URL: https://www.threatminer.org/sample.php?q=56e008e903a7e3a3b98e19f313435afe
Submission: On March 22 via api from US — Scanned from DE

Summary

This website contacted 64 IPs in 8 countries across 52 domains to perform 438 HTTP transactions. The main IP is 2606:4700:20::681a:feb, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.threatminer.org.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on June 28th 2021. Valid for: a year.
This is the only time www.threatminer.org was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
27 2606:4700:20:... 13335 (CLOUDFLAR...)
11 2a00:1450:400... 15169 (GOOGLE)
7 2606:2800:234... 15133 (EDGECAST)
1 1 2606:4700:10:... 13335 (CLOUDFLAR...)
1 2606:4700:20:... 13335 (CLOUDFLAR...)
1 21 172.66.41.9 13335 (CLOUDFLAR...)
2 2a00:1450:400... 15169 (GOOGLE)
1 199.232.192.134 54113 (FASTLY)
5 2a00:1450:400... 15169 (GOOGLE)
15 2600:9000:205... 16509 (AMAZON-02)
4 151.101.0.134 54113 (FASTLY)
38 2a00:1450:400... 15169 (GOOGLE)
1 2 104.244.42.72 13414 (TWITTER)
2 199.232.196.64 54113 (FASTLY)
5 199.232.196.134 54113 (FASTLY)
2 142.250.181.226 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
10 2a00:1450:400... 15169 (GOOGLE)
3 8 2a00:1450:400... 15169 (GOOGLE)
32 2606:2800:134... 15133 (EDGECAST)
69 151.101.1.44 54113 (FASTLY)
1 67.202.105.33 32748 (STEADFAST)
2 6 184.30.20.241 16625 (AKAMAI-AS)
1 51.75.86.98 16276 (OVH)
4 4 198.47.127.18 62713 (AS-PUBMATIC)
4 5 142.250.186.34 15169 (GOOGLE)
1 1 185.64.189.110 62713 (AS-PUBMATIC)
2 2 198.47.127.20 3257 (GTT-BACKB...)
1 2 35.227.248.159 15169 (GOOGLE)
4 5 37.252.172.37 29990 (ASN-APPNEX)
1 34.98.64.218 15169 (GOOGLE)
3 3 3.126.56.137 16509 (AMAZON-02)
4 4 213.19.147.45 26120 (RHYTHMONE)
2 3 3.33.220.150 16509 (AMAZON-02)
1 1 50.31.142.223 23352 (SERVERCEN...)
1 178.162.133.149 60781 (LEASEWEB-...)
1 52.30.111.237 16509 (AMAZON-02)
1 174.137.133.49 27257 (WEBAIR-IN...)
2 2 99.80.176.170 16509 (AMAZON-02)
2 2 52.59.41.116 16509 (AMAZON-02)
1 38.27.122.101 174 (COGENT-174)
1 216.52.2.19 30282 (AS-INAPCD...)
1 1 193.0.160.128 54312 (ROCKETFUEL)
1 67.202.105.24 32748 (STEADFAST)
2 6 99.86.7.38 16509 (AMAZON-02)
1 2 209.54.180.144 16509 (AMAZON-02)
1 38.91.45.7 398989 (DEEPINTENT)
2 2 52.31.243.45 16509 (AMAZON-02)
1 1 34.111.151.213 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
44 2a00:1450:400... 15169 (GOOGLE)
1 2a02:2638:1::2 44788 (ASN-CRITE...)
3 2a02:2638:1::11 44788 (ASN-CRITE...)
2 2a02:2638::2 44788 (ASN-CRITE...)
4 2a00:1450:400... 15169 (GOOGLE)
6 2a00:1450:400... 15169 (GOOGLE)
1 199.232.194.49 54113 (FASTLY)
8 2606:2800:233... 15133 (EDGECAST)
2 2606:2800:233... 15133 (EDGECAST)
21 2a02:2638::3 44788 (ASN-CRITE...)
3 2600:9000:206... 16509 (AMAZON-02)
3 178.250.2.148 44788 (ASN-CRITE...)
7 2a00:1450:400... 15169 (GOOGLE)
2 2606:4700::68... 13335 (CLOUDFLAR...)
2 2a00:1450:400... 15169 (GOOGLE)
1 37.157.2.239 198622 (ADFORM)
23 178.250.0.139 44788 (ASN-CRITE...)
4 178.250.2.150 44788 (ASN-CRITE...)
2 199.212.255.247 25948 (FHMNET)
3 199.232.192.64 54113 (FASTLY)
1 2a00:1450:400... 15169 (GOOGLE)
2 2a04:4e42::300 54113 (FASTLY)
2 141.226.224.32 200478 (TABOOLA-AS)
438 64
Apex Domain
Subdomains
Transfer
73 taboola.com
cdn.taboola.com — Cisco Umbrella Rank: 971
trc.taboola.com — Cisco Umbrella Rank: 562
15.taboola.com — Cisco Umbrella Rank: 1773
images.taboola.com — Cisco Umbrella Rank: 1507
vidstat.taboola.com — Cisco Umbrella Rank: 1762
imprammp.taboola.com — Cisco Umbrella Rank: 11235
pips.taboola.com — Cisco Umbrella Rank: 1686
cds.taboola.com — Cisco Umbrella Rank: 997
4 MB
55 googlesyndication.com
pagead2.googlesyndication.com — Cisco Umbrella Rank: 90
tpc.googlesyndication.com — Cisco Umbrella Rank: 122
580 KB
48 criteo.net
static.criteo.net — Cisco Umbrella Rank: 600
pix.eu.criteo.net — Cisco Umbrella Rank: 7328
csm.eu.criteo.net — Cisco Umbrella Rank: 7422
128 KB
42 twimg.com
cdn.syndication.twimg.com — Cisco Umbrella Rank: 1236
pbs.twimg.com — Cisco Umbrella Rank: 615
abs.twimg.com — Cisco Umbrella Rank: 1748
ton.twimg.com — Cisco Umbrella Rank: 5352
631 KB
42 doubleclick.net
googleads.g.doubleclick.net — Cisco Umbrella Rank: 38
cm.g.doubleclick.net — Cisco Umbrella Rank: 176
359 KB
27 threatminer.org
www.threatminer.org
1 MB
23 infolinks.com
resources.infolinks.com — Cisco Umbrella Rank: 7674
router.infolinks.com — Cisco Umbrella Rank: 2493
rt3001.infolinks.com — Cisco Umbrella Rank: 67491
node228.impressionssl.adshop.infolinks.com — Cisco Umbrella Rank: 445693
211 KB
16 disquscdn.com
c.disquscdn.com — Cisco Umbrella Rank: 3984
a.disquscdn.com — Cisco Umbrella Rank: 7871
552 KB
16 google.com
cse.google.com — Cisco Umbrella Rank: 2215
adservice.google.com — Cisco Umbrella Rank: 57
www.google.com — Cisco Umbrella Rank: 2
clients1.google.com — Cisco Umbrella Rank: 386
219 KB
15 disqus.com
threatminer.disqus.com
disqus.com — Cisco Umbrella Rank: 2684
tempest.services.disqus.com — Cisco Umbrella Rank: 12787
referrer.disqus.com — Cisco Umbrella Rank: 6134
reporting.services.disqus.com Failed
links.services.disqus.com — Cisco Umbrella Rank: 11671
85 KB
9 criteo.com
rtb.nl.eu.criteo.com — Cisco Umbrella Rank: 11348
ads.eu.criteo.com — Cisco Umbrella Rank: 7435
rtb.fr.eu.criteo.com — Cisco Umbrella Rank: 12341
cat.nl.eu.criteo.com — Cisco Umbrella Rank: 9430
170 KB
9 twitter.com
platform.twitter.com — Cisco Umbrella Rank: 525
syndication.twitter.com — Cisco Umbrella Rank: 769
214 KB
8 gstatic.com
www.gstatic.com
fonts.gstatic.com
108 KB
8 googletagservices.com
www.googletagservices.com — Cisco Umbrella Rank: 147
288 KB
7 ampproject.org
cdn.ampproject.org — Cisco Umbrella Rank: 343
137 KB
7 pubmatic.com
image8.pubmatic.com — Cisco Umbrella Rank: 570
image2.pubmatic.com — Cisco Umbrella Rank: 774
image4.pubmatic.com — Cisco Umbrella Rank: 765
2 KB
6 googleapis.com
www.googleapis.com — Cisco Umbrella Rank: 29
imasdk.googleapis.com — Cisco Umbrella Rank: 399
fonts.googleapis.com — Cisco Umbrella Rank: 35
128 KB
6 scorecardresearch.com
sb.scorecardresearch.com — Cisco Umbrella Rank: 125
4 KB
6 casalemedia.com
ssum-sec.casalemedia.com — Cisco Umbrella Rank: 476
dsum-sec.casalemedia.com — Cisco Umbrella Rank: 496
dsum.casalemedia.com — Cisco Umbrella Rank: 1197
7 KB
5 adnxs.com
ib.adnxs.com — Cisco Umbrella Rank: 205
4 KB
3 imrworldwide.com
secure-gl.imrworldwide.com — Cisco Umbrella Rank: 1442
2 KB
3 adsrvr.org
match.adsrvr.org — Cisco Umbrella Rank: 293
1 KB
3 1rx.io
sync.1rx.io — Cisco Umbrella Rank: 491
2 KB
3 yahoo.com
ups.analytics.yahoo.com — Cisco Umbrella Rank: 268
1 KB
2 viglink.com
cdn.viglink.com — Cisco Umbrella Rank: 4105
531 B
2 bidr.io
match.prod.bidr.io — Cisco Umbrella Rank: 462
1 KB
2 amazon-adsystem.com
s.amazon-adsystem.com — Cisco Umbrella Rank: 260
1 KB
2 advertising.com
pixel.advertising.com — Cisco Umbrella Rank: 307
674 B
2 360yield.com
ad.360yield.com — Cisco Umbrella Rank: 630
648 B
2 tapad.com
pixel.tapad.com — Cisco Umbrella Rank: 365
890 B
2 google.de
adservice.google.de — Cisco Umbrella Rank: 8832
914 B
2 googleadservices.com
partner.googleadservices.com — Cisco Umbrella Rank: 716
855 B
2 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 31
20 KB
1 2mdn.net
s0.2mdn.net — Cisco Umbrella Rank: 246
24 KB
1 seadform.net
track.seadform.net — Cisco Umbrella Rank: 97249
1 brand-display.com
dmp.brand-display.com — Cisco Umbrella Rank: 1624
318 B
1 deepintent.com
match.deepintent.com — Cisco Umbrella Rank: 813
44 B
1 33across.com
ssc-cms.33across.com — Cisco Umbrella Rank: 807
72 B
1 rfihub.com
p.rfihub.com — Cisco Umbrella Rank: 631
755 B
1 lijit.com
ap.lijit.com — Cisco Umbrella Rank: 594
277 B
1 bnmla.com
match.bnmla.com — Cisco Umbrella Rank: 1498
112 B
1 adkernel.com
dsp.adkernel.com — Cisco Umbrella Rank: 3771
233 B
1 cpx.to
s.cpx.to — Cisco Umbrella Rank: 1700
945 B
1 sonobi.com
sync.go.sonobi.com — Cisco Umbrella Rank: 843
474 B
1 zemanta.com
b1sync.zemanta.com — Cisco Umbrella Rank: 528
288 B
1 unrulymedia.com
sync.targeting.unrulymedia.com — Cisco Umbrella Rank: 829
475 B
1 openx.net
u.openx.net — Cisco Umbrella Rank: 621
305 B
1 onetag-sys.com
onetag-sys.com — Cisco Umbrella Rank: 797
814 B
1 tynt.com
de.tynt.com — Cisco Umbrella Rank: 1136
289 B
1 licensebuttons.net
licensebuttons.net — Cisco Umbrella Rank: 19955
1 KB
1 creativecommons.org
i.creativecommons.org — Cisco Umbrella Rank: 21462
314 B
0 inmobi.com Failed
sync.inmobi.com Failed
438 52
Domain Requested by
44 tpc.googlesyndication.com googleads.g.doubleclick.net
www.threatminer.org
tpc.googlesyndication.com
37 googleads.g.doubleclick.net pagead2.googlesyndication.com
googleads.g.doubleclick.net
31 pbs.twimg.com www.threatminer.org
platform.twitter.com
29 images.taboola.com www.threatminer.org
cdn.taboola.com
vidstat.taboola.com
27 www.threatminer.org www.threatminer.org
23 pix.eu.criteo.net ads.eu.criteo.com
www.threatminer.org
21 static.criteo.net ads.eu.criteo.com
17 cdn.taboola.com www.threatminer.org
cdn.taboola.com
15 c.disquscdn.com threatminer.disqus.com
disqus.com
c.disquscdn.com
14 router.infolinks.com 1 redirects resources.infolinks.com
router.infolinks.com
ssum-sec.casalemedia.com
11 pagead2.googlesyndication.com www.threatminer.org
pagead2.googlesyndication.com
googleads.g.doubleclick.net
www.googletagservices.com
tpc.googlesyndication.com
8 vidstat.taboola.com cdn.taboola.com
vidstat.taboola.com
8 abs.twimg.com www.threatminer.org
platform.twitter.com
8 www.googletagservices.com googleads.g.doubleclick.net
8 www.google.com 3 redirects cse.google.com
www.google.com
www.threatminer.org
7 cdn.ampproject.org googleads.g.doubleclick.net
pagead2.googlesyndication.com
7 platform.twitter.com www.threatminer.org
platform.twitter.com
6 15.taboola.com cdn.taboola.com
6 www.gstatic.com googleads.g.doubleclick.net
6 sb.scorecardresearch.com 2 redirects cdn.taboola.com
www.threatminer.org
5 trc.taboola.com cdn.taboola.com
www.threatminer.org
5 ib.adnxs.com 4 redirects ssum-sec.casalemedia.com
5 cm.g.doubleclick.net 4 redirects ssum-sec.casalemedia.com
5 referrer.disqus.com www.threatminer.org
5 cse.google.com www.threatminer.org
www.google.com
cse.google.com
4 imprammp.taboola.com www.threatminer.org
4 csm.eu.criteo.net ads.eu.criteo.com
4 fonts.googleapis.com googleads.g.doubleclick.net
4 image8.pubmatic.com 4 redirects
4 disqus.com threatminer.disqus.com
c.disquscdn.com
4 resources.infolinks.com www.threatminer.org
resources.infolinks.com
3 links.services.disqus.com c.disquscdn.com
www.threatminer.org
3 cat.nl.eu.criteo.com ads.eu.criteo.com
3 secure-gl.imrworldwide.com ads.eu.criteo.com
3 ads.eu.criteo.com googleads.g.doubleclick.net
3 dsum-sec.casalemedia.com 1 redirects ssum-sec.casalemedia.com
3 match.adsrvr.org 2 redirects ssum-sec.casalemedia.com
3 sync.1rx.io 3 redirects
3 ups.analytics.yahoo.com 3 redirects
3 rt3001.infolinks.com resources.infolinks.com
www.threatminer.org
2 cds.taboola.com cdn.taboola.com
2 pips.taboola.com cdn.taboola.com
2 node228.impressionssl.adshop.infolinks.com www.threatminer.org
blank
2 fonts.gstatic.com fonts.googleapis.com
2 cdn.viglink.com www.threatminer.org
2 ton.twimg.com platform.twitter.com
2 rtb.fr.eu.criteo.com googleads.g.doubleclick.net
2 match.prod.bidr.io 2 redirects
2 s.amazon-adsystem.com 1 redirects ssum-sec.casalemedia.com
2 pixel.advertising.com 2 redirects
2 ad.360yield.com 2 redirects
2 pixel.tapad.com 1 redirects router.infolinks.com
2 image4.pubmatic.com 2 redirects
2 ssum-sec.casalemedia.com 1 redirects router.infolinks.com
2 adservice.google.com pagead2.googlesyndication.com
2 adservice.google.de pagead2.googlesyndication.com
2 partner.googleadservices.com pagead2.googlesyndication.com
cse.google.com
2 tempest.services.disqus.com threatminer.disqus.com
2 syndication.twitter.com 1 redirects platform.twitter.com
2 www.google-analytics.com www.threatminer.org
www.google-analytics.com
1 s0.2mdn.net tpc.googlesyndication.com
1 track.seadform.net googleads.g.doubleclick.net
1 a.disquscdn.com www.threatminer.org
1 rtb.nl.eu.criteo.com googleads.g.doubleclick.net
1 imasdk.googleapis.com resources.infolinks.com
1 clients1.google.com www.threatminer.org
1 www.googleapis.com www.threatminer.org
1 dsum.casalemedia.com ssum-sec.casalemedia.com
1 dmp.brand-display.com 1 redirects
1 match.deepintent.com ssum-sec.casalemedia.com
1 ssc-cms.33across.com router.infolinks.com
1 p.rfihub.com 1 redirects
1 ap.lijit.com router.infolinks.com
1 match.bnmla.com router.infolinks.com
1 dsp.adkernel.com router.infolinks.com
1 s.cpx.to router.infolinks.com
1 sync.go.sonobi.com router.infolinks.com
1 b1sync.zemanta.com 1 redirects
1 sync.targeting.unrulymedia.com 1 redirects
1 u.openx.net router.infolinks.com
1 image2.pubmatic.com 1 redirects
1 onetag-sys.com router.infolinks.com
1 de.tynt.com router.infolinks.com
1 cdn.syndication.twimg.com platform.twitter.com
1 threatminer.disqus.com www.threatminer.org
1 licensebuttons.net www.threatminer.org
1 i.creativecommons.org 1 redirects
0 sync.inmobi.com Failed router.infolinks.com
0 reporting.services.disqus.com Failed www.threatminer.org
438 89
Subject Issuer Validity Valid
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3
2021-06-28 -
2022-06-27
a year crt.sh
*.g.doubleclick.net
GTS CA 1C3
2022-02-28 -
2022-05-23
3 months crt.sh
*.twimg.com
DigiCert TLS RSA SHA256 2020 CA1
2021-10-20 -
2022-10-19
a year crt.sh
*.google-analytics.com
GTS CA 1C3
2022-02-28 -
2022-05-23
3 months crt.sh
*.disqus.com
DigiCert SHA2 Secure Server CA
2020-04-20 -
2022-05-09
2 years crt.sh
*.google.com
GTS CA 1C3
2022-03-17 -
2022-06-09
3 months crt.sh
a.disquscdn.com
Amazon
2021-10-31 -
2022-11-28
a year crt.sh
syndication.twitter.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1
2022-03-07 -
2023-03-06
a year crt.sh
*.services.disqus.com
GlobalSign Atlas R3 DV TLS CA 2022 Q1
2022-01-31 -
2023-03-04
a year crt.sh
*.googleadservices.com
GTS CA 1C3
2022-02-28 -
2022-05-23
3 months crt.sh
*.google.de
GTS CA 1C3
2022-02-28 -
2022-05-23
3 months crt.sh
www.google.com
GTS CA 1C3
2022-02-28 -
2022-05-23
3 months crt.sh
*.taboola.com
DigiCert TLS RSA SHA256 2020 CA1
2021-11-28 -
2022-12-29
a year crt.sh
*.tynt.com
Sectigo RSA Domain Validation Secure Server CA
2021-09-23 -
2022-09-30
a year crt.sh
san.casalemedia.com
GeoTrust RSA CA 2018
2021-12-12 -
2022-12-13
a year crt.sh
*.onetag-sys.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1
2022-01-10 -
2023-01-03
a year crt.sh
*.openx.net
GeoTrust RSA CA 2018
2021-07-08 -
2022-08-08
a year crt.sh
*.go.sonobi.com
Go Daddy Secure Certificate Authority - G2
2021-12-08 -
2023-01-09
a year crt.sh
*.adkernel.com
AlphaSSL CA - SHA256 - G2
2021-12-30 -
2023-01-31
a year crt.sh
*.bnmla.com
Go Daddy Secure Certificate Authority - G2
2021-12-30 -
2023-01-31
a year crt.sh
*.lijit.com
Go Daddy Secure Certificate Authority - G2
2021-03-11 -
2022-04-12
a year crt.sh
*.33across.com
Sectigo RSA Domain Validation Secure Server CA
2021-09-23 -
2022-09-30
a year crt.sh
*.scorecardresearch.com
Amazon
2022-01-29 -
2023-02-27
a year crt.sh
*.adsrvr.org
GlobalSign GCC R3 DV TLS CA 2020
2021-03-18 -
2022-04-19
a year crt.sh
*.adnxs.com
GeoTrust ECC CA 2018
2022-02-11 -
2023-03-14
a year crt.sh
*.deepintent.com
Go Daddy Secure Certificate Authority - G2
2020-04-09 -
2022-06-08
2 years crt.sh
upload.video.google.com
GTS CA 1C3
2022-02-28 -
2022-05-23
3 months crt.sh
tpc.googlesyndication.com
GTS CA 1C3
2022-02-28 -
2022-05-23
3 months crt.sh
*.nl.eu.criteo.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1
2022-03-15 -
2022-06-13
3 months crt.sh
*.eu.criteo.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1
2022-03-19 -
2022-06-18
3 months crt.sh
*.fr.eu.criteo.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1
2022-03-13 -
2022-06-09
3 months crt.sh
*.gstatic.com
GTS CA 1C3
2022-02-28 -
2022-05-23
3 months crt.sh
*.disquscdn.com
GlobalSign Atlas R3 DV TLS CA H2 2021
2022-01-03 -
2023-02-04
a year crt.sh
*.criteo.net
DigiCert TLS Hybrid ECC SHA384 2020 CA1
2022-02-02 -
2022-05-03
3 months crt.sh
*.imrworldwide.com
DigiCert TLS RSA SHA256 2020 CA1
2022-01-04 -
2023-02-03
a year crt.sh
misc-sni.google.com
GTS CA 1C3
2022-02-28 -
2022-05-23
3 months crt.sh
ssl1029306.cloudflaressl.com
COMODO ECC Domain Validation Secure Server CA 2
2021-07-12 -
2022-06-30
a year crt.sh
*.seadform.net
DigiCert TLS RSA SHA256 2020 CA1
2021-10-20 -
2022-11-04
a year crt.sh
*.eu.criteo.net
DigiCert TLS Hybrid ECC SHA384 2020 CA1
2022-02-03 -
2022-05-02
3 months crt.sh
node228.impressionssl.adshop.infolinks.com
R3
2022-01-10 -
2022-04-10
3 months crt.sh
*.doubleclick.net
GTS CA 1C3
2022-02-28 -
2022-05-23
3 months crt.sh

This page contains 41 frames:

Primary Page: https://www.threatminer.org/sample.php?q=56e008e903a7e3a3b98e19f313435afe
Frame ID: 2A8297841E00AFB8D53FEFD9CD620979
Requests: 94 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.a58e82e150afc25eb5372dd55a98b778.html?origin=https%3A%2F%2Fwww.threatminer.org
Frame ID: EF41ED859B93712907EF61B74BE00660
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20220317/r20190131/zrt_lookup.html
Frame ID: 138F5482221E986751BFB2A9138207A8
Requests: 1 HTTP requests in this frame

Frame: https://router.infolinks.com/usync/manage?pid=3241790&wsid=0&pdom=www.threatminer.org&purl=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe
Frame ID: A2EC5A7C2155157A081FFA7255E36D4B
Requests: 19 HTTP requests in this frame

Frame: https://disqus.com/embed/comments/?base=default&f=threatminer&t_i=56e008e903a7e3a3b98e19f313435afe&t_u=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe&t_d=56e008e903a7e3a3b98e19f313435afe%20Malware%20Analysis%20Results%20%7C%20ThreatMiner.org&t_t=56e008e903a7e3a3b98e19f313435afe%20Malware%20Analysis%20Results%20%7C%20ThreatMiner.org&s_o=default
Frame ID: C7EAA27ABA5816A18D3BE7D2A36FD4EE
Requests: 15 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&h=250&slotname=4491384285&adk=1382012186&adf=1527761000&pi=t.ma~as.4491384285&w=299&fwrn=4&fwrnh=100&lmt=1647958790&rafmt=3&psa=0&format=299x250&url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe&fwr=0&fwrattr=true&rpe=1&resp_fmts=1&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1647958790499&bpp=3&bdt=386&idt=142&shv=r20220317&mjsv=m202203170101&ptt=9&saldr=aa&abxe=1&correlator=1619148827151&frm=20&pv=2&ga_vid=288048568.1647958790&ga_sid=1647958791&ga_hid=1115656681&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=0&ady=229&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C21066432%2C31065702%2C44760495%2C31063247&oid=2&pvsid=3871871897982972&pem=22&tmod=415969553&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CaeE%7C&abl=CA&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&fsb=1&xpc=Tgnt5hVCpl&p=https%3A//www.threatminer.org&dtd=157
Frame ID: 096837B9F379BDED5DDAC46BDBD93193
Requests: 8 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&h=600&slotname=6407101181&adk=2989800909&adf=2245449527&pi=t.ma~as.6407101181&w=299&fwrn=4&fwrnh=100&lmt=1647958790&rafmt=1&psa=0&format=299x600&url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1647958790502&bpp=1&bdt=389&idt=164&shv=r20220317&mjsv=m202203170101&ptt=9&saldr=aa&abxe=1&prev_fmts=299x250&correlator=1619148827151&frm=20&pv=1&ga_vid=288048568.1647958790&ga_sid=1647958791&ga_hid=1115656681&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=0&ady=507&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C21066432%2C31065702%2C44760495%2C31063247&oid=2&pvsid=3871871897982972&pem=22&tmod=415969553&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CaeE%7C&abl=CA&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=RoA7beqqPT&p=https%3A//www.threatminer.org&dtd=166
Frame ID: 85FF84BC32011BAF77AF64379F2F907A
Requests: 26 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&h=200&slotname=1381165906&adk=2644663765&adf=151644923&pi=t.ma~as.1381165906&w=1182&fwrn=4&lmt=1647958790&rafmt=11&psa=0&format=1182x200&url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1647958790503&bpp=1&bdt=390&idt=168&shv=r20220317&mjsv=m202203170101&ptt=9&saldr=aa&abxe=1&prev_fmts=299x250%2C299x600&correlator=1619148827151&frm=20&pv=1&ga_vid=288048568.1647958790&ga_sid=1647958791&ga_hid=1115656681&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=359&ady=115&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C21066432%2C31065702%2C44760495%2C31063247&oid=2&pvsid=3871871897982972&pem=22&tmod=415969553&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=aLQZDLGjzi&p=https%3A//www.threatminer.org&dtd=170
Frame ID: 06F3A0199971338FA7543EF9F005815B
Requests: 13 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&h=200&slotname=6125219520&adk=3585176026&adf=3636535385&pi=t.ma~as.6125219520&w=1200&fwrn=4&lmt=1647958790&rafmt=11&psa=0&format=1200x200&url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1647958790504&bpp=1&bdt=391&idt=174&shv=r20220317&mjsv=m202203170101&ptt=9&saldr=aa&abxe=1&prev_fmts=299x250%2C299x600%2C1182x200&correlator=1619148827151&frm=20&pv=1&ga_vid=288048568.1647958790&ga_sid=1647958791&ga_hid=1115656681&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=350&ady=1139&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C21066432%2C31065702%2C44760495%2C31063247&oid=2&pvsid=3871871897982972&pem=22&tmod=415969553&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&fsb=1&xpc=meEOo6kkQh&p=https%3A//www.threatminer.org&dtd=177
Frame ID: E2E71165E7CAF487D6EC5A03E77249C5
Requests: 7 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&h=200&slotname=8831273914&adk=3175788880&adf=3735847537&pi=t.ma~as.8831273914&w=1200&fwrn=4&lmt=1647958790&rafmt=11&psa=0&format=1200x200&url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1647958790505&bpp=1&bdt=392&idt=184&shv=r20220317&mjsv=m202203170101&ptt=9&saldr=aa&abxe=1&prev_fmts=299x250%2C299x600%2C1182x200%2C1200x200&correlator=1619148827151&frm=20&pv=1&ga_vid=288048568.1647958790&ga_sid=1647958791&ga_hid=1115656681&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=350&ady=2116&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C21066432%2C31065702%2C44760495%2C31063247&oid=2&pvsid=3871871897982972&pem=22&tmod=415969553&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&btvi=1&fsb=1&xpc=IL1GfCm72f&p=https%3A//www.threatminer.org&dtd=186
Frame ID: 7115C79D96C3A8C6AA5629530E3AB886
Requests: 7 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&h=200&slotname=3926415687&adk=3167179422&adf=3170887745&pi=t.ma~as.3926415687&w=1200&fwrn=4&lmt=1647958790&rafmt=11&psa=0&format=1200x200&url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1647958790505&bpp=1&bdt=391&idt=191&shv=r20220317&mjsv=m202203170101&ptt=9&saldr=aa&abxe=1&prev_fmts=299x250%2C299x600%2C1182x200%2C1200x200%2C1200x200&correlator=1619148827151&frm=20&pv=1&ga_vid=288048568.1647958790&ga_sid=1647958791&ga_hid=1115656681&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=350&ady=2598&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C21066432%2C31065702%2C44760495%2C31063247&oid=2&pvsid=3871871897982972&pem=22&tmod=415969553&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=6&uci=a!6&btvi=2&fsb=1&xpc=BS04Z9cZfB&p=https%3A//www.threatminer.org&dtd=193
Frame ID: FCA7BA19DD8E53577FF8AD11CD7B5ECC
Requests: 9 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&h=591&slotname=4336667154&adk=296923673&adf=1593494102&pi=t.ma~as.4336667154&w=1182&cr_col=4&cr_row=2&fwrn=2&lmt=1647958790&rafmt=9&psa=0&format=1182x591&url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe&crui=image_stacked&fwr=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1647958790506&bpp=1&bdt=393&idt=194&shv=r20220317&mjsv=m202203170101&ptt=9&saldr=aa&abxe=1&prev_fmts=299x250%2C299x600%2C1182x200%2C1200x200%2C1200x200%2C1200x200&correlator=1619148827151&frm=20&pv=1&ga_vid=288048568.1647958790&ga_sid=1647958791&ga_hid=1115656681&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=359&ady=2953&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C21066432%2C31065702%2C44760495%2C31063247&oid=2&pvsid=3871871897982972&pem=22&tmod=415969553&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=7&uci=a!7&btvi=3&fsb=1&xpc=BzyDBnNSkW&p=https%3A//www.threatminer.org&dtd=197
Frame ID: 1B9997361998BB7AC3775C512F99D17E
Requests: 26 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&adk=1812271804&adf=3025194257&lmt=1647958790&plat=1%3A16777216%2C3%3A16%2C4%3A16%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A34635776%2C32%3A32&format=0x0&url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe&ea=0&pra=7&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1647958790519&bpp=1&bdt=406&idt=188&shv=r20220317&mjsv=m202203170101&ptt=9&saldr=aa&abxe=1&prev_fmts=299x250%2C299x600%2C1182x200%2C1200x200%2C1200x200%2C1200x200%2C1182x591&nras=1&correlator=1619148827151&frm=20&pv=1&ga_vid=288048568.1647958790&ga_sid=1647958791&ga_hid=1115656681&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C21066432%2C31065702%2C44760495%2C31063247&oid=2&pvsid=3871871897982972&pem=22&tmod=415969553&uas=0&nvt=1&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=8&uci=a!8&fsb=1&dtd=197
Frame ID: 75AC7ADD5C45DCEC4CBDC762FA124198
Requests: 1 HTTP requests in this frame

Frame: https://reporting.services.disqus.com/_log/taboola?placement=%7B%22domain%22%3A%20%22https%3A%2F%2Fwww.threatminer.org%22%2C%20%22experiment%22%3A%20%22network_default%22%2C%20%22position%22%3A%20%22bottom%22%2C%20%22shortname%22%3A%20%22threatminer%22%2C%20%22variant%22%3A%20%22fallthrough%22%7D&is_taboola_named=false&language=en&colorscheme=light&typeface=sans-serif&variant=fallthrough&forum_id=5993718&source_url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe&organization_id=4448595&taboola_publisher_name=disqus-widget-safetylevel20longtail09&experiment=network_default&mode=thumbnails-b&position=bottom&shortname=threatminer&referrer_url=https%3A%2F%2Fwww.threatminer.org%2F&canonical_url&q=56e008e903a7e3a3b98e19f313435afe&1647958790766
Frame ID: 548E6A3B5920C9AF5E4E362137F8B658
Requests: 38 HTTP requests in this frame

Frame: https://reporting.services.disqus.com/_log/taboola?placement=%7B%22domain%22%3A%20%22https%3A%2F%2Fwww.threatminer.org%22%2C%20%22experiment%22%3A%20%22network_default%22%2C%20%22position%22%3A%20%22top%22%2C%20%22shortname%22%3A%20%22threatminer%22%2C%20%22variant%22%3A%20%22fallthrough%22%7D&is_taboola_named=false&language=en&colorscheme=light&typeface=sans-serif&variant=fallthrough&forum_id=5993718&source_url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe&organization_id=4448595&taboola_publisher_name=disqus-widget-safetylevel20longtail09&experiment=network_default&mode=thumbnails-a&position=top&shortname=threatminer&referrer_url=https%3A%2F%2Fwww.threatminer.org%2F&canonical_url&q=56e008e903a7e3a3b98e19f313435afe&1647958790775
Frame ID: 725C967AEB96A93050EC3D46E329AB04
Requests: 33 HTTP requests in this frame

Frame: https://de.tynt.com/deb/?m=xch&rt=html&sid=0010b00002CpYhEAAV
Frame ID: A3B7A581482E119330090BEFD3C5C0D8
Requests: 1 HTTP requests in this frame

Frame: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D&s=191306&C=1
Frame ID: 08A2228EA0A7B4553611CF64319B5433
Requests: 10 HTTP requests in this frame

Frame: https://onetag-sys.com/usync/?pubId=598ce3ddaee8c90
Frame ID: 06B8C833D2E4F93B725A94D259334223
Requests: 1 HTTP requests in this frame

Frame: https://ads.eu.criteo.com/delivery/r/afr.php?z=YjnbBgALaTAKGJQHAAeJDiBb9flhU0ymLIKmhg&u=%7CEqx3jKV1DZW0j%2BXV282WfXB93ji5o7M6qSoYzqwaNP8%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM0j2hknANCpMoZ3wmmJmKy2vlXc6UG1VzF2Kd270zxfYMEBacBPm4uqHZzUD3NyaasmJxrOCYpJSBEMyJexuvWoYoU6__bXTOLSoXbRKYy3jnnSpos5sgv1U4zUYcFxOVlYohPlC1jeVfCXqxkrTcKRdkCxx660Le-h0f_IPSaWN4n1pFQy9RtGsFaQHFPOjz8LXfFKUw1bGWY8nhef7y6IDC4LsplPI0MxbfC4po4XU1ah2rUcCP3MwfpH6fp30R-UpEEueu2wqqYXcF8n3NxDxEO6g9rHjPT9LwQEb9PECc-7QSLyF-gwqdi7D1dztrl2eF5Xauarb9GFE3fsr6xOV0FToP-0N-k5DzuakT6x03wh3fkJMiD5MbCu-mBa4iXdXM7KhupqRVzf1KOo-pQPXef6q7kzGx&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCr0E7Bts5YrDSLYeoYo6SnvgPyZ7SsVzFspj3cMCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi01NzIwNzYzMjcxNTMyMzc3oAHVttLqA8gBCakCWCz0URRysj6oAwGqBNgBT9BB4pGmsbfb0qAfLieF5AjM6TY9SW6qgSLiAfWzweDKFaToWTCaGUDolPrXYDrObodvb7WZQ8kMHu8OVoIZDr_tLSDPitpIxgt4x39CPsG0y6R2_-Eeqw9Pf14RlX9sHvLDtKuC0rc35Z02y9mMjWfk3wLrirgvNc0zZ3QFC0EzXwI9_U3hK0V6j-epIc4kq-t6-lBzkV4n1euZJWDmfQM6AH3ULA2ApWpASzIj5LHyryitoD-3kw1RJj-VmHo9xbFZjN9bFMxrSa1c-awFIw2oAHqJDVpOgAbUoIrLpJuoo2ygBiGoB4qYsQKoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0BHRcEaNeQ2JO_9m1ewhk7AmfGZQ%26client%3Dca-pub-5720763271532377%26adurl%3D
Frame ID: E41AF19BC53E31740F49A55D0D1FC43E
Requests: 18 HTTP requests in this frame

Frame: https://ads.eu.criteo.com/delivery/r/afr.php?z=YjnbBgALpckKGJhYAAcItII2jY6vLgWaMGf5xg&u=%7CEqx3jKV1DZUOfrkxdG%2BOU%2BFwN%2Bg8IQv98EAAaGYuegI%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM0j2hknANCpMoZ3wmmJmKy2vlXc6UG1VzF2Kd270zxfZ1qieSPxN3xWOPdW3T4GgFoRdOZYM0vCb57nHrvMljEyIvCs5fbPFCk2Jnmwu9Bx0CYTDsFlw5sVCwgowuIFXhzLF4TIP1GjG8Nyf4vvMXWWXmov0ib8EcLcSaPRspZkmCf9MevEvt23BMWZ9Y4bkOc20QCUEKC6QzWy5nIzMv4Q6au3s0rZx78-zQOVWlpsboorLA0boS3JYDCtmCsZwYCJm4HNgYKzwWV5zqyVvsIilH1Cd6ARi28O76Gejzt68HC2YnQlyYbauKXX35m9vv44ZHdAMx3mzK-Rt12ufJcj1D1YnLRltkgf9ovAPulilcm1r6jIRQ34D8MDDy-tUHLyuEk4c19BNscbe9NaH1LLk4ozTzBY_Bt0o8hTLbU0k&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCnoeJBts5YsnLLtiwYrSRnEjJntKxXMWMi-CaAcCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi01NzIwNzYzMjcxNTMyMzc3oAHVttLqA8gBCakCWCz0URRysj6oAwGqBNkBT9Dqc6f432dl7Jml4Oo6vS0gRzGVHTWGXZ7AFz43ZuhgRHN0Ud2VGLX4IgJ4-Sm7owrZyBunr3-Axwr6AIxzF1oA9rZ0mjWxuofq2cqJXAkhU1To_uIcQuAKfxOOFXxIQdkyzcJd2V6qNbKRvaWpl9jb2KgiBg_TwO-k4eF8bS4uC6F9UWonvLcTK40rlzrvju_pUA949xUNVEbgzkriyG-b9NzUgc3yI0dhkQDczdhPS-OIqjVVR1fIFS7Af7iWFGLcgH1IeNjuXxgwyfl7Klxzec5tVW1uzYAG1KCKy6SbqKNsoAYhqAeKmLECqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_2_Pu_weGdscXD7rHQTj9bSkQpNfg%26client%3Dca-pub-5720763271532377%26adurl%3D
Frame ID: 648B2847B37EBE90CFBFB312C685AF55
Requests: 21 HTTP requests in this frame

Frame: https://cse.google.com/cse_v2/ads?adsafe=low&pcsa=true&cx=009665096751685288782%3Ao6_z_tmwsge&client=google-coop&q=56e008e903a7e3a3b98e19f313435afe&r=m&hl=en&type=0&oe=UTF-8&ie=UTF-8&fexp=20606%2C17300842%2C17300953%2C17300955&format=p4&ad=p4&nocache=5101647958791233&num=0&output=uds_ads_only&source=gcsc&v=3&bsl=10&pac=0&u_his=2&u_tz=0&dt=1647958791234&u_w=1600&u_h=1200&biw=1600&bih=1200&psw=1600&psh=3840&frm=0&uio=-&qup=1&jsid=csa&jsv=12411&rurl=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe%23gsc.tab%3D0%26gsc.q%3D56e008e903a7e3a3b98e19f313435afe%26gsc.page%3D1
Frame ID: 2FCE71D5F1D863303799149259F2A5B9
Requests: 2 HTTP requests in this frame

Frame: https://pbs.twimg.com/card_img/1503869678833311745/j5FK-xqV?format=png&name=800x419
Frame ID: 6ACCD96869E1E4079A1E70B1B3B0FE24
Requests: 41 HTTP requests in this frame

Frame: https://ads.eu.criteo.com/delivery/r/afr.php?z=YjnbBgALJNQIu8ZKAACOAR93n3iKa0OY_VSalw&u=%7CEqx3jKV1DZXJNqL%2FvmTofLMhp4jJnXGjxAPA4gjvkrc%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM0j2hknANCpMoZ3wmmJmKy__U_jolI7iL-L4oo_FnJwhiD6XEKNVdGPbb-6J8D005IDm9Rql_SVJGy9NVdCAfiWII0YZM3VSSfF4RZOXBcp4xRDprOO4fbJpclnaPC-RTWwsQ7G7XiDgHbICEQxcjlMOmjG_Z_XKXolG-gcOr47qM6mQv-5KkQmuYwE7P6nmsoyDUH-zAbgl-nVrnWvtIFTxwYsxV5mY8nrt-NgOJPYfqHr3ss2q9Fze9x2eRN3wEHmcTjwhFJD9u9TjMZmFPrU_jZYRwcvNQv1fKRM70qu9wZGYbThHREvFm2iGI2CKe7TR-eRiml2xoJwQXkgmLlnbC1XgTFGjNFO1y14Qlvrqxj-RJ-Bsu-8mgq0IwCf1fO8tndQIWkK7Nmw09I0YbgftwT7VZRNVb&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCEuvkBts5YtTJLMqM7_UPgZyCqAvJntKxXL2Ol_dwwI23ARABIABgleKQgqAHggEXY2EtcHViLTU3MjA3NjMyNzE1MzIzNzegAdW20uoDyAEJqQLL5yCrq22yPqgDAaoE1gFP0BUCmFBu3XLj-qSG5nNj5RTgTDVKgCPHv7Gxfy2CW257-dm0yM98bVy70zhEWC7Gyc_mwqhqjJ-xmVIWWeyTgzXvzIv8z6ZEsenllbmK4OLCCrtpwTmjHYfjw2bt_OC76jPtD7uiWALa86WSrd3BfhzxR0RgLfbGf_Xe3AJ75pYFUAlkfWbkUo7oXBd0yEKQm8LmYp-wk7wlrwztS8SKFOUkOznr_Efftkyf1FL6-mh8K7lmFs9PMui1SPR1oFDGRAuIIm2HweMKtOThfwQZWifP26w3gAbUoIrLpJuoo2ygBiGoB4qYsQKoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_1eKWicQTeBrxt2UvIc0uNQ3ABpMQ%26client%3Dca-pub-5720763271532377%26adurl%3D
Frame ID: 24A78316E0E32B04666F58D0E0D4B6CC
Requests: 18 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 9C28080C03A2198F642548BE845FD4D5
Requests: 2 HTTP requests in this frame

Frame: https://c.disquscdn.com/next/embed/styles/realtime.b23ff3c36dd0169627f8e54ca1621eca.css
Frame ID: A53A8A072B2DD763EF3025359BF8B633
Requests: 1 HTTP requests in this frame

Frame: https://c.disquscdn.com/next/embed/styles/realtime.b23ff3c36dd0169627f8e54ca1621eca.css
Frame ID: C32FC9C9DCEDEBCB08845444C2C04F5B
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/J_qxQZjuUB_uQp7BvnBI0K8a5e4rJKdHhykRiRTCxyY.js
Frame ID: 0746CAAC18708576F144A15E84EF3DCB
Requests: 1 HTTP requests in this frame

Frame: https://imprammp.taboola.com/st?cipid=7991117&ttype=0&cirid=44759F818E51156803581966320&cicmp=1337627&cijs=1&dast=V7peoCFgMx4ZFo0aUEZgQx4ZFo0aUEZgUAAAAGBugHHDTarZYz4mK4Yi0Wq9lwMFmsJsvdbjbbDJYwMYvFYjRcrUZjzWKxGE1mq-EUDLbwOd3dbeBA0-nwue71ut_vLjpaXg7T22l3We56y88vBwAAAIAHAKKWaIgd34b2CAAAAAAJnpFrBYqAin8LgQsAAAAADAACsXANACiOAvYb7S5_AAA8KIAAAAhghAAcgk-IAAAAAIwAAAAAkAAIJBaWADjcLZoAAAT8xf5XwpwAAAAc1Mk8bbP8____xwDkvTfJAFCkbdwY9AA8-AA8CAEAAHwMgSwM-LLLFaoTFUAWMQIAAADIrd4kPZrUCZVF1f___78VwBUAQMBf7H_lUdbNSTFrGAAAAMDYAj0sfr_ZYdf43S77_________zf7PwNAE4ISfkwLYkCxV-MZuVZY-wUEAGB7NwCANwG4mAOwAwAAALj7____zwMAAFDao2R7rcazR1nvM9jC53R312_CFqPVZLJZDmfLxWQwHA1Ho_0J5HKAEzFYLieTxWS3Gq1Gm-FuNBssUCAGE6Ro0WCyGo0mi8lwNZqsZsvFbrdBilatZqPNYLiaTWa73Wo4GC5HI5ywxWg1mWyWw9lyMRkMR8PRaIgHVefS-bw6FQ_m43Luaxc-PsRwNZcsNnPFajVXzEarBAAAAAAAAACwhCnzJgAAAACnQcxmk91uxY03eyaItVotawAAAABu3cgB!&excid=22&tst=1&docw=0&cs=false
Frame ID: 52E611CBD069E08DDE59BD30CC76D42C
Requests: 1 HTTP requests in this frame

Frame: https://imprammp.taboola.com/st?cipid=7991117&ttype=0&cirid=ECABE043CF1215893371463688933&cicmp=1337627&cijs=1&dast=V7dHsCFgMx4ZFo0aUEZgQx4ZFo0aUEZgUAAAAGBugHHcVhUFiE0WZDY0wWq-Fys5ktRoPJbDKabUZLmJjFYjEarlajsWaxWIwms9VwCgZb-Jzu7jZwoOl0-Fz3et3vdxcdLS-H6e20uyx3veXnlwMAAADAAwBRSzTEjm9DewQAAACABM_ItQJFQMW_hcAFAAAAAAYAgVi4BgAURwH7jXaXPwAAHhRAAAAEMEIADsEVRAAAAABGAAAAAEgABBILSwAc7hZNAAAC_mL_K51OAAAADupknrZZ_v___2MA8t6bZAAo0jZuDHoAHnwAHoQAAAA-hoi5Z63cwRQLiQpUixgBAAAA5FZvkh5N6oTKour____fCuAKACDgL_a_Mi3r5qSYNQwAAABgbIEeFr_f7LBr_G6X_f________-b_Z8BoAlBCT-mBTGg2KvxjFwrrP0CAgCwvRsAwJsAXMwB2AEAAADc_f___-cBAAAI7VGyvVbj2aOs9xls4XO6u-s3YYvRajLZLIez5WIyGI6Go9H-BHI5wIkYLJeTyWKyW41Wo81wN5oNFigQgwlStGgwWY1Gk8VkuBpNVrPlYrfbIEWrVrPRZjBczSaz3W41HAyXoxFO2GK0mkw2y-FsuZgMhqPhaDTEg6pz6XxenYoH83E597ULHx9iuJpLFpu5YrWaK2ajVQIAAAAAAAAAWMKUeRMAAACA0yBms8lut-LGmz0TxFqtljUAAAAAt27kAA!&excid=22&tst=1&docw=0&cs=false
Frame ID: E1564C8DC121BBAECA5FF52549075790
Requests: 1 HTTP requests in this frame

Frame: https://imprammp.taboola.com/st?cipid=7991117&ttype=0&cirid=B02133C1FC1226639681602768572&cicmp=1337627&cijs=1&dast=V7dvoCFgMx4ZFo0aUEZgQx4ZFo0aUEZgUAAAAGBugHHEKYLDabDWPGYUwms9lmOdvtFsvNajRZjpYwMYvFYjRcrUZjzWKxGE1mq-EUDLbwOd3dbeBA0-nwue71ut_vLjpaXg7T22l3We56y88vBwAAAIAHAKKWaIgd34b2CAAAAAAJnpFrBYqAin8LgQsAAAAADAACsXANACiOAvYb7S5_AAA8KIAAAAhghAAcgk-IAAAAAIwAAAAAkAAIJBaWADjcLZoAAAT8xf5XwpwAAAAc1Mk8bbP8____xwDkvTfJAFCkbdwY9AA8-AA8CAEAAHwM-cKS_njPqT8TFYgWMQIAAADIrd4kPZrUCZVF1f___78VwBUAQMBf7H9lUNbNSTFrGAAAAMDYAj0sfr_ZYdf43S77_________zf7PwNAE4ISfkwLYkCxV-MZuVZY-wUEAGB7NwCANwG4mAOwAwAAALj7____zwMAANDYo2R7rcazR1nvM9jC53R312_CFqPVZLJZDmfLxWQwHA1Ho_0J5HKAEzFYLieTxWS3Gq1Gm-FuNBssUCAGE6Ro0WCyGo0mi8lwNZqsZsvFbrdBilatZqPNYLiaTWa73Wo4GC5HI5ywxWg1mWyWw9lyMRkMR8PRaIgHVefS-bw6FQ_m43Luaxc-PsRwNZcsNnPFajVXzEarBAAAAAAAAACwhCnzJgAAAACnQcxmk91uxY03eyaItVotawAAAABu3cgB!&excid=22&tst=1&docw=0&cs=false
Frame ID: CC202BDC8F9722E0742D6683F17C5BB1
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20220317/r20110914/zrt_lookup.html?fsb=1
Frame ID: D19A92173703AEBE29BDF56B61D208A9
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20220317/r20110914/zrt_lookup.html?fsb=1
Frame ID: E9DB3D8602FA6F6E12814C8C5CB90926
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/J_qxQZjuUB_uQp7BvnBI0K8a5e4rJKdHhykRiRTCxyY.js
Frame ID: 039B6534EFCA77D8A2EC3A11E296E2BB
Requests: 1 HTTP requests in this frame

Frame: https://imprammp.taboola.com/st?cipid=7991117&ttype=0&cirid=ECABE043CF121589451524359636&cicmp=1337627&cijs=1&dast=V7oWYCFgMx4ZFo0aUEZgQx4ZFo0aUEZgUAAAAGBugHHcVhUFiE0WZDY0wWq-FytBosZsPBZLUcrFZLmJjFYjEarlajsWaxWIwms9VwCgZb-Jzu7jZwoOl0-Fz3et3vdxcdLS-H6e20uyx3veXnlwMAAADAAwBRSzTEjm9DewQAAACABM_ItQJFQMW_hcAFAAAAAAYAgVi4BgAURwH7jXaXPwAAHhRAAAAEMEIADsFRRAAAAABGAAAAAEgABBILSwAc7hZNAAAC_mL_K2dPAAAADupknrZZ_v___2MA8t6bZAAo0jZuDHoAHnwAHoQAAAA-hqQ3G9idfCFqiApUixgBAAAA5FZvkh5N6oTKour____fCuAKACDgL_a_Mjjr5qSYNQwAAABgbIEeFr_f7LBr_G6X_f________-b_Z8BoAlBCT-mBTGg2KvxjFwrrP0CAgCwvRsAwJsAXMwB2AEAAADc_f___-cBAACE7VGyvVbj2aOs9xls4XO6u-s3YYvRajLZLIez5WIyGI6Go9H-BHI5wIkYLJeTyWKyW41Wo81wN5oNFigQgwlStGgwWY1Gk8VkuBpNVrPlYrfbIEWrVrPRZjBczSaz3W41HAyXoxFO2GK0mkw2y-FsuZgMhqPhaDTEg6pz6XxenYoH83E597ULHx9iuJpLFpu5YrWaK2ajVQIAAAAAAAAAWMKUeRMAAACA0yBms8lut-LGmz0TxFqtljUAAAAAt27kAA!&excid=22&tst=1&docw=0&cs=false
Frame ID: A0C3AA5ED056A5A22E4CF696CB1EDAF2
Requests: 1 HTTP requests in this frame

Frame: https://node228.impressionssl.adshop.infolinks.com/impression/?vh=1415704777&agy=414981&aid=637313&cid=640282&gid=643746&id=643752&st=1647958792&kwid=0&skw=license&sid=3241790_0&sip=3117783808&pid=15&tid=2&mime=image/png&dev=0&mtyp=502&agtyp=0&rid=3c640820-1335-4f96-93da-56f35757e8b9&idfa=&gaid=&site_cat=5
Frame ID: EFA440C368DD9CDC0A2CE10AE9A746F2
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11177003524201462228/GR_klima_728x90/GR_klima_728x90_1.html
Frame ID: FC2154CDF553EF9CCEF901C2AB697840
Requests: 17 HTTP requests in this frame

Frame: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Frame ID: AD2B8E6EF78400E390DA51A2F234FC06
Requests: 7 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 903A161E9FFA3A72CEFF5734BFF07749
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 878B7796ED887531AB3603137EBD61B9
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/J_qxQZjuUB_uQp7BvnBI0K8a5e4rJKdHhykRiRTCxyY.js
Frame ID: 465739E7E1F6C11F2F2CF09A2FAD15D6
Requests: 1 HTTP requests in this frame

Frame: https://platform.twitter.com/jot.html
Frame ID: D638E27B173EDBF74DE5B81207398778
Requests: 1 HTTP requests in this frame

Screenshot

Page Title

56e008e903a7e3a3b98e19f313435afe Malware Analysis Results | ThreatMiner.orgsearchsearch

Detected technologies

Overall confidence: 100%
Detected patterns
  • \.php(?:$|\?)

