_usersync?cbfn=queuePixels
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
37.252.173.27 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
539.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://acdn.adnxs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 22 Mar 2022 17:04:16 GMT
X-Proxy-Origin
84.19.175.183; 84.19.175.183; 539.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid
b212b4d2-5bdf-48b5-8dac-0392569380cf
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 6F68 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?cslots=0&dispcorr=0&streamcorr=0&loc=https%3A%2F%2Fthreatpost.com%2F&ref=https%3A%2F%2Fthreatpost.com%2F&gcasclass=1&vpaidadapter=f&ifstate=-1&lid=70&sdkv=h.3.506.0&id=ima_html5&c=4050227070911873&domain=threatpost.com
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://imasdk.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 22 Mar 2022 17:04:17 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 6F68 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?csrvinit=1&lid=151&sdkv=h.3.506.0&id=ima_html5&c=4050227070911873&domain=threatpost.com
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://imasdk.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 22 Mar 2022 17:04:17 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
usync.html
eus.rubiconproject.com/ Frame 303B 		281 B
554 B 		Document
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.html
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.37.42.132 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-37-42-132.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/

Response headers

Server
Apache/2.2.15 (CentOS)
Last-Modified
Tue, 14 Dec 2021 23:07:59 GMT
ETag
"402b2-119-5d32342a551c0"
Accept-Ranges
bytes
Content-Encoding
gzip
Content-Length
233
Content-Type
text/html; charset=UTF-8
Date
Tue, 22 Mar 2022 17:04:17 GMT
Connection
keep-alive
Vary
Accept-Encoding
2000891.html
serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/ Frame D696
Redirect Chain
  • https://sync.serverbid.com/ss/2000891.html
  • https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/2000891.html
5 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/2000891.html
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
205.185.216.42 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
map2.hwcdn.net
Software
/
Resource Hash
f3d66b78ca0c93adf48dec8533da3c4db538cc648dc60e383d5fd0b666859206
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/

Response headers

Date
Tue, 22 Mar 2022 17:04:18 GMT
Connection
Keep-Alive
Cache-Control
max-age=77502
Content-Length
4947
Content-Type
text/html
Last-Modified
Wed, 20 Nov 2019 20:29:05 GMT
Accept-Ranges
bytes
etag
"1b0ebac83fe30af80513039edbdf566f"
x-amz-request-id
tx00000000000000aeb23cd-006239decf-14cfc12b-nyc3a
strict-transport-security
max-age=15552000; includeSubDomains; preload
age
453
x-rgw-object-type
Normal
Vary
Access-Control-Request-Headers,Access-Control-Request-Method,Origin
X-HW
1647968657.dop137.fr8.t,1647968658.cds057.fr8.shn,1647968658.cds057.fr8.c

Redirect headers

content-length
0
location
https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/2000891.html
cache-control
no-cache
sync
eb2.3lift.com/ Frame E778
Redirect Chain
  • https://eb2.3lift.com/sync?
  • https://eb2.3lift.com/sync?&ld=1
1 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://eb2.3lift.com/sync?&ld=1
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.248.245.213 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a0f671730127a0812.awsglobalaccelerator.com
Software
/
Resource Hash
87b152a0737334cd1c36bb569e59bcebbfd836d745ddadddadaafb6e4e3b9fe2

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/

Response headers

date
Tue, 22 Mar 2022 17:04:17 GMT
content-type
text/html; charset=utf-8
content-length
460
content-encoding
gzip
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
cache-control
no-cache, no-store, must-revalidate

Redirect headers

date
Tue, 22 Mar 2022 17:04:17 GMT
content-length
0
location
/sync?&ld=1
cache-control
no-cache, no-store, must-revalidate
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 47B8 		15 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156858&gdpr=0&gdpr_consent=
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.108.144.214 Berlin, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-108-144-214.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/

Response headers

last-modified
Tue, 01 Feb 2022 06:38:00 GMT
etag
"1300708-3de4-5d6ef246ef4cf"
server
Apache/2.2.15 (CentOS)
accept-ranges
bytes
content-encoding
gzip
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length
5549
content-type
text/html; charset=UTF-8
cache-control
max-age=101332
expires
Wed, 23 Mar 2022 21:13:09 GMT
date
Tue, 22 Mar 2022 17:04:17 GMT
vary
Accept-Encoding
ixmatch.html
js-sec.indexww.com/um/ Frame 91A5 		3 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://js-sec.indexww.com/um/ixmatch.html
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.108.145.8 Berlin, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-108-145-8.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
7c3b96f238042f73d0bedf5877fa02eb834e89649bbd122e2f10cc35238173cf

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/

Response headers

Server
Apache
Last-Modified
Fri, 18 Feb 2022 16:05:37 GMT
ETag
"e20015-b6b-5d84d0db0c30a"
Accept-Ranges
bytes
P3P
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type
text/html; charset=UTF-8
Vary
Accept-Encoding
Content-Encoding
gzip
Date
Tue, 22 Mar 2022 17:04:17 GMT
Content-Length
1388
Connection
keep-alive
async_usersync.html
acdn.adnxs.com/dmp/ Frame E8B4 		52 KB
17 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://acdn.adnxs.com/dmp/async_usersync.html
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.108.144.200 Berlin, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-108-144-200.deploy.static.akamaitechnologies.com
Software
nginx/1.13.10 /
Resource Hash
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/

Response headers

Last-Modified
Wed, 02 Dec 2020 20:56:47 GMT
ETag
"5fc7ff8f-cf34"
Server
nginx/1.13.10
Content-Type
text/html
Access-Control-Allow-Origin
*
Content-Encoding
gzip
Content-Length
17053
Cache-Control
max-age=86402
Expires
Wed, 23 Mar 2022 17:04:19 GMT
Date
Tue, 22 Mar 2022 17:04:17 GMT
Connection
keep-alive
Vary
Accept-Encoding
pd
eu-u.openx.net/w/1.0/ Frame 71B3 		542 B
357 B 		Document
General
Check archive.org
Download Go to
Full URL
https://eu-u.openx.net/w/1.0/pd?plm=6&ph=e1b1f5e1-3c2c-4287-9806-317cfbf3bd12&gdpr=0
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/17.2.1 /
Resource Hash
e59f556482cb44643fe3c40e1ba8616cf711bdcff74f045377ea6233c356c337

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/

Response headers

vary
Accept, Accept-Encoding
server
OXGW/17.2.1
p3p
CP="CUR ADM OUR NOR STA NID"
date
Tue, 22 Mar 2022 17:04:17 GMT
content-type
text/html
content-length
338
content-encoding
gzip
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
beacon
ap.lijit.com/ Frame 2027 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://ap.lijit.com/beacon?informer=13394437
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
216.52.2.39 , United States, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/

Response headers

Date
Tue, 22 Mar 2022 17:04:17 GMT
Expires
Fri, 20 Mar 2009 00:00:00 GMT
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
Pragma
no-cache
P3P
CP="CUR ADM OUR NOR STA NID"
X-Sovrn-Pod
ad_ap7ams1
sync.html
public.servenobid.com/ Frame 6187 		8 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://public.servenobid.com/sync.html
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:48::44 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
0849eef021b381cb3f64d424bdd29839513dbb4e964aef0420136906426a18de

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://threatpost.com/

Response headers

cache-control
max-age=86400
content-type
text/html
content-encoding
br
last-modified
Tue, 15 Mar 2022 23:39:48 GMT
accept-ranges
bytes
etag
"866b66bb3ccc5c8de41913672c69b8f7"
x-cache
TCP_HIT
server
AmazonS3
x-amz-id-2
I7hQZBQlShi5n+RwYMjPPjvgicoyvnClwtP5UEla4RvrPoiNkPQsaaFvBNEEN+tOrm6K1hHFO0I=
x-amz-request-id
EY3GZTBDP62RM4Z9
x-amz-meta-codebuild-content-sha256
1bd3623b950dcf081744ebf0150c6ff72edcc5cbd4a3ea8293d7f9c29b2e9c0b
x-amz-meta-codebuild-buildarn
arn:aws:codebuild:us-east-1:559734745816:build/adserver-public-prod:a4519585-d31b-4588-8499-6641ec459b43
x-amz-meta-codebuild-content-md5
d97b029b026ab1b5da9f71fc8f6cf19a
x-azure-ref
0kQE6YgAAAADNrfBZmAqoT78vEcy3edpyTE9OMjFFREdFMDExMgA4NGU3ZGZhMi0xNDQyLTQzMzQtYjM0Zi1lNDJkM2Y3ZGRhZDk=
date
Tue, 22 Mar 2022 17:04:17 GMT
usync.js
eus.rubiconproject.com/ Frame 303B 		32 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.js
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.37.42.132 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-37-42-132.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash
85fae6da7be6b2a4299638f9a7de6d7df6e1746186532465ef1c228faaf9a0bb

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/usync.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date
Tue, 22 Mar 2022 17:04:17 GMT
Content-Encoding
gzip
Last-Modified
Wed, 02 Mar 2022 16:27:58 GMT
Server
Apache/2.2.15 (CentOS)
X-Powered-By
PHP/5.3.3
Vary
Accept-Encoding
p3p
CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control
max-age=60302
Connection
keep-alive
Content-Type
text/html; charset=UTF-8
Content-Length
9540
Expires
Wed, 23 Mar 2022 09:49:19 GMT
dds
rtb.openx.net/sync/ Frame 71B3 		43 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb.openx.net/sync/dds
Requested by
Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=e1b1f5e1-3c2c-4287-9806-317cfbf3bd12&gdpr=0
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.227.252.103 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
103.252.227.35.bc.googleusercontent.com
Software
Cowboy /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eu-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 22 Mar 2022 17:04:16 GMT
via
1.1 google
server
Cowboy
vary
Origin
p3p
CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin
null
access-control-expose-headers
cache-control
private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials
true
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
x-request-id
jehs8m63tlh3cj864euu9m09kdd5nbno
ede1ffcf-e353-e935-d73d-708531ebac5e
pr-bh.ybp.yahoo.com/sync/openx/ Frame 71B3 		43 B
991 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pr-bh.ybp.yahoo.com/sync/openx/ede1ffcf-e353-e935-d73d-708531ebac5e?gdpr=0
Requested by
Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=e1b1f5e1-3c2c-4287-9806-317cfbf3bd12&gdpr=0
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a05:d018:d29:3605:a6cd:bbc5:ba08:db41 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
ATS /
Resource Hash
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eu-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 17:04:17 GMT
referrer-policy
strict-origin-when-cross-origin
server
ATS
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security
max-age=31536000
content-type
image/gif
x-xss-protection
1; mode=block
content-length
43
x-content-type-options
nosniff
sd
eu-u.openx.net/w/1.0/ Frame 71B3
Redirect Chain
  • https://pm.w55c.net/ping_match.gif?ei=OPENX&rurl=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537072979%26val%3D_wfivefivec_
  • https://pm.w55c.net/ping_match.gif?scc=1&ei=OPENX&rurl=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537072979%26val%3D_wfivefivec_
  • https://eu-u.openx.net/w/1.0/sd?id=537072979&val=G0YYzYXu1NwHVD5
43 B
61 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://eu-u.openx.net/w/1.0/sd?id=537072979&val=G0YYzYXu1NwHVD5
Requested by
Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=e1b1f5e1-3c2c-4287-9806-317cfbf3bd12&gdpr=0
Protocol
H3
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/17.2.1 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eu-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 22 Mar 2022 17:04:17 GMT
via
1.1 google
server
OXGW/17.2.1
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Tue, 22 Mar 2022 17:04:17 GMT
Server
PingMatch/v2.0.30-713-gdae83a2#rel-ec2-master i-0ae965e2f8a6b4310@eu-central-1a@dxedge-app-eu-central-1-prod-asg
Strict-Transport-Security
max-age=2592000; includeSubDomains
Location
https://eu-u.openx.net/w/1.0/sd?id=537072979&val=G0YYzYXu1NwHVD5
Cache-Control
no-cache, must-revalidate
Connection
keep-alive
Content-Length
0
Expires
Fri, 01 Jan 1990 00:00:00 GMT
sd
us-u.openx.net/w/1.0/ Frame 71B3
Redirect Chain
  • https://x.bidswitch.net/sync?ssp=openx
  • https://x.bidswitch.net/ul_cb/sync?ssp=openx
  • https://sync.srv.stackadapt.com/sync?nid=50&gdpr=&gdpr_consent=&gdpr_pd=&ssp=openx
  • https://x.bidswitch.net/sync?dsp_id=188&user_id=Eo1n_6jeRrx-hcfE2uUB_lQTr7c&user_group=1&ssp=openx
  • https://us-u.openx.net/w/1.0/sd?id=537072968&val=ab840884-0966-41c1-9fc9-f763e140d9eb&gdpr=&gdpr_consent=
43 B
61 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://us-u.openx.net/w/1.0/sd?id=537072968&val=ab840884-0966-41c1-9fc9-f763e140d9eb&gdpr=&gdpr_consent=
Requested by
Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=e1b1f5e1-3c2c-4287-9806-317cfbf3bd12&gdpr=0
Protocol
H3
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/17.2.1 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eu-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 22 Mar 2022 17:04:18 GMT
via
1.1 google
server
OXGW/17.2.1
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

Location
//us-u.openx.net/w/1.0/sd?id=537072968&val=ab840884-0966-41c1-9fc9-f763e140d9eb&gdpr=&gdpr_consent=
Date
Tue, 22 Mar 2022 17:04:18 GMT
Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Content-Length
0
sd
eu-u.openx.net/w/1.0/ Frame 71B3
Redirect Chain
  • https://ib.adnxs.com/getuid?https://eu-u.openx.net/w/1.0/sd?id=537072399&val=$UID
  • https://eu-u.openx.net/w/1.0/sd?id=537072399&val=2379099401653619541
43 B
61 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://eu-u.openx.net/w/1.0/sd?id=537072399&val=2379099401653619541
Requested by
Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=e1b1f5e1-3c2c-4287-9806-317cfbf3bd12&gdpr=0
Protocol
H3
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/17.2.1 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eu-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 22 Mar 2022 17:04:17 GMT
via
1.1 google
server
OXGW/17.2.1
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Tue, 22 Mar 2022 17:04:17 GMT
X-Proxy-Origin
84.19.175.183; 84.19.175.183; 539.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid
95dca9e2-ba68-457f-be4d-1fa47eaca893
Server
nginx/1.21.3
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://eu-u.openx.net/w/1.0/sd?id=537072399&val=2379099401653619541
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
ox
match.prod.bidr.io/cookie-sync/ Frame 71B3 		43 B
430 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.prod.bidr.io/cookie-sync/ox
Requested by
Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=e1b1f5e1-3c2c-4287-9806-317cfbf3bd12&gdpr=0
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.49.96.153 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-49-96-153.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eu-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
Date
Tue, 22 Mar 2022 17:04:17 GMT
Server
nginx
strict-transport-security
max-age=2592000; includeSubDomains
p3p
CP="This is not a P3P policy! See https://beeswax.com/privacy for more info."
cache-control
no-cache, must-revalidate
Connection
keep-alive
content-type
image/gif
Content-Length
43
expires
Fri, 01 Jan 1990 00:00:00 GMT
async_usersync
ib.adnxs.com/ Frame E8B4 		0
743 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/async_usersync?cbfn=queuePixels
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
37.252.173.27 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
539.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://acdn.adnxs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 22 Mar 2022 17:04:17 GMT
X-Proxy-Origin
84.19.175.183; 84.19.175.183; 539.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid
349a496a-5233-4b35-b67c-c6af97cf8de4
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
generic
match.adsrvr.org/track/cmf/ Frame E778 		70 B
264 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.adsrvr.org/track/cmf/generic?ttd_pid=svx9t50&ttd_tpi=1&gdpr=1&gdpr_consent=
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?&ld=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.223.40.198 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a6370ebea231e0c9a.awsglobalaccelerator.com
Software
/
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 22 Mar 2022 17:04:17 GMT
cache-control
private,no-cache, must-revalidate
x-aspnet-version
4.0.30319
content-type
image/gif
content-length
70
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
pixel
cm.g.doubleclick.net/ Frame E778
Redirect Chain
  • https://eb2.3lift.com/ebda?sync=1&gdpr=1&cmp_cs=
  • https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=Mjk1NzA4NDYxMjc5ODU2Njg5ODgxNg%3D%3D
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=Mjk1NzA4NDYxMjc5ODU2Njg5ODgxNg%3D%3D
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?&ld=1
Protocol
H3
Server
142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 22 Mar 2022 17:04:17 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=Mjk1NzA4NDYxMjc5ODU2Njg5ODgxNg%3D%3D
date
Tue, 22 Mar 2022 17:04:17 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
0
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
pixel
cm.g.doubleclick.net/ Frame E778 		170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=triplelift&google_cm&google_sc&gdpr=1&gdpr_consent=
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?&ld=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 22 Mar 2022 17:04:17 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame E778
Redirect Chain
  • https://eb2.3lift.com/sync/google/demand?sync=1&gdpr=1&gdpr_consent=
  • https://cm.g.doubleclick.net/pixel?google_nid=triplelift&gdpr=1&gdpr_consent=&us_privacy=&google_hm=Mjk1NzA4NDYxMjc5ODU2Njg5ODgxNg%3D%3D
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=triplelift&gdpr=1&gdpr_consent=&us_privacy=&google_hm=Mjk1NzA4NDYxMjc5ODU2Njg5ODgxNg%3D%3D
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?&ld=1
Protocol
H3
Server
142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 22 Mar 2022 17:04:17 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location
https://cm.g.doubleclick.net/pixel?google_nid=triplelift&gdpr=1&gdpr_consent=&us_privacy=&google_hm=Mjk1NzA4NDYxMjc5ODU2Njg5ODgxNg%3D%3D
date
Tue, 22 Mar 2022 17:04:17 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
0
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
setuid
px.ads.linkedin.com/ Frame E778 		0
141 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.ads.linkedin.com/setuid?partner=tripleliftdbredirect&tlUid=2957084612798566898816&dbredirect=true&gdpr=1&consent=
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?&ld=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 17:04:17 GMT
x-li-pop
afd-prod-lor1-x
x-msedge-ref
Ref A: F460E1FB091D4791BCA97924A45705F9 Ref B: FRAEDGE1110 Ref C: 2022-03-22T17:04:17Z
linkedin-action
1
x-cache
CONFIG_NOCACHE
x-li-fabric
prod-lor1
x-li-proto
http/2
content-length
0
x-li-uuid
AAXa0ZpyGww/2EP0Ut+WUQ==
xuid
eb2.3lift.com/ Frame E778
Redirect Chain
  • https://pr-bh.ybp.yahoo.com/sync/triplelift/2957084612798566898816?gdpr=1&gdpr_consent=
  • https://eb2.3lift.com/xuid?mid=2662&xuid=y-PFr4KnxE2oQ3svpQnuQy_seP6w2h6q5vWtoTJ5SSkw--~A&dongle=0883
37 B
354 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://eb2.3lift.com/xuid?mid=2662&xuid=y-PFr4KnxE2oQ3svpQnuQy_seP6w2h6q5vWtoTJ5SSkw--~A&dongle=0883
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?&ld=1
Protocol
H2
Server
13.248.245.213 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a0f671730127a0812.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 17:04:17 GMT
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif
content-length
37
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

date
Tue, 22 Mar 2022 17:04:17 GMT
referrer-policy
strict-origin-when-cross-origin
server
ATS
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security
max-age=31536000
location
https://eb2.3lift.com/xuid?mid=2662&xuid=y-PFr4KnxE2oQ3svpQnuQy_seP6w2h6q5vWtoTJ5SSkw--~A&dongle=0883
x-xss-protection
1; mode=block
content-length
0
x-content-type-options
nosniff
sync
x.bidswitch.net/ Frame E778 		43 B
220 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://x.bidswitch.net/sync?ssp=triplelift&user_id=2957084612798566898816&gdpr=1&gdpr_consent=
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?&ld=1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.184.198.122 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-184-198-122.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date
Tue, 22 Mar 2022 17:04:17 GMT
Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Content-Length
43
Content-Type
image/gif
c.gif
c.bing.com/ Frame E778 		42 B
594 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://c.bing.com/c.gif?xid=2957084612798566898816&Red3=TLMS_pd
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?&ld=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/ ASP.NET
Resource Hash
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 22 Mar 2022 17:04:17 GMT
etag
"8120eaf0ff3ad81:0"
last-modified
Fri, 18 Mar 2022 19:39:54 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: 5D1E0A9C7CCC492E93A2C23916A54DEC Ref B: FRAEDGE1409 Ref C: 2022-03-22T17:04:17Z
x-powered-by
ASP.NET
x-cache
CONFIG_NOCACHE
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control
private, no-cache, proxy-revalidate, no-store
accept-ranges
bytes
content-type
image/gif
content-length
42
iu3
s.amazon-adsystem.com/ Frame E778
Redirect Chain
  • https://s.amazon-adsystem.com/x/757c0557066e95cfd4c7?gdpr=1&gdpr_consent=&uid=2957084612798566898816
  • https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&dl=3lift&gdpr=1&gdpr_consent=&uid=2957084612798566898816&dcc=t
0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&dl=3lift&gdpr=1&gdpr_consent=&uid=2957084612798566898816&dcc=t
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?&ld=1
Protocol
HTTP/1.1
Server
209.54.180.3 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Redirect headers