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Overall confidence: 100%
Detected patterns
  • adnxs\.(?:net|com)

Overall confidence: 100%
Detected patterns
  • dataTables.*\.js

Overall confidence: 100%
Detected patterns
  • 2mdn\.net

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
  • <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Overall confidence: 100%
Detected patterns
  • googlesyndication\.com/
  • 2mdn\.net

Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js

Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.openx\.net

Overall confidence: 100%
Detected patterns
  • //platform\.twitter\.com/widgets\.js

Overall confidence: 100%
Detected patterns
  • \.scorecardresearch\.com/beacon\.js|COMSCORE\.beacon

Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

438
Requests

95 %
HTTPS

41 %
IPv6

52
Domains

89
Subdomains

64
IPs

8
Countries

9529 kB
Transfer

18541 kB
Size

56
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 25
  • https://i.creativecommons.org/l/by/4.0/80x15.png HTTP 301
  • https://licensebuttons.net/l/by/4.0/80x15.png
Request Chain 75
  • https://ssum-sec.casalemedia.com/usermatch?s=191306&cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D HTTP 302
  • https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D&s=191306&C=1
Request Chain 77
  • https://image8.pubmatic.com/AdServer/ImgSync?p=156872&gdpr=&gdpr_consent=&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3Fp%3D156872%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Frouter.infolinks.com%252Fdyn%252Fpbm-usync%253Fuid%253D%2523PMUID HTTP 302
  • https://image8.pubmatic.com/AdServer/ImgSync?p=156872&gdpr=&gdpr_consent=&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3Fp%3D156872%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Frouter.infolinks.com%252Fdyn%252Fpbm-usync%253Fuid%253D%2523PMUID&rdf=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=OEI3NjdBNDYtNTA2MS00QUZGLTgwQzUtOUJGNjdDMUNFQTk2&gdpr=0&gdpr_consent= HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=OEI3NjdBNDYtNTA2MS00QUZGLTgwQzUtOUJGNjdDMUNFQTk2&gdpr=0&gdpr_consent=&google_tc= HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent= HTTP 302
  • https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent= HTTP 302
  • https://image4.pubmatic.com/AdServer/SPug?p=156872&pmc=1&pr=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fpbm-usync%3Fuid%3D8B767A46-5061-4AFF-80C5-9BF67C1CEA96 HTTP 302
  • https://router.infolinks.com/dyn/pbm-usync?uid=8B767A46-5061-4AFF-80C5-9BF67C1CEA96 HTTP 302
  • https://pixel.tapad.com/idsync/ex/receive?partner_id=3356&partner_device_id=8B767A46-5061-4AFF-80C5-9BF67C1CEA96 HTTP 302
  • https://pixel.tapad.com/idsync/ex/receive/check?partner_id=3356&partner_device_id=8B767A46-5061-4AFF-80C5-9BF67C1CEA96
Request Chain 78
  • https://ib.adnxs.com/getuid?https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fapn-usync%3Fuser_id%3D%24UID HTTP 307
  • https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Frouter.infolinks.com%252Fdyn%252Fapn-usync%253Fuser_id%253D%2524UID HTTP 302
  • https://router.infolinks.com/dyn/apn-usync?user_id=2843408346336645752
Request Chain 80
  • https://ups.analytics.yahoo.com/ups/58422/occ HTTP 302
  • https://ups.analytics.yahoo.com/ups/58422/occ?verify=true HTTP 302
  • https://router.infolinks.com/dyn/VR-usync?uid=y-kNpO2QxE2uGKC2x9nFN8X4Ste.riUF8Ew15h9Oo-~A
Request Chain 81
  • https://sync.1rx.io/usersync2/infolinks HTTP 302
  • https://sync.1rx.io/usersync2/infolinks?zcc=1&cb=1647958791321 HTTP 302
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=1250940294 HTTP 302
  • https://match.adsrvr.org/track/cmb/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=1250940294 HTTP 302
  • https://sync.1rx.io/usersync/tradedesk/2ba16ead-3562-48a7-81d7-cfa46fe93e17 HTTP 302
  • https://sync.targeting.unrulymedia.com/csync/RX-55f5cc61-5e33-4350-845d-8732829256fd-003?redir=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fr1-usync%3Fuid%3DRX-55f5cc61-5e33-4350-845d-8732829256fd-003 HTTP 302
  • https://router.infolinks.com/dyn/r1-usync?uid=RX-55f5cc61-5e33-4350-845d-8732829256fd-003
Request Chain 82
  • https://b1sync.zemanta.com/usersync/infolinks/?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fzmn-usync%3Fuid%3D__ZUID__ HTTP 302
  • https://router.infolinks.com/dyn/zmn-usync?uid=
Request Chain 84
  • https://ib.adnxs.com/getuid?https://s.cpx.to/ca.png?ref=https%253A%252F%252Fwww.threatminer.org%252Fsample.php%253Fq%253D56e008e903a7e3a3b98e19f313435afe&pid=12306&adnxs_uid=$UID HTTP 307
  • https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fs.cpx.to%2Fca.png%3Fref%3Dhttps%25253A%25252F%25252Fwww.threatminer.org%25252Fsample.php%25253Fq%25253D56e008e903a7e3a3b98e19f313435afe%26pid%3D12306%26adnxs_uid%3D%24UID HTTP 302
  • https://s.cpx.to/ca.png?ref=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe&pid=12306&adnxs_uid=2843408346336645752
Request Chain 86
  • https://ad.360yield.com/server_match?r=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fimd-usync%3Fuser_id%3D%7BPUB_USER_ID%7D%26partner_id%3D1531 HTTP 302
  • https://ad.360yield.com/ul_cb/server_match?r=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fimd-usync%3Fuser_id%3D%7BPUB_USER_ID%7D%26partner_id%3D1531 HTTP 302
  • https://router.infolinks.com/dyn/imd-usync?user_id=92a6f32d-36da-44dc-87a9-9edb1dba7fe8&partner_id=1531
Request Chain 87
  • https://pixel.advertising.com/ups/58237/sync?&gdpr=&gdpr_consent=&redir=true HTTP 302
  • https://pixel.advertising.com/ups/58237/sync?&gdpr=&gdpr_consent=&redir=true&verify=true HTTP 302
  • https://ups.analytics.yahoo.com/ups/58237/sync?&gdpr=&gdpr_consent=&redir=true&apid=UP22de5ea8-a9eb-11ec-8372-02e24adefb4c HTTP 302
  • https://router.infolinks.com/dyn/outh-usync?uid=y-xfH7ugBE2uG1NOdTrho4IENi3HgFJwtj~A~UP22de5ea8-a9eb-11ec-8372-02e24adefb4c
Request Chain 90
  • https://image8.pubmatic.com/AdServer/ImgSync?p=60809&gdpr=&gdpr_consent=&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3Fp%3D60809%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Frouter.infolinks.com%252Fdyn%252Fusersync%253Fpmuservalue%253D%2523PMUID HTTP 302
  • https://image4.pubmatic.com/AdServer/SPug?p=60809&pmc=1&pr=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fusersync%3Fpmuservalue%3D8B767A46-5061-4AFF-80C5-9BF67C1CEA96 HTTP 302
  • https://router.infolinks.com/dyn/usersync?pmuservalue=8B767A46-5061-4AFF-80C5-9BF67C1CEA96
Request Chain 91
  • https://p.rfihub.com/cm?pub=43153&in=1 HTTP 302
  • https://router.infolinks.com/dyn/zeta-usync?uid=5131077720956860077
Request Chain 104
  • https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D&gdpr=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=YjnbBjS4PehpXSLSwhYw9AAA HTTP 302
  • https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=casale_media2_dbm&google_cm=&google_sc=&google_hm=YjnbBjS4PehpXSLSwhYw9AAA&google_tc= HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEHNUYob_wfPu8I9puuAeWFU&google_cver=1&gdpr=1
Request Chain 106
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YjnbBjS4PehpXSLSwhYw9AAABG8AAAIB HTTP 302
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YjnbBjS4PehpXSLSwhYw9AAABG8AAAIB&dcc=t
Request Chain 109
  • https://match.prod.bidr.io/cookie-sync/ie?gdpr=1 HTTP 303
  • https://match.prod.bidr.io/cookie-sync/ie?gdpr=1&_bee_ppp=1 HTTP 303
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=130&external_user_id=AACXR07Ec7YAADH5JbgpTg&expiration=1649168391&gdpr=1
Request Chain 110
  • https://dmp.brand-display.com/cm/api/index?cm_dsp_id=191&cm_user_id=%3CIndex_user_id%3E&gdpr=1 HTTP 302
  • https://dsum.casalemedia.com/crum?cm_dsp_id=191&external_user_id=6f272d75-955e-dd6c-c2975258
Request Chain 118
  • https://sb.scorecardresearch.com/b?c1=7&c2=34354936&c3=1&ns__t=1647958791015&ns_c=UTF-8&ns_if=1&cv=3.5&c8=&c7=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe&c9= HTTP 302
  • https://sb.scorecardresearch.com/b2?c1=7&c2=34354936&c3=1&ns__t=1647958791015&ns_c=UTF-8&ns_if=1&cv=3.5&c8=&c7=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe&c9=
Request Chain 119
  • https://sb.scorecardresearch.com/b?c1=7&c2=34354936&c3=1&ns__t=1647958791016&ns_c=UTF-8&ns_if=1&cv=3.5&c8=&c7=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe&c9= HTTP 302
  • https://sb.scorecardresearch.com/b2?c1=7&c2=34354936&c3=1&ns__t=1647958791016&ns_c=UTF-8&ns_if=1&cv=3.5&c8=&c7=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe&c9=
Request Chain 346
  • https://www.google.com/pagead/drt/ui HTTP 302
  • https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Request Chain 444
  • https://www.google.com/pagead/drt/ui HTTP 302
  • https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Request Chain 445
  • https://www.google.com/pagead/drt/ui HTTP 302
  • https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Request Chain 447
  • https://syndication.twitter.com/i/jot HTTP 302
  • https://platform.twitter.com/jot.html

438 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request sample.php
www.threatminer.org/
25 KB
7 KB
Document
General
Full URL
https://www.threatminer.org/sample.php?q=56e008e903a7e3a3b98e19f313435afe
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:feb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
afa4429500bc68b1b9c5cc6e07075cf1bcdeb46c80643c17d928f4cea193961e

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

date
Tue, 22 Mar 2022 14:19:50 GMT
content-type
text/html; charset=UTF-8
expires
Thu, 19 Nov 1981 08:52:00 GMT
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma
no-cache
vary
Accept-Encoding
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PTvte5r%2F%2FedJecN6p9SHRBWHRjavPRdn6pDrmY9c2AeulovdureIuSkblku64rG%2BNVS4grJ74NVAmEgcsTpFiMK9xEl%2FFS82ZwynS5t8l5q0bQI%2BgG7CEOCYJLy14anduCqfvnflI1EzJhPWnKLj3vA%3D"}],"group":"cf-nel","max_age":604800}
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
cf-ray
6eff9085ed32692d-FRA
content-encoding
br
bootstrap.min.css
www.threatminer.org/bower_components/bootstrap/dist/css/
115 KB
20 KB
Stylesheet
General
Full URL
https://www.threatminer.org/bower_components/bootstrap/dist/css/bootstrap.min.css
Requested by
Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=56e008e903a7e3a3b98e19f313435afe
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:feb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f04b517ba5d6a0510485689a3e42dac000f51640fd71b986804cba178eae42a5

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.threatminer.org/sample.php?q=56e008e903a7e3a3b98e19f313435afe
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:19:50 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Tue, 21 Apr 2015 05:02:54 GMT
server
cloudflare
age
5933
etag
W/"1ca39-51434f58bfb80-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pVvlDN0yP%2FH3ryUN3ge5Ha22aDLvlpwdiES60eZ2ufarqC8s%2FKfvhiSrRl3ZyntplyJe5cpfNjew0348A2BC0Ikd2T%2B8nRiV9UKZjevrjg25XFfOgB4KZyO9qhwunPETm7NHNIEM3VJlafvS4ai%2BhnE%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=86400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
6eff90865e60692d-FRA
metisMenu.min.css
www.threatminer.org/bower_components/metisMenu/dist/
781 B
707 B
Stylesheet
General
Full URL
https://www.threatminer.org/bower_components/metisMenu/dist/metisMenu.min.css
Requested by
Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=56e008e903a7e3a3b98e19f313435afe
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:feb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e0dc574fb2b266dba913861d60b0c69d1e41f0fd095a3341a45f26401cd8b6b3

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.threatminer.org/sample.php?q=56e008e903a7e3a3b98e19f313435afe
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:19:50 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Tue, 21 Apr 2015 05:02:54 GMT
server
cloudflare
age
5933
etag
W/"30d-51434f58bfb80-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=A%2BlzsQLaGaBvrLvOvadj4GUYvOu1wA1Mk%2BcMa2x0s2Cp%2FPOkfrnkQYtIA4VHoxYs4Rfv8mvV%2BwVkn%2BvzKzY16zvruglm3rebbI%2BNV9bQ0TnuvtG5QeuYIkTLuIFUhysIe8e7cvYeBp9s3XqKkJ1Ig5A%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=86400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
6eff90865e61692d-FRA
dataTables.bootstrap.css
www.threatminer.org/bower_components/datatables-plugins/integration/bootstrap/3/
6 KB
2 KB
Stylesheet
General
Full URL
https://www.threatminer.org/bower_components/datatables-plugins/integration/bootstrap/3/dataTables.bootstrap.css
Requested by
Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=56e008e903a7e3a3b98e19f313435afe
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:feb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fac55d188233bffb66023997fcdf69c38df2f62ee4654ad62c61a85b6e81d705

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.threatminer.org/sample.php?q=56e008e903a7e3a3b98e19f313435afe
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:19:50 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
4514
cf-polished
origSize=7616
last-modified
Tue, 21 Apr 2015 05:02:54 GMT
server
cloudflare
etag
W/"1dc0-51434f58bfb80-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FRWf7uUN3KjbelDYKKQeHj4Xjm1iYnAwTQPvf%2FQgNlT2Sh5dvwva08UJnkCUba%2B8ZgE916PVq74Kir3A9C5RwyNwlb8piXu5Bqvtp7R%2FdAvO%2Bn5cCFd7jeN1YT0gX8FKI2bTv%2BgLEKZPSjnQrc3G1sk%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=86400
cf-ray
6eff90865e62692d-FRA
cf-bgj
minify
dataTables.responsive.css
www.threatminer.org/bower_components/datatables-responsive/css/
3 KB
876 B
Stylesheet
General
Full URL
https://www.threatminer.org/bower_components/datatables-responsive/css/dataTables.responsive.css
Requested by
Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=56e008e903a7e3a3b98e19f313435afe
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:feb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c692f0d15d92d902c12d745947ba1f892a76bbf3f74c6f3a9f590afd0653ee04

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.threatminer.org/sample.php?q=56e008e903a7e3a3b98e19f313435afe
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:19:50 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
4514
cf-polished
origSize=3051
last-modified
Tue, 21 Apr 2015 05:02:54 GMT
server
cloudflare
etag
W/"beb-51434f58bfb80-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rqCB%2Fpwb%2F69AZr5%2BTTv0Rvle4nobVcNioxAzeQxFgy%2BKZKkpVduy5XiuijWwofiyrW65oolU8fxEJSqrDKpgvcfekx7CcRZJDxxvxvJIJfV4KTVcSjHhx3vm5S1uqsIeDuBYzxJYaooOrB5yVKv%2FBuQ%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=86400
cf-ray
6eff90865e63692d-FRA
cf-bgj
minify
buttons.dataTables.min.css
www.threatminer.org/bower_components/datatables-plugins/buttons/media/css/
8 KB
2 KB
Stylesheet
General
Full URL
https://www.threatminer.org/bower_components/datatables-plugins/buttons/media/css/buttons.dataTables.min.css
Requested by
Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=56e008e903a7e3a3b98e19f313435afe
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:feb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c7d55fb721c0a1bb591d30b6e06f7781fbd13ab200a8aef0fa8df62e455bc0b1

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.threatminer.org/sample.php?q=56e008e903a7e3a3b98e19f313435afe
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:19:50 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Mon, 01 May 2017 13:08:48 GMT
server
cloudflare
age
4514
etag
W/"1f58-54e761fab9800-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rxORHuV86kXU5uuGvnVb6weJo3M9CejGPLcO675JXmSvju8BoZt25%2BVQYKJomc%2Bhg9zGOJTL0ZIwMIF83W9Xu%2FA4qOiK3TBjZEwuccu9uyeVF6EGH5Bs77zobw%2F1HlYvwNkP7Rv4G%2Fg4j6H8OIXVbp0%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=86400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
6eff90865e65692d-FRA
buttons.bootstrap.min.css
www.threatminer.org/bower_components/datatables-plugins/buttons/media/css/
2 KB
919 B
Stylesheet
General
Full URL
https://www.threatminer.org/bower_components/datatables-plugins/buttons/media/css/buttons.bootstrap.min.css
Requested by
Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=56e008e903a7e3a3b98e19f313435afe
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:feb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9926a0d226b45faff8db829a1c445f33efa6522e213fafed1000365d5abf73df

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.threatminer.org/sample.php?q=56e008e903a7e3a3b98e19f313435afe
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:19:50 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Mon, 01 May 2017 13:02:52 GMT
server
cloudflare
age
4514
etag
W/"626-54e760a737700-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=maPUodliTISCr5rAU4UPr%2BxjAZCUCB4IgYPm09pqlW%2BW8pIhIdyBaNZOHfh9te3ld6VwGNYMQHODPesio2NLTbCzi0FcG0DvgsjK9XNpBwQMI8BU7nUHgLKcowI25VTdJUKWaiDup%2Bvz35F6VDnJeWk%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=86400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
6eff90865e66692d-FRA
sb-admin-2.css
www.threatminer.org/dist/css/
4 KB
2 KB
Stylesheet
General
Full URL
https://www.threatminer.org/dist/css/sb-admin-2.css
Requested by
Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=56e008e903a7e3a3b98e19f313435afe
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:feb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
50d6e541020cbfdddf888aa2c42ad1c8d2296f9045709983354441032e2eb55d

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.threatminer.org/sample.php?q=56e008e903a7e3a3b98e19f313435afe
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:19:50 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
4514
cf-polished
origSize=5638
last-modified
Sat, 02 Jan 2021 17:59:17 GMT
server
cloudflare
etag
W/"1606-5b7ee9d93cc8e-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Qu2kvGo%2BoqDcHq4YPp68MSBmS2ERI9ZyHPlDr342frrc2wldL8JohndqXreQyvQJ3Zwry6Cgb5mxe6dkqj84mgLg32GmKZgqkCOewGa8%2FcWM%2FAZrM55pzWPiLvPnI8frhspENZ1FESuX53SeowD1Uj0%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=86400
cf-ray
6eff90865e67692d-FRA
cf-bgj
minify
font-awesome.min.css
www.threatminer.org/bower_components/font-awesome/css/
21 KB
5 KB
Stylesheet
General
Full URL
https://www.threatminer.org/bower_components/font-awesome/css/font-awesome.min.css
Requested by
Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=56e008e903a7e3a3b98e19f313435afe
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:feb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0fb1bbca73646e8e2b93c82e8d8b219647b13d4b440c48e338290b9a685b8de1

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.threatminer.org/sample.php?q=56e008e903a7e3a3b98e19f313435afe
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:19:50 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Tue, 21 Apr 2015 05:02:54 GMT
server
cloudflare
age
4514
etag
W/"55e0-51434f58bfb80-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yH27yJYZzcaAcj7NyEgIohrMDfaJhf6a7QP2c3rUzexWDVav9NIjdirPObAoHw0PcuYiReXNQdW9eAechMoEESpSNdmMQSwc3ovBB%2F8P8vKOBlrjnwd2VYWHwJCMmGtuFBTJyBvEE6CxYvGq1ls0CJg%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=86400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
6eff90865e69692d-FRA
social-share-kit.css
www.threatminer.org/dist/css/
12 KB
3 KB
Stylesheet
General
Full URL
https://www.threatminer.org/dist/css/social-share-kit.css
Requested by
Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=56e008e903a7e3a3b98e19f313435afe
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:feb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
60adb5d029ec8a5d4613d7d57ff8a799c43caae1d1d1c2e5c230d65850fd5273

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.threatminer.org/sample.php?q=56e008e903a7e3a3b98e19f313435afe
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:19:50 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
4514
cf-polished
origSize=12273
last-modified
Fri, 16 Dec 2016 10:13:34 GMT
server
cloudflare
etag
W/"2ff1-543c3d291af80-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UemhGikWOBx4LWy8XcgpjSHw95o%2FJ8ysAp5Xx2ldKSttk6f94yTwkLyo2EUWGmfUvEiz%2Ft9s7p2%2Bi71DqbpwTSv4W1E2PIdzCK2YAu5GzFk86dV8Gavz%2BcHgbi2%2BdavIGVmgsWEjHJl%2B7d2W8alVohk%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=86400
cf-ray
6eff90865e6b692d-FRA
cf-bgj
minify
adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/
157 KB
54 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Requested by
Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=56e008e903a7e3a3b98e19f313435afe
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
acba8956287ec74ba144c311b37acd17330423a5e9449a8f12ddefe839af3079
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.threatminer.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:19:50 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
54904
x-xss-protection
0
server
cafe
etag
4773210964264465484
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Tue, 22 Mar 2022 14:19:50 GMT
widgets.js
platform.twitter.com/
96 KB
29 KB
Script
General
Full URL
https://platform.twitter.com/widgets.js
Requested by
Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=56e008e903a7e3a3b98e19f313435afe
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/67AA) /
Resource Hash
c9a35e6a04a65ef59009f7f48fda051d802dea8c7814533ba432b6477410c9b0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.threatminer.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date
Tue, 22 Mar 2022 14:19:50 GMT
Content-Encoding
gzip
Age
154
X-Cache
HIT
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing
"x-cache;desc= HIT,x-tw-cdn;desc=VZ",edge;dur=1
Content-Length
29178
x-tw-cdn
VZ
Last-Modified
Wed, 16 Feb 2022 18:46:17 GMT
Server
ECS (frb/67AA)
Etag
"f7f936f48944db7f829585c4368f33ae+gzip"
Vary
Accept-Encoding
Access-Control-Allow-Methods
GET
Content-Type
application/javascript; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=1800
ajax-loader.gif
www.threatminer.org/images/
3 KB
3 KB
Image
General
Full URL
https://www.threatminer.org/images/ajax-loader.gif
Requested by
Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=56e008e903a7e3a3b98e19f313435afe
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:feb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
934abde684325043e16edeffd73752cd5f0ab00b5723d8e47a618ce3f16a3799

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.threatminer.org/sample.php?q=56e008e903a7e3a3b98e19f313435afe
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:19:50 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
4514
cf-polished
origSize=2608
content-length
2599
last-modified
Sat, 17 Oct 2015 00:26:24 GMT
server
cloudflare
etag
"a30-52241f64ccc00"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=f5KvkFjlGEHzlO%2FNCEa3lCyy1GXOMdpG38N3ENdRQxI%2FaIXPvIkR2daq3hV9N3q5P145H7IDpBhjPs7i0K1zyv%2Fc3rBAc65MfFbrFJ3avOIYbK3ae9JoGSi1qBsdBrNEoeU3vF%2BtUNS94832sGEzRxI%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/gif
cache-control
max-age=86400
accept-ranges
bytes
cf-ray
6eff9086bf1c692d-FRA
cf-bgj
imgq:100,h2pri
jquery-1.12.4.min.js
www.threatminer.org/bower_components/jquery/dist/
95 KB
34 KB
Script
General
Full URL
https://www.threatminer.org/bower_components/jquery/dist/jquery-1.12.4.min.js
Requested by
Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=56e008e903a7e3a3b98e19f313435afe
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:feb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.threatminer.org/sample.php?q=56e008e903a7e3a3b98e19f313435afe
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:19:50 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Mon, 01 May 2017 12:15:38 GMT
server
cloudflare
age
4514
etag
W/"17b8b-54e7561880e80-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=M0Q2ykR3WyvuCQVOVfXOVHm%2BDy6u2%2BXzExZCGlk6zxhwd8jPJzYVoR13o1Lu%2BFD2b3zjUFYRSt%2FX9SHAALgqkqVYZxGlJvneG01XIPtjO3mH22Qjm12zpsc4RHcKuzWBUgC0ZKvkFdxz9Vx3MO6aKNQ%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=86400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
6eff9086aee1692d-FRA
bootstrap.min.js
www.threatminer.org/bower_components/bootstrap/dist/js/
35 KB
10 KB
Script
General
Full URL
https://www.threatminer.org/bower_components/bootstrap/dist/js/bootstrap.min.js
Requested by
Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=56e008e903a7e3a3b98e19f313435afe
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:feb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d5fd173d00d9733900834e0e1083de86b532e048b15c0420ba5c2db0623644b8

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.threatminer.org/sample.php?q=56e008e903a7e3a3b98e19f313435afe
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:19:50 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Tue, 21 Apr 2015 05:02:54 GMT
server
cloudflare
age
5933
etag
W/"8c6f-51434f58bfb80-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=s5L3tp0eQVmHkc1hWJQhAEsnjstKqwJR%2FLP6bEzSI7e18UouRc5%2BNQss3wo8iy5A%2FBVNLkOatRfEMj0dYE3rxbYWrWVY3UfP6C01uWdM9GaKKW4cKiTFZsixKu5tfSkH2b1r13Dhr58Eb%2FZAqAo8WsI%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=86400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
6eff9086aee3692d-FRA
metisMenu.min.js
www.threatminer.org/bower_components/metisMenu/dist/
2 KB
1 KB
Script
General
Full URL
https://www.threatminer.org/bower_components/metisMenu/dist/metisMenu.min.js
Requested by
Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=56e008e903a7e3a3b98e19f313435afe
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:feb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3ab0a74bbd399efdf7c9c9bffb689f0a755fc7131d5af04c8393d45f5163a69b

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.threatminer.org/sample.php?q=56e008e903a7e3a3b98e19f313435afe
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:19:50 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Tue, 21 Apr 2015 05:02:54 GMT
server
cloudflare
age
4514
etag
W/"757-51434f58bfb80-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gvGuKlCGTsiqhFnUk6IYZNRCbAzTV62WdUJD7MD6hK1HP4oQH8bZp5THECdhYk7xeMWttsAmksCCkJ3ZhfK9BEue0AopZu8HdCPEE%2F%2FjGcMCWjCs4S6YU3mnd4IIX0YegcC%2FAzP%2FN0bhOVNHIlTxmc4%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=86400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
6eff9086aeef692d-FRA
jquery.dataTables.min.js
www.threatminer.org/bower_components/datatables/media/js/
81 KB
29 KB
Script
General
Full URL
https://www.threatminer.org/bower_components/datatables/media/js/jquery.dataTables.min.js
Requested by
Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=56e008e903a7e3a3b98e19f313435afe
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:feb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8f4d3b47b47a8a31163dad5d7fb15e27a0056d07b0c34c6089fd9225664e847c

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.threatminer.org/sample.php?q=56e008e903a7e3a3b98e19f313435afe
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:19:50 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Mon, 01 May 2017 12:24:55 GMT
server
cloudflare
age
4514
etag
W/"14544-54e7582bb33c0-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8T2ZYMGWih2o8ujOlrVQMKuDZa01v2OX9nBFpIRT%2BWtVpDhdScFd5DRAE7qCiK93QHGhE2EkTojAVvcOlX7lUMY8%2B3Z76ZCYgiXmJzbFie1q6IRxdQIQkIq97LzQqhVOmb8LrLG9SIGQeuEyLO9QJAg%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=86400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
6eff9086bf0b692d-FRA
dataTables.bootstrap.min.js
www.threatminer.org/bower_components/datatables-plugins/integration/bootstrap/3/
2 KB
1 KB
Script
General
Full URL
https://www.threatminer.org/bower_components/datatables-plugins/integration/bootstrap/3/dataTables.bootstrap.min.js
Requested by
Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=56e008e903a7e3a3b98e19f313435afe
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:feb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a905062b971bfb70ba70dda1a454d9cb7f7389be7ff515f6eb9009c8e697a34b

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.threatminer.org/sample.php?q=56e008e903a7e3a3b98e19f313435afe
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:19:50 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Tue, 21 Apr 2015 05:02:54 GMT
server
cloudflare
age
4514
etag
W/"796-51434f58bfb80-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PusZEzHEnF0ZReivwToiLZUYhUMb8aGwAU2yDSCBGsDek30tYFYsrhRMY8bzLLjzVJ1pNor%2BahY315LVU55bDgXU7l8WHpSH4xC4iQO0c4k%2Bcn35RFgGc6Mz8Ls7PMHxCZiOy1JN9f2lJ6w%2Fy2GcQ4Q%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=86400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
6eff9086bf0e692d-FRA
dataTables.buttons.min.js
www.threatminer.org/bower_components/datatables-plugins/buttons/media/js/
16 KB
6 KB
Script
General
Full URL
https://www.threatminer.org/bower_components/datatables-plugins/buttons/media/js/dataTables.buttons.min.js
Requested by
Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=56e008e903a7e3a3b98e19f313435afe
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:feb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8aeaf60f6f34ced8ed9c83b249bdfc8544cc8f318294074898e6ced1d04e678c

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.threatminer.org/sample.php?q=56e008e903a7e3a3b98e19f313435afe
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:19:50 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Mon, 01 May 2017 12:34:43 GMT
server
cloudflare
age
4514
etag
W/"4088-54e75a5c75ec0-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=O3Ha8tBCqNlu5KKqIkdZZj%2BIA2I4SDO3StawAV8TRaBD%2F154M7ctqq5WSdwT%2B7luWChNPD%2Bf%2F6b1VrZPypar8HzGGtdtpn47MzXI8LTy3B0quJBdsIhCGTx%2BtkwNB777apM%2FC9joRjU4HA1sksqsAqw%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=86400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
6eff9086bf0f692d-FRA
pdfmake.min.js
www.threatminer.org/bower_components/datatables-plugins/pdfmake/media/js/
1 MB
391 KB
Script
General
Full URL
https://www.threatminer.org/bower_components/datatables-plugins/pdfmake/media/js/pdfmake.min.js
Requested by
Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=56e008e903a7e3a3b98e19f313435afe
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:feb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cf919e6fbfbf62a4f8cfaab4cf5c5f80e7c10be2bc9f7e4c70142175c0b49b4f

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.threatminer.org/sample.php?q=56e008e903a7e3a3b98e19f313435afe
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:19:50 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Mon, 01 May 2017 11:37:06 GMT
server
cloudflare
age
4514
etag
W/"106721-54e74d7b9bc80-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SYSTEaxh5y0a22r1uexzc7n6q2ZZ0xbF7%2BRRVU7A8b2eEotz772v59ONxgg%2FBJSZozSSG1yvR7d5FnDSUcjrm9M%2Frrh0kZ1wM%2FzkCMMsj7FrZTmjIiOfQBteSogMhNFl%2F0JNhifFdI6k1H8%2BgO0lwKE%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=86400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
6eff9086bf12692d-FRA
jszip.min.js
www.threatminer.org/bower_components/datatables-plugins/jszip/media/js/
100 KB
31 KB
Script
General
Full URL
https://www.threatminer.org/bower_components/datatables-plugins/jszip/media/js/jszip.min.js
Requested by
Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=56e008e903a7e3a3b98e19f313435afe
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:feb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
45b3ffadbc785de6091fa798527891eb7264e4d115e3c1a37acb60e3d70d4966

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.threatminer.org/sample.php?q=56e008e903a7e3a3b98e19f313435afe
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:19:50 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Mon, 01 May 2017 11:36:59 GMT
server
cloudflare
age
4922
etag
W/"18e33-54e74d74eecc0-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mpcyxn%2Bfy8YSlKd%2Bi9zVbHDu6m74vTgBmqIJNGdXCjbjDwOliTyVd3zYpqi%2BWEqcZiX3f7tWk6c%2BX7%2BfMpczFw%2FRToS5S5UmIZXb6EWwhd%2BPTb6eY1KcwC%2FtAWlsUyIa%2B5%2BSBOabU58EChVj3gFqHCY%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=86400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
6eff9086bf14692d-FRA
vfs_fonts.js
www.threatminer.org/bower_components/datatables-plugins/vfs_fonts/media/js/
933 KB
455 KB
Script
General
Full URL
https://www.threatminer.org/bower_components/datatables-plugins/vfs_fonts/media/js/vfs_fonts.js
Requested by
Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=56e008e903a7e3a3b98e19f313435afe
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:feb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ecee1d502f45731162f99f4d6aa07c0315a26a8382c1b1bc3c9958ab3ff04000

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.threatminer.org/sample.php?q=56e008e903a7e3a3b98e19f313435afe
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:19:50 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
4922
cf-polished
origSize=955603
last-modified
Mon, 01 May 2017 11:37:11 GMT
server
cloudflare
etag
W/"e94d3-54e74d80607c0-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kK2zkrwLe4EZZ7yqx6NWW2dN0TLLIpVQs1edjffCA6BkJmjnouUTJMnZkKf%2BvoRqVQiyyDenHOaEapBE7iShwGJh5Zd8C6bpawn%2Bmh0DUcjyEnyJwrr%2BbLYQX0nttfthwzwRfd16G5eBviHy9JjdbuA%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=86400
cf-ray
6eff9086bf15692d-FRA
cf-bgj
minify
buttons.html5.min.js
www.threatminer.org/bower_components/datatables-plugins/buttons/media/js/
23 KB
6 KB
Script
General
Full URL
https://www.threatminer.org/bower_components/datatables-plugins/buttons/media/js/buttons.html5.min.js
Requested by
Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=56e008e903a7e3a3b98e19f313435afe
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:feb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
07a081c6a38ab09a0163aecaaf77713ffae6e09d06ba1a112efef22e01857ddc

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.threatminer.org/sample.php?q=56e008e903a7e3a3b98e19f313435afe
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:19:50 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Mon, 01 May 2017 11:37:16 GMT
server
cloudflare
age
4514
etag
W/"5b7a-54e74d8525300-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LOpKYfBqraQgh4KqicS2wWlhJAvvUjRHYnXNIbaCHZE%2BgV%2BAIRSDl4Rh%2Bb8ZVX3v7%2BYDKWrU%2BNBpqrdgvGikRlk1qYEYXugPdbLyU4pQmcVrV2xPdOf%2F%2Bd2i%2FbAa0TQlFIDtDiRJdkZJwS73waCp1eo%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=86400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
6eff9086bf17692d-FRA
sb-admin-2.js
www.threatminer.org/dist/js/
756 B
719 B
Script
General
Full URL
https://www.threatminer.org/dist/js/sb-admin-2.js
Requested by
Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=56e008e903a7e3a3b98e19f313435afe
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:feb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ed99491fe47b5733d1ad2fbf90f5d9066d049a530d1b92ebe47be5e0c527a32e

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.threatminer.org/sample.php?q=56e008e903a7e3a3b98e19f313435afe
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:19:50 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
5933
cf-polished
origSize=1181
last-modified
Sat, 25 May 2019 17:16:01 GMT
server
cloudflare
etag
W/"49d-589b97821f640-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YJV6CcGuNoz057z7ldY3IeJE8jtiQan3461Ac06%2FATlLjPrfNCk3A1BVdI8lzo7K0889d1w096VeNv8hWJesNrjrPWbtAHKKSADV%2FUJQqXuy%2FckwSx2sNgPg1JjQaheBvfJGeTBIqnAZrYEcdYFoaZ8%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=86400
cf-ray
6eff9086bf18692d-FRA
cf-bgj
minify
tm_utility.js
www.threatminer.org/dist/js/
8 KB
2 KB
Script
General
Full URL
https://www.threatminer.org/dist/js/tm_utility.js
Requested by
Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=56e008e903a7e3a3b98e19f313435afe
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:feb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e725928ffb665a91ca8a3631e3002edba9b0f9ec66b40a59d53db0f44827e34e

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.threatminer.org/sample.php?q=56e008e903a7e3a3b98e19f313435afe
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:19:50 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
6064
cf-polished
origSize=10497
last-modified
Mon, 22 Nov 2021 16:06:03 GMT
server
cloudflare
etag
W/"2901-5d162cd378793-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4UaEvIjO4azsWXePm%2FKffh1DkEQeoWddIn%2FJOIC3sqUdtiGzfe6Alml1j5ebRkQ6jVrBcznXz4D8iQF7i3JOiEYaxiEboN8p59VHBY3CMr0zmIyxtYu3TdIWQwXz5Sasn4KuOsGVTJVi0QY30z7UhUs%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=86400
cf-ray
6eff9086bf19692d-FRA
cf-bgj
minify
social-share-kit.min.js
www.threatminer.org/dist/js/
6 KB
3 KB
Script
General
Full URL
https://www.threatminer.org/dist/js/social-share-kit.min.js
Requested by
Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=56e008e903a7e3a3b98e19f313435afe
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:feb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ac74cddb007ace18442f5111c4c23125de6031dca42bcead5ea5bfb12d2ca332

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.threatminer.org/sample.php?q=56e008e903a7e3a3b98e19f313435afe
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:19:50 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Sat, 09 Mar 2019 16:07:52 GMT
server
cloudflare
age
4514
etag
W/"179c-583ab8aa0e600-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GFsfcDUR%2FhdPeH9gIuXyhZaCpBdrSvS7ZbJrt59b6ajcu0qgieDn2QqgIx02xuqcmAnsZ6Zbe0c9FQXbXXi4l9uQ20EFd9Be3q1NdUCxG15ObGM28ZV2IKh5i9PAgHeAPVHCTLXMFJ9KUR2l3VazLOY%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=86400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
6eff9086bf1b692d-FRA
80x15.png
licensebuttons.net/l/by/4.0/
Redirect Chain
  • https://i.creativecommons.org/l/by/4.0/80x15.png
  • https://licensebuttons.net/l/by/4.0/80x15.png
430 B
1 KB
Image
General
Full URL
https://licensebuttons.net/l/by/4.0/80x15.png
Requested by
Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=56e008e903a7e3a3b98e19f313435afe
Protocol
H2
Server
2606:4700:20::681a:5d6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f43d4d35e7ac1e815dc0c8897806e30d928ee62e1aa6ac20f49c649f8b694004
Security Headers
Name Value
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.threatminer.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:19:50 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
2457
cf-polished
origSize=640
vary
Accept-Encoding
content-length
430
x-xss-protection
1; mode=block
last-modified
Thu, 30 Apr 2020 21:59:13 GMT
server
cloudflare
x-frame-options
deny
etag
"5eab4a31-280"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15768000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7CXz7vb63uT%2BfzFS%2FifQte15%2BAe7xY77Xs4rItLhZGLPRb3VMPjj1lk1yHkqIvr8saorybw%2FoJp8ZCFmOdOEKBIrFtmRynBUaKM8hh2WV0SKaPGy%2F54G5XHUOJv5O23D1OXxNKZB9r%2BxFclT0%2FjAhQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
max-age=432000
accept-ranges
bytes
cf-ray
6eff9087694d5bf5-FRA
cf-bgj
imgq:100,h2pri

Redirect headers

date
Tue, 22 Mar 2022 14:19:50 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
server
cloudflare
age
704
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options
deny
content-type
text/html
location
https://licensebuttons.net/l/by/4.0/80x15.png
cache-control
max-age=432000
strict-transport-security
max-age=15768000
cf-ray
6eff9086fe0192a1-FRA
vary
Accept-Encoding
x-xss-protection
1; mode=block
infolinks_main.js
resources.infolinks.com/js/
3 KB
2 KB
Script
General
Full URL
https://resources.infolinks.com/js/infolinks_main.js
Requested by
Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=56e008e903a7e3a3b98e19f313435afe
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ace69c570be8661dd9976b64fdec65170788bca6da18bcc5939376458121fe4e

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.threatminer.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

cf-ray
6eff9086ed369978-FRA
date
Tue, 22 Mar 2022 14:19:50 GMT
via
1.1 google
cf-cache-status
HIT
last-modified
Mon, 21 Mar 2022 18:21:23 GMT
server
cloudflare
age
14284
etag
W/"d36-5dabe904e8213"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=3600
content-encoding
gzip
expires
Tue, 22 Mar 2022 11:21:46 GMT
analytics.js
www.google-analytics.com/
49 KB
20 KB
Script
General
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=56e008e903a7e3a3b98e19f313435afe
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.threatminer.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 02 Nov 2021 17:39:06 GMT
server
Golfe2
age
904
date
Tue, 22 Mar 2022 14:04:46 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
20006
expires
Tue, 22 Mar 2022 16:04:46 GMT
fontawesome-webfont.woff
www.threatminer.org/bower_components/font-awesome/fonts/
64 KB
64 KB
Font
General
Full URL
https://www.threatminer.org/bower_components/font-awesome/fonts/fontawesome-webfont.woff?v=4.2.0
Requested by
Host: www.threatminer.org
URL: https://www.threatminer.org/bower_components/font-awesome/css/font-awesome.min.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:feb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
199411f659f41aaccb959bacb1b0de30e54f244352a48c6f9894e65ae0f8a9a1

Request headers

Referer
https://www.threatminer.org/bower_components/font-awesome/css/font-awesome.min.css
Origin
https://www.threatminer.org
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:19:50 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Tue, 21 Apr 2015 05:02:54 GMT
server
cloudflare
age
3835
etag
W/"ffac-51434f58bfb80"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sTuNhCkZRg1wpL3Nho1Jh%2BBLtGDL9ZTjKM6FjgUFRf8wQjHnMEDPZenBLreIcH4WOedKG6NU192x7YdE3yePTZSlG69FgJYlGvQU096TAv7pZLePW3qQ8c2ZQ2kLHoGjhpfuNFDuI5t7xOnxeG68Izw%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/font-woff
cache-control
max-age=86400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
6eff9086bf1d692d-FRA
embed.js
threatminer.disqus.com/
78 KB
25 KB
Script
General
Full URL
https://threatminer.disqus.com/embed.js
Requested by
Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=56e008e903a7e3a3b98e19f313435afe
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
199.232.192.134 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
openresty /
Resource Hash
f78dc99c9429308b9954c5308aa377315d6d2ba3894659448496ef0fd9c7bd17
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubdomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.threatminer.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date
Tue, 22 Mar 2022 14:19:50 GMT
Content-Encoding
gzip
Server
openresty
Age
0
Vary
Accept-Encoding
Connection
keep-alive
Content-Type
application/javascript; charset=utf-8
Cache-Control
private, max-age=60
X-Service
router
Strict-Transport-Security
max-age=300; includeSubdomains
Link
<https://disqus.com>; rel=preconnect, <https://c.disquscdn.com>; rel=preconnect
Content-Length
25439
Cross-Origin-Resource-Policy
cross-origin
social-share-kit.woff
www.threatminer.org/dist/fonts/
7 KB
7 KB
Font
General
Full URL
https://www.threatminer.org/dist/fonts/social-share-kit.woff
Requested by
Host: www.threatminer.org
URL: https://www.threatminer.org/dist/css/social-share-kit.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:feb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
697c41fffac431521f2db48c7426ac23b972b6eb7b1242f0bb47d6079884d3a4

Request headers

Referer
https://www.threatminer.org/dist/css/social-share-kit.css
Origin
https://www.threatminer.org
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:19:50 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Fri, 16 Dec 2016 10:13:34 GMT
server
cloudflare
age
3835
etag
W/"1b08-543c3d291af80"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1X0qG2OVuaJrTUF3L0WYQ43i5ho7U4k%2FYuKsSEsIHFLpCIaMETWn9Jfn%2FHwsgmPXFDdVfiqNAFqxwAPtR8yNS%2F2o3%2BefdCqp660kjZDRvZx8BPsOG%2FMTVB%2FcTA%2BExFd8WYwaMw2g6HZEm5Kk3ysopIk%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/font-woff
cache-control
max-age=86400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
6eff9086cf25692d-FRA
getReport.php
www.threatminer.org/
0
312 B
XHR
General
Full URL
https://www.threatminer.org/getReport.php?e=notes_container&t=2&q=56e008e903a7e3a3b98e19f313435afe
Requested by
Host: www.threatminer.org
URL: https://www.threatminer.org/dist/js/tm_utility.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:feb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.threatminer.org/sample.php?q=56e008e903a7e3a3b98e19f313435afe
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:19:50 GMT
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BzIW8MGp1x1H%2FmTJwqvEU4ZeDSYEDM1gDJMXdfhT%2FqdFzHyp6snCRykbm5h%2FjMl2RyzUYn3AJZOM5EFhgsTXqUChKHACYphXiBjH3vEab9uTA8Ft2XsaGL%2Bja7bA4opO718q%2FGli56HIdNos1H9Grac%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/html; charset=UTF-8
cf-ray
6eff908849f0692d-FRA
ice.js
resources.infolinks.com/js/1789.003-3.025/
178 KB
55 KB
Script
General
Full URL
https://resources.infolinks.com/js/1789.003-3.025/ice.js
Requested by
Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=56e008e903a7e3a3b98e19f313435afe
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6bfdbf5f5eec59ff6ec78cb4fa062c0797c9e9e8a0e8b39740bc6e67aa33c7d3

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.threatminer.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

cf-ray
6eff90884f769978-FRA
date
Tue, 22 Mar 2022 14:19:50 GMT
via
1.1 google
cf-cache-status
HIT
last-modified
Wed, 16 Mar 2022 08:23:27 GMT
server
cloudflare
age
6394
etag
W/"2c658-5da51a0c1cdf0"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=2592000
content-encoding
gzip
expires
Thu, 21 Apr 2022 12:33:16 GMT
cse.js
cse.google.com/
10 KB
4 KB
Script
General
Full URL
https://cse.google.com/cse.js?cx=009665096751685288782:o6_z_tmwsge
Requested by
Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=56e008e903a7e3a3b98e19f313435afe
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
gws /
Resource Hash
1ebb3517513b70fa9a58d0987ea7d7860da4476152593154ddc7274df199258c
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.threatminer.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

bfcache-opt-in
unload
date
Tue, 22 Mar 2022 14:19:50 GMT
content-encoding
br
accept-ch
Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Bitness
x-frame-options
SAMEORIGIN
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
3493
x-xss-protection
0
server
gws
expires
Tue, 22 Mar 2022 14:19:50 GMT
widget_iframe.a58e82e150afc25eb5372dd55a98b778.html
platform.twitter.com/widgets/ Frame EF41
319 KB
104 KB
Document
General
Full URL
https://platform.twitter.com/widgets/widget_iframe.a58e82e150afc25eb5372dd55a98b778.html?origin=https%3A%2F%2Fwww.threatminer.org
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/67AA) /
Resource Hash
c6d03b7a5561687268e57b13d9d4a6a4c71ee570ea74718040ce9227676e3e5e

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.threatminer.org/

Response headers

Content-Encoding
gzip
Access-Control-Allow-Methods
GET
Access-Control-Allow-Origin
*
Age
575052
Cache-Control
public, max-age=315360000
Content-Type
text/html; charset=utf-8
Date
Tue, 22 Mar 2022 14:19:50 GMT
Etag
"8321d7cf58d70200c1423dfa0bca40f6+gzip"
Last-Modified
Wed, 16 Feb 2022 18:36:30 GMT
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server
ECS (frb/67AA)
Server-Timing
"x-cache;desc= HIT,x-tw-cdn;desc=VZ",edge;dur=2
Vary
Accept-Encoding
X-Cache
HIT
x-tw-cdn
VZ
Content-Length
105433
collect
www.google-analytics.com/j/
2 B
210 B
XHR
General
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j96&aip=1&a=1115656681&t=pageview&_s=1&dl=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe&ul=en-us&de=UTF-8&dt=56e008e903a7e3a3b98e19f313435afe%20Malware%20Analysis%20Results%20%7C%20ThreatMiner.org&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEABAAAAAC~&jid=775546526&gjid=636711059&cid=288048568.1647958790&tid=UA-73787980-1&_gid=663742177.1647958790&_r=1&_slc=1&z=394967330
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.threatminer.org/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Tue, 22 Mar 2022 14:19:50 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.threatminer.org
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2
expires
Fri, 01 Jan 1990 00:00:00 GMT
lounge.63860eb743c7d9d2adf0fa435788abe7.css
c.disquscdn.com/next/embed/styles/
0
26 KB
Other
General
Full URL
https://c.disquscdn.com/next/embed/styles/lounge.63860eb743c7d9d2adf0fa435788abe7.css
Requested by
Host: threatminer.disqus.com
URL: https://threatminer.disqus.com/embed.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2057:8600:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.threatminer.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Mon, 21 Mar 2022 19:26:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
68016
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
26078
x-xss-protection
1; mode=block
x-served-by
static-web-1
access-control-allow-origin
*
surrogate-key
next
last-modified
Mon, 21 Mar 2022 19:03:40 GMT
server
nginx
etag
"6238cc0c-65de"
content-type
text/css; charset=utf-8
via
1.1 25c6baf0a31a5ef699c1e219b25ce7b8.cloudfront.net (CloudFront)
expires
Tue, 21 Mar 2023 19:26:14 GMT
cache-control
max-age=31536000, public, immutable, no-transform
x-amz-cf-pop
FRA6-C1
timing-allow-origin
*
x-amz-cf-id
fkYe-1sDmVtOhiis6AlguqoqSv0q9JK3V2Q_Qbe8zSfu1xvqh0TX_A==
x-cache-hits
0
common.bundle.9450cde9dd2c9d366781a8fc5ff6e933.js
c.disquscdn.com/next/embed/
0
93 KB
Other
General
Full URL
https://c.disquscdn.com/next/embed/common.bundle.9450cde9dd2c9d366781a8fc5ff6e933.js
Requested by
Host: threatminer.disqus.com
URL: https://threatminer.disqus.com/embed.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2057:8600:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.threatminer.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 09 Mar 2022 22:16:50 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
1094580
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
94746
x-xss-protection
1; mode=block
x-served-by
static-web-1
access-control-allow-origin
*
surrogate-key
next
last-modified
Wed, 09 Mar 2022 21:55:40 GMT
server
nginx
etag
"6229225c-1721a"
content-type
application/javascript; charset=utf-8
via
1.1 25c6baf0a31a5ef699c1e219b25ce7b8.cloudfront.net (CloudFront)
expires
Thu, 09 Mar 2023 22:16:50 GMT
cache-control
max-age=31536000, public, immutable, no-transform
x-amz-cf-pop
FRA6-C1
timing-allow-origin
*
x-amz-cf-id
C1jlNHuY3VX4kawNziOPvGwSHSpizi59s4LlArCQ5wc-5Umst9EqLw==
x-cache-hits
0
lounge.bundle.90614da243fa6052a038b5539f5086e5.js
c.disquscdn.com/next/embed/
0
121 KB
Other
General
Full URL
https://c.disquscdn.com/next/embed/lounge.bundle.90614da243fa6052a038b5539f5086e5.js
Requested by
Host: threatminer.disqus.com
URL: https://threatminer.disqus.com/embed.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2057:8600:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.threatminer.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Mon, 21 Mar 2022 19:26:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
68016
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
123045
x-xss-protection
1; mode=block
x-served-by
static-web-1
access-control-allow-origin
*
surrogate-key
next
last-modified
Mon, 21 Mar 2022 19:03:40 GMT
server
nginx
etag
"6238cc0c-1e0a5"
content-type
application/javascript; charset=utf-8
via
1.1 25c6baf0a31a5ef699c1e219b25ce7b8.cloudfront.net (CloudFront)
expires
Tue, 21 Mar 2023 19:26:14 GMT
cache-control
max-age=31536000, public, immutable, no-transform
x-amz-cf-pop
FRA6-C1
timing-allow-origin
*
x-amz-cf-id
a_hzqEdCv0aI5iS18CG1xGdhKPMC-rKLd7ciW40ibX2Zc-VtFT8MjA==
x-cache-hits
0
config.js
disqus.com/next/
0
15 KB
Other
General
Full URL
https://disqus.com/next/config.js
Requested by
Host: threatminer.disqus.com
URL: https://threatminer.disqus.com/embed.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.0.134 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.threatminer.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date
Tue, 22 Mar 2022 14:19:50 GMT
X-Content-Type-Options
nosniff
Content-Type
application/javascript; charset=UTF-8
Server
nginx
Age
51
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=300; includeSubdomains
p3p
CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Access-Control-Allow-Origin
*
Cache-Control
public, stale-while-revalidate=300, s-stalewhilerevalidate=3600, max-age=60
Cross-Origin-Resource-Policy
cross-origin
Connection
keep-alive
Timing-Allow-Origin
*
Content-Length
14710
X-XSS-Protection
1; mode=block
show_ads_impl_with_ama_fy2019.js
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202203170101/
297 KB
107 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202203170101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-5720763271532377&plah=www.threatminer.org&bust=31065702
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
4eafe722db0cddc9c3d79cc271e97598833c51f463faeb0b8f3a40f4db83c6f1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.threatminer.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:19:50 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
109609
x-xss-protection
0
server
cafe
etag
16915179868501335202
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin
*
expires
Tue, 22 Mar 2022 14:19:50 GMT
zrt_lookup.html
googleads.g.doubleclick.net/pagead/html/r20220317/r20190131/ Frame 138F
10 KB
5 KB
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/html/r20220317/r20190131/zrt_lookup.html
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
0ce5fc08d0f617e71e1d61bcd79fc7cc1855f4221945b0c09ac774685fe7f52c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.threatminer.org/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
vary
Accept-Encoding
x-content-type-options
nosniff
content-encoding
gzip
server
cafe
content-length
4502
x-xss-protection
0
date
Mon, 21 Mar 2022 23:16:13 GMT
expires
Mon, 04 Apr 2022 23:16:13 GMT
cache-control
public, max-age=1209600
age
54217
etag
4044455266028820542
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
settings
syndication.twitter.com/ Frame EF41
293 B
466 B
Fetch
General
Full URL
https://syndication.twitter.com/settings?session_id=2d40762f62cd6bb41c005158c8840808fb6c7a2a
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/widgets/widget_iframe.a58e82e150afc25eb5372dd55a98b778.html?origin=https%3A%2F%2Fwww.threatminer.org
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.244.42.72 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_o /
Resource Hash
c41896ee7b4524bd50de896a3e2ead44700fad37e563805235b76a6621751c3e
Security Headers
Name Value
Strict-Transport-Security max-age=631138519

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://platform.twitter.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-response-time
107
date
Tue, 22 Mar 2022 14:19:50 GMT
content-encoding
gzip
last-modified
Tue, 22 Mar 2022 14:19:50 GMT
server
tsa_o
vary
Origin
strict-transport-security
max-age=631138519
content-type
application/json; charset=utf-8
access-control-allow-origin
https://platform.twitter.com
cache-control
must-revalidate, max-age=600
access-control-allow-credentials
true
x-connection-hash
8ac1a01f73d0799f4081584eca9caf0ab38e2a234e4b06f6694122b1ee80b0a1
content-length
186
manage
router.infolinks.com/usync/ Frame A2EC
10 KB
2 KB
Document
General
Full URL
https://router.infolinks.com/usync/manage?pid=3241790&wsid=0&pdom=www.threatminer.org&purl=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe
Requested by
Host: resources.infolinks.com
URL: https://resources.infolinks.com/js/1789.003-3.025/ice.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
47f4726d397a53427c2057a941a24dfe03156a6b6be251a47ddb1cbbc59745bf

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.threatminer.org/

Response headers

date
Tue, 22 Mar 2022 14:19:50 GMT
content-type
text/html;charset=UTF-8
cache-control
no-store
p3p
CP="NON DSP NID OUR COR"
via
1.1 google
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
6eff9089494d9978-FRA
content-encoding
gzip
lcmanage
router.infolinks.com/usync/
0
37 B
Script
General
Full URL
https://router.infolinks.com/usync/lcmanage?pid=3241790&wsid=0&pdom=www.threatminer.org&purl=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe
Requested by
Host: resources.infolinks.com
URL: https://resources.infolinks.com/js/1789.003-3.025/ice.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.threatminer.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:19:50 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cache-control
no-store
cf-ray
6eff9089494f9978-FRA
content-length
0
gsd
router.infolinks.com/
323 B
528 B
Script
General
Full URL
https://router.infolinks.com/gsd?evt=afterGSD&pid=3241790&wsid=0&pdom=www.threatminer.org&purl=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe&jsv=1789.003-3.025&_cb=16479587905940
Requested by
Host: resources.infolinks.com
URL: https://resources.infolinks.com/js/1789.003-3.025/ice.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bd4931d50b0d38f40443bbcc4b46856d39c9f16a3b28b3ab9c0c7b3fe1165582

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.threatminer.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 22 Mar 2022 14:19:50 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p
CP="NON DSP NID OUR COR"
content-type
text/javascript;charset=UTF-8
content-encoding
gzip
cache-control
max-age=0
cf-ray
6eff908949529978-FRA
expires
Thu, 01 Jan 1970 00:00:00 GMT
/
disqus.com/embed/comments/ Frame C7EA
6 KB
4 KB
Document
General
Full URL
https://disqus.com/embed/comments/?base=default&f=threatminer&t_i=56e008e903a7e3a3b98e19f313435afe&t_u=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe&t_d=56e008e903a7e3a3b98e19f313435afe%20Malware%20Analysis%20Results%20%7C%20ThreatMiner.org&t_t=56e008e903a7e3a3b98e19f313435afe%20Malware%20Analysis%20Results%20%7C%20ThreatMiner.org&s_o=default
Requested by
Host: threatminer.disqus.com
URL: https://threatminer.disqus.com/embed.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.0.134 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
bff68cefb592e08162e39774e93f04960477b78c17e5cab63b4c2b91973afc98
Security Headers
Name Value
Content-Security-Policy script-src https://*.twitter.com:* https://www.gstatic.com/recaptcha/ https://a.disquscdn.com https://c.disquscdn.com c.disquscdn.com https://*.services.disqus.com:* https://cdn.boomtrain.com/p13n/ https://apis.google.com https://cdn.syndication.twimg.com/tweets.json https://connect.facebook.net/en_US/sdk.js https://referrer.disqus.com/juggler/ 'unsafe-inline' https://com-disqus.netmng.com:* https://www.google.com/recaptcha/ https://cf.ignitionone.com:* https://disqus.com
Strict-Transport-Security max-age=300; includeSubdomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.threatminer.org/

Response headers

Connection
keep-alive
Content-Length
2719
Server
nginx
Content-Type
text/html; charset=utf-8
Content-Security-Policy
script-src https://*.twitter.com:* https://www.gstatic.com/recaptcha/ https://a.disquscdn.com https://c.disquscdn.com c.disquscdn.com https://*.services.disqus.com:* https://cdn.boomtrain.com/p13n/ https://apis.google.com https://cdn.syndication.twimg.com/tweets.json https://connect.facebook.net/en_US/sdk.js https://referrer.disqus.com/juggler/ 'unsafe-inline' https://com-disqus.netmng.com:* https://www.google.com/recaptcha/ https://cf.ignitionone.com:* https://disqus.com
Last-Modified
Tue, 22 Mar 2022 14:19:50 GMT
ETag
W/"lounge:view:9083326875.0a927998c0dc23992424aef65a059a8f.2"
Link
<https://c.disquscdn.com>;rel=preconnect,<https://c.disquscdn.com>;rel=dns-prefetch
Cache-Control
stale-if-error=3600, s-stalewhilerevalidate=3600, stale-while-revalidate=30, no-cache, must-revalidate, public, s-maxage=5
p3p
CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Referrer-Policy
no-referrer-when-downgrade
Timing-Allow-Origin
*
X-Content-Type-Options
nosniff
X-XSS-Protection
1; mode=block
Content-Encoding
gzip
Fastly-Original-Body-Size
2719
Date
Tue, 22 Mar 2022 14:19:50 GMT
Age
0
Vary
Accept-Encoding
Cross-Origin-Resource-Policy
cross-origin
Strict-Transport-Security
max-age=300; includeSubdomains
/
tempest.services.disqus.com/ads-iframe/taboola/
28 KB
10 KB
XHR
General
Full URL
https://tempest.services.disqus.com/ads-iframe/taboola/?position=top&shortname=threatminer&experiment=network_default&variant=fallthrough&service=dynamic&anchorColor=%23337ab7&colorScheme=light&sourceUrl=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe&typeface=sans-serif&disqus_version=current
Requested by
Host: threatminer.disqus.com
URL: https://threatminer.disqus.com/embed.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
199.232.196.64 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
openresty /
Resource Hash
7c4546e022f2c24eb7014a2f977c0ca617e9bd3d44d217abdaa6c511e16c6efa

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.threatminer.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date
Tue, 22 Mar 2022 14:19:50 GMT
Content-Encoding
gzip
Server
openresty
Age
0
Vary
Accept-Encoding,
Content-Type
text/html; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=300
X-Service
router
Connection
keep-alive
Content-Length
9455
Cross-Origin-Resource-Policy
cross-origin
/
tempest.services.disqus.com/ads-iframe/taboola/
28 KB
10 KB
XHR
General
Full URL
https://tempest.services.disqus.com/ads-iframe/taboola/?position=bottom&shortname=threatminer&experiment=network_default&variant=fallthrough&service=dynamic&anchorColor=%23337ab7&colorScheme=light&sourceUrl=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe&typeface=sans-serif&disqus_version=current
Requested by
Host: threatminer.disqus.com
URL: https://threatminer.disqus.com/embed.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
199.232.196.64 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
openresty /
Resource Hash
cbba4583ff22ef332128d85a685b42b9e0b75a6ee0e6619c127e66b24d460de9

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.threatminer.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date
Tue, 22 Mar 2022 14:19:50 GMT
Content-Encoding
gzip
Server
openresty
Age
0
Vary
Accept-Encoding,
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=300
X-Service
router
Fastly-Original-Body-Size
9456
Content-Length
9456
Cross-Origin-Resource-Policy
cross-origin
event.gif
referrer.disqus.com/juggler/
43 B
339 B
Image
General
Full URL
https://referrer.disqus.com/juggler/event.gif?imp=7bq4ppt1ccv6l3&experiment=network_default&variant=fallthrough&service=dynamic&area=top&product=embed&forum=threatminer&zone=thread&version=31cd6fbd4797db790bc183cea2909ab5&page_url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe&page_referrer=&object_type=provider&event=activity&ad_product_name=iab_display&ad_product_layout=iab_display&bin=embed%3Apromoted_discovery%3Adynamic%3Anetwork_default%3Afallthrough&section=default&verb=call&adjective=1&forum_id=5993718
Requested by
Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=56e008e903a7e3a3b98e19f313435afe
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
199.232.196.134 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.threatminer.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date
Tue, 22 Mar 2022 14:19:50 GMT
X-Content-Type-Options
nosniff
Last-Modified
Mon, 28 Sep 1970 06:00:00 GMT
Server
nginx
Content-Type
image/gif
Cross-Origin-Resource-Policy
cross-origin
Connection
keep-alive
Content-Length
43
X-XSS-Protection
1; mode=block
event.gif
referrer.disqus.com/juggler/
43 B
339 B
Image
General
Full URL
https://referrer.disqus.com/juggler/event.gif?imp=7bq4ppt1ccv6l3&experiment=network_default&variant=fallthrough&service=dynamic&area=bottom&product=embed&forum=threatminer&zone=thread&version=31cd6fbd4797db790bc183cea2909ab5&page_url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe&page_referrer=&object_type=provider&event=activity&ad_product_name=iab_display&ad_product_layout=iab_display&bin=embed%3Apromoted_discovery%3Adynamic%3Anetwork_default%3Afallthrough&section=default&verb=call&adjective=1&forum_id=5993718
Requested by
Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=56e008e903a7e3a3b98e19f313435afe
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
199.232.196.134 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.threatminer.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date
Tue, 22 Mar 2022 14:19:50 GMT
X-Content-Type-Options
nosniff
Last-Modified
Mon, 28 Sep 1970 06:00:00 GMT
Server
nginx
Content-Type
image/gif
Cross-Origin-Resource-Policy
cross-origin
Connection
keep-alive
Content-Length
43
X-XSS-Protection
1; mode=block
cookie.js
partner.googleadservices.com/gampad/
219 B
647 B
Script
General
Full URL
https://partner.googleadservices.com/gampad/cookie.js?domain=www.threatminer.org&callback=_gfp_s_&client=ca-pub-5720763271532377
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202203170101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-5720763271532377&plah=www.threatminer.org&bust=31065702
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.181.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s56-in-f2.1e100.net
Software
cafe /
Resource Hash
0719dc7da4a6300d136e33db60c72ca75e1e22de59752410b237ff63401707ec
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.threatminer.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:19:50 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type
text/javascript; charset=UTF-8
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
203
x-xss-protection
0
integrator.js
adservice.google.de/adsid/
107 B
792 B
Script
General
Full URL
https://adservice.google.de/adsid/integrator.js?domain=www.threatminer.org
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202203170101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-5720763271532377&plah=www.threatminer.org&bust=31065702
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.threatminer.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin
*
date
Tue, 22 Mar 2022 14:19:50 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/
107 B
549 B
Script
General
Full URL
https://adservice.google.com/adsid/integrator.js?domain=www.threatminer.org
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202203170101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-5720763271532377&plah=www.threatminer.org&bust=31065702
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.threatminer.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin
*
date
Tue, 22 Mar 2022 14:19:50 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
ads
googleads.g.doubleclick.net/pagead/ Frame 0968
23 KB
9 KB
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&h=250&slotname=4491384285&adk=1382012186&adf=1527761000&pi=t.ma~as.4491384285&w=299&fwrn=4&fwrnh=100&lmt=1647958790&rafmt=3&psa=0&format=299x250&url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe&fwr=0&fwrattr=true&rpe=1&resp_fmts=1&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1647958790499&bpp=3&bdt=386&idt=142&shv=r20220317&mjsv=m202203170101&ptt=9&saldr=aa&abxe=1&correlator=1619148827151&frm=20&pv=2&ga_vid=288048568.1647958790&ga_sid=1647958791&ga_hid=1115656681&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=0&ady=229&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C21066432%2C31065702%2C44760495%2C31063247&oid=2&pvsid=3871871897982972&pem=22&tmod=415969553&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CaeE%7C&abl=CA&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&fsb=1&xpc=Tgnt5hVCpl&p=https%3A//www.threatminer.org&dtd=157
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202203170101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-5720763271532377&plah=www.threatminer.org&bust=31065702
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
88de0c9ca1d26447fa0b512503be596f6388d5ca75f356674b195810b61068c8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.threatminer.org/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
br
date
Tue, 22 Mar 2022 14:19:51 GMT
server
cafe
content-length
9623
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Tue, 22 Mar 2022 14:19:51 GMT
cache-control
private
ads
googleads.g.doubleclick.net/pagead/ Frame 85FF
359 KB
145 KB
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&h=600&slotname=6407101181&adk=2989800909&adf=2245449527&pi=t.ma~as.6407101181&w=299&fwrn=4&fwrnh=100&lmt=1647958790&rafmt=1&psa=0&format=299x600&url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1647958790502&bpp=1&bdt=389&idt=164&shv=r20220317&mjsv=m202203170101&ptt=9&saldr=aa&abxe=1&prev_fmts=299x250&correlator=1619148827151&frm=20&pv=1&ga_vid=288048568.1647958790&ga_sid=1647958791&ga_hid=1115656681&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=0&ady=507&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C21066432%2C31065702%2C44760495%2C31063247&oid=2&pvsid=3871871897982972&pem=22&tmod=415969553&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CaeE%7C&abl=CA&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=RoA7beqqPT&p=https%3A//www.threatminer.org&dtd=166
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202203170101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-5720763271532377&plah=www.threatminer.org&bust=31065702
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
aed2b79c1781327cef4d7eff908056ced95ca202d0d5780f8989169a0a7a50f5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.threatminer.org/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
access-control-expose-headers
x-google-amp-ad-validated-version
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
br
date
Tue, 22 Mar 2022 14:19:51 GMT
server
cafe
content-length
148222
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Tue, 22 Mar 2022 14:19:51 GMT
cache-control
private
ads
googleads.g.doubleclick.net/pagead/ Frame 06F3
109 KB
34 KB
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&h=200&slotname=1381165906&adk=2644663765&adf=151644923&pi=t.ma~as.1381165906&w=1182&fwrn=4&lmt=1647958790&rafmt=11&psa=0&format=1182x200&url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1647958790503&bpp=1&bdt=390&idt=168&shv=r20220317&mjsv=m202203170101&ptt=9&saldr=aa&abxe=1&prev_fmts=299x250%2C299x600&correlator=1619148827151&frm=20&pv=1&ga_vid=288048568.1647958790&ga_sid=1647958791&ga_hid=1115656681&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=359&ady=115&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C21066432%2C31065702%2C44760495%2C31063247&oid=2&pvsid=3871871897982972&pem=22&tmod=415969553&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=aLQZDLGjzi&p=https%3A//www.threatminer.org&dtd=170
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202203170101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-5720763271532377&plah=www.threatminer.org&bust=31065702
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
13ecb0102d7c88c80852077beeaac9e53fb33e8b1ab4006dc267a84161702cce
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.threatminer.org/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
br
date
Tue, 22 Mar 2022 14:19:51 GMT
server
cafe
content-length
34820
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Tue, 22 Mar 2022 14:19:51 GMT
cache-control
private
cse_element__en.js
www.google.com/cse/static/element/45f4e5efab1258be/
302 KB
100 KB
Script
General
Full URL
https://www.google.com/cse/static/element/45f4e5efab1258be/cse_element__en.js?usqp=CAI%3D
Requested by
Host: cse.google.com
URL: https://cse.google.com/cse.js?cx=009665096751685288782:o6_z_tmwsge
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e9e6d43114b4187eb4c0f6550554d9b422eaad45083e345d1fa7b82dd6afcd24
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.threatminer.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 15 Mar 2022 18:10:49 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
590941
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/prose-team
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
102347
x-xss-protection
0
last-modified
Thu, 17 Feb 2022 21:05:08 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"prose-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/prose-team"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="prose-team"
expires
Wed, 15 Mar 2023 18:10:49 GMT
default+en.css
www.google.com/cse/static/element/45f4e5efab1258be/
41 KB
9 KB
Stylesheet
General
Full URL
https://www.google.com/cse/static/element/45f4e5efab1258be/default+en.css
Requested by
Host: cse.google.com
URL: https://cse.google.com/cse.js?cx=009665096751685288782:o6_z_tmwsge
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
2b0789c3ab7df1f2580e95bb47eb5bb6dc19b4fc5a91b1f1ae1d9484dab534a9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.threatminer.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 15 Mar 2022 18:10:49 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
590941
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/prose-team
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
9086
x-xss-protection
0
last-modified
Thu, 17 Feb 2022 21:05:08 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"prose-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/prose-team"}]}
content-type
text/css
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="prose-team"
expires
Wed, 15 Mar 2023 18:10:49 GMT
default.css
www.google.com/cse/static/style/look/v4/
4 KB
2 KB
Stylesheet
General
Full URL
https://www.google.com/cse/static/style/look/v4/default.css
Requested by
Host: cse.google.com
URL: https://cse.google.com/cse.js?cx=009665096751685288782:o6_z_tmwsge
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
dcec22bbcb68119d6c7d6d5e088fb82183a9826d0c9e3403f1386fd837f06a89
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.threatminer.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:08:54 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
656
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/prose-team
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1345
x-xss-protection
0
last-modified
Wed, 17 Jun 2020 00:00:00 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"prose-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/prose-team"}]}
content-type
text/css
cache-control
public, max-age=3000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="prose-team"
expires
Tue, 22 Mar 2022 14:58:54 GMT
ads
googleads.g.doubleclick.net/pagead/ Frame E2E7
23 KB
9 KB
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&h=200&slotname=6125219520&adk=3585176026&adf=3636535385&pi=t.ma~as.6125219520&w=1200&fwrn=4&lmt=1647958790&rafmt=11&psa=0&format=1200x200&url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1647958790504&bpp=1&bdt=391&idt=174&shv=r20220317&mjsv=m202203170101&ptt=9&saldr=aa&abxe=1&prev_fmts=299x250%2C299x600%2C1182x200&correlator=1619148827151&frm=20&pv=1&ga_vid=288048568.1647958790&ga_sid=1647958791&ga_hid=1115656681&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=350&ady=1139&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C21066432%2C31065702%2C44760495%2C31063247&oid=2&pvsid=3871871897982972&pem=22&tmod=415969553&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&fsb=1&xpc=meEOo6kkQh&p=https%3A//www.threatminer.org&dtd=177
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202203170101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-5720763271532377&plah=www.threatminer.org&bust=31065702
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
98afb7990b095c653fdc5fc7ec849f697b686ed697354c70af2e642719efdde6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.threatminer.org/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
br
date
Tue, 22 Mar 2022 14:19:51 GMT
server
cafe
content-length
9641
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Tue, 22 Mar 2022 14:19:51 GMT
cache-control
private
ads
googleads.g.doubleclick.net/pagead/ Frame 7115
23 KB
9 KB
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&h=200&slotname=8831273914&adk=3175788880&adf=3735847537&pi=t.ma~as.8831273914&w=1200&fwrn=4&lmt=1647958790&rafmt=11&psa=0&format=1200x200&url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1647958790505&bpp=1&bdt=392&idt=184&shv=r20220317&mjsv=m202203170101&ptt=9&saldr=aa&abxe=1&prev_fmts=299x250%2C299x600%2C1182x200%2C1200x200&correlator=1619148827151&frm=20&pv=1&ga_vid=288048568.1647958790&ga_sid=1647958791&ga_hid=1115656681&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=350&ady=2116&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C21066432%2C31065702%2C44760495%2C31063247&oid=2&pvsid=3871871897982972&pem=22&tmod=415969553&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&btvi=1&fsb=1&xpc=IL1GfCm72f&p=https%3A//www.threatminer.org&dtd=186
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202203170101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-5720763271532377&plah=www.threatminer.org&bust=31065702
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
65419e5f1266cd94c03d8768df25bc06685d976170ca30809939f90875b8f288
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.threatminer.org/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
br
date
Tue, 22 Mar 2022 14:19:51 GMT
server
cafe
content-length
9614
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Tue, 22 Mar 2022 14:19:51 GMT
cache-control
private
ads
googleads.g.doubleclick.net/pagead/ Frame FCA7
82 KB
30 KB
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&h=200&slotname=3926415687&adk=3167179422&adf=3170887745&pi=t.ma~as.3926415687&w=1200&fwrn=4&lmt=1647958790&rafmt=11&psa=0&format=1200x200&url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1647958790505&bpp=1&bdt=391&idt=191&shv=r20220317&mjsv=m202203170101&ptt=9&saldr=aa&abxe=1&prev_fmts=299x250%2C299x600%2C1182x200%2C1200x200%2C1200x200&correlator=1619148827151&frm=20&pv=1&ga_vid=288048568.1647958790&ga_sid=1647958791&ga_hid=1115656681&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=350&ady=2598&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C21066432%2C31065702%2C44760495%2C31063247&oid=2&pvsid=3871871897982972&pem=22&tmod=415969553&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=6&uci=a!6&btvi=2&fsb=1&xpc=BS04Z9cZfB&p=https%3A//www.threatminer.org&dtd=193
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202203170101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-5720763271532377&plah=www.threatminer.org&bust=31065702
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
f6c92042870cd0cad5e699dceba929aaca2330c179b2c959d7f10be2691677b2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.threatminer.org/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
br
date
Tue, 22 Mar 2022 14:19:51 GMT
server
cafe
content-length
31193
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Tue, 22 Mar 2022 14:19:51 GMT
cache-control
private
ads
googleads.g.doubleclick.net/pagead/ Frame 1B99
146 KB
30 KB
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&h=591&slotname=4336667154&adk=296923673&adf=1593494102&pi=t.ma~as.4336667154&w=1182&cr_col=4&cr_row=2&fwrn=2&lmt=1647958790&rafmt=9&psa=0&format=1182x591&url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe&crui=image_stacked&fwr=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1647958790506&bpp=1&bdt=393&idt=194&shv=r20220317&mjsv=m202203170101&ptt=9&saldr=aa&abxe=1&prev_fmts=299x250%2C299x600%2C1182x200%2C1200x200%2C1200x200%2C1200x200&correlator=1619148827151&frm=20&pv=1&ga_vid=288048568.1647958790&ga_sid=1647958791&ga_hid=1115656681&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=359&ady=2953&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C21066432%2C31065702%2C44760495%2C31063247&oid=2&pvsid=3871871897982972&pem=22&tmod=415969553&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=7&uci=a!7&btvi=3&fsb=1&xpc=BzyDBnNSkW&p=https%3A//www.threatminer.org&dtd=197
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202203170101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-5720763271532377&plah=www.threatminer.org&bust=31065702
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
54c83065ce4764478e5412fcded3e3fe0309429eedc34211fabf373ea9cba097
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.threatminer.org/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
br
date
Tue, 22 Mar 2022 14:19:51 GMT
server
cafe
content-length
30400
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Tue, 22 Mar 2022 14:19:51 GMT
cache-control
private
moment~timeline.4391e0bf4053fbaa2a022e3fad2a1e1a.js
platform.twitter.com/js/
25 KB
8 KB
Script
General
Full URL
https://platform.twitter.com/js/moment~timeline.4391e0bf4053fbaa2a022e3fad2a1e1a.js
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/6738) /
Resource Hash
48c9a4d4aa290a866126159687441006eb39adf48ae31e1910aa0f21e0b21376

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.threatminer.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date
Tue, 22 Mar 2022 14:19:50 GMT
Content-Encoding
gzip
Age
575053
X-Cache
HIT
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing
"x-cache;desc= HIT,x-tw-cdn;desc=VZ",edge;dur=4
Content-Length
8012
x-tw-cdn
VZ
Last-Modified
Wed, 16 Feb 2022 18:36:23 GMT
Server
ECS (frb/6738)
Etag
"3123bdaf11a1d77bcf1836091c9b4631+gzip"
Vary
Accept-Encoding
Access-Control-Allow-Methods
GET
Content-Type
application/javascript; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=315360000
timeline.34cf38a85ac899f1d6a0438a1659decc.js
platform.twitter.com/js/
20 KB
7 KB
Script
General
Full URL
https://platform.twitter.com/js/timeline.34cf38a85ac899f1d6a0438a1659decc.js
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/67AA) /
Resource Hash
8875e0e5a0f6bfaf4d66fde0622a609e9fe7b599adaef3ad01d6d613574c69b1

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.threatminer.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date
Tue, 22 Mar 2022 14:19:50 GMT
Content-Encoding
gzip
Age
575048
X-Cache
HIT
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing
"x-cache;desc= HIT,x-tw-cdn;desc=VZ",edge;dur=1
Content-Length
6444
x-tw-cdn
VZ
Last-Modified
Wed, 16 Feb 2022 18:36:23 GMT
Server
ECS (frb/67AA)
Etag
"0a27acfd1028aaadad57ff8929bf7266+gzip"
Vary
Accept-Encoding
Access-Control-Allow-Methods
GET
Content-Type
application/javascript; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=315360000
gen_204
pagead2.googlesyndication.com/pagead/
0
20 B
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=ach_evt&url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe&tn=DIV&id=privacy_notice&cls=alert%20alert-info%20alert-dismissable%20bottom_popup&ign=false&pw=1600&ph=1200&x=800&y=1130.4
Requested by
Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=56e008e903a7e3a3b98e19f313435afe
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.threatminer.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 22 Mar 2022 14:19:50 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ads
googleads.g.doubleclick.net/pagead/ Frame 75AC
297 KB
76 KB
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&adk=1812271804&adf=3025194257&lmt=1647958790&plat=1%3A16777216%2C3%3A16%2C4%3A16%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A34635776%2C32%3A32&format=0x0&url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe&ea=0&pra=7&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1647958790519&bpp=1&bdt=406&idt=188&shv=r20220317&mjsv=m202203170101&ptt=9&saldr=aa&abxe=1&prev_fmts=299x250%2C299x600%2C1182x200%2C1200x200%2C1200x200%2C1200x200%2C1182x591&nras=1&correlator=1619148827151&frm=20&pv=1&ga_vid=288048568.1647958790&ga_sid=1647958791&ga_hid=1115656681&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C21066432%2C31065702%2C44760495%2C31063247&oid=2&pvsid=3871871897982972&pem=22&tmod=415969553&uas=0&nvt=1&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=8&uci=a!8&fsb=1&dtd=197
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202203170101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-5720763271532377&plah=www.threatminer.org&bust=31065702
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ed7183f93a802ee78e950cf0193cac592885ba883af2068b98fdf0fda9b20e63
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.threatminer.org/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
br
date
Tue, 22 Mar 2022 14:19:51 GMT
server
cafe
content-length
77652
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Tue, 22 Mar 2022 14:19:51 GMT
cache-control
private
profile
cdn.syndication.twimg.com/timeline/
170 KB
15 KB
Script
General
Full URL
https://cdn.syndication.twimg.com/timeline/profile?callback=__twttr.callbacks.tl_i0_profile_ThreatMiner_old&dnt=true&domain=www.threatminer.org&lang=en&screen_name=ThreatMiner&suppress_response_codes=true&t=1831065&tz=GMT%2B0000&with_replies=false
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
tsa_f /
Resource Hash
a20ab124db98e272a6f169012c51c35fcdad976d0f5608daf82ee753cfdd0818
Security Headers
Name Value
Strict-Transport-Security max-age=631138519
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.threatminer.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:19:50 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-disposition
attachment; filename=jsonp.jsonp
server-timing
"x-cache;desc= ,x-tw-cdn;desc=VZ,edge;dur=382
content-length
15358
x-xss-protection
0
access-contol-allow-origin
platform.twitter.com
x-response-time
368
last-modified
Tue, 22 Mar 2022 14:19:50 GMT
server
tsa_f
x-frame-options
SAMEORIGIN
access-control-allow-methods
GET
strict-transport-security
max-age=631138519
x-tw-cdn
VZ", VZ, VZ
content-type
application/javascript;charset=utf-8
cache-control
must-revalidate, max-age=300
x-connection-hash
a11e8e2d23347312993a68f0b767e9987b3d18b9ae6ad2dfb93b8b3b926cbfee
timing-allow-origin
*
x-transaction
f80b875372900021
expires
Tue, 22 Mar 2022 14:24:50 GMT
doq.htm
rt3001.infolinks.com/action/
1 KB
1 KB
XHR
General
Full URL
https://rt3001.infolinks.com/action/doq.htm?pcode=utf-8&r=16479587907511
Requested by
Host: resources.infolinks.com
URL: https://resources.infolinks.com/js/1789.003-3.025/ice.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3440a4ed11dc3850b1dba284faede277b2ab478291db867f46a2742ea8d646c6

Request headers

Referer
https://www.threatminer.org/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

date
Tue, 22 Mar 2022 14:19:50 GMT
content-encoding
gzip
cf-cache-status
DYNAMIC
p3p
CP="NON DSP NID OUR COR"
content-type
text/html;charset=UTF-8
x-application-context
application:prod
pragma
no-cache
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin
content-language
de-DE
access-control-allow-origin
https://www.threatminer.org
cache-control
no-cache,no-store
access-control-allow-credentials
true
cf-ray
6eff908a7ba79049-FRA
expires
Thu, 01 Jan 1970 00:00:00 GMT
taboola
reporting.services.disqus.com/_log/ Frame 548E
0
0

loader.js
cdn.taboola.com/libtrc/disqus-widget-safetylevel20longtail09/ Frame 548E
252 KB
43 KB
Script
General
Full URL
https://cdn.taboola.com/libtrc/disqus-widget-safetylevel20longtail09/loader.js
Requested by
Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=56e008e903a7e3a3b98e19f313435afe
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
fb9c4f920d1aca2e9df89d4efeaf0c8e2250805b4ec991506ffad137aa9f1861

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.threatminer.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-amz-version-id
9q1e3yoWKmt8936BPAZglj2TglwgJ5jg
content-encoding
gzip
age
6459
via
1.1 varnish
x-cache
HIT
x-from-cache
1
x-envoy-upstream-service-time
8
content-length
43816
x-amz-id-2
vYnAc3cT54zy26UezBKr+KohSqy9Z4MabBDaiLVadflwvIxTlruQDlg/HvCQFlAHAbzMhS5L2Mg=
x-served-by
cache-hhn4027-HHN
last-modified
Tue, 22 Mar 2022 09:31:30 UTC
server
nginx
x-timer
S1647958791.797815,VS0,VE1
etag
"54767f8904693a124e0c7391a6b147f494a8060f"
vary
Accept-Encoding, Accept-Encoding
x-amz-request-id
0VJB9EFMTY0XM31X
access-control-allow-origin
*
cache-control
private,max-age=14400
accept-ranges
bytes
content-type
application/javascript; charset=utf-8
date
Tue, 22 Mar 2022 14:19:50 GMT
abp
14
x-cache-hits
1
taboola
reporting.services.disqus.com/_log/ Frame 725C
0
0

loader.js
cdn.taboola.com/libtrc/disqus-widget-safetylevel20longtail09/ Frame 725C
252 KB
43 KB
Script
General
Full URL
https://cdn.taboola.com/libtrc/disqus-widget-safetylevel20longtail09/loader.js
Requested by
Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=56e008e903a7e3a3b98e19f313435afe
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
fb9c4f920d1aca2e9df89d4efeaf0c8e2250805b4ec991506ffad137aa9f1861

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.threatminer.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-amz-version-id
9q1e3yoWKmt8936BPAZglj2TglwgJ5jg
content-encoding
gzip
age
6459
via
1.1 varnish
x-cache
HIT
x-from-cache
1
x-envoy-upstream-service-time
8
content-length
43816
x-amz-id-2
vYnAc3cT54zy26UezBKr+KohSqy9Z4MabBDaiLVadflwvIxTlruQDlg/HvCQFlAHAbzMhS5L2Mg=
x-served-by
cache-hhn4027-HHN
last-modified
Tue, 22 Mar 2022 09:31:30 UTC
server
nginx
x-timer
S1647958791.797935,VS0,VE1
etag
"54767f8904693a124e0c7391a6b147f494a8060f"
vary
Accept-Encoding, Accept-Encoding
x-amz-request-id
0VJB9EFMTY0XM31X
access-control-allow-origin
*
cache-control
private,max-age=14400
accept-ranges
bytes
content-type
application/javascript; charset=utf-8
date
Tue, 22 Mar 2022 14:19:50 GMT
abp
14
x-cache-hits
2
/
de.tynt.com/deb/ Frame A3B7
75 B
289 B
Document
General
Full URL
https://de.tynt.com/deb/?m=xch&rt=html&sid=0010b00002CpYhEAAV
Requested by
Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3241790&wsid=0&pdom=www.threatminer.org&purl=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
67.202.105.33 , United States, ASN32748 (STEADFAST, US),
Reverse DNS
ip33.67-202-105.static.steadfastdns.net
Software
/
Resource Hash
e170d20dbbd5a22f50118e25fa2eefb1e85d2ad780e5477ed3a9643186090442

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://router.infolinks.com/

Response headers

cache-control
max-age=86400
expires
Wed, 23 Mar 2022 14:19:51 GMT
referrer-policy
unsafe-url
content-type
text/html
content-length
75
date
Tue, 22 Mar 2022 14:19:50 GMT
p3p
CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
usermatch
ssum-sec.casalemedia.com/ Frame 08A2
Redirect Chain
  • https://ssum-sec.casalemedia.com/usermatch?s=191306&cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D
  • https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D&s=191306&C=1
2 KB
3 KB
Document
General
Full URL
https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D&s=191306&C=1
Requested by
Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3241790&wsid=0&pdom=www.threatminer.org&purl=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
184.30.20.241 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-30-20-241.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b7ecab7ec302a94b951db8b33d02978117fe6994a7d9adfb8d83666eda3a647f

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://router.infolinks.com/

Response headers

Server
Apache
Content-Type
text/html
Dropped-Udsids
39|45|230|241|190|176|130|191
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Vary
Is-Traffic-Usersync
Expires
Tue, 22 Mar 2022 14:19:50 GMT
Cache-Control
max-age=0, no-cache, no-store
Pragma
no-cache
Date
Tue, 22 Mar 2022 14:19:50 GMT
Content-Length
1589
Connection
keep-alive

Redirect headers

Server
Apache
Content-Length
311
Content-Type
text/html; charset=iso-8859-1
Location
https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D&s=191306&C=1
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Expires
Tue, 22 Mar 2022 14:19:50 GMT
Cache-Control
max-age=0, no-cache, no-store
Pragma
no-cache
Date
Tue, 22 Mar 2022 14:19:50 GMT
Connection
keep-alive
/
onetag-sys.com/usync/ Frame 06B8
2 KB
814 B
Document
General
Full URL
https://onetag-sys.com/usync/?pubId=598ce3ddaee8c90
Requested by
Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3241790&wsid=0&pdom=www.threatminer.org&purl=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
51.75.86.98 , France, ASN16276 (OVH, FR),
Reverse DNS
ip98.ip-51-75-86.eu
Software
/
Resource Hash
37a31642af0a7fe695ed0fd68a06a55af44e854d083dc7f5d0e70535f0189ae0
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://router.infolinks.com/

Response headers

content-type
text/html
cache-control
no-transform, no-cache
content-encoding
gzip
content-length
731
strict-transport-security
max-age=15552000
check
pixel.tapad.com/idsync/ex/receive/ Frame A2EC
Redirect Chain
  • https://image8.pubmatic.com/AdServer/ImgSync?p=156872&gdpr=&gdpr_consent=&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3Fp%3D156872%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Frouter.infoli...
  • https://image8.pubmatic.com/AdServer/ImgSync?p=156872&gdpr=&gdpr_consent=&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3Fp%3D156872%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Frouter.infoli...
  • https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=OEI3NjdBNDYtNTA2MS00QUZGLTgwQzUtOUJGNjdDMUNFQTk2&gdpr=0&gdpr_consent=
  • https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=OEI3NjdBNDYtNTA2MS00QUZGLTgwQzUtOUJGNjdDMUNFQTk2&gdpr=0&gdpr_consent=&google_tc=
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
  • https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=
  • https://image4.pubmatic.com/AdServer/SPug?p=156872&pmc=1&pr=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fpbm-usync%3Fuid%3D8B767A46-5061-4AFF-80C5-9BF67C1CEA96
  • https://router.infolinks.com/dyn/pbm-usync?uid=8B767A46-5061-4AFF-80C5-9BF67C1CEA96
  • https://pixel.tapad.com/idsync/ex/receive?partner_id=3356&partner_device_id=8B767A46-5061-4AFF-80C5-9BF67C1CEA96
  • https://pixel.tapad.com/idsync/ex/receive/check?partner_id=3356&partner_device_id=8B767A46-5061-4AFF-80C5-9BF67C1CEA96
95 B
425 B
Image
General
Full URL
https://pixel.tapad.com/idsync/ex/receive/check?partner_id=3356&partner_device_id=8B767A46-5061-4AFF-80C5-9BF67C1CEA96
Requested by
Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3241790&wsid=0&pdom=www.threatminer.org&purl=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe
Protocol
H2
Server
35.227.248.159 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
159.248.227.35.bc.googleusercontent.com
Software
/
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://router.infolinks.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:19:52 GMT
via
1.1 google
content-type
image/png
alt-svc
clear
content-length
95
strict-transport-security
max-age=31536000
p3p
policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"

Redirect headers

location
https://pixel.tapad.com/idsync/ex/receive/check?partner_id=3356&partner_device_id=8B767A46-5061-4AFF-80C5-9BF67C1CEA96
date
Tue, 22 Mar 2022 14:19:51 GMT
via
1.1 google
alt-svc
clear
content-length
0
strict-transport-security
max-age=31536000
p3p
policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
apn-usync
router.infolinks.com/dyn/ Frame A2EC
Redirect Chain
  • https://ib.adnxs.com/getuid?https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fapn-usync%3Fuser_id%3D%24UID
  • https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Frouter.infolinks.com%252Fdyn%252Fapn-usync%253Fuser_id%253D%2524UID
  • https://router.infolinks.com/dyn/apn-usync?user_id=2843408346336645752
35 B
266 B
Image
General
Full URL
https://router.infolinks.com/dyn/apn-usync?user_id=2843408346336645752
Requested by
Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3241790&wsid=0&pdom=www.threatminer.org&purl=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe
Protocol
H2
Server
172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
16957a3bb9422d4ba380be3b630db7a310e87e65f224e2be865dd64dd0b5664d

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://router.infolinks.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 22 Mar 2022 14:19:51 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p
CP="NON DSP NID OUR COR"
content-type
image/gif
cache-control
no-store, no-cache, private
cf-ray
6eff908abb869978-FRA
content-length
35
expires
Mon, 22 Mar 2021 14:19:50 GMT

Redirect headers

Pragma
no-cache
Date
Tue, 22 Mar 2022 14:19:50 GMT
X-Proxy-Origin
185.213.155.164; 185.213.155.164; 691.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid
158bd16c-a63f-4c6e-93e5-0815e025cef7
Server
nginx/1.21.3
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://router.infolinks.com/dyn/apn-usync?user_id=2843408346336645752
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
cm
u.openx.net/w/1.0/ Frame A2EC
43 B
305 B
Image
General
Full URL
https://u.openx.net/w/1.0/cm?id=9b5994f2-035d-46de-8c12-bc0e9a4e66c2&r=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fox-usync%3Fuid%3D
Requested by
Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3241790&wsid=0&pdom=www.threatminer.org&purl=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/17.2.1 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://router.infolinks.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 22 Mar 2022 14:19:50 GMT
content-encoding
gzip
server
OXGW/17.2.1
vary
Accept, Accept-Encoding
p3p
CP="CUR ADM OUR NOR STA NID"
via
1.1 google
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
56
expires
Mon, 26 Jul 1997 05:00:00 GMT
VR-usync
router.infolinks.com/dyn/ Frame A2EC
Redirect Chain
  • https://ups.analytics.yahoo.com/ups/58422/occ
  • https://ups.analytics.yahoo.com/ups/58422/occ?verify=true
  • https://router.infolinks.com/dyn/VR-usync?uid=y-kNpO2QxE2uGKC2x9nFN8X4Ste.riUF8Ew15h9Oo-~A
35 B
209 B
Image
General
Full URL
https://router.infolinks.com/dyn/VR-usync?uid=y-kNpO2QxE2uGKC2x9nFN8X4Ste.riUF8Ew15h9Oo-~A
Requested by
Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3241790&wsid=0&pdom=www.threatminer.org&purl=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe
Protocol
H2
Server
172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
16957a3bb9422d4ba380be3b630db7a310e87e65f224e2be865dd64dd0b5664d

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://router.infolinks.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 22 Mar 2022 14:19:51 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p
CP="NON DSP NID OUR COR"
content-type
image/gif
cache-control
no-store, no-cache, private
cf-ray
6eff908afbef9978-FRA
content-length
35
expires
Mon, 22 Mar 2021 14:19:50 GMT

Redirect headers

location
https://router.infolinks.com/dyn/VR-usync?uid=y-kNpO2QxE2uGKC2x9nFN8X4Ste.riUF8Ew15h9Oo-~A
date
Tue, 22 Mar 2022 14:19:50 GMT
server
ATS/9.1.0.33
age
0
content-length
0
strict-transport-security
max-age=31536000
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
r1-usync
router.infolinks.com/dyn/ Frame A2EC
Redirect Chain
  • https://sync.1rx.io/usersync2/infolinks
  • https://sync.1rx.io/usersync2/infolinks?zcc=1&cb=1647958791321
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=1250940294
  • https://match.adsrvr.org/track/cmb/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=1250940294
  • https://sync.1rx.io/usersync/tradedesk/2ba16ead-3562-48a7-81d7-cfa46fe93e17
  • https://sync.targeting.unrulymedia.com/csync/RX-55f5cc61-5e33-4350-845d-8732829256fd-003?redir=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fr1-usync%3Fuid%3DRX-55f5cc61-5e33-4350-845d-8732829256fd-003
  • https://router.infolinks.com/dyn/r1-usync?uid=RX-55f5cc61-5e33-4350-845d-8732829256fd-003
35 B
260 B
Image
General
Full URL
https://router.infolinks.com/dyn/r1-usync?uid=RX-55f5cc61-5e33-4350-845d-8732829256fd-003
Requested by
Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3241790&wsid=0&pdom=www.threatminer.org&purl=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe
Protocol
H2
Server
172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
16957a3bb9422d4ba380be3b630db7a310e87e65f224e2be865dd64dd0b5664d

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://router.infolinks.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 22 Mar 2022 14:19:52 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p
CP="NON DSP NID OUR COR"
content-type
image/gif
cache-control
no-store, no-cache, private
cf-ray
6eff90946bde9978-FRA
content-length
35
expires
Mon, 22 Mar 2021 14:19:52 GMT

Redirect headers

location
https://router.infolinks.com/dyn/r1-usync?uid=RX-55f5cc61-5e33-4350-845d-8732829256fd-003
date
Tue, 22 Mar 2022 14:19:52 GMT
server
Tengine
p3p
CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
etag
RX55f5cc615e334350845d8732829256fd003
content-type
text/html
zmn-usync
router.infolinks.com/dyn/ Frame A2EC
Redirect Chain
  • https://b1sync.zemanta.com/usersync/infolinks/?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fzmn-usync%3Fuid%3D__ZUID__
  • https://router.infolinks.com/dyn/zmn-usync?uid=
35 B
90 B
Image
General
Full URL
https://router.infolinks.com/dyn/zmn-usync?uid=
Requested by
Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3241790&wsid=0&pdom=www.threatminer.org&purl=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe
Protocol
H2
Server
172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
16957a3bb9422d4ba380be3b630db7a310e87e65f224e2be865dd64dd0b5664d

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://router.infolinks.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:19:51 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p
CP="NON DSP NID OUR COR"
content-type
image/gif
cache-control
no-store
cf-ray
6eff908da8349978-FRA
content-length
35

Redirect headers

Location
https://router.infolinks.com/dyn/zmn-usync?uid=
Pragma
no-cache
Date
Tue, 22 Mar 2022 14:19:51 GMT
Cache-Control
no-cache, no-store, must-revalidate
Expires
Thu, 01 Dec 1994 16:00:00 GMT
Content-Length
70
Content-Type
text/html; charset=utf-8
us
sync.go.sonobi.com/ Frame A2EC
0
474 B
Image
General
Full URL
https://sync.go.sonobi.com/us?loc=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fsonobi-usync%3Fuid%3D%5BUID%5D
Requested by
Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3241790&wsid=0&pdom=www.threatminer.org&purl=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
178.162.133.149 Rijswijk, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
ams-1-sync.go.sonobi.com
Software
sonobi-go /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://router.infolinks.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 22 Mar 2022 14:19:50 GMT
Server
sonobi-go
Vary
negotiate,Accept-Encoding
X-Go-Server
xcp-ams-1-7-9
P3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control
no-cache, no-store, private
Tcn
Choice
Content-Type
text/plain; charset=utf8
Content-Length
0
X-Xss-Protection
0
Expires
Sat, 26 Jul 1997 05:00:00 GMT
ca.png
s.cpx.to/ Frame A2EC
Redirect Chain
  • https://ib.adnxs.com/getuid?https://s.cpx.to/ca.png?ref=https%253A%252F%252Fwww.threatminer.org%252Fsample.php%253Fq%253D56e008e903a7e3a3b98e19f313435afe&pid=12306&adnxs_uid=$UID
  • https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fs.cpx.to%2Fca.png%3Fref%3Dhttps%25253A%25252F%25252Fwww.threatminer.org%25252Fsample.php%25253Fq%25253D56e008e903a7e3a3b98e19f313435afe%26pid%3...
  • https://s.cpx.to/ca.png?ref=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe&pid=12306&adnxs_uid=2843408346336645752
95 B
945 B
Image
General
Full URL
https://s.cpx.to/ca.png?ref=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe&pid=12306&adnxs_uid=2843408346336645752
Requested by
Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3241790&wsid=0&pdom=www.threatminer.org&purl=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe
Protocol
HTTP/1.1
Server
52.30.111.237 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-30-111-237.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
bf27786b4381176350787d768bf5f7c5310ba640aa48ee98a3d2c310ddd971ab
Security Headers
Name Value
Content-Security-Policy default-src 'self'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://router.infolinks.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma
no-cache, no-cache
Content-Security-Policy
default-src 'self'
X-Content-Type-Options
nosniff
X-Permitted-Cross-Domain-Policies
none
Date
Tue, 22 Mar 2022 14:19:50 GMT
X-Frame-Options
sameorigin
Connection
keep-alive
P3P
CP="NOI DEV ADM"
Cache-Control
no-store, must-revalidate, private, max-age=0, no-store, must-revalidate, private, max-age=0
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Type
image/png
Content-Length
95
Expires
Tue, 22 Mar 2022 14:19:50 UTC

Redirect headers

Pragma
no-cache
Date
Tue, 22 Mar 2022 14:19:50 GMT
X-Proxy-Origin
185.213.155.164; 185.213.155.164; 691.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid
42f052ed-8c00-4673-80da-262302f0e140
Server
nginx/1.21.3
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://s.cpx.to/ca.png?ref=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe&pid=12306&adnxs_uid=2843408346336645752
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
sync
dsp.adkernel.com/ Frame A2EC
42 B
233 B
Image
General
Full URL
https://dsp.adkernel.com/sync?exchange=202&r=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fearn-usync%3Fuid%3D%7BUID%7D
Requested by
Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3241790&wsid=0&pdom=www.threatminer.org&purl=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
174.137.133.49 , United States, ASN27257 (WEBAIR-INTERNET, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://router.infolinks.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 22 Mar 2022 14:19:51 GMT
Server
nginx
Age
0
Content-Type
image/gif
Cache-Control
no-store
Connection
keep-alive
Content-Length
42
imd-usync
router.infolinks.com/dyn/ Frame A2EC
Redirect Chain
  • https://ad.360yield.com/server_match?r=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fimd-usync%3Fuser_id%3D%7BPUB_USER_ID%7D%26partner_id%3D1531
  • https://ad.360yield.com/ul_cb/server_match?r=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fimd-usync%3Fuser_id%3D%7BPUB_USER_ID%7D%26partner_id%3D1531
  • https://router.infolinks.com/dyn/imd-usync?user_id=92a6f32d-36da-44dc-87a9-9edb1dba7fe8&partner_id=1531
35 B
224 B
Image
General
Full URL
https://router.infolinks.com/dyn/imd-usync?user_id=92a6f32d-36da-44dc-87a9-9edb1dba7fe8&partner_id=1531
Requested by
Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3241790&wsid=0&pdom=www.threatminer.org&purl=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe
Protocol
H2
Server
172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
16957a3bb9422d4ba380be3b630db7a310e87e65f224e2be865dd64dd0b5664d

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://router.infolinks.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 22 Mar 2022 14:19:51 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p
CP="NON DSP NID OUR COR"
content-type
image/gif
cache-control
no-store, no-cache, private
cf-ray
6eff908bed5a9978-FRA
content-length
35
expires
Mon, 22 Mar 2021 14:19:51 GMT

Redirect headers

location
https://router.infolinks.com/dyn/imd-usync?user_id=92a6f32d-36da-44dc-87a9-9edb1dba7fe8&partner_id=1531
date
Tue, 22 Mar 2022 14:19:50 GMT
access-control-allow-origin
*
content-type
text/plain
content-length
0
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
outh-usync
router.infolinks.com/dyn/ Frame A2EC
Redirect Chain
  • https://pixel.advertising.com/ups/58237/sync?&gdpr=&gdpr_consent=&redir=true
  • https://pixel.advertising.com/ups/58237/sync?&gdpr=&gdpr_consent=&redir=true&verify=true
  • https://ups.analytics.yahoo.com/ups/58237/sync?&gdpr=&gdpr_consent=&redir=true&apid=UP22de5ea8-a9eb-11ec-8372-02e24adefb4c
  • https://router.infolinks.com/dyn/outh-usync?uid=y-xfH7ugBE2uG1NOdTrho4IENi3HgFJwtj~A~UP22de5ea8-a9eb-11ec-8372-02e24adefb4c
35 B
234 B
Image
General
Full URL
https://router.infolinks.com/dyn/outh-usync?uid=y-xfH7ugBE2uG1NOdTrho4IENi3HgFJwtj~A~UP22de5ea8-a9eb-11ec-8372-02e24adefb4c
Requested by
Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3241790&wsid=0&pdom=www.threatminer.org&purl=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe
Protocol
H2
Server
172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
16957a3bb9422d4ba380be3b630db7a310e87e65f224e2be865dd64dd0b5664d

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://router.infolinks.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 22 Mar 2022 14:19:51 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p
CP="NON DSP NID OUR COR"
content-type
image/gif
cache-control
no-store, no-cache, private
cf-ray
6eff908bfd7e9978-FRA
content-length
35
expires
Mon, 22 Mar 2021 14:19:51 GMT

Redirect headers

location
https://router.infolinks.com/dyn/outh-usync?uid=y-xfH7ugBE2uG1NOdTrho4IENi3HgFJwtj~A~UP22de5ea8-a9eb-11ec-8372-02e24adefb4c
date
Tue, 22 Mar 2022 14:19:51 GMT
server
ATS/9.1.0.33
age
0
content-length
0
strict-transport-security
max-age=31536000
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
usersync
match.bnmla.com/ Frame A2EC
0
112 B
Image
General
Full URL
https://match.bnmla.com/usersync?sspid=1000361&redir=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fenbd-usync%3Fuid%3D%5BUUID%5D
Requested by
Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3241790&wsid=0&pdom=www.threatminer.org&purl=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
38.27.122.101 Chestertown, United States, ASN174 (COGENT-174, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://router.infolinks.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date
Tue, 22 Mar 2022 14:19:51 GMT
Server
nginx
Connection
keep-alive
Content-Length
0
pixel
ap.lijit.com/ Frame A2EC
0
277 B
Image
General
Full URL
https://ap.lijit.com/pixel?redir=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fsovrn-usync%3Fuid%3D%24UID
Requested by
Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3241790&wsid=0&pdom=www.threatminer.org&purl=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
216.52.2.19 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://router.infolinks.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Access-Control-Allow-Origin
*
Date
Tue, 22 Mar 2022 14:19:51 GMT
Access-Control-Allow-Credentials
true
X-Sovrn-Pod
ad_ap4ams1
Access-Control-Allow-Headers
X-Requested-With, Content-Type
Access-Control-Allow-Methods
GET, POST, DELETE, PUT
usersync
router.infolinks.com/dyn/ Frame A2EC
Redirect Chain
  • https://image8.pubmatic.com/AdServer/ImgSync?p=60809&gdpr=&gdpr_consent=&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3Fp%3D60809%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Frouter.infolink...
  • https://image4.pubmatic.com/AdServer/SPug?p=60809&pmc=1&pr=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fusersync%3Fpmuservalue%3D8B767A46-5061-4AFF-80C5-9BF67C1CEA96
  • https://router.infolinks.com/dyn/usersync?pmuservalue=8B767A46-5061-4AFF-80C5-9BF67C1CEA96
0
157 B
Image
General
Full URL
https://router.infolinks.com/dyn/usersync?pmuservalue=8B767A46-5061-4AFF-80C5-9BF67C1CEA96
Requested by
Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3241790&wsid=0&pdom=www.threatminer.org&purl=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe
Protocol
H2
Server
172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://router.infolinks.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:19:51 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p
CP="NON DSP NID OUR COR"
cache-control
no-store
cf-ray
6eff908cbe909978-FRA
content-length
0

Redirect headers

location
https://router.infolinks.com/dyn/usersync?pmuservalue=8B767A46-5061-4AFF-80C5-9BF67C1CEA96
date
Tue, 22 Mar 2022 14:19:50 GMT
cache-control
no-store, no-cache, private
server
nginx
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
zeta-usync
router.infolinks.com/dyn/ Frame A2EC
Redirect Chain
  • https://p.rfihub.com/cm?pub=43153&in=1
  • https://router.infolinks.com/dyn/zeta-usync?uid=5131077720956860077
35 B
187 B
Image
General
Full URL
https://router.infolinks.com/dyn/zeta-usync?uid=5131077720956860077
Requested by
Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3241790&wsid=0&pdom=www.threatminer.org&purl=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe
Protocol
H2
Server
172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
16957a3bb9422d4ba380be3b630db7a310e87e65f224e2be865dd64dd0b5664d

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://router.infolinks.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 22 Mar 2022 14:19:51 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p
CP="NON DSP NID OUR COR"
content-type
image/gif
cache-control
no-store, no-cache, private
cf-ray
6eff908cbe8e9978-FRA
content-length
35
expires
Mon, 22 Mar 2021 14:19:51 GMT

Redirect headers

Location
https://router.infolinks.com/dyn/zeta-usync?uid=5131077720956860077
Date
Tue, 22 Mar 2022 14:19:51 GMT
Server
Jetty(9.3.29.v20201019)
Content-Length
0
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
oRTB
sync.inmobi.com/ Frame A2EC
0
0

/
ssc-cms.33across.com/ps/ Frame A2EC
0
72 B
Image
General
Full URL
https://ssc-cms.33across.com/ps/?ri=0010b00002CpYhEAAV&ru=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2F33a-usync%3Fuid%3D33XUSERID33X
Requested by
Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3241790&wsid=0&pdom=www.threatminer.org&purl=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
67.202.105.24 , United States, ASN32748 (STEADFAST, US),
Reverse DNS
ip24.67-202-105.static.steadfastdns.net
Software
33XP003 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://router.infolinks.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-33x-status
2000208
date
Tue, 22 Mar 2022 14:19:50 GMT
server
33XP003
iq-usync
router.infolinks.com/dyn/ Frame A2EC
0
35 B
Image
General
Full URL
https://router.infolinks.com/dyn/iq-usync
Requested by
Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3241790&wsid=0&pdom=www.threatminer.org&purl=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://router.infolinks.com/usync/manage?pid=3241790&wsid=0&pdom=www.threatminer.org&purl=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:19:51 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cache-control
no-store
cf-ray
6eff908c2dc49978-FRA
content-length
0
lounge.load.31cd6fbd4797db790bc183cea2909ab5.js
c.disquscdn.com/next/embed/ Frame C7EA
958 B
1 KB
Script
General
Full URL
https://c.disquscdn.com/next/embed/lounge.load.31cd6fbd4797db790bc183cea2909ab5.js
Requested by
Host: disqus.com
URL: https://disqus.com/embed/comments/?base=default&f=threatminer&t_i=56e008e903a7e3a3b98e19f313435afe&t_u=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe&t_d=56e008e903a7e3a3b98e19f313435afe%20Malware%20Analysis%20Results%20%7C%20ThreatMiner.org&t_t=56e008e903a7e3a3b98e19f313435afe%20Malware%20Analysis%20Results%20%7C%20ThreatMiner.org&s_o=default
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2057:8600:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
93f2072c521fbd53054fe2a73577cff9b62b94dac4573502aacd93625d9d52fd
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://disqus.com/embed/comments/?base=default&f=threatminer&t_i=56e008e903a7e3a3b98e19f313435afe&t_u=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe&t_d=56e008e903a7e3a3b98e19f313435afe%20Malware%20Analysis%20Results%20%7C%20ThreatMiner.org&t_t=56e008e903a7e3a3b98e19f313435afe%20Malware%20Analysis%20Results%20%7C%20ThreatMiner.org&s_o=default
Origin
https://disqus.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Mon, 21 Mar 2022 19:26:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
68015
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
498
x-xss-protection
1; mode=block
x-served-by
static-web-1
access-control-allow-origin
*
surrogate-key
next
last-modified
Mon, 21 Mar 2022 19:03:40 GMT
server
nginx
etag
"6238cc0c-1f2"
content-type
application/javascript; charset=utf-8
via
1.1 2f0580a0593ad9d3fb82aee9226d8178.cloudfront.net (CloudFront)
expires
Tue, 21 Mar 2023 19:26:15 GMT
cache-control
max-age=31536000, public, immutable, no-transform
x-amz-cf-pop
FRA6-C1
timing-allow-origin
*
x-amz-cf-id
BZWz1Wu4stv8WSNSina8LdYGGLgOW2MI-_BljQym7kKIVphGZCS17g==
x-cache-hits
0
impl.20220319-2-RELEASE.js
cdn.taboola.com/libtrc/ Frame 548E
621 KB
129 KB
Script
General
Full URL
https://cdn.taboola.com/libtrc/impl.20220319-2-RELEASE.js
Requested by
Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/disqus-widget-safetylevel20longtail09/loader.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3-br /
Resource Hash
b9cce687259803b513d2ea269400b8ef83a08d980d57721898f5e0b26f588daf

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.threatminer.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-amz-version-id
LThhP0TeUqvLXt9aD0JX4dZu2R0zmMed
content-encoding
br
etag
"11ae81f5b023e6400ecc9d0b627ab6b5"
age
7209
x-cache
HIT
content-length
131449
x-amz-id-2
xuvPcN0f8hsMsP6XHAm0THR1TAptFla3qJkViUClSjCuQ3M/l0jJgQOiQoUqOeGChnMxqnWKJ5E=
x-served-by
cache-hhn4027-HHN
last-modified
Sun, 20 Mar 2022 12:18:55 GMT
server
AmazonS3-br
x-timer
S1647958791.831983,VS0,VE0
date
Tue, 22 Mar 2022 14:19:50 GMT
vary
Accept-Encoding
x-amz-request-id
TD1CZRV2J04N7QG4
via
1.1 varnish
cache-control
private,max-age=31536000
accept-ranges
bytes
content-type
application/javascript
abp
19
x-cache-hits
8174
beacon.js
sb.scorecardresearch.com/ Frame 548E
1 KB
1 KB
Script
General
Full URL
https://sb.scorecardresearch.com/beacon.js
Requested by
Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/disqus-widget-safetylevel20longtail09/loader.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.7.38 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-7-38.fra6.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
a256529bd5b1b8846f8d2536ce7581fb6cea4479992f222d01535903dff48d79

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.threatminer.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 02:58:06 GMT
content-encoding
gzip
etag
W/"1827f116c73f319409b97f10b8a58ade"
last-modified
Fri, 26 Feb 2021 14:35:05 GMT
server
AmazonS3
age
40922
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
via
1.1 f0a97a8c56cd2bb79a1739863489ed4c.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA6-C1
x-amz-cf-id
BrfjV-BGRAkhwhbbYUTpKXz01ID4rLpSmIQ99PMwrnVHj1H68rxBcA==
impl.20220319-2-RELEASE.js
cdn.taboola.com/libtrc/ Frame 725C
621 KB
129 KB
Script
General
Full URL
https://cdn.taboola.com/libtrc/impl.20220319-2-RELEASE.js
Requested by
Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/disqus-widget-safetylevel20longtail09/loader.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3-br /
Resource Hash
b9cce687259803b513d2ea269400b8ef83a08d980d57721898f5e0b26f588daf

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.threatminer.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-amz-version-id
LThhP0TeUqvLXt9aD0JX4dZu2R0zmMed
content-encoding
br
etag
"11ae81f5b023e6400ecc9d0b627ab6b5"
age
7209
x-cache
HIT
content-length
131449
x-amz-id-2
xuvPcN0f8hsMsP6XHAm0THR1TAptFla3qJkViUClSjCuQ3M/l0jJgQOiQoUqOeGChnMxqnWKJ5E=
x-served-by
cache-hhn4027-HHN
last-modified
Sun, 20 Mar 2022 12:18:55 GMT
server
AmazonS3-br
x-timer
S1647958791.844946,VS0,VE0
date
Tue, 22 Mar 2022 14:19:50 GMT
vary
Accept-Encoding
x-amz-request-id
TD1CZRV2J04N7QG4
via
1.1 varnish
cache-control
private,max-age=31536000
accept-ranges
bytes
content-type
application/javascript
abp
19
x-cache-hits
8175
beacon.js
sb.scorecardresearch.com/ Frame 725C
1 KB
1 KB
Script
General
Full URL
https://sb.scorecardresearch.com/beacon.js
Requested by
Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/disqus-widget-safetylevel20longtail09/loader.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.7.38 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-7-38.fra6.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
a256529bd5b1b8846f8d2536ce7581fb6cea4479992f222d01535903dff48d79

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.threatminer.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 02:58:06 GMT
content-encoding
gzip
etag
W/"1827f116c73f319409b97f10b8a58ade"
last-modified
Fri, 26 Feb 2021 14:35:05 GMT
server
AmazonS3
age
40922
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
via
1.1 f0a97a8c56cd2bb79a1739863489ed4c.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA6-C1
x-amz-cf-id
R0Oh2G9QZI5CQqRJJRammA0MchHJbyNHfqxRaVAzBOBgy7JRl9EjLA==
common.bundle.9450cde9dd2c9d366781a8fc5ff6e933.js
c.disquscdn.com/next/embed/ Frame C7EA
282 KB
93 KB
Script
General
Full URL
https://c.disquscdn.com/next/embed/common.bundle.9450cde9dd2c9d366781a8fc5ff6e933.js
Requested by
Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/lounge.load.31cd6fbd4797db790bc183cea2909ab5.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2057:8600:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
4d9e28bf1814e0986b8e5b001e2c8d55d164f9cf8ee3ddc1ccf5560fe7053b66
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://disqus.com/embed/comments/?base=default&f=threatminer&t_i=56e008e903a7e3a3b98e19f313435afe&t_u=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe&t_d=56e008e903a7e3a3b98e19f313435afe%20Malware%20Analysis%20Results%20%7C%20ThreatMiner.org&t_t=56e008e903a7e3a3b98e19f313435afe%20Malware%20Analysis%20Results%20%7C%20ThreatMiner.org&s_o=default
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 09 Mar 2022 22:16:50 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
1094580
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
94746
x-xss-protection
1; mode=block
x-served-by
static-web-1
access-control-allow-origin
*
surrogate-key
next
last-modified
Wed, 09 Mar 2022 21:55:40 GMT
server
nginx
etag
"6229225c-1721a"
content-type
application/javascript; charset=utf-8
via
1.1 25c6baf0a31a5ef699c1e219b25ce7b8.cloudfront.net (CloudFront)
expires
Thu, 09 Mar 2023 22:16:50 GMT
cache-control
max-age=31536000, public, immutable, no-transform
x-amz-cf-pop
FRA6-C1
timing-allow-origin
*
x-amz-cf-id
MDMjZPHgfUUg2kvqmm72AXduzAVawgCTEBo9BJdy7YATQTqdMuZjHQ==
x-cache-hits
0
json
trc.taboola.com/disqus-widget-safetylevel20longtail09/trc/3/ Frame 548E
14 KB
6 KB
XHR
General
Full URL
https://trc.taboola.com/disqus-widget-safetylevel20longtail09/trc/3/json?tim=14%3A19%3A50.918&lti=deflated&data=%7B%22id%22%3A98%2C%22ii%22%3A%22%2Fsample.php%22%2C%22it%22%3A%22text%22%2C%22sd%22%3Anull%2C%22ui%22%3Anull%2C%22uifp%22%3Anull%2C%22lbt%22%3A1647897985117%2C%22vi%22%3A1647958790916%2C%22cv%22%3A%2220220319-2-RELEASE%22%2C%22uiv%22%3A%22default%22%2C%22u%22%3A%22https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe%22%2C%22bv%22%3A%220%22%2C%22ul%22%3A%5B%22en-US%22%2C%22en%22%5D%2C%22btv%22%3A%220%22%2C%22cos%22%3A%224g%22%2C%22plf%22%3A%7B%22ack_exm%22%3Atrue%7D%2C%22bu%22%3A%22https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe%22%2C%22vpi%22%3A%22https%3A%2F%2Fwww.threatminer.org%2Fsample.php%22%2C%22e%22%3A%22https%3A%2F%2Fwww.threatminer.org%2F%22%2C%22bad%22%3A-1%2C%22sw%22%3A1600%2C%22sh%22%3A1200%2C%22bw%22%3A1208%2C%22sde%22%3A%221.000%22%2C%22bh%22%3A17%2C%22dw%22%3A1208%2C%22dh%22%3A27%2C%22qs%22%3A%22%3Fq%3D56e008e903a7e3a3b98e19f313435afe%22%2C%22r%22%3A%5B%7B%22li%22%3A%22rbox-t2m%22%2C%22s%22%3A6%2C%22uim%22%3A%22thumbnails-b%3Aabp%3D0%22%2C%22uip%22%3A%22%7B%5C%22domain%5C%22%3A%20%5C%22https%3A%2F%2Fwww.threatminer.org%5C%22%2C%20%5C%22experiment%5C%22%3A%20%5C%22network_default%5C%22%2C%20%5C%22position%5C%22%3A%20%5C%22bottom%5C%22%2C%20%5C%22shortname%5C%22%3A%20%5C%22threatminer%5C%22%2C%20%5C%22variant%5C%22%3A%20%5C%22fallthrough%5C%22%7D%22%2C%22orig_uip%22%3A%22%7B%5C%22domain%5C%22%3A%20%5C%22https%3A%2F%2Fwww.threatminer.org%5C%22%2C%20%5C%22experiment%5C%22%3A%20%5C%22network_default%5C%22%2C%20%5C%22position%5C%22%3A%20%5C%22bottom%5C%22%2C%20%5C%22shortname%5C%22%3A%20%5C%22threatminer%5C%22%2C%20%5C%22variant%5C%22%3A%20%5C%22fallthrough%5C%22%7D%22%2C%22cd%22%3A27%2C%22mw%22%3A0%7D%5D%2C%22cb%22%3A%22TRC.callbacks.recommendations_1%22%2C%22lt%22%3A%22deflated%22%7D&llvl=2
Requested by
Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20220319-2-RELEASE.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
e2bafd2165eb1387adb1f6e0491591298a5db55db74a00c8121b3e6f1367fdd9

Request headers

Referer
https://www.threatminer.org/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type
text/plain

Response headers

x-vcl-time-ms
331
date
Tue, 22 Mar 2022 14:19:51 GMT
content-encoding
gzip
server
nginx
x-timer
S1647958791.932629,VS0,VE331
x-served-by
cache-hhn4027-HHN
vary
Accept-Encoding
x-cache
MISS
p3p
policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin
https://www.threatminer.org
access-control-allow-credentials
true
accept-ranges
bytes
content-type
application/javascript; charset=utf-8
via
1.1 varnish
x-cache-hits
0
json
trc.taboola.com/disqus-widget-safetylevel20longtail09/trc/3/ Frame 725C
16 KB
6 KB
XHR
General
Full URL
https://trc.taboola.com/disqus-widget-safetylevel20longtail09/trc/3/json?tim=14%3A19%3A50.961&lti=deflated&data=%7B%22id%22%3A366%2C%22ii%22%3A%22%2Fsample.php%22%2C%22it%22%3A%22text%22%2C%22sd%22%3Anull%2C%22ui%22%3Anull%2C%22uifp%22%3Anull%2C%22lbt%22%3A1647897985117%2C%22vi%22%3A1647958790916%2C%22cv%22%3A%2220220319-2-RELEASE%22%2C%22uiv%22%3A%22default%22%2C%22u%22%3A%22https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe%22%2C%22bv%22%3A%220%22%2C%22ul%22%3A%5B%22en-US%22%2C%22en%22%5D%2C%22btv%22%3A%220%22%2C%22cos%22%3A%224g%22%2C%22plf%22%3A%7B%22ack_exm%22%3Atrue%7D%2C%22bu%22%3A%22https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe%22%2C%22vpi%22%3A%22https%3A%2F%2Fwww.threatminer.org%2Fsample.php%22%2C%22e%22%3A%22https%3A%2F%2Fwww.threatminer.org%2F%22%2C%22bad%22%3A-1%2C%22sw%22%3A1600%2C%22sh%22%3A1200%2C%22bw%22%3A1208%2C%22sde%22%3A%221.000%22%2C%22bh%22%3A17%2C%22dw%22%3A1208%2C%22dh%22%3A27%2C%22qs%22%3A%22%3Fq%3D56e008e903a7e3a3b98e19f313435afe%22%2C%22r%22%3A%5B%7B%22li%22%3A%22rbox-t2m%22%2C%22s%22%3A7%2C%22uim%22%3A%22thumbnails-a%3Aabp%3D0%22%2C%22uip%22%3A%22%7B%5C%22domain%5C%22%3A%20%5C%22https%3A%2F%2Fwww.threatminer.org%5C%22%2C%20%5C%22experiment%5C%22%3A%20%5C%22network_default%5C%22%2C%20%5C%22position%5C%22%3A%20%5C%22top%5C%22%2C%20%5C%22shortname%5C%22%3A%20%5C%22threatminer%5C%22%2C%20%5C%22variant%5C%22%3A%20%5C%22fallthrough%5C%22%7D%22%2C%22orig_uip%22%3A%22%7B%5C%22domain%5C%22%3A%20%5C%22https%3A%2F%2Fwww.threatminer.org%5C%22%2C%20%5C%22experiment%5C%22%3A%20%5C%22network_default%5C%22%2C%20%5C%22position%5C%22%3A%20%5C%22top%5C%22%2C%20%5C%22shortname%5C%22%3A%20%5C%22threatminer%5C%22%2C%20%5C%22variant%5C%22%3A%20%5C%22fallthrough%5C%22%7D%22%2C%22cd%22%3A27%2C%22mw%22%3A0%7D%5D%2C%22cb%22%3A%22TRC.callbacks.recommendations_1%22%2C%22lt%22%3A%22deflated%22%7D&llvl=2
Requested by
Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20220319-2-RELEASE.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
c9c6073864da0f83dc8e7f845b4d5f8959e934c29edd2c90534467cecccadce1

Request headers

Referer
https://www.threatminer.org/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type
text/plain

Response headers

x-vcl-time-ms
368
date
Tue, 22 Mar 2022 14:19:51 GMT
content-encoding
gzip
server
nginx
x-timer
S1647958791.965665,VS0,VE368
x-served-by
cache-hhn4027-HHN
vary
Accept-Encoding
x-cache
MISS
p3p
policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin
https://www.threatminer.org
access-control-allow-credentials
true
accept-ranges
bytes
content-type
application/javascript; charset=utf-8
via
1.1 varnish
x-cache-hits
0
casale
match.adsrvr.org/track/cmf/ Frame 08A2
70 B
265 B
Image
General
Full URL
https://match.adsrvr.org/track/cmf/casale?gdpr=1
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D&s=191306&C=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.33.220.150 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a12b7a488abeaa9e4.awsglobalaccelerator.com
Software
/
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 22 Mar 2022 14:19:51 GMT
cache-control
private,no-cache, must-revalidate
x-aspnet-version
4.0.30319
content-type
image/gif
content-length
70
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
crum
dsum-sec.casalemedia.com/ Frame 08A2
Redirect Chain
  • https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D&gdpr=1
  • https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=YjnbBjS4PehpXSLSwhYw9AAA
  • https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=casale_media2_dbm&google_cm=&google_sc=&google_hm=YjnbBjS4PehpXSLSwhYw9AAA&google_tc=
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEHNUYob_wfPu8I9puuAeWFU&google_cver=1&gdpr=1
43 B
1000 B
Image
General
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEHNUYob_wfPu8I9puuAeWFU&google_cver=1&gdpr=1
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D&s=191306&C=1
Protocol
HTTP/1.1
Server
184.30.20.241 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-30-20-241.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 22 Mar 2022 14:19:51 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Tue, 22 Mar 2022 14:19:51 GMT