Pragma
no-cache
Date
Tue, 22 Mar 2022 17:04:17 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
F3QXJGHS034GWXS5CKJR
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location
https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&dl=3lift&gdpr=1&gdpr_consent=&uid=2957084612798566898816&dcc=t
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Length
0
Expires
Thu, 01 Jan 1970 00:00:00 GMT
xuid
eb2.3lift.com/ Frame E778
Redirect Chain
  • https://b1sync.zemanta.com/usersync/triplelift?gdpr=1&gdpr_consent=
  • https://eb2.3lift.com/xuid?mid=2460&dongle=dba8&xuid=&gdpr=1
37 B
139 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://eb2.3lift.com/xuid?mid=2460&dongle=dba8&xuid=&gdpr=1
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?&ld=1
Protocol
H2
Server
13.248.245.213 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a0f671730127a0812.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 17:04:18 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
37
content-type
image/gif

Redirect headers

Location
https://eb2.3lift.com/xuid?mid=2460&dongle=dba8&xuid=&gdpr=1
Pragma
no-cache
Date
Tue, 22 Mar 2022 17:04:18 GMT
Cache-Control
no-cache, no-store, must-revalidate
Expires
Thu, 01 Dec 1994 16:00:00 GMT
Content-Length
95
Content-Type
text/html; charset=utf-8
13926
g2.gumgum.com/usync/ Frame A085 		4 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Requested by
Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.250.158.219 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-250-158-219.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
9bb78cd215beb0a8c20a87ea7f2b3624f8511078172efef29596635603a44a43

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://public.servenobid.com/

Response headers

date
Tue, 22 Mar 2022 17:04:18 GMT
content-type
text/html;charset=UTF-8
server
nginx
etag
W/"0641170370fdf35722a6244096973f4f9"
timing-allow-origin
*
content-encoding
gzip
ps
pixel.33across.com/ Frame 91C7 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://pixel.33across.com/ps?m=xch&rt=html&id=0010b00002Mq2FYAAZ&ru=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D304%26uid%3D33XUSERID33X
Requested by
Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
67.202.105.24 -, , ASN (),
Reverse DNS
Software
33XP004 /
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://public.servenobid.com/

Response headers

x-33x-status
2000208
server
33XP004
date
Tue, 22 Mar 2022 17:04:18 GMT
/
onetag-sys.com/usync/ Frame 5411 		2 KB
814 B 		Document
General
Check archive.org
Download Go to
Full URL
https://onetag-sys.com/usync/?pubId=694e68b73971b58&gdpr=0&gdpr_consent=&us_privacy=1YN-&https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D318%26uid%3D
Requested by
Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
51.89.9.251 London, United Kingdom, ASN16276 (OVH, FR),
Reverse DNS
ip251.ip-51-89-9.eu
Software
/
Resource Hash
37a31642af0a7fe695ed0fd68a06a55af44e854d083dc7f5d0e70535f0189ae0
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://public.servenobid.com/

Response headers

content-type
text/html
cache-control
no-transform, no-cache
content-encoding
gzip
content-length
731
strict-transport-security
max-age=15552000
sync
ssbsync.smartadserver.com/api/ Frame 9C02 		770 B
1020 B 		Document
General
Check archive.org
Download Go to
Full URL
https://ssbsync.smartadserver.com/api/sync?callerId=9&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D317%26uid%3D%24UID
Requested by
Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.86.137.121 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software
/
Resource Hash
ec30516a3fe9a182b66f4129bb2152acb2b0e49ccf040d46fdc622ea74f96097

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://public.servenobid.com/

Response headers

content-length
770
content-type
text/html
date
Tue, 22 Mar 2022 17:04:17 GMT
usermatch
ssum-sec.casalemedia.com/ Frame 6017 		2 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D
Requested by
Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.108.145.8 Berlin, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-108-145-8.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
da470abd39b0139219d4c7d827c4c931f40dbc3d13183dc140d709aeca6be490

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://public.servenobid.com/

Response headers

Server
Apache
Content-Type
text/html
Dropped-Udsids
241|230|39|45|218|13|5|105
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Vary
Is-Traffic-Usersync
Expires
Tue, 22 Mar 2022 17:04:18 GMT
Cache-Control
max-age=0, no-cache, no-store
Pragma
no-cache
Date
Tue, 22 Mar 2022 17:04:18 GMT
Content-Length
1675
Connection
keep-alive
sync
ads.servenobid.com/ Frame 6187
Redirect Chain
  • https://ib.adnxs.com/getuid?https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D312%26uid%3D%24UID
  • https://ads.servenobid.com/sync?pid=312&uid=2379099401653619541
0
344 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ads.servenobid.com/sync?pid=312&uid=2379099401653619541
Requested by
Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol
H2
Server
52.215.175.9 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-215-175-9.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://public.servenobid.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 17:04:17 GMT
amp-access-control-allow-source-origin
*
content-type
image/avif;charset=ISO-8859-1
access-control-allow-origin
*
access-control-expose-headers
AMP-Access-Control-Allow-Source-Origin
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials
true
content-length
0

Redirect headers

Pragma
no-cache
Date
Tue, 22 Mar 2022 17:04:17 GMT
X-Proxy-Origin
84.19.175.183; 84.19.175.183; 539.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid
672ca0d3-a872-47db-a534-c7419bf8e05d
Server
nginx/1.21.3
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://ads.servenobid.com/sync?pid=312&uid=2379099401653619541
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
sync
ads.servenobid.com/ Frame 6187
Redirect Chain
  • https://ce.lijit.com/merge?pid=273657&3pid=273657&gdpr=0&gdpr_consent=&us_privacy=1YN-&&location=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D310%26uid%3D%5BSOVRNID%5D
  • https://ads.servenobid.com/sync?pid=310&uid=ac980dfa20325f43a9edd625
0
347 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ads.servenobid.com/sync?pid=310&uid=ac980dfa20325f43a9edd625
Requested by
Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol
H2
Server
52.215.175.9 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-215-175-9.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://public.servenobid.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 17:04:18 GMT
amp-access-control-allow-source-origin
*
content-type
image/avif;charset=ISO-8859-1
access-control-allow-origin
*
access-control-expose-headers
AMP-Access-Control-Allow-Source-Origin
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials
true
content-length
0

Redirect headers

Pragma
no-cache
Date
Tue, 22 Mar 2022 17:04:17 GMT
P3P
CP="CUR ADM OUR NOR STA NID"
Location
https://ads.servenobid.com/sync?pid=310&uid=ac980dfa20325f43a9edd625
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod
ad_ap4ams1
Content-Length
0
Expires
Fri, 20 Mar 2009 00:00:00 GMT
pixel
ap.lijit.com/ Frame 6187 		0
277 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ap.lijit.com/pixel?pid=273657&3pid=273657&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redir=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D310%26uid%3D%24UID
Requested by
Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
216.52.2.39 , United States, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://public.servenobid.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Access-Control-Allow-Origin
*
Date
Tue, 22 Mar 2022 17:04:17 GMT
Access-Control-Allow-Credentials
true
X-Sovrn-Pod
ad_ap7ams1
Access-Control-Allow-Headers
X-Requested-With, Content-Type
Access-Control-Allow-Methods
GET, POST, DELETE, PUT
07efa453-0fe4-4bae-a09b-a199ca5ac1e1
sync.1rx.io/usersync/tradedesk/ Frame 6187
Redirect Chain
  • https://sync.1rx.io/usersync2/rmpssp?sub=duration&redir=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D321%26uid%3D%5BRX_UUID%5D
  • https://sync.1rx.io/usersync2/rmpssp?sub=duration&zcc=1&redir=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D321%26uid%3D%5BRX_UUID%5D&cb=1647968658521
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=8811928793
  • https://sync.1rx.io/usersync/tradedesk/07efa453-0fe4-4bae-a09b-a199ca5ac1e1
0
0
sync
ads.servenobid.com/ Frame 6187
Redirect Chain
  • https://p.rfihub.com/cm?pub=44007&in=1
  • https://ads.servenobid.com/sync?pid=324&uid=5108559722826149862
0
344 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ads.servenobid.com/sync?pid=324&uid=5108559722826149862
Requested by
Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol
H2
Server
52.215.175.9 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-215-175-9.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://public.servenobid.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 17:04:18 GMT
amp-access-control-allow-source-origin
*
content-type
image/avif;charset=ISO-8859-1
access-control-allow-origin
*
access-control-expose-headers
AMP-Access-Control-Allow-Source-Origin
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials
true
content-length
0

Redirect headers

Location
https://ads.servenobid.com/sync?pid=324&uid=5108559722826149862
Date
Tue, 22 Mar 2022 17:04:18 GMT
Server
Jetty(9.3.29.v20201019)
Content-Length
0
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
usa
sync.go.sonobi.com/ Frame 6187 		0
478 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.go.sonobi.com/usa?loc=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D332%26uid%3D
Requested by
Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
178.162.133.149 Rijswijk, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
ams-1-sync.go.sonobi.com
Software
sonobi-go /
Resource Hash
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://public.servenobid.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 22 Mar 2022 17:04:17 GMT
Server
sonobi-go
Vary
negotiate,Accept-Encoding
X-Go-Server
xcp-ams-1-7-129
P3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control
no-cache, no-store, private
Tcn
Choice
Content-Type
text/plain; charset=utf8
Content-Length
0
X-Xss-Protection
0
Expires
Sat, 26 Jul 1997 05:00:00 GMT
sync
ads.servenobid.com/ Frame 6187
Redirect Chain
  • https://prebid.a-mo.net/cchain/0?gdpr=0&gdpr_consent=&us_privacy=1YN-&&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D327%26uid%3D
  • https://ads.servenobid.com/sync?pid=327&uid=2b2f22e0-0f66-4031-8737-2f4fc4a7d227&gdpr=0&gdpr_consent=&us_privacy=1YN-
0
356 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ads.servenobid.com/sync?pid=327&uid=2b2f22e0-0f66-4031-8737-2f4fc4a7d227&gdpr=0&gdpr_consent=&us_privacy=1YN-
Requested by
Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol
H2
Server
52.215.175.9 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-215-175-9.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://public.servenobid.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 17:04:18 GMT
amp-access-control-allow-source-origin
*
content-type
image/avif;charset=ISO-8859-1
access-control-allow-origin
*
access-control-expose-headers
AMP-Access-Control-Allow-Source-Origin
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials
true
content-length
0

Redirect headers

location
https://ads.servenobid.com/sync?pid=327&uid=2b2f22e0-0f66-4031-8737-2f4fc4a7d227&gdpr=0&gdpr_consent=&us_privacy=1YN-
date
Tue, 22 Mar 2022 17:04:17 GMT
cache-control
max-age=0, private, must-revalidate
x-envoy-upstream-service-time
1
server
envoy
content-length
0
sync
ads.servenobid.com/ Frame 6187
Redirect Chain
  • https://ups.analytics.yahoo.com/ups/58559/occ
  • https://ads.servenobid.com/sync?pid=337&uid=y-C7sD4utE2uEL7KkZ0eLoQPfscVlE_CPrw92EZNA-~A
0
366 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ads.servenobid.com/sync?pid=337&uid=y-C7sD4utE2uEL7KkZ0eLoQPfscVlE_CPrw92EZNA-~A
Requested by
Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol
H2
Server
52.215.175.9 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-215-175-9.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://public.servenobid.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 17:04:17 GMT
amp-access-control-allow-source-origin
*
content-type
image/avif;charset=ISO-8859-1
access-control-allow-origin
*
access-control-expose-headers
AMP-Access-Control-Allow-Source-Origin
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials
true
content-length
0

Redirect headers

location
https://ads.servenobid.com/sync?pid=337&uid=y-C7sD4utE2uEL7KkZ0eLoQPfscVlE_CPrw92EZNA-~A
date
Tue, 22 Mar 2022 17:04:17 GMT
server
ATS/9.1.0.33
age
0
content-length
0
strict-transport-security
max-age=31536000
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
dcm
s.amazon-adsystem.com/ Frame 6017
Redirect Chain
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YjoBjhvAXocsZHzZFRdRxwAABHEAAAAB
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YjoBjhvAXocsZHzZFRdRxwAABHEAAAAB&dcc=t
43 B
645 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YjoBjhvAXocsZHzZFRdRxwAABHEAAAAB&dcc=t
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D
Protocol
HTTP/1.1
Server
209.54.180.3 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 22 Mar 2022 17:04:18 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
843W6YKBEQ5MFVGDKZB8
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Tue, 22 Mar 2022 17:04:18 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
0BTBFGPP1KYD83YNS038
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YjoBjhvAXocsZHzZFRdRxwAABHEAAAAB&dcc=t
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Length
0
Expires
Thu, 01 Jan 1970 00:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame 6017 		170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=YjoBjhvAXocsZHzZFRdRxwAABHEAAAAB&gdpr_consent=&us_privacy=&gdpr=1
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 22 Mar 2022 17:04:18 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
casale
match.adsrvr.org/track/cmf/ Frame 6017 		70 B
264 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.adsrvr.org/track/cmf/casale?gdpr=1
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.223.40.198 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a6370ebea231e0c9a.awsglobalaccelerator.com
Software
/
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 22 Mar 2022 17:04:18 GMT
cache-control
private,no-cache, must-revalidate
x-aspnet-version
4.0.30319
content-type
image/gif
content-length
70
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
crum
dsum-sec.casalemedia.com/ Frame 6017
Redirect Chain
  • https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D&gdpr=1
  • https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=YjoBjhvAXocsZHzZFRdRxwAA
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEIeUElOF5gHpBtG1JBXzeqs&google_cver=1&gdpr=1
43 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEIeUElOF5gHpBtG1JBXzeqs&google_cver=1&gdpr=1
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D
Protocol
HTTP/1.1
Server
104.108.145.8 Berlin, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-108-145-8.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 22 Mar 2022 17:04:18 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Tue, 22 Mar 2022 17:04:18 GMT

Redirect headers

pragma
no-cache
date
Tue, 22 Mar 2022 17:04:18 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEIeUElOF5gHpBtG1JBXzeqs&google_cver=1&gdpr=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
325
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ibs:dpid=23728&dpuuid=YjoBjhvAXocsZHzZFRdRxwAA%261137
dpm.demdex.net/ Frame 6017 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dpm.demdex.net/ibs:dpid=23728&dpuuid=YjoBjhvAXocsZHzZFRdRxwAA%261137?gdpr_consent=&us_privacy=&gdpr=1
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.213.251.128 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-213-251-128.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers
crum
dsum-sec.casalemedia.com/ Frame 6017
Redirect Chain
  • https://sync.adotmob.com/cookie/indexexchange?r=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum%3Fcm_dsp_id%3D13%26external_user_id%3D%7bamob_user_id%7d%26expiration%3D%5bEXPIRATION%5d&gdpr=1
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=13&external_user_id=%7Bamob_user_id%7D&expiration=[EXPIRATION]&gdpr=1
43 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=13&external_user_id=%7Bamob_user_id%7D&expiration=[EXPIRATION]&gdpr=1
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D
Protocol
HTTP/1.1
Server
104.108.145.8 Berlin, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-108-145-8.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 22 Mar 2022 17:04:18 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Tue, 22 Mar 2022 17:04:18 GMT

Redirect headers

location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=13&external_user_id=%7Bamob_user_id%7D&expiration=[EXPIRATION]&gdpr=1
date
Tue, 22 Mar 2022 17:04:18 GMT
access-control-allow-credentials
true
x-powered-by
Express
content-length
0
vary
Origin
keep-alive
timeout=5
ix
ad4m.at/ad/sim/ Frame 6017 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ad4m.at/ad/sim/ix?gdpr=1
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:20::681a:ad1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers
crum
dsum-sec.casalemedia.com/ Frame 6017
Redirect Chain
  • https://d.adroll.com/cm/index/ssp?gdpr=1
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=105&external_user_id=0
43 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=105&external_user_id=0
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D
Protocol
HTTP/1.1
Server
104.108.145.8 Berlin, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-108-145-8.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 22 Mar 2022 17:04:18 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Tue, 22 Mar 2022 17:04:18 GMT

Redirect headers

location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=105&external_user_id=0
date
Tue, 22 Mar 2022 17:04:18 GMT
server
nginx/1.20.0
content-length
76
sync
ads.servenobid.com/ Frame 6017 		0
357 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ads.servenobid.com/sync?pid=333&uid=YjoBjhvAXocsZHzZFRdRxwAABHEAAAAB
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.215.175.9 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-215-175-9.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 17:04:18 GMT
amp-access-control-allow-source-origin
*
content-type
image/avif;charset=ISO-8859-1
access-control-allow-origin
*
access-control-expose-headers
AMP-Access-Control-Allow-Source-Origin
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials
true
content-length
0
sync
ads.servenobid.com/ Frame 9C02 		0
344 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ads.servenobid.com/sync?pid=317&uid=5594089479071981643&gdpr=0&gdpr_consent=
Requested by
Host: ssbsync.smartadserver.com
URL: https://ssbsync.smartadserver.com/api/sync?callerId=9&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D317%26uid%3D%24UID
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.215.175.9 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-215-175-9.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ssbsync.smartadserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 17:04:18 GMT
amp-access-control-allow-source-origin
*
content-type
image/avif;charset=ISO-8859-1
access-control-allow-origin
*
access-control-expose-headers
AMP-Access-Control-Allow-Source-Origin
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials
true
content-length
0
/
rtb-csync.smartadserver.com/redir/ Frame 9C02
Redirect Chain
  • https://c1.adform.net/serving/cookie/match?party=10&sspurl=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D22%26partneruserid%3DYOUR_USER_ID&gdpr=0&gdpr_consent=
  • https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=22&partneruserid=6967991161719458634&gdpr=0&gdpr_consent=
43 B
408 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=22&partneruserid=6967991161719458634&gdpr=0&gdpr_consent=
Requested by
Host: ssbsync.smartadserver.com
URL: https://ssbsync.smartadserver.com/api/sync?callerId=9&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D317%26uid%3D%24UID
Protocol
HTTP/1.1
Server
185.86.139.114 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software
/
Resource Hash
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ssbsync.smartadserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 22 Mar 2022 17:04:18 GMT
cache-control
no-cache,no-store
content-type
image/gif
transfer-encoding
chunked
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"

Redirect headers

pragma
no-cache
date
Tue, 22 Mar 2022 17:04:18 GMT
server
nginx
location
https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=22&partneruserid=6967991161719458634&gdpr=0&gdpr_consent=
access-control-max-age
86400
access-control-allow-methods
GET
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length
0
expires
-1
get_user_agent_id
cookie-matching.mediarithmics.com/v1/ Frame 9C02 		0
86 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cookie-matching.mediarithmics.com/v1/get_user_agent_id?dom_token=smart17&gdpr=0&gdpr_consent=
Requested by
Host: ssbsync.smartadserver.com
URL: https://ssbsync.smartadserver.com/api/sync?callerId=9&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D317%26uid%3D%24UID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
164.132.158.126 , France, ASN16276 (OVH, FR),
Reverse DNS
ip126.ip-164-132-158.eu
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63072000;includeSubDomains;preload

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ssbsync.smartadserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 17:04:18 GMT
strict-transport-security
max-age=63072000;includeSubDomains;preload
pixel
cm.g.doubleclick.net/ Frame 9C02
Redirect Chain
  • https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=134&partneruserid=OB_OK&redirurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dsmart_adserver_eb%26google_hm%3DSMART_USER_ID_...
  • https://cm.g.doubleclick.net/pixel?google_nid=smart_adserver_eb&google_hm=NTU5NDA4OTQ3OTA3MTk4MTY0Mw==&gdpr=0&gdpr_consent=
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=smart_adserver_eb&google_hm=NTU5NDA4OTQ3OTA3MTk4MTY0Mw==&gdpr=0&gdpr_consent=
Requested by
Host: ssbsync.smartadserver.com
URL: https://ssbsync.smartadserver.com/api/sync?callerId=9&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D317%26uid%3D%24UID
Protocol
H3
Server
142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ssbsync.smartadserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 22 Mar 2022 17:04:18 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location
https://cm.g.doubleclick.net/pixel?google_nid=smart_adserver_eb&google_hm=NTU5NDA4OTQ3OTA3MTk4MTY0Mw==&gdpr=0&gdpr_consent=
pragma
no-cache
date
Tue, 22 Mar 2022 17:04:18 GMT
cache-control
no-cache,no-store
content-length
0
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
/
rtb-csync.smartadserver.com/redir/ Frame 9C02
Redirect Chain
  • https://sync.1rx.io/usersync2/smartadserver?gdpr=0&gdpr_consent=
  • https://sync.1rx.io/usersync2/smartadserver?zcc=1&cb=1647968659189
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=949080090
  • https://sync.1rx.io/usersync/tradedesk/07efa453-0fe4-4bae-a09b-a199ca5ac1e1
  • https://sync.targeting.unrulymedia.com/csync/RX-c9a8738f-14ca-4706-9e6f-a9541f892c23-003?redir=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fpartnerid%3D113%26partneruserid%3DRX-c9a8738f-1...
  • https://rtb-csync.smartadserver.com/redir/?partnerid=113&partneruserid=RX-c9a8738f-14ca-4706-9e6f-a9541f892c23-003
43 B
163 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb-csync.smartadserver.com/redir/?partnerid=113&partneruserid=RX-c9a8738f-14ca-4706-9e6f-a9541f892c23-003
Requested by
Host: ssbsync.smartadserver.com
URL: https://ssbsync.smartadserver.com/api/sync?callerId=9&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D317%26uid%3D%24UID
Protocol
HTTP/1.1
Server
185.86.139.114 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software
/
Resource Hash
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ssbsync.smartadserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 17:04:19 GMT
transfer-encoding
chunked
content-type
image/gif

Redirect headers

location
https://rtb-csync.smartadserver.com/redir/?partnerid=113&partneruserid=RX-c9a8738f-14ca-4706-9e6f-a9541f892c23-003
date
Tue, 22 Mar 2022 17:04:20 GMT
server
Tengine
p3p
CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
etag
RXc9a8738f14ca47069e6fa9541f892c23003
content-type
text/html
usersync
rtb.gumgum.com/ Frame A085
Redirect Chain
  • https://secure.adnxs.com/getuid?https://rtb.gumgum.com/usersync?b=apn&i=$UID
  • https://rtb.gumgum.com/usersync?b=apn&i=2379099401653619541
35 B
208 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb.gumgum.com/usersync?b=apn&i=2379099401653619541
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
H2
Server
34.242.212.194 -, , ASN (),
Reverse DNS
Software
nginx /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 22 Mar 2022 17:04:18 GMT
server
nginx
content-type
image/gif;charset=UTF-8
cache-control
private, no-store, must-revalidate, max-age=0
timing-allow-origin
*
content-length
35
expires
0

Redirect headers

Pragma
no-cache
Date
Tue, 22 Mar 2022 17:04:18 GMT
X-Proxy-Origin
84.19.175.183; 84.19.175.183; 693.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid
f5ca680b-b761-4a30-a2b7-bb7c73ce7915
Server
nginx/1.21.3
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://rtb.gumgum.com/usersync?b=apn&i=2379099401653619541
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
usersync
rtb.gumgum.com/ Frame A085
Redirect Chain
  • https://x.bidswitch.net/sync?ssp=gumgum2&user_id=e_fae981dc-1825-4da6-a9c8-6bc11c7b2691&gdpr=0&gdpr_consent=&us_privacy=1---
  • https://c1.adform.net/serving/cookie/match/?party=24&bidswitch_ssp_id=gumgum2
  • https://x.bidswitch.net/sync?dsp_id=70&user_id=6967991161719458634&ssp=gumgum2
  • https://rtb.gumgum.com/usersync?b=bsw&i=ab840884-0966-41c1-9fc9-f763e140d9eb
35 B
209 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb.gumgum.com/usersync?b=bsw&i=ab840884-0966-41c1-9fc9-f763e140d9eb
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
H2
Server
34.242.212.194 -, , ASN (),
Reverse DNS
Software
nginx /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 22 Mar 2022 17:04:18 GMT
server
nginx
content-type
image/gif;charset=UTF-8
cache-control
private, no-store, must-revalidate, max-age=0
timing-allow-origin
*
content-length
35
expires
0

Redirect headers

Location
//rtb.gumgum.com/usersync?b=bsw&i=ab840884-0966-41c1-9fc9-f763e140d9eb
Date
Tue, 22 Mar 2022 17:04:18 GMT
Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Content-Length
0
cookie-sync
sync.outbrain.com/ Frame A085
Redirect Chain
  • https://sync.outbrain.com/redirectObuid?platformId=GUMGU18H7EL9NI653I7DPEH51&gdpr=0&gdprConsent=&platformRdUrl=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dobn%26i%3D%7BOB_UID%7D%26r%3D%7BobRdUrl%7D
  • https://rtb.gumgum.com/usersync?b=obn&i=ENC%28r0PELE_6hGDFPMd_VCH3T1jJA2mGMakaEEiAFWSRGpI6TNLlSas_x5uQyOYeVqHq%29&r=https%3A%2F%2Fsync.outbrain.com%2FsyncUser%3FplatformId%3D%7Bplatform_id%7D%26pla...
  • https://sync.outbrain.com/syncUser?platformId=GUMGU18H7EL9NI653I7DPEH51&platformUid=e_fae981dc-1825-4da6-a9c8-6bc11c7b2691&obuid=ENC(r0PELE_6hGDFPMd_VCH3T1jJA2mGMakaEEiAFWSRGpI6TNLlSas_x5uQyOYeVqHq)
  • https://sync.outbrain.com/syncPartner?platformId=GUMGU18H7EL9NI653I7DPEH51
  • https://ssum-sec.casalemedia.com/usermatchredir?s=193091&cb=https%3A%2F%2Fsync.outbrain.com%2Fcookie-sync%3Fp%3Dindxexcg%26uid%3D%24%7BUSER%7D%26obUid%3Dr0PELE_6hGDFPMd_VCH3T1jJA2mGMakaEEiAFWSRGpI6...
  • https://sync.outbrain.com/cookie-sync?p=indxexcg&uid=YjoBjhvAXocsZHzZFRdRxwAABHEAAAAB&obUid=r0PELE_6hGDFPMd_VCH3T1jJA2mGMakaEEiAFWSRGpI6TNLlSas_x5uQyOYeVqHq
0
307 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.outbrain.com/cookie-sync?p=indxexcg&uid=YjoBjhvAXocsZHzZFRdRxwAABHEAAAAB&obUid=r0PELE_6hGDFPMd_VCH3T1jJA2mGMakaEEiAFWSRGpI6TNLlSas_x5uQyOYeVqHq
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
HTTP/1.1
Server
64.202.112.63 -, , ASN (),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date
Tue, 22 Mar 2022 17:04:19 GMT
Cache-Control
no-cache
X-TraceId
70aa05f29bd7ced1df4e1432effe560d
Content-Length
0

Redirect headers

Pragma
no-cache
Date
Tue, 22 Mar 2022 17:04:19 GMT
Server
Apache
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location
https://sync.outbrain.com/cookie-sync?p=indxexcg&uid=YjoBjhvAXocsZHzZFRdRxwAABHEAAAAB&obUid=r0PELE_6hGDFPMd_VCH3T1jJA2mGMakaEEiAFWSRGpI6TNLlSas_x5uQyOYeVqHq
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
text/html; charset=iso-8859-1
Content-Length
348
Expires
Tue, 22 Mar 2022 17:04:19 GMT
usersync
rtb.gumgum.com/ Frame A085
Redirect Chain
  • https://us-u.openx.net/w/1.0/cm?_={CACHEBUSTER}&id=47f31213-389c-4904-aaa6-9b11aab9c211&gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dopx%26i%3D
  • https://rtb.gumgum.com/usersync?b=opx&i=8e1b3dfb-5bea-432a-8191-769d06ec6051
35 B
208 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb.gumgum.com/usersync?b=opx&i=8e1b3dfb-5bea-432a-8191-769d06ec6051
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
H2
Server
34.242.212.194 -, , ASN (),
Reverse DNS
Software
nginx /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 22 Mar 2022 17:04:18 GMT
server
nginx
content-type
image/gif;charset=UTF-8
cache-control
private, no-store, must-revalidate, max-age=0
timing-allow-origin
*
content-length
35
expires
0

Redirect headers

date
Tue, 22 Mar 2022 17:04:18 GMT
content-encoding
gzip
server
OXGW/17.2.1
vary
Accept, Accept-Encoding
p3p
CP="CUR ADM OUR NOR STA NID"
location
https://rtb.gumgum.com/usersync?b=opx&i=8e1b3dfb-5bea-432a-8191-769d06ec6051
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
via
1.1 google
usersync
rtb.gumgum.com/ Frame A085
Redirect Chain
  • https://sync.srv.stackadapt.com/sync?nid=1&gdpr=0&gdpr_consent=
  • https://rtb.gumgum.com/usersync?b=sta&i=0-4fe39024-a5a1-4592-6d33-51cfc501da41$ip$84.19.175.183
35 B
208 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb.gumgum.com/usersync?b=sta&i=0-4fe39024-a5a1-4592-6d33-51cfc501da41$ip$84.19.175.183
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
H2
Server
34.242.212.194 -, , ASN (),
Reverse DNS
Software
nginx /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 22 Mar 2022 17:04:18 GMT
server
nginx
content-type
image/gif;charset=UTF-8
cache-control
private, no-store, must-revalidate, max-age=0
timing-allow-origin
*
content-length
35
expires
0

Redirect headers

Location
https://rtb.gumgum.com/usersync?b=sta&i=0-4fe39024-a5a1-4592-6d33-51cfc501da41$ip$84.19.175.183
Date
Tue, 22 Mar 2022 17:04:18 GMT
Connection
keep-alive
Content-Length
122
Content-Type
text/html; charset=utf-8
usersync
rtb.gumgum.com/ Frame A085
Redirect Chain
  • https://pr-bh.ybp.yahoo.com/sync/gumgum?gdpr=0&gdpr_consent=
  • https://rtb.gumgum.com/usersync?b=oth&i=y-dPNuGjtE2pfFYHMogEb2FDt3ovuaW8eF1npt~A
35 B
208 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb.gumgum.com/usersync?b=oth&i=y-dPNuGjtE2pfFYHMogEb2FDt3ovuaW8eF1npt~A
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
H2
Server
34.242.212.194 -, , ASN (),
Reverse DNS
Software
nginx /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 22 Mar 2022 17:04:18 GMT
server
nginx
content-type
image/gif;charset=UTF-8
cache-control
private, no-store, must-revalidate, max-age=0
timing-allow-origin
*
content-length
35
expires
0

Redirect headers

date
Tue, 22 Mar 2022 17:04:18 GMT
referrer-policy
strict-origin-when-cross-origin
server
ATS
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security
max-age=31536000
location
https://rtb.gumgum.com/usersync?b=oth&i=y-dPNuGjtE2pfFYHMogEb2FDt3ovuaW8eF1npt~A
x-xss-protection
1; mode=block
content-length
0
x-content-type-options
nosniff
usersync
rtb.gumgum.com/ Frame A085
Redirect Chain
  • https://sync.ipredictive.com/d/sync/cookie/generic?partner=gumgum&cspid=9&append=1&cb=${ADELPHIC_CACHE_BUSTER}&gdpr=0&gdpr_consent=&us_privacy=1---&redirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%...
  • https://rtb.gumgum.com/usersync?b=vnt&i=1c65c1c7-aa02-11ec-b3ae-b9599d422bef
35 B
208 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb.gumgum.com/usersync?b=vnt&i=1c65c1c7-aa02-11ec-b3ae-b9599d422bef
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
H2
Server
34.242.212.194 -, , ASN (),
Reverse DNS
Software
nginx /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 22 Mar 2022 17:04:18 GMT
server
nginx
content-type
image/gif;charset=UTF-8
cache-control
private, no-store, must-revalidate, max-age=0
timing-allow-origin
*
content-length
35
expires
0

Redirect headers

Location
https://rtb.gumgum.com/usersync?b=vnt&i=1c65c1c7-aa02-11ec-b3ae-b9599d422bef
Date
Tue, 22 Mar 2022 17:04:17 GMT
Server
Apache-Coyote/1.1
Connection
keep-alive
Content-Length
0
X-CI-RTID
1c65c1c8-aa02-11ec-b3ae-b9599d422bef
services
sync.technoratimedia.com/ Frame A085 		0
293 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.technoratimedia.com/services?srv=cs&pid=65&us_privacy=1---&cb=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dsnc%26i%3D%5BUSER_ID%5D
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
150.136.156.92 -, , ASN (),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 17:04:18 GMT
via
1.1 varnish
server
nginx
age
0
access-control-allow-methods
POST,GET,HEAD,OPTIONS
x-varnish
619258580
access-control-allow-origin
https://g2.gumgum.com/
access-control-allow-credentials
true
142
match.deepintent.com/usersync/ Frame A085 		0
44 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.deepintent.com/usersync/142
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
38.91.45.7 -, , ASN (),
Reverse DNS
Software
a /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 17:04:17 GMT
content-length
0
server
a
usersync
rtb.gumgum.com/ Frame A085
Redirect Chain
  • https://b1sync.zemanta.com/usersync/gumgum/?puid=e_fae981dc-1825-4da6-a9c8-6bc11c7b2691&gdpr=0&gdpr_consent=&us_privacy=1---
  • https://stags.bluekai.com/site/23178?id=tviPBarB3vcFY4f7kAcY&redir=https%3A%2F%2Fb1sync.zemanta.com%2Fusersync%2Fbluekai%2Fcallback%2F%3Fd%3DNB2HI4DTHIXS64TUMIXGO5LNM52W2LTDN5WS65LTMVZHG6LOMM7WEPL2...
  • https://b1sync.zemanta.com/usersync/bluekai/callback/?d=NB2HI4DTHIXS64TUMIXGO5LNM52W2LTDN5WS65LTMVZHG6LOMM7WEPL2MVWSMZLYMNUGC3THMU6WO5LNM52W2JTHMRYHEPJQEZUT25DWNFIEEYLSIIZXMY2GLE2GMN3LIFRVSJTVONPXA...
  • https://rtb.gumgum.com/usersync?b=zem&gdpr=0&i=tviPBarB3vcFY4f7kAcY&us_privacy=1---
35 B
208 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb.gumgum.com/usersync?b=zem&gdpr=0&i=tviPBarB3vcFY4f7kAcY&us_privacy=1---
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
H2
Server
34.242.212.194 -, , ASN (),
Reverse DNS
Software
nginx /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 22 Mar 2022 17:04:18 GMT
server
nginx
content-type
image/gif;charset=UTF-8
cache-control
private, no-store, must-revalidate, max-age=0
timing-allow-origin
*
content-length
35
expires
0

Redirect headers

Pragma
no-cache
Date
Tue, 22 Mar 2022 17:04:18 GMT
P3p
CP="We do not support P3P header."
Location
https://rtb.gumgum.com/usersync?b=zem&gdpr=0&i=tviPBarB3vcFY4f7kAcY&us_privacy=1---
Cache-Control
no-cache, no-store, must-revalidate
Content-Type
text/html; charset=utf-8
Content-Length
118
Expires
Thu, 01 Dec 1994 16:00:00 GMT
usersync
usersync.gumgum.com/ Frame A085
Redirect Chain
  • https://ad.360yield.com/server_match?partner_id=N&r=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Didi%26i%3D%7BPUB_USER_ID%7D
  • https://ad.360yield.com/ul_cb/server_match?partner_id=N&r=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Didi%26i%3D%7BPUB_USER_ID%7D
  • https://usersync.gumgum.com/usersync?b=idi&i=17db3b66-1339-4242-99a7-779b82d2c20d
35 B
296 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://usersync.gumgum.com/usersync?b=idi&i=17db3b66-1339-4242-99a7-779b82d2c20d
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
HTTP/1.1
Server
54.216.63.116 -, , ASN (),
Reverse DNS
Software
envoy /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 22 Mar 2022 17:04:17 GMT
server
envoy
content-type
image/gif
cache-control
private, no-store, must-revalidate, max-age=0
x-envoy-upstream-service-time
4
x-region
ireland
content-length
35
expires
0