Redirect headers

pragma
no-cache
date
Tue, 22 Mar 2022 14:19:51 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEHNUYob_wfPu8I9puuAeWFU&google_cver=1&gdpr=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
325
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame 08A2
170 B
243 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=YjnbBjS4PehpXSLSwhYw9AAABG8AAAIB&gdpr_consent=&us_privacy=&gdpr=1
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D&s=191306&C=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s04-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 22 Mar 2022 14:19:51 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
dcm
s.amazon-adsystem.com/ Frame 08A2
Redirect Chain
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YjnbBjS4PehpXSLSwhYw9AAABG8AAAIB
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YjnbBjS4PehpXSLSwhYw9AAABG8AAAIB&dcc=t
43 B
645 B
Image
General
Full URL
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YjnbBjS4PehpXSLSwhYw9AAABG8AAAIB&dcc=t
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D&s=191306&C=1
Protocol
HTTP/1.1
Server
209.54.180.144 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 22 Mar 2022 14:19:51 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
N6S713KC6S38T8D59K8A
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Tue, 22 Mar 2022 14:19:51 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
M2T1E251Y0A43B2NVD8Q
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YjnbBjS4PehpXSLSwhYw9AAABG8AAAIB&dcc=t
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Length
0
Expires
Thu, 01 Jan 1970 00:00:00 GMT
getuid
ib.adnxs.com/ Frame 08A2
0
0
Image
General
Full URL
https://ib.adnxs.com/getuid?https://dsum.casalemedia.com/crum?cm_dsp_id=190&external_user_id=$UID&gdpr=1
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D&s=191306&C=1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
37.252.172.37 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
691.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

113
match.deepintent.com/usersync/ Frame 08A2
0
44 B
Image
General
Full URL
https://match.deepintent.com/usersync/113
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D&s=191306&C=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
38.91.45.7 , United States, ASN398989 (DEEPINTENT, US),
Reverse DNS
Software
c /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:19:51 GMT
content-length
0
server
c
crum
dsum-sec.casalemedia.com/ Frame 08A2
Redirect Chain
  • https://match.prod.bidr.io/cookie-sync/ie?gdpr=1
  • https://match.prod.bidr.io/cookie-sync/ie?gdpr=1&_bee_ppp=1
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=130&external_user_id=AACXR07Ec7YAADH5JbgpTg&expiration=1649168391&gdpr=1
43 B
1022 B
Image
General
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=130&external_user_id=AACXR07Ec7YAADH5JbgpTg&expiration=1649168391&gdpr=1
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D&s=191306&C=1
Protocol
HTTP/1.1
Server
184.30.20.241 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-30-20-241.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 22 Mar 2022 14:19:51 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Tue, 22 Mar 2022 14:19:51 GMT

Redirect headers

location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=130&external_user_id=AACXR07Ec7YAADH5JbgpTg&expiration=1649168391&gdpr=1
Date
Tue, 22 Mar 2022 14:19:51 GMT
Server
nginx
Connection
keep-alive
Content-Length
0
strict-transport-security
max-age=2592000; includeSubDomains
crum
dsum.casalemedia.com/ Frame 08A2
Redirect Chain
  • https://dmp.brand-display.com/cm/api/index?cm_dsp_id=191&cm_user_id=%3CIndex_user_id%3E&gdpr=1
  • https://dsum.casalemedia.com/crum?cm_dsp_id=191&external_user_id=6f272d75-955e-dd6c-c2975258
43 B
1000 B
Image
General
Full URL
https://dsum.casalemedia.com/crum?cm_dsp_id=191&external_user_id=6f272d75-955e-dd6c-c2975258
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D&s=191306&C=1
Protocol
HTTP/1.1
Server
184.30.20.241 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-30-20-241.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 22 Mar 2022 14:19:51 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Tue, 22 Mar 2022 14:19:51 GMT

Redirect headers

date
Tue, 22 Mar 2022 14:19:51 GMT
via
1.1 google
server
nginx/1.20.2
access-control-allow-origin
*
p3p
CP='This is not a P3P policy!'
location
https://dsum.casalemedia.com/crum?cm_dsp_id=191&external_user_id=6f272d75-955e-dd6c-c2975258
cache-control
max-age=3600
content-type
text/html; charset=utf-8
alt-svc
clear
content-length
119
ix-usync
router.infolinks.com/dyn/ Frame 08A2
35 B
197 B
Image
General
Full URL
https://router.infolinks.com/dyn/ix-usync?uid=YjnbBjS4PehpXSLSwhYw9AAA%261135
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D&s=191306&C=1
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
16957a3bb9422d4ba380be3b630db7a310e87e65f224e2be865dd64dd0b5664d

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 22 Mar 2022 14:19:51 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p
CP="NON DSP NID OUR COR"
content-type
image/gif
cache-control
no-store, no-cache, private
cf-ray
6eff908bfd7b9978-FRA
content-length
35
expires
Mon, 22 Mar 2021 14:19:51 GMT
async-ads.js
cse.google.com/adsense/search/
136 KB
50 KB
Script
General
Full URL
https://cse.google.com/adsense/search/async-ads.js
Requested by
Host: www.google.com
URL: https://www.google.com/cse/static/element/45f4e5efab1258be/cse_element__en.js?usqp=CAI%3D
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
26b455d05301acda19c24cf35fa5aec0945bf50244421d00678502a785d33393
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.threatminer.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:19:51 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="ads-afs-ui"
etag
"12222482082425325471"
vary
Accept-Encoding
report-to
{"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
accept-ranges
bytes
expires
Tue, 22 Mar 2022 14:19:51 GMT
clear.png
www.google.com/cse/static/css/v2/
1018 B
1 KB
Image
General
Full URL
https://www.google.com/cse/static/css/v2/clear.png
Requested by
Host: www.google.com
URL: https://www.google.com/cse/static/element/45f4e5efab1258be/default+en.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
329d1a750114920332eadc55c129957d9dbe5a1b25745e2f7e0ed4fad75e04cd
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.google.com/cse/static/element/45f4e5efab1258be/default+en.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 16 Mar 2022 05:46:24 GMT
x-content-type-options
nosniff
age
549207
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/prose-team
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1018
x-xss-protection
0
last-modified
Mon, 25 May 2020 08:30:00 GMT
server
sffe
report-to
{"group":"prose-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/prose-team"}]}
content-type
image/png
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="prose-team"
expires
Thu, 16 Mar 2023 05:46:24 GMT
branding.png
www.google.com/cse/static/images/1x/en/
1 KB
1 KB
Image
General
Full URL
https://www.google.com/cse/static/images/1x/en/branding.png
Requested by
Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=56e008e903a7e3a3b98e19f313435afe
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
331b2b1241f1f2a53744bdca867c5b76954d9431970e91f490f64c707fc24a16
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.threatminer.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Sat, 19 Mar 2022 12:42:20 GMT
x-content-type-options
nosniff
age
265051
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/prose-team
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1372
x-xss-protection
0
last-modified
Mon, 25 May 2020 08:30:00 GMT
server
sffe
report-to
{"group":"prose-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/prose-team"}]}
content-type
image/png
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="prose-team"
expires
Sun, 19 Mar 2023 12:42:20 GMT
v1
cse.google.com/cse/element/
464 B
328 B
Script
General
Full URL
https://cse.google.com/cse/element/v1?rsz=5&num=5&hl=en&source=gcsc&gss=.com&cselibv=45f4e5efab1258be&cx=009665096751685288782:o6_z_tmwsge&q=56e008e903a7e3a3b98e19f313435afe&safe=off&cse_tok=AJvRUv3UFMeBxRUAaMZz2IF5r1Nz:1647958790586&filter=0&sort=&exp=csqr,cc&callback=google.search.cse.api14354
Requested by
Host: www.google.com
URL: https://www.google.com/cse/static/element/45f4e5efab1258be/cse_element__en.js?usqp=CAI%3D
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
9219490d546d2ec3d3d040fd4f08346c9de5305917ca68a8d6c1d1fea61d7836
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-6s2OoiGJYg4+/x1XwmFQyQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/QualityProseCsqrElementHttp/cspreport;worker-src 'self', script-src 'nonce-6s2OoiGJYg4+/x1XwmFQyQ' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/QualityProseCsqrElementHttp/cspreport, require-trusted-types-for 'script';report-uri /_/QualityProseCsqrElementHttp/cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.threatminer.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:19:51 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="json.txt"; filename*=UTF-8''json.txt
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
pragma
no-cache
server
ESF
cross-origin-opener-policy
same-origin; report-to="QualityProseCsqrElementHttp"
x-frame-options
SAMEORIGIN
report-to
{"group":"QualityProseCsqrElementHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/QualityProseCsqrElementHttp/external"}]}
content-type
application/javascript; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-security-policy
script-src 'report-sample' 'nonce-6s2OoiGJYg4+/x1XwmFQyQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/QualityProseCsqrElementHttp/cspreport;worker-src 'self', script-src 'nonce-6s2OoiGJYg4+/x1XwmFQyQ' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/QualityProseCsqrElementHttp/cspreport, require-trusted-types-for 'script';report-uri /_/QualityProseCsqrElementHttp/cspreport
expires
Mon, 01 Jan 1990 00:00:00 GMT
generate_204
www.googleapis.com/
0
178 B
Image
General
Full URL
https://www.googleapis.com/generate_204
Requested by
Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=56e008e903a7e3a3b98e19f313435afe
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.threatminer.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:19:51 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
generate_204
clients1.google.com/
0
178 B
Image
General
Full URL
https://clients1.google.com/generate_204
Requested by
Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=56e008e903a7e3a3b98e19f313435afe
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.threatminer.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:19:51 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
b2
sb.scorecardresearch.com/ Frame 548E
Redirect Chain
  • https://sb.scorecardresearch.com/b?c1=7&c2=34354936&c3=1&ns__t=1647958791015&ns_c=UTF-8&ns_if=1&cv=3.5&c8=&c7=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe&c9=
  • https://sb.scorecardresearch.com/b2?c1=7&c2=34354936&c3=1&ns__t=1647958791015&ns_c=UTF-8&ns_if=1&cv=3.5&c8=&c7=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe&c9=
0
222 B
Image
General
Full URL
https://sb.scorecardresearch.com/b2?c1=7&c2=34354936&c3=1&ns__t=1647958791015&ns_c=UTF-8&ns_if=1&cv=3.5&c8=&c7=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe&c9=
Requested by
Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=56e008e903a7e3a3b98e19f313435afe
Protocol
H2
Server
99.86.7.38 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-7-38.fra6.r.cloudfront.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.threatminer.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:19:51 GMT
via
1.1 f0a97a8c56cd2bb79a1739863489ed4c.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA6-C1
etag
W/"0-2jmj7l5rSw0yVb/vlWAYkK/YBwk"
x-amz-cf-id
jicsS9qH752xLS0KiLxnSpu9Autndn-Pp7IiqcwddhfY-WYefOjdzQ==
x-cache
Miss from cloudfront

Redirect headers

date
Tue, 22 Mar 2022 14:19:51 GMT
via
1.1 f0a97a8c56cd2bb79a1739863489ed4c.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA6-C1
vary
Accept
x-cache
Miss from cloudfront
content-type
text/plain; charset=utf-8
location
https://sb.scorecardresearch.com/b2?c1=7&c2=34354936&c3=1&ns__t=1647958791015&ns_c=UTF-8&ns_if=1&cv=3.5&c8=&c7=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe&c9=
content-length
222
x-amz-cf-id
nNAUkRwiHL_GiHnBfKf3kfsbiyVb_Oep1X8A2ZXF1EAAFndBA_hQtA==
b2
sb.scorecardresearch.com/ Frame 725C
Redirect Chain
  • https://sb.scorecardresearch.com/b?c1=7&c2=34354936&c3=1&ns__t=1647958791016&ns_c=UTF-8&ns_if=1&cv=3.5&c8=&c7=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe&c9=
  • https://sb.scorecardresearch.com/b2?c1=7&c2=34354936&c3=1&ns__t=1647958791016&ns_c=UTF-8&ns_if=1&cv=3.5&c8=&c7=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe&c9=
0
224 B
Image
General
Full URL
https://sb.scorecardresearch.com/b2?c1=7&c2=34354936&c3=1&ns__t=1647958791016&ns_c=UTF-8&ns_if=1&cv=3.5&c8=&c7=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe&c9=
Requested by
Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=56e008e903a7e3a3b98e19f313435afe
Protocol
H2
Server
99.86.7.38 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-7-38.fra6.r.cloudfront.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.threatminer.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:19:51 GMT
via
1.1 f0a97a8c56cd2bb79a1739863489ed4c.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA6-C1
etag
W/"0-2jmj7l5rSw0yVb/vlWAYkK/YBwk"
x-amz-cf-id
0Sj7mUqDTpdZPj4UG3VOB1isxWYYj2SzhTMbkmGQR_bSZYG4roEzHQ==
x-cache
Miss from cloudfront

Redirect headers

date
Tue, 22 Mar 2022 14:19:51 GMT
via
1.1 f0a97a8c56cd2bb79a1739863489ed4c.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA6-C1
vary
Accept
x-cache
Miss from cloudfront
content-type
text/plain; charset=utf-8
location
https://sb.scorecardresearch.com/b2?c1=7&c2=34354936&c3=1&ns__t=1647958791016&ns_c=UTF-8&ns_if=1&cv=3.5&c8=&c7=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe&c9=
content-length
222
x-amz-cf-id
MvT5r3O8aKlICl1H3Myd-dL3lIy3mjCSgKtGEdJCIWGFlSD3dsPN1A==
in_search.js
resources.infolinks.com/js/1789.003-3.025/
123 KB
46 KB
Script
General
Full URL
https://resources.infolinks.com/js/1789.003-3.025/in_search.js
Requested by
Host: resources.infolinks.com
URL: https://resources.infolinks.com/js/1789.003-3.025/ice.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8882c05ade8d73602a50fccfc5e3d2ad0ff2427e6c7adafc2d8f13a1da7f1ec4

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.threatminer.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

cf-ray
6eff908bed5d9978-FRA
date
Tue, 22 Mar 2022 14:19:51 GMT
via
1.1 google
cf-cache-status
HIT
last-modified
Wed, 16 Mar 2022 08:23:27 GMT
server
cloudflare
age
6243
etag
W/"1eb7c-5da51a0c1ca08"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=2592000
content-encoding
gzip
expires
Thu, 21 Apr 2022 12:35:48 GMT
ima3.js
imasdk.googleapis.com/js/sdkloader/
371 KB
124 KB
Script
General
Full URL
https://imasdk.googleapis.com/js/sdkloader/ima3.js
Requested by
Host: resources.infolinks.com
URL: https://resources.infolinks.com/js/1789.003-3.025/ice.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
9e3f824116bf1ec3acc0dd7c003055cfb201ab314633e5874a4c4df752bfa018
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.threatminer.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:19:51 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
cross-origin-opener-policy
same-origin; report-to="ads-doubleclick-instream-static"
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type
text/javascript
cache-control
private, max-age=900, stale-while-revalidate=3600
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
126251
x-xss-protection
0
expires
Tue, 22 Mar 2022 14:19:51 GMT
lounge.63860eb743c7d9d2adf0fa435788abe7.css
c.disquscdn.com/next/embed/styles/ Frame C7EA
165 KB
26 KB
Stylesheet
General
Full URL
https://c.disquscdn.com/next/embed/styles/lounge.63860eb743c7d9d2adf0fa435788abe7.css
Requested by
Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.9450cde9dd2c9d366781a8fc5ff6e933.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2057:8600:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
8784042e14531617c1aef40d7623d3dd1d0b24730721c779e0c3ae86ed03990e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://disqus.com/embed/comments/?base=default&f=threatminer&t_i=56e008e903a7e3a3b98e19f313435afe&t_u=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe&t_d=56e008e903a7e3a3b98e19f313435afe%20Malware%20Analysis%20Results%20%7C%20ThreatMiner.org&t_t=56e008e903a7e3a3b98e19f313435afe%20Malware%20Analysis%20Results%20%7C%20ThreatMiner.org&s_o=default
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Mon, 21 Mar 2022 19:26:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
68017
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
26078
x-xss-protection
1; mode=block
x-served-by
static-web-1
access-control-allow-origin
*
surrogate-key
next
last-modified
Mon, 21 Mar 2022 19:03:40 GMT
server
nginx
etag
"6238cc0c-65de"
content-type
text/css; charset=utf-8
via
1.1 25c6baf0a31a5ef699c1e219b25ce7b8.cloudfront.net (CloudFront)
expires
Tue, 21 Mar 2023 19:26:14 GMT
cache-control
max-age=31536000, public, immutable, no-transform
x-amz-cf-pop
FRA6-C1
timing-allow-origin
*
x-amz-cf-id
eHZdv1UFICyLhPeYgYbWgwi_dbEMA8s7kMkVsmkoxy00ULrSxOJSTw==
x-cache-hits
0
lounge.bundle.90614da243fa6052a038b5539f5086e5.js
c.disquscdn.com/next/embed/ Frame C7EA
476 KB
121 KB
Script
General
Full URL
https://c.disquscdn.com/next/embed/lounge.bundle.90614da243fa6052a038b5539f5086e5.js
Requested by
Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.9450cde9dd2c9d366781a8fc5ff6e933.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2057:8600:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
8771f93d2878d5532147d7d5356893babf64c7097f2cc390e4c0c8a61ac537b3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://disqus.com/embed/comments/?base=default&f=threatminer&t_i=56e008e903a7e3a3b98e19f313435afe&t_u=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe&t_d=56e008e903a7e3a3b98e19f313435afe%20Malware%20Analysis%20Results%20%7C%20ThreatMiner.org&t_t=56e008e903a7e3a3b98e19f313435afe%20Malware%20Analysis%20Results%20%7C%20ThreatMiner.org&s_o=default
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Mon, 21 Mar 2022 19:26:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
68017
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
123045
x-xss-protection
1; mode=block
x-served-by
static-web-1
access-control-allow-origin
*
surrogate-key
next
last-modified
Mon, 21 Mar 2022 19:03:40 GMT
server
nginx
etag
"6238cc0c-1e0a5"
content-type
application/javascript; charset=utf-8
via
1.1 25c6baf0a31a5ef699c1e219b25ce7b8.cloudfront.net (CloudFront)
expires
Tue, 21 Mar 2023 19:26:14 GMT
cache-control
max-age=31536000, public, immutable, no-transform
x-amz-cf-pop
FRA6-C1
timing-allow-origin
*
x-amz-cf-id
YyF8qHvYBWI5RvL4_OkF4fMevdyhzZ_s4WVrZxrbQRpbENAuyblA6A==
x-cache-hits
0
config.js
disqus.com/next/ Frame C7EA
14 KB
15 KB
Script
General
Full URL
https://disqus.com/next/config.js
Requested by
Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.9450cde9dd2c9d366781a8fc5ff6e933.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.0.134 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
b79e342ee881ef2ab38b3f53ff291337ace2c939dd3dc7e44cb08f56e9c1cfb4
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://disqus.com/embed/comments/?base=default&f=threatminer&t_i=56e008e903a7e3a3b98e19f313435afe&t_u=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe&t_d=56e008e903a7e3a3b98e19f313435afe%20Malware%20Analysis%20Results%20%7C%20ThreatMiner.org&t_t=56e008e903a7e3a3b98e19f313435afe%20Malware%20Analysis%20Results%20%7C%20ThreatMiner.org&s_o=default
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date
Tue, 22 Mar 2022 14:19:51 GMT
X-Content-Type-Options
nosniff
Content-Type
application/javascript; charset=UTF-8
Server
nginx
Age
52
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=300; includeSubdomains
p3p
CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Access-Control-Allow-Origin
*
Cache-Control
public, stale-while-revalidate=300, s-stalewhilerevalidate=3600, max-age=60
Cross-Origin-Resource-Policy
cross-origin
Connection
keep-alive
Timing-Allow-Origin
*
Content-Length
14710
X-XSS-Protection
1; mode=block
getads.htm
rt3001.infolinks.com/action/
2 KB
785 B
Script
General
Full URL
https://rt3001.infolinks.com/action/getads.htm?hks=%5B%7B%22lid%22%3A%22d_IL_INSEARCH%22%2C%22bdc%22%3A1%2C%22prod_t%22%3A%22d%22%2C%22garc%22%3A0%2C%22sdata%22%3A%22license%22%2C%22scs%22%3A%220ufidKdznN%22%7D%5D&rid=3c640820-1335-4f96-93da-56f35757e8b9&jsv=1789.003-3.025&sr=1600X1200&rts=1647958791061&cfv=-1&cb=getAdsResponse&os=Windows&ov=10&br=Chrome&bv=99.0.4844.51&dv=p&ce=t&purl=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe&tzo=-0000&c=c&strg=true&rsd=OpPuJcyN72mzOx00Fnwoyd9zGwK4qoC-2CuOJ9GdGR3bifwmlhWyPUmlUKMjlldkHAYSJBTAE9JrcPK4HqiMf8UzLo7H5CgOyRMPNcSH3cv5fnwEcZrSiG3K40YFL3jOU8BiKsPlV4xFBH5qye4iMiergXF5QwoQo-KSigsMI3s&rsk=15&rcs=wxV5p7UxsEGyd9AXh3HmHw&hbnr=false
Requested by
Host: resources.infolinks.com
URL: https://resources.infolinks.com/js/1789.003-3.025/ice.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9e3eee424592373e4e30bea9fcd924f10fcabfafbbe03b092ecc5d8ff570eab2

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.threatminer.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 22 Mar 2022 14:19:51 GMT
content-encoding
gzip
cf-cache-status
DYNAMIC
server
cloudflare
p3p
CP="NON DSP NID OUR COR"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-language
de-DE
content-type
text/html;charset=UTF-8
cache-control
no-cache,no-store
cf-ray
6eff908c2dcc9978-FRA
x-application-context
application:prod
expires
Thu, 01 Jan 1970 00:00:00 GMT
568111984159760571
tpc.googlesyndication.com/daca_images/simgad/ Frame FCA7
133 KB
133 KB
Image
General
Full URL
https://tpc.googlesyndication.com/daca_images/simgad/568111984159760571
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&h=200&slotname=3926415687&adk=3167179422&adf=3170887745&pi=t.ma~as.3926415687&w=1200&fwrn=4&lmt=1647958790&rafmt=11&psa=0&format=1200x200&url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1647958790505&bpp=1&bdt=391&idt=191&shv=r20220317&mjsv=m202203170101&ptt=9&saldr=aa&abxe=1&prev_fmts=299x250%2C299x600%2C1182x200%2C1200x200%2C1200x200&correlator=1619148827151&frm=20&pv=1&ga_vid=288048568.1647958790&ga_sid=1647958791&ga_hid=1115656681&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=350&ady=2598&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C21066432%2C31065702%2C44760495%2C31063247&oid=2&pvsid=3871871897982972&pem=22&tmod=415969553&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=6&uci=a!6&btvi=2&fsb=1&xpc=BS04Z9cZfB&p=https%3A//www.threatminer.org&dtd=193
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
68f30b9bd309413b1274d8023504d62a9bed9a1333802a314071ecf6acd7580e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Fri, 18 Mar 2022 02:14:35 GMT
x-content-type-options
nosniff
age
389116
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
136096
x-xss-protection
0
last-modified
Wed, 17 Nov 2021 09:22:01 GMT
server
sffe
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Sat, 18 Mar 2023 02:14:35 GMT
abg_lite_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220317/r20110914/ Frame FCA7
19 KB
8 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220317/r20110914/abg_lite_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&h=200&slotname=3926415687&adk=3167179422&adf=3170887745&pi=t.ma~as.3926415687&w=1200&fwrn=4&lmt=1647958790&rafmt=11&psa=0&format=1200x200&url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1647958790505&bpp=1&bdt=391&idt=191&shv=r20220317&mjsv=m202203170101&ptt=9&saldr=aa&abxe=1&prev_fmts=299x250%2C299x600%2C1182x200%2C1200x200%2C1200x200&correlator=1619148827151&frm=20&pv=1&ga_vid=288048568.1647958790&ga_sid=1647958791&ga_hid=1115656681&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=350&ady=2598&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C21066432%2C31065702%2C44760495%2C31063247&oid=2&pvsid=3871871897982972&pem=22&tmod=415969553&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=6&uci=a!6&btvi=2&fsb=1&xpc=BS04Z9cZfB&p=https%3A//www.threatminer.org&dtd=193
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
d072a09604e6a1fea8ef42203503771aa36b63a3c91fd1059966e26e6f5812b3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:12:39 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
432
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7871
x-xss-protection
0
server
cafe
etag
7397949449432438406
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Tue, 05 Apr 2022 14:12:39 GMT
window_focus_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220317/r20110914/client/ Frame FCA7
2 KB
1 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220317/r20110914/client/window_focus_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&h=200&slotname=3926415687&adk=3167179422&adf=3170887745&pi=t.ma~as.3926415687&w=1200&fwrn=4&lmt=1647958790&rafmt=11&psa=0&format=1200x200&url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1647958790505&bpp=1&bdt=391&idt=191&shv=r20220317&mjsv=m202203170101&ptt=9&saldr=aa&abxe=1&prev_fmts=299x250%2C299x600%2C1182x200%2C1200x200%2C1200x200&correlator=1619148827151&frm=20&pv=1&ga_vid=288048568.1647958790&ga_sid=1647958791&ga_hid=1115656681&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=350&ady=2598&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C21066432%2C31065702%2C44760495%2C31063247&oid=2&pvsid=3871871897982972&pem=22&tmod=415969553&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=6&uci=a!6&btvi=2&fsb=1&xpc=BS04Z9cZfB&p=https%3A//www.threatminer.org&dtd=193
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
68026f99511fbc5c2275b7068b5fac19797d638977ffb9db12c5c1523614c18f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 13:52:52 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
1619
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1233
x-xss-protection
0
server
cafe
etag
16517525077337815633
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Tue, 05 Apr 2022 13:52:52 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame FCA7
118 KB
36 KB
Script
General
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&h=200&slotname=3926415687&adk=3167179422&adf=3170887745&pi=t.ma~as.3926415687&w=1200&fwrn=4&lmt=1647958790&rafmt=11&psa=0&format=1200x200&url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1647958790505&bpp=1&bdt=391&idt=191&shv=r20220317&mjsv=m202203170101&ptt=9&saldr=aa&abxe=1&prev_fmts=299x250%2C299x600%2C1182x200%2C1200x200%2C1200x200&correlator=1619148827151&frm=20&pv=1&ga_vid=288048568.1647958790&ga_sid=1647958791&ga_hid=1115656681&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=350&ady=2598&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C21066432%2C31065702%2C44760495%2C31063247&oid=2&pvsid=3871871897982972&pem=22&tmod=415969553&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=6&uci=a!6&btvi=2&fsb=1&xpc=BS04Z9cZfB&p=https%3A//www.threatminer.org&dtd=193
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f74c04529f8d5f9c248eda87caec654de5e5c61dd40e9ac4696b026d2841b131
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:19:51 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
36708
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1647862282720048"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Tue, 22 Mar 2022 14:19:51 GMT
qs_click_protection_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220317/r20110914/client/ Frame FCA7
15 KB
6 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220317/r20110914/client/qs_click_protection_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&h=200&slotname=3926415687&adk=3167179422&adf=3170887745&pi=t.ma~as.3926415687&w=1200&fwrn=4&lmt=1647958790&rafmt=11&psa=0&format=1200x200&url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1647958790505&bpp=1&bdt=391&idt=191&shv=r20220317&mjsv=m202203170101&ptt=9&saldr=aa&abxe=1&prev_fmts=299x250%2C299x600%2C1182x200%2C1200x200%2C1200x200&correlator=1619148827151&frm=20&pv=1&ga_vid=288048568.1647958790&ga_sid=1647958791&ga_hid=1115656681&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=350&ady=2598&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C21066432%2C31065702%2C44760495%2C31063247&oid=2&pvsid=3871871897982972&pem=22&tmod=415969553&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=6&uci=a!6&btvi=2&fsb=1&xpc=BS04Z9cZfB&p=https%3A//www.threatminer.org&dtd=193
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ecc2e585ea072abb205881f3aad6f36e92d556537e7100a8a128ddbc75edb436
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:14:19 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
332
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6407
x-xss-protection
0
server
cafe
etag
6055885685211612390
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Tue, 05 Apr 2022 14:14:19 GMT
details
disqus.com/api/3.0/forums/ Frame C7EA
3 KB
3 KB
XHR
General
Full URL
https://disqus.com/api/3.0/forums/details?forum=threatminer&attach=forumFeatures&api_key=E8Uh5l5fHZ6gD8U3KycjAIAk46f68Zw7C6eW8WSjZvCLXebZ7p0r1yrYDrLilk2F
Requested by
Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.9450cde9dd2c9d366781a8fc5ff6e933.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.0.134 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
c608315f2e0cb3a3a1b13b4a55927548e4784021d3774e596d660ee75c23bef6
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
*/*
Referer
https://disqus.com/embed/comments/?base=default&f=threatminer&t_i=56e008e903a7e3a3b98e19f313435afe&t_u=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe&t_d=56e008e903a7e3a3b98e19f313435afe%20Malware%20Analysis%20Results%20%7C%20ThreatMiner.org&t_t=56e008e903a7e3a3b98e19f313435afe%20Malware%20Analysis%20Results%20%7C%20ThreatMiner.org&s_o=default
X-Requested-With
XMLHttpRequest
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date
Tue, 22 Mar 2022 14:19:51 GMT
X-Content-Type-Options
nosniff
Server
nginx
Age
0
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=300; includeSubdomains
p3p
CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Cross-Origin-Resource-Policy
cross-origin
Connection
keep-alive
Content-Type
application/json
Vary
Origin, Cookie
Content-Length
3047
X-XSS-Protection
1; mode=block
adview
googleads.g.doubleclick.net/pagead/ Frame FCA7
0
0
Fetch
General
Full URL
https://googleads.g.doubleclick.net/pagead/adview?ai=CtFcNBts5YuShLuyi7AO-ho_gDbrWl4to9auIqaYP2tkeEAEg1bOubWCV4pCCoAegAZyv-6gCyAECqAMByAPJBKoE4gFP0MqrilnkywPIIubb4upQBb7ap-4QUpun7rfDllb6hL1MYqlFDxIVyJi5S4pnT2EYkvThZf-Uv-oPpjfifIQ-aCN1QMhPBGg8OQMGUDz1Fy4cQtekhA2kIwnBuwdoX8OQ4xiyWYJPJejYrNuttbzeJ17jcrXKMQULs1CHjTYXg9eU7ECNzwrjj6AIpoOv0I1BEHBttC-skeZ89rd7ETDhDbKmVdpSQ__3l0r2Vk4BYa8o5bliUwKxAapYU2BlkiZ-kCJDlYcbaQufQh-qhciPZjmO-0Ip9SJ_gFeIW0Zq33PhwASP3aK56QOSBQQIBBgBkgUECAUYBKAGAoAHzNCE1wGoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G9gHAfIHBBD48wjSCAkIgOGAEBABGB-ACgHICwHYEw3QFQGYFgGAFwGyFxwKGggAEhRwdWItNTcyMDc2MzI3MTUzMjM3NxgA&sigh=A4kW8di1juQ&uach_m=[UACH]
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&h=200&slotname=3926415687&adk=3167179422&adf=3170887745&pi=t.ma~as.3926415687&w=1200&fwrn=4&lmt=1647958790&rafmt=11&psa=0&format=1200x200&url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1647958790505&bpp=1&bdt=391&idt=191&shv=r20220317&mjsv=m202203170101&ptt=9&saldr=aa&abxe=1&prev_fmts=299x250%2C299x600%2C1182x200%2C1200x200%2C1200x200&correlator=1619148827151&frm=20&pv=1&ga_vid=288048568.1647958790&ga_sid=1647958791&ga_hid=1115656681&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=350&ady=2598&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C21066432%2C31065702%2C44760495%2C31063247&oid=2&pvsid=3871871897982972&pem=22&tmod=415969553&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=6&uci=a!6&btvi=2&fsb=1&xpc=BS04Z9cZfB&p=https%3A//www.threatminer.org&dtd=193
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&h=200&slotname=3926415687&adk=3167179422&adf=3170887745&pi=t.ma~as.3926415687&w=1200&fwrn=4&lmt=1647958790&rafmt=11&psa=0&format=1200x200&url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1647958790505&bpp=1&bdt=391&idt=191&shv=r20220317&mjsv=m202203170101&ptt=9&saldr=aa&abxe=1&prev_fmts=299x250%2C299x600%2C1182x200%2C1200x200%2C1200x200&correlator=1619148827151&frm=20&pv=1&ga_vid=288048568.1647958790&ga_sid=1647958791&ga_hid=1115656681&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=350&ady=2598&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C21066432%2C31065702%2C44760495%2C31063247&oid=2&pvsid=3871871897982972&pem=22&tmod=415969553&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=6&uci=a!6&btvi=2&fsb=1&xpc=BS04Z9cZfB&p=https%3A//www.threatminer.org&dtd=193
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin
*
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
date
Tue, 22 Mar 2022 14:19:51 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Tue, 22 Mar 2022 14:19:51 GMT
one_click_handler_one_afma_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220317/r20110914/client/ Frame FCA7
28 KB
12 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220317/r20110914/client/one_click_handler_one_afma_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&h=200&slotname=3926415687&adk=3167179422&adf=3170887745&pi=t.ma~as.3926415687&w=1200&fwrn=4&lmt=1647958790&rafmt=11&psa=0&format=1200x200&url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1647958790505&bpp=1&bdt=391&idt=191&shv=r20220317&mjsv=m202203170101&ptt=9&saldr=aa&abxe=1&prev_fmts=299x250%2C299x600%2C1182x200%2C1200x200%2C1200x200&correlator=1619148827151&frm=20&pv=1&ga_vid=288048568.1647958790&ga_sid=1647958791&ga_hid=1115656681&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=350&ady=2598&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C21066432%2C31065702%2C44760495%2C31063247&oid=2&pvsid=3871871897982972&pem=22&tmod=415969553&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=6&uci=a!6&btvi=2&fsb=1&xpc=BS04Z9cZfB&p=https%3A//www.threatminer.org&dtd=193
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
b32e2a199c3c9352689ae64546f5d70094b7208f0188067d7f583982f9886ef1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 12:29:21 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
6630
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
11790
x-xss-protection
0
server
cafe
etag
15946466291951677483
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Tue, 05 Apr 2022 12:29:21 GMT
window_focus_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220317/r20110914/client/ Frame 7115
2 KB
1 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220317/r20110914/client/window_focus_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&h=200&slotname=8831273914&adk=3175788880&adf=3735847537&pi=t.ma~as.8831273914&w=1200&fwrn=4&lmt=1647958790&rafmt=11&psa=0&format=1200x200&url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1647958790505&bpp=1&bdt=392&idt=184&shv=r20220317&mjsv=m202203170101&ptt=9&saldr=aa&abxe=1&prev_fmts=299x250%2C299x600%2C1182x200%2C1200x200&correlator=1619148827151&frm=20&pv=1&ga_vid=288048568.1647958790&ga_sid=1647958791&ga_hid=1115656681&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=350&ady=2116&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C21066432%2C31065702%2C44760495%2C31063247&oid=2&pvsid=3871871897982972&pem=22&tmod=415969553&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&btvi=1&fsb=1&xpc=IL1GfCm72f&p=https%3A//www.threatminer.org&dtd=186
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
68026f99511fbc5c2275b7068b5fac19797d638977ffb9db12c5c1523614c18f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 13:52:52 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
1619
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1233
x-xss-protection
0
server
cafe
etag
16517525077337815633
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Tue, 05 Apr 2022 13:52:52 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 7115
118 KB
36 KB
Script
General
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&h=200&slotname=8831273914&adk=3175788880&adf=3735847537&pi=t.ma~as.8831273914&w=1200&fwrn=4&lmt=1647958790&rafmt=11&psa=0&format=1200x200&url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1647958790505&bpp=1&bdt=392&idt=184&shv=r20220317&mjsv=m202203170101&ptt=9&saldr=aa&abxe=1&prev_fmts=299x250%2C299x600%2C1182x200%2C1200x200&correlator=1619148827151&frm=20&pv=1&ga_vid=288048568.1647958790&ga_sid=1647958791&ga_hid=1115656681&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=350&ady=2116&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C21066432%2C31065702%2C44760495%2C31063247&oid=2&pvsid=3871871897982972&pem=22&tmod=415969553&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&btvi=1&fsb=1&xpc=IL1GfCm72f&p=https%3A//www.threatminer.org&dtd=186
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f74c04529f8d5f9c248eda87caec654de5e5c61dd40e9ac4696b026d2841b131
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:19:51 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
36708
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1647862282720048"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Tue, 22 Mar 2022 14:19:51 GMT
qs_click_protection_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220317/r20110914/client/ Frame 7115
15 KB
6 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220317/r20110914/client/qs_click_protection_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&h=200&slotname=8831273914&adk=3175788880&adf=3735847537&pi=t.ma~as.8831273914&w=1200&fwrn=4&lmt=1647958790&rafmt=11&psa=0&format=1200x200&url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1647958790505&bpp=1&bdt=392&idt=184&shv=r20220317&mjsv=m202203170101&ptt=9&saldr=aa&abxe=1&prev_fmts=299x250%2C299x600%2C1182x200%2C1200x200&correlator=1619148827151&frm=20&pv=1&ga_vid=288048568.1647958790&ga_sid=1647958791&ga_hid=1115656681&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=350&ady=2116&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C21066432%2C31065702%2C44760495%2C31063247&oid=2&pvsid=3871871897982972&pem=22&tmod=415969553&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&btvi=1&fsb=1&xpc=IL1GfCm72f&p=https%3A//www.threatminer.org&dtd=186
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ecc2e585ea072abb205881f3aad6f36e92d556537e7100a8a128ddbc75edb436
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:14:19 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
332
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6407
x-xss-protection
0
server
cafe
etag
6055885685211612390
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Tue, 05 Apr 2022 14:14:19 GMT
window_focus_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220317/r20110914/client/ Frame E2E7
2 KB
1 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220317/r20110914/client/window_focus_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&h=200&slotname=6125219520&adk=3585176026&adf=3636535385&pi=t.ma~as.6125219520&w=1200&fwrn=4&lmt=1647958790&rafmt=11&psa=0&format=1200x200&url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1647958790504&bpp=1&bdt=391&idt=174&shv=r20220317&mjsv=m202203170101&ptt=9&saldr=aa&abxe=1&prev_fmts=299x250%2C299x600%2C1182x200&correlator=1619148827151&frm=20&pv=1&ga_vid=288048568.1647958790&ga_sid=1647958791&ga_hid=1115656681&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=350&ady=1139&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C21066432%2C31065702%2C44760495%2C31063247&oid=2&pvsid=3871871897982972&pem=22&tmod=415969553&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&fsb=1&xpc=meEOo6kkQh&p=https%3A//www.threatminer.org&dtd=177
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
68026f99511fbc5c2275b7068b5fac19797d638977ffb9db12c5c1523614c18f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 13:52:52 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
1619
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1233
x-xss-protection
0
server
cafe
etag
16517525077337815633
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Tue, 05 Apr 2022 13:52:52 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame E2E7
118 KB
36 KB
Script
General
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&h=200&slotname=6125219520&adk=3585176026&adf=3636535385&pi=t.ma~as.6125219520&w=1200&fwrn=4&lmt=1647958790&rafmt=11&psa=0&format=1200x200&url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1647958790504&bpp=1&bdt=391&idt=174&shv=r20220317&mjsv=m202203170101&ptt=9&saldr=aa&abxe=1&prev_fmts=299x250%2C299x600%2C1182x200&correlator=1619148827151&frm=20&pv=1&ga_vid=288048568.1647958790&ga_sid=1647958791&ga_hid=1115656681&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=350&ady=1139&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C21066432%2C31065702%2C44760495%2C31063247&oid=2&pvsid=3871871897982972&pem=22&tmod=415969553&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&fsb=1&xpc=meEOo6kkQh&p=https%3A//www.threatminer.org&dtd=177
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f74c04529f8d5f9c248eda87caec654de5e5c61dd40e9ac4696b026d2841b131
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:19:51 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
36708
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1647862282720048"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Tue, 22 Mar 2022 14:19:51 GMT
qs_click_protection_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220317/r20110914/client/ Frame E2E7
15 KB
6 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220317/r20110914/client/qs_click_protection_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&h=200&slotname=6125219520&adk=3585176026&adf=3636535385&pi=t.ma~as.6125219520&w=1200&fwrn=4&lmt=1647958790&rafmt=11&psa=0&format=1200x200&url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1647958790504&bpp=1&bdt=391&idt=174&shv=r20220317&mjsv=m202203170101&ptt=9&saldr=aa&abxe=1&prev_fmts=299x250%2C299x600%2C1182x200&correlator=1619148827151&frm=20&pv=1&ga_vid=288048568.1647958790&ga_sid=1647958791&ga_hid=1115656681&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=350&ady=1139&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C21066432%2C31065702%2C44760495%2C31063247&oid=2&pvsid=3871871897982972&pem=22&tmod=415969553&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&fsb=1&xpc=meEOo6kkQh&p=https%3A//www.threatminer.org&dtd=177
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ecc2e585ea072abb205881f3aad6f36e92d556537e7100a8a128ddbc75edb436
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:14:19 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
332
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6407
x-xss-protection
0
server
cafe
etag
6055885685211612390
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Tue, 05 Apr 2022 14:14:19 GMT
adview
googleads.g.doubleclick.net/pagead/ Frame 7115
0
0
Fetch
General
Full URL
https://googleads.g.doubleclick.net/pagead/adview?ai=C8BiMBts5YrDSLYeoYo6SnvgPyZ7SsVzFspj3cMCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi01NzIwNzYzMjcxNTMyMzc3oAHVttLqA8gBCakCWCz0URRysj6oAwGqBNUBT9BB4pGmsbfb0qAfLieF5AjM6TY9SW6qgSLiAfWzweDKFaToWTCaGUDolPrXYDrObodvb7WZQ8kMHu8OVoIZDr_tLSDPitpIxgt4x39CPsG0y6R2_-Eeqw9Pf14RlX9sHvLDtKuC0rc35Z02y9mMjWfk3wLrirgvNc0zZ3QFC0EzXwI9_U3hK0V6j-epIc4kq-t6-lBzkV4n1euZJWDmfQM6AH3ULA2ApWpASzIj5PPwjroqL6OkLJFFhe-oPoI00bvvhvFDlnijdAuuRrIpO4gChGk2gAbUoIrLpJuoo2ygBiGoB4qYsQKoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAYAKAfoLAggBgAwB0BUBgBcBshcaChgSFHB1Yi01NzIwNzYzMjcxNTMyMzc3GAA&sigh=ZM0G4LoztfE&uach_m=[UACH]&cid=CAQSGwCNIrLM9T0g2JzO8Qc54d5aCFTgReAwtSJGKhgB
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&h=200&slotname=8831273914&adk=3175788880&adf=3735847537&pi=t.ma~as.8831273914&w=1200&fwrn=4&lmt=1647958790&rafmt=11&psa=0&format=1200x200&url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1647958790505&bpp=1&bdt=392&idt=184&shv=r20220317&mjsv=m202203170101&ptt=9&saldr=aa&abxe=1&prev_fmts=299x250%2C299x600%2C1182x200%2C1200x200&correlator=1619148827151&frm=20&pv=1&ga_vid=288048568.1647958790&ga_sid=1647958791&ga_hid=1115656681&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=350&ady=2116&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C21066432%2C31065702%2C44760495%2C31063247&oid=2&pvsid=3871871897982972&pem=22&tmod=415969553&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&btvi=1&fsb=1&xpc=IL1GfCm72f&p=https%3A//www.threatminer.org&dtd=186
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&h=200&slotname=8831273914&adk=3175788880&adf=3735847537&pi=t.ma~as.8831273914&w=1200&fwrn=4&lmt=1647958790&rafmt=11&psa=0&format=1200x200&url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1647958790505&bpp=1&bdt=392&idt=184&shv=r20220317&mjsv=m202203170101&ptt=9&saldr=aa&abxe=1&prev_fmts=299x250%2C299x600%2C1182x200%2C1200x200&correlator=1619148827151&frm=20&pv=1&ga_vid=288048568.1647958790&ga_sid=1647958791&ga_hid=1115656681&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=350&ady=2116&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C21066432%2C31065702%2C44760495%2C31063247&oid=2&pvsid=3871871897982972&pem=22&tmod=415969553&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&btvi=1&fsb=1&xpc=IL1GfCm72f&p=https%3A//www.threatminer.org&dtd=186
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin
*
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
date
Tue, 22 Mar 2022 14:19:51 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
notify
rtb.nl.eu.criteo.com/google/auction/ Frame 7115
0
0
Fetch
General
Full URL
https://rtb.nl.eu.criteo.com/google/auction/notify?profile=14&payload=Uub8EMz6RLAJyAGdg2ICAgAAAM-FMv95S_i820PW8BAG2zliRCyezUFtz_BXCJ8AEg&wp=YjnbBgALaTAKGJQHAAeJDiBb9flhU0ymLIKmhg
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&h=200&slotname=8831273914&adk=3175788880&adf=3735847537&pi=t.ma~as.8831273914&w=1200&fwrn=4&lmt=1647958790&rafmt=11&psa=0&format=1200x200&url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1647958790505&bpp=1&bdt=392&idt=184&shv=r20220317&mjsv=m202203170101&ptt=9&saldr=aa&abxe=1&prev_fmts=299x250%2C299x600%2C1182x200%2C1200x200&correlator=1619148827151&frm=20&pv=1&ga_vid=288048568.1647958790&ga_sid=1647958791&ga_hid=1115656681&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=350&ady=2116&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C21066432%2C31065702%2C44760495%2C31063247&oid=2&pvsid=3871871897982972&pem=22&tmod=415969553&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&btvi=1&fsb=1&xpc=IL1GfCm72f&p=https%3A//www.threatminer.org&dtd=186
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:1::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:19:50 GMT
server
Kestrel
server-processing-duration-in-ticks
227023
content-length
0
strict-transport-security
max-age=31536000; preload;
afr.php
ads.eu.criteo.com/delivery/r/ Frame E41A
212 KB
58 KB
Document
General
Full URL
https://ads.eu.criteo.com/delivery/r/afr.php?z=YjnbBgALaTAKGJQHAAeJDiBb9flhU0ymLIKmhg&u=%7CEqx3jKV1DZW0j%2BXV282WfXB93ji5o7M6qSoYzqwaNP8%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM0j2hknANCpMoZ3wmmJmKy2vlXc6UG1VzF2Kd270zxfYMEBacBPm4uqHZzUD3NyaasmJxrOCYpJSBEMyJexuvWoYoU6__bXTOLSoXbRKYy3jnnSpos5sgv1U4zUYcFxOVlYohPlC1jeVfCXqxkrTcKRdkCxx660Le-h0f_IPSaWN4n1pFQy9RtGsFaQHFPOjz8LXfFKUw1bGWY8nhef7y6IDC4LsplPI0MxbfC4po4XU1ah2rUcCP3MwfpH6fp30R-UpEEueu2wqqYXcF8n3NxDxEO6g9rHjPT9LwQEb9PECc-7QSLyF-gwqdi7D1dztrl2eF5Xauarb9GFE3fsr6xOV0FToP-0N-k5DzuakT6x03wh3fkJMiD5MbCu-mBa4iXdXM7KhupqRVzf1KOo-pQPXef6q7kzGx&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCr0E7Bts5YrDSLYeoYo6SnvgPyZ7SsVzFspj3cMCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi01NzIwNzYzMjcxNTMyMzc3oAHVttLqA8gBCakCWCz0URRysj6oAwGqBNgBT9BB4pGmsbfb0qAfLieF5AjM6TY9SW6qgSLiAfWzweDKFaToWTCaGUDolPrXYDrObodvb7WZQ8kMHu8OVoIZDr_tLSDPitpIxgt4x39CPsG0y6R2_-Eeqw9Pf14RlX9sHvLDtKuC0rc35Z02y9mMjWfk3wLrirgvNc0zZ3QFC0EzXwI9_U3hK0V6j-epIc4kq-t6-lBzkV4n1euZJWDmfQM6AH3ULA2ApWpASzIj5LHyryitoD-3kw1RJj-VmHo9xbFZjN9bFMxrSa1c-awFIw2oAHqJDVpOgAbUoIrLpJuoo2ygBiGoB4qYsQKoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0BHRcEaNeQ2JO_9m1ewhk7AmfGZQ%26client%3Dca-pub-5720763271532377%26adurl%3D
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&h=200&slotname=8831273914&adk=3175788880&adf=3735847537&pi=t.ma~as.8831273914&w=1200&fwrn=4&lmt=1647958790&rafmt=11&psa=0&format=1200x200&url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1647958790505&bpp=1&bdt=392&idt=184&shv=r20220317&mjsv=m202203170101&ptt=9&saldr=aa&abxe=1&prev_fmts=299x250%2C299x600%2C1182x200%2C1200x200&correlator=1619148827151&frm=20&pv=1&ga_vid=288048568.1647958790&ga_sid=1647958791&ga_hid=1115656681&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=350&ady=2116&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C21066432%2C31065702%2C44760495%2C31063247&oid=2&pvsid=3871871897982972&pem=22&tmod=415969553&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&btvi=1&fsb=1&xpc=IL1GfCm72f&p=https%3A//www.threatminer.org&dtd=186
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:1::11 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
13e68e27467c0153e0ccc25ec44b611d871cde24469f22c06b442d6ad9cf0b53
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/

Response headers

date
Tue, 22 Mar 2022 14:19:51 GMT
content-type
text/html
server
Kestrel
cache-control
private, max-age=0, no-cache
pragma
no-cache
expires
Mon, 26 Jul 1997 05:00:00 GMT
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
access-control-max-age
1000
cross-origin-resource-policy
cross-origin
p3p
CP='CUR ADM OUR NOR STA NID'
report-to
{"endpoints":[{"url":"https://csm.eu.criteo.net/heavyad?cppv=3&cpp=QyZeZLOaLfYm41xtdtHc3d9T1s4_HkR7Lf8GDyT9VR7APKyf9zaAl-T8P3dva4t1XC4RFtNP-gUcttVCfZOOx7Dx4atrQK8HSSezzQU3Zu6KM5CxK2sX_D5fx_6dM4xVxz201KoMx_3SEj9Zrp7ju76L2xBAGJ1orBqVrtQhn3f0p_Qs7RM5JtHkXTFQdAJfW4AjfVOTRVbTzdQumrdgAHrwIO9bwSPgUIKZXG2cFZtq85W5fZ82Aj2lnpr60Ly9uIn0tA"}], "max_age": 86400}
link
<pix.eu.criteo.net>; rel=preconnect; crossorigin, <static.criteo.net>; rel=preconnect; crossorigin
server-processing-duration-in-ticks
131252402
strict-transport-security
max-age=31536000; preload;
content-encoding
gzip
vary
Accept-Encoding
adview
googleads.g.doubleclick.net/pagead/ Frame E2E7
0
0
Fetch
General
Full URL
https://googleads.g.doubleclick.net/pagead/adview?ai=Ct7O4Bts5YsnLLtiwYrSRnEjJntKxXMWMi-CaAcCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi01NzIwNzYzMjcxNTMyMzc3oAHVttLqA8gBCakCWCz0URRysj6oAwGqBNYBT9Dqc6f432dl7Jml4Oo6vS0gRzGVHTWGXZ7AFz43ZuhgRHN0Ud2VGLX4IgJ4-Sm7owrZyBunr3-Axwr6AIxzF1oA9rZ0mjWxuofq2cqJXAkhU1To_uIcQuAKfxOOFXxIQdkyzcJd2V6qNbKRvaWpl9jb2KgiBg_TwO-k4eF8bS4uC6F9UWonvLcTK40rlzrvju_pUA949xUNVEbgzkriyG-b9NzUgc3yI0dhkQDczdgNScIaLbrJVOhUAY0QQh5uHXbWNndmYFpalyWWO0ZlBkT200p-6oAG1KCKy6SbqKNsoAYhqAeKmLECqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAGACgH6CwIIAYAMAdAVAYAXAbIXGgoYEhRwdWItNTcyMDc2MzI3MTUzMjM3NxgA&sigh=jnRUBeyjY5M&uach_m=[UACH]&cid=CAQSGwCNIrLMZdMYNCYs8bVRVxxVgi0e6TgSkwIfQhgB
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&h=200&slotname=6125219520&adk=3585176026&adf=3636535385&pi=t.ma~as.6125219520&w=1200&fwrn=4&lmt=1647958790&rafmt=11&psa=0&format=1200x200&url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1647958790504&bpp=1&bdt=391&idt=174&shv=r20220317&mjsv=m202203170101&ptt=9&saldr=aa&abxe=1&prev_fmts=299x250%2C299x600%2C1182x200&correlator=1619148827151&frm=20&pv=1&ga_vid=288048568.1647958790&ga_sid=1647958791&ga_hid=1115656681&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=350&ady=1139&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C21066432%2C31065702%2C44760495%2C31063247&oid=2&pvsid=3871871897982972&pem=22&tmod=415969553&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&fsb=1&xpc=meEOo6kkQh&p=https%3A//www.threatminer.org&dtd=177
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&h=200&slotname=6125219520&adk=3585176026&adf=3636535385&pi=t.ma~as.6125219520&w=1200&fwrn=4&lmt=1647958790&rafmt=11&psa=0&format=1200x200&url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1647958790504&bpp=1&bdt=391&idt=174&shv=r20220317&mjsv=m202203170101&ptt=9&saldr=aa&abxe=1&prev_fmts=299x250%2C299x600%2C1182x200&correlator=1619148827151&frm=20&pv=1&ga_vid=288048568.1647958790&ga_sid=1647958791&ga_hid=1115656681&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=350&ady=1139&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C21066432%2C31065702%2C44760495%2C31063247&oid=2&pvsid=3871871897982972&pem=22&tmod=415969553&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&fsb=1&xpc=meEOo6kkQh&p=https%3A//www.threatminer.org&dtd=177
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin
*
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
date
Tue, 22 Mar 2022 14:19:51 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
notify
rtb.fr.eu.criteo.com/google/auction/ Frame E2E7
0
0
Fetch
General
Full URL
https://rtb.fr.eu.criteo.com/google/auction/notify?profile=14&payload=Uub8EMz6RLAJyAGdg2ICAgAAAGHaW4uhS-fz20PW8BAG2zli48DoqWjV05K4EuAAEg&wp=YjnbBgALpckKGJhYAAcItII2jY6vLgWaMGf5xg
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&h=200&slotname=6125219520&adk=3585176026&adf=3636535385&pi=t.ma~as.6125219520&w=1200&fwrn=4&lmt=1647958790&rafmt=11&psa=0&format=1200x200&url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1647958790504&bpp=1&bdt=391&idt=174&shv=r20220317&mjsv=m202203170101&ptt=9&saldr=aa&abxe=1&prev_fmts=299x250%2C299x600%2C1182x200&correlator=1619148827151&frm=20&pv=1&ga_vid=288048568.1647958790&ga_sid=1647958791&ga_hid=1115656681&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=350&ady=1139&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C21066432%2C31065702%2C44760495%2C31063247&oid=2&pvsid=3871871897982972&pem=22&tmod=415969553&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&fsb=1&xpc=meEOo6kkQh&p=https%3A//www.threatminer.org&dtd=177
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:19:51 GMT
server
Kestrel
server-processing-duration-in-ticks
289965
content-length
0
strict-transport-security
max-age=31536000; preload;
afr.php
ads.eu.criteo.com/delivery/r/ Frame 648B
222 KB
59 KB
Document
General
Full URL
https://ads.eu.criteo.com/delivery/r/afr.php?z=YjnbBgALpckKGJhYAAcItII2jY6vLgWaMGf5xg&u=%7CEqx3jKV1DZUOfrkxdG%2BOU%2BFwN%2Bg8IQv98EAAaGYuegI%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM0j2hknANCpMoZ3wmmJmKy2vlXc6UG1VzF2Kd270zxfZ1qieSPxN3xWOPdW3T4GgFoRdOZYM0vCb57nHrvMljEyIvCs5fbPFCk2Jnmwu9Bx0CYTDsFlw5sVCwgowuIFXhzLF4TIP1GjG8Nyf4vvMXWWXmov0ib8EcLcSaPRspZkmCf9MevEvt23BMWZ9Y4bkOc20QCUEKC6QzWy5nIzMv4Q6au3s0rZx78-zQOVWlpsboorLA0boS3JYDCtmCsZwYCJm4HNgYKzwWV5zqyVvsIilH1Cd6ARi28O76Gejzt68HC2YnQlyYbauKXX35m9vv44ZHdAMx3mzK-Rt12ufJcj1D1YnLRltkgf9ovAPulilcm1r6jIRQ34D8MDDy-tUHLyuEk4c19BNscbe9NaH1LLk4ozTzBY_Bt0o8hTLbU0k&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCnoeJBts5YsnLLtiwYrSRnEjJntKxXMWMi-CaAcCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi01NzIwNzYzMjcxNTMyMzc3oAHVttLqA8gBCakCWCz0URRysj6oAwGqBNkBT9Dqc6f432dl7Jml4Oo6vS0gRzGVHTWGXZ7AFz43ZuhgRHN0Ud2VGLX4IgJ4-Sm7owrZyBunr3-Axwr6AIxzF1oA9rZ0mjWxuofq2cqJXAkhU1To_uIcQuAKfxOOFXxIQdkyzcJd2V6qNbKRvaWpl9jb2KgiBg_TwO-k4eF8bS4uC6F9UWonvLcTK40rlzrvju_pUA949xUNVEbgzkriyG-b9NzUgc3yI0dhkQDczdhPS-OIqjVVR1fIFS7Af7iWFGLcgH1IeNjuXxgwyfl7Klxzec5tVW1uzYAG1KCKy6SbqKNsoAYhqAeKmLECqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_2_Pu_weGdscXD7rHQTj9bSkQpNfg%26client%3Dca-pub-5720763271532377%26adurl%3D
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&h=200&slotname=6125219520&adk=3585176026&adf=3636535385&pi=t.ma~as.6125219520&w=1200&fwrn=4&lmt=1647958790&rafmt=11&psa=0&format=1200x200&url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1647958790504&bpp=1&bdt=391&idt=174&shv=r20220317&mjsv=m202203170101&ptt=9&saldr=aa&abxe=1&prev_fmts=299x250%2C299x600%2C1182x200&correlator=1619148827151&frm=20&pv=1&ga_vid=288048568.1647958790&ga_sid=1647958791&ga_hid=1115656681&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=350&ady=1139&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C21066432%2C31065702%2C44760495%2C31063247&oid=2&pvsid=3871871897982972&pem=22&tmod=415969553&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&fsb=1&xpc=meEOo6kkQh&p=https%3A//www.threatminer.org&dtd=177
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:1::11 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
d3e950f0201ddc55974927feff2c27f2edcfc04bc1cbe8f95d4f30044b75e70c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/

Response headers

date
Tue, 22 Mar 2022 14:19:50 GMT
content-type
text/html
server
Kestrel
cache-control
private, max-age=0, no-cache
pragma
no-cache
expires
Mon, 26 Jul 1997 05:00:00 GMT
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
access-control-max-age
1000
cross-origin-resource-policy
cross-origin
p3p
CP='CUR ADM OUR NOR STA NID'
report-to
{"endpoints":[{"url":"https://csm.eu.criteo.net/heavyad?cppv=3&cpp=FVX9iLOaLfYm41xtE0KTpaaOEaO8pdscZbVTAGkhMDukrsTcNlMhImJkoStKN7oWpwdZ0DYYgnUvocDeePiI8eoclOuqmhcfi3A932Y5pHmxEa-RBKKd6xBqGvoKj8qDpXT2oxRgthN71rdXg3b_jduuCv9sQB6GlFt4eMQ2WfRYjVxz83_YwGiHy_zcTRN6ZzJqqEl-kSEgPNsE17puq3MO_fUA6uJD4olebsQ0XyKTzY8xuZc5wU8lnD9HWJtB-KzeGg"}], "max_age": 86400}
link
<pix.eu.criteo.net>; rel=preconnect; crossorigin, <static.criteo.net>; rel=preconnect; crossorigin
server-processing-duration-in-ticks
171092841
strict-transport-security
max-age=31536000; preload;
content-encoding
gzip
vary
Accept-Encoding
cookie.js
partner.googleadservices.com/gampad/
192 B
208 B
Script
General
Full URL
https://partner.googleadservices.com/gampad/cookie.js?domain=www.threatminer.org&client=google-coop&product=SAS&callback=__sasCookie
Requested by
Host: cse.google.com
URL: https://cse.google.com/adsense/search/async-ads.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.181.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s56-in-f2.1e100.net
Software
cafe /
Resource Hash
7f0c1f19b130d4562fa0a60a6a3b3d2d6d8cbb7048ba045c1c3f3f6579bac7e6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.threatminer.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:19:51 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type
text/javascript; charset=UTF-8
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
186
x-xss-protection
0
ads
cse.google.com/cse_v2/ Frame 2FCE
698 B
411 B
Document
General
Full URL
https://cse.google.com/cse_v2/ads?adsafe=low&pcsa=true&cx=009665096751685288782%3Ao6_z_tmwsge&client=google-coop&q=56e008e903a7e3a3b98e19f313435afe&r=m&hl=en&type=0&oe=UTF-8&ie=UTF-8&fexp=20606%2C17300842%2C17300953%2C17300955&format=p4&ad=p4&nocache=5101647958791233&num=0&output=uds_ads_only&source=gcsc&v=3&bsl=10&pac=0&u_his=2&u_tz=0&dt=1647958791234&u_w=1600&u_h=1200&biw=1600&bih=1200&psw=1600&psh=3840&frm=0&uio=-&qup=1&jsid=csa&jsv=12411&rurl=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe%23gsc.tab%3D0%26gsc.q%3D56e008e903a7e3a3b98e19f313435afe%26gsc.page%3D1
Requested by
Host: cse.google.com
URL: https://cse.google.com/adsense/search/async-ads.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
gws /
Resource Hash
d255ea735df9904ce9d01698cdd7ac82050d30bab88ceb088605bc151bb00d2d
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.threatminer.org/