Redirect headers

location
https://usersync.gumgum.com/usersync?b=idi&i=17db3b66-1339-4242-99a7-779b82d2c20d
date
Tue, 22 Mar 2022 17:04:18 GMT
access-control-allow-origin
*
content-type
text/plain
content-length
0
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
usersync
rtb.gumgum.com/ Frame A085
Redirect Chain
  • https://sync.1rx.io/usersync2/floor6&gdpr=0&gdpr_consent=
  • https://sync.1rx.io/usersync2/floor6?zcc=1&cb=1647968658181
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=8869519110
  • https://sync.1rx.io/usersync/tradedesk/07efa453-0fe4-4bae-a09b-a199ca5ac1e1
  • https://sync.targeting.unrulymedia.com/csync/RX-d6bebc8d-0151-400f-b650-ff1591d8d401-003?redir=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Drhy%26i%3DRX-d6bebc8d-0151-400f-b650-ff1591d8d401-003
  • https://rtb.gumgum.com/usersync?b=rhy&i=RX-d6bebc8d-0151-400f-b650-ff1591d8d401-003
35 B
208 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb.gumgum.com/usersync?b=rhy&i=RX-d6bebc8d-0151-400f-b650-ff1591d8d401-003
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
H2
Server
34.242.212.194 -, , ASN (),
Reverse DNS
Software
nginx /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 22 Mar 2022 17:04:20 GMT
server
nginx
content-type
image/gif;charset=UTF-8
cache-control
private, no-store, must-revalidate, max-age=0
timing-allow-origin
*
content-length
35
expires
0

Redirect headers

location
https://rtb.gumgum.com/usersync?b=rhy&i=RX-d6bebc8d-0151-400f-b650-ff1591d8d401-003
date
Tue, 22 Mar 2022 17:04:20 GMT
server
Tengine
p3p
CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
etag
RXd6bebc8d0151400fb650ff1591d8d401003
content-type
text/html
usersync
rtb.gumgum.com/ Frame A085
Redirect Chain
  • https://bh.contextweb.com/bh/rtset?pid=558355&ev=1&rurl=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dpln%26i%3D%25%25VGUID%25%25
  • https://rtb.gumgum.com/usersync?b=pln&i=qrlaFNWFYcaU&ev=1&pid=558355
35 B
208 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb.gumgum.com/usersync?b=pln&i=qrlaFNWFYcaU&ev=1&pid=558355
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
H2
Server
34.242.212.194 -, , ASN (),
Reverse DNS
Software
nginx /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 22 Mar 2022 17:04:18 GMT
server
nginx
content-type
image/gif;charset=UTF-8
cache-control
private, no-store, must-revalidate, max-age=0
timing-allow-origin
*
content-length
35
expires
0

Redirect headers

strict-transport-security
max-age=15768000
server
Jetty(9.4.14.v20181114)
p3p
policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
content-language
de-DE
location
https://rtb.gumgum.com/usersync?b=pln&i=qrlaFNWFYcaU&ev=1&pid=558355
cache-control
private, max-age=0, no-cache, no-store
cw-server
bh-deployment-5c58d46c57-4fvgd
expires
-1
sync
ssbsync.smartadserver.com/api/ Frame A085 		0
75 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ssbsync.smartadserver.com/api/sync?callerId=15
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.86.137.121 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 17:04:17 GMT
content-length
0
sync
ads.servenobid.com/ Frame A085 		0
357 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ads.servenobid.com/sync?pid=309&uid=e_fae981dc-1825-4da6-a9c8-6bc11c7b2691
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.215.175.9 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-215-175-9.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 17:04:18 GMT
amp-access-control-allow-source-origin
*
content-type
image/avif;charset=ISO-8859-1
access-control-allow-origin
*
access-control-expose-headers
AMP-Access-Control-Allow-Source-Origin
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials
true
content-length
0
usersync
rtb.gumgum.com/ Frame 0D88
Redirect Chain
  • https://sync.mathtag.com/sync/img?mt_exid=71&gdpr=0&gdpr_consent=&redir=https%3a%2f%2frtb.gumgum.com%2fusersync%3fb%3dmmh%26i%3d%5bMM_UUID%5d
  • https://rtb.gumgum.com/usersync?b=mmh&i=47d7623a-018d-4801-97fb-bf20fad58601&gdpr=0&gdpr_consent=
35 B
208 B 		Document
General
Check archive.org
Download Go to
Full URL
https://rtb.gumgum.com/usersync?b=mmh&i=47d7623a-018d-4801-97fb-bf20fad58601&gdpr=0&gdpr_consent=
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.242.212.194 -, , ASN (),
Reverse DNS
Software
nginx /
Resource Hash
1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/

Response headers

date
Tue, 22 Mar 2022 17:04:18 GMT
content-type
image/gif;charset=UTF-8
content-length
35
server
nginx
cache-control
private, no-store, must-revalidate, max-age=0
expires
0
pragma
no-cache
timing-allow-origin
*

Redirect headers

Date
Tue, 22 Mar 2022 17:04:18 GMT
Content-Type
image/gif
Content-Length
0
Connection
keep-alive
Keep-Alive
timeout=360
Access-Control-Allow-Origin
*
Server
MT3 4267 dd20a5c master cdg-pixel-x3 config:1.0.0
Cache-Control
no-cache
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location
https://rtb.gumgum.com/usersync?b=mmh&i=47d7623a-018d-4801-97fb-bf20fad58601&gdpr=0&gdpr_consent=
Expires
Tue, 22 Mar 2022 17:04:17 GMT
usersync
usersync.gumgum.com/ Frame 0591
Redirect Chain
  • https://sync-tm.everesttech.net/upi/pid/URnmbSKM?redir=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Datm%26i%3D%24%7BTM_USER_ID%7D&gdpr=0&gdpr_consent=
  • https://usersync.gumgum.com/usersync?b=atm&i=YjoBiwAAAE9XUwP0&gdpr=0&gdpr_consent=
35 B
296 B 		Document
General
Check archive.org
Download Go to
Full URL
https://usersync.gumgum.com/usersync?b=atm&i=YjoBiwAAAE9XUwP0&gdpr=0&gdpr_consent=
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.216.63.116 -, , ASN (),
Reverse DNS
Software
envoy /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/

Response headers

cache-control
private, no-store, must-revalidate, max-age=0
expires
0
pragma
no-cache
content-type
image/gif
content-length
35
date
Tue, 22 Mar 2022 17:04:17 GMT
x-envoy-upstream-service-time
4
x-region
ireland
server
envoy

Redirect headers

server
Varnish
retry-after
0
location
https://usersync.gumgum.com/usersync?b=atm&i=YjoBiwAAAE9XUwP0&gdpr=0&gdpr_consent=
accept-ranges
bytes
date
Tue, 22 Mar 2022 17:04:18 GMT
via
1.1 varnish
x-served-by
cache-hhn4039-HHN
x-cache
HIT
x-cache-hits
0
x-timer
S1647968658.103206,VS0,VE0
cache-control
no-cache
pragma
no-cache
content-length
0
pixel
cm.g.doubleclick.net/ Frame A8B1 		170 B
188 B 		Document
General
Check archive.org
Download Go to
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=gumgum_dbm&google_hm=ZV9mYWU5ODFkYy0xODI1LTRkYTYtYTljOC02YmMxMWM3YjI2OTE=&gdpr=0&gdpr_consent=
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/

Response headers

content-type
image/png
date
Tue, 22 Mar 2022 17:04:18 GMT
pragma
no-cache
expires
Fri, 01 Jan 1990 00:00:00 GMT
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
server
HTTP server (unknown)
content-length
170
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 4C4D 		15 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=0&gdprConsent=
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.108.144.214 Berlin, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-108-144-214.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/

Response headers

last-modified
Tue, 01 Feb 2022 06:38:00 GMT
etag
"1300708-3de4-5d6ef246ef4cf"
server
Apache/2.2.15 (CentOS)
accept-ranges
bytes
content-encoding
gzip
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length
5549
content-type
text/html; charset=UTF-8
cache-control
max-age=101331
expires
Wed, 23 Mar 2022 21:13:09 GMT
date
Tue, 22 Mar 2022 17:04:18 GMT
vary
Accept-Encoding
/
ssc-cms.33across.com/ps/ Frame 1AA8 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://ssc-cms.33across.com/ps/?m=xch&rt=html&id=0013300001r0t9mAAA&ru=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dtta%26i%3D33XUSERID33X
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
67.202.105.24 -, , ASN (),
Reverse DNS
Software
33XP002 /
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/

Response headers

x-33x-status
2000208
server
33XP002
date
Tue, 22 Mar 2022 17:04:18 GMT
usersync
rtb.gumgum.com/ Frame E824
Redirect Chain
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=gumgum&ttd_tpi=1&gdpr=0&gdpr_consent=
  • https://rtb.gumgum.com/usersync?b=ttd&i=07efa453-0fe4-4bae-a09b-a199ca5ac1e1&t=1650560658
35 B
208 B 		Document
General
Check archive.org
Download Go to
Full URL
https://rtb.gumgum.com/usersync?b=ttd&i=07efa453-0fe4-4bae-a09b-a199ca5ac1e1&t=1650560658
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.242.212.194 -, , ASN (),
Reverse DNS
Software
nginx /
Resource Hash
1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/

Response headers

date
Tue, 22 Mar 2022 17:04:18 GMT
content-type
image/gif;charset=UTF-8
content-length
35
server
nginx
cache-control
private, no-store, must-revalidate, max-age=0
expires
0
pragma
no-cache
timing-allow-origin
*

Redirect headers

date
Tue, 22 Mar 2022 17:04:18 GMT
content-type
text/html
content-length
209
location
https://rtb.gumgum.com/usersync?b=ttd&i=07efa453-0fe4-4bae-a09b-a199ca5ac1e1&t=1650560658
cache-control
private,no-cache, must-revalidate
pragma
no-cache
x-aspnet-version
4.0.30319
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
usync.html
eus.rubiconproject.com/ Frame A54F
Redirect Chain
  • https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=gumgum
  • https://eus.rubiconproject.com/usync.html?p=gumgum
281 B
554 B 		Document
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.html?p=gumgum
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.37.42.132 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-37-42-132.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/

Response headers

Server
Apache/2.2.15 (CentOS)
Last-Modified
Tue, 14 Dec 2021 23:07:59 GMT
ETag
"402b2-119-5d32342a551c0"
Accept-Ranges
bytes
Content-Encoding
gzip
Content-Length
233
Content-Type
text/html; charset=UTF-8
Date
Tue, 22 Mar 2022 17:04:18 GMT
Connection
keep-alive
Vary
Accept-Encoding

Redirect headers

server
AkamaiGHost
content-length
0
location
https://eus.rubiconproject.com/usync.html?p=gumgum
date
Tue, 22 Mar 2022 17:04:18 GMT
access-control-allow-credentials
true
access-control-allow-origin
*
um
cs.emxdgt.com/ Frame 0B87 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://cs.emxdgt.com/um?redirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Demx%26i%3D%24UID
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.195.155.181 -, , ASN (),
Reverse DNS
Software
/
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/

Response headers

content-type
text/html
date
Tue, 22 Mar 2022 17:04:17 GMT
content-length
0
usersync
rtb.gumgum.com/ Frame 1E8B
Redirect Chain
  • https://tg.socdm.com/aux/idsync?proto=gumgum
  • https://rtb.gumgum.com/usersync?b=sus&i=YjoBksCo8X8AAPG0N0cAAAAA
35 B
208 B 		Document
General
Check archive.org
Download Go to
Full URL
https://rtb.gumgum.com/usersync?b=sus&i=YjoBksCo8X8AAPG0N0cAAAAA
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.242.212.194 -, , ASN (),
Reverse DNS
Software
nginx /
Resource Hash
1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/

Response headers

date
Tue, 22 Mar 2022 17:04:19 GMT
content-type
image/gif;charset=UTF-8
content-length
35
server
nginx
cache-control
private, no-store, must-revalidate, max-age=0
expires
0
pragma
no-cache
timing-allow-origin
*

Redirect headers

Server
nginx
Date
Tue, 22 Mar 2022 17:04:18 GMT
Content-Length
0
Connection
keep-alive
Cache-Control
private
Location
https://rtb.gumgum.com/usersync?b=sus&i=YjoBksCo8X8AAPG0N0cAAAAA
P3P
CP="See also http://www.scaleout.jp/privacy/"
X-SO-Ads-Time
2
X-SO-HostName
a-ad40325.dc2p.scaleout.jp
X-SO-LB-Hostname
m-tgng27.dc4p.scaleout.jp
X-SO-LB-Data
{"ban":false,"clean_query":"\/aux\/idsync?proto=gumgum","cluster_id":9,"gdpr":true,"ipv4":"0.0.0.0","key":"YjoBksCo8X8AAPG0N0cAAAAA","privacy_sensitive":true,"uid":"","upstream_id":"a-ad40325"}
X-SO-Key
YjoBksCo8X8AAPG0N0cAAAAA
X-SO-IP
84.19.175.183
X-SO-Cluster-ID
9
X-SO-Upstream-ID
a-ad40325
usersync
rtb.gumgum.com/ Frame E8D4
Redirect Chain
  • https://creativecdn.com/cm-notify?pi=gumgum
  • https://creativecdn.com/cm-notify?pi=gumgum&tc=1
  • https://rtb.gumgum.com/usersync?b=rth&i=STC3uhAydmuhAZQevQe1&pi=gumgum&tc=1
35 B
208 B 		Document
General
Check archive.org
Download Go to
Full URL
https://rtb.gumgum.com/usersync?b=rth&i=STC3uhAydmuhAZQevQe1&pi=gumgum&tc=1
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.242.212.194 -, , ASN (),
Reverse DNS
Software
nginx /
Resource Hash
1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/

Response headers

date
Tue, 22 Mar 2022 17:04:18 GMT
content-type
image/gif;charset=UTF-8
content-length
35
server
nginx
cache-control
private, no-store, must-revalidate, max-age=0
expires
0
pragma
no-cache
timing-allow-origin
*

Redirect headers

date
Tue, 22 Mar 2022 17:04:18 GMT Tue, 22 Mar 2022 17:04:18 GMT
location
https://rtb.gumgum.com/usersync?b=rth&i=STC3uhAydmuhAZQevQe1&pi=gumgum&tc=1
cache-control
no-cache, no-store, must-revalidate, private, max-age=0
pragma
no-cache
expires
Thu, 01 Jan 1970 00:00:00 GMT
content-length
0
um
cs.emxdgt.com/ Frame 84A0 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://cs.emxdgt.com/um?ssp=pbs&redirect=https%3A%2F%2Fe.serverbid.com%2Fudb%2F9969%2Fsync%2Fi.gif%3FpartnerId%3D44%26userId%3D%24UID
Requested by
Host: serverbid-sync.nyc3.cdn.digitaloceanspaces.com
URL: https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/2000891.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.195.155.181 -, , ASN (),
Reverse DNS
Software
/
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/

Response headers

content-type
text/html
date
Tue, 22 Mar 2022 17:04:17 GMT
content-length
0
usync.html
eus.rubiconproject.com/ Frame BFF5
Redirect Chain
  • https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=17632&endpoint=us-east
  • https://eus.rubiconproject.com/usync.html?p=17632&endpoint=us-east
281 B
410 B 		Document
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.html?p=17632&endpoint=us-east
Requested by
Host: serverbid-sync.nyc3.cdn.digitaloceanspaces.com
URL: https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/2000891.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.37.42.132 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-37-42-132.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/

Response headers

server
Apache/2.2.15 (CentOS)
last-modified
Tue, 14 Dec 2021 23:07:59 GMT
etag
"402b2-119-5d32342a551c0"
accept-ranges
bytes
content-encoding
gzip
content-length
233
content-type
text/html; charset=UTF-8
date
Tue, 22 Mar 2022 17:04:18 GMT
vary
Accept-Encoding

Redirect headers

server
AkamaiGHost
content-length
0
location
https://eus.rubiconproject.com/usync.html?p=17632&endpoint=us-east
date
Tue, 22 Mar 2022 17:04:18 GMT
access-control-allow-credentials
true
access-control-allow-origin
*
uc.html
go.sonobi.com/ Frame A812 		43 B
573 B 		Document
General
Check archive.org
Download Go to
Full URL
https://go.sonobi.com/uc.html?pubid=e55fb5d7c2
Requested by
Host: serverbid-sync.nyc3.cdn.digitaloceanspaces.com
URL: https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/2000891.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
178.162.133.148 -, , ASN (),
Reverse DNS
Software
sonobi-go /
Resource Hash
bcdf010ba3dc61605c33de9b33e7e76dbc3bb4326dcec49f33970345e517fb25
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/

Response headers

Date
Tue, 22 Mar 2022 17:04:18 GMT
Content-Type
text/html
Transfer-Encoding
chunked
Expires
Sat, 26 Jul 1997 05:00:00 GMT
Cache-Control
no-cache, no-store, private
P3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Pragma
no-cache
Tcn
Choice
Vary
negotiate,Accept-Encoding
X-Go-Server
go-ams-1-7-8
X-Xss-Protection
0
Content-Encoding
gzip
Server
sonobi-go
cm
gift-connect-d.openx.net/w/1.0/ Frame 82C2 		0
83 B 		Document
General
Check archive.org
Download Go to
Full URL
https://gift-connect-d.openx.net/w/1.0/cm?id=fd531c74-f5ed-4e60-8874-939fb2acafa1&r=https%3A%2F%2Fe.serverbid.com%2Fudb%2F9969%2Fsync%2Fi.gif%3FpartnerId%3D19%26userId%3D
Requested by
Host: serverbid-sync.nyc3.cdn.digitaloceanspaces.com
URL: https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/2000891.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/17.2.1 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/

Response headers

vary
Accept, Accept-Encoding
server
OXGW/17.2.1
date
Tue, 22 Mar 2022 17:04:18 GMT
content-type
text/html
content-length
20
content-encoding
gzip
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame A9B9 		15 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156319&userIdMacro=PM_UID&predirect=https%3A%2F%2Fe.serverbid.com%2Fudb%2F9969%2Fsync%2Fi.gif%3FpartnerId%3D4%26userId%3DPM_UID
Requested by
Host: serverbid-sync.nyc3.cdn.digitaloceanspaces.com
URL: https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/2000891.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.108.144.214 Berlin, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-108-144-214.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/