Response headers

cache-control
private, max-age=3600
content-type
text/html; charset=UTF-8
content-encoding
br
date
Tue, 22 Mar 2022 14:19:51 GMT
server
gws
content-length
392
x-xss-protection
0
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Tue, 22 Mar 2022 14:19:51 GMT
css
fonts.googleapis.com/ Frame 06F3
8 KB
1 KB
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&h=200&slotname=1381165906&adk=2644663765&adf=151644923&pi=t.ma~as.1381165906&w=1182&fwrn=4&lmt=1647958790&rafmt=11&psa=0&format=1182x200&url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1647958790503&bpp=1&bdt=390&idt=168&shv=r20220317&mjsv=m202203170101&ptt=9&saldr=aa&abxe=1&prev_fmts=299x250%2C299x600&correlator=1619148827151&frm=20&pv=1&ga_vid=288048568.1647958790&ga_sid=1647958791&ga_hid=1115656681&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=359&ady=115&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C21066432%2C31065702%2C44760495%2C31063247&oid=2&pvsid=3871871897982972&pem=22&tmod=415969553&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=aLQZDLGjzi&p=https%3A//www.threatminer.org&dtd=170
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
1e046a89bb90f44dadb24f5fdfbe412b5f6d320b790f7317fad956b193234726
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Tue, 22 Mar 2022 13:44:57 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Tue, 22 Mar 2022 14:19:51 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Tue, 22 Mar 2022 14:19:51 GMT
load_preloaded_resource_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220317/r20110914/client/ Frame 06F3
2 KB
904 B
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220317/r20110914/client/load_preloaded_resource_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&h=200&slotname=1381165906&adk=2644663765&adf=151644923&pi=t.ma~as.1381165906&w=1182&fwrn=4&lmt=1647958790&rafmt=11&psa=0&format=1182x200&url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1647958790503&bpp=1&bdt=390&idt=168&shv=r20220317&mjsv=m202203170101&ptt=9&saldr=aa&abxe=1&prev_fmts=299x250%2C299x600&correlator=1619148827151&frm=20&pv=1&ga_vid=288048568.1647958790&ga_sid=1647958791&ga_hid=1115656681&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=359&ady=115&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C21066432%2C31065702%2C44760495%2C31063247&oid=2&pvsid=3871871897982972&pem=22&tmod=415969553&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=aLQZDLGjzi&p=https%3A//www.threatminer.org&dtd=170
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
7a487d46a028c374c609924015d8c7ef6dd28b613a3739aa97ed2080984775bb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 13:53:02 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
1609
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
877
x-xss-protection
0
server
cafe
etag
13035868154101442325
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Tue, 05 Apr 2022 13:53:02 GMT
abg_lite_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220317/r20110914/ Frame 06F3
19 KB
8 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220317/r20110914/abg_lite_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&h=200&slotname=1381165906&adk=2644663765&adf=151644923&pi=t.ma~as.1381165906&w=1182&fwrn=4&lmt=1647958790&rafmt=11&psa=0&format=1182x200&url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1647958790503&bpp=1&bdt=390&idt=168&shv=r20220317&mjsv=m202203170101&ptt=9&saldr=aa&abxe=1&prev_fmts=299x250%2C299x600&correlator=1619148827151&frm=20&pv=1&ga_vid=288048568.1647958790&ga_sid=1647958791&ga_hid=1115656681&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=359&ady=115&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C21066432%2C31065702%2C44760495%2C31063247&oid=2&pvsid=3871871897982972&pem=22&tmod=415969553&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=aLQZDLGjzi&p=https%3A//www.threatminer.org&dtd=170
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
d072a09604e6a1fea8ef42203503771aa36b63a3c91fd1059966e26e6f5812b3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:12:39 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
432
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7871
x-xss-protection
0
server
cafe
etag
7397949449432438406
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Tue, 05 Apr 2022 14:12:39 GMT
window_focus_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220317/r20110914/client/ Frame 06F3
2 KB
1 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220317/r20110914/client/window_focus_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&h=200&slotname=1381165906&adk=2644663765&adf=151644923&pi=t.ma~as.1381165906&w=1182&fwrn=4&lmt=1647958790&rafmt=11&psa=0&format=1182x200&url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1647958790503&bpp=1&bdt=390&idt=168&shv=r20220317&mjsv=m202203170101&ptt=9&saldr=aa&abxe=1&prev_fmts=299x250%2C299x600&correlator=1619148827151&frm=20&pv=1&ga_vid=288048568.1647958790&ga_sid=1647958791&ga_hid=1115656681&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=359&ady=115&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C21066432%2C31065702%2C44760495%2C31063247&oid=2&pvsid=3871871897982972&pem=22&tmod=415969553&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=aLQZDLGjzi&p=https%3A//www.threatminer.org&dtd=170
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
68026f99511fbc5c2275b7068b5fac19797d638977ffb9db12c5c1523614c18f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:07:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
757
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1233
x-xss-protection
0
server
cafe
etag
16517525077337815633
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Tue, 05 Apr 2022 14:07:14 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 06F3
118 KB
36 KB
Script
General
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&h=200&slotname=1381165906&adk=2644663765&adf=151644923&pi=t.ma~as.1381165906&w=1182&fwrn=4&lmt=1647958790&rafmt=11&psa=0&format=1182x200&url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1647958790503&bpp=1&bdt=390&idt=168&shv=r20220317&mjsv=m202203170101&ptt=9&saldr=aa&abxe=1&prev_fmts=299x250%2C299x600&correlator=1619148827151&frm=20&pv=1&ga_vid=288048568.1647958790&ga_sid=1647958791&ga_hid=1115656681&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=359&ady=115&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C21066432%2C31065702%2C44760495%2C31063247&oid=2&pvsid=3871871897982972&pem=22&tmod=415969553&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=aLQZDLGjzi&p=https%3A//www.threatminer.org&dtd=170
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f74c04529f8d5f9c248eda87caec654de5e5c61dd40e9ac4696b026d2841b131
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:19:51 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
36708
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1647862282720048"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Tue, 22 Mar 2022 14:19:51 GMT
qs_click_protection_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220317/r20110914/client/ Frame 06F3
15 KB
6 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220317/r20110914/client/qs_click_protection_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&h=200&slotname=1381165906&adk=2644663765&adf=151644923&pi=t.ma~as.1381165906&w=1182&fwrn=4&lmt=1647958790&rafmt=11&psa=0&format=1182x200&url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1647958790503&bpp=1&bdt=390&idt=168&shv=r20220317&mjsv=m202203170101&ptt=9&saldr=aa&abxe=1&prev_fmts=299x250%2C299x600&correlator=1619148827151&frm=20&pv=1&ga_vid=288048568.1647958790&ga_sid=1647958791&ga_hid=1115656681&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=359&ady=115&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C21066432%2C31065702%2C44760495%2C31063247&oid=2&pvsid=3871871897982972&pem=22&tmod=415969553&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=aLQZDLGjzi&p=https%3A//www.threatminer.org&dtd=170
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ecc2e585ea072abb205881f3aad6f36e92d556537e7100a8a128ddbc75edb436
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:14:19 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
332
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6407
x-xss-protection
0
server
cafe
etag
6055885685211612390
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Tue, 05 Apr 2022 14:14:19 GMT
c5c2d0ec538305d3144caccb9e9ba20c.js
www.gstatic.com/mysidia/ Frame 06F3
28 KB
12 KB
Script
General
Full URL
https://www.gstatic.com/mysidia/c5c2d0ec538305d3144caccb9e9ba20c.js?tag=mysidia_one_click_handler_one_afma_2019
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&h=200&slotname=1381165906&adk=2644663765&adf=151644923&pi=t.ma~as.1381165906&w=1182&fwrn=4&lmt=1647958790&rafmt=11&psa=0&format=1182x200&url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1647958790503&bpp=1&bdt=390&idt=168&shv=r20220317&mjsv=m202203170101&ptt=9&saldr=aa&abxe=1&prev_fmts=299x250%2C299x600&correlator=1619148827151&frm=20&pv=1&ga_vid=288048568.1647958790&ga_sid=1647958791&ga_hid=1115656681&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=359&ady=115&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C21066432%2C31065702%2C44760495%2C31063247&oid=2&pvsid=3871871897982972&pem=22&tmod=415969553&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=aLQZDLGjzi&p=https%3A//www.threatminer.org&dtd=170
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
56b292bab6c777111694aa0bffda487c3108b1e83091ea8471e316272f9d1aff
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Thu, 17 Mar 2022 03:21:20 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
471511
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
11812
x-xss-protection
0
last-modified
Thu, 17 Mar 2022 03:07:09 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="mysidia"
vary
Accept-Encoding
report-to
{"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type
text/javascript
cache-control
public, max-age=7776000
accept-ranges
bytes
expires
Wed, 15 Jun 2022 03:21:20 GMT
window_focus_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220317/r20110914/client/ Frame 0968
2 KB
1 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220317/r20110914/client/window_focus_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&h=250&slotname=4491384285&adk=1382012186&adf=1527761000&pi=t.ma~as.4491384285&w=299&fwrn=4&fwrnh=100&lmt=1647958790&rafmt=3&psa=0&format=299x250&url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe&fwr=0&fwrattr=true&rpe=1&resp_fmts=1&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1647958790499&bpp=3&bdt=386&idt=142&shv=r20220317&mjsv=m202203170101&ptt=9&saldr=aa&abxe=1&correlator=1619148827151&frm=20&pv=2&ga_vid=288048568.1647958790&ga_sid=1647958791&ga_hid=1115656681&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=0&ady=229&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C21066432%2C31065702%2C44760495%2C31063247&oid=2&pvsid=3871871897982972&pem=22&tmod=415969553&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CaeE%7C&abl=CA&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&fsb=1&xpc=Tgnt5hVCpl&p=https%3A//www.threatminer.org&dtd=157
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
68026f99511fbc5c2275b7068b5fac19797d638977ffb9db12c5c1523614c18f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:07:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
757
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1233
x-xss-protection
0
server
cafe
etag
16517525077337815633
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Tue, 05 Apr 2022 14:07:14 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 0968
118 KB
36 KB
Script
General
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&h=250&slotname=4491384285&adk=1382012186&adf=1527761000&pi=t.ma~as.4491384285&w=299&fwrn=4&fwrnh=100&lmt=1647958790&rafmt=3&psa=0&format=299x250&url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe&fwr=0&fwrattr=true&rpe=1&resp_fmts=1&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1647958790499&bpp=3&bdt=386&idt=142&shv=r20220317&mjsv=m202203170101&ptt=9&saldr=aa&abxe=1&correlator=1619148827151&frm=20&pv=2&ga_vid=288048568.1647958790&ga_sid=1647958791&ga_hid=1115656681&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=0&ady=229&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C21066432%2C31065702%2C44760495%2C31063247&oid=2&pvsid=3871871897982972&pem=22&tmod=415969553&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CaeE%7C&abl=CA&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&fsb=1&xpc=Tgnt5hVCpl&p=https%3A//www.threatminer.org&dtd=157
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f74c04529f8d5f9c248eda87caec654de5e5c61dd40e9ac4696b026d2841b131
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:19:51 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
36708
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1647862282720048"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Tue, 22 Mar 2022 14:19:51 GMT
qs_click_protection_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220317/r20110914/client/ Frame 0968
15 KB
6 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220317/r20110914/client/qs_click_protection_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&h=250&slotname=4491384285&adk=1382012186&adf=1527761000&pi=t.ma~as.4491384285&w=299&fwrn=4&fwrnh=100&lmt=1647958790&rafmt=3&psa=0&format=299x250&url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe&fwr=0&fwrattr=true&rpe=1&resp_fmts=1&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1647958790499&bpp=3&bdt=386&idt=142&shv=r20220317&mjsv=m202203170101&ptt=9&saldr=aa&abxe=1&correlator=1619148827151&frm=20&pv=2&ga_vid=288048568.1647958790&ga_sid=1647958791&ga_hid=1115656681&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=0&ady=229&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C21066432%2C31065702%2C44760495%2C31063247&oid=2&pvsid=3871871897982972&pem=22&tmod=415969553&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CaeE%7C&abl=CA&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&fsb=1&xpc=Tgnt5hVCpl&p=https%3A//www.threatminer.org&dtd=157
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ecc2e585ea072abb205881f3aad6f36e92d556537e7100a8a128ddbc75edb436
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:14:19 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
332
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6407
x-xss-protection
0
server
cafe
etag
6055885685211612390
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Tue, 05 Apr 2022 14:14:19 GMT
noavatar92.png
a.disquscdn.com/1646863724/images/ Frame C7EA
2 KB
2 KB
Image
General
Full URL
https://a.disquscdn.com/1646863724/images/noavatar92.png
Requested by
Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=56e008e903a7e3a3b98e19f313435afe
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
199.232.194.49 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
36ef66124133ca33c8b44c487293c3180e5ab681ff3cad3c728ea4f894ec3444
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubdomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://disqus.com/embed/comments/?base=default&f=threatminer&t_i=56e008e903a7e3a3b98e19f313435afe&t_u=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe&t_d=56e008e903a7e3a3b98e19f313435afe%20Malware%20Analysis%20Results%20%7C%20ThreatMiner.org&t_t=56e008e903a7e3a3b98e19f313435afe%20Malware%20Analysis%20Results%20%7C%20ThreatMiner.org&s_o=default
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:19:51 GMT
x-content-type-options
nosniff
last-modified
Fri, 26 Feb 2021 20:50:09 GMT
server
nginx
age
1093887
etag
"60395f01-66c"
strict-transport-security
max-age=300; includeSubdomains
content-type
image/png
x-xss-protection
1; mode=block
cache-control
max-age=2592000
cross-origin-resource-policy
cross-origin
x-amz-cf-pop
FRA50-C1
content-length
1644
x-amz-cf-id
4aC2ax73f9sSGvAdwLplNs-rkt9laxRTnhRQF9PSPmqH3avNOsWvrg==
expires
Fri, 08 Apr 2022 22:28:25 GMT
truncated
/ Frame C7EA
37 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type
image/gif
j5FK-xqV
pbs.twimg.com/card_img/1503869678833311745/ Frame 6ACC
24 KB
24 KB
Image
General
Full URL
https://pbs.twimg.com/card_img/1503869678833311745/j5FK-xqV?format=png&name=800x419
Requested by
Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=56e008e903a7e3a3b98e19f313435afe
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/67A7) /
Resource Hash
f1a5c62afaf2fe49a1885b10bc57bd0b1b14a59d9939bc0c4f9c8f4bad6ab6ef
Security Headers
Name Value
Strict-Transport-Security max-age=631138519
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:19:51 GMT
x-content-type-options
nosniff
age
572559
x-cache
HIT
server-timing
"x-cache;desc= HIT,x-tw-cdn;desc=VZ,edge;dur=3
content-length
24299
x-response-time
248
surrogate-key
card_img card_img/bucket/2 card_img/1503869678833311745
last-modified
Tue, 15 Mar 2022 23:02:06 GMT
server
ECS (frb/67A7)
strict-transport-security
max-age=631138519
x-tw-cdn
VZ, VZ, VZ"
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
max-age=604800, must-revalidate
x-connection-hash
9800fad6bb6344ffe5b35eea87f64a1006f082d5094aa3c6c6b344c448253180
accept-ranges
bytes
timing-allow-origin
https://twitter.com, https://mobile.twitter.com
D6y9Dw7p
pbs.twimg.com/card_img/1503936083049996291/ Frame 6ACC
22 KB
22 KB
Image
General
Full URL
https://pbs.twimg.com/card_img/1503936083049996291/D6y9Dw7p?format=png&name=600x314
Requested by
Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=56e008e903a7e3a3b98e19f313435afe
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/67E2) /
Resource Hash
f6a8ee66594aca8034752c88745d4ab5c134408b2e0413e05477c176b111d0d5
Security Headers
Name Value
Strict-Transport-Security max-age=631138519
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:19:51 GMT
x-content-type-options
nosniff
age
347346
x-cache
HIT
server-timing
"x-cache;desc= HIT,x-tw-cdn;desc=VZ,edge;dur=3
content-length
22774
x-response-time
235
surrogate-key
card_img card_img/bucket/5 card_img/1503936083049996291
last-modified
Wed, 16 Mar 2022 03:25:58 GMT
server
ECS (frb/67E2)
strict-transport-security
max-age=631138519
x-tw-cdn
VZ, VZ, VZ"
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
max-age=604800, must-revalidate
x-connection-hash
1c3f6a5d9ebc80bf701e7319b88f969188330c46220368e20d3b1a85cbef19e0
accept-ranges
bytes
timing-allow-origin
https://twitter.com, https://mobile.twitter.com
U3kEKLCW
pbs.twimg.com/card_img/1506243389796532226/ Frame 6ACC
27 KB
27 KB
Image
General
Full URL
https://pbs.twimg.com/card_img/1506243389796532226/U3kEKLCW?format=png&name=600x314
Requested by
Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=56e008e903a7e3a3b98e19f313435afe
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/6760) /
Resource Hash
106f36a58408c097b1febcc9f0fe8fdf3dc79fb29b120f06e2172dcc1ac0c921
Security Headers
Name Value
Strict-Transport-Security max-age=631138519
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:19:51 GMT
x-content-type-options
nosniff
age
7131
x-cache
HIT
server-timing
"x-cache;desc= HIT,x-tw-cdn;desc=VZ,edge;dur=2
content-length
27527
x-response-time
252
surrogate-key
card_img card_img/bucket/7 card_img/1506243389796532226
last-modified
Tue, 22 Mar 2022 12:14:23 GMT
server
ECS (frb/6760)
strict-transport-security
max-age=631138519
x-tw-cdn
VZ, VZ, VZ"
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
max-age=604800, must-revalidate
x-connection-hash
155fcce919e27dada1474ce94695e91d6675dc9b38efb4e94b6b7588fa12390f
accept-ranges
bytes
timing-allow-origin
https://twitter.com, https://mobile.twitter.com
gXNXeni9
pbs.twimg.com/card_img/1504217905516318724/ Frame 6ACC
46 KB
46 KB
Image
General
Full URL
https://pbs.twimg.com/card_img/1504217905516318724/gXNXeni9?format=jpg&name=600x314
Requested by
Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=56e008e903a7e3a3b98e19f313435afe
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/668A) /
Resource Hash
7be5f63793eef79dfde6edc1d8e29918e831ac49766cdc8f03960efd1550fa74
Security Headers
Name Value
Strict-Transport-Security max-age=631138519
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:19:51 GMT
x-content-type-options
nosniff
age
489128
x-cache
HIT
server-timing
"x-cache;desc= HIT,x-tw-cdn;desc=VZ,edge;dur=2
content-length
46803
x-response-time
262
surrogate-key
card_img card_img/bucket/5 card_img/1504217905516318724
last-modified
Wed, 16 Mar 2022 22:05:50 GMT
server
ECS (frb/668A)
strict-transport-security
max-age=631138519
x-tw-cdn
VZ, VZ, VZ"
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
max-age=604800, must-revalidate
x-connection-hash
42819c73ee507d1d88ac8da4ee93694fe498c5e2dfe41806aba36dda53eea4a3
accept-ranges
bytes
timing-allow-origin
https://twitter.com, https://mobile.twitter.com
1f448.png
abs.twimg.com/emoji/v2/72x72/ Frame 6ACC
422 B
599 B
Image
General
Full URL
https://abs.twimg.com/emoji/v2/72x72/1f448.png
Requested by
Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=56e008e903a7e3a3b98e19f313435afe
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:233:8173:898f:63b3:95c3:79d2 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/8F5D) /
Resource Hash
4dc8736a1f88ba8b83372678be7d33ec790a58f91125c1794c65219d533e891a
Security Headers
Name Value
Strict-Transport-Security max-age=631138519
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:19:51 GMT
x-content-type-options
nosniff
age
20066603
x-ton-expected-size
422
x-cache
HIT
content-length
422
x-response-time
11
surrogate-key
twitter-assets
last-modified
Wed, 21 Feb 2018 22:28:34 GMT
server
ECAcc (frc/8F5D)
etag
"D3w7G3cLTZqaQU3X/K27SA=="
strict-transport-security
max-age=631138519
content-type
image/png
access-control-allow-origin
*
x-connection-hash
83b3b78cc1ee574c20cda106fac3e6e861c7431fb6281763a45ffdaec6140aa6
accept-ranges
bytes
timing-allow-origin
https://twitter.com, https://mobile.twitter.com
expires
Wed, 22 Mar 2023 14:19:51 GMT
0nL79tYP
pbs.twimg.com/card_img/1505046559842467840/ Frame 6ACC
15 KB
15 KB
Image
General
Full URL
https://pbs.twimg.com/card_img/1505046559842467840/0nL79tYP?format=jpg&name=600x314
Requested by
Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=56e008e903a7e3a3b98e19f313435afe
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/67F3) /
Resource Hash
95659b37ed5cee772e87828fe4a9fa0991c41a77d8920cfb2adbdd28be772799
Security Headers
Name Value
Strict-Transport-Security max-age=631138519
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:19:51 GMT
x-content-type-options
nosniff
age
289477
x-cache
HIT
server-timing
"x-cache;desc= HIT,x-tw-cdn;desc=VZ,edge;dur=2
content-length
15312
x-response-time
241
surrogate-key
card_img card_img/bucket/9 card_img/1505046559842467840
last-modified
Sat, 19 Mar 2022 04:58:36 GMT
server
ECS (frb/67F3)
strict-transport-security
max-age=631138519
x-tw-cdn
VZ, VZ, VZ"
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
max-age=604800, must-revalidate
x-connection-hash
ad6de20972c6a774c54464aa7c2822106aacff038b6998790a9f3b2e6cae604f
accept-ranges
bytes
timing-allow-origin
https://twitter.com, https://mobile.twitter.com
rizT9sQe
pbs.twimg.com/card_img/1503738367548211201/ Frame 6ACC
21 KB
21 KB
Image
General
Full URL
https://pbs.twimg.com/card_img/1503738367548211201/rizT9sQe?format=jpg&name=600x314
Requested by
Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=56e008e903a7e3a3b98e19f313435afe
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/675D) /
Resource Hash
268dfb1131e147b12fe728c27f9e8186fa739a25a9ab7d70946d9e8d1d5b597a
Security Headers
Name Value
Strict-Transport-Security max-age=631138519
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:19:51 GMT
x-content-type-options
nosniff
age
604065
x-cache
HIT
server-timing
"x-cache;desc= HIT,x-tw-cdn;desc=VZ,edge;dur=2
content-length
21586
x-response-time
265
surrogate-key
card_img card_img/bucket/5 card_img/1503738367548211201
last-modified
Tue, 15 Mar 2022 14:20:19 GMT
server
ECS (frb/675D)
strict-transport-security
max-age=631138519
x-tw-cdn
VZ, VZ, VZ"
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
max-age=604800, must-revalidate
x-connection-hash
cd9ea3246dbd77fdc928a145b801d8d641be4b0bd6401e017e21ca9ea259e453
accept-ranges
bytes
timing-allow-origin
https://twitter.com, https://mobile.twitter.com
mbx8mGDx
pbs.twimg.com/card_img/1504263718779170823/ Frame 6ACC
26 KB
26 KB
Image
General
Full URL
https://pbs.twimg.com/card_img/1504263718779170823/mbx8mGDx?format=jpg&name=600x314
Requested by
Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=56e008e903a7e3a3b98e19f313435afe
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/6739) /
Resource Hash
edce17cae96873e2cf08323e45f8316b500e4596563b8c69b63e162250038e91
Security Headers
Name Value
Strict-Transport-Security max-age=631138519
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:19:51 GMT
x-content-type-options
nosniff
age
477763
x-cache
HIT
server-timing
"x-cache;desc= HIT,x-tw-cdn;desc=VZ,edge;dur=1
content-length
26818
x-response-time
245
surrogate-key
card_img card_img/bucket/3 card_img/1504263718779170823
last-modified
Thu, 17 Mar 2022 01:07:53 GMT
server
ECS (frb/6739)
strict-transport-security
max-age=631138519
x-tw-cdn
VZ, VZ, VZ"
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
max-age=604800, must-revalidate
x-connection-hash
f1d5cf86a4ac3062e7b4242386206f97bab10c239e623172000bb2d536db5263
accept-ranges
bytes
timing-allow-origin
https://twitter.com, https://mobile.twitter.com
1f602.png
abs.twimg.com/emoji/v2/72x72/ Frame 6ACC
1 KB
1 KB
Image
General
Full URL
https://abs.twimg.com/emoji/v2/72x72/1f602.png
Requested by
Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=56e008e903a7e3a3b98e19f313435afe
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:233:8173:898f:63b3:95c3:79d2 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/8F20) /
Resource Hash
c252a58367211c11d839155e50dc5e98551826c64b8d2e8d6267124c054ceae0
Security Headers
Name Value
Strict-Transport-Security max-age=631138519
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:19:51 GMT
x-content-type-options
nosniff
age
25767596
x-ton-expected-size
1095
x-cache
HIT
content-length
1095
surrogate-key
twitter-assets
last-modified
Wed, 21 Feb 2018 22:30:28 GMT
server
ECAcc (frc/8F20)
etag
"CskKXLmjEnqr5kggS5rnnQ=="
strict-transport-security
max-age=631138519
content-type
image/png
access-control-allow-origin
*
x-connection-hash
7d2b3c02adf5ed28c9fb615762d414a7498ca74999e534a751eab550f53a1c59
accept-ranges
bytes
timing-allow-origin
https://twitter.com, https://mobile.twitter.com
expires
Wed, 22 Mar 2023 14:19:51 GMT
1f918.png
abs.twimg.com/emoji/v2/72x72/ Frame 6ACC
603 B
766 B
Image
General
Full URL
https://abs.twimg.com/emoji/v2/72x72/1f918.png
Requested by
Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=56e008e903a7e3a3b98e19f313435afe
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:233:8173:898f:63b3:95c3:79d2 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/8FD9) /
Resource Hash
13da23e323658067823edcbc9f6033522a57cbe4325eb72470ab93f6c77f5c38
Security Headers
Name Value
Strict-Transport-Security max-age=631138519
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:19:51 GMT
x-content-type-options
nosniff
age
25249470
x-ton-expected-size
603
x-cache
HIT
content-length
603
surrogate-key
twitter-assets
last-modified
Fri, 18 Jan 2019 20:57:56 GMT
server
ECAcc (frc/8FD9)
etag
"SabOq57Qub/blwNeQOJr5w=="
strict-transport-security
max-age=631138519
content-type
image/png
access-control-allow-origin
*
x-connection-hash
d386fa95aae0129ebb5b0d8a4a6fa226689308f114cec040b1dd6bb3532cc078
accept-ranges
bytes
timing-allow-origin
https://twitter.com, https://mobile.twitter.com
expires
Wed, 22 Mar 2023 14:19:51 GMT
1f33b.png
abs.twimg.com/emoji/v2/72x72/ Frame 6ACC
835 B
997 B
Image
General
Full URL
https://abs.twimg.com/emoji/v2/72x72/1f33b.png
Requested by
Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=56e008e903a7e3a3b98e19f313435afe
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:233:8173:898f:63b3:95c3:79d2 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/8EA8) /
Resource Hash
cec65ee7ed23f5724798c193f8570661a789c210836ee2c8cb7dd16aacbcee18
Security Headers
Name Value
Strict-Transport-Security max-age=631138519
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:19:51 GMT
x-content-type-options
nosniff
age
20758712
x-ton-expected-size
835
x-cache
HIT
content-length
835
surrogate-key
twitter-assets
last-modified
Wed, 21 Feb 2018 22:28:29 GMT
server
ECAcc (frc/8EA8)
etag
"PMtdmpls9tAhrdseUWTMCw=="
strict-transport-security
max-age=631138519
content-type
image/png
access-control-allow-origin
*
x-connection-hash
8be433950ad806b4b2bf41942bbd73b9ddfbc85d45105e5ae428a2d0a54ab56c
accept-ranges
bytes
timing-allow-origin
https://twitter.com, https://mobile.twitter.com
expires
Wed, 22 Mar 2023 14:19:51 GMT
jwBQNNui
pbs.twimg.com/card_img/1505224328685633537/ Frame 6ACC
24 KB
25 KB
Image
General
Full URL
https://pbs.twimg.com/card_img/1505224328685633537/jwBQNNui?format=jpg&name=600x314
Requested by
Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=56e008e903a7e3a3b98e19f313435afe
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/668D) /
Resource Hash
558e624c6b2b348a585985d9204bf4c76539d9b66a40f9fb0c6c23d341f5468b
Security Headers
Name Value
Strict-Transport-Security max-age=631138519
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:19:51 GMT
x-content-type-options
nosniff
age
30253
x-cache
HIT
server-timing
"x-cache;desc= HIT,x-tw-cdn;desc=VZ,edge;dur=2
content-length
24904
x-response-time
293
surrogate-key
card_img card_img/bucket/4 card_img/1505224328685633537
last-modified
Sat, 19 Mar 2022 16:45:00 GMT
server
ECS (frb/668D)
strict-transport-security
max-age=631138519
x-tw-cdn
VZ, VZ, VZ"
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
max-age=604800, must-revalidate
x-connection-hash
bbf4510dbfa70b1d1d03eec4a886ba4f93b246388ec36e9d3223db23d27be24f
accept-ranges
bytes
timing-allow-origin
https://twitter.com, https://mobile.twitter.com
583c04eba622323b1bc7d6fda2f57e1e.js
www.gstatic.com/mysidia/ Frame 1B99
9 KB
4 KB
Script
General
Full URL
https://www.gstatic.com/mysidia/583c04eba622323b1bc7d6fda2f57e1e.js?tag=client_fast_engine_2019
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&h=591&slotname=4336667154&adk=296923673&adf=1593494102&pi=t.ma~as.4336667154&w=1182&cr_col=4&cr_row=2&fwrn=2&lmt=1647958790&rafmt=9&psa=0&format=1182x591&url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe&crui=image_stacked&fwr=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1647958790506&bpp=1&bdt=393&idt=194&shv=r20220317&mjsv=m202203170101&ptt=9&saldr=aa&abxe=1&prev_fmts=299x250%2C299x600%2C1182x200%2C1200x200%2C1200x200%2C1200x200&correlator=1619148827151&frm=20&pv=1&ga_vid=288048568.1647958790&ga_sid=1647958791&ga_hid=1115656681&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=359&ady=2953&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C21066432%2C31065702%2C44760495%2C31063247&oid=2&pvsid=3871871897982972&pem=22&tmod=415969553&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=7&uci=a!7&btvi=3&fsb=1&xpc=BzyDBnNSkW&p=https%3A//www.threatminer.org&dtd=197
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
b968113e586107906911e61864086ba097b7b45cf857c0de3c4fd20963a90e61
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Thu, 17 Mar 2022 03:51:01 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
469730
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
3720
x-xss-protection
0
last-modified
Thu, 17 Mar 2022 03:07:09 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="mysidia"
vary
Accept-Encoding
report-to
{"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type
text/javascript
cache-control
public, max-age=7776000
accept-ranges
bytes
expires
Wed, 15 Jun 2022 03:51:01 GMT
css
fonts.googleapis.com/ Frame 1B99
8 KB
782 B
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Open%20Sans%3A400%2C700%7COpen%20Sans%3A300%2C400
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&h=591&slotname=4336667154&adk=296923673&adf=1593494102&pi=t.ma~as.4336667154&w=1182&cr_col=4&cr_row=2&fwrn=2&lmt=1647958790&rafmt=9&psa=0&format=1182x591&url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe&crui=image_stacked&fwr=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1647958790506&bpp=1&bdt=393&idt=194&shv=r20220317&mjsv=m202203170101&ptt=9&saldr=aa&abxe=1&prev_fmts=299x250%2C299x600%2C1182x200%2C1200x200%2C1200x200%2C1200x200&correlator=1619148827151&frm=20&pv=1&ga_vid=288048568.1647958790&ga_sid=1647958791&ga_hid=1115656681&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=359&ady=2953&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C21066432%2C31065702%2C44760495%2C31063247&oid=2&pvsid=3871871897982972&pem=22&tmod=415969553&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=7&uci=a!7&btvi=3&fsb=1&xpc=BzyDBnNSkW&p=https%3A//www.threatminer.org&dtd=197
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
299ea571b2d2696bc505f52435e0b2948e1fc7065a72d2b5a9f438ad18f2c278
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Tue, 22 Mar 2022 12:34:09 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Tue, 22 Mar 2022 14:19:51 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Tue, 22 Mar 2022 14:19:51 GMT
load_preloaded_resource_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220317/r20110914/client/ Frame 1B99
2 KB
904 B
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220317/r20110914/client/load_preloaded_resource_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&h=591&slotname=4336667154&adk=296923673&adf=1593494102&pi=t.ma~as.4336667154&w=1182&cr_col=4&cr_row=2&fwrn=2&lmt=1647958790&rafmt=9&psa=0&format=1182x591&url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe&crui=image_stacked&fwr=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1647958790506&bpp=1&bdt=393&idt=194&shv=r20220317&mjsv=m202203170101&ptt=9&saldr=aa&abxe=1&prev_fmts=299x250%2C299x600%2C1182x200%2C1200x200%2C1200x200%2C1200x200&correlator=1619148827151&frm=20&pv=1&ga_vid=288048568.1647958790&ga_sid=1647958791&ga_hid=1115656681&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=359&ady=2953&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C21066432%2C31065702%2C44760495%2C31063247&oid=2&pvsid=3871871897982972&pem=22&tmod=415969553&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=7&uci=a!7&btvi=3&fsb=1&xpc=BzyDBnNSkW&p=https%3A//www.threatminer.org&dtd=197
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
7a487d46a028c374c609924015d8c7ef6dd28b613a3739aa97ed2080984775bb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 13:53:02 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
1609
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
877
x-xss-protection
0
server
cafe
etag
13035868154101442325
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Tue, 05 Apr 2022 13:53:02 GMT
be0017243d8f81a854c1bded13b7f055.js
www.gstatic.com/mysidia/ Frame 1B99
19 KB
8 KB
Script
General
Full URL
https://www.gstatic.com/mysidia/be0017243d8f81a854c1bded13b7f055.js?tag=exit_2019
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&h=591&slotname=4336667154&adk=296923673&adf=1593494102&pi=t.ma~as.4336667154&w=1182&cr_col=4&cr_row=2&fwrn=2&lmt=1647958790&rafmt=9&psa=0&format=1182x591&url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe&crui=image_stacked&fwr=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1647958790506&bpp=1&bdt=393&idt=194&shv=r20220317&mjsv=m202203170101&ptt=9&saldr=aa&abxe=1&prev_fmts=299x250%2C299x600%2C1182x200%2C1200x200%2C1200x200%2C1200x200&correlator=1619148827151&frm=20&pv=1&ga_vid=288048568.1647958790&ga_sid=1647958791&ga_hid=1115656681&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=359&ady=2953&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C21066432%2C31065702%2C44760495%2C31063247&oid=2&pvsid=3871871897982972&pem=22&tmod=415969553&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=7&uci=a!7&btvi=3&fsb=1&xpc=BzyDBnNSkW&p=https%3A//www.threatminer.org&dtd=197
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
44c4835adccc8a59b074ef388191535b8d7ba76e63bb89e959057a6e81827b31
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Thu, 17 Mar 2022 04:36:11 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
467020
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
8174
x-xss-protection
0
last-modified
Thu, 17 Mar 2022 03:07:09 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="mysidia"
vary
Accept-Encoding
report-to
{"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type
text/javascript
cache-control
public, max-age=7776000
accept-ranges
bytes
expires
Wed, 15 Jun 2022 04:36:11 GMT
abg_lite_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220317/r20110914/ Frame 1B99
19 KB
8 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220317/r20110914/abg_lite_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&h=591&slotname=4336667154&adk=296923673&adf=1593494102&pi=t.ma~as.4336667154&w=1182&cr_col=4&cr_row=2&fwrn=2&lmt=1647958790&rafmt=9&psa=0&format=1182x591&url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe&crui=image_stacked&fwr=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1647958790506&bpp=1&bdt=393&idt=194&shv=r20220317&mjsv=m202203170101&ptt=9&saldr=aa&abxe=1&prev_fmts=299x250%2C299x600%2C1182x200%2C1200x200%2C1200x200%2C1200x200&correlator=1619148827151&frm=20&pv=1&ga_vid=288048568.1647958790&ga_sid=1647958791&ga_hid=1115656681&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=359&ady=2953&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C21066432%2C31065702%2C44760495%2C31063247&oid=2&pvsid=3871871897982972&pem=22&tmod=415969553&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=7&uci=a!7&btvi=3&fsb=1&xpc=BzyDBnNSkW&p=https%3A//www.threatminer.org&dtd=197
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
d072a09604e6a1fea8ef42203503771aa36b63a3c91fd1059966e26e6f5812b3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:12:39 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
432
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7871
x-xss-protection
0
server
cafe
etag
7397949449432438406
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Tue, 05 Apr 2022 14:12:39 GMT
window_focus_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220317/r20110914/client/ Frame 1B99
2 KB
1 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220317/r20110914/client/window_focus_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&h=591&slotname=4336667154&adk=296923673&adf=1593494102&pi=t.ma~as.4336667154&w=1182&cr_col=4&cr_row=2&fwrn=2&lmt=1647958790&rafmt=9&psa=0&format=1182x591&url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe&crui=image_stacked&fwr=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1647958790506&bpp=1&bdt=393&idt=194&shv=r20220317&mjsv=m202203170101&ptt=9&saldr=aa&abxe=1&prev_fmts=299x250%2C299x600%2C1182x200%2C1200x200%2C1200x200%2C1200x200&correlator=1619148827151&frm=20&pv=1&ga_vid=288048568.1647958790&ga_sid=1647958791&ga_hid=1115656681&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=359&ady=2953&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C21066432%2C31065702%2C44760495%2C31063247&oid=2&pvsid=3871871897982972&pem=22&tmod=415969553&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=7&uci=a!7&btvi=3&fsb=1&xpc=BzyDBnNSkW&p=https%3A//www.threatminer.org&dtd=197
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
68026f99511fbc5c2275b7068b5fac19797d638977ffb9db12c5c1523614c18f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:07:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
757
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1233
x-xss-protection
0
server
cafe
etag
16517525077337815633
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Tue, 05 Apr 2022 14:07:14 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 1B99
118 KB
36 KB
Script
General
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&h=591&slotname=4336667154&adk=296923673&adf=1593494102&pi=t.ma~as.4336667154&w=1182&cr_col=4&cr_row=2&fwrn=2&lmt=1647958790&rafmt=9&psa=0&format=1182x591&url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe&crui=image_stacked&fwr=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1647958790506&bpp=1&bdt=393&idt=194&shv=r20220317&mjsv=m202203170101&ptt=9&saldr=aa&abxe=1&prev_fmts=299x250%2C299x600%2C1182x200%2C1200x200%2C1200x200%2C1200x200&correlator=1619148827151&frm=20&pv=1&ga_vid=288048568.1647958790&ga_sid=1647958791&ga_hid=1115656681&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=359&ady=2953&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C21066432%2C31065702%2C44760495%2C31063247&oid=2&pvsid=3871871897982972&pem=22&tmod=415969553&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=7&uci=a!7&btvi=3&fsb=1&xpc=BzyDBnNSkW&p=https%3A//www.threatminer.org&dtd=197
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f74c04529f8d5f9c248eda87caec654de5e5c61dd40e9ac4696b026d2841b131
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:19:51 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
36708
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1647862282720048"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Tue, 22 Mar 2022 14:19:51 GMT
qs_click_protection_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220317/r20110914/client/ Frame 1B99
15 KB
6 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220317/r20110914/client/qs_click_protection_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&h=591&slotname=4336667154&adk=296923673&adf=1593494102&pi=t.ma~as.4336667154&w=1182&cr_col=4&cr_row=2&fwrn=2&lmt=1647958790&rafmt=9&psa=0&format=1182x591&url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe&crui=image_stacked&fwr=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1647958790506&bpp=1&bdt=393&idt=194&shv=r20220317&mjsv=m202203170101&ptt=9&saldr=aa&abxe=1&prev_fmts=299x250%2C299x600%2C1182x200%2C1200x200%2C1200x200%2C1200x200&correlator=1619148827151&frm=20&pv=1&ga_vid=288048568.1647958790&ga_sid=1647958791&ga_hid=1115656681&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=359&ady=2953&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C21066432%2C31065702%2C44760495%2C31063247&oid=2&pvsid=3871871897982972&pem=22&tmod=415969553&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=7&uci=a!7&btvi=3&fsb=1&xpc=BzyDBnNSkW&p=https%3A//www.threatminer.org&dtd=197
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ecc2e585ea072abb205881f3aad6f36e92d556537e7100a8a128ddbc75edb436
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:14:19 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
332
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6407
x-xss-protection
0
server
cafe
etag
6055885685211612390
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Tue, 05 Apr 2022 14:14:19 GMT
adview
googleads.g.doubleclick.net/pagead/ Frame 06F3
0
0
Fetch
General
Full URL
https://googleads.g.doubleclick.net/pagead/adview?ai=CzXx8Bts5Yt7YLeyi7AO-ho_gDd63vK5n7P3I6IsP4ses7vQIEAEg1bOubWCV4pCCoAegAYv23YsCyAEJqQLL5yCrq22yPqgDAcgDywSqBPkBT9CiPB_ClnNpk2dE3lD_MRf3oXhYljDud2rIlR3NwsG6HVywVtgk-pIaYWcjo9oAKfb6kys0cIF5lk6nQtvVk49zKRzWKcIalfKPP6eU537tHCumhIIbLF55UGjGjBXW-GYCpFxNlBz6DY9RwtsWKD6XpG1y9hz3kC9YgziAcoX9TEp71KMKAw37pshY1vgfccSko6wShAip894qp3cgvt0ocixQRV6_eYp-AW3M_rda5ijJ0KqNKrrsBso1CkuxPtQtlZ_OM21Q2l8WRErB19mAuu7eW6xE7WQaLQqoT8LIwuzh5oB96dYK9U36d_nOA48VE1NRAxBAwAT9jO_8vAOSBQQIBBgBkgUECAUYBKAGLoAH3Ymi9AGoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G9gHAPIHBBCPsRTSCAkIgOGAEBABGB-ACgHICwG4E4gE2BMK0BUBgBcBshccChoIABIUcHViLTU3MjA3NjMyNzE1MzIzNzcYAA&sigh=-Q-GTUzw9Ek&uach_m=[UACH]&template_id=520
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&h=200&slotname=1381165906&adk=2644663765&adf=151644923&pi=t.ma~as.1381165906&w=1182&fwrn=4&lmt=1647958790&rafmt=11&psa=0&format=1182x200&url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1647958790503&bpp=1&bdt=390&idt=168&shv=r20220317&mjsv=m202203170101&ptt=9&saldr=aa&abxe=1&prev_fmts=299x250%2C299x600&correlator=1619148827151&frm=20&pv=1&ga_vid=288048568.1647958790&ga_sid=1647958791&ga_hid=1115656681&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=359&ady=115&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C21066432%2C31065702%2C44760495%2C31063247&oid=2&pvsid=3871871897982972&pem=22&tmod=415969553&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=aLQZDLGjzi&p=https%3A//www.threatminer.org&dtd=170
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&h=200&slotname=1381165906&adk=2644663765&adf=151644923&pi=t.ma~as.1381165906&w=1182&fwrn=4&lmt=1647958790&rafmt=11&psa=0&format=1182x200&url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1647958790503&bpp=1&bdt=390&idt=168&shv=r20220317&mjsv=m202203170101&ptt=9&saldr=aa&abxe=1&prev_fmts=299x250%2C299x600&correlator=1619148827151&frm=20&pv=1&ga_vid=288048568.1647958790&ga_sid=1647958791&ga_hid=1115656681&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=359&ady=115&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C21066432%2C31065702%2C44760495%2C31063247&oid=2&pvsid=3871871897982972&pem=22&tmod=415969553&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=aLQZDLGjzi&p=https%3A//www.threatminer.org&dtd=170
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin
*
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
date
Tue, 22 Mar 2022 14:19:51 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
adview
googleads.g.doubleclick.net/pagead/ Frame 0968
0
0
Fetch
General
Full URL
https://googleads.g.doubleclick.net/pagead/adview?ai=COl3TBts5YtTJLMqM7_UPgZyCqAvJntKxXL2Ol_dwwI23ARABIABgleKQgqAHggEXY2EtcHViLTU3MjA3NjMyNzE1MzIzNzegAdW20uoDyAEJqQLL5yCrq22yPqgDAaoE0wFP0BUCmFBu3XLj-qSG5nNj5RTgTDVKgCPHv7Gxfy2CW257-dm0yM98bVy70zhEWC7Gyc_mwqhqjJ-xmVIWWeyTgzXvzIv8z6ZEsenllbmK4OLCCrtpwTmjHYfjw2bt_OC76jPtD7uiWALa86WSrd3BfhzxR0RgLfbGf_Xe3AJ75pYFUAlkfWbkUo7oXBd0yEKQm8LmYp-wk7wlrwztS8SKFOUkOznr_Efftkyf1BD42_r7pCV1qVNbkTiI7gx8tFpwTiWQoNlP_EX4C_rNZ4Gz3jRwgAbUoIrLpJuoo2ygBiGoB4qYsQKoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAYAKAfoLAggBgAwB0BUBgBcBshcaChgSFHB1Yi01NzIwNzYzMjcxNTMyMzc3GAA&sigh=NSHsnxrSsGI&uach_m=[UACH]&cid=CAQSGwCNIrLMEjDBOe4R-9BAErXJXEkMx0_C7LWRsRgB
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&h=250&slotname=4491384285&adk=1382012186&adf=1527761000&pi=t.ma~as.4491384285&w=299&fwrn=4&fwrnh=100&lmt=1647958790&rafmt=3&psa=0&format=299x250&url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe&fwr=0&fwrattr=true&rpe=1&resp_fmts=1&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1647958790499&bpp=3&bdt=386&idt=142&shv=r20220317&mjsv=m202203170101&ptt=9&saldr=aa&abxe=1&correlator=1619148827151&frm=20&pv=2&ga_vid=288048568.1647958790&ga_sid=1647958791&ga_hid=1115656681&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=0&ady=229&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C21066432%2C31065702%2C44760495%2C31063247&oid=2&pvsid=3871871897982972&pem=22&tmod=415969553&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CaeE%7C&abl=CA&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&fsb=1&xpc=Tgnt5hVCpl&p=https%3A//www.threatminer.org&dtd=157
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&h=250&slotname=4491384285&adk=1382012186&adf=1527761000&pi=t.ma~as.4491384285&w=299&fwrn=4&fwrnh=100&lmt=1647958790&rafmt=3&psa=0&format=299x250&url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe&fwr=0&fwrattr=true&rpe=1&resp_fmts=1&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1647958790499&bpp=3&bdt=386&idt=142&shv=r20220317&mjsv=m202203170101&ptt=9&saldr=aa&abxe=1&correlator=1619148827151&frm=20&pv=2&ga_vid=288048568.1647958790&ga_sid=1647958791&ga_hid=1115656681&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=0&ady=229&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C21066432%2C31065702%2C44760495%2C31063247&oid=2&pvsid=3871871897982972&pem=22&tmod=415969553&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CaeE%7C&abl=CA&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&fsb=1&xpc=Tgnt5hVCpl&p=https%3A//www.threatminer.org&dtd=157
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin
*
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
date
Tue, 22 Mar 2022 14:19:51 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
notify
rtb.fr.eu.criteo.com/google/auction/ Frame 0968
0
0
Fetch
General
Full URL
https://rtb.fr.eu.criteo.com/google/auction/notify?profile=14&payload=Uub8EMz6RKsC-gGdg2ICAgAAAGiZrHMtyRwA20PW8BAG2zliOqNF70P99Z1K67wAEg&wp=YjnbBgALJNQIu8ZKAACOAR93n3iKa0OY_VSalw
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&h=250&slotname=4491384285&adk=1382012186&adf=1527761000&pi=t.ma~as.4491384285&w=299&fwrn=4&fwrnh=100&lmt=1647958790&rafmt=3&psa=0&format=299x250&url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe&fwr=0&fwrattr=true&rpe=1&resp_fmts=1&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1647958790499&bpp=3&bdt=386&idt=142&shv=r20220317&mjsv=m202203170101&ptt=9&saldr=aa&abxe=1&correlator=1619148827151&frm=20&pv=2&ga_vid=288048568.1647958790&ga_sid=1647958791&ga_hid=1115656681&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=0&ady=229&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C21066432%2C31065702%2C44760495%2C31063247&oid=2&pvsid=3871871897982972&pem=22&tmod=415969553&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CaeE%7C&abl=CA&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&fsb=1&xpc=Tgnt5hVCpl&p=https%3A//www.threatminer.org&dtd=157
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:19:50 GMT
server
Kestrel
server-processing-duration-in-ticks
209601
content-length
0
strict-transport-security
max-age=31536000; preload;
afr.php
ads.eu.criteo.com/delivery/r/ Frame 24A7
163 KB
52 KB
Document
General
Full URL
https://ads.eu.criteo.com/delivery/r/afr.php?z=YjnbBgALJNQIu8ZKAACOAR93n3iKa0OY_VSalw&u=%7CEqx3jKV1DZXJNqL%2FvmTofLMhp4jJnXGjxAPA4gjvkrc%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM0j2hknANCpMoZ3wmmJmKy__U_jolI7iL-L4oo_FnJwhiD6XEKNVdGPbb-6J8D005IDm9Rql_SVJGy9NVdCAfiWII0YZM3VSSfF4RZOXBcp4xRDprOO4fbJpclnaPC-RTWwsQ7G7XiDgHbICEQxcjlMOmjG_Z_XKXolG-gcOr47qM6mQv-5KkQmuYwE7P6nmsoyDUH-zAbgl-nVrnWvtIFTxwYsxV5mY8nrt-NgOJPYfqHr3ss2q9Fze9x2eRN3wEHmcTjwhFJD9u9TjMZmFPrU_jZYRwcvNQv1fKRM70qu9wZGYbThHREvFm2iGI2CKe7TR-eRiml2xoJwQXkgmLlnbC1XgTFGjNFO1y14Qlvrqxj-RJ-Bsu-8mgq0IwCf1fO8tndQIWkK7Nmw09I0YbgftwT7VZRNVb&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCEuvkBts5YtTJLMqM7_UPgZyCqAvJntKxXL2Ol_dwwI23ARABIABgleKQgqAHggEXY2EtcHViLTU3MjA3NjMyNzE1MzIzNzegAdW20uoDyAEJqQLL5yCrq22yPqgDAaoE1gFP0BUCmFBu3XLj-qSG5nNj5RTgTDVKgCPHv7Gxfy2CW257-dm0yM98bVy70zhEWC7Gyc_mwqhqjJ-xmVIWWeyTgzXvzIv8z6ZEsenllbmK4OLCCrtpwTmjHYfjw2bt_OC76jPtD7uiWALa86WSrd3BfhzxR0RgLfbGf_Xe3AJ75pYFUAlkfWbkUo7oXBd0yEKQm8LmYp-wk7wlrwztS8SKFOUkOznr_Efftkyf1FL6-mh8K7lmFs9PMui1SPR1oFDGRAuIIm2HweMKtOThfwQZWifP26w3gAbUoIrLpJuoo2ygBiGoB4qYsQKoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_1eKWicQTeBrxt2UvIc0uNQ3ABpMQ%26client%3Dca-pub-5720763271532377%26adurl%3D
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&h=250&slotname=4491384285&adk=1382012186&adf=1527761000&pi=t.ma~as.4491384285&w=299&fwrn=4&fwrnh=100&lmt=1647958790&rafmt=3&psa=0&format=299x250&url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe&fwr=0&fwrattr=true&rpe=1&resp_fmts=1&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1647958790499&bpp=3&bdt=386&idt=142&shv=r20220317&mjsv=m202203170101&ptt=9&saldr=aa&abxe=1&correlator=1619148827151&frm=20&pv=2&ga_vid=288048568.1647958790&ga_sid=1647958791&ga_hid=1115656681&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=0&ady=229&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C21066432%2C31065702%2C44760495%2C31063247&oid=2&pvsid=3871871897982972&pem=22&tmod=415969553&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CaeE%7C&abl=CA&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&fsb=1&xpc=Tgnt5hVCpl&p=https%3A//www.threatminer.org&dtd=157
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:1::11 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
5f927aafbd390915d4b143333d53ec5e5c70cb14b33e1f39bae3555ee6be1685
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/

Response headers

date
Tue, 22 Mar 2022 14:19:51 GMT
content-type
text/html
server
Kestrel
cache-control
private, max-age=0, no-cache
pragma
no-cache
expires
Mon, 26 Jul 1997 05:00:00 GMT
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
access-control-max-age
1000
cross-origin-resource-policy
cross-origin
p3p
CP='CUR ADM OUR NOR STA NID'
report-to
{"endpoints":[{"url":"https://csm.eu.criteo.net/heavyad?cppv=3&cpp=iSUpgbOaLfYm41xtKn4rE-uEcEmSPUnxt4dAjIBpWcmJsmD8nLSkSy-rbM0GfgIQKFfUpkhLiFYYvR_aVt2HTCXv6RrAVBNbRZRGV7GXGm5jIqmBeLLrM9CjvL5KzRjj586KcBMlvrZKcPTDuutuwMCsdmwa5j1KVaByj2m5E5C3J5XJsPUWqDuW4fIzpn1QoD30d2-tyGdrCnf-RPjAimNEinQBIUiYj78t-lGZMI4pT4dsLu_e3SDjDH4ERFaL1XGq4Q"}], "max_age": 86400}
link
<pix.eu.criteo.net>; rel=preconnect; crossorigin, <static.criteo.net>; rel=preconnect; crossorigin
server-processing-duration-in-ticks
117721712
strict-transport-security
max-age=31536000; preload;
content-encoding
gzip
vary
Accept-Encoding
cta-component.20220319-2-RELEASE.es6.js
cdn.taboola.com/libtrc/ Frame 548E
17 KB
5 KB
Script
General
Full URL
https://cdn.taboola.com/libtrc/cta-component.20220319-2-RELEASE.es6.js
Requested by
Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/disqus-widget-safetylevel20longtail09/loader.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
0d59fe84b6f62a4dae19c39889a0c4da2f2ab5f6d11bdbb1069d5bd6ed17bd32

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.threatminer.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-amz-version-id
GNKq87kFi64YwnImZHHqULF7dBYmvRFj
content-encoding
gzip
etag
"607fe8d113984a1a4f027197d92f8bcd"
age
0
x-cache
HIT
x-amz-replication-status
PENDING
content-length
4969
x-amz-id-2
cUZeDuJ6VFhz1z+TWDOctAVcOaJyHIu7WjWpQuqSXO3VDvWw3aB0AEoSKC2/++qeMY/QNHDyS80=
x-served-by
cache-hhn4027-HHN
last-modified
Sun, 20 Mar 2022 12:44:32 GMT
server
AmazonS3
x-timer
S1647958791.349749,VS0,VE1
date
Tue, 22 Mar 2022 14:19:51 GMT
vary
Accept-Encoding
x-amz-request-id
31SXD5C74NC96WWP
via
1.1 varnish
cache-control
private,max-age=14400
accept-ranges
bytes
content-type
application/javascript; charset=utf-8
abp
19
x-cache-hits
1
tb
15.taboola.com/ Frame 548E
4 KB
4 KB
XHR
General
Full URL
https://15.taboola.com/tb?oid=15&pubnm=disqus-widget-safetylevel20longtail09&unitType=226&tbloc=&pageType=text&pstn=%7B%22domain%22%3A%20%22https%3A%2F%2Fwww.threatminer.org%22%2C%20%22experiment%22%3A%20%22network_default%22%2C%20%22position%22%3A%20%22bottom%22%2C%20%22shortname%22%3A%20%22threatminer%22%2C%20%22variant%22%3A%20%22fallthrough%22%7D&uuip=&cisrf=https%3A%2F%2Fwww.threatminer.org%2F&cirf=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe&encoded=1&uid=3d096272-be93-45f5-80ec-523e23651b93-tuct9336086&variant=-100|478542&callback=TRC.videoTagCallbacks.videoCallback1&cb=1647958791350&tagid=&cntry=DE&platform=1&sesid=846cdb928307a530268cf84e1e7c12f1&itemid=/sample.php&viewid=1647958790916&geolat=&geoing=&deviceifa=&appid=&sd=v2_846cdb928307a530268cf84e1e7c12f1_3d096272-be93-45f5-80ec-523e23651b93-tuct9336086_1647958790_1647958790_CIi3jgYQktQ_GISm_o_7LyABKAEwODib4wlAiIoQSKW02QNQouwQWABgAGjb_5X0ga2ul6YBcAA&ri=48f71ecfb628d2a207a12c529c8db44f&appname=&cdb=&gdprApplies=true&rid=&sii=2055554289249226850&oee=true&tpubid=1042962&uis=2&fagg=1&ccpaDns=false&ccpaPrivacy=&region=NW&hasGDPRConsent=true&tcfVersion=&cmpStatus=&tnetid=1003147&prcnt=&layer=&normp=1
Requested by
Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20220319-2-RELEASE.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
00d8a7baf470f53edf147b35b3642edbffb15548bd353869d2bcfddff5b18147

Request headers

Referer
https://www.threatminer.org/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type
text/plain

Response headers

date
Tue, 22 Mar 2022 14:19:51 GMT
content-encoding
gzip
access-control-allow-origin
https://www.threatminer.org
machineid
1443
x-cache
MISS
xvid-debug
mrmr - :
x-served-by
cache-hhn4027-HHN
pragma
no-cache
server
nginx
x-timer
S1647958791.362451,VS0,VE11
vary
Accept-Encoding
content-type
text/html;charset=ISO-8859-1
via
1.1 varnish
expires
Sat, 26 Jul 1997 05:00:00 GMT
cache-control
no-cache,must-revalidate,no-store,max-age=0,s-maxage=0
access-control-allow-credentials
true
accept-ranges
bytes
link
<https://am-wf.taboola.com>; rel=preconnect
x-cache-hits
0
userx.20220319-2-RELEASE.es6.js
cdn.taboola.com/libtrc/ Frame 548E
17 KB
6 KB
Script
General
Full URL
https://cdn.taboola.com/libtrc/userx.20220319-2-RELEASE.es6.js
Requested by
Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/disqus-widget-safetylevel20longtail09/loader.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
1ed4c8a8cbe31d3903b2903265b1b5df60688fb01475d5097e9bb942df8e078b