Response headers

last-modified
Tue, 01 Feb 2022 06:38:00 GMT
etag
"1300708-3de4-5d6ef246ef4cf"
server
Apache/2.2.15 (CentOS)
accept-ranges
bytes
content-encoding
gzip
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length
5549
content-type
text/html; charset=UTF-8
cache-control
max-age=101331
expires
Wed, 23 Mar 2022 21:13:09 GMT
date
Tue, 22 Mar 2022 17:04:18 GMT
vary
Accept-Encoding
i.gif
e.serverbid.com/udb/9969/sync/ Frame D696
Redirect Chain
  • https://ib.adnxs.com/getuid?https%3A%2F%2Fe.serverbid.com%2Fudb%2F9969%2Fsync%2Fi.gif%3FpartnerId%3D28%26userId%3D%24UID
  • https://e.serverbid.com/udb/9969/sync/i.gif?partnerId=28&userId=2379099401653619541
0
44 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://e.serverbid.com/udb/9969/sync/i.gif?partnerId=28&userId=2379099401653619541
Requested by
Host: serverbid-sync.nyc3.cdn.digitaloceanspaces.com
URL: https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/2000891.html
Protocol
H2
Server
134.209.129.254 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 17:04:18 GMT
content-length
0

Redirect headers

Pragma
no-cache
Date
Tue, 22 Mar 2022 17:04:18 GMT
X-Proxy-Origin
84.19.175.183; 84.19.175.183; 539.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid
35dbfc76-2b9e-48af-8f5b-b16786015747
Server
nginx/1.21.3
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://e.serverbid.com/udb/9969/sync/i.gif?partnerId=28&userId=2379099401653619541
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
i.gif
e.serverbid.com/udb/9969/sync/ Frame D696
Redirect Chain
  • https://ssum-sec.casalemedia.com/usermatchredir?s=185073&cb=https%3A%2F%2Fe.serverbid.com%2Fudb%2F9969%2Fsync%2Fi.gif%3FpartnerId%3D1%26userId%3D
  • https://e.serverbid.com/udb/9969/sync/i.gif?partnerId=1&userId=YjoBjhvAXocsZHzZFRdRxwAA%261137
0
44 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://e.serverbid.com/udb/9969/sync/i.gif?partnerId=1&userId=YjoBjhvAXocsZHzZFRdRxwAA%261137
Requested by
Host: serverbid-sync.nyc3.cdn.digitaloceanspaces.com
URL: https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/2000891.html
Protocol
H2
Server
134.209.129.254 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 17:04:18 GMT
content-length
0

Redirect headers

Pragma
no-cache
Date
Tue, 22 Mar 2022 17:04:18 GMT
Server
Apache
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location
https://e.serverbid.com/udb/9969/sync/i.gif?partnerId=1&userId=YjoBjhvAXocsZHzZFRdRxwAA%261137
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
text/html; charset=iso-8859-1
Content-Length
282
Expires
Tue, 22 Mar 2022 17:04:18 GMT
i.gif
e.serverbid.com/udb/9969/sync/ Frame D696
Redirect Chain
  • https://ap.lijit.com/pixel?redir=https%3A%2F%2Fe.serverbid.com%2Fudb%2F9969%2Fsync%2Fi.gif%3FpartnerId%3D24%26userId%3D%24UID
  • https://e.serverbid.com/udb/9969/sync/i.gif?partnerId=24&userId=ac980dfa20325f43a9edd625
0
44 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://e.serverbid.com/udb/9969/sync/i.gif?partnerId=24&userId=ac980dfa20325f43a9edd625
Requested by
Host: serverbid-sync.nyc3.cdn.digitaloceanspaces.com
URL: https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/2000891.html
Protocol
H2
Server
134.209.129.254 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 17:04:18 GMT
content-length
0

Redirect headers

Date
Tue, 22 Mar 2022 17:04:18 GMT
Access-Control-Allow-Origin
*
Access-Control-Allow-Methods
GET, POST, DELETE, PUT
Location
https://e.serverbid.com/udb/9969/sync/i.gif?partnerId=24&userId=ac980dfa20325f43a9edd625
Access-Control-Allow-Credentials
true
Connection
close
X-Sovrn-Pod
ad_ap7ams1
Access-Control-Allow-Headers
X-Requested-With, Content-Type
usa
sync.go.sonobi.com/ Frame D696 		0
478 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.go.sonobi.com/usa?https://e.serverbid.com/udb/9969/sync/i.gif?partnerId=38&userId=
Requested by
Host: serverbid-sync.nyc3.cdn.digitaloceanspaces.com
URL: https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/2000891.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
178.162.133.149 Rijswijk, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
ams-1-sync.go.sonobi.com
Software
sonobi-go /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 22 Mar 2022 17:04:18 GMT
Server
sonobi-go
Vary
negotiate,Accept-Encoding
X-Go-Server
xcp-ams-1-7-129
P3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control
no-cache, no-store, private
Tcn
Choice
Content-Type
text/plain; charset=utf8
Content-Length
0
X-Xss-Protection
0
Expires
Sat, 26 Jul 1997 05:00:00 GMT
i.gif
e.serverbid.com/udb/9969/sync/ Frame D696
Redirect Chain
  • https://pixel.advertising.com/ups/56621/occ
  • https://ups.analytics.yahoo.com/ups/56621/occ?apid=UP1aa28ddf-aa02-11ec-b5ae-065f72b997e2
  • https://e.serverbid.com/udb/9969/sync/i.gif?partnerId=29&userId=UP1aa28ddf-aa02-11ec-b5ae-065f72b997e2
0
44 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://e.serverbid.com/udb/9969/sync/i.gif?partnerId=29&userId=UP1aa28ddf-aa02-11ec-b5ae-065f72b997e2
Requested by
Host: serverbid-sync.nyc3.cdn.digitaloceanspaces.com
URL: https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/2000891.html
Protocol
H2
Server
134.209.129.254 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 17:04:17 GMT
content-length
0

Redirect headers

location
https://e.serverbid.com/udb/9969/sync/i.gif?partnerId=29&userId=UP1aa28ddf-aa02-11ec-b5ae-065f72b997e2
date
Tue, 22 Mar 2022 17:04:18 GMT
server
ATS/9.1.0.33
age
0
content-length
0
strict-transport-security
max-age=31536000
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
us.gif
sync.go.sonobi.com/ Frame D696
Redirect Chain
  • https://e.serverbid.com/udb/9969/match?redir=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dco%26nuid%3D
  • https://sync.go.sonobi.com/us.gif?nw=co&nuid=ue1-sb1-d02cc758-ed9a-41fe-afdc-553b2ab3763c
49 B
509 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.go.sonobi.com/us.gif?nw=co&nuid=ue1-sb1-d02cc758-ed9a-41fe-afdc-553b2ab3763c
Requested by
Host: serverbid-sync.nyc3.cdn.digitaloceanspaces.com
URL: https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/2000891.html
Protocol
HTTP/1.1
Server
178.162.133.149 Rijswijk, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
ams-1-sync.go.sonobi.com
Software
sonobi-go /
Resource Hash
8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 22 Mar 2022 17:04:18 GMT
Server
sonobi-go
Vary
negotiate,Accept-Encoding
X-Go-Server
xcp-ams-1-7-9
P3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control
no-cache, no-store, private
Tcn
Choice
Content-Type
image/gif
Content-Length
49
X-Xss-Protection
0
Expires
Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

location
https://sync.go.sonobi.com/us.gif?nw=co&nuid=ue1-sb1-d02cc758-ed9a-41fe-afdc-553b2ab3763c
cache-control
no-cache
content-length
0
56939
i6.liadm.com/s/ Frame D696
Redirect Chain
  • https://e.serverbid.com/udb/9969/match?redir=https%3A%2F%2Fi.liadm.com%2Fs%2F56939%3Fbidder_id%3D203802%26bidder_uuid%3D
  • https://i.liadm.com/s/56939?bidder_id=203802&bidder_uuid=ue1-sb1-d02cc758-ed9a-41fe-afdc-553b2ab3763c
  • https://i.liadm.com/s/56939?bidder_id=203802&bidder_uuid=ue1-sb1-d02cc758-ed9a-41fe-afdc-553b2ab3763c&_li_chk=true&previous_uuid=afac3f25786a4371914cefe83c2b36f6
  • https://i6.liadm.com/s/56939?bidder_id=203802&bidder_uuid=ue1-sb1-d02cc758-ed9a-41fe-afdc-553b2ab3763c
43 B
257 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i6.liadm.com/s/56939?bidder_id=203802&bidder_uuid=ue1-sb1-d02cc758-ed9a-41fe-afdc-553b2ab3763c
Requested by
Host: serverbid-sync.nyc3.cdn.digitaloceanspaces.com
URL: https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/2000891.html
Protocol
HTTP/1.1
Server
52.200.175.154 -, , ASN (),
Reverse DNS
Software
/
Resource Hash
caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date
Tue, 22 Mar 2022 17:04:19 GMT
Cache-Control
no-store
Connection
keep-alive
Content-Length
43
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Type
image/gif

Redirect headers

Location
https://i6.liadm.com/s/56939?bidder_id=203802&bidder_uuid=ue1-sb1-d02cc758-ed9a-41fe-afdc-553b2ab3763c
Date
Tue, 22 Mar 2022 17:04:18 GMT
Connection
keep-alive
Content-Length
0
Strict-Transport-Security
max-age=31536000; includeSubDomains
usync.js
eus.rubiconproject.com/ Frame A54F 		32 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.js
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=gumgum
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.37.42.132 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-37-42-132.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash
85fae6da7be6b2a4299638f9a7de6d7df6e1746186532465ef1c228faaf9a0bb

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/usync.html?p=gumgum
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 17:04:18 GMT
content-encoding
gzip
last-modified
Wed, 02 Mar 2022 16:27:58 GMT
server
Apache/2.2.15 (CentOS)
x-powered-by
PHP/5.3.3
vary
Accept-Encoding
p3p
CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
cache-control
max-age=60301
content-type
text/html; charset=UTF-8
content-length
9540
expires
Wed, 23 Mar 2022 09:49:19 GMT
st
capi-tier-2-us-east-2.connatix.com/tr/ Frame 71BB 		0
315 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://capi-tier-2-us-east-2.connatix.com/tr/st?v=155403
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.132.161.168 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-132-161-168.us-east-2.compute.amazonaws.com
Software
Kestrel /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type
multipart/form-data

Response headers

date
Tue, 22 Mar 2022 17:04:18 GMT
content-encoding
gzip
server
Kestrel
vary
Accept-Encoding
content-type
application/x-protobuf
access-control-allow-origin
https://threatpost.com
access-control-allow-credentials
true
Connection
keep-alive
Content-Length
20
usync.js
eus.rubiconproject.com/ Frame BFF5 		32 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.js
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=17632&endpoint=us-east
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.37.42.132 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-37-42-132.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash
85fae6da7be6b2a4299638f9a7de6d7df6e1746186532465ef1c228faaf9a0bb

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/usync.html?p=17632&endpoint=us-east
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 17:04:18 GMT
content-encoding
gzip
last-modified
Wed, 02 Mar 2022 16:27:58 GMT
server
Apache/2.2.15 (CentOS)
x-powered-by
PHP/5.3.3
vary
Accept-Encoding
p3p
CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
cache-control
max-age=60301
content-type
text/html; charset=UTF-8
content-length
9540
expires
Wed, 23 Mar 2022 09:49:19 GMT
async_usersync
ib.adnxs.com/ Frame E8B4 		0
743 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/async_usersync?cbfn=queuePixels
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
37.252.173.27 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
539.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://acdn.adnxs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 22 Mar 2022 17:04:18 GMT
X-Proxy-Origin
84.19.175.183; 84.19.175.183; 539.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid
ca70cc88-4362-4688-988b-408955dcb058
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
sync.php
pixel.rubiconproject.com/exchange/ Frame A54F 		0
239 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.rubiconproject.com/exchange/sync.php?p=gumgum&khaos=L12DZHRU-O-7JRV
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
69.173.144.165 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost
704c1e4d3fcc922a3031d436b584678b
Content-Type
image/gif
sync.php
pixel-us-east.rubiconproject.com/exchange/ Frame BFF5 		0
239 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel-us-east.rubiconproject.com/exchange/sync.php?p=17632&khaos=L12DZHRU-O-7JRV
Requested by
Host: serverbid-sync.nyc3.cdn.digitaloceanspaces.com
URL: https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/2000891.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
69.173.151.100 -, , ASN (),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost
8eb2d9eeed9b9c468975d0ba24565e5b
Content-Type
image/gif
/
track.adform.net/serving/unload/ Frame 7808 		35 B
478 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://track.adform.net/serving/unload/?version=15&unload=6967991161719458634@@53432684,3785602919272453367,0|0|0|0|0|0|0|0|0||0|1|||||1|0|0|DNzSe2Y7fjFcPlakbYq96WvXvFMPZKVdkWUunfc0RlY61QbRYWd_4PL_QlhaeLlf0|||11||0
Requested by
Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.3.28 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://hal900028.redintelligence.net/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Tue, 22 Mar 2022 17:04:20 GMT
server
nginx
access-control-max-age
86400
access-control-allow-methods
GET, POST
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
https://hal900028.redintelligence.net
cache-control
no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
access-control-allow-headers
Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
expires
-1

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
cm.g.doubleclick.net
URL
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YjoBjhvAXocsZHzZFRdRxwAABHEAAAAB&google_cver=1&google_push=AYg5qPJaNyee3Gbro3hWe3rxAeY_g9aiOaNd6qSYKZKa_r120C_KakrbQVRLsNcyiWEmgHPCPMy2iRwiJOE-xZ_qXNO9FiSTB44&google_gid=CAESEJkLEZtPw0tnVRew374L2V4
Domain
cm.g.doubleclick.net
URL
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YjoBjhvAXocsZHzZFRdRxwAABHEAAAAB&google_push=AYg5qPITHwFX3NOrCFpN9ZaqPh4_9Q9OeK3BXlr0RGh07x5-4_9M9e-kQ7Nh-z0D6lSY24W3-MWd9HWbqN6Rad7-h57Su3kVyE6o&google_gid=CAESEJkLEZtPw0tnVRew374L2V4&google_cver=1
Domain
sync.1rx.io
URL
https://sync.1rx.io/usersync/tradedesk/07efa453-0fe4-4bae-a09b-a199ca5ac1e1

Verdicts & Comments Add Verdict or Comment

421 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| 6 object| 7 object| 8 object| 9 object| 10 object| 11 object| 12 object| 13 object| 14 object| 15 object| 16 object| 17 object| 18 object| 19 object| 20 object| 21 object| 22 object| 23 object| 24 object| 25 function| structuredClone object| oncontextlost object| oncontextrestored object| gform string| gAMP_urlhost string| gAMP_urlpath string| gAMP_urlquery string| gAMP_contentid string| gAMP_category string| gAMP_contenttags number| kPrebidTimeout number| kRefreshPollTime number| gRefreshCount number| gOXRefreshCount boolean| gRefreshDebug boolean| gPrebidDebug boolean| gTrackVisibility boolean| gLazyLoad boolean| gTrackPageVisibility number| k30SecondRefreshInterval number| k60SecondRefreshInterval number| k90SecondRefreshInterval number| k120SecondRefreshInterval number| k180SecondRefreshInterval number| k999SecondRefreshInterval number| kDoNotRefresh number| kDefaultRefreshInterval object| gSChainNodes undefined| gGDPR_forceLocale boolean| gGDPR_silentNoConsent boolean| gGDPR_forceNoConsent object| gGDPR_NonTCFVendors string| gGDPR_publisherCountryCode string| gGDPR_logoURL string| gGDPR_privacyPolicyURL string| kAmazonPublisherID object| ad728x90ATF object| ad300x250ATF object| ad300x250ATF2 object| ad728x90ATFTAB object| ad728x90STICKY object| ad300x250ATFTAB object| ad300x250ATF2TAB object| ad320x50ATF object| ad300x250ATFM object| ad300x250ATF2M object| ad2x2skin object| adGoogleAdXInterstitial number| gBrowserWidth object| desktopAdUnits object| tabletAdUnits object| mobileAdUnits object| gAllSlotData number| gAllSlotCount function| _0x2484c2 object| gRefreshSlots object| gRefreshIDs object| gRefreshTimes object| gRefreshIntervals object| gThisRefreshIDs object| gThisRefreshSlots boolean| gInitialLoad object| gIntersectionObserver object| gPBJSTimeoutTimer object| gAmazonSlots object| gAmazonBids boolean| gAmazonBidsBack boolean| gPrebidBidsBack object| googletag object| pbjs function| _0x47b6 boolean| gHasGDPRCMP object| gGDPRTCData function| amp_getBidsForAllChannels function| amp_dumpBids function| amp_dumpWins function| amp_dumpTable function| amp_getBestBids function| sendAdserverRequest function| _0x4815 function| checkIfAllBidsBack function| amazonBidsBack function| pbjsBidsBack function| bidsTimeout function| scheduleConsentUpdates function| sendBidRequests function| doSendBidRequests function| amp_refreshAllSlots function| amp_refreshSlots function| refreshAdSlots function| attachCloseBoxSVG function| configureAdSlot function| getCookie object| apstag function| cnx function| $ function| jQuery object| gdprDynamicStrings object| gdprStrings object| kss object| sNew object| s0 object| dataLayer boolean| jQueryMigrateHelperHasSentDowngrade object| cnx_usr_storage function| __uspapi function| __uspOpenUI object| ni5VaJ2 function| ni5VaJ3 object| xop object| FontAwesomeConfig object| ___FONT_AWESOME___ function| __tcfapi object| __cmpAPI object| __GVL object| __cmpTCModel function| __cmpOpenUI function| pbjsChunk object| _pbjsGlobals object| ADAGIO string| nobidVersion object| nobid object| ___grecaptcha_cfg object| grecaptcha string| __recaptcha_api boolean| __google_recaptcha_client object| ggeac object| google_js_reporting_queue object| MZ1D6o2 function| MZ1D6o3 function| xblocker boolean| apstagLOADED object| m6vwUy function| m6vwUE function| xblacklist object| google_tag_manager function| postscribe object| google_tag_manager_external boolean| creativeVendorLibraryLoaded object| kasperskyDynamicaReCaptchaData object| jQuery1124007198104769749003 object| kaspersky object| prmOm object| omPlatformsSettings function| trackKLReferrer function| trackTrialSubmit function| trackFraud function| getFilename function| trackFile function| trackTrial function| trackTrialKMS function| trackPU function| trackPU2 function| trackDoc function| trackBeta function| trackDBUpdate function| trackDRFile function| trackLink function| trackCountrySelector function| trackLRC function| trackIPP function| trackPage function| trackLRCFallback function| trackMaxymiser function| trackAuditories function| trackCroSegment function| trackCta function| trackDownload function| trackEvent function| trackExit function| trackForm function| trackGoToPayment function| trackChangePaymentMethod function| trackLena function| trackMarketLincGroup function| trackMarketLincVisitor function| trackPageView function| trackPageViewOnLoad function| trackPartnerLocatorSearchEvent function| trackProductView function| trackRegistration function| trackSaleButton function| trackSignin function| trackSignIn function| trackUpsellPage function| omSetContext function| omSetOmnitureParameters function| omChooseCookieDomain function| omGetAbsoluteUrl function| omGetBusinessType function| omGetGoogleAnalyticsClientId function| omGetHostName function| omGetOrigin function| omGetPageNameFromPath function| omGetQueryParam function| omReadCookie function| omRemoveAllUrlParameters function| omRemoveAllUrlParametersForDownloads function| omRemoveUrlParameter function| omRemoveCookie function| omSafeParseJson function| omSetCookie function| omSetInp function| removeHashFromString function| omPushEventToDataLayer function| omCreateEventParamsObj function| omPushTrackingObjectToDataLayer function| omPrepareProductsString function| omHandleClick function| omHandleMessage function| e object| sng object| s object| visitorConfigObj function| AppMeasurement function| s_gi function| s_pgicq object| adobe function| Visitor object| s_c_il number| s_c_in object| _uxa number| s_objectID number| s_giq object| player_instance_70f9cf2d318b4ec6ba155d895e8f94d3 object| cnxEnfStorage function| cnxsetTimeout function| cnxsetInterval object| cnxPlugins object| recaptcha undefined| google_measure_js_timing object| google_reactive_ads_global_state object| google_tag_data string| GoogleAnalyticsObject function| ga object| _qevents function| twq object| runtime object| regeneratorRuntime function| setImmediate function| clearImmediate object| wp object| PublisherCommonId function| sprintf function| vsprintf object| gform_i18n object| gf_global object| gf_legacy_multi object| gf_legacy object| ID5 number| google_global_correlator object| gaplugins object| gaGlobal object| gaData function| gtag function| onYouTubeIframeAPIReady object| twttr function| quantserve function| __qc object| ezt object| _qoptions function| qtrack function| cnxProxyTask function| announceAJAXValidationErrors function| gformBindFormatPricingFields function| Currency function| gformCleanNumber function| gformGetDecimalSeparator function| gformIsNumber function| gformIsNumeric function| gformDeleteUploadedFile object| _gformPriceFields undefined| _anyProductSelected function| gformIsHidden function| gformCalculateTotalPrice function| gformUpdateTotalFieldPrice function| gformGetShippingPrice function| gformGetFieldId function| gformCalculateProductPrice function| gformGetProductQuantity function| gformIsProductSelected function| gformGetBasePrice function| gformFormatMoney function| gformFormatPricingField function| gformToNumber function| gformGetPriceDifference function| gformGetOptionLabel function| gformGetProductIds function| gformGetPrice function| gformRoundPrice function| gformRegisterPriceField function| gformInitPriceFields function| gformShowPasswordStrength function| gformPasswordStrength function| gformToggleShowPassword function| gformToggleCheckboxes function| gformToggleRadioOther function| gformAddListItem function| gformDeleteListItem function| gformAdjustClasses function| gformAdjustRowAttributes function| gformToggleIcons function| gformAddRepeaterItem function| gformDeleteRepeaterItem function| gformResetRepeaterAttributes function| gformToggleRepeaterButtons function| gformMatchCard function| gformFindCardType function| gformToggleCreditCard function| gformInitChosenFields function| gformInitCurrencyFormatFields function| GFMergeTag function| GFCalc undefined| __gf_keyup_timeout function| gformFormatNumber function| getMatchGroups function| gf_get_field_number_format function| gformValidateFileSize function| gformInitSpinner function| gformAddSpinner function| gformReInitTinymceInstance function| gf_raw_input_change function| gf_get_input_id_by_html_id function| gf_get_form_id_by_html_id function| gf_get_ids_by_html_id function| gf_input_change function| gformExtractFieldId function| gformExtractInputIndex function| rgars function| rgar function| HandleUnsavedChanges function| renderRecaptcha function| gformIsRecaptchaPending object| gfMultiFileUploader undefined| __gf_timeout_handle function| gf_apply_rules function| gf_check_field_rule function| gf_get_field_logic function| gf_apply_field_rule function| gf_get_field_action function| gf_is_match function| gf_is_match_checkable function| gf_is_checkable_empty function| gf_is_match_default function| gf_format_number function| gf_try_convert_float function| gf_matches_operation function| gf_get_value function| gf_do_field_action function| gf_do_next_button_action function| gf_do_action function| gf_reset_to_default function| gf_is_hidden_pricing_input object| Placeholders object| gf_form_conditional_logic string| gf_number_format function| do_callback object| sas object| apntag object| _ADAGIO string| main_loc object| in_domain object| locale_out undefined| url_path_start_latam undefined| locale_out_latam string| firstPart undefined| locale object| url_path_start undefined| domain_loc function| getSelector function| getLargestLayoutShiftEntry function| getLargestLayoutShiftSource function| wasFIDBeforeDCL function| getDebugInfo function| getRating function| calculateRating function| sendToDataLayer function| SetCookie string| newCookieValue string| _linkedin_data_partner_id object| googleToken object| googleIMState function| processGoogleToken number| google_unique_id function| lintrk boolean| _already_called_lintrk object| GoogleGcLKhOms object| webVitals object| s_i_kaspersky-single-suite object| ONFOCUS object| closure_lm_666996 object| google_ad_modifications object| google_prev_clients object| google_image_requests function| cnxAddEventListener

114 Cookies

Domain/Path Name / Value
.3lift.com/sync Name: sync
Value: CgoIoQEQ28HYlPsvCgoIgQIQ28HYlPsvCgoI4gEQ28HYlPsvCgoI5gEQ28HYlPsvCgoIhwIQ28HYlPsvCgkICRDbwdiU-y8KCQg6ENvB2JT7LwoJCAsQ28HYlPsvCgoIjAIQ28HYlPsvCgkIXxDbwdiU-y8=
.t.co/ Name: muc
Value: bfc1dad3-6230-492e-afd8-52f2a9536ef8
.bit.ly/ Name: _bit
Value: m2mh49-f97fbf13fe5d8caae9-00R
.threatpost.com/ Name: _cs_mk
Value: 0.1021273963315894_1647968651359
.demdex.net/ Name: demdex
Value: 16727263815370216312414514698637638910
threatpost.com/ Name: _pbjs_userid_consent_data
Value: 6683316680106290
.threatpost.com/ Name: AMCVS_983502BE532960BE0A490D4C%40AdobeOrg
Value: 1
.everesttech.net/ Name: everest_g_v2
Value: g_surferid~YjoBiwAAAE9XUwP0
.threatpost.com/ Name: _gid
Value: GA1.2.2089365594.1647968652
.threatpost.com/ Name: _gat_UA-35676203-21
Value: 1
.lijit.com/ Name: ljtrtb
Value: eJyrrgUAAXUA%2BQ%3D%3D
.lijit.com/ Name: ljt_reader
Value: ac980dfa20325f43a9edd625
.dpm.demdex.net/ Name: dpm
Value: 16727263815370216312414514698637638910
.rubiconproject.com/ Name: khaos
Value: L12DZHRU-O-7JRV
.rubiconproject.com/ Name: audit
Value: 1|hLZGFuTafB0+99u85awAkubASkO6QPb7E03ikE5KqM0RhTFoERi5ffJdEminl8OPazGDAnZkjgciW6Q58jarRAvAG15loFpV9ffqWu8FjBY=
e.serverbid.com/ Name: azk
Value: ue1-sb1-d02cc758-ed9a-41fe-afdc-553b2ab3763c
.t.co/ Name: muc_ads
Value: 7af44bae-6a18-4c27-9a0d-16cadb11c0c0
.openx.net/ Name: i
Value: aa8aa6d2-da78-448b-bc3c-ae98aa9b52ea|1647968651
.threatpost.com/ Name: AMCV_983502BE532960BE0A490D4C%40AdobeOrg
Value: 1585540135%7CMCIDTS%7C19074%7CMCMID%7C18319297477328161013447771584748901028%7CMCAAMLH-1648573451%7C6%7CMCAAMB-1648573451%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1647975851s%7CNONE%7CMCAID%7CNONE%7CMCSYNCSOP%7C411-19081%7CvVersion%7C4.4.0
.twitter.com/ Name: personalization_id
Value: "v1_pq+biLZ83C8D9QF9bcyd2w=="
.threatpost.com/ Name: _pubcid
Value: 8c46dcb1-a3f5-432d-9bd7-8037f979c723
.quantserve.com/ Name: mc
Value: 623a018c-5fa77-faac6-3fc68
.threatpost.com/ Name: __qca
Value: P0-1193366930-1647968652376
.threatpost.com/ Name: _gat_UA-63997723-2
Value: 1
threatpost.com/ Name: CookieConsent
Value: {stamp:1011150112=='|Cnecessary:true|Cpreferences:true|Cstatistics:true|Cmarketing:true|Cver:1|Cutc:1410363575|Cregion:'not_gdpr'}
.adnxs.com/ Name: icu
Value: ChgIzLJhEAoYASABKAEwjIPokQY4AUABSAEQjIPokQYYAA..
.adnxs.com/ Name: uuid2
Value: 2379099401653619541
.threatpost.com/ Name: _gcl_au
Value: 1.1.2004574560.1647968653
prebid.a-mo.net/ Name: __amc
Value: 1_1647968652_1647968652
threatpost.com/ Name: usprivacy
Value: 1---
.threatpost.com/ Name: _ga_YP1JLG57CH
Value: GS1.1.1647968652.1.0.1647968652.0
.threatpost.com/ Name: _ga
Value: GA1.1.1089484159.1647968652
.threatpost.com/ Name: s_cc
Value: true
.linkedin.com/ Name: UserMatchHistory
Value: AQKIRPS-pEG_4wAAAX-ylg3jr9kEE6Qd5ExHietStLBVr0OKBcisK5OUpPLGj9mH6qx3P-b1KWA1pw
.linkedin.com/ Name: AnalyticsSyncHistory
Value: AQIaDNqNIA7esgAAAX-ylg3j-ESNzU7Nig2nQGx12XLjc3JIT66FHm0-EC8bHH7xL3PkG5bJ7iJaZajBIOIbqw
.ads.linkedin.com/ Name: lang
Value: v=2&lang=en-us
.linkedin.com/ Name: bcookie
Value: "v=2&5abdef2e-5bc4-4538-8a23-a6f3bf398b52"
.linkedin.com/ Name: lidc
Value: "b=OGST06:s=O:r=O:a=O:p=O:g=2354:u=1:x=1:i=1647968652:t=1648055052:v=2:sig=AQEYzcU5jm5AjJOrN8Lc1JqC5ZbUxa4f"
.linkedin.com/ Name: lang
Value: v=2&lang=de-de
.www.linkedin.com/ Name: bscookie
Value: "v=1&202203221704124d982c99-fd01-4fb6-8de8-cb02163c27d6AQFrd-2wSeETNLv1p1q_P4g8uUWEGfKC"
.linkedin.com/ Name: li_gc
Value: MTswOzE2NDc5Njg2NTI7MjswMjFiSDj5Sa1zizjBiH+AjjKpIEwZhahaqfyDFNQCy1wKSw==
.threatpost.com/ Name: __gads
Value: ID=ac77f1cb2d51f312-225019dc63cd000d:T=1647968652:S=ALNI_MZVNcYYVU4ajyVYWPxLX0ExSRNsaQ
.doubleclick.net/ Name: IDE
Value: AHWqTUnpxppbW4HJ6DAXcuB4DYLTM09cHuNhKldqX5nLKwL0emlss4yuxJy4uoLE67I
.mathtag.com/ Name: uuid
Value: 47d7623a-018d-4801-97fb-bf20fad58601
.redintelligence.net/ Name: 8lcfmzhxc8d6_uid
Value: 13b918f3c4e6c332
.adform.net/ Name: C
Value: 1
.rlcdn.com/ Name: rlas3
Value: SIsF4uo4OaTSvorryI1VxztnjiWGNUlUyfxkSAwywyk=
.rlcdn.com/ Name: pxrc
Value: CI6D6JEGEgUI6AcQABIGCOndKhAA
.casalemedia.com/ Name: CMID
Value: YjoBjhvAXocsZHzZFRdRxwAA
.casalemedia.com/ Name: CMPS
Value: 3194
.casalemedia.com/ Name: CMPRO
Value: 1137
.agkn.com/ Name: ab
Value: 0001%3AlqM6zBvBvtDHTMCXHB7vM2ntu9rB6aSy
.agkn.com/ Name: u
Value: C|0CEApzL4OKcy-DgAAAAAAAQ13AQCAAQpAAAAAAA
.adform.net/ Name: uid
Value: 6967991161719458634
.adform.net/ Name: TPC
Value: 1647968654633
.pubmatic.com/ Name: KTPCACOOKIE
Value: YES
.awin1.com/ Name: awpv14363
Value: 412871|1647968654|1a518790-aa02-11ec-a39e-223476ecdc8f
.awin1.com/ Name: AWSESS
Value: 359541:2480620
.pubmatic.com/ Name: KADUSERCOOKIE
Value: 9E506267-3CF4-42DE-A8D6-0FA91E9F4090
.amazon-adsystem.com/ Name: ad-privacy
Value: 0
.amazon-adsystem.com/ Name: ad-id
Value: A_ygaS2ZXkd2i6gGZjmVJuc
.o2online.de/ Name: nscT485
Value: v01MTQyMTExMzExMTExMTExMTEwMTQyMTY3MDAwMDAwMDA2MTY0Nzk2ODY1NXZsZWExZGUyMDIyMDMyMjE4MDQxNTY2MDQ5Njc2MTE3WDExNzY3OVYxMjI2MTMyNzAyTVNvbmVpZFBKNEhCZkViYUp3NEM5SGpIYnRNdFBQeHVaVDlUa0dDcG9uZWlkX19hc3VpZE5oYkhTak11dlk5ZTBJbTA5UmJWc2VuMTdGeXVVOHlmYXN1aWRfX3N1aXRlX05ldG1peF9SZWFjaDQzX1RvcFJvdGFNb250aDExNzY3OQ
.o2online.de/ Name: nscQ485
Value: V
.o2online.de/ Name: webShopPV
Value: ?partnerId=O2_AFF_POV_EXA_15008&mediacode=AFF_la_117679_-HTLP&utm_term=AFF_la_117679_-HTLP&utm_content=O2_AFF_POV_EXA_15008&spid=2022032218041566049676117X117679V1226132702MSoneidPJ4HBfEbaJw4C9HjHbtMtPPxuZT9TkGCponeid__asuidNhbHSjMuvY9e0Im09RbVsen17FyuU8yfasuid__suite_Netmix_Reach43_TopRotaMonth&wfid=117679&affiliateId=v01MTQyMTExMzExMTExMTExMTEwMTQyMTY3MDAwMDAwMDA2MTY0Nzk2ODY1NXZsZWExZGUyMDIyMDMyMjE4MDQxNTY2MDQ5Njc2MTE3WDExNzY3OVYxMjI2MTMyNzAyT
.blau.de/ Name: nscT486
Value: v01MTQyMTExMzExMTExMTExMTEwMTQyMTY4MDAwMDAwMDA2MTY0Nzk2ODY1NXZsZWExZGUyMDIyMDMyMjE4MDQxNTY2MDQ5Njc2MTExWDExNzY2M1YxMjI1MTMxMTA2TVNvbmVpZHBWRVUxZjhnZm1neDZha0g0SG10enRRUUtoZ1RSVDEyVUVvbmVpZF9fYXN1aWROaGJIU2pNdXZZOWUwSW0wOVJiVnNlbjE3Rnl1VTh5ZmFzdWlkX19zdWl0ZV9OZXRtaXhfUmVhY2g0M19Ub3BSb3RhTW9udGgxMTc2NjM
.blau.de/ Name: nscQ486
Value: V
.blau.de/ Name: webShopPV
Value: ?partnerId=BLU_AFF_POV_EXA_35008&mediacode=AFF_la_117663_-HTLP&utm_term=AFF_la_117663_-HTLP&utm_content=BLU_AFF_POV_EXA_35008&spid=2022032218041566049676111X117663V1225131106MSoneidpVEU1f8gfmgx6akH4HmtztQQKhgTRT12UEoneid__asuidNhbHSjMuvY9e0Im09RbVsen17FyuU8yfasuid__suite_Netmix_Reach43_TopRotaMonth&wfid=117663
.adsrvr.org/ Name: TDID
Value: 07efa453-0fe4-4bae-a09b-a199ca5ac1e1
.advertising.com/ Name: APID
Value: UP1aa28ddf-aa02-11ec-b5ae-065f72b997e2
.quantserve.com/ Name: d
Value: ECEBDwHcJYEPisMA
.yahoo.com/ Name: A3
Value: d=AQABBI8BOmICEIoG-6X3yF3FBBOEb37ZcO0FEgEBAQFTO2JDYgAAAAAA_eMAAA&S=AQAAArDFp-StLxkQMxuuB_dzUmQ
.threatpost.com/ Name: cto_bundle
Value: VCciFl85dmVEaVdndyUyRjhUeFdJaXA1WEVselZOSnJMJTJGbmdpM05UV0xBOTRiSTdoWVRuMVRTWVZRTGdOJTJGS2NPblMzJTJCS2FadUZhWXEza0YxNGhkc1NRbWl6elFxS2tJT1JjQnlScEt4c3FsNnpzVERVZ05yMFZkdFRDbEQyMmF5RkUyZXRZ
.threatpost.com/ Name: cto_bidid
Value: iShgvF9CJTJGQU9Ea3RFUGZ4ZEJpTDVaOG54bzZIakE5WjRUdjd3alk4YnZzV0UxMGpiQkwlMkZZWE5OOHd1eUhOQ04zQmxmZnJta2VYTkNHWVlGRDFTM25BTFFqYkElM0QlM0Q
.openx.net/ Name: pd
Value: v2|1647968655.2|kiiygevNgun0.gqsLommOnsgi
.3lift.com/ Name: tluid
Value: 2957084612798566898816
.bidswitch.net/ Name: tuuid
Value: ab840884-0966-41c1-9fc9-f763e140d9eb
.bidswitch.net/ Name: c
Value: 1647968657
.bidswitch.net/ Name: tuuid_lu
Value: 1647968657
.w55c.net/ Name: wfivefivec
Value: G0YYzYXu1NwHVD5
.bing.com/ Name: MUID
Value: 2B9D3E72F838626720472F1DF9536324
.w55c.net/ Name: matchopenx
Value: 5
.servenobid.com/ Name: pid_312
Value: 2379099401653619541
.servenobid.com/ Name: pid_337
Value: y-C7sD4utE2uEL7KkZ0eLoQPfscVlE_CPrw92EZNA-~A
.lijit.com/ Name: _ljtrtb_273657
Value: 273657
.a-mo.net/ Name: amuid2
Value: 2b2f22e0-0f66-4031-8737-2f4fc4a7d227
.smartadserver.com/ Name: pid
Value: 5594089479071981643
.gumgum.com/ Name: vst
Value: e_fae981dc-1825-4da6-a9c8-6bc11c7b2691
.servenobid.com/ Name: pid_310
Value: ac980dfa20325f43a9edd625
.rfihub.com/ Name: eud
Value: H4sIAAAAAAAAADslzmtoZmJuaWZhZmphYGwMABApZIoQAAAA
.rfihub.com/ Name: ruds
Value: H4sIAAAAAAAAAOMSNjU0sDA1tTQ3MrIwMjM0sbQwMxLiM9QNSUozCXF3LPMPDvAAAJj2-kslAAAA
.rfihub.com/ Name: rud
Value: H4sIAAAAAAAAAOMSNjU0sDA1tTQ3MrIwMjM0sbQwMxLiM9QNSUozCXF3LPMPDvCQ4jU0MzG3NLMwM7UwMDYGAKUqsP40AAAA
.servenobid.com/ Name: pid_327
Value: 2b2f22e0-0f66-4031-8737-2f4fc4a7d227
.servenobid.com/ Name: pid_333
Value: YjoBjhvAXocsZHzZFRdRxwAABHEAAAAB
.servenobid.com/ Name: pid_317
Value: 5594089479071981643
.servenobid.com/ Name: pid_324
Value: 5108559722826149862
.servenobid.com/ Name: pid_309
Value: e_fae981dc-1825-4da6-a9c8-6bc11c7b2691
.adsrvr.org/ Name: TDCPM
Value: CAEYASABKAIyCwj8k-q3l4zGOhAFOAFaBmd1bWd1bWAC
.analytics.yahoo.com/ Name: IDSYNC
Value: "1776~23wh:187s~23wh:196n~23wh:17ot~23wh"
.casalemedia.com/ Name: CMST
Value: YjoBjmI6AZIA
.zemanta.com/ Name: zuid
Value: tviPBarB3vcFY4f7kAcY
.smartadserver.com/ Name: csync
Value: 134:OB_OK
.360yield.com/ Name: tuuid
Value: 17db3b66-1339-4242-99a7-779b82d2c20d
.360yield.com/ Name: tuuid_lu
Value: 1647968658
.creativecdn.com/ Name: u
Value: STC3uhAydmuhAZQevQe1
.creativecdn.com/ Name: ts
Value: 1647968658
.go.sonobi.com/ Name: HAPLB5G
Value: s578|YjoBl
.technoratimedia.com/ Name: tads_uid
Value: GDPR
.outbrain.com/ Name: obuid
Value: e8739d82-76dd-4681-887a-40e7e20beb4f
.casalemedia.com/ Name: CMRUM3
Value: 69623a019105a0&e6623a01912760&f1623a019105a0&2d623a01922760CAESEIeUElOF5gHpBtG1JBXzeqs&27623a01910b40&05623a019105a0&da623a01912760
sync.srv.stackadapt.com/ Name: sa-user-id
Value: s%3A0-128d67ff-a8de-46bc-7e85-c7c4dae501fe.xxRgpzrNwM4X907wvj31tJbeN3pmj7VyQcITNjgH5Q0
.srv.stackadapt.com/ Name: sa-user-id-v2
Value: s%3AEo1n_6jeRrx-hcfE2uUB_lQTr7c.I0hl6drqk78JQSG%2BBF4mbxyCwYuMbxj6h%2FwCGDm7Pms
.ipredictive.com/ Name: cu
Value: 1c65c1c7-aa02-11ec-b3ae-b9599d422bef|1647968658473
.1rx.io/ Name: _rxuuid
Value: %7B%22rx_uuid%22%3A%22RX-e58fe6de-869a-4b38-99b1-f485e38bb1c8-003%22%2C%22zdxidn%22%3A%222069.26%22%2C%22nxtrdr%22%3A%22https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D321%26uid%3D%5BRX_UUID%5D%22%7D
bh.contextweb.com/ Name: INGRESSCOOKIE
Value: 488f382362cb9621