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.threatminer.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-amz-version-id
n_pX6m1LUS0lkBZBEkRVgQcwtqg9PnE6
content-encoding
gzip
etag
"dd0f879c1435bf9eb579c7ad2dc4d0b1"
age
12
x-cache
HIT
x-amz-replication-status
PENDING
content-length
5398
x-amz-id-2
JBvgXsJiShLURWcpVCL/jOyuB65dZJE4NOZ6sU0N9P40deUKCUhNb96gUNCEb8twuBykl+Creac=
x-served-by
cache-hhn4027-HHN
last-modified
Sun, 20 Mar 2022 12:41:02 GMT
server
AmazonS3
x-timer
S1647958791.362295,VS0,VE0
date
Tue, 22 Mar 2022 14:19:51 GMT
vary
Accept-Encoding
x-amz-request-id
VJ0Q3GEHWTRBK48B
via
1.1 varnish
cache-control
private,max-age=14400
accept-ranges
bytes
content-type
application/javascript; charset=utf-8
abp
19
x-cache-hits
6
alfie_v4.63f1ab6d6b9d5807dc0c94ef3fe0b851.js
c.disquscdn.com/next/embed/
78 KB
27 KB
Script
General
Full URL
https://c.disquscdn.com/next/embed/alfie_v4.63f1ab6d6b9d5807dc0c94ef3fe0b851.js
Requested by
Host: threatminer.disqus.com
URL: https://threatminer.disqus.com/embed.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2057:8600:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
9efb3d5e1b082a66bd94908b42afb4cf6fe0e8eb8f50b8d2a18f6a5da03e6a18
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.threatminer.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 05 May 2021 15:25:30 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
27730461
x-cache
Hit from cloudfront
content-length
26578
x-xss-protection
1; mode=block
x-served-by
static-web-2
access-control-allow-origin
*
surrogate-key
next
last-modified
Wed, 28 Apr 2021 21:48:08 GMT
server
nginx
etag
"6089d818-67d2"
content-type
application/javascript; charset=utf-8
via
1.1 25c6baf0a31a5ef699c1e219b25ce7b8.cloudfront.net (CloudFront)
expires
Thu, 05 May 2022 15:25:30 GMT
cache-control
max-age=31536000, public, immutable, no-transform
x-amz-cf-pop
FRA6-C1
timing-allow-origin
*
x-amz-cf-id
d2ITxnwsSlgYWGqh0BuH5TKpfvvH9l6Do0jEcnXwZOdnctSCfDDjug==
x-cache-hits
0
timeline.2fcb295ab98c2ce26f4cca0d2b2d0f48.light.ltr.css
platform.twitter.com/css/ Frame 6ACC
53 KB
12 KB
Stylesheet
General
Full URL
https://platform.twitter.com/css/timeline.2fcb295ab98c2ce26f4cca0d2b2d0f48.light.ltr.css
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/6796) /
Resource Hash
8a322ede0b619b9051fccbe2a1a31f402f416d45f92c245aafcbe75e42f6f2b2

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date
Tue, 22 Mar 2022 14:19:51 GMT
Content-Encoding
gzip
Age
575054
X-Cache
HIT
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing
"x-cache;desc= HIT,x-tw-cdn;desc=",edge;dur=1
Content-Length
12144
x-tw-cdn
VZ
Last-Modified
Wed, 16 Feb 2022 18:36:21 GMT
Server
ECS (frb/6796)
Etag
"fb5a989a2b36d6be5344baad6a1936fd+gzip"
Vary
Accept-Encoding
Access-Control-Allow-Methods
GET
Content-Type
text/css; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=315360000
timeline.2fcb295ab98c2ce26f4cca0d2b2d0f48.light.ltr.css
platform.twitter.com/css/
53 KB
53 KB
Image
General
Full URL
https://platform.twitter.com/css/timeline.2fcb295ab98c2ce26f4cca0d2b2d0f48.light.ltr.css
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/6796) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.threatminer.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date
Tue, 22 Mar 2022 14:19:51 GMT
Content-Encoding
gzip
Age
575054
X-Cache
HIT
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing
"x-cache;desc= HIT,x-tw-cdn;desc=",edge;dur=1
Content-Length
12144
x-tw-cdn
VZ
Last-Modified
Wed, 16 Feb 2022 18:36:21 GMT
Server
ECS (frb/6796)
Etag
"fb5a989a2b36d6be5344baad6a1936fd+gzip"
Vary
Accept-Encoding
Access-Control-Allow-Methods
GET
Content-Type
text/css; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=315360000
svg-sprite.4da5413f5086c5755b46094b813dbfcd.svg
c.disquscdn.com/next/embed/assets/img/ Frame C7EA
13 KB
13 KB
Image
General
Full URL
https://c.disquscdn.com/next/embed/assets/img/svg-sprite.4da5413f5086c5755b46094b813dbfcd.svg
Requested by
Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/styles/lounge.63860eb743c7d9d2adf0fa435788abe7.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2057:8600:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
3270642c89180c12db93775e2a774b6dadd9bd98cffc963075c85afd2c17b6e4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://c.disquscdn.com/next/embed/styles/lounge.63860eb743c7d9d2adf0fa435788abe7.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 28 Apr 2021 14:37:41 GMT
via
1.1 25c6baf0a31a5ef699c1e219b25ce7b8.cloudfront.net (CloudFront)
x-content-type-options
nosniff
age
28338130
x-cache
Hit from cloudfront
content-length
13079
x-xss-protection
1; mode=block
x-served-by
static-web-1
surrogate-key
next
last-modified
Tue, 27 Apr 2021 21:01:56 GMT
server
nginx
etag
"60887bc4-3317"
content-type
image/svg+xml; charset=utf-8
access-control-allow-origin
*
expires
Thu, 28 Apr 2022 14:37:41 GMT
cache-control
max-age=31536000, public, immutable, no-transform
x-amz-cf-pop
FRA6-C1
accept-ranges
bytes
timing-allow-origin
*
x-amz-cf-id
WsoKvJz6abjlqNNNlSLwVe_WJ5OQ3BXNPYd1Dx35rFPaclcKbJ6ncw==
x-cache-hits
0
loader.ba7c86e8b4b6135bb668d05223f8f127.gif
c.disquscdn.com/next/embed/assets/img/ Frame C7EA
3 KB
3 KB
Image
General
Full URL
https://c.disquscdn.com/next/embed/assets/img/loader.ba7c86e8b4b6135bb668d05223f8f127.gif
Requested by
Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/styles/lounge.63860eb743c7d9d2adf0fa435788abe7.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2057:8600:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
4c4491dcfa94cb46fb73742fc2caf49a1cd59027304af1830c7dc6ce1889857c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://c.disquscdn.com/next/embed/styles/lounge.63860eb743c7d9d2adf0fa435788abe7.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Thu, 03 Feb 2022 04:58:07 GMT
via
1.1 25c6baf0a31a5ef699c1e219b25ce7b8.cloudfront.net (CloudFront)
x-content-type-options
nosniff
age
4094504
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
2971
x-xss-protection
1; mode=block
x-served-by
static-web-2
surrogate-key
next
last-modified
Wed, 26 Jan 2022 21:59:15 GMT
server
nginx
etag
"61f1c433-b9b"
content-type
image/gif
access-control-allow-origin
*
expires
Fri, 03 Feb 2023 04:58:07 GMT
cache-control
max-age=31536000, public, immutable, no-transform
x-amz-cf-pop
FRA6-C1
accept-ranges
bytes
timing-allow-origin
*
x-amz-cf-id
OpXymlyeEEiHjsWTcRe70Y-gQ5Brjd_3fdgQku5nJpyi2X8_gVnn_A==
x-cache-hits
0
sprite.ad630a07080a45451f139a7487853ff8.png
c.disquscdn.com/next/embed/assets/img/ Frame C7EA
2 KB
2 KB
Image
General
Full URL
https://c.disquscdn.com/next/embed/assets/img/sprite.ad630a07080a45451f139a7487853ff8.png
Requested by
Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/styles/lounge.63860eb743c7d9d2adf0fa435788abe7.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2057:8600:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
9714221c828961b20f45a782c3281c0596f6652cfe1299bee18097f98e8fb7b3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://c.disquscdn.com/next/embed/styles/lounge.63860eb743c7d9d2adf0fa435788abe7.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 22 Sep 2021 19:47:48 GMT
via
1.1 25c6baf0a31a5ef699c1e219b25ce7b8.cloudfront.net (CloudFront)
x-content-type-options
nosniff
age
15618723
x-cache
Hit from cloudfront
content-length
1763
x-xss-protection
1; mode=block
x-served-by
static-web-1
surrogate-key
next
last-modified
Wed, 22 Sep 2021 19:30:27 GMT
server
nginx
etag
"614b8453-6e3"
content-type
image/png
access-control-allow-origin
*
expires
Thu, 22 Sep 2022 19:47:48 GMT
cache-control
max-age=31536000, public, immutable, no-transform
x-amz-cf-pop
FRA6-C1
accept-ranges
bytes
timing-allow-origin
*
x-amz-cf-id
FwuRqhlsSgMrLT_c1q7TrmFupXzam01Eq1AWBpAXR1xVC362qkwmRw==
x-cache-hits
0
icons.4cc7a703d2fdfe684151ff8ac24d45f1.woff2
c.disquscdn.com/next/embed/assets/font/ Frame C7EA
8 KB
8 KB
Font
General
Full URL
https://c.disquscdn.com/next/embed/assets/font/icons.4cc7a703d2fdfe684151ff8ac24d45f1.woff2
Requested by
Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/styles/lounge.63860eb743c7d9d2adf0fa435788abe7.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2057:8600:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
f2a341fc815d45c21da726d4c843c2c5d3e1f333465347c3c75d040d556df4e5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://c.disquscdn.com/next/embed/styles/lounge.63860eb743c7d9d2adf0fa435788abe7.css
Origin
https://disqus.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 01 Sep 2021 09:58:18 GMT
via
1.1 2f0580a0593ad9d3fb82aee9226d8178.cloudfront.net (CloudFront)
x-content-type-options
nosniff
age
17468493
x-cache
Hit from cloudfront
content-length
7900
x-xss-protection
1; mode=block
x-served-by
static-web-2
surrogate-key
next
last-modified
Tue, 24 Aug 2021 21:06:44 GMT
server
nginx
etag
"61255f64-1edc"
content-type
application/octet-stream
access-control-allow-origin
*
expires
Thu, 01 Sep 2022 09:58:18 GMT
cache-control
max-age=31536000, public, immutable, no-transform
x-amz-cf-pop
FRA6-C1
accept-ranges
bytes
timing-allow-origin
*
x-amz-cf-id
CQbkLgxR0YBpiXob_pZ96E6ki2MQ8NpZoAWdBEh0bMyl_fu2irW_Cg==
x-cache-hits
0
truncated
/ Frame 06F3
336 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
be3b15b1e68cf3e9278293d3b50491fe16c985e0ee5968852cac4fc062a7134e

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type
image/svg+xml
s
googleads.g.doubleclick.net/pagead/drt/ Frame 9C28
143 B
163 B
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&h=200&slotname=3926415687&adk=3167179422&adf=3170887745&pi=t.ma~as.3926415687&w=1200&fwrn=4&lmt=1647958790&rafmt=11&psa=0&format=1200x200&url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1647958790505&bpp=1&bdt=391&idt=191&shv=r20220317&mjsv=m202203170101&ptt=9&saldr=aa&abxe=1&prev_fmts=299x250%2C299x600%2C1182x200%2C1200x200%2C1200x200&correlator=1619148827151&frm=20&pv=1&ga_vid=288048568.1647958790&ga_sid=1647958791&ga_hid=1115656681&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=350&ady=2598&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C21066432%2C31065702%2C44760495%2C31063247&oid=2&pvsid=3871871897982972&pem=22&tmod=415969553&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=6&uci=a!6&btvi=2&fsb=1&xpc=BS04Z9cZfB&p=https%3A//www.threatminer.org&dtd=193
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&h=200&slotname=3926415687&adk=3167179422&adf=3170887745&pi=t.ma~as.3926415687&w=1200&fwrn=4&lmt=1647958790&rafmt=11&psa=0&format=1200x200&url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1647958790505&bpp=1&bdt=391&idt=191&shv=r20220317&mjsv=m202203170101&ptt=9&saldr=aa&abxe=1&prev_fmts=299x250%2C299x600%2C1182x200%2C1200x200%2C1200x200&correlator=1619148827151&frm=20&pv=1&ga_vid=288048568.1647958790&ga_sid=1647958791&ga_hid=1115656681&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=350&ady=2598&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C21066432%2C31065702%2C44760495%2C31063247&oid=2&pvsid=3871871897982972&pem=22&tmod=415969553&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=6&uci=a!6&btvi=2&fsb=1&xpc=BS04Z9cZfB&p=https%3A//www.threatminer.org&dtd=193

Response headers

x-content-type-options
nosniff
content-encoding
gzip
server
cafe
content-length
145
x-xss-protection
0
date
Tue, 22 Mar 2022 14:06:52 GMT
cache-control
public, max-age=3600
content-type
text/html; charset=UTF-8
age
779
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
tb
15.taboola.com/ Frame 725C
4 KB
3 KB
XHR
General
Full URL
https://15.taboola.com/tb?oid=15&pubnm=disqus-widget-safetylevel20longtail09&unitType=226&tbloc=&pageType=text&pstn=%7B%22domain%22%3A%20%22https%3A%2F%2Fwww.threatminer.org%22%2C%20%22experiment%22%3A%20%22network_default%22%2C%20%22position%22%3A%20%22top%22%2C%20%22shortname%22%3A%20%22threatminer%22%2C%20%22variant%22%3A%20%22fallthrough%22%7D&uuip=&cisrf=https%3A%2F%2Fwww.threatminer.org%2F&cirf=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe&encoded=1&uid=9e8e1b47-4874-4f05-b886-a8ca805928a4-tuct9336086&variant=-100|478542&callback=TRC.videoTagCallbacks.videoCallback1&cb=1647958791466&tagid=&cntry=DE&platform=1&sesid=3039040f71c5773a6a26e1d41a315c6a&itemid=/sample.php&viewid=1647958790916&geolat=&geoing=&deviceifa=&appid=&sd=v2_3039040f71c5773a6a26e1d41a315c6a_9e8e1b47-4874-4f05-b886-a8ca805928a4-tuct9336086_1647958790_1647958790_CIi3jgYQktQ_GISm_o_7LyABKAEwODib4wlAiIoQSKW02QNQouwQWABgAGjb_5X0ga2ul6YBcAA&ri=395c0fb252222fdf950f8d63248571be&appname=&cdb=&gdprApplies=true&rid=&sii=2055554289249226850&oee=true&tpubid=1042962&uis=2&fagg=1&ccpaDns=false&ccpaPrivacy=&region=NW&hasGDPRConsent=true&tcfVersion=&cmpStatus=&tnetid=1003147&prcnt=&layer=&normp=1
Requested by
Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20220319-2-RELEASE.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
b6959badc42ed321f3170a8518f312b7ca475edb34a8fef12c3a51865d2af955

Request headers

Referer
https://www.threatminer.org/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type
text/plain

Response headers

date
Tue, 22 Mar 2022 14:19:51 GMT
content-encoding
gzip
access-control-allow-origin
https://www.threatminer.org
machineid
1483
x-cache
MISS
xvid-debug
mrmr - :
x-served-by
cache-hhn4027-HHN
pragma
no-cache
server
nginx
x-timer
S1647958791.470786,VS0,VE19
vary
Accept-Encoding
content-type
text/html;charset=ISO-8859-1
via
1.1 varnish
expires
Sat, 26 Jul 1997 05:00:00 GMT
cache-control
no-cache,must-revalidate,no-store,max-age=0,s-maxage=0
access-control-allow-credentials
true
accept-ranges
bytes
link
<https://am-wf.taboola.com>; rel=preconnect
x-cache-hits
0
userx.20220319-2-RELEASE.es6.js
cdn.taboola.com/libtrc/ Frame 725C
17 KB
5 KB
Script
General
Full URL
https://cdn.taboola.com/libtrc/userx.20220319-2-RELEASE.es6.js
Requested by
Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/disqus-widget-safetylevel20longtail09/loader.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
1ed4c8a8cbe31d3903b2903265b1b5df60688fb01475d5097e9bb942df8e078b

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.threatminer.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-amz-version-id
n_pX6m1LUS0lkBZBEkRVgQcwtqg9PnE6
content-encoding
gzip
etag
"dd0f879c1435bf9eb579c7ad2dc4d0b1"
age
12
x-cache
HIT
x-amz-replication-status
PENDING
content-length
5398
x-amz-id-2
JBvgXsJiShLURWcpVCL/jOyuB65dZJE4NOZ6sU0N9P40deUKCUhNb96gUNCEb8twuBykl+Creac=
x-served-by
cache-hhn4027-HHN
last-modified
Sun, 20 Mar 2022 12:41:02 GMT
server
AmazonS3
x-timer
S1647958791.470922,VS0,VE0
date
Tue, 22 Mar 2022 14:19:51 GMT
vary
Accept-Encoding
x-amz-request-id
VJ0Q3GEHWTRBK48B
via
1.1 varnish
cache-control
private,max-age=14400
accept-ranges
bytes
content-type
application/javascript; charset=utf-8
abp
19
x-cache-hits
7
fix-user-id
trc.taboola.com/disqus-widget-safetylevel20longtail09/log/3/ Frame 725C
0
255 B
Image
General
Full URL
https://trc.taboola.com/disqus-widget-safetylevel20longtail09/log/3/fix-user-id?lti=deflated&ri=395c0fb252222fdf950f8d63248571be&sd=v2_3039040f71c5773a6a26e1d41a315c6a_9e8e1b47-4874-4f05-b886-a8ca805928a4-tuct9336086_1647958790_1647958790_CIi3jgYQktQ_GISm_o_7LyABKAEwODib4wlAiIoQSKW02QNQouwQWABgAGjb_5X0ga2ul6YBcAA&ui=9e8e1b47-4874-4f05-b886-a8ca805928a4-tuct9336086&pi=/sample.php&wi=2055554289249226850&pt=text&vi=1647958790916&time=1647958791458&fromUser=3d096272-be93-45f5-80ec-523e23651b93-tuct9336086&toUser=9e8e1b47-4874-4f05-b886-a8ca805928a4-tuct9336086&fromSD=v2_846cdb928307a530268cf84e1e7c12f1_3d096272-be93-45f5-80ec-523e23651b93-tuct9336086_1647958790_1647958790_CIi3jgYQktQ_GISm_o_7LyABKAEwODib4wlAiIoQSKW02QNQouwQWABgAGjb_5X0ga2ul6YBcAA&toSD=v2_3039040f71c5773a6a26e1d41a315c6a_9e8e1b47-4874-4f05-b886-a8ca805928a4-tuct9336086_1647958790_1647958790_CIi3jgYQktQ_GISm_o_7LyABKAEwODib4wlAiIoQSKW02QNQouwQWABgAGjb_5X0ga2ul6YBcAA&tim=14%3A19%3A51.458&id=1903&llvl=2&cv=20220319-2-RELEASE&
Requested by
Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=56e008e903a7e3a3b98e19f313435afe
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.threatminer.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-vcl-time-ms
9
pragma
no-cache
date
Tue, 22 Mar 2022 14:19:51 GMT
via
1.1 varnish
server
nginx
x-timer
S1647958791.471010,VS0,VE9
x-served-by
cache-hhn4027-HHN
x-cache
MISS
p3p
policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin
*
cache-control
no-cache
access-control-allow-credentials
true
accept-ranges
bytes
content-type
image/gif
x-cache-hits
0
tbp
15.taboola.com/ Frame 548E
6 KB
2 KB
XHR
General
Full URL
https://15.taboola.com/tbp?oid=15&pubid=166277&tagid=948107&pstn=[pstn]&cb=[cb]&callback=TRC.pVideoCallbacks.videoCallback1
Requested by
Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20220319-2-RELEASE.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
c39babc5b1ebc44eacdc9a8033fcacb34a85a83e5b2f5e2d3f54d58b8d61042a

Request headers

Referer
https://www.threatminer.org/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type
text/plain

Response headers

date
Tue, 22 Mar 2022 14:19:51 GMT
content-encoding
gzip
access-control-allow-origin
https://www.threatminer.org
machineid
1442
x-cache
MISS
x-cache-hits
0
x-served-by
cache-hhn4027-HHN
pragma
no-cache
server
nginx
x-timer
S1647958791.477146,VS0,VE18
vary
Accept-Encoding
content-type
text/html;charset=ISO-8859-1
via
1.1 varnish
cache-control
no-cache,must-revalidate,no-store,max-age=0,s-maxage=0
access-control-allow-credentials
true
accept-ranges
bytes
expires
Sat, 26 Jul 1997 05:00:00 GMT
fc47205c0ca2dce69b72d3f6b5ea6e0f.jpeg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ Frame 548E
11 KB
12 KB
Image
General
Full URL
https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/fc47205c0ca2dce69b72d3f6b5ea6e0f.jpeg
Requested by
Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=56e008e903a7e3a3b98e19f313435afe
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
93f393a2b1de6e84b23b0eb105987bd779b48e788c48b7a91db7becf6e237218

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.threatminer.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-vcl-time-ms
0
date
Tue, 22 Mar 2022 14:19:51 GMT
via
1.1 varnish, 1.1 varnish
age
538285
edge-cache-tag
365836330699709642365401133871586342678,459052303457394366171479749282851127576,29ecf9b93bbf306179626feeda1fab70
cache-tag
365836330699709642365401133871586342678,459052303457394366171479749282851127576,29ecf9b93bbf306179626feeda1fab70
x-ratelimit-remaining
100
x-envoy-upstream-service-time
182
expiration
expiry-date="Thu, 14 Apr 2022 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
x-cache
MISS, HIT, HIT
x-debug
/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/fc47205c0ca2dce69b72d3f6b5ea6e0f.jpeg
content-length
11244
x-backend-name
LA_DIR:3FP7YNX3LMizprTZsG7BSW--F_LA_nlb201
last-modified
Mon, 14 Mar 2022 14:24:14 GMT
server
nginx
x-timer
S1647958791.478714,VS0,VE0
etag
"db036f3de24fd53ed87df577a05b01c0"
x-served-by
cache-bwi5029-BWI, cache-iad-kcgs7200058-IAD, cache-hhn4027-HHN
vary
ImageFormat
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-ratelimit-reset
1
x-ratelimit-limit
101
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-headers
X-Requested-With
x-cache-hits
0, 1, 348
tbp
15.taboola.com/ Frame 548E
6 KB
2 KB
XHR
General
Full URL
https://15.taboola.com/tbp?oid=15&pubid=166277&tagid=948107&pstn=[pstn]&cb=[cb]&callback=TRC.pVideoCallbacks.videoCallback2
Requested by
Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20220319-2-RELEASE.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
ca90f71c66820cf27d476f06d5847dbeaf652586e5d612ab0f787fa1cea9fee5

Request headers

Referer
https://www.threatminer.org/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type
text/plain

Response headers

date
Tue, 22 Mar 2022 14:19:51 GMT
content-encoding
gzip
access-control-allow-origin
https://www.threatminer.org
machineid
1424
x-cache
MISS
x-cache-hits
0
x-served-by
cache-hhn4027-HHN
pragma
no-cache
server
nginx
x-timer
S1647958791.478352,VS0,VE21
vary
Accept-Encoding
content-type
text/html;charset=ISO-8859-1
via
1.1 varnish
cache-control
no-cache,must-revalidate,no-store,max-age=0,s-maxage=0
access-control-allow-credentials
true
accept-ranges
bytes
expires
Sat, 26 Jul 1997 05:00:00 GMT
963b2bd78ec4af37edcfda9a372ce867.png
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ Frame 548E
5 KB
6 KB
Image
General
Full URL
https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/963b2bd78ec4af37edcfda9a372ce867.png
Requested by
Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=56e008e903a7e3a3b98e19f313435afe
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
7b0c413bcb3674fc6edd5efdd7942e521fccae2795c7573a3285d8cb6c28fcbb

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.threatminer.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-vcl-time-ms
0
date
Tue, 22 Mar 2022 14:19:51 GMT
via
1.1 varnish, 1.1 varnish
age
870963
edge-cache-tag
500528341747144064097578862576342679755,459052303457394366171479749282851127576,29ecf9b93bbf306179626feeda1fab70
cache-tag
500528341747144064097578862576342679755,459052303457394366171479749282851127576,29ecf9b93bbf306179626feeda1fab70
x-ratelimit-remaining
100
x-envoy-upstream-service-time
112
expiration
expiry-date="Thu, 24 Mar 2022 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
x-cache
HIT, HIT, HIT
x-debug
/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/963b2bd78ec4af37edcfda9a372ce867.png
content-length
5536
x-backend-name
CH_DIR:3FP7YNX3LMizprTZsG7BSW--F_CH_nlb801
last-modified
Mon, 21 Feb 2022 12:04:14 GMT
server
nginx
x-timer
S1647958791.478628,VS0,VE0
etag
"0e6d7a96188bd3fafd26c17d9f8d364d"
x-served-by
cache-bwi5075-BWI, cache-iad-kcgs7200176-IAD, cache-hhn4027-HHN
vary
ImageFormat
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-ratelimit-reset
1
x-ratelimit-limit
101
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-headers
X-Requested-With
x-cache-hits
1, 1, 2
75af26290d1c422fa1348137bc6a4b68.jpg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ Frame 548E
13 KB
14 KB
Image
General
Full URL
https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/75af26290d1c422fa1348137bc6a4b68.jpg
Requested by
Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=56e008e903a7e3a3b98e19f313435afe
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
bb6fe6ea51772638f8c2a04593fa4ee92717aa3d899c2def04b8509c50975e3a

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.threatminer.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-vcl-time-ms
0
date
Tue, 22 Mar 2022 14:19:51 GMT
via
1.1 varnish, 1.1 varnish
age
1832045
edge-cache-tag
419649402235686168963062171367090614525,459052303457394366171479749282851127576,29ecf9b93bbf306179626feeda1fab70
cache-tag
419649402235686168963062171367090614525,459052303457394366171479749282851127576,29ecf9b93bbf306179626feeda1fab70
x-ratelimit-remaining
100
x-envoy-upstream-service-time
224
expiration
expiry-date="Thu, 31 Mar 2022 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
x-cache
HIT, HIT, HIT
x-debug
/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/75af26290d1c422fa1348137bc6a4b68.jpg
content-length
13410
x-backend-name
LA_DIR:3FP7YNX3LMizprTZsG7BSW--F_LA_nlb204
last-modified
Mon, 28 Feb 2022 13:55:56 GMT
server
nginx
x-timer
S1647958791.478934,VS0,VE0
etag
"f01cf5dde89f9c09245b94dcab16040e"
x-served-by
cache-bwi5032-BWI, cache-iad-kcgs7200115-IAD, cache-hhn4027-HHN
vary
ImageFormat
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-ratelimit-reset
1
x-ratelimit-limit
101
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-headers
X-Requested-With
x-cache-hits
1, 1, 2
tbp
15.taboola.com/ Frame 548E
6 KB
3 KB
XHR
General
Full URL
https://15.taboola.com/tbp?oid=15&pubid=166277&tagid=948107&pstn=[pstn]&cb=[cb]&callback=TRC.pVideoCallbacks.videoCallback3
Requested by
Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20220319-2-RELEASE.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
23d73e82db2eacc7b04298fa1be270e911f33c8b5289f29b3293c1676ad5b40d

Request headers

Referer
https://www.threatminer.org/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type
text/plain

Response headers

date
Tue, 22 Mar 2022 14:19:51 GMT
content-encoding
gzip
access-control-allow-origin
https://www.threatminer.org
machineid
1450
x-cache
MISS
x-cache-hits
0
x-served-by
cache-hhn4027-HHN
pragma
no-cache
server
nginx
x-timer
S1647958791.479133,VS0,VE56
vary
Accept-Encoding
content-type
text/html;charset=ISO-8859-1
via
1.1 varnish
cache-control
no-cache,must-revalidate,no-store,max-age=0,s-maxage=0
access-control-allow-credentials
true
accept-ranges
bytes
expires
Sat, 26 Jul 1997 05:00:00 GMT
5caf2e65bec1862417560f766e3017ed.jpg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ Frame 548E
29 KB
30 KB
Image
General
Full URL
https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/5caf2e65bec1862417560f766e3017ed.jpg
Requested by
Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=56e008e903a7e3a3b98e19f313435afe
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
69d3945a8d076a254a46eacaee06ae6cf7db0306c8727fd7c451f23c3a2b26ce

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.threatminer.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-vcl-time-ms
1
date
Tue, 22 Mar 2022 14:19:51 GMT
via
1.1 varnish, 1.1 varnish
age
1203153
edge-cache-tag
473510749030488951307065470310466400699,459052303457394366171479749282851127576,29ecf9b93bbf306179626feeda1fab70
cache-tag
473510749030488951307065470310466400699,459052303457394366171479749282851127576,29ecf9b93bbf306179626feeda1fab70
x-ratelimit-remaining
100
x-envoy-upstream-service-time
183
expiration
expiry-date="Sat, 12 Mar 2022 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
x-cache
HIT, HIT, HIT
x-debug
/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/5caf2e65bec1862417560f766e3017ed.jpg
content-length
29726
x-backend-name
LA_DIR:3FP7YNX3LMizprTZsG7BSW--F_LA_nlb202
last-modified
Wed, 09 Feb 2022 05:23:19 GMT
server
nginx
x-timer
S1647958791.479364,VS0,VE1
etag
"0a4c867f6f6dfd844a117a9a44931b11"
x-served-by
cache-bwi5036-BWI, cache-iad-kiad7000038-IAD, cache-hhn4027-HHN
vary
ImageFormat
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-ratelimit-reset
1
x-ratelimit-limit
101
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-headers
X-Requested-With
x-cache-hits
1, 1, 1
0fce2f0ef08ab2f0d6b8fa82f1cfc6a4.png
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ Frame 548E
11 KB
12 KB
Image
General
Full URL
https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/0fce2f0ef08ab2f0d6b8fa82f1cfc6a4.png
Requested by
Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=56e008e903a7e3a3b98e19f313435afe
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
3f20c78edf350544b354f8245729db4c74f21682d2f6669114bee39346548129

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.threatminer.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-vcl-time-ms
0
date
Tue, 22 Mar 2022 14:19:51 GMT
via
1.1 varnish, 1.1 varnish
age
608261
edge-cache-tag
516946417714186164303027548019906206945,459052303457394366171479749282851127576,29ecf9b93bbf306179626feeda1fab70
cache-tag
516946417714186164303027548019906206945,459052303457394366171479749282851127576,29ecf9b93bbf306179626feeda1fab70
x-ratelimit-remaining
99
x-envoy-upstream-service-time
74
expiration
expiry-date="Fri, 25 Mar 2022 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
x-cache
HIT, HIT, HIT
x-debug
/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/0fce2f0ef08ab2f0d6b8fa82f1cfc6a4.png
content-length
11558
x-backend-name
CH_DIR:3FP7YNX3LMizprTZsG7BSW--F_CH_nlb804
last-modified
Tue, 22 Feb 2022 13:50:40 GMT
server
nginx
x-timer
S1647958791.479484,VS0,VE0
etag
"2aa5151ffa488025232882f76c221d7f"
x-served-by
cache-wdc5557-WDC, cache-iad-kjyo7100079-IAD, cache-hhn4027-HHN
vary
ImageFormat
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-ratelimit-reset
1
x-ratelimit-limit
101
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-headers
X-Requested-With
x-cache-hits
1, 1, 2
c550b5c61cbb034102b1b0820278e4d1.jpg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ Frame 548E
17 KB
18 KB
Image
General
Full URL
https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/c550b5c61cbb034102b1b0820278e4d1.jpg
Requested by
Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=56e008e903a7e3a3b98e19f313435afe
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
9bc50e346a5772ba1724948a53082df46c70edc300a38b75f61e8cb203f0a8cf

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.threatminer.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-vcl-time-ms
1
date
Tue, 22 Mar 2022 14:19:51 GMT
via
1.1 varnish, 1.1 varnish
age
441819
edge-cache-tag
570440351580815921467581476724027591677,459052303457394366171479749282851127576,29ecf9b93bbf306179626feeda1fab70
cache-tag
570440351580815921467581476724027591677,459052303457394366171479749282851127576,29ecf9b93bbf306179626feeda1fab70
x-ratelimit-remaining
99
x-envoy-upstream-service-time
91
expiration
expiry-date="Sun, 10 Apr 2022 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
x-cache
HIT, HIT, HIT
x-debug
/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/c550b5c61cbb034102b1b0820278e4d1.jpg
content-length
17428
x-backend-name
LA_DIR:3FP7YNX3LMizprTZsG7BSW--F_LA_nlb204
last-modified
Thu, 10 Mar 2022 14:24:16 GMT
server
nginx
x-timer
S1647958792.505920,VS0,VE1
etag
"2dcfc655599e7b3d92e07a7aae9e1d3f"
x-served-by
cache-wdc5542-WDC, cache-iad-kcgs7200148-IAD, cache-hhn4027-HHN
vary
ImageFormat
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-ratelimit-reset
1
x-ratelimit-limit
101
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-headers
X-Requested-With
x-cache-hits
1, 1, 1
event.gif
referrer.disqus.com/juggler/ Frame C7EA
43 B
339 B
Image
General
Full URL
https://referrer.disqus.com/juggler/event.gif?abe=0&embed_hidden=0&load_time=310&event=init_embed&thread=9083326875&forum=threatminer&forum_id=5993718&imp=7bq4ppt1ccv6l3&thread_slug=56e008e903a7e3a3b98e19f313435afe_malware_analysis_results_threatminerorg&user_type=anon&referrer=https%3A%2F%2Fwww.threatminer.org%2F&theme=next&dnt=0&tracking_enabled=0&experiment=network_default&variant=fallthrough&service=dynamic&promoted_enabled=true&max_enabled=true
Requested by
Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=56e008e903a7e3a3b98e19f313435afe
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
199.232.196.134 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://disqus.com/embed/comments/?base=default&f=threatminer&t_i=56e008e903a7e3a3b98e19f313435afe&t_u=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe&t_d=56e008e903a7e3a3b98e19f313435afe%20Malware%20Analysis%20Results%20%7C%20ThreatMiner.org&t_t=56e008e903a7e3a3b98e19f313435afe%20Malware%20Analysis%20Results%20%7C%20ThreatMiner.org&s_o=default
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date
Tue, 22 Mar 2022 14:19:51 GMT
X-Content-Type-Options
nosniff
Last-Modified
Mon, 28 Sep 1970 06:00:00 GMT
Server
nginx
Content-Type
image/gif
Cross-Origin-Resource-Policy
cross-origin
Connection
keep-alive
Content-Length
43
X-XSS-Protection
1; mode=block
vidice.js
resources.infolinks.com/js/vidice/2.0/
333 KB
86 KB
Script
General
Full URL
https://resources.infolinks.com/js/vidice/2.0/vidice.js
Requested by
Host: resources.infolinks.com
URL: https://resources.infolinks.com/js/1789.003-3.025/ice.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b2bdac211f43fbee9eeb4d50f8755206599f76296cd15316a97c9d2cb2050d2f

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.threatminer.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

cf-ray
6eff908f0a469978-FRA
date
Tue, 22 Mar 2022 14:19:51 GMT
via
1.1 google
cf-cache-status
HIT
last-modified
Tue, 25 Jan 2022 09:20:02 GMT
server
cloudflare
age
8613
etag
W/"5344d-5d6649709d511"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=2592000
content-encoding
gzip
expires
Thu, 21 Apr 2022 11:56:18 GMT
realtime.b23ff3c36dd0169627f8e54ca1621eca.css
c.disquscdn.com/next/embed/styles/ Frame A53A
337 B
839 B
Stylesheet
General
Full URL
https://c.disquscdn.com/next/embed/styles/realtime.b23ff3c36dd0169627f8e54ca1621eca.css
Requested by
Host: threatminer.disqus.com
URL: https://threatminer.disqus.com/embed.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2057:8600:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
c284dcb06ef882b1b45e11e0a16baa223b4117eca94e243c8e725c4ce3f909b3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.threatminer.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 02 Nov 2021 19:05:09 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
12078882
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
244
x-xss-protection
1; mode=block
x-served-by
static-web-2
access-control-allow-origin
*
surrogate-key
next
last-modified
Tue, 02 Nov 2021 18:16:01 GMT
server
nginx
etag
"61818061-f4"
content-type
text/css; charset=utf-8
via
1.1 25c6baf0a31a5ef699c1e219b25ce7b8.cloudfront.net (CloudFront)
expires
Wed, 02 Nov 2022 19:05:09 GMT
cache-control
max-age=31536000, public, immutable, no-transform
x-amz-cf-pop
FRA6-C1
timing-allow-origin
*
x-amz-cf-id
LPVxsAqPvZVWSvfKaAJjxRGCaRjEDY_m-QeXUST6I-EJmt_KyIsa2Q==
x-cache-hits
0
realtime.b23ff3c36dd0169627f8e54ca1621eca.css
c.disquscdn.com/next/embed/styles/ Frame C32F
337 B
838 B
Stylesheet
General
Full URL
https://c.disquscdn.com/next/embed/styles/realtime.b23ff3c36dd0169627f8e54ca1621eca.css
Requested by
Host: threatminer.disqus.com
URL: https://threatminer.disqus.com/embed.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2057:8600:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
c284dcb06ef882b1b45e11e0a16baa223b4117eca94e243c8e725c4ce3f909b3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.threatminer.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 02 Nov 2021 19:05:09 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
12078882
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
244
x-xss-protection
1; mode=block
x-served-by
static-web-2
access-control-allow-origin
*
surrogate-key
next
last-modified
Tue, 02 Nov 2021 18:16:01 GMT
server
nginx
etag
"61818061-f4"
content-type
text/css; charset=utf-8
via
1.1 25c6baf0a31a5ef699c1e219b25ce7b8.cloudfront.net (CloudFront)
expires
Wed, 02 Nov 2022 19:05:09 GMT
cache-control
max-age=31536000, public, immutable, no-transform
x-amz-cf-pop
FRA6-C1
timing-allow-origin
*
x-amz-cf-id
4aLhd1ED67vIRgAO9FJ1NtLnLUswMSYub-MH-kqgpXVU6o5LPT8JfQ==
x-cache-hits
0
async-ads.js
cse.google.com/adsense/search/ Frame 2FCE
136 KB
50 KB
Script
General
Full URL
https://cse.google.com/adsense/search/async-ads.js?pac=0
Requested by
Host: cse.google.com
URL: https://cse.google.com/cse_v2/ads?adsafe=low&pcsa=true&cx=009665096751685288782%3Ao6_z_tmwsge&client=google-coop&q=56e008e903a7e3a3b98e19f313435afe&r=m&hl=en&type=0&oe=UTF-8&ie=UTF-8&fexp=20606%2C17300842%2C17300953%2C17300955&format=p4&ad=p4&nocache=5101647958791233&num=0&output=uds_ads_only&source=gcsc&v=3&bsl=10&pac=0&u_his=2&u_tz=0&dt=1647958791234&u_w=1600&u_h=1200&biw=1600&bih=1200&psw=1600&psh=3840&frm=0&uio=-&qup=1&jsid=csa&jsv=12411&rurl=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe%23gsc.tab%3D0%26gsc.q%3D56e008e903a7e3a3b98e19f313435afe%26gsc.page%3D1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
26b455d05301acda19c24cf35fa5aec0945bf50244421d00678502a785d33393
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://cse.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:19:51 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="ads-afs-ui"
etag
"12222482082425325471"
vary
Accept-Encoding
report-to
{"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
accept-ranges
bytes
expires
Tue, 22 Mar 2022 14:19:51 GMT
fc47205c0ca2dce69b72d3f6b5ea6e0f.jpeg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ Frame 725C
11 KB
12 KB
Image
General
Full URL
https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/fc47205c0ca2dce69b72d3f6b5ea6e0f.jpeg
Requested by
Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20220319-2-RELEASE.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
93f393a2b1de6e84b23b0eb105987bd779b48e788c48b7a91db7becf6e237218

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.threatminer.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-vcl-time-ms
1
date
Tue, 22 Mar 2022 14:19:51 GMT
via
1.1 varnish, 1.1 varnish
age
538285
edge-cache-tag
365836330699709642365401133871586342678,459052303457394366171479749282851127576,29ecf9b93bbf306179626feeda1fab70
cache-tag
365836330699709642365401133871586342678,459052303457394366171479749282851127576,29ecf9b93bbf306179626feeda1fab70
x-ratelimit-remaining
100
x-envoy-upstream-service-time
182
expiration
expiry-date="Thu, 14 Apr 2022 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
x-cache
MISS, HIT, HIT
x-debug
/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/fc47205c0ca2dce69b72d3f6b5ea6e0f.jpeg
content-length
11244
x-backend-name
LA_DIR:3FP7YNX3LMizprTZsG7BSW--F_LA_nlb201
last-modified
Mon, 14 Mar 2022 14:24:14 GMT
server
nginx
x-timer
S1647958792.602407,VS0,VE1
etag
"db036f3de24fd53ed87df577a05b01c0"
x-served-by
cache-bwi5029-BWI, cache-iad-kcgs7200058-IAD, cache-hhn4027-HHN
vary
ImageFormat
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-ratelimit-reset
1
x-ratelimit-limit
101
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-headers
X-Requested-With
x-cache-hits
0, 1, 349
tbp
15.taboola.com/ Frame 725C
6 KB
3 KB
XHR
General
Full URL
https://15.taboola.com/tbp?oid=15&pubid=166277&tagid=948107&pstn=[pstn]&cb=[cb]&callback=TRC.pVideoCallbacks.videoCallback1
Requested by
Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20220319-2-RELEASE.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
497784962396c3e6376fbec9dbde4406909d5dead68a80102ef8773286575e13

Request headers

Referer
https://www.threatminer.org/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type
text/plain

Response headers

date
Tue, 22 Mar 2022 14:19:51 GMT
content-encoding
gzip
access-control-allow-origin
https://www.threatminer.org
machineid
1450
x-cache
MISS
x-cache-hits
0
x-served-by
cache-hhn4027-HHN
pragma
no-cache
server
nginx
x-timer
S1647958792.602616,VS0,VE20
vary
Accept-Encoding
content-type
text/html;charset=ISO-8859-1
via
1.1 varnish
cache-control
no-cache,must-revalidate,no-store,max-age=0,s-maxage=0
access-control-allow-credentials
true
accept-ranges
bytes
expires
Sat, 26 Jul 1997 05:00:00 GMT
0fce2f0ef08ab2f0d6b8fa82f1cfc6a4.png
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ Frame 725C
11 KB
12 KB
Image
General
Full URL
https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/0fce2f0ef08ab2f0d6b8fa82f1cfc6a4.png
Requested by
Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20220319-2-RELEASE.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
3f20c78edf350544b354f8245729db4c74f21682d2f6669114bee39346548129

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.threatminer.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-vcl-time-ms
0
date
Tue, 22 Mar 2022 14:19:51 GMT
via
1.1 varnish, 1.1 varnish
age
608261
edge-cache-tag
516946417714186164303027548019906206945,459052303457394366171479749282851127576,29ecf9b93bbf306179626feeda1fab70
cache-tag
516946417714186164303027548019906206945,459052303457394366171479749282851127576,29ecf9b93bbf306179626feeda1fab70
x-ratelimit-remaining
99
x-envoy-upstream-service-time
74
expiration
expiry-date="Fri, 25 Mar 2022 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
x-cache
HIT, HIT, HIT
x-debug
/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/0fce2f0ef08ab2f0d6b8fa82f1cfc6a4.png
content-length
11558
x-backend-name
CH_DIR:3FP7YNX3LMizprTZsG7BSW--F_CH_nlb804
last-modified
Tue, 22 Feb 2022 13:50:40 GMT
server
nginx
x-timer
S1647958792.602733,VS0,VE0
etag
"2aa5151ffa488025232882f76c221d7f"
x-served-by
cache-wdc5557-WDC, cache-iad-kjyo7100079-IAD, cache-hhn4027-HHN
vary
ImageFormat
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-ratelimit-reset
1
x-ratelimit-limit
101
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-headers
X-Requested-With
x-cache-hits
1, 1, 3
656985b9ca98e7cefd482c216e06d904.jpg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ Frame 725C
15 KB
15 KB
Image
General
Full URL
https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/656985b9ca98e7cefd482c216e06d904.jpg
Requested by
Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=56e008e903a7e3a3b98e19f313435afe
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
54b76b9b87735b56615ee85736257872299a9badb32e1d31ed70f3f26a954158

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.threatminer.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-vcl-time-ms
0
date
Tue, 22 Mar 2022 14:19:51 GMT
via
1.1 varnish, 1.1 varnish
age
352271
edge-cache-tag
382912112058323714276555655145386039340,459052303457394366171479749282851127576,29ecf9b93bbf306179626feeda1fab70
cache-tag
382912112058323714276555655145386039340,459052303457394366171479749282851127576,29ecf9b93bbf306179626feeda1fab70
status
200 OK
x-ratelimit-remaining
99
x-envoy-upstream-service-time
557
x-cache
MISS, HIT, HIT
x-debug
/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/656985b9ca98e7cefd482c216e06d904.jpg
content-length
14866
x-request-id
71bfd54751c2eca843618d03f7c4b39a
x-backend-name
LA_DIR:3FP7YNX3LMizprTZsG7BSW--F_LA_nlb203
last-modified
Fri, 18 Mar 2022 09:50:14 GMT
server
nginx
x-timer
S1647958792.603067,VS0,VE0
etag
"2f4fcda005b77359128f8ab0936527c0"
x-served-by
cache-bwi5040-BWI, cache-iad-kjyo7100073-IAD, cache-hhn4027-HHN
vary
ImageFormat
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-ratelimit-reset
1
x-ratelimit-limit
101
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-headers
X-Requested-With
x-cache-hits
0, 1, 5
9cfa6bf5722188232a1b458cb54c7194.jpg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ Frame 725C
17 KB
18 KB
Image
General
Full URL
https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/9cfa6bf5722188232a1b458cb54c7194.jpg
Requested by
Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=56e008e903a7e3a3b98e19f313435afe
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
7bbd6a2a9e83ef6984e0fc21ad571691780777e0b4b894daf3455748e117554f

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.threatminer.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-vcl-time-ms
1
date
Tue, 22 Mar 2022 14:19:51 GMT
via
1.1 varnish, 1.1 varnish
age
1217884
edge-cache-tag
384909009795398178221486296188876000720,459052303457394366171479749282851127576,29ecf9b93bbf306179626feeda1fab70
cache-tag
384909009795398178221486296188876000720,459052303457394366171479749282851127576,29ecf9b93bbf306179626feeda1fab70
x-ratelimit-remaining
100
x-envoy-upstream-service-time
159
expiration
expiry-date="Fri, 11 Mar 2022 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
x-cache
MISS, HIT, HIT
x-debug
/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/9cfa6bf5722188232a1b458cb54c7194.jpg
content-length
17894
x-backend-name
LA_DIR:3FP7YNX3LMizprTZsG7BSW--F_LA_nlb201
last-modified
Tue, 08 Feb 2022 08:42:25 GMT
server
nginx
x-timer
S1647958792.603460,VS0,VE1
etag
"37d4fa0f500eafb5b79a28704499fb87"
x-served-by
cache-wdc5554-WDC, cache-iad-kiad7000067-IAD, cache-hhn4027-HHN
vary
ImageFormat
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-ratelimit-reset
1
x-ratelimit-limit
101
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-headers
X-Requested-With
x-cache-hits
0, 1, 1
9ccfc93598d017fc15b5ace2c90ac805.png
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ Frame 725C
15 KB
15 KB
Image
General
Full URL
https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/9ccfc93598d017fc15b5ace2c90ac805.png
Requested by
Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=56e008e903a7e3a3b98e19f313435afe
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
1a1fda99cdd8bbe705bc66a681a248975154bee13fb350978472fa20b0f513be

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.threatminer.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-vcl-time-ms
1
date
Tue, 22 Mar 2022 14:19:51 GMT
via
1.1 varnish, 1.1 varnish
age
521747
edge-cache-tag
302852673209151404540504392374238792536,459052303457394366171479749282851127576,29ecf9b93bbf306179626feeda1fab70
cache-tag
302852673209151404540504392374238792536,459052303457394366171479749282851127576,29ecf9b93bbf306179626feeda1fab70
x-ratelimit-remaining
99
x-envoy-upstream-service-time
200
expiration
expiry-date="Thu, 17 Mar 2022 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
x-cache
MISS, HIT, HIT
x-debug
/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/9ccfc93598d017fc15b5ace2c90ac805.png
content-length
14860
x-backend-name
LA_DIR:3FP7YNX3LMizprTZsG7BSW--F_LA_nlb203
last-modified
Mon, 14 Feb 2022 10:34:36 GMT
server
nginx
x-timer
S1647958792.603614,VS0,VE1
etag
"bb612a9315d390adb08b81b9099bd5eb"
x-served-by
cache-wdc5556-WDC, cache-iad-kjyo7100038-IAD, cache-hhn4027-HHN
vary
ImageFormat
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-ratelimit-reset
1
x-ratelimit-limit
101
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-headers
X-Requested-With
x-cache-hits
0, 1, 1
c550b5c61cbb034102b1b0820278e4d1.jpg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ Frame 725C
17 KB
18 KB
Image
General
Full URL
https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/c550b5c61cbb034102b1b0820278e4d1.jpg
Requested by
Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20220319-2-RELEASE.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
9bc50e346a5772ba1724948a53082df46c70edc300a38b75f61e8cb203f0a8cf

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.threatminer.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-vcl-time-ms
0
date
Tue, 22 Mar 2022 14:19:51 GMT
via
1.1 varnish, 1.1 varnish
age
441819
edge-cache-tag
570440351580815921467581476724027591677,459052303457394366171479749282851127576,29ecf9b93bbf306179626feeda1fab70
cache-tag
570440351580815921467581476724027591677,459052303457394366171479749282851127576,29ecf9b93bbf306179626feeda1fab70
x-ratelimit-remaining
99
x-envoy-upstream-service-time
91
expiration
expiry-date="Sun, 10 Apr 2022 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
x-cache
HIT, HIT, HIT
x-debug
/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/c550b5c61cbb034102b1b0820278e4d1.jpg
content-length
17428
x-backend-name
LA_DIR:3FP7YNX3LMizprTZsG7BSW--F_LA_nlb204
last-modified
Thu, 10 Mar 2022 14:24:16 GMT
server
nginx
x-timer
S1647958792.603883,VS0,VE0
etag
"2dcfc655599e7b3d92e07a7aae9e1d3f"
x-served-by
cache-wdc5542-WDC, cache-iad-kcgs7200148-IAD, cache-hhn4027-HHN
vary
ImageFormat
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-ratelimit-reset
1
x-ratelimit-limit
101
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-headers
X-Requested-With
x-cache-hits
1, 1, 2
357ddf017e7a016913d2a99816a96520.png
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ Frame 725C
9 KB
10 KB
Image
General
Full URL
https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/357ddf017e7a016913d2a99816a96520.png
Requested by
Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=56e008e903a7e3a3b98e19f313435afe
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
bb35c990687adce309473f322847f1ed00df5d747b878d1c1fb17ed08bb4c6d2

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.threatminer.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-vcl-time-ms
0
date
Tue, 22 Mar 2022 14:19:51 GMT
via
1.1 varnish, 1.1 varnish
age
1835692
edge-cache-tag
331637262338431415085098021364481681079,459052303457394366171479749282851127576,29ecf9b93bbf306179626feeda1fab70
cache-tag
331637262338431415085098021364481681079,459052303457394366171479749282851127576,29ecf9b93bbf306179626feeda1fab70
x-ratelimit-remaining
98
x-envoy-upstream-service-time
36
expiration
expiry-date="Thu, 03 Mar 2022 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
x-cache
HIT, HIT, HIT
x-debug
/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/357ddf017e7a016913d2a99816a96520.png
content-length
9512
x-backend-name
CH_DIR:3FP7YNX3LMizprTZsG7BSW--F_CH_nlb804
last-modified
Mon, 31 Jan 2022 10:51:26 GMT
server
nginx
x-timer
S1647958792.618717,VS0,VE0
etag
"87446e6c385ef4aea9b830a03e955e15"
x-served-by
cache-wdc5565-WDC, cache-iad-kjyo7100074-IAD, cache-hhn4027-HHN
vary
ImageFormat
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-ratelimit-reset
1
x-ratelimit-limit
101
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-headers
X-Requested-With
x-cache-hits
1, 1, 3
j5FK-xqV
pbs.twimg.com/card_img/1503869678833311745/ Frame 6ACC
24 KB
24 KB
Image
General
Full URL
https://pbs.twimg.com/card_img/1503869678833311745/j5FK-xqV?format=png&name=800x419
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/js/moment~timeline.4391e0bf4053fbaa2a022e3fad2a1e1a.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/67A7) /
Resource Hash
f1a5c62afaf2fe49a1885b10bc57bd0b1b14a59d9939bc0c4f9c8f4bad6ab6ef
Security Headers
Name Value
Strict-Transport-Security max-age=631138519
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:19:51 GMT
x-content-type-options
nosniff
age
572559
x-cache
HIT
server-timing
"x-cache;desc= HIT,x-tw-cdn;desc=VZ,edge;dur=1
content-length
24299
x-response-time
248
surrogate-key
card_img card_img/bucket/2 card_img/1503869678833311745
last-modified
Tue, 15 Mar 2022 23:02:06 GMT
server
ECS (frb/67A7)
strict-transport-security
max-age=631138519
x-tw-cdn
VZ, VZ, VZ"
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
max-age=604800, must-revalidate
x-connection-hash
9800fad6bb6344ffe5b35eea87f64a1006f082d5094aa3c6c6b344c448253180
accept-ranges
bytes
timing-allow-origin
https://twitter.com, https://mobile.twitter.com
D6y9Dw7p
pbs.twimg.com/card_img/1503936083049996291/ Frame 6ACC
22 KB
22 KB
Image
General
Full URL
https://pbs.twimg.com/card_img/1503936083049996291/D6y9Dw7p?format=png&name=600x314
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/js/moment~timeline.4391e0bf4053fbaa2a022e3fad2a1e1a.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/67E2) /
Resource Hash
f6a8ee66594aca8034752c88745d4ab5c134408b2e0413e05477c176b111d0d5
Security Headers
Name Value
Strict-Transport-Security max-age=631138519
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:19:51 GMT
x-content-type-options
nosniff
age
347346
x-cache
HIT
server-timing
"x-cache;desc= HIT,x-tw-cdn;desc=VZ,edge;dur=1
content-length
22774
x-response-time
235
surrogate-key
card_img card_img/bucket/5 card_img/1503936083049996291
last-modified
Wed, 16 Mar 2022 03:25:58 GMT
server
ECS (frb/67E2)
strict-transport-security
max-age=631138519
x-tw-cdn
VZ, VZ, VZ"
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
max-age=604800, must-revalidate
x-connection-hash
1c3f6a5d9ebc80bf701e7319b88f969188330c46220368e20d3b1a85cbef19e0
accept-ranges
bytes
timing-allow-origin
https://twitter.com, https://mobile.twitter.com
U3kEKLCW
pbs.twimg.com/card_img/1506243389796532226/ Frame 6ACC
27 KB
27 KB
Image
General
Full URL
https://pbs.twimg.com/card_img/1506243389796532226/U3kEKLCW?format=png&name=600x314
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/js/moment~timeline.4391e0bf4053fbaa2a022e3fad2a1e1a.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/6760) /
Resource Hash
106f36a58408c097b1febcc9f0fe8fdf3dc79fb29b120f06e2172dcc1ac0c921
Security Headers
Name Value
Strict-Transport-Security max-age=631138519
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:19:51 GMT
x-content-type-options
nosniff
age
7131
x-cache
HIT
server-timing
"x-cache;desc= HIT,x-tw-cdn;desc=VZ,edge;dur=2
content-length
27527
x-response-time
252
surrogate-key
card_img card_img/bucket/7 card_img/1506243389796532226
last-modified
Tue, 22 Mar 2022 12:14:23 GMT
server
ECS (frb/6760)
strict-transport-security
max-age=631138519
x-tw-cdn
VZ, VZ, VZ"
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
max-age=604800, must-revalidate
x-connection-hash
155fcce919e27dada1474ce94695e91d6675dc9b38efb4e94b6b7588fa12390f
accept-ranges
bytes
timing-allow-origin
https://twitter.com, https://mobile.twitter.com
gXNXeni9
pbs.twimg.com/card_img/1504217905516318724/ Frame 6ACC
46 KB
46 KB
Image
General
Full URL
https://pbs.twimg.com/card_img/1504217905516318724/gXNXeni9?format=jpg&name=600x314
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/js/moment~timeline.4391e0bf4053fbaa2a022e3fad2a1e1a.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/668A) /
Resource Hash
7be5f63793eef79dfde6edc1d8e29918e831ac49766cdc8f03960efd1550fa74
Security Headers
Name Value
Strict-Transport-Security max-age=631138519
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:19:51 GMT
x-content-type-options
nosniff
age
489128
x-cache
HIT
server-timing
"x-cache;desc= HIT,x-tw-cdn;desc=VZ,edge;dur=2
content-length
46803
x-response-time
262
surrogate-key
card_img card_img/bucket/5 card_img/1504217905516318724
last-modified
Wed, 16 Mar 2022 22:05:50 GMT
server
ECS (frb/668A)
strict-transport-security
max-age=631138519
x-tw-cdn
VZ, VZ, VZ"
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
max-age=604800, must-revalidate
x-connection-hash
42819c73ee507d1d88ac8da4ee93694fe498c5e2dfe41806aba36dda53eea4a3
accept-ranges
bytes
timing-allow-origin
https://twitter.com, https://mobile.twitter.com
1f448.png
abs.twimg.com/emoji/v2/72x72/ Frame 6ACC
422 B
495 B
Image
General
Full URL
https://abs.twimg.com/emoji/v2/72x72/1f448.png
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/js/moment~timeline.4391e0bf4053fbaa2a022e3fad2a1e1a.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:233:8173:898f:63b3:95c3:79d2 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/8F5D) /
Resource Hash
4dc8736a1f88ba8b83372678be7d33ec790a58f91125c1794c65219d533e891a
Security Headers
Name Value
Strict-Transport-Security max-age=631138519
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:19:51 GMT
x-content-type-options
nosniff
age
20066603
x-ton-expected-size
422
x-cache
HIT
content-length
422
x-response-time
11
surrogate-key
twitter-assets
last-modified
Wed, 21 Feb 2018 22:28:34 GMT
server
ECAcc (frc/8F5D)
etag
"D3w7G3cLTZqaQU3X/K27SA=="
strict-transport-security
max-age=631138519
content-type
image/png
access-control-allow-origin
*
x-connection-hash
83b3b78cc1ee574c20cda106fac3e6e861c7431fb6281763a45ffdaec6140aa6
accept-ranges
bytes
timing-allow-origin
https://twitter.com, https://mobile.twitter.com
expires
Wed, 22 Mar 2023 14:19:51 GMT
0nL79tYP
pbs.twimg.com/card_img/1505046559842467840/ Frame 6ACC
15 KB
15 KB
Image
General
Full URL
https://pbs.twimg.com/card_img/1505046559842467840/0nL79tYP?format=jpg&name=600x314
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/js/moment~timeline.4391e0bf4053fbaa2a022e3fad2a1e1a.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/67F3) /
Resource Hash
95659b37ed5cee772e87828fe4a9fa0991c41a77d8920cfb2adbdd28be772799
Security Headers
Name Value
Strict-Transport-Security max-age=631138519
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:19:51 GMT
x-content-type-options
nosniff
age
289477
x-cache
HIT
server-timing
"x-cache;desc= HIT,x-tw-cdn;desc=VZ,edge;dur=2
content-length
15312
x-response-time
241
surrogate-key
card_img card_img/bucket/9 card_img/1505046559842467840
last-modified
Sat, 19 Mar 2022 04:58:36 GMT
server
ECS (frb/67F3)
strict-transport-security
max-age=631138519
x-tw-cdn
VZ, VZ, VZ"
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
max-age=604800, must-revalidate
x-connection-hash
ad6de20972c6a774c54464aa7c2822106aacff038b6998790a9f3b2e6cae604f
accept-ranges
bytes
timing-allow-origin
https://twitter.com, https://mobile.twitter.com
rizT9sQe
pbs.twimg.com/card_img/1503738367548211201/ Frame 6ACC
21 KB
21 KB
Image
General
Full URL
https://pbs.twimg.com/card_img/1503738367548211201/rizT9sQe?format=jpg&name=600x314
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/js/moment~timeline.4391e0bf4053fbaa2a022e3fad2a1e1a.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/675D) /
Resource Hash
268dfb1131e147b12fe728c27f9e8186fa739a25a9ab7d70946d9e8d1d5b597a
Security Headers
Name Value
Strict-Transport-Security max-age=631138519
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:19:51 GMT
x-content-type-options
nosniff
age
604065
x-cache
HIT
server-timing
"x-cache;desc= HIT,x-tw-cdn;desc=VZ,edge;dur=2
content-length
21586
x-response-time
265
surrogate-key
card_img card_img/bucket/5 card_img/1503738367548211201
last-modified
Tue, 15 Mar 2022 14:20:19 GMT
server
ECS (frb/675D)
strict-transport-security
max-age=631138519
x-tw-cdn
VZ, VZ, VZ"
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
max-age=604800, must-revalidate
x-connection-hash
cd9ea3246dbd77fdc928a145b801d8d641be4b0bd6401e017e21ca9ea259e453
accept-ranges
bytes
timing-allow-origin
https://twitter.com, https://mobile.twitter.com
mbx8mGDx
pbs.twimg.com/card_img/1504263718779170823/ Frame 6ACC
26 KB
26 KB
Image
General
Full URL
https://pbs.twimg.com/card_img/1504263718779170823/mbx8mGDx?format=jpg&name=600x314
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/js/moment~timeline.4391e0bf4053fbaa2a022e3fad2a1e1a.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/6739) /
Resource Hash
edce17cae96873e2cf08323e45f8316b500e4596563b8c69b63e162250038e91
Security Headers
Name Value
Strict-Transport-Security max-age=631138519
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:19:51 GMT
x-content-type-options
nosniff
age
477763
x-cache
HIT
server-timing
"x-cache;desc= HIT,x-tw-cdn;desc=VZ,edge;dur=2
content-length
26818
x-response-time
245
surrogate-key
card_img card_img/bucket/3 card_img/1504263718779170823
last-modified
Thu, 17 Mar 2022 01:07:53 GMT
server
ECS (frb/6739)
strict-transport-security
max-age=631138519
x-tw-cdn
VZ, VZ, VZ"
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
max-age=604800, must-revalidate
x-connection-hash
f1d5cf86a4ac3062e7b4242386206f97bab10c239e623172000bb2d536db5263
accept-ranges
bytes
timing-allow-origin
https://twitter.com, https://mobile.twitter.com
1f602.png
abs.twimg.com/emoji/v2/72x72/ Frame 6ACC
1 KB
1 KB
Image
General
Full URL
https://abs.twimg.com/emoji/v2/72x72/1f602.png
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/js/moment~timeline.4391e0bf4053fbaa2a022e3fad2a1e1a.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:233:8173:898f:63b3:95c3:79d2 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/8F20) /
Resource Hash
c252a58367211c11d839155e50dc5e98551826c64b8d2e8d6267124c054ceae0
Security Headers
Name Value
Strict-Transport-Security max-age=631138519
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:19:51 GMT
x-content-type-options
nosniff
age
25767596
x-ton-expected-size
1095
x-cache
HIT
content-length
1095
surrogate-key
twitter-assets
last-modified
Wed, 21 Feb 2018 22:30:28 GMT
server
ECAcc (frc/8F20)
etag
"CskKXLmjEnqr5kggS5rnnQ=="
strict-transport-security
max-age=631138519
content-type
image/png
access-control-allow-origin
*
x-connection-hash
7d2b3c02adf5ed28c9fb615762d414a7498ca74999e534a751eab550f53a1c59
accept-ranges
bytes
timing-allow-origin
https://twitter.com, https://mobile.twitter.com
expires
Wed, 22 Mar 2023 14:19:51 GMT
1f918.png
abs.twimg.com/emoji/v2/72x72/ Frame 6ACC
603 B
676 B
Image
General
Full URL
https://abs.twimg.com/emoji/v2/72x72/1f918.png
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/js/moment~timeline.4391e0bf4053fbaa2a022e3fad2a1e1a.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:233:8173:898f:63b3:95c3:79d2 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/8FD9) /
Resource Hash
13da23e323658067823edcbc9f6033522a57cbe4325eb72470ab93f6c77f5c38
Security Headers
Name Value
Strict-Transport-Security max-age=631138519
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:19:51 GMT
x-content-type-options
nosniff
age
25249470
x-ton-expected-size
603
x-cache
HIT
content-length
603
surrogate-key
twitter-assets
last-modified
Fri, 18 Jan 2019 20:57:56 GMT
server
ECAcc (frc/8FD9)
etag
"SabOq57Qub/blwNeQOJr5w=="
strict-transport-security
max-age=631138519
content-type
image/png
access-control-allow-origin
*
x-connection-hash
d386fa95aae0129ebb5b0d8a4a6fa226689308f114cec040b1dd6bb3532cc078
accept-ranges
bytes
timing-allow-origin
https://twitter.com, https://mobile.twitter.com
expires
Wed, 22 Mar 2023 14:19:51 GMT
1f33b.png
abs.twimg.com/emoji/v2/72x72/ Frame 6ACC
835 B
907 B
Image
General
Full URL
https://abs.twimg.com/emoji/v2/72x72/1f33b.png
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/js/moment~timeline.4391e0bf4053fbaa2a022e3fad2a1e1a.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:233:8173:898f:63b3:95c3:79d2 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/8EA8) /
Resource Hash
cec65ee7ed23f5724798c193f8570661a789c210836ee2c8cb7dd16aacbcee18
Security Headers
Name Value
Strict-Transport-Security max-age=631138519
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:19:51 GMT
x-content-type-options
nosniff
age
20758712
x-ton-expected-size
835
x-cache
HIT
content-length
835
surrogate-key
twitter-assets
last-modified
Wed, 21 Feb 2018 22:28:29 GMT
server
ECAcc (frc/8EA8)
etag
"PMtdmpls9tAhrdseUWTMCw=="
strict-transport-security
max-age=631138519
content-type
image/png
access-control-allow-origin
*
x-connection-hash
8be433950ad806b4b2bf41942bbd73b9ddfbc85d45105e5ae428a2d0a54ab56c
accept-ranges
bytes
timing-allow-origin
https://twitter.com, https://mobile.twitter.com
expires
Wed, 22 Mar 2023 14:19:51 GMT
jwBQNNui
pbs.twimg.com/card_img/1505224328685633537/ Frame 6ACC
24 KB
24 KB
Image
General
Full URL
https://pbs.twimg.com/card_img/1505224328685633537/jwBQNNui?format=jpg&name=600x314
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/js/moment~timeline.4391e0bf4053fbaa2a022e3fad2a1e1a.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/668D) /
Resource Hash
558e624c6b2b348a585985d9204bf4c76539d9b66a40f9fb0c6c23d341f5468b
Security Headers
Name Value
Strict-Transport-Security max-age=631138519
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:19:51 GMT
x-content-type-options
nosniff
age
30253
x-cache
HIT
server-timing
"x-cache;desc= HIT,x-tw-cdn;desc=VZ,edge;dur=2
content-length
24904
x-response-time
293
surrogate-key
card_img card_img/bucket/4 card_img/1505224328685633537
last-modified
Sat, 19 Mar 2022 16:45:00 GMT
server
ECS (frb/668D)
strict-transport-security
max-age=631138519
x-tw-cdn
VZ, VZ, VZ"
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
max-age=604800, must-revalidate
x-connection-hash
bbf4510dbfa70b1d1d03eec4a886ba4f93b246388ec36e9d3223db23d27be24f
accept-ranges
bytes
timing-allow-origin
https://twitter.com, https://mobile.twitter.com
3UAW7s5h_normal.png
pbs.twimg.com/profile_images/653471756741685248/ Frame 6ACC
5 KB
5 KB
Image
General
Full URL
https://pbs.twimg.com/profile_images/653471756741685248/3UAW7s5h_normal.png
Requested by
Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=56e008e903a7e3a3b98e19f313435afe
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/67E2) /
Resource Hash
a98187a68b2512ba8073f68fb559db3b672ad9a36459d74af942d8bb4ed3278f
Security Headers
Name Value
Strict-Transport-Security max-age=631138519
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:19:51 GMT
x-content-type-options
nosniff
age
72520
x-cache
HIT
server-timing
"x-cache;desc= HIT,x-tw-cdn;desc=VZ,edge;dur=3
content-length
5151
x-response-time
112
surrogate-key
profile_images profile_images/bucket/7 profile_images/653471756741685248
last-modified
Mon, 12 Oct 2015 07:24:22 GMT
server
ECS (frb/67E2)
strict-transport-security
max-age=631138519
x-tw-cdn
VZ, VZ, VZ"
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
max-age=604800, must-revalidate
x-connection-hash
119ad3d5a8510897b7d1c1eec6f1eb8527eb9d1ee12065bbde96e1ff4fa05822
accept-ranges
bytes
timing-allow-origin
https://twitter.com, https://mobile.twitter.com
aMbi352I_normal.jpg
pbs.twimg.com/profile_images/1481284390932074499/ Frame 6ACC
3 KB
3 KB
Image
General
Full URL
https://pbs.twimg.com/profile_images/1481284390932074499/aMbi352I_normal.jpg
Requested by
Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=56e008e903a7e3a3b98e19f313435afe
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/674D) /
Resource Hash
5f82d10b244c0811546fce6bc98e767655bceee2b7f41c6b41aef2e630a1ace8
Security Headers
Name Value
Strict-Transport-Security max-age=631138519
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:19:51 GMT
x-content-type-options
nosniff
age
513735
x-cache
HIT
server-timing
"x-cache;desc= HIT,x-tw-cdn;desc=VZ,edge;dur=5
content-length
2567
x-response-time
121
surrogate-key
profile_images profile_images/bucket/1 profile_images/1481284390932074499
last-modified
Wed, 12 Jan 2022 15:16:14 GMT
server
ECS (frb/674D)
strict-transport-security
max-age=631138519
x-tw-cdn
VZ, VZ, VZ"
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
max-age=604800, must-revalidate
x-connection-hash
a872bdc1eded72a7408842fc2202e36e0be82e405c6ab0bfba06f4873b07a532
accept-ranges
bytes
timing-allow-origin
https://twitter.com, https://mobile.twitter.com
5q1AbFXy_normal.jpg
pbs.twimg.com/profile_images/1346196937985433601/ Frame 6ACC
2 KB
2 KB
Image
General
Full URL
https://pbs.twimg.com/profile_images/1346196937985433601/5q1AbFXy_normal.jpg
Requested by
Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=56e008e903a7e3a3b98e19f313435afe
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/668C) /
Resource Hash
91b4ac439a88193b25a302f46fc9a2b0c5455ca4b1f30b7406a541fbc6201200
Security Headers
Name Value
Strict-Transport-Security max-age=631138519
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:19:51 GMT
x-content-type-options
nosniff
age
542093
x-cache
HIT
server-timing
"x-cache;desc= HIT,x-tw-cdn;desc=VZ,edge;dur=2
content-length
2263
x-response-time
121
surrogate-key
profile_images profile_images/bucket/0 profile_images/1346196937985433601
last-modified
Mon, 04 Jan 2021 20:46:55 GMT
server
ECS (frb/668C)
strict-transport-security
max-age=631138519
x-tw-cdn
VZ, VZ, VZ"
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
max-age=604800, must-revalidate
x-connection-hash
bccf6255a5f9dc080ea62b70826584c87d89839c672cc030494eb5d12305b467
accept-ranges
bytes
timing-allow-origin
https://twitter.com, https://mobile.twitter.com
bMS2a9P1_normal.jpg
pbs.twimg.com/profile_images/1294860240299728897/ Frame 6ACC
2 KB
2 KB
Image
General
Full URL
https://pbs.twimg.com/profile_images/1294860240299728897/bMS2a9P1_normal.jpg
Requested by
Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=56e008e903a7e3a3b98e19f313435afe
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/6760) /
Resource Hash
91ccad943b75171869dacbe5c42de58887b92a1d9fbc567651ade87e7193984d
Security Headers
Name Value
Strict-Transport-Security max-age=631138519
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:19:51 GMT
x-content-type-options
nosniff
age
456707
x-cache
HIT
server-timing
"x-cache;desc= HIT,x-tw-cdn;desc=VZ,edge;dur=2
content-length
1883
x-response-time
110
surrogate-key
profile_images profile_images/bucket/5 profile_images/1294860240299728897
last-modified
Sun, 16 Aug 2020 04:53:13 GMT
server
ECS (frb/6760)
strict-transport-security
max-age=631138519
x-tw-cdn
VZ, VZ, VZ"
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
max-age=604800, must-revalidate
x-connection-hash
4dc3b0a7191fd01e7cbbc1c5b0a53c6cb9256d80f395064e6ab22f4754c864db
accept-ranges
bytes
timing-allow-origin
https://twitter.com, https://mobile.twitter.com
XHt2EJFn_normal.jpg
pbs.twimg.com/profile_images/753748648085848065/ Frame 6ACC
2 KB
2 KB
Image
General
Full URL
https://pbs.twimg.com/profile_images/753748648085848065/XHt2EJFn_normal.jpg
Requested by
Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=56e008e903a7e3a3b98e19f313435afe
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/6776) /
Resource Hash
5a7b3090bd9f8835e6add21f9c4e519a19af8fcedb40d3e9488d0e5e23a2fe36
Security Headers
Name Value
Strict-Transport-Security max-age=631138519
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:19:51 GMT
x-content-type-options
nosniff
age
6536
x-cache
HIT
server-timing
"x-cache;desc= HIT,x-tw-cdn;desc=VZ,edge;dur=2
content-length
1807
x-response-time
121
surrogate-key
profile_images profile_images/bucket/0 profile_images/753748648085848065
last-modified
Fri, 15 Jul 2016 00:28:56 GMT
server
ECS (frb/6776)
strict-transport-security
max-age=631138519
x-tw-cdn
VZ, VZ, VZ"
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
max-age=604800, must-revalidate
x-connection-hash
26e1dad061831a0ee3e975de528c3cd822ea887343a7406103191014f3052684
accept-ranges
bytes
timing-allow-origin
https://twitter.com, https://mobile.twitter.com
xWoK6KuP_normal.jpg
pbs.twimg.com/profile_images/1463883343079088138/ Frame 6ACC
2 KB
2 KB
Image
General
Full URL
https://pbs.twimg.com/profile_images/1463883343079088138/xWoK6KuP_normal.jpg
Requested by
Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=56e008e903a7e3a3b98e19f313435afe
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/668D) /
Resource Hash
70f157c3fb7e1d05c83d4f8f269d9c6b67203e37863329eefc5202b97af308cc
Security Headers
Name Value
Strict-Transport-Security max-age=631138519
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:19:51 GMT
x-content-type-options
nosniff
age
425077
x-cache
HIT
server-timing
"x-cache;desc= HIT,x-tw-cdn;desc=VZ,edge;dur=2
content-length
2035
x-response-time
111
surrogate-key
profile_images profile_images/bucket/3 profile_images/1463883343079088138
last-modified
Thu, 25 Nov 2021 14:50:41 GMT
server
ECS (frb/668D)
strict-transport-security
max-age=631138519
x-tw-cdn
VZ, VZ, VZ"
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
max-age=604800, must-revalidate
x-connection-hash
955c999198b524328c98afd7924f666b5f2349965eb156a830542a7e49f60f30
accept-ranges
bytes
timing-allow-origin
https://twitter.com, https://mobile.twitter.com
5MAHUhST_normal.jpg
pbs.twimg.com/profile_images/1367943482053115905/ Frame 6ACC
2 KB
2 KB
Image
General
Full URL
https://pbs.twimg.com/profile_images/1367943482053115905/5MAHUhST_normal.jpg
Requested by
Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=56e008e903a7e3a3b98e19f313435afe
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/668D) /
Resource Hash
28350b1ee2c38c7a5eb134d520dedd01ab578d81c2ebe814e63e5d212c6ab1f1
Security Headers
Name Value
Strict-Transport-Security max-age=631138519
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:19:51 GMT
x-content-type-options
nosniff
age
262085
x-cache
HIT
server-timing
"x-cache;desc= HIT,x-tw-cdn;desc=VZ,edge;dur=2
content-length
2111
x-response-time
110
surrogate-key
profile_images profile_images/bucket/0 profile_images/1367943482053115905
last-modified
Fri, 05 Mar 2021 20:59:55 GMT
server
ECS (frb/668D)
strict-transport-security
max-age=631138519
x-tw-cdn
VZ, VZ, VZ"
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
max-age=604800, must-revalidate
x-connection-hash
4367e535b09b68817981f796bff111b72af2ec5872239ab42c79e4a09a8ad863
accept-ranges
bytes
timing-allow-origin
https://twitter.com, https://mobile.twitter.com
Zpfst2wh_normal.jpg
pbs.twimg.com/profile_images/1165118373585403904/ Frame 6ACC
2 KB
2 KB
Image
General
Full URL
https://pbs.twimg.com/profile_images/1165118373585403904/Zpfst2wh_normal.jpg
Requested by
Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=56e008e903a7e3a3b98e19f313435afe
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/668A) /
Resource Hash
999a740fc678f340320d75cf6083acc26c1d005b81d6819cc3af4598b328d503
Security Headers
Name Value
Strict-Transport-Security max-age=631138519
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:19:51 GMT
x-content-type-options
nosniff
age
157188
x-cache
HIT
server-timing
"x-cache;desc= HIT,x-tw-cdn;desc=VZ,edge;dur=2
content-length
1959
x-response-time
109
surrogate-key
profile_images profile_images/bucket/6 profile_images/1165118373585403904
last-modified
Sat, 24 Aug 2019 04:25:21 GMT
server
ECS (frb/668A)
strict-transport-security
max-age=631138519
x-tw-cdn
VZ, VZ, VZ"
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
max-age=604800, must-revalidate
x-connection-hash
0b105fe4a1d6a28e8681c45b6123bb0e09513af1edb6ab54eecdabee7ae6d079
accept-ranges
bytes
timing-allow-origin
https://twitter.com, https://mobile.twitter.com
0YdvRUp3_normal.jpg
pbs.twimg.com/profile_images/1233771657581547523/ Frame 6ACC
2 KB
2 KB
Image
General
Full URL
https://pbs.twimg.com/profile_images/1233771657581547523/0YdvRUp3_normal.jpg
Requested by
Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=56e008e903a7e3a3b98e19f313435afe
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/668A) /
Resource Hash
1de1b94f2eb27f99f30e3a3afdfc9db5333cca95520d2342b73ee5db60fd8bae
Security Headers
Name Value
Strict-Transport-Security max-age=631138519
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:19:51 GMT
x-content-type-options
nosniff
age
493199
x-cache
HIT
server-timing
"x-cache;desc= HIT,x-tw-cdn;desc=VZ,edge;dur=2
content-length
1959
x-response-time
107
surrogate-key
profile_images profile_images/bucket/0 profile_images/1233771657581547523
last-modified
Sat, 29 Feb 2020 15:09:00 GMT
server
ECS (frb/668A)
strict-transport-security
max-age=631138519
x-tw-cdn
VZ, VZ, VZ"
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
max-age=604800, must-revalidate
x-connection-hash
347ce7e9ff2ea827cb390a2d0553a30252600c6e03f309fe53de91d8c4285da3
accept-ranges
bytes
timing-allow-origin
https://twitter.com, https://mobile.twitter.com
PpXyevIF_normal.jpg
pbs.twimg.com/profile_images/817871248063610881/ Frame 6ACC
2 KB
2 KB
Image
General
Full URL
https://pbs.twimg.com/profile_images/817871248063610881/PpXyevIF_normal.jpg
Requested by
Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=56e008e903a7e3a3b98e19f313435afe
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/674C) /
Resource Hash
605eefd6f113ffc50e197d237861a4fbfefc52a781370ed5ad047e2e32632091
Security Headers
Name Value
Strict-Transport-Security max-age=631138519
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:19:51 GMT
x-content-type-options
nosniff
age
486607
x-cache
HIT
server-timing
"x-cache;desc= HIT,x-tw-cdn;desc=VZ,edge;dur=2
content-length
1883
x-response-time
110
surrogate-key
profile_images profile_images/bucket/9 profile_images/817871248063610881
last-modified
Sat, 07 Jan 2017 23:09:15 GMT
server
ECS (frb/674C)
strict-transport-security
max-age=631138519
x-tw-cdn
VZ, VZ, VZ"
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
max-age=604800, must-revalidate
x-connection-hash
34d7b04352a988fff6163ce229ca2f4d8f888b99dcdcd99068ca478484f76f47
accept-ranges
bytes
timing-allow-origin
https://twitter.com, https://mobile.twitter.com
E520b31VIAMiSRo
pbs.twimg.com/media/ Frame 6ACC
37 KB
38 KB
Image
General
Full URL
https://pbs.twimg.com/media/E520b31VIAMiSRo?format=jpg&name=small
Requested by
Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=56e008e903a7e3a3b98e19f313435afe
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/67BE) /
Resource Hash
bdb581fa06f3f03a95aabe175a9d30c381faaf15cc34c35a0ff4c5cc13c45f48
Security Headers
Name Value
Strict-Transport-Security max-age=631138519
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:19:51 GMT
x-content-type-options
nosniff
age
102380
x-cache
HIT
server-timing
"x-cache;desc= HIT,x-tw-cdn;desc=VZ,edge;dur=2
content-length
38316
x-response-time
124
surrogate-key
media media/bucket/3 media/1413484249001304067
last-modified
Fri, 09 Jul 2021 13:02:40 GMT
server
ECS (frb/67BE)
strict-transport-security
max-age=631138519
x-tw-cdn
VZ, VZ, VZ"
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
max-age=604800, must-revalidate
x-connection-hash
30299f5a8cd8ca48a3228ed1de7234ed853e4e8d2e607cb43ed65f0fccd14277
accept-ranges
bytes
timing-allow-origin
https://twitter.com, https://mobile.twitter.com
EJQs_KmUcAAujwA
pbs.twimg.com/media/ Frame 6ACC
31 KB
31 KB
Image
General
Full URL
https://pbs.twimg.com/media/EJQs_KmUcAAujwA?format=jpg&name=small
Requested by
Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=56e008e903a7e3a3b98e19f313435afe
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/67BD) /
Resource Hash
058b7f33a61ef0de50995d1e74f6d171f0923c3305824a47bf588c6c4cf2fd8a
Security Headers
Name Value
Strict-Transport-Security max-age=631138519
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:19:51 GMT
x-content-type-options
nosniff
age
234348
x-cache
HIT
server-timing
"x-cache;desc= HIT,x-tw-cdn;desc=VZ",edge;dur=3
content-length
31653
x-response-time
112
surrogate-key
media media/bucket/9 media/1194629264848482304
last-modified
Wed, 13 Nov 2019 14:51:06 GMT
server
ECS (frb/67BD)
strict-transport-security
max-age=631138519
x-tw-cdn
VZ, VZ
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
max-age=604800, must-revalidate
x-connection-hash
9dbb545370d2c3342e6be4b1eaef85a0fcab15a11df8fe94635a07787fa7dbcd
accept-ranges
bytes
timing-allow-origin
https://twitter.com, https://mobile.twitter.com
D2wzfrBX4AEGE9H
pbs.twimg.com/tweet_video_thumb/ Frame 6ACC
3 KB
3 KB
Image
General
Full URL
https://pbs.twimg.com/tweet_video_thumb/D2wzfrBX4AEGE9H?format=jpg&name=small
Requested by
Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=56e008e903a7e3a3b98e19f313435afe
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/67C0) /
Resource Hash
3d56f2bc68d9d190a05df1dc24bd2653eaff3c20660fa4e8b4fda71ebd8ada64
Security Headers
Name Value
Strict-Transport-Security max-age=631138519
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:19:51 GMT
x-content-type-options
nosniff
age
456249
x-cache
HIT
server-timing
"x-cache;desc= HIT,x-tw-cdn;desc=VZ,edge;dur=2
content-length
3024
x-response-time
109
surrogate-key
tweet_video_thumb tweet_video_thumb/bucket/1 tweet_video_thumb/1111319827271114753
last-modified
Thu, 28 Mar 2019 17:29:08 GMT
server
ECS (frb/67C0)
strict-transport-security
max-age=631138519
x-tw-cdn
VZ, VZ, VZ"
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
max-age=604800, must-revalidate
x-connection-hash
5f01f82c395d24254e8cb56df1d4fbb9182dad2a7c0e9285b870da31d5eb3aa9
accept-ranges
bytes
timing-allow-origin
https://twitter.com, https://mobile.twitter.com
D1ErO9GW0AQ_Cn_
pbs.twimg.com/tweet_video_thumb/ Frame 6ACC
4 KB
4 KB
Image
General
Full URL
https://pbs.twimg.com/tweet_video_thumb/D1ErO9GW0AQ_Cn_?format=jpg&name=small
Requested by
Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=56e008e903a7e3a3b98e19f313435afe
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/669F) /
Resource Hash
0df35dc4906a0b5425ab3e2dd3e7b4aee3c01734f8966c3f38aade193df6bbca
Security Headers
Name Value
Strict-Transport-Security max-age=631138519
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:19:51 GMT
x-content-type-options
nosniff
age
231877
x-cache
HIT
server-timing
"x-cache;desc= HIT,x-tw-cdn;desc=VZ,edge;dur=2
content-length
4144
x-response-time
113
surrogate-key
tweet_video_thumb tweet_video_thumb/bucket/9 tweet_video_thumb/1103710919601868804
last-modified
Thu, 07 Mar 2019 17:34:03 GMT
server
ECS (frb/669F)
strict-transport-security
max-age=631138519
x-tw-cdn
VZ, VZ, VZ"
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
max-age=604800, must-revalidate
x-connection-hash
b901f77e961b9883a27d064df857dd21e6a7a54e05ee33bcc05cf8906d45119c
accept-ranges
bytes
timing-allow-origin
https://twitter.com, https://mobile.twitter.com
D05-zlYXgAUGuMn
pbs.twimg.com/media/ Frame 6ACC
43 KB
43 KB
Image
General
Full URL
https://pbs.twimg.com/media/D05-zlYXgAUGuMn?format=jpg&name=small
Requested by
Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=56e008e903a7e3a3b98e19f313435afe
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/6760) /
Resource Hash
4a2266339c6f702080a356cb4823f95f42dfb25eb49dc3b5f6d56711761379a6
Security Headers
Name Value
Strict-Transport-Security max-age=631138519
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:19:51 GMT
x-content-type-options
nosniff
age
345713
x-cache
HIT
server-timing
"x-cache;desc= HIT,x-tw-cdn;desc=VZ,edge;dur=2
content-length
43575
x-response-time
110
surrogate-key
media media/bucket/5 media/1102958383425093637
last-modified
Tue, 05 Mar 2019 15:43:45 GMT
server
ECS (frb/6760)
strict-transport-security
max-age=631138519
x-tw-cdn
VZ, VZ, VZ"
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
max-age=604800, must-revalidate
x-connection-hash
1ea6e35d02e3fbf20a8807e7e172223495c0f924d8494e5c51f6c62c6566ab11
accept-ranges
bytes
timing-allow-origin
https://twitter.com, https://mobile.twitter.com
syndication_bundle_v1_73385286cca9d2256f6bf3993470820d4827b058.css
ton.twimg.com/tfw/css/ Frame 6ACC
44 KB
7 KB
Stylesheet
General
Full URL
https://ton.twimg.com/tfw/css/syndication_bundle_v1_73385286cca9d2256f6bf3993470820d4827b058.css
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:233:7ee2:97c:ab4c:6c70:be36 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/8FC6) /
Resource Hash
a549034009f79ead18a2154a8b730d8acb61e2f36c0434c0f9cff0f73df5d8cf
Security Headers
Name Value
Strict-Transport-Security max-age=631138519
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:19:51 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
442299
x-ton-expected-size
45170
x-cache
HIT
vary
Accept-Encoding
content-length
6839
x-response-time
6
surrogate-key
tfw
last-modified
Tue, 14 May 2019 18:53:54 GMT
server
ECAcc (frc/8FC6)
etag
"4mhImCFS9rptiUICNnLD1g=="
strict-transport-security
max-age=631138519
content-type
text/css
access-control-allow-origin
*
x-connection-hash
f2d71a88dc5e2516ed6eb8b6e7ac7b5ce3a09eb5474e23db12934ea2374fa4cf
accept-ranges
bytes
timing-allow-origin
https://twitter.com, https://mobile.twitter.com
expires
Tue, 29 Mar 2022 14:19:51 GMT
syndication_bundle_v1_73385286cca9d2256f6bf3993470820d4827b058.css
ton.twimg.com/tfw/css/
44 KB
44 KB
Image
General
Full URL
https://ton.twimg.com/tfw/css/syndication_bundle_v1_73385286cca9d2256f6bf3993470820d4827b058.css
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:233:7ee2:97c:ab4c:6c70:be36 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/8FC6) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=631138519
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.threatminer.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:19:51 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
442299
x-ton-expected-size
45170
x-cache
HIT
vary
Accept-Encoding
content-length
6839
x-response-time
6
surrogate-key
tfw
last-modified
Tue, 14 May 2019 18:53:54 GMT
server
ECAcc (frc/8FC6)
etag
"4mhImCFS9rptiUICNnLD1g=="
strict-transport-security
max-age=631138519
content-type
text/css
access-control-allow-origin
*
x-connection-hash
f2d71a88dc5e2516ed6eb8b6e7ac7b5ce3a09eb5474e23db12934ea2374fa4cf
accept-ranges
bytes
timing-allow-origin
https://twitter.com, https://mobile.twitter.com
expires
Tue, 29 Mar 2022 14:19:51 GMT
svg-sprite.4da5413f5086c5755b46094b813dbfcd.svg
c.disquscdn.com/next/embed/assets/img/ Frame C7EA
13 KB
13 KB
Image
General
Full URL
https://c.disquscdn.com/next/embed/assets/img/svg-sprite.4da5413f5086c5755b46094b813dbfcd.svg
Requested by
Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/styles/lounge.63860eb743c7d9d2adf0fa435788abe7.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2057:8600:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
3270642c89180c12db93775e2a774b6dadd9bd98cffc963075c85afd2c17b6e4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://c.disquscdn.com/next/embed/styles/lounge.63860eb743c7d9d2adf0fa435788abe7.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 28 Apr 2021 14:37:41 GMT
via
1.1 25c6baf0a31a5ef699c1e219b25ce7b8.cloudfront.net (CloudFront)
x-content-type-options
nosniff
age
28338130
x-cache
Hit from cloudfront
content-length
13079
x-xss-protection
1; mode=block
x-served-by
static-web-1
surrogate-key
next
last-modified
Tue, 27 Apr 2021 21:01:56 GMT
server
nginx
etag
"60887bc4-3317"
content-type
image/svg+xml; charset=utf-8
access-control-allow-origin
*
expires
Thu, 28 Apr 2022 14:37:41 GMT
cache-control
max-age=31536000, public, immutable, no-transform
x-amz-cf-pop
FRA6-C1
accept-ranges
bytes
timing-allow-origin
*
x-amz-cf-id
HGcEgx_l9uDENXSCMZURSWSSxg3oB0igTwPRUuqGthhTYYHQEFIc_Q==
x-cache-hits
0
UnitWidgetItemDesktop.min.js
vidstat.taboola.com/lite-unit/1.4.0/ Frame 725C
79 KB
24 KB
Script
General
Full URL
https://vidstat.taboola.com/lite-unit/1.4.0/UnitWidgetItemDesktop.min.js
Requested by
Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20220319-2-RELEASE.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
e92552bc193c8bae835c7b6db6eea8a39593fa14fb75a227f738c415330cc84e

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.threatminer.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:19:51 GMT
via
1.1 e7e7960d7731a7583cedd8f1ff1aca38.cloudfront.net (CloudFront), 1.1 varnish
age
483575
x-cache
Hit from cloudfront, HIT
content-encoding
gzip
content-length
23743
x-served-by
cache-hhn4027-HHN
last-modified
Tue, 31 Mar 2020 13:14:35 GMT
server
AmazonS3
x-timer
S1647958792.647534,VS0,VE0
etag
"b683c290896a82c974838a04b4ea4aff"
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=2592000
x-amz-cf-pop
FRA6-C1
accept-ranges
bytes
access-control-allow-headers
*
x-amz-cf-id
WiS0fh_cXILKTu8bUdrsdhq5IsQD6YXsCWXO_RK6jQQzsgdiU8eYFQ==
x-cache-hits
270
privacy_small.svg
static.criteo.net/flash/icon/ Frame E41A
2 KB
1 KB
Image
General
Full URL
https://static.criteo.net/flash/icon/privacy_small.svg
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=YjnbBgALaTAKGJQHAAeJDiBb9flhU0ymLIKmhg&u=%7CEqx3jKV1DZW0j%2BXV282WfXB93ji5o7M6qSoYzqwaNP8%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM0j2hknANCpMoZ3wmmJmKy2vlXc6UG1VzF2Kd270zxfYMEBacBPm4uqHZzUD3NyaasmJxrOCYpJSBEMyJexuvWoYoU6__bXTOLSoXbRKYy3jnnSpos5sgv1U4zUYcFxOVlYohPlC1jeVfCXqxkrTcKRdkCxx660Le-h0f_IPSaWN4n1pFQy9RtGsFaQHFPOjz8LXfFKUw1bGWY8nhef7y6IDC4LsplPI0MxbfC4po4XU1ah2rUcCP3MwfpH6fp30R-UpEEueu2wqqYXcF8n3NxDxEO6g9rHjPT9LwQEb9PECc-7QSLyF-gwqdi7D1dztrl2eF5Xauarb9GFE3fsr6xOV0FToP-0N-k5DzuakT6x03wh3fkJMiD5MbCu-mBa4iXdXM7KhupqRVzf1KOo-pQPXef6q7kzGx&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCr0E7Bts5YrDSLYeoYo6SnvgPyZ7SsVzFspj3cMCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi01NzIwNzYzMjcxNTMyMzc3oAHVttLqA8gBCakCWCz0URRysj6oAwGqBNgBT9BB4pGmsbfb0qAfLieF5AjM6TY9SW6qgSLiAfWzweDKFaToWTCaGUDolPrXYDrObodvb7WZQ8kMHu8OVoIZDr_tLSDPitpIxgt4x39CPsG0y6R2_-Eeqw9Pf14RlX9sHvLDtKuC0rc35Z02y9mMjWfk3wLrirgvNc0zZ3QFC0EzXwI9_U3hK0V6j-epIc4kq-t6-lBzkV4n1euZJWDmfQM6AH3ULA2ApWpASzIj5LHyryitoD-3kw1RJj-VmHo9xbFZjN9bFMxrSa1c-awFIw2oAHqJDVpOgAbUoIrLpJuoo2ygBiGoB4qYsQKoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0BHRcEaNeQ2JO_9m1ewhk7AmfGZQ%26client%3Dca-pub-5720763271532377%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:19:51 GMT
content-encoding
gzip
last-modified
Tue, 11 Feb 2020 14:30:28 GMT
server
nginx
cross-origin-embedder-policy
require-corp
etag
W/"5e42ba84-6aa"
strict-transport-security
max-age=31536000; preload;
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=31104000, public
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
expires
Fri, 17 Mar 2023 14:19:51 GMT
adchoices_de.svg
static.criteo.net/flash/icon/ Frame E41A
2 KB
1 KB
Image
General
Full URL
https://static.criteo.net/flash/icon/adchoices_de.svg
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=YjnbBgALaTAKGJQHAAeJDiBb9flhU0ymLIKmhg&u=%7CEqx3jKV1DZW0j%2BXV282WfXB93ji5o7M6qSoYzqwaNP8%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM0j2hknANCpMoZ3wmmJmKy2vlXc6UG1VzF2Kd270zxfYMEBacBPm4uqHZzUD3NyaasmJxrOCYpJSBEMyJexuvWoYoU6__bXTOLSoXbRKYy3jnnSpos5sgv1U4zUYcFxOVlYohPlC1jeVfCXqxkrTcKRdkCxx660Le-h0f_IPSaWN4n1pFQy9RtGsFaQHFPOjz8LXfFKUw1bGWY8nhef7y6IDC4LsplPI0MxbfC4po4XU1ah2rUcCP3MwfpH6fp30R-UpEEueu2wqqYXcF8n3NxDxEO6g9rHjPT9LwQEb9PECc-7QSLyF-gwqdi7D1dztrl2eF5Xauarb9GFE3fsr6xOV0FToP-0N-k5DzuakT6x03wh3fkJMiD5MbCu-mBa4iXdXM7KhupqRVzf1KOo-pQPXef6q7kzGx&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCr0E7Bts5YrDSLYeoYo6SnvgPyZ7SsVzFspj3cMCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi01NzIwNzYzMjcxNTMyMzc3oAHVttLqA8gBCakCWCz0URRysj6oAwGqBNgBT9BB4pGmsbfb0qAfLieF5AjM6TY9SW6qgSLiAfWzweDKFaToWTCaGUDolPrXYDrObodvb7WZQ8kMHu8OVoIZDr_tLSDPitpIxgt4x39CPsG0y6R2_-Eeqw9Pf14RlX9sHvLDtKuC0rc35Z02y9mMjWfk3wLrirgvNc0zZ3QFC0EzXwI9_U3hK0V6j-epIc4kq-t6-lBzkV4n1euZJWDmfQM6AH3ULA2ApWpASzIj5LHyryitoD-3kw1RJj-VmHo9xbFZjN9bFMxrSa1c-awFIw2oAHqJDVpOgAbUoIrLpJuoo2ygBiGoB4qYsQKoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0BHRcEaNeQ2JO_9m1ewhk7AmfGZQ%26client%3Dca-pub-5720763271532377%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:19:51 GMT
content-encoding
gzip
last-modified
Tue, 11 Feb 2020 14:27:58 GMT
server
nginx
cross-origin-embedder-policy
require-corp
etag
W/"5e42b9ee-763"
strict-transport-security
max-age=31536000; preload;
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=31104000, public
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
expires
Fri, 17 Mar 2023 14:19:51 GMT
close_button.svg
static.criteo.net/flash/icon/ Frame E41A
308 B
636 B
Image
General
Full URL
https://static.criteo.net/flash/icon/close_button.svg
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=YjnbBgALaTAKGJQHAAeJDiBb9flhU0ymLIKmhg&u=%7CEqx3jKV1DZW0j%2BXV282WfXB93ji5o7M6qSoYzqwaNP8%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM0j2hknANCpMoZ3wmmJmKy2vlXc6UG1VzF2Kd270zxfYMEBacBPm4uqHZzUD3NyaasmJxrOCYpJSBEMyJexuvWoYoU6__bXTOLSoXbRKYy3jnnSpos5sgv1U4zUYcFxOVlYohPlC1jeVfCXqxkrTcKRdkCxx660Le-h0f_IPSaWN4n1pFQy9RtGsFaQHFPOjz8LXfFKUw1bGWY8nhef7y6IDC4LsplPI0MxbfC4po4XU1ah2rUcCP3MwfpH6fp30R-UpEEueu2wqqYXcF8n3NxDxEO6g9rHjPT9LwQEb9PECc-7QSLyF-gwqdi7D1dztrl2eF5Xauarb9GFE3fsr6xOV0FToP-0N-k5DzuakT6x03wh3fkJMiD5MbCu-mBa4iXdXM7KhupqRVzf1KOo-pQPXef6q7kzGx&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCr0E7Bts5YrDSLYeoYo6SnvgPyZ7SsVzFspj3cMCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi01NzIwNzYzMjcxNTMyMzc3oAHVttLqA8gBCakCWCz0URRysj6oAwGqBNgBT9BB4pGmsbfb0qAfLieF5AjM6TY9SW6qgSLiAfWzweDKFaToWTCaGUDolPrXYDrObodvb7WZQ8kMHu8OVoIZDr_tLSDPitpIxgt4x39CPsG0y6R2_-Eeqw9Pf14RlX9sHvLDtKuC0rc35Z02y9mMjWfk3wLrirgvNc0zZ3QFC0EzXwI9_U3hK0V6j-epIc4kq-t6-lBzkV4n1euZJWDmfQM6AH3ULA2ApWpASzIj5LHyryitoD-3kw1RJj-VmHo9xbFZjN9bFMxrSa1c-awFIw2oAHqJDVpOgAbUoIrLpJuoo2ygBiGoB4qYsQKoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0BHRcEaNeQ2JO_9m1ewhk7AmfGZQ%26client%3Dca-pub-5720763271532377%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:19:51 GMT
last-modified
Fri, 14 Feb 2020 13:51:32 GMT
server
nginx
cross-origin-embedder-policy
require-corp
etag
"5e46a5e4-134"
strict-transport-security
max-age=31536000; preload;
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=31104000, public
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
timing-allow-origin
*
content-length
308
expires
Fri, 17 Mar 2023 14:19:51 GMT
back_button.svg
static.criteo.net/flash/icon/ Frame E41A
507 B
835 B
Image
General
Full URL
https://static.criteo.net/flash/icon/back_button.svg
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=YjnbBgALaTAKGJQHAAeJDiBb9flhU0ymLIKmhg&u=%7CEqx3jKV1DZW0j%2BXV282WfXB93ji5o7M6qSoYzqwaNP8%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM0j2hknANCpMoZ3wmmJmKy2vlXc6UG1VzF2Kd270zxfYMEBacBPm4uqHZzUD3NyaasmJxrOCYpJSBEMyJexuvWoYoU6__bXTOLSoXbRKYy3jnnSpos5sgv1U4zUYcFxOVlYohPlC1jeVfCXqxkrTcKRdkCxx660Le-h0f_IPSaWN4n1pFQy9RtGsFaQHFPOjz8LXfFKUw1bGWY8nhef7y6IDC4LsplPI0MxbfC4po4XU1ah2rUcCP3MwfpH6fp30R-UpEEueu2wqqYXcF8n3NxDxEO6g9rHjPT9LwQEb9PECc-7QSLyF-gwqdi7D1dztrl2eF5Xauarb9GFE3fsr6xOV0FToP-0N-k5DzuakT6x03wh3fkJMiD5MbCu-mBa4iXdXM7KhupqRVzf1KOo-pQPXef6q7kzGx&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCr0E7Bts5YrDSLYeoYo6SnvgPyZ7SsVzFspj3cMCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi01NzIwNzYzMjcxNTMyMzc3oAHVttLqA8gBCakCWCz0URRysj6oAwGqBNgBT9BB4pGmsbfb0qAfLieF5AjM6TY9SW6qgSLiAfWzweDKFaToWTCaGUDolPrXYDrObodvb7WZQ8kMHu8OVoIZDr_tLSDPitpIxgt4x39CPsG0y6R2_-Eeqw9Pf14RlX9sHvLDtKuC0rc35Z02y9mMjWfk3wLrirgvNc0zZ3QFC0EzXwI9_U3hK0V6j-epIc4kq-t6-lBzkV4n1euZJWDmfQM6AH3ULA2ApWpASzIj5LHyryitoD-3kw1RJj-VmHo9xbFZjN9bFMxrSa1c-awFIw2oAHqJDVpOgAbUoIrLpJuoo2ygBiGoB4qYsQKoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0BHRcEaNeQ2JO_9m1ewhk7AmfGZQ%26client%3Dca-pub-5720763271532377%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
8f9a7962cf58f27b89c0627d094ee1b631ec118675f9eae1dc06031353360422
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:19:51 GMT
last-modified
Thu, 01 Apr 2021 14:03:13 GMT
server
nginx
cross-origin-embedder-policy
require-corp
etag
"6065d2a1-1fb"
strict-transport-security
max-age=31536000; preload;
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=31104000, public
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
timing-allow-origin
*
content-length
507
expires
Fri, 17 Mar 2023 14:19:51 GMT
m
secure-gl.imrworldwide.com/cgi-bin/ Frame E41A
0
689 B
Image
General
Full URL
https://secure-gl.imrworldwide.com/cgi-bin/m?ca=nlsn184820&cr=crtve&ce=criteo&pc=criteo_plc0001&ci=nlsnci162&am=3&at=view&rt=banner&st=image&r=1647958790
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=YjnbBgALaTAKGJQHAAeJDiBb9flhU0ymLIKmhg&u=%7CEqx3jKV1DZW0j%2BXV282WfXB93ji5o7M6qSoYzqwaNP8%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM0j2hknANCpMoZ3wmmJmKy2vlXc6UG1VzF2Kd270zxfYMEBacBPm4uqHZzUD3NyaasmJxrOCYpJSBEMyJexuvWoYoU6__bXTOLSoXbRKYy3jnnSpos5sgv1U4zUYcFxOVlYohPlC1jeVfCXqxkrTcKRdkCxx660Le-h0f_IPSaWN4n1pFQy9RtGsFaQHFPOjz8LXfFKUw1bGWY8nhef7y6IDC4LsplPI0MxbfC4po4XU1ah2rUcCP3MwfpH6fp30R-UpEEueu2wqqYXcF8n3NxDxEO6g9rHjPT9LwQEb9PECc-7QSLyF-gwqdi7D1dztrl2eF5Xauarb9GFE3fsr6xOV0FToP-0N-k5DzuakT6x03wh3fkJMiD5MbCu-mBa4iXdXM7KhupqRVzf1KOo-pQPXef6q7kzGx&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCr0E7Bts5YrDSLYeoYo6SnvgPyZ7SsVzFspj3cMCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi01NzIwNzYzMjcxNTMyMzc3oAHVttLqA8gBCakCWCz0URRysj6oAwGqBNgBT9BB4pGmsbfb0qAfLieF5AjM6TY9SW6qgSLiAfWzweDKFaToWTCaGUDolPrXYDrObodvb7WZQ8kMHu8OVoIZDr_tLSDPitpIxgt4x39CPsG0y6R2_-Eeqw9Pf14RlX9sHvLDtKuC0rc35Z02y9mMjWfk3wLrirgvNc0zZ3QFC0EzXwI9_U3hK0V6j-epIc4kq-t6-lBzkV4n1euZJWDmfQM6AH3ULA2ApWpASzIj5LHyryitoD-3kw1RJj-VmHo9xbFZjN9bFMxrSa1c-awFIw2oAHqJDVpOgAbUoIrLpJuoo2ygBiGoB4qYsQKoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0BHRcEaNeQ2JO_9m1ewhk7AmfGZQ%26client%3Dca-pub-5720763271532377%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:206f:c00:1e:a43d:b640:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 22 Mar 2022 14:19:51 GMT
via
1.1 2a3a093b493a82493f3431437cb166ac.cloudfront.net (CloudFront)
server
nginx
x-amz-cf-pop
FRA56-C1
access-control-allow-methods
POST, OPTIONS
p3p
P3P policyref="http://secure-gl.imrworldwide.com/w3c/p3p.xml", CP="NOI DSP COR NID PSA ADM OUR IND UNI NAV COM"
access-control-allow-origin
*
cache-control
no-cache
cross-origin-resource-policy
cross-origin
x-cache
Miss from cloudfront
accept-ch
Sec-CH-Save-Data, Sec-CH-DPR, Sec-CH-Width, Sec-CH-Viewport-Width, Sec-CH-Viewport-Height, Sec-CH-Device-Memory, Sec-CH-RTT, Sec-CH-Downlink, Sec-CH-ECT, Sec-CH-Prefers-Color-Scheme, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
content-length
0
x-amz-cf-id
gS_az918DB0vbI3YAMhmBijmfWd4KP5TUAE_ioRylHmLiFWPVPtMbg==
expires
Thu, 01 Dec 1994 16:00:00 GMT
lg.php
cat.nl.eu.criteo.com/m/delivery/ Frame E41A
43 B
347 B
Image
General
Full URL
https://cat.nl.eu.criteo.com/m/delivery/lg.php?cppv=3&cpp=Glv0I6Igar3PdS5R9BM-mVDRxQUzfvsojaNaFOw7H9Y1kF8kNSB-BVDpvCQSMuIbeBWhO4ZUAIN8KTI2wB7XSAhEYnnCQ-rCzhId68q2r5PfTBdlxlGjAEOmjjUqItqTNxBMNCBuVO425Iq2ZTo0klRDBrDUvwnSqBSyIbAwo8qD-sF4MxzMZhMjV6YZszQ4xUp-vMY4yPsmdT_gHstpRcv5Bp3vnjGhuiTcd1CtVuFS8bu3pI2fZZUWHd-Nd2ko4EOjDWfRlba8GAqBUfxh2cni2nWnucFH8-PN4KUCsg8PuOHB_VVWWhHY6p9w-khEGKUcnHHluwc1vHwkBn0QmzyfFtR_SJawdu8l8QA1mRl9VZ2qLEGlUqX0A5gJOqnYkUFk7nUgj00W3fJGxoXOozILJOuLLraa9UbQfdhsiMJaNKrwWD4opRarGOALAj1GOE2Pfw
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=YjnbBgALaTAKGJQHAAeJDiBb9flhU0ymLIKmhg&u=%7CEqx3jKV1DZW0j%2BXV282WfXB93ji5o7M6qSoYzqwaNP8%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM0j2hknANCpMoZ3wmmJmKy2vlXc6UG1VzF2Kd270zxfYMEBacBPm4uqHZzUD3NyaasmJxrOCYpJSBEMyJexuvWoYoU6__bXTOLSoXbRKYy3jnnSpos5sgv1U4zUYcFxOVlYohPlC1jeVfCXqxkrTcKRdkCxx660Le-h0f_IPSaWN4n1pFQy9RtGsFaQHFPOjz8LXfFKUw1bGWY8nhef7y6IDC4LsplPI0MxbfC4po4XU1ah2rUcCP3MwfpH6fp30R-UpEEueu2wqqYXcF8n3NxDxEO6g9rHjPT9LwQEb9PECc-7QSLyF-gwqdi7D1dztrl2eF5Xauarb9GFE3fsr6xOV0FToP-0N-k5DzuakT6x03wh3fkJMiD5MbCu-mBa4iXdXM7KhupqRVzf1KOo-pQPXef6q7kzGx&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCr0E7Bts5YrDSLYeoYo6SnvgPyZ7SsVzFspj3cMCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi01NzIwNzYzMjcxNTMyMzc3oAHVttLqA8gBCakCWCz0URRysj6oAwGqBNgBT9BB4pGmsbfb0qAfLieF5AjM6TY9SW6qgSLiAfWzweDKFaToWTCaGUDolPrXYDrObodvb7WZQ8kMHu8OVoIZDr_tLSDPitpIxgt4x39CPsG0y6R2_-Eeqw9Pf14RlX9sHvLDtKuC0rc35Z02y9mMjWfk3wLrirgvNc0zZ3QFC0EzXwI9_U3hK0V6j-epIc4kq-t6-lBzkV4n1euZJWDmfQM6AH3ULA2ApWpASzIj5LHyryitoD-3kw1RJj-VmHo9xbFZjN9bFMxrSa1c-awFIw2oAHqJDVpOgAbUoIrLpJuoo2ygBiGoB4qYsQKoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0BHRcEaNeQ2JO_9m1ewhk7AmfGZQ%26client%3Dca-pub-5720763271532377%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.2.148 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 22 Mar 2022 14:19:51 GMT
server
Kestrel
strict-transport-security
max-age=31536000; preload;
p3p
CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
cache-control
no-cache
cross-origin-resource-policy
cross-origin
server-processing-duration-in-ticks
3232579
content-type
image/gif
expires
Mon, 26 Jul 1997 05:00:00 GMT
event.gif
referrer.disqus.com/juggler/
43 B
339 B
Image
General
Full URL
https://referrer.disqus.com/juggler/event.gif?imp=7bq4ppt1ccv6l3&experiment=network_default&variant=fallthrough&service=dynamic&area=bottom&product=embed&forum=threatminer&zone=thread&version=31cd6fbd4797db790bc183cea2909ab5&page_url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe%23gsc.tab%3D0%26gsc.q%3D56e008e903a7e3a3b98e19f313435afe%26gsc.page%3D1&page_referrer=&object_type=advertisement&provider=taboola&event=activity&ad_product_name=iab_display&ad_product_layout=iab_display&bin=embed%3Apromoted_discovery%3Adynamic%3Anetwork_default%3Afallthrough&object_id=%5B184193%5D&section=default&verb=load&advertisement_id=184193&forum_id=5993718
Requested by
Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=56e008e903a7e3a3b98e19f313435afe
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
199.232.196.134 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.threatminer.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date
Tue, 22 Mar 2022 14:19:51 GMT
X-Content-Type-Options
nosniff
Last-Modified
Mon, 28 Sep 1970 06:00:00 GMT
Server
nginx
Content-Type
image/gif
Cross-Origin-Resource-Policy
cross-origin
Connection
keep-alive
Content-Length
43
X-XSS-Protection
1; mode=block
event.gif
referrer.disqus.com/juggler/
43 B
339 B
Image
General
Full URL
https://referrer.disqus.com/juggler/event.gif?imp=7bq4ppt1ccv6l3&experiment=network_default&variant=fallthrough&service=dynamic&area=top&product=embed&forum=threatminer&zone=thread&version=31cd6fbd4797db790bc183cea2909ab5&page_url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe%23gsc.tab%3D0%26gsc.q%3D56e008e903a7e3a3b98e19f313435afe%26gsc.page%3D1&page_referrer=&object_type=advertisement&provider=taboola&event=activity&ad_product_name=iab_display&ad_product_layout=iab_display&bin=embed%3Apromoted_discovery%3Adynamic%3Anetwork_default%3Afallthrough&object_id=%5B184193%5D&section=default&verb=load&advertisement_id=184193&forum_id=5993718
Requested by
Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=56e008e903a7e3a3b98e19f313435afe
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
199.232.196.134 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.threatminer.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date
Tue, 22 Mar 2022 14:19:51 GMT
X-Content-Type-Options
nosniff
Last-Modified
Mon, 28 Sep 1970 06:00:00 GMT
Server
nginx
Content-Type
image/gif
Cross-Origin-Resource-Policy
cross-origin
Connection
keep-alive
Content-Length
43
X-XSS-Protection
1; mode=block
amp4ads-v0.mjs
cdn.ampproject.org/rtv/012203150226000/ Frame 85FF
222 KB
62 KB
Script
General
Full URL
https://cdn.ampproject.org/rtv/012203150226000/amp4ads-v0.mjs
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&h=600&slotname=6407101181&adk=2989800909&adf=2245449527&pi=t.ma~as.6407101181&w=299&fwrn=4&fwrnh=100&lmt=1647958790&rafmt=1&psa=0&format=299x600&url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1647958790502&bpp=1&bdt=389&idt=164&shv=r20220317&mjsv=m202203170101&ptt=9&saldr=aa&abxe=1&prev_fmts=299x250&correlator=1619148827151&frm=20&pv=1&ga_vid=288048568.1647958790&ga_sid=1647958791&ga_hid=1115656681&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=0&ady=507&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C21066432%2C31065702%2C44760495%2C31063247&oid=2&pvsid=3871871897982972&pem=22&tmod=415969553&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CaeE%7C&abl=CA&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=RoA7beqqPT&p=https%3A//www.threatminer.org&dtd=166
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
b94ed570e00f5bba0eaed65da67bf6f2fc5e107446a682eb045f20dbd12ab0e8
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
76165
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
62084
x-xss-protection
0
server
sffe
date
Mon, 21 Mar 2022 17:10:26 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"fa1474a6dd6481f4"
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Tue, 21 Mar 2023 17:10:26 GMT
amp-ad-exit-0.1.mjs
cdn.ampproject.org/rtv/012203150226000/v0/ Frame 85FF
16 KB
6 KB
Script
General
Full URL
https://cdn.ampproject.org/rtv/012203150226000/v0/amp-ad-exit-0.1.mjs
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&h=600&slotname=6407101181&adk=2989800909&adf=2245449527&pi=t.ma~as.6407101181&w=299&fwrn=4&fwrnh=100&lmt=1647958790&rafmt=1&psa=0&format=299x600&url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1647958790502&bpp=1&bdt=389&idt=164&shv=r20220317&mjsv=m202203170101&ptt=9&saldr=aa&abxe=1&prev_fmts=299x250&correlator=1619148827151&frm=20&pv=1&ga_vid=288048568.1647958790&ga_sid=1647958791&ga_hid=1115656681&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=0&ady=507&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C21066432%2C31065702%2C44760495%2C31063247&oid=2&pvsid=3871871897982972&pem=22&tmod=415969553&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CaeE%7C&abl=CA&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=RoA7beqqPT&p=https%3A//www.threatminer.org&dtd=166
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
aec5ee5147fdc283bcb601dc6231c234d9bec077d32756aef2a75eeedf78038f
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
76165
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5728
x-xss-protection
0
server
sffe
date
Mon, 21 Mar 2022 17:10:26 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"d91e62368f79b48d"
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Tue, 21 Mar 2023 17:10:26 GMT
amp-analytics-0.1.mjs
cdn.ampproject.org/rtv/012203150226000/v0/ Frame 85FF
96 KB
29 KB
Script
General
Full URL
https://cdn.ampproject.org/rtv/012203150226000/v0/amp-analytics-0.1.mjs
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&h=600&slotname=6407101181&adk=2989800909&adf=2245449527&pi=t.ma~as.6407101181&w=299&fwrn=4&fwrnh=100&lmt=1647958790&rafmt=1&psa=0&format=299x600&url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1647958790502&bpp=1&bdt=389&idt=164&shv=r20220317&mjsv=m202203170101&ptt=9&saldr=aa&abxe=1&prev_fmts=299x250&correlator=1619148827151&frm=20&pv=1&ga_vid=288048568.1647958790&ga_sid=1647958791&ga_hid=1115656681&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=0&ady=507&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C21066432%2C31065702%2C44760495%2C31063247&oid=2&pvsid=3871871897982972&pem=22&tmod=415969553&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CaeE%7C&abl=CA&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=RoA7beqqPT&p=https%3A//www.threatminer.org&dtd=166
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
213738a8de7a1e55874dcbc92825c84599256579b64f60f19c2514e61844e6bb
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
76165
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
29618
x-xss-protection
0
server
sffe
date
Mon, 21 Mar 2022 17:10:26 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"9a9baa9802fa29d2"
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Tue, 21 Mar 2023 17:10:26 GMT
amp-animation-0.1.mjs
cdn.ampproject.org/rtv/012203150226000/v0/ Frame 85FF
74 KB
17 KB
Script
General
Full URL
https://cdn.ampproject.org/rtv/012203150226000/v0/amp-animation-0.1.mjs
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&h=600&slotname=6407101181&adk=2989800909&adf=2245449527&pi=t.ma~as.6407101181&w=299&fwrn=4&fwrnh=100&lmt=1647958790&rafmt=1&psa=0&format=299x600&url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1647958790502&bpp=1&bdt=389&idt=164&shv=r20220317&mjsv=m202203170101&ptt=9&saldr=aa&abxe=1&prev_fmts=299x250&correlator=1619148827151&frm=20&pv=1&ga_vid=288048568.1647958790&ga_sid=1647958791&ga_hid=1115656681&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=0&ady=507&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C21066432%2C31065702%2C44760495%2C31063247&oid=2&pvsid=3871871897982972&pem=22&tmod=415969553&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CaeE%7C&abl=CA&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=RoA7beqqPT&p=https%3A//www.threatminer.org&dtd=166
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
513db1539e2636a80095ea5400aba7f55aa44b4d78eb0440cc87b6d693cf6090
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
76165
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
17308
x-xss-protection
0
server
sffe
date
Mon, 21 Mar 2022 17:10:26 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"9e7f38e1fe946943"
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Tue, 21 Mar 2023 17:10:26 GMT
amp-fit-text-0.1.mjs
cdn.ampproject.org/rtv/012203150226000/v0/ Frame 85FF
5 KB
2 KB
Script
General
Full URL
https://cdn.ampproject.org/rtv/012203150226000/v0/amp-fit-text-0.1.mjs
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&h=600&slotname=6407101181&adk=2989800909&adf=2245449527&pi=t.ma~as.6407101181&w=299&fwrn=4&fwrnh=100&lmt=1647958790&rafmt=1&psa=0&format=299x600&url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1647958790502&bpp=1&bdt=389&idt=164&shv=r20220317&mjsv=m202203170101&ptt=9&saldr=aa&abxe=1&prev_fmts=299x250&correlator=1619148827151&frm=20&pv=1&ga_vid=288048568.1647958790&ga_sid=1647958791&ga_hid=1115656681&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=0&ady=507&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C21066432%2C31065702%2C44760495%2C31063247&oid=2&pvsid=3871871897982972&pem=22&tmod=415969553&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CaeE%7C&abl=CA&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=RoA7beqqPT&p=https%3A//www.threatminer.org&dtd=166
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
2eb2a641ec9143273f4f5ba4f1526364fd4b1a040b628b4be54b77dbe362690f
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
76165
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1900
x-xss-protection
0
server
sffe
date
Mon, 21 Mar 2022 17:10:26 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"3393210d007db9ca"
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Tue, 21 Mar 2023 17:10:26 GMT
amp-form-0.1.mjs
cdn.ampproject.org/rtv/012203150226000/v0/ Frame 85FF
42 KB
13 KB
Script
General
Full URL
https://cdn.ampproject.org/rtv/012203150226000/v0/amp-form-0.1.mjs
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&h=600&slotname=6407101181&adk=2989800909&adf=2245449527&pi=t.ma~as.6407101181&w=299&fwrn=4&fwrnh=100&lmt=1647958790&rafmt=1&psa=0&format=299x600&url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1647958790502&bpp=1&bdt=389&idt=164&shv=r20220317&mjsv=m202203170101&ptt=9&saldr=aa&abxe=1&prev_fmts=299x250&correlator=1619148827151&frm=20&pv=1&ga_vid=288048568.1647958790&ga_sid=1647958791&ga_hid=1115656681&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=0&ady=507&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C21066432%2C31065702%2C44760495%2C31063247&oid=2&pvsid=3871871897982972&pem=22&tmod=415969553&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CaeE%7C&abl=CA&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=RoA7beqqPT&p=https%3A//www.threatminer.org&dtd=166
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
0b43999f77e447254a78e068f55a6cc9075071b252277337b901e095e607e474
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
76165
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13669
x-xss-protection
0
server
sffe
date
Mon, 21 Mar 2022 17:10:26 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"565eca32a909292d"
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Tue, 21 Mar 2023 17:10:26 GMT
en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 85FF
2 KB
2 KB
Image
General
Full URL
https://tpc.googlesyndication.com/pagead/images/adchoices/en.png
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&h=600&slotname=6407101181&adk=2989800909&adf=2245449527&pi=t.ma~as.6407101181&w=299&fwrn=4&fwrnh=100&lmt=1647958790&rafmt=1&psa=0&format=299x600&url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1647958790502&bpp=1&bdt=389&idt=164&shv=r20220317&mjsv=m202203170101&ptt=9&saldr=aa&abxe=1&prev_fmts=299x250&correlator=1619148827151&frm=20&pv=1&ga_vid=288048568.1647958790&ga_sid=1647958791&ga_hid=1115656681&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=0&ady=507&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C21066432%2C31065702%2C44760495%2C31063247&oid=2&pvsid=3871871897982972&pem=22&tmod=415969553&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CaeE%7C&abl=CA&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=RoA7beqqPT&p=https%3A//www.threatminer.org&dtd=166
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 09:41:38 GMT
x-content-type-options
nosniff
server
cafe
age
16693
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
etag
14819457070020093239
vary
Accept-Encoding
content-type
image/png
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2502
x-xss-protection
0
expires
Wed, 23 Mar 2022 09:41:38 GMT
icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 85FF
295 B
319 B
Image
General
Full URL
https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&h=600&slotname=6407101181&adk=2989800909&adf=2245449527&pi=t.ma~as.6407101181&w=299&fwrn=4&fwrnh=100&lmt=1647958790&rafmt=1&psa=0&format=299x600&url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1647958790502&bpp=1&bdt=389&idt=164&shv=r20220317&mjsv=m202203170101&ptt=9&saldr=aa&abxe=1&prev_fmts=299x250&correlator=1619148827151&frm=20&pv=1&ga_vid=288048568.1647958790&ga_sid=1647958791&ga_hid=1115656681&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=0&ady=507&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C21066432%2C31065702%2C44760495%2C31063247&oid=2&pvsid=3871871897982972&pem=22&tmod=415969553&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CaeE%7C&abl=CA&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=RoA7beqqPT&p=https%3A//www.threatminer.org&dtd=166
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 09:53:05 GMT
x-content-type-options
nosniff
server
cafe
age
16006
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
etag
426692510519060060
vary
Accept-Encoding
content-type
image/png
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
295
x-xss-protection
0
expires
Wed, 23 Mar 2022 09:53:05 GMT
adview
googleads.g.doubleclick.net/pagead/ Frame 85FF
0
17 B
Image
General
Full URL
https://googleads.g.doubleclick.net/pagead/adview?ai=CMK5kBts5Yt3MLY_YYoeGvPgF2KqG0Gi09Imojw2pv8KEihsQASDVs65tYJXikIKgB6AB9NrMmQPIAQmpAlgs9FEUcrI-qAMByAMIqgTwAU_Qi0DX8CVJjotKMxBNoCeOQUwgFHmwu3L6x234CHsF4D0DAVKXY7UY37RME-KckfvUMVuGZBTysTw9DX7trFN49-iGdOskv4cSbxnDC0QQcEaBSU-NSur5GjEKEWj4hAhM4PrCeriCfoyfbRAJ9K3oppp09LcVIMjr3vSBVoF5obYc6aqQAyD8MupiMSGCTVgGwQncBlCzazjR8sVXibTmzHEy6sBRwF076AireVhVJPsJSM4a_7WqLmM1V0LZPoSy-H_HDpx19C-QAxoG8Pwn9xJbA-MwAeecbu5bGVouUcBr4KFhnZEZDLnt0ppD9sAE_f6_iIkDkgUECAQYAZIFBAgFGASgBi6AB_Sks2aoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G9gHAPIHBBD-sQ3SCAkIgOGAEBABGB-ACgHICwHYEwzQFQGYFgGAFwGyFxwKGggAEhRwdWItNTcyMDc2MzI3MTUzMjM3NxgA&sigh=9KjkR1E8CRQ&uach_m=[UACH]&template_id=419
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&h=600&slotname=6407101181&adk=2989800909&adf=2245449527&pi=t.ma~as.6407101181&w=299&fwrn=4&fwrnh=100&lmt=1647958790&rafmt=1&psa=0&format=299x600&url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1647958790502&bpp=1&bdt=389&idt=164&shv=r20220317&mjsv=m202203170101&ptt=9&saldr=aa&abxe=1&prev_fmts=299x250&correlator=1619148827151&frm=20&pv=1&ga_vid=288048568.1647958790&ga_sid=1647958791&ga_hid=1115656681&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=0&ady=507&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C21066432%2C31065702%2C44760495%2C31063247&oid=2&pvsid=3871871897982972&pem=22&tmod=415969553&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CaeE%7C&abl=CA&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=RoA7beqqPT&p=https%3A//www.threatminer.org&dtd=166
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&h=600&slotname=6407101181&adk=2989800909&adf=2245449527&pi=t.ma~as.6407101181&w=299&fwrn=4&fwrnh=100&lmt=1647958790&rafmt=1&psa=0&format=299x600&url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1647958790502&bpp=1&bdt=389&idt=164&shv=r20220317&mjsv=m202203170101&ptt=9&saldr=aa&abxe=1&prev_fmts=299x250&correlator=1619148827151&frm=20&pv=1&ga_vid=288048568.1647958790&ga_sid=1647958791&ga_hid=1115656681&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=0&ady=507&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C21066432%2C31065702%2C44760495%2C31063247&oid=2&pvsid=3871871897982972&pem=22&tmod=415969553&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CaeE%7C&abl=CA&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=RoA7beqqPT&p=https%3A//www.threatminer.org&dtd=166
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin
*
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
date
Tue, 22 Mar 2022 14:19:51 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
privacy_small.svg
static.criteo.net/flash/icon/ Frame 648B
2 KB
1 KB
Image
General
Full URL
https://static.criteo.net/flash/icon/privacy_small.svg
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=YjnbBgALpckKGJhYAAcItII2jY6vLgWaMGf5xg&u=%7CEqx3jKV1DZUOfrkxdG%2BOU%2BFwN%2Bg8IQv98EAAaGYuegI%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM0j2hknANCpMoZ3wmmJmKy2vlXc6UG1VzF2Kd270zxfZ1qieSPxN3xWOPdW3T4GgFoRdOZYM0vCb57nHrvMljEyIvCs5fbPFCk2Jnmwu9Bx0CYTDsFlw5sVCwgowuIFXhzLF4TIP1GjG8Nyf4vvMXWWXmov0ib8EcLcSaPRspZkmCf9MevEvt23BMWZ9Y4bkOc20QCUEKC6QzWy5nIzMv4Q6au3s0rZx78-zQOVWlpsboorLA0boS3JYDCtmCsZwYCJm4HNgYKzwWV5zqyVvsIilH1Cd6ARi28O76Gejzt68HC2YnQlyYbauKXX35m9vv44ZHdAMx3mzK-Rt12ufJcj1D1YnLRltkgf9ovAPulilcm1r6jIRQ34D8MDDy-tUHLyuEk4c19BNscbe9NaH1LLk4ozTzBY_Bt0o8hTLbU0k&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCnoeJBts5YsnLLtiwYrSRnEjJntKxXMWMi-CaAcCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi01NzIwNzYzMjcxNTMyMzc3oAHVttLqA8gBCakCWCz0URRysj6oAwGqBNkBT9Dqc6f432dl7Jml4Oo6vS0gRzGVHTWGXZ7AFz43ZuhgRHN0Ud2VGLX4IgJ4-Sm7owrZyBunr3-Axwr6AIxzF1oA9rZ0mjWxuofq2cqJXAkhU1To_uIcQuAKfxOOFXxIQdkyzcJd2V6qNbKRvaWpl9jb2KgiBg_TwO-k4eF8bS4uC6F9UWonvLcTK40rlzrvju_pUA949xUNVEbgzkriyG-b9NzUgc3yI0dhkQDczdhPS-OIqjVVR1fIFS7Af7iWFGLcgH1IeNjuXxgwyfl7Klxzec5tVW1uzYAG1KCKy6SbqKNsoAYhqAeKmLECqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_2_Pu_weGdscXD7rHQTj9bSkQpNfg%26client%3Dca-pub-5720763271532377%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:19:51 GMT
content-encoding
gzip
last-modified
Tue, 11 Feb 2020 14:30:28 GMT
server
nginx
cross-origin-embedder-policy
require-corp
etag
W/"5e42ba84-6aa"
strict-transport-security
max-age=31536000; preload;
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=31104000, public
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
expires
Fri, 17 Mar 2023 14:19:51 GMT
adchoices_de.svg
static.criteo.net/flash/icon/ Frame 648B
2 KB
1 KB
Image
General
Full URL
https://static.criteo.net/flash/icon/adchoices_de.svg
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=YjnbBgALpckKGJhYAAcItII2jY6vLgWaMGf5xg&u=%7CEqx3jKV1DZUOfrkxdG%2BOU%2BFwN%2Bg8IQv98EAAaGYuegI%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM0j2hknANCpMoZ3wmmJmKy2vlXc6UG1VzF2Kd270zxfZ1qieSPxN3xWOPdW3T4GgFoRdOZYM0vCb57nHrvMljEyIvCs5fbPFCk2Jnmwu9Bx0CYTDsFlw5sVCwgowuIFXhzLF4TIP1GjG8Nyf4vvMXWWXmov0ib8EcLcSaPRspZkmCf9MevEvt23BMWZ9Y4bkOc20QCUEKC6QzWy5nIzMv4Q6au3s0rZx78-zQOVWlpsboorLA0boS3JYDCtmCsZwYCJm4HNgYKzwWV5zqyVvsIilH1Cd6ARi28O76Gejzt68HC2YnQlyYbauKXX35m9vv44ZHdAMx3mzK-Rt12ufJcj1D1YnLRltkgf9ovAPulilcm1r6jIRQ34D8MDDy-tUHLyuEk4c19BNscbe9NaH1LLk4ozTzBY_Bt0o8hTLbU0k&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCnoeJBts5YsnLLtiwYrSRnEjJntKxXMWMi-CaAcCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi01NzIwNzYzMjcxNTMyMzc3oAHVttLqA8gBCakCWCz0URRysj6oAwGqBNkBT9Dqc6f432dl7Jml4Oo6vS0gRzGVHTWGXZ7AFz43ZuhgRHN0Ud2VGLX4IgJ4-Sm7owrZyBunr3-Axwr6AIxzF1oA9rZ0mjWxuofq2cqJXAkhU1To_uIcQuAKfxOOFXxIQdkyzcJd2V6qNbKRvaWpl9jb2KgiBg_TwO-k4eF8bS4uC6F9UWonvLcTK40rlzrvju_pUA949xUNVEbgzkriyG-b9NzUgc3yI0dhkQDczdhPS-OIqjVVR1fIFS7Af7iWFGLcgH1IeNjuXxgwyfl7Klxzec5tVW1uzYAG1KCKy6SbqKNsoAYhqAeKmLECqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_2_Pu_weGdscXD7rHQTj9bSkQpNfg%26client%3Dca-pub-5720763271532377%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:19:51 GMT
content-encoding
gzip
last-modified
Tue, 11 Feb 2020 14:27:58 GMT
server
nginx
cross-origin-embedder-policy
require-corp
etag
W/"5e42b9ee-763"
strict-transport-security
max-age=31536000; preload;
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=31104000, public
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
expires
Fri, 17 Mar 2023 14:19:51 GMT
close_button.svg
static.criteo.net/flash/icon/ Frame 648B
308 B
636 B
Image
General
Full URL
https://static.criteo.net/flash/icon/close_button.svg
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=YjnbBgALpckKGJhYAAcItII2jY6vLgWaMGf5xg&u=%7CEqx3jKV1DZUOfrkxdG%2BOU%2BFwN%2Bg8IQv98EAAaGYuegI%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM0j2hknANCpMoZ3wmmJmKy2vlXc6UG1VzF2Kd270zxfZ1qieSPxN3xWOPdW3T4GgFoRdOZYM0vCb57nHrvMljEyIvCs5fbPFCk2Jnmwu9Bx0CYTDsFlw5sVCwgowuIFXhzLF4TIP1GjG8Nyf4vvMXWWXmov0ib8EcLcSaPRspZkmCf9MevEvt23BMWZ9Y4bkOc20QCUEKC6QzWy5nIzMv4Q6au3s0rZx78-zQOVWlpsboorLA0boS3JYDCtmCsZwYCJm4HNgYKzwWV5zqyVvsIilH1Cd6ARi28O76Gejzt68HC2YnQlyYbauKXX35m9vv44ZHdAMx3mzK-Rt12ufJcj1D1YnLRltkgf9ovAPulilcm1r6jIRQ34D8MDDy-tUHLyuEk4c19BNscbe9NaH1LLk4ozTzBY_Bt0o8hTLbU0k&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCnoeJBts5YsnLLtiwYrSRnEjJntKxXMWMi-CaAcCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi01NzIwNzYzMjcxNTMyMzc3oAHVttLqA8gBCakCWCz0URRysj6oAwGqBNkBT9Dqc6f432dl7Jml4Oo6vS0gRzGVHTWGXZ7AFz43ZuhgRHN0Ud2VGLX4IgJ4-Sm7owrZyBunr3-Axwr6AIxzF1oA9rZ0mjWxuofq2cqJXAkhU1To_uIcQuAKfxOOFXxIQdkyzcJd2V6qNbKRvaWpl9jb2KgiBg_TwO-k4eF8bS4uC6F9UWonvLcTK40rlzrvju_pUA949xUNVEbgzkriyG-b9NzUgc3yI0dhkQDczdhPS-OIqjVVR1fIFS7Af7iWFGLcgH1IeNjuXxgwyfl7Klxzec5tVW1uzYAG1KCKy6SbqKNsoAYhqAeKmLECqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_2_Pu_weGdscXD7rHQTj9bSkQpNfg%26client%3Dca-pub-5720763271532377%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:19:51 GMT
last-modified
Fri, 14 Feb 2020 13:51:32 GMT
server
nginx
cross-origin-embedder-policy
require-corp
etag
"5e46a5e4-134"
strict-transport-security
max-age=31536000; preload;
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=31104000, public
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
timing-allow-origin
*
content-length
308
expires
Fri, 17 Mar 2023 14:19:51 GMT
back_button.svg
static.criteo.net/flash/icon/ Frame 648B
507 B
835 B
Image
General
Full URL
https://static.criteo.net/flash/icon/back_button.svg
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=YjnbBgALpckKGJhYAAcItII2jY6vLgWaMGf5xg&u=%7CEqx3jKV1DZUOfrkxdG%2BOU%2BFwN%2Bg8IQv98EAAaGYuegI%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM0j2hknANCpMoZ3wmmJmKy2vlXc6UG1VzF2Kd270zxfZ1qieSPxN3xWOPdW3T4GgFoRdOZYM0vCb57nHrvMljEyIvCs5fbPFCk2Jnmwu9Bx0CYTDsFlw5sVCwgowuIFXhzLF4TIP1GjG8Nyf4vvMXWWXmov0ib8EcLcSaPRspZkmCf9MevEvt23BMWZ9Y4bkOc20QCUEKC6QzWy5nIzMv4Q6au3s0rZx78-zQOVWlpsboorLA0boS3JYDCtmCsZwYCJm4HNgYKzwWV5zqyVvsIilH1Cd6ARi28O76Gejzt68HC2YnQlyYbauKXX35m9vv44ZHdAMx3mzK-Rt12ufJcj1D1YnLRltkgf9ovAPulilcm1r6jIRQ34D8MDDy-tUHLyuEk4c19BNscbe9NaH1LLk4ozTzBY_Bt0o8hTLbU0k&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCnoeJBts5YsnLLtiwYrSRnEjJntKxXMWMi-CaAcCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi01NzIwNzYzMjcxNTMyMzc3oAHVttLqA8gBCakCWCz0URRysj6oAwGqBNkBT9Dqc6f432dl7Jml4Oo6vS0gRzGVHTWGXZ7AFz43ZuhgRHN0Ud2VGLX4IgJ4-Sm7owrZyBunr3-Axwr6AIxzF1oA9rZ0mjWxuofq2cqJXAkhU1To_uIcQuAKfxOOFXxIQdkyzcJd2V6qNbKRvaWpl9jb2KgiBg_TwO-k4eF8bS4uC6F9UWonvLcTK40rlzrvju_pUA949xUNVEbgzkriyG-b9NzUgc3yI0dhkQDczdhPS-OIqjVVR1fIFS7Af7iWFGLcgH1IeNjuXxgwyfl7Klxzec5tVW1uzYAG1KCKy6SbqKNsoAYhqAeKmLECqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_2_Pu_weGdscXD7rHQTj9bSkQpNfg%26client%3Dca-pub-5720763271532377%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
8f9a7962cf58f27b89c0627d094ee1b631ec118675f9eae1dc06031353360422
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:19:51 GMT
last-modified
Thu, 01 Apr 2021 14:03:13 GMT
server
nginx
cross-origin-embedder-policy
require-corp
etag
"6065d2a1-1fb"
strict-transport-security
max-age=31536000; preload;
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=31104000, public
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
timing-allow-origin
*
content-length
507
expires
Fri, 17 Mar 2023 14:19:51 GMT
m
secure-gl.imrworldwide.com/cgi-bin/ Frame 648B
0
690 B
Image
General
Full URL
https://secure-gl.imrworldwide.com/cgi-bin/m?ca=nlsn184820&cr=crtve&ce=criteo&pc=criteo_plc0001&ci=nlsnci162&am=3&at=view&rt=banner&st=image&r=1647958791
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=YjnbBgALpckKGJhYAAcItII2jY6vLgWaMGf5xg&u=%7CEqx3jKV1DZUOfrkxdG%2BOU%2BFwN%2Bg8IQv98EAAaGYuegI%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM0j2hknANCpMoZ3wmmJmKy2vlXc6UG1VzF2Kd270zxfZ1qieSPxN3xWOPdW3T4GgFoRdOZYM0vCb57nHrvMljEyIvCs5fbPFCk2Jnmwu9Bx0CYTDsFlw5sVCwgowuIFXhzLF4TIP1GjG8Nyf4vvMXWWXmov0ib8EcLcSaPRspZkmCf9MevEvt23BMWZ9Y4bkOc20QCUEKC6QzWy5nIzMv4Q6au3s0rZx78-zQOVWlpsboorLA0boS3JYDCtmCsZwYCJm4HNgYKzwWV5zqyVvsIilH1Cd6ARi28O76Gejzt68HC2YnQlyYbauKXX35m9vv44ZHdAMx3mzK-Rt12ufJcj1D1YnLRltkgf9ovAPulilcm1r6jIRQ34D8MDDy-tUHLyuEk4c19BNscbe9NaH1LLk4ozTzBY_Bt0o8hTLbU0k&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCnoeJBts5YsnLLtiwYrSRnEjJntKxXMWMi-CaAcCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi01NzIwNzYzMjcxNTMyMzc3oAHVttLqA8gBCakCWCz0URRysj6oAwGqBNkBT9Dqc6f432dl7Jml4Oo6vS0gRzGVHTWGXZ7AFz43ZuhgRHN0Ud2VGLX4IgJ4-Sm7owrZyBunr3-Axwr6AIxzF1oA9rZ0mjWxuofq2cqJXAkhU1To_uIcQuAKfxOOFXxIQdkyzcJd2V6qNbKRvaWpl9jb2KgiBg_TwO-k4eF8bS4uC6F9UWonvLcTK40rlzrvju_pUA949xUNVEbgzkriyG-b9NzUgc3yI0dhkQDczdhPS-OIqjVVR1fIFS7Af7iWFGLcgH1IeNjuXxgwyfl7Klxzec5tVW1uzYAG1KCKy6SbqKNsoAYhqAeKmLECqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_2_Pu_weGdscXD7rHQTj9bSkQpNfg%26client%3Dca-pub-5720763271532377%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:206f:c00:1e:a43d:b640:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 22 Mar 2022 14:19:52 GMT
via
1.1 2a3a093b493a82493f3431437cb166ac.cloudfront.net (CloudFront)
server
nginx
x-amz-cf-pop
FRA56-C1
access-control-allow-methods
POST, OPTIONS
p3p
P3P policyref="http://secure-gl.imrworldwide.com/w3c/p3p.xml", CP="NOI DSP COR NID PSA ADM OUR IND UNI NAV COM"
access-control-allow-origin
*
cache-control
no-cache
cross-origin-resource-policy
cross-origin
x-cache
Miss from cloudfront
accept-ch
Sec-CH-Save-Data, Sec-CH-DPR, Sec-CH-Width, Sec-CH-Viewport-Width, Sec-CH-Viewport-Height, Sec-CH-Device-Memory, Sec-CH-RTT, Sec-CH-Downlink, Sec-CH-ECT, Sec-CH-Prefers-Color-Scheme, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
content-length
0
x-amz-cf-id
TUigXb10CyKsDgjYEHdcYFoWcnmjNHGXddPOmi1T0XZPBZTj64BOEQ==
expires
Thu, 01 Dec 1994 16:00:00 GMT
lg.php
cat.nl.eu.criteo.com/m/delivery/ Frame 648B
43 B
348 B
Image
General
Full URL
https://cat.nl.eu.criteo.com/m/delivery/lg.php?cppv=3&cpp=MMSme6Igar3PdS5R9BM-mVDRxQUxDT5lxTz3mCGhBxW2zoh1_1U0sTGqg7CO6Zm7h0cmDXmIKG7mmxYErP5ZH9N39z_3oRuG_CMzo6saF9-Ut1Q0WMZVZtwlxeI2UeX7zK9znSsBmMgSuLTFtTiKoLy-qGO0cKOS9KHbjiarY2jsY4Oul8NuOmyKEMy0RMZvqA8KaJ3R09-YZ-ybYR4llDEFRUxA-SjpmbkUJYYda0-GNeRWgray5tlW-yWpi4w9n5umKhO4dX39Wkg1EgtU3jeeEXgh7-hilsv-wDP-TTzMz9y1HaiiTnK20JZyfzV5ySzkKihPT2oBuYqO4tpZ1dHKVN_ijhbUyzDrsgPQAyALBdzqyzwaHAZu3hNr5cOfgP3RdSy_cWvgqBKcTTa179HfIYiwZH_alfkloFuNeihMKTZMT_cAWGqwOYC4ezgkrcN2Tw
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=YjnbBgALpckKGJhYAAcItII2jY6vLgWaMGf5xg&u=%7CEqx3jKV1DZUOfrkxdG%2BOU%2BFwN%2Bg8IQv98EAAaGYuegI%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM0j2hknANCpMoZ3wmmJmKy2vlXc6UG1VzF2Kd270zxfZ1qieSPxN3xWOPdW3T4GgFoRdOZYM0vCb57nHrvMljEyIvCs5fbPFCk2Jnmwu9Bx0CYTDsFlw5sVCwgowuIFXhzLF4TIP1GjG8Nyf4vvMXWWXmov0ib8EcLcSaPRspZkmCf9MevEvt23BMWZ9Y4bkOc20QCUEKC6QzWy5nIzMv4Q6au3s0rZx78-zQOVWlpsboorLA0boS3JYDCtmCsZwYCJm4HNgYKzwWV5zqyVvsIilH1Cd6ARi28O76Gejzt68HC2YnQlyYbauKXX35m9vv44ZHdAMx3mzK-Rt12ufJcj1D1YnLRltkgf9ovAPulilcm1r6jIRQ34D8MDDy-tUHLyuEk4c19BNscbe9NaH1LLk4ozTzBY_Bt0o8hTLbU0k&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCnoeJBts5YsnLLtiwYrSRnEjJntKxXMWMi-CaAcCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi01NzIwNzYzMjcxNTMyMzc3oAHVttLqA8gBCakCWCz0URRysj6oAwGqBNkBT9Dqc6f432dl7Jml4Oo6vS0gRzGVHTWGXZ7AFz43ZuhgRHN0Ud2VGLX4IgJ4-Sm7owrZyBunr3-Axwr6AIxzF1oA9rZ0mjWxuofq2cqJXAkhU1To_uIcQuAKfxOOFXxIQdkyzcJd2V6qNbKRvaWpl9jb2KgiBg_TwO-k4eF8bS4uC6F9UWonvLcTK40rlzrvju_pUA949xUNVEbgzkriyG-b9NzUgc3yI0dhkQDczdhPS-OIqjVVR1fIFS7Af7iWFGLcgH1IeNjuXxgwyfl7Klxzec5tVW1uzYAG1KCKy6SbqKNsoAYhqAeKmLECqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_2_Pu_weGdscXD7rHQTj9bSkQpNfg%26client%3Dca-pub-5720763271532377%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.2.148 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 22 Mar 2022 14:19:51 GMT
server
Kestrel
strict-transport-security
max-age=31536000; preload;
p3p
CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
cache-control
no-cache
cross-origin-resource-policy
cross-origin
server-processing-duration-in-ticks
3067258
content-type
image/gif
expires
Mon, 26 Jul 1997 05:00:00 GMT
privacy_small.svg
static.criteo.net/flash/icon/ Frame 24A7
2 KB
1 KB
Image
General
Full URL
https://static.criteo.net/flash/icon/privacy_small.svg
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=YjnbBgALJNQIu8ZKAACOAR93n3iKa0OY_VSalw&u=%7CEqx3jKV1DZXJNqL%2FvmTofLMhp4jJnXGjxAPA4gjvkrc%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM0j2hknANCpMoZ3wmmJmKy__U_jolI7iL-L4oo_FnJwhiD6XEKNVdGPbb-6J8D005IDm9Rql_SVJGy9NVdCAfiWII0YZM3VSSfF4RZOXBcp4xRDprOO4fbJpclnaPC-RTWwsQ7G7XiDgHbICEQxcjlMOmjG_Z_XKXolG-gcOr47qM6mQv-5KkQmuYwE7P6nmsoyDUH-zAbgl-nVrnWvtIFTxwYsxV5mY8nrt-NgOJPYfqHr3ss2q9Fze9x2eRN3wEHmcTjwhFJD9u9TjMZmFPrU_jZYRwcvNQv1fKRM70qu9wZGYbThHREvFm2iGI2CKe7TR-eRiml2xoJwQXkgmLlnbC1XgTFGjNFO1y14Qlvrqxj-RJ-Bsu-8mgq0IwCf1fO8tndQIWkK7Nmw09I0YbgftwT7VZRNVb&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCEuvkBts5YtTJLMqM7_UPgZyCqAvJntKxXL2Ol_dwwI23ARABIABgleKQgqAHggEXY2EtcHViLTU3MjA3NjMyNzE1MzIzNzegAdW20uoDyAEJqQLL5yCrq22yPqgDAaoE1gFP0BUCmFBu3XLj-qSG5nNj5RTgTDVKgCPHv7Gxfy2CW257-dm0yM98bVy70zhEWC7Gyc_mwqhqjJ-xmVIWWeyTgzXvzIv8z6ZEsenllbmK4OLCCrtpwTmjHYfjw2bt_OC76jPtD7uiWALa86WSrd3BfhzxR0RgLfbGf_Xe3AJ75pYFUAlkfWbkUo7oXBd0yEKQm8LmYp-wk7wlrwztS8SKFOUkOznr_Efftkyf1FL6-mh8K7lmFs9PMui1SPR1oFDGRAuIIm2HweMKtOThfwQZWifP26w3gAbUoIrLpJuoo2ygBiGoB4qYsQKoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_1eKWicQTeBrxt2UvIc0uNQ3ABpMQ%26client%3Dca-pub-5720763271532377%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:19:51 GMT
content-encoding
gzip
last-modified
Tue, 11 Feb 2020 14:30:28 GMT
server
nginx
cross-origin-embedder-policy
require-corp
etag
W/"5e42ba84-6aa"
strict-transport-security
max-age=31536000; preload;
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=31104000, public
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
expires
Fri, 17 Mar 2023 14:19:51 GMT
adchoices_de.svg
static.criteo.net/flash/icon/ Frame 24A7
2 KB
1 KB
Image
General
Full URL
https://static.criteo.net/flash/icon/adchoices_de.svg
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=YjnbBgALJNQIu8ZKAACOAR93n3iKa0OY_VSalw&u=%7CEqx3jKV1DZXJNqL%2FvmTofLMhp4jJnXGjxAPA4gjvkrc%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM0j2hknANCpMoZ3wmmJmKy__U_jolI7iL-L4oo_FnJwhiD6XEKNVdGPbb-6J8D005IDm9Rql_SVJGy9NVdCAfiWII0YZM3VSSfF4RZOXBcp4xRDprOO4fbJpclnaPC-RTWwsQ7G7XiDgHbICEQxcjlMOmjG_Z_XKXolG-gcOr47qM6mQv-5KkQmuYwE7P6nmsoyDUH-zAbgl-nVrnWvtIFTxwYsxV5mY8nrt-NgOJPYfqHr3ss2q9Fze9x2eRN3wEHmcTjwhFJD9u9TjMZmFPrU_jZYRwcvNQv1fKRM70qu9wZGYbThHREvFm2iGI2CKe7TR-eRiml2xoJwQXkgmLlnbC1XgTFGjNFO1y14Qlvrqxj-RJ-Bsu-8mgq0IwCf1fO8tndQIWkK7Nmw09I0YbgftwT7VZRNVb&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCEuvkBts5YtTJLMqM7_UPgZyCqAvJntKxXL2Ol_dwwI23ARABIABgleKQgqAHggEXY2EtcHViLTU3MjA3NjMyNzE1MzIzNzegAdW20uoDyAEJqQLL5yCrq22yPqgDAaoE1gFP0BUCmFBu3XLj-qSG5nNj5RTgTDVKgCPHv7Gxfy2CW257-dm0yM98bVy70zhEWC7Gyc_mwqhqjJ-xmVIWWeyTgzXvzIv8z6ZEsenllbmK4OLCCrtpwTmjHYfjw2bt_OC76jPtD7uiWALa86WSrd3BfhzxR0RgLfbGf_Xe3AJ75pYFUAlkfWbkUo7oXBd0yEKQm8LmYp-wk7wlrwztS8SKFOUkOznr_Efftkyf1FL6-mh8K7lmFs9PMui1SPR1oFDGRAuIIm2HweMKtOThfwQZWifP26w3gAbUoIrLpJuoo2ygBiGoB4qYsQKoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_1eKWicQTeBrxt2UvIc0uNQ3ABpMQ%26client%3Dca-pub-5720763271532377%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:19:51 GMT
content-encoding
gzip
last-modified
Tue, 11 Feb 2020 14:27:58 GMT
server
nginx
cross-origin-embedder-policy
require-corp
etag
W/"5e42b9ee-763"
strict-transport-security
max-age=31536000; preload;
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=31104000, public
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
expires
Fri, 17 Mar 2023 14:19:51 GMT
close_button.svg
static.criteo.net/flash/icon/ Frame 24A7
308 B
636 B
Image
General
Full URL
https://static.criteo.net/flash/icon/close_button.svg
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=YjnbBgALJNQIu8ZKAACOAR93n3iKa0OY_VSalw&u=%7CEqx3jKV1DZXJNqL%2FvmTofLMhp4jJnXGjxAPA4gjvkrc%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM0j2hknANCpMoZ3wmmJmKy__U_jolI7iL-L4oo_FnJwhiD6XEKNVdGPbb-6J8D005IDm9Rql_SVJGy9NVdCAfiWII0YZM3VSSfF4RZOXBcp4xRDprOO4fbJpclnaPC-RTWwsQ7G7XiDgHbICEQxcjlMOmjG_Z_XKXolG-gcOr47qM6mQv-5KkQmuYwE7P6nmsoyDUH-zAbgl-nVrnWvtIFTxwYsxV5mY8nrt-NgOJPYfqHr3ss2q9Fze9x2eRN3wEHmcTjwhFJD9u9TjMZmFPrU_jZYRwcvNQv1fKRM70qu9wZGYbThHREvFm2iGI2CKe7TR-eRiml2xoJwQXkgmLlnbC1XgTFGjNFO1y14Qlvrqxj-RJ-Bsu-8mgq0IwCf1fO8tndQIWkK7Nmw09I0YbgftwT7VZRNVb&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCEuvkBts5YtTJLMqM7_UPgZyCqAvJntKxXL2Ol_dwwI23ARABIABgleKQgqAHggEXY2EtcHViLTU3MjA3NjMyNzE1MzIzNzegAdW20uoDyAEJqQLL5yCrq22yPqgDAaoE1gFP0BUCmFBu3XLj-qSG5nNj5RTgTDVKgCPHv7Gxfy2CW257-dm0yM98bVy70zhEWC7Gyc_mwqhqjJ-xmVIWWeyTgzXvzIv8z6ZEsenllbmK4OLCCrtpwTmjHYfjw2bt_OC76jPtD7uiWALa86WSrd3BfhzxR0RgLfbGf_Xe3AJ75pYFUAlkfWbkUo7oXBd0yEKQm8LmYp-wk7wlrwztS8SKFOUkOznr_Efftkyf1FL6-mh8K7lmFs9PMui1SPR1oFDGRAuIIm2HweMKtOThfwQZWifP26w3gAbUoIrLpJuoo2ygBiGoB4qYsQKoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_1eKWicQTeBrxt2UvIc0uNQ3ABpMQ%26client%3Dca-pub-5720763271532377%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:19:51 GMT
last-modified
Fri, 14 Feb 2020 13:51:32 GMT
server
nginx
cross-origin-embedder-policy
require-corp
etag
"5e46a5e4-134"
strict-transport-security
max-age=31536000; preload;
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=31104000, public
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
timing-allow-origin
*
content-length
308
expires
Fri, 17 Mar 2023 14:19:51 GMT
back_button.svg
static.criteo.net/flash/icon/ Frame 24A7
507 B
835 B
Image
General
Full URL
https://static.criteo.net/flash/icon/back_button.svg
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=YjnbBgALJNQIu8ZKAACOAR93n3iKa0OY_VSalw&u=%7CEqx3jKV1DZXJNqL%2FvmTofLMhp4jJnXGjxAPA4gjvkrc%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM0j2hknANCpMoZ3wmmJmKy__U_jolI7iL-L4oo_FnJwhiD6XEKNVdGPbb-6J8D005IDm9Rql_SVJGy9NVdCAfiWII0YZM3VSSfF4RZOXBcp4xRDprOO4fbJpclnaPC-RTWwsQ7G7XiDgHbICEQxcjlMOmjG_Z_XKXolG-gcOr47qM6mQv-5KkQmuYwE7P6nmsoyDUH-zAbgl-nVrnWvtIFTxwYsxV5mY8nrt-NgOJPYfqHr3ss2q9Fze9x2eRN3wEHmcTjwhFJD9u9TjMZmFPrU_jZYRwcvNQv1fKRM70qu9wZGYbThHREvFm2iGI2CKe7TR-eRiml2xoJwQXkgmLlnbC1XgTFGjNFO1y14Qlvrqxj-RJ-Bsu-8mgq0IwCf1fO8tndQIWkK7Nmw09I0YbgftwT7VZRNVb&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCEuvkBts5YtTJLMqM7_UPgZyCqAvJntKxXL2Ol_dwwI23ARABIABgleKQgqAHggEXY2EtcHViLTU3MjA3NjMyNzE1MzIzNzegAdW20uoDyAEJqQLL5yCrq22yPqgDAaoE1gFP0BUCmFBu3XLj-qSG5nNj5RTgTDVKgCPHv7Gxfy2CW257-dm0yM98bVy70zhEWC7Gyc_mwqhqjJ-xmVIWWeyTgzXvzIv8z6ZEsenllbmK4OLCCrtpwTmjHYfjw2bt_OC76jPtD7uiWALa86WSrd3BfhzxR0RgLfbGf_Xe3AJ75pYFUAlkfWbkUo7oXBd0yEKQm8LmYp-wk7wlrwztS8SKFOUkOznr_Efftkyf1FL6-mh8K7lmFs9PMui1SPR1oFDGRAuIIm2HweMKtOThfwQZWifP26w3gAbUoIrLpJuoo2ygBiGoB4qYsQKoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_1eKWicQTeBrxt2UvIc0uNQ3ABpMQ%26client%3Dca-pub-5720763271532377%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
8f9a7962cf58f27b89c0627d094ee1b631ec118675f9eae1dc06031353360422
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:19:51 GMT
last-modified
Thu, 01 Apr 2021 14:03:13 GMT
server
nginx
cross-origin-embedder-policy
require-corp
etag
"6065d2a1-1fb"
strict-transport-security
max-age=31536000; preload;
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=31104000, public
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
timing-allow-origin
*
content-length
507
expires
Fri, 17 Mar 2023 14:19:51 GMT
m
secure-gl.imrworldwide.com/cgi-bin/ Frame 24A7
0
690 B
Image
General
Full URL
https://secure-gl.imrworldwide.com/cgi-bin/m?ca=nlsn184820&cr=crtve&ce=criteo&pc=criteo_plc0001&ci=nlsnci162&am=3&at=view&rt=banner&st=image&r=1647958791
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=YjnbBgALJNQIu8ZKAACOAR93n3iKa0OY_VSalw&u=%7CEqx3jKV1DZXJNqL%2FvmTofLMhp4jJnXGjxAPA4gjvkrc%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM0j2hknANCpMoZ3wmmJmKy__U_jolI7iL-L4oo_FnJwhiD6XEKNVdGPbb-6J8D005IDm9Rql_SVJGy9NVdCAfiWII0YZM3VSSfF4RZOXBcp4xRDprOO4fbJpclnaPC-RTWwsQ7G7XiDgHbICEQxcjlMOmjG_Z_XKXolG-gcOr47qM6mQv-5KkQmuYwE7P6nmsoyDUH-zAbgl-nVrnWvtIFTxwYsxV5mY8nrt-NgOJPYfqHr3ss2q9Fze9x2eRN3wEHmcTjwhFJD9u9TjMZmFPrU_jZYRwcvNQv1fKRM70qu9wZGYbThHREvFm2iGI2CKe7TR-eRiml2xoJwQXkgmLlnbC1XgTFGjNFO1y14Qlvrqxj-RJ-Bsu-8mgq0IwCf1fO8tndQIWkK7Nmw09I0YbgftwT7VZRNVb&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCEuvkBts5YtTJLMqM7_UPgZyCqAvJntKxXL2Ol_dwwI23ARABIABgleKQgqAHggEXY2EtcHViLTU3MjA3NjMyNzE1MzIzNzegAdW20uoDyAEJqQLL5yCrq22yPqgDAaoE1gFP0BUCmFBu3XLj-qSG5nNj5RTgTDVKgCPHv7Gxfy2CW257-dm0yM98bVy70zhEWC7Gyc_mwqhqjJ-xmVIWWeyTgzXvzIv8z6ZEsenllbmK4OLCCrtpwTmjHYfjw2bt_OC76jPtD7uiWALa86WSrd3BfhzxR0RgLfbGf_Xe3AJ75pYFUAlkfWbkUo7oXBd0yEKQm8LmYp-wk7wlrwztS8SKFOUkOznr_Efftkyf1FL6-mh8K7lmFs9PMui1SPR1oFDGRAuIIm2HweMKtOThfwQZWifP26w3gAbUoIrLpJuoo2ygBiGoB4qYsQKoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_1eKWicQTeBrxt2UvIc0uNQ3ABpMQ%26client%3Dca-pub-5720763271532377%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:206f:c00:1e:a43d:b640:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 22 Mar 2022 14:19:51 GMT
via
1.1 2a3a093b493a82493f3431437cb166ac.cloudfront.net (CloudFront)
server
nginx
x-amz-cf-pop
FRA56-C1
access-control-allow-methods
POST, OPTIONS
p3p
P3P policyref="http://secure-gl.imrworldwide.com/w3c/p3p.xml", CP="NOI DSP COR NID PSA ADM OUR IND UNI NAV COM"
access-control-allow-origin
*
cache-control
no-cache
cross-origin-resource-policy
cross-origin
x-cache
Miss from cloudfront
accept-ch
Sec-CH-Save-Data, Sec-CH-DPR, Sec-CH-Width, Sec-CH-Viewport-Width, Sec-CH-Viewport-Height, Sec-CH-Device-Memory, Sec-CH-RTT, Sec-CH-Downlink, Sec-CH-ECT, Sec-CH-Prefers-Color-Scheme, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
content-length
0
x-amz-cf-id
MrUyowzL8QDX1pJK0Njabxwkt0XNdenq_r_nRHBuBAUUJHOToP8FDw==
expires
Thu, 01 Dec 1994 16:00:00 GMT
lg.php
cat.nl.eu.criteo.com/m/delivery/ Frame 24A7
43 B
347 B
Image
General
Full URL
https://cat.nl.eu.criteo.com/m/delivery/lg.php?cppv=3&cpp=fIYejaIgar3PdS5R9BM-mVDRxQXfUWTiYs8i5Lu3E7DKYYrFeGfpHO8gYn7l6_z0vwQBrMvCZ_NXjiDJP_ZurPwUolyAyT2MhO3eM4OrndcYBK6qtjFGDGAVJ8ysHpVoF3SpZJx8VRLZ7iMYtXjLGb3DbDmHYNdeOxOUHBIp40DEzV_Kzue96JODjB9Ufl_QpONFwgmuzc-U2JbZpAVM40lV9tMudoMvK5G_buCzVZ-YRurR-z-svGLwNvcuG8GbK8VHVLIgxTuPAAu0v0atBYu80yeKWq08ZovMiOIA2tydE--dXAHj95eoSnOEFWvanPJSlLzidpmOfuLZqO2TActPRCJjijJxE7tzFSx1KbgRIXjFIQKupXmC6kfwg29Qwe9gxns4L8LL8DIy58nhMbKLtQyRuImReOW3UbWlB7KNPP0fMqm0pSwUUnCfeUP7VhCabw
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=YjnbBgALJNQIu8ZKAACOAR93n3iKa0OY_VSalw&u=%7CEqx3jKV1DZXJNqL%2FvmTofLMhp4jJnXGjxAPA4gjvkrc%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM0j2hknANCpMoZ3wmmJmKy__U_jolI7iL-L4oo_FnJwhiD6XEKNVdGPbb-6J8D005IDm9Rql_SVJGy9NVdCAfiWII0YZM3VSSfF4RZOXBcp4xRDprOO4fbJpclnaPC-RTWwsQ7G7XiDgHbICEQxcjlMOmjG_Z_XKXolG-gcOr47qM6mQv-5KkQmuYwE7P6nmsoyDUH-zAbgl-nVrnWvtIFTxwYsxV5mY8nrt-NgOJPYfqHr3ss2q9Fze9x2eRN3wEHmcTjwhFJD9u9TjMZmFPrU_jZYRwcvNQv1fKRM70qu9wZGYbThHREvFm2iGI2CKe7TR-eRiml2xoJwQXkgmLlnbC1XgTFGjNFO1y14Qlvrqxj-RJ-Bsu-8mgq0IwCf1fO8tndQIWkK7Nmw09I0YbgftwT7VZRNVb&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCEuvkBts5YtTJLMqM7_UPgZyCqAvJntKxXL2Ol_dwwI23ARABIABgleKQgqAHggEXY2EtcHViLTU3MjA3NjMyNzE1MzIzNzegAdW20uoDyAEJqQLL5yCrq22yPqgDAaoE1gFP0BUCmFBu3XLj-qSG5nNj5RTgTDVKgCPHv7Gxfy2CW257-dm0yM98bVy70zhEWC7Gyc_mwqhqjJ-xmVIWWeyTgzXvzIv8z6ZEsenllbmK4OLCCrtpwTmjHYfjw2bt_OC76jPtD7uiWALa86WSrd3BfhzxR0RgLfbGf_Xe3AJ75pYFUAlkfWbkUo7oXBd0yEKQm8LmYp-wk7wlrwztS8SKFOUkOznr_Efftkyf1FL6-mh8K7lmFs9PMui1SPR1oFDGRAuIIm2HweMKtOThfwQZWifP26w3gAbUoIrLpJuoo2ygBiGoB4qYsQKoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_1eKWicQTeBrxt2UvIc0uNQ3ABpMQ%26client%3Dca-pub-5720763271532377%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.2.148 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 22 Mar 2022 14:19:51 GMT
server
Kestrel
strict-transport-security
max-age=31536000; preload;
p3p
CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
cache-control
no-cache
cross-origin-resource-policy
cross-origin
server-processing-duration-in-ticks
3304323
content-type
image/gif
expires
Mon, 26 Jul 1997 05:00:00 GMT
UnitWidgetItemDesktop.min.js
vidstat.taboola.com/lite-unit/1.4.0/ Frame 548E
79 KB
23 KB
Script
General
Full URL
https://vidstat.taboola.com/lite-unit/1.4.0/UnitWidgetItemDesktop.min.js
Requested by
Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20220319-2-RELEASE.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
e92552bc193c8bae835c7b6db6eea8a39593fa14fb75a227f738c415330cc84e

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.threatminer.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:19:51 GMT
via
1.1 e7e7960d7731a7583cedd8f1ff1aca38.cloudfront.net (CloudFront), 1.1 varnish
age
483575
x-cache
Hit from cloudfront, HIT
content-encoding
gzip
content-length
23743
x-served-by
cache-hhn4027-HHN
last-modified
Tue, 31 Mar 2020 13:14:35 GMT
server
AmazonS3
x-timer
S1647958792.696544,VS0,VE0
etag
"b683c290896a82c974838a04b4ea4aff"
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=2592000
x-amz-cf-pop
FRA6-C1
accept-ranges
bytes
access-control-allow-headers
*
x-amz-cf-id
WiS0fh_cXILKTu8bUdrsdhq5IsQD6YXsCWXO_RK6jQQzsgdiU8eYFQ==
x-cache-hits
271
truncated
/ Frame 06F3
220 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ef2e787c889ef3a99f9115a673a38a8f14b8ce4f4a8a685f7610c0120a81865c

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ Frame E2E7
216 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
3c40772a7d96d171b5675d99dae36bfd06e41272fdfdb9e7aa583802b3211532

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ Frame 7115
215 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
622165818dbe4d9b4ba1d82a9da69ce79204e89ca9cbb27cff3e7b4f40384509

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type
image/png
pixel.gif
cdn.viglink.com/images/
43 B
429 B
Image
General
Full URL
https://cdn.viglink.com/images/pixel.gif?ch=1&rn=0.7712800366965598
Requested by
Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=56e008e903a7e3a3b98e19f313435afe
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700::6810:a40d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.threatminer.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:19:51 GMT
cf-cache-status
HIT
last-modified
Tue, 10 Feb 2015 03:29:39 GMT
server
cloudflare
age
5
etag
"221d8352905f2c38b3cb2bd191d630b0"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/gif
cache-control
max-age=15, must-revalidate
content-length
43
accept-ranges
bytes
cf-ray
6eff9090ba2f92b7-FRA
x-amz-request-id
5Y8DEP40R83Z5TW1
x-amz-id-2
q+q6L5Q5WPKQda0KCc3L1vncGqKk2r7484yO3hyEHY4pPJaZmZ1nUmH11Lkw9k2GvBtX+X4I3qY=
pixel.gif
cdn.viglink.com/images/
43 B
102 B
Image
General
Full URL
https://cdn.viglink.com/images/pixel.gif?ch=2&rn=0.7712800366965598
Requested by
Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=56e008e903a7e3a3b98e19f313435afe
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700::6810:a40d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.threatminer.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:19:51 GMT
cf-cache-status
HIT
last-modified
Tue, 10 Feb 2015 03:29:39 GMT
server
cloudflare
age
5
etag
"221d8352905f2c38b3cb2bd191d630b0"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/gif
cache-control
max-age=15, must-revalidate
content-length
43
accept-ranges
bytes
cf-ray
6eff9090ba3192b7-FRA
x-amz-request-id
5Y8DEP40R83Z5TW1
x-amz-id-2
q+q6L5Q5WPKQda0KCc3L1vncGqKk2r7484yO3hyEHY4pPJaZmZ1nUmH11Lkw9k2GvBtX+X4I3qY=
truncated
/ Frame 85FF
1 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
2c2744fe747215e6a27c0eddb2b548eba36d35c5baa0a8b856ccf56a5c31d2ec

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ Frame 85FF
29 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
cd189b4bf2528794b4a4e85b4177f7d258e8dfb2b2904050765c7abbffe286a9

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type
image/jpeg
truncated
/ Frame 85FF
843 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
e8f0c88ed1f811308a51a043c12b8208f7dca3f30cccebb701f7b623bf8980f6

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ Frame 85FF
1 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ccf362270f55814120b056e10ad90c85288a54f8aacb297641a23d412e0423e5

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ Frame 85FF
21 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
46b665aec587754215aca2c2e84218bef73ed2bb059fed084caef1df300a0008

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ Frame 85FF
32 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
bc8904cf494c040131cf5c61ed0ee8b3af200a356ea113a3e54a4d7c798159d3

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ Frame 85FF
1 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
06e4108ed045249eeec3ffd0b0520922f0b46eaf1d5a54db1bf9dc549ff7dc80

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ Frame 85FF
13 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
1aeceef378724433f1a66549d593a39a79cf997c78cbde925187be550d58ee68

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ Frame 85FF
1 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
00f24d35adc5a60b6457d6b9ccd31e654cf3f8f8c76b4cc668be2a46834d1fce

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ Frame 85FF
23 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
c80da8eb6e9150d66697643e8d59db022fd32060461f75d428bf63687c5b38de

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ Frame 85FF
1 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
b6f6facd55ab986290b7cdd3aa2a8acfcc6f7edf53bf37689cf51f33dc54bcec

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ Frame 85FF
1 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
e8a74579fb64e402c0bf5ff5ab4c91a522f812ce8c082588e95e08d21eecc45b

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type
image/png
reactive_library_fy2019.js
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202203170101/
152 KB
54 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202203170101/reactive_library_fy2019.js?bust=31065702
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202203170101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-5720763271532377&plah=www.threatminer.org&bust=31065702
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
547db896422820a406f6c849460bd878aeff86944dd36992300a2b342decd91e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.threatminer.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:19:51 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
55149
x-xss-protection
0
server
cafe
etag
18085096806971826728
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=1209600
timing-allow-origin
*
expires
Tue, 22 Mar 2022 14:19:51 GMT
creative_js.js
vidstat.taboola.com/vpaid/units/27_2_17/creatives/ Frame 548E
4 KB
2 KB
Script
General
Full URL
https://vidstat.taboola.com/vpaid/units/27_2_17/creatives/creative_js.js
Requested by
Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20220319-2-RELEASE.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
6258018e9f890f2383a09a2be6df7792affd977d856e7247ace8341f5b5487f0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.threatminer.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:19:51 GMT
via
1.1 c2a926ef1bafe1ab239d4761594a8099.cloudfront.net (CloudFront), 1.1 varnish
age
1437593
x-amz-meta-mtime
1580720676
x-cache
Hit from cloudfront, HIT
x-amz-meta-ctime
1580720957
x-amz-meta-mode
33188
content-encoding
gzip
content-length
1904
x-served-by
cache-hhn4027-HHN
last-modified
Mon, 03 Feb 2020 09:09:18 GMT
server
AmazonS3
x-timer
S1647958792.823188,VS0,VE0
etag
"d80eacb3ed43f93a2da80d76e65d19a8"
x-amz-meta-uid
0
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS, HEAD
x-amz-meta-gid
0
access-control-allow-origin
*
cache-control
public, max-age=2592000
x-amz-cf-pop
FRA2-C1
accept-ranges
bytes
content-type
application/javascript
access-control-allow-headers
*
x-amz-cf-id
weURnwUwOHgFt6bTo3Iz_wVjW8GmAzFabBY2qdh0wOmhvZi_Ab2wtQ==
x-cache-hits
6570
fc47205c0ca2dce69b72d3f6b5ea6e0f.jpeg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ Frame 548E
11 KB
12 KB
Image
General
Full URL
https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/fc47205c0ca2dce69b72d3f6b5ea6e0f.jpeg
Requested by
Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=56e008e903a7e3a3b98e19f313435afe
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
93f393a2b1de6e84b23b0eb105987bd779b48e788c48b7a91db7becf6e237218

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.threatminer.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-vcl-time-ms
0
date
Tue, 22 Mar 2022 14:19:51 GMT
via
1.1 varnish, 1.1 varnish
age
538286
edge-cache-tag
365836330699709642365401133871586342678,459052303457394366171479749282851127576,29ecf9b93bbf306179626feeda1fab70
cache-tag
365836330699709642365401133871586342678,459052303457394366171479749282851127576,29ecf9b93bbf306179626feeda1fab70
x-ratelimit-remaining
100
x-envoy-upstream-service-time
182
expiration
expiry-date="Thu, 14 Apr 2022 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
x-cache
MISS, HIT, HIT
x-debug
/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/fc47205c0ca2dce69b72d3f6b5ea6e0f.jpeg
content-length
11244
x-backend-name
LA_DIR:3FP7YNX3LMizprTZsG7BSW--F_LA_nlb201
last-modified
Mon, 14 Mar 2022 14:24:14 GMT
server
nginx
x-timer
S1647958792.838687,VS0,VE0
etag
"db036f3de24fd53ed87df577a05b01c0"
x-served-by
cache-bwi5029-BWI, cache-iad-kcgs7200058-IAD, cache-hhn4027-HHN
vary
ImageFormat
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-ratelimit-reset
1
x-ratelimit-limit
101
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-headers
X-Requested-With
x-cache-hits
0, 1, 350
963b2bd78ec4af37edcfda9a372ce867.png
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ Frame 548E
5 KB
6 KB
Image
General
Full URL
https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/963b2bd78ec4af37edcfda9a372ce867.png
Requested by
Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=56e008e903a7e3a3b98e19f313435afe
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
7b0c413bcb3674fc6edd5efdd7942e521fccae2795c7573a3285d8cb6c28fcbb

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.threatminer.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-vcl-time-ms
0
date
Tue, 22 Mar 2022 14:19:51 GMT
via
1.1 varnish, 1.1 varnish
age
870964
edge-cache-tag
500528341747144064097578862576342679755,459052303457394366171479749282851127576,29ecf9b93bbf306179626feeda1fab70
cache-tag
500528341747144064097578862576342679755,459052303457394366171479749282851127576,29ecf9b93bbf306179626feeda1fab70
x-ratelimit-remaining
100
x-envoy-upstream-service-time
112
expiration
expiry-date="Thu, 24 Mar 2022 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
x-cache
HIT, HIT, HIT
x-debug
/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/963b2bd78ec4af37edcfda9a372ce867.png
content-length
5536
x-backend-name
CH_DIR:3FP7YNX3LMizprTZsG7BSW--F_CH_nlb801
last-modified
Mon, 21 Feb 2022 12:04:14 GMT
server
nginx
x-timer
S1647958792.838852,VS0,VE0
etag
"0e6d7a96188bd3fafd26c17d9f8d364d"
x-served-by
cache-bwi5075-BWI, cache-iad-kcgs7200176-IAD, cache-hhn4027-HHN
vary
ImageFormat
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-ratelimit-reset
1
x-ratelimit-limit
101
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-headers
X-Requested-With
x-cache-hits
1, 1, 3
75af26290d1c422fa1348137bc6a4b68.jpg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ Frame 548E
13 KB
14 KB
Image
General
Full URL
https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/75af26290d1c422fa1348137bc6a4b68.jpg
Requested by
Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=56e008e903a7e3a3b98e19f313435afe
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
bb6fe6ea51772638f8c2a04593fa4ee92717aa3d899c2def04b8509c50975e3a

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.threatminer.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-vcl-time-ms
0
date
Tue, 22 Mar 2022 14:19:51 GMT
via
1.1 varnish, 1.1 varnish
age
1832046
edge-cache-tag
419649402235686168963062171367090614525,459052303457394366171479749282851127576,29ecf9b93bbf306179626feeda1fab70
cache-tag
419649402235686168963062171367090614525,459052303457394366171479749282851127576,29ecf9b93bbf306179626feeda1fab70
x-ratelimit-remaining
100
x-envoy-upstream-service-time
224
expiration
expiry-date="Thu, 31 Mar 2022 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
x-cache
HIT, HIT, HIT
x-debug
/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/75af26290d1c422fa1348137bc6a4b68.jpg
content-length
13410
x-backend-name
LA_DIR:3FP7YNX3LMizprTZsG7BSW--F_LA_nlb204
last-modified
Mon, 28 Feb 2022 13:55:56 GMT
server
nginx
x-timer
S1647958792.838915,VS0,VE0
etag
"f01cf5dde89f9c09245b94dcab16040e"
x-served-by
cache-bwi5032-BWI, cache-iad-kcgs7200115-IAD, cache-hhn4027-HHN
vary
ImageFormat
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-ratelimit-reset
1
x-ratelimit-limit
101
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-headers
X-Requested-With
x-cache-hits
1, 1, 3
5caf2e65bec1862417560f766e3017ed.jpg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ Frame 548E
29 KB
30 KB
Image
General
Full URL
https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/5caf2e65bec1862417560f766e3017ed.jpg
Requested by
Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=56e008e903a7e3a3b98e19f313435afe
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
69d3945a8d076a254a46eacaee06ae6cf7db0306c8727fd7c451f23c3a2b26ce

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.threatminer.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-vcl-time-ms
0
date
Tue, 22 Mar 2022 14:19:51 GMT
via
1.1 varnish, 1.1 varnish
age
1203153
edge-cache-tag
473510749030488951307065470310466400699,459052303457394366171479749282851127576,29ecf9b93bbf306179626feeda1fab70
cache-tag
473510749030488951307065470310466400699,459052303457394366171479749282851127576,29ecf9b93bbf306179626feeda1fab70
x-ratelimit-remaining
100
x-envoy-upstream-service-time
183
expiration
expiry-date="Sat, 12 Mar 2022 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
x-cache
HIT, HIT, HIT
x-debug
/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/5caf2e65bec1862417560f766e3017ed.jpg
content-length
29726
x-backend-name
LA_DIR:3FP7YNX3LMizprTZsG7BSW--F_LA_nlb202
last-modified
Wed, 09 Feb 2022 05:23:19 GMT
server
nginx
x-timer
S1647958792.840110,VS0,VE0
etag
"0a4c867f6f6dfd844a117a9a44931b11"
x-served-by
cache-bwi5036-BWI, cache-iad-kiad7000038-IAD, cache-hhn4027-HHN
vary
ImageFormat
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-ratelimit-reset
1
x-ratelimit-limit
101
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-headers
X-Requested-With
x-cache-hits
1, 1, 2
0fce2f0ef08ab2f0d6b8fa82f1cfc6a4.png
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ Frame 548E
11 KB
12 KB
Image
General
Full URL
https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/0fce2f0ef08ab2f0d6b8fa82f1cfc6a4.png
Requested