26 Console Messages

Source Level URL
Text
other warning URL: https://www.googletagmanager.com/gtag/js?id=DC-9582686(Line 40)
Message:
Unrecognized feature: 'attribution-reporting'.
security error URL: https://qd.admetricspro.com/js/threatpost/uspcmp.js(Line 7)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://threatpost.com') does not match the recipient window's origin ('https://eus.rubiconproject.com').
security error URL: https://qd.admetricspro.com/js/threatpost/uspcmp.js(Line 7)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://threatpost.com') does not match the recipient window's origin ('https://hal900028.redintelligence.net').
network error URL: https://id.rlcdn.com/709414.gif?gdpr=0
Message:
Failed to load resource: the server responded with a status of 451 ()
network error URL: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YjoBjhvAXocsZHzZFRdRxwAABHEAAAAB&google_cver=1&google_push=AYg5qPJaNyee3Gbro3hWe3rxAeY_g9aiOaNd6qSYKZKa_r120C_KakrbQVRLsNcyiWEmgHPCPMy2iRwiJOE-xZ_qXNO9FiSTB44&google_gid=CAESEJkLEZtPw0tnVRew374L2V4
Message:
Failed to load resource: net::ERR_TOO_MANY_REDIRECTS
network error URL: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YjoBjhvAXocsZHzZFRdRxwAABHEAAAAB&google_push=AYg5qPITHwFX3NOrCFpN9ZaqPh4_9Q9OeK3BXlr0RGh07x5-4_9M9e-kQ7Nh-z0D6lSY24W3-MWd9HWbqN6Rad7-h57Su3kVyE6o&google_gid=CAESEJkLEZtPw0tnVRew374L2V4&google_cver=1
Message:
Failed to load resource: net::ERR_TOO_MANY_REDIRECTS
security error URL: https://qd.admetricspro.com/js/threatpost/uspcmp.js(Line 7)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://threatpost.com') does not match the recipient window's origin ('https://js-sec.indexww.com').
security error URL: https://qd.admetricspro.com/js/threatpost/uspcmp.js(Line 7)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://threatpost.com') does not match the recipient window's origin ('https://js-sec.indexww.com').
security error URL: https://qd.admetricspro.com/js/threatpost/uspcmp.js(Line 7)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://threatpost.com') does not match the recipient window's origin ('https://ads.pubmatic.com').
security error URL: https://qd.admetricspro.com/js/threatpost/uspcmp.js(Line 7)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://threatpost.com') does not match the recipient window's origin ('https://ads.pubmatic.com').
security error URL: https://qd.admetricspro.com/js/threatpost/uspcmp.js(Line 7)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://threatpost.com') does not match the recipient window's origin ('https://js-sec.indexww.com').
security error URL: https://qd.admetricspro.com/js/threatpost/uspcmp.js(Line 7)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://threatpost.com') does not match the recipient window's origin ('https://ads.pubmatic.com').
security error URL: https://qd.admetricspro.com/js/threatpost/uspcmp.js(Line 7)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://threatpost.com') does not match the recipient window's origin ('https://ads.pubmatic.com').
security error URL: https://qd.admetricspro.com/js/threatpost/uspcmp.js(Line 7)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://threatpost.com') does not match the recipient window's origin ('https://ads.pubmatic.com').
security error URL: https://qd.admetricspro.com/js/threatpost/uspcmp.js(Line 7)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://threatpost.com') does not match the recipient window's origin ('https://eus.rubiconproject.com').
security error URL: https://qd.admetricspro.com/js/threatpost/uspcmp.js(Line 7)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://threatpost.com') does not match the recipient window's origin ('https://eus.rubiconproject.com').
javascript warning URL: https://threatpost.com/microsoft-exchange-exploited-cuba-ransomware/178665/?es_id=3416c12156
Message:
The resource https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-500italic-webfont.woff2 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript warning URL: https://threatpost.com/microsoft-exchange-exploited-cuba-ransomware/178665/?es_id=3416c12156
Message:
The resource https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-900-webfont.woff2 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript warning URL: https://threatpost.com/microsoft-exchange-exploited-cuba-ransomware/178665/?es_id=3416c12156
Message:
The resource https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-100italic-webfont.woff2 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript warning URL: https://threatpost.com/microsoft-exchange-exploited-cuba-ransomware/178665/?es_id=3416c12156
Message:
The resource https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-700-webfont.woff2 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript warning URL: https://threatpost.com/microsoft-exchange-exploited-cuba-ransomware/178665/?es_id=3416c12156
Message:
The resource https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-700italic-webfont.woff2 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript warning URL: https://threatpost.com/microsoft-exchange-exploited-cuba-ransomware/178665/?es_id=3416c12156
Message:
The resource https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-500-webfont.woff2 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript warning URL: https://threatpost.com/microsoft-exchange-exploited-cuba-ransomware/178665/?es_id=3416c12156
Message:
The resource https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-100-webfont.woff2 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript warning URL: https://threatpost.com/microsoft-exchange-exploited-cuba-ransomware/178665/?es_id=3416c12156
Message:
The resource https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-900italic-webfont.woff2 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript warning URL: https://threatpost.com/microsoft-exchange-exploited-cuba-ransomware/178665/?es_id=3416c12156
Message:
The resource https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-300italic-webfont.woff2 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript warning URL: https://threatpost.com/microsoft-exchange-exploited-cuba-ransomware/178665/?es_id=3416c12156
Message:
The resource https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-300-webfont.woff2 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=0
X-Xss-Protection 0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

048a6f26d92405f83648b837c96f4fc2.safeframe.googlesyndication.com
9582686.fls.doubleclick.net
aax-eu.amazon-adsystem.com
acdn.adnxs.com
ad.360yield.com
ad4m.at
ads.adaptv.advertising.com
ads.eu.criteo.com
ads.pubmatic.com
ads.servenobid.com
adservice.google.com
adservice.google.de
analytics.twitter.com
ap.lijit.com
as.ad4m.at
assets.ad4m.at
assets.threatpost.com
b1sync.zemanta.com
beacon-fra2.rubiconproject.com
bh.contextweb.com
bit.ly
btlr.sharethrough.com
c.amazon-adsystem.com
c.bing.com
c1.adform.net
c2shb.ssp.yahoo.com
capi-tier-2-us-east-2.connatix.com
capi.connatix.com
cat.nl.eu.criteo.com
cd.connatix.com
cdn.contentspread.net
cdn.id5-sync.com
cds.connatix.com
ce.lijit.com
cm.everesttech.net
cm.g.doubleclick.net
cms.quantserve.com
cookie-matching.mediarithmics.com
creativecdn.com
cs.emxdgt.com
csm.eu.criteo.net
d.adroll.com
d.agkn.com
dpm.demdex.net
dsum-sec.casalemedia.com
e.serverbid.com
eb2.3lift.com
eu-u.openx.net
eus.rubiconproject.com
fastlane.rubiconproject.com
g2.gumgum.com
geo.ipify.org
gift-connect-d.openx.net
go.sonobi.com
googleads.g.doubleclick.net
gum.criteo.com
hal9000.redintelligence.net
hal900028.redintelligence.net
hbopenbid.pubmatic.com
htlb.casalemedia.com
i.liadm.com
i6.liadm.com
ib.adnxs.com
id.rlcdn.com
id5-sync.com
image6.pubmatic.com
imasdk.googleapis.com
img.connatix.com
js-sec.indexww.com
kaspersky.d3.sc.omtrdc.net
kaspersky.demdex.net
kasperskycontenthub.com
lit.connatix.com
match.adsrvr.org
match.deepintent.com
match.prod.bidr.io
media.kaspersky.com
media.threatpost.com
mp.4dex.io
mug.criteo.com
onetag-sys.com
p.rfihub.com
pagead2.googlesyndication.com
partner.blau.de
partner.googleadservices.com
partner.o2online.de
pix.eu.criteo.net
pixel-us-east.rubiconproject.com
pixel.33across.com
pixel.advertising.com
pixel.everesttech.net
pixel.mathtag.com
pixel.quantserve.com
pixel.rubiconproject.com
pm.w55c.net
pr-bh.ybp.yahoo.com
prebid.a-mo.net
prod-rtb.ad4mat.net
public.servenobid.com
px.ads.linkedin.com
px4.ads.linkedin.com
qd.admetricspro.com
rtb-csync.smartadserver.com
rtb.gumgum.com
rtb.nl.eu.criteo.com
rtb.openx.net
rules.quantcount.com
s.amazon-adsystem.com
s0.2mdn.net
s1.adform.net
script.4dex.io
secure-assets.rubiconproject.com
secure.adnxs.com
secure.cdn.fastclick.net
secure.quantserve.com
securepubads.g.doubleclick.net
serverbid-sync.nyc3.cdn.digitaloceanspaces.com
snap.licdn.com
ssbsync.smartadserver.com
ssc-cms.33across.com
ssum-sec.casalemedia.com
stags.bluekai.com
static-de.ad4mat.net
static.ads-twitter.com
static.criteo.net
stats.g.doubleclick.net
sync-tm.everesttech.net
sync.1rx.io
sync.adotmob.com
sync.go.sonobi.com
sync.ipredictive.com
sync.mathtag.com
sync.outbrain.com
sync.serverbid.com
sync.srv.stackadapt.com
sync.targeting.unrulymedia.com
sync.technoratimedia.com
t.co
tag.1rx.io
tagan.adlightning.com
tags.mathtag.com
teachingaids-d.openx.net
tg.socdm.com
threatpost.com
tlx.3lift.com
token.rubiconproject.com
tpc.googlesyndication.com
track.adform.net
u.openx.net
unpkg.com
ups.analytics.yahoo.com
us-u.openx.net
usersync.gumgum.com
vid.connatix.com
www.awin1.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
www.lead-alliance.net
www.linkedin.com
www.telefonica-partner.de
x.bidswitch.net
cm.g.doubleclick.net
sync.1rx.io
104.108.144.200
104.108.144.214
104.108.145.8
104.111.219.144
104.111.239.217
104.244.42.131
104.244.42.5
104.90.192.27
108.128.215.255
124.146.215.50
13.107.43.14
13.248.245.213
134.209.129.254
138.201.63.165
142.250.181.226
142.250.185.130
142.250.185.230
145.40.89.200
15.188.95.229
150.136.156.92
151.101.130.137
151.101.194.137
151.101.2.49
164.132.158.126
165.227.252.242
178.162.133.148
178.162.133.149
178.250.0.157
178.250.0.162
178.250.2.135
178.250.2.148
18.156.195.47
18.159.83.65
18.184.198.122
18.184.26.136
18.195.155.181
18.195.201.245
18.195.249.59
18.66.109.174
18.66.139.84
185.183.112.148
185.184.8.65
185.29.132.242
185.29.134.244
185.64.189.112
185.85.15.31
185.86.137.121
185.86.139.114
192.82.242.209
193.0.160.128
199.232.136.157
2.18.233.201
205.185.216.42
209.54.180.3
213.19.147.42
213.19.147.44
216.52.2.19
216.52.2.39
23.37.38.181
23.37.42.132
2600:1901:0:76b9::
2600:9000:2250:f600:2:9275:3d40:93a1
2600:9000:2490:9000:0:5c46:4f40:93a1
2600:9000:2491:c00:6:44e3:f8c0:93a1
2602:803:c004:200::143
2602:803:c004:200::153
2606:4700:20::681a:71b
2606:4700:20::681a:ad1
2606:4700:20::ac43:4a81
2606:4700:20::ac43:4bf1
2606:4700:3031::6815:456d
2606:4700::6810:7aaf
2606:4700::6812:372
2620:116:800d:21:3175:5196:e3fd:8c1d
2620:1ec:21::14
2620:1ec:48::44
2620:1ec:c11::200
2a00:1450:4001:802::2002
2a00:1450:4001:808::2001
2a00:1450:4001:810::2002
2a00:1450:4001:812::2003
2a00:1450:4001:827::2003
2a00:1450:4001:828::2006
2a00:1450:4001:829::200a
2a00:1450:4001:829::200e
2a00:1450:4001:82a::2001
2a00:1450:4001:82b::2002
2a00:1450:4001:82f::2004
2a00:1450:4001:830::2002
2a00:1450:4001:831::2002
2a00:1450:4001:831::2008
2a00:1450:400c:c06::9c
2a02:2638:1::2
2a02:2638:1::3
2a02:2638:1::4
2a02:2638::1c
2a02:26f0:fb::5f65:58e0
2a05:d018:d29:3605:a6cd:bbc5:ba08:db41
3.124.87.92
3.126.56.137
3.132.161.168
34.242.212.194
34.248.191.66
34.250.158.219
34.98.64.218
35.173.160.135
35.227.252.103
35.244.174.68
37.157.2.249
37.157.3.28
37.157.6.246
37.252.172.45
37.252.173.27
38.91.45.7
46.105.202.126
46.4.41.145
51.195.5.232
51.89.9.251
52.200.175.154
52.213.251.128
52.215.175.9
52.223.40.198
52.29.1.115
52.49.96.153
52.95.126.160
54.159.94.231
54.171.186.191
54.216.63.116
54.234.50.35
54.72.57.179
54.87.192.123
64.140.160.2
64.202.112.63
67.199.248.10
67.202.105.24
69.173.144.138
69.173.144.165
69.173.151.100
70.42.32.159
74.214.196.131
78.46.85.162
79.125.50.68
84.200.5.215
85.114.131.234
88.99.165.19
000534b93b673a9f7011852121ebf219825ee163bc363e325cd186701ae8c2ea
0256c89fb00aecc8c1bab11c37e26c4d0d3a1b421b19f1301f439bc262f65687
038fc4d49a9191d416d49841f371b6e0b06bb40f719124099d40fe8f393b9e2c
03cc687f0c8a2d1694e509b91fcd6c62c0fbdbdbdb850b8007b8052f649c7f77
03d9ae825dfa61ceff2101d4833b51d5ac5945416608781bbf77611f52808593
0442de55e3838ce2b8cfca9a7ad2a6bcecfd94844453c13b38d7a9f1d31944b9
0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5
05978957c6c8b028f2785dc77271c286bfac76e30b7bcd7e835c2927fbe897cf
05a58707d25ec9885faf81f026410f37d3757c0689d56b7ec1fc8b2f9cffb9d1
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
06fc565587b8b700936a1677218cb269a6cc31ca5f701eb45461e86a3d54d5c7
084885652dacd1b70a7979e7631caa6fe5985a5c1b872c28dd890d9ea39cec3d
0849eef021b381cb3f64d424bdd29839513dbb4e964aef0420136906426a18de
095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6
0a76f8e1e50098918d8f52e400ae8d4b3ead04416b1e2d9d4931125f360ebbf4
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0bdedf4de67a788512b33af8e500efd5405c93774e2a6675826141539e177902
0bfedb04af9d9d5a5b3854e8d0b725055afc75cbd354233154419aabfef86182
0ce5fc08d0f617e71e1d61bcd79fc7cc1855f4221945b0c09ac774685fe7f52c
107f31a9de321ef2dd1d88de16784e0c1b7f9e7172673c1b7048491142028345
109d746955fb2197e3107d5f7adefa3b07f9ffe5e039ef7344e8d60f73e44b33
1519e74bee985af48ce5e93e81b74e7093d6051c716833ed06264abbbdef89c2
159f3212e66e8f9ccb7d370ce7d1ce25d0db48d443fd05b3c8dba01bbca41da2
1791bf831c158912a11ca40bcf5f3573fc54ec8f8343c37780dab679c0203d63
17aee1fe3d7d16e647b97f568230c2ff36c1855ce35ce930c26aec5d2c58eaf4
186248360142bef9529bc39ba77ee731901f8205fd07b71130be0b6ecc57d5ea
18723c0affc96643eb764a47d0beb6f0b00028759cac15d69b9b480ba8756866
18869b437725dc8f2fb681c69779c0842803f75d9ea3c3ade5f8adbe180368a3
1a269646d629d1fd1ceb7a14b095140b058d573222ceea941042fa2342de9b4a
1ae61ed61290f9bf2619f52667aafa622c805072c75765025f0b61a23862005f
1aeb3ee07f4b462935c5d8047ff038c8e279d75f9be1dcd0b848ba68223a3ee2
1b4a069b868106f39da94ddf6d6d2c8304b0110a70b97e5c747d30d43038b3ca
1cd58a827318c4a29b32a0db15c8c39d5651b42d8cad227519ad81bce4adb944
1d5a65e5129df0b4c89e73f205c6cb89cba0cd1d8e21a1512ca76b769634052d
1e8faae2a140d61541f0a6ab2f253a981e56ce2d03ab8c90e7fcc70398bb1921
1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4
1f3d8b57f69b73694c38ba6bbf8ddc46c8a5e52db401795fa8ab80643e14236d
22c90613db09ef65c964b143e6adbe584b42eae85c9b7a75fa27c22b25cccb90
231e1618b08aae5d9d5b3f092f085e33febe7384f7af9045be5b2249537a8998
25aeecc916b32c01cf4d37c7de9b6f9438f5e6cb67b97c33c7893cbbc719880c
28a8168af946fb062e331a3f3848657243206a4060a841dd6a69afd3a49d79c0
2a647d79b31b4b19f30c795aac862bcf5b424731c732e239775127b8ac4aae0a
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
2de77164bb9924542e1dea4ee4a0ff27d40b51a3d7939dac7db11a95045c9b7d
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
2e3e31715f10527d0363b739d9da4c196cad279ba07ef9fba7230d3f0c17f7c2
2eeaed1b310e214596abec926291c1a41c6333ddaeac312886fc0b5930d71f0e
305b314447da6ffa4a2e1c102e41ac656be7b329d07eb49abb3eb70aac5f0a8e
313b821140699df9c1e7a43f1edbead2997932711913dbcb2eb72821b48888af
3179fba77f2b1d3278dc0545cb2aabef1953c6224e2bcf5f49dd2927b15ee451
3373dca69883fd4d5298c955d822359a23e9c3658b63e06b483e251c10024f21
36d48b0e122a1698e9501ed19b684dbc79d0e754d3ce390183d9f21433fb82eb
37a31642af0a7fe695ed0fd68a06a55af44e854d083dc7f5d0e70535f0189ae0
39af7c1116fb967a330e8770f775e6b5ee871add01ed45c98a1634911cebfb0a
3a09ed3cebf7bca4c4bdfd98a02b1a4f52de2e1358c4ce912ccfca58bf2e3473
3bb2621a4c0c710f6e78404473aebff8e115a28f8d53f44339b867c63ad93b26
3d0bf782b47dcd079eedf6bb34ecb0742c114a4e4b90e37a58a412482101b475
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd
3ef5bfd224e0baa902eb88c94979cfaeccf2169a996c601fa3de4c3f3b33da01
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390
3fedf49c8893615a7660b7c258f8dcb34e730c1b63e251d3c97b30bac9367fb7
41a65d5276c8d1b2c5f16f1a833a45e0a4882516f806938c340b6a93fb7a25bf
41f047950d4db7e04d250ebe65613aaaf482546a855d9321d1536ecb8ab6cccf
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
45ddc09b0ad6ab916bd9a0282070b161045e186fc025303f4aa1aa821fc45ac7
4658e1122a2190db712f6731d3e8c14b027f0a42bd7c1333b11d272f8e9ea3fd
4823c011e4b4cb4b7f35ced3ab09d57215ee243676d9bfcc24d10ec77d3db398
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
48f684b1c6a0f325b1267cc4eaa3deb616fee0fa45bb860ee8901a45010dfaa3
4d4138094a66166c74f098ef434d802977ae5edcfdc1817917681e27fc245604
4d52f37b83f70c5035632548c652508d793eec55e17f2ac19552f4fa19d323be
4da3e3aa30b5b06390d7e7e3fcfb16d648909eb429d161c2748bd6d79a7ec5fb
4df2735a9ad88a85c6ad203d1f1a2e677797e28afb4b4b4e540a32a6435db8da
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4e0b5563ff1fc5175d65e11e1546bee1945486d65d76c9248bdd77487532dadf
500288356853c7199a27a6a2cdcd14b217d18dd9c8103272d8e6def6acbe2580
5042f25c3eb1530880fa3b05325462c028492caf22141409999cdd7e6364b8ba
50604a203baaf1edd1b3d350c630499075965d87e6d6887728bab43b100b3713
506d565f94cecbb486394c545a96e8459217f8d045496b511e8c815142abfc70
5088414f9c14d5edb1807485a06097481409917ea4d1415edef8bdfbfbb3053d
519815bc4a3dd9a571cb56f57c7c6abfbda2b4e2de8c4b884a7535a1705438f2
52423131f99541e0a3cf300f660d657022ac546469ac4c6301ea91abf915a4c7
52cac1193a3683e35353723a38e01a9bcc0c5f9bf2be42d29c96905527c7923d
546be401414bcb20cdea07cdbcd806409b9629e4895737e214401948c40409f3
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
54a9e419219bd73c62f2a4bf2b8e33242551b41837fab5fa239992b39d4cfaad
5572b134dbd94f6c9a2a848ec54441904efbbe567c902610c7d83803d847aafa
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
586d278cacddc631e76c607d451977f7be7ec1186b890a153ba403ad0b36ada6
5a7ed822968963e31d88424c96387ad9f4fd4f4b5a5b581a33f65e3784d162cf
5d5cf5a4a5b7c02915bc261dca0c755d29beda0c0c3a005c78c1682c9934bb3c
5dac1435bece8d11aac3600f01f8c4493a33efe86f9222649e1d18702200f1e3
5eeedf9055f9efab9127642b4c44135be9f404caa7ce08e51a5ea734dfd28828
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
62cbf085d014439b719c84c3d2f3222fde66e299c2da1b41dfc4dbb315db0456
6466791cf754e6da0d9d565e7bac368c4b3f769c50e9217e9fdd2f51ee64cc96
6493fe707262fb8d9bc0e4d487e319fc9ebe7de26ebe7e3b4f58a5d17f03a9ea
6633839a8fbf35935ae2364c63926d1978a4aca90130cba35cc0f9b9bbf5a7fb
68026f99511fbc5c2275b7068b5fac19797d638977ffb9db12c5c1523614c18f
68cdaaeccd079ab33df06d3e5fb47594a4458a6491d48a8ae2f394defb419eb5
691caac6f6dff7d861775fc681453b85395bdbc549aa1355e445d6acc5513436
693c8b61667ac94847264924178702a190c5113b41b82085dad0641f89e3f864
69f0ade8cca67112ef495f707fb73c68fd5099a6cd9c51d9ba9ceda8dcca16f7
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6c8e343da3b15a6a26e0367b83d1c97813863ea6e6a905bd9e69870bb0a0ebd0
6e6377776a1104aed9b11142115b22dcaad3cf78ae76d255e454b04b7189af32
7104f88840a420f1702717d900db98910deb6141ad639bb7338b88993e989c72
730b744969336011e2a5861625a0a99d5a584aa7bd0752cacf3b2ae9ceae904d
730fa1f3e8b3c4a223c4e69f4a27e690a4552f96ab97dba05b943dff44967658
739ab1cbd5fc795c806cfbc012e937834a1d566f02ed72ff02af2700c0629eb4
73d48e5b77e6f9c20e969dedbd1b226f3904b843b532a3324297d145596e0564
7407dd4307d1c72e6ea9270e475e28e7d625a34609372de2318210de300bc1f0
78fb80c489d30f33e123785f2850d346a207eb2794e2fdd7e2b003cf362d2c18
792811a00eade422dc7f0b340a43724ad4577dd08b2887d63d1004706ede3acb
798f030b71236e3e0558470a585a697e360328ed6000f3ec35574e4cc373b6a2
7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8
7c3b96f238042f73d0bedf5877fa02eb834e89649bbd122e2f10cc35238173cf
7ddcdb425051dbc349b91079fe450031f1c28e182aa24974ddfa20a92b4facbd
7e75ade51afcae47ec8dedc46bd50962ebb58b46638a69951f1f494c5052fe14
7ee7be21d91af71ca9589c2044eb2f4666ac9f7427e73c6dea7d4d0d870b8af4
7fd9983a3429d6ead1f66bf933770f9b790818b189e39ff0f2a0d3f590bbf67b
803d45d072549f3f0282de85c64772dc5d85807cc7e9099595b6853b601195ae
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
8525db5c5cd8da3a6cf7bf41edd870e664b509a6ea9ccb1671837e4cac845c67
859faa9b9ed0990288b2f393a102b1fe2668ac79088b113b6f0beaee521221eb
85fae6da7be6b2a4299638f9a7de6d7df6e1746186532465ef1c228faaf9a0bb
86ae68aea16cebbd7a8214dea5ee65c4316b52c4b231d4082f238c25f1be4064
86bb7e8315060a1db28a16e81984398ca1619a620e70d0127dae4cde64ca3d22
87b152a0737334cd1c36bb569e59bcebbfd836d745ddadddadaafb6e4e3b9fe2
89b4aa9e9bf8516c2ab7b5134f65d47b02071637259a14c9f60dccc207e05ce4
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
8d6580af877387b05d9ffac3ebeacfe25a7728c77adef6d9b32fd72ccbe21468
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395
8edaef698e025c37ba9e8d632a895d7252c62251df3f095d5cff17b6f3304854
8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5
8f9a7962cf58f27b89c0627d094ee1b631ec118675f9eae1dc06031353360422
9003fef55e3576f4a0a0238398fe166e7ee41975e55dd3ba079066eea0fb291d
91afa3567aa884da17309a3ff01218ae433c620505a481368f7be1c67d811f5f
927e16d837ac9f46ddb4a64c8fea1cbe39343902c91b14e11b484e9b01f98cdd
9310c3290722edb39dfc8e9065d9b52f8629a7d969e42868f0eac42b9b7edf3a
931dc539e87db7f509be9c77dfcc9b2baee0b91e5236aa04580ab14ed81e2cc0
9333cbc41ddd28fb91de26042e944b4ef267714050b7a8fa766b53c94cfcd367
9476350068dbd8b61373906f6d9dba49ed31ed5d64d6ee2d48da082c44a447dc
959a32aa29a32e5580067baa9916638d03942863f257f008254d0a0379848359
974feb3b255709419aa9d75228aee116a3a57e4fec91ee42cdceea855b198530
97f5070aadd9475bb56a49a7bc1114e9fe1b992b55f2b227502f35f8bba71d74
99946091c7fac1b214395c8184a5528f35b657816e109f08269492755904602d
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
9a60524bc2a69ac0775f978a67d221fa8074a484e1733eb15b2aef2b17437b58
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9b853de5258c4463d4c0326efe8a7523adb2705e0609e7a9dd33757d2c398812
9bb78cd215beb0a8c20a87ea7f2b3624f8511078172efef29596635603a44a43
9e3f824116bf1ec3acc0dd7c003055cfb201ab314633e5874a4c4df752bfa018
9f92debf1f188193097eb6cac698f1f2365d0e74edc4a3b8dde44a0ef87ad925
9fd852bccb255cff4e7127941e55802da997f77a45e91de2c22658e204714d3d
9fe6d16f4ad0b4d0a03a097114529029f15236e1997b9d076bd023ed3e2109a0
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
a2e14a498cfcc1b6920f069a9d657ad3c6fbbe217dd26dbfe54815db5107fed6
a3e64300797e8078baa41dbc49e2affc1d2bedd04a470f0c929ed7fac698fbcd
a4350fed8ed92bbf4f462fc245028928ac33afa25d2231b28c334b91cd0d3952
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a5c6db4b3bc25eee635355573d9cbd9be7e8f40b0f56f350eafa8a0f0c0213b5
a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
a9d2b2df99c1a115d5394c70a898d8801092208dc582f8bd6fb01b35c30d6b22
abaa484421865309a7781e540844f1b5260ed131080f8dd9f083d8f18beea107
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
acd94635d3d4e525be70a94dd02b05d50c11cacab7bd792b8fe44e7956c95dd6
ae00ae9c862bc8b8923efd1d9a18befa912678a869d4dd01179a59ed3de731be
b0a82a5c72e1f243bd8bb09c65dc39341378c5baf5b3d8b7371ff58cdfaff319
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b1f863d13dbad7d5240f577a73b47b06227d218909259042da95301e2eb8be55
b2ca143af260276f80f6c9664e21857c44f745b6d06a62fd035d3e61729f6064
b3428e41fe5542b09a67df3642b7f1644ff146dc305bc1b02e561785ce6ce2cb
b4a961e9038c9208b716f476adaf003aa3e343a54a86e1ff28a6af4daec5dbbd
b78fe2d1ef3f12d09d47c22e86e61fe48ec8103c1a4bb54b46f39c53f47d9845
b7aaea908b866c1619b9bf156a002c22b717a771bf22d9a2965151f9cf969670
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bb27930784fb481d87869b25fb27303ebfae88d69b220424b3168fd6f76cbca9
bb649525d38068d2573d0f579a48c10d8353c061f8600ceaec5eb5831e603205
bbe4e4e4e847a32bd717d963f0ac04b619a7a9cdd631a7454d9dfec16fbae73f
bc09f410bee268466a27e0c698d45192d5f24b6f099fe434ca49d045690857e4
bc0d86e571cbeec18addc5cc8aff1d56fd8578c9b786d63959f5920d39a4a9ef
bcdf010ba3dc61605c33de9b33e7e76dbc3bb4326dcec49f33970345e517fb25
be086712f6cae12fd0f4a95cb6b1b2cb6c569bc504516ecc05eb3be71a757aca
bea63616949c80ff0dfdbb1e8547f1585882fc691483317b06441688e3e5f14a
bf00b900c3cc8692e726772624db21f004d08605251e1cb84e716a48b3d0a7e3
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
c25bf49c61f00bba07dbe379f040dcbf51b9eae7666da1843ca904340475faeb
c53d0656ecd4cf25ee7c34f78c8f5393cb2f58d5295aca093966082d4e5e2922
c793ce272ba6b491d266abacf96563ca2f88c4eaf594ef71ea63285e3e0e8184
c8c03fd4dea0f2c83fa05b10dfd913bfcff51d05e0c6e84b7f340b857fdda517
c9d6a2a58b9c7f4ee284526ef182398d1686c5de84286fd58ae111b172d4d456
caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c
cc8bbf5ef793ba607a310a98f1b71958b6165a428013e71fcb25cdaba074847a
cd15fce4fea0424cb366fd9656840130ca1ed7fe60d4fd927e81da09c817efe0
cd3767c9daaaaf6b31ba6dd8821d1cf09594ffdddb05a60b81d960aa4e2f44e9
d0bffc7261df1454c5e05475cda7d9e6647318dc6c3936767e1252bfe8849c54
d12a71cd626ac8f0fc91e6f1b98280cfb49fd724f2dcc118d192adff9a0154b4
d278491b1de51ad826d16be5ab27b1746999c02d45200f107218427e34eed798
d4c4215f41a4bb6f12e0d100854eecc6bc5c57ef23af0e945b8359d7727ae94e
d62a7b7ec5313469ebff5c006b9068dc44d6d1c122cf787ffa29a10113b34060
d9497a4969d4b9f7ef88f6826a448db2639cc888b32b975798c541dcac895358
da470abd39b0139219d4c7d827c4c931f40dbc3d13183dc140d709aeca6be490
daa795332e5dbcf893adf2d5f3349f02b8c1cb957ff3b5f4c11b742e33c3376f
daeda32073fc7e2215fc40f3e14a49f734714cc5fdaf60e1e05c55012911b442
dba466c43a288cc89aa2166d63cd97219a544b6fadb70508323701819052dbb3
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
dded8f8315bfa1c937330c6d23a5883248d37e189635b093e93e096e594ad5d9
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf
e0f1df7af81fd8eb920863093c426fdafd241b8d9aeb6126fb2fd24f36c061b3
e127aead57cd6625f795f8c41d8b7c463c2c50158e3a3dc398424db2b16bd5db
e20ddb9ed1fa044cb624f0253bb06b13c92ed9915063bd63a5806440c6b1ce7c
e2511b147f3cf95f742758d3e2062eac98f5265a859dc07959eb8a32f0a2f528
e2b3dac20813dbe78bbb7660dc82b2d319f554f6633bef620a70df1fd17fa80a
e2c4332b6cd0fea250e89907921adaf7e597b52808cf19c995d6173ae0263f21
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4058d4ee9da1ceaddfa91ddb63650ba67285f1bbfee487d9dfe648bced669a0
e5935466216a250bb06338805b32ffb19eeda9042ead790ebc6e5dda27820adb
e59f556482cb44643fe3c40e1ba8616cf711bdcff74f045377ea6233c356c337
e8fe64429e5900c16c7f8dd7861704e2f4d38e00cbb16bc18820b46d92461389
ea39dba2b498dfe4e18255e241acf246f9229c8deb54e5b2530cadb51a25bd58
eb4369fd4035cfcdb0909dfe5bd140d66231b1f4c6fab17c2b802a4edbf54449
ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152
ec30516a3fe9a182b66f4129bb2152acb2b0e49ccf040d46fdc622ea74f96097
ecc2e585ea072abb205881f3aad6f36e92d556537e7100a8a128ddbc75edb436
ed3e5be0acdbc20fe5841a6046856a2e2b6be961d7541534f0654c82487a5140
ed54c622898162bdb56dfb1bf5471c977b401a911a270ce95fd26299e33a6593
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f29b415b03edf0f023a6aec953bd860f0b4cd6621cff589e8e26ead15ea4c11b
f3d66b78ca0c93adf48dec8533da3c4db538cc648dc60e383d5fd0b666859206
f3fb9a3c3e9feb0d4855d71ab7f9ec2f80003c83a714e5b74f96726b9c0ae8c7
f45fd1efa6863170bf04a86322ec937b1f3f5fe9ee13e8f0610fe815eb620493
f4b064d961dd5c30917481f9cf22f400d352737e7dac10d70e574877eef1e8ea
f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1
f613f6ee0f690f54eaac0aaf0848719bf61f6cf4cbc62e9fae71e13540d5b21d
f74c04529f8d5f9c248eda87caec654de5e5c61dd40e9ac4696b026d2841b131
f7cdf71044448cb736733f5163fff96081d51ba4101567d61d22ee5998a7a399
f7e06ae449bdd4ebece6e26cdb36840f7cb19f28b57bbb6b8647a54535557d3f
f8a2b5b62eb722c3379b30cf0cc58d3176ee6be48036d6ad2aa838d2029c4189
f953aa715cd5c236fc63ca2b6a4d41728b1fd5d6e3fcb787a3017350a353f9de
f966536fe730c95248acf14d5d804c423899cff991176a5c7b7e2d6df810878d
fec7809f7eaf8060a7b8ca2ad29a622f558d341527e5fc585ef4ac9c3344c19a
ff2748af686617f41cfcbeac491d5b816ab946d75a82f28a7da9a2f2525962f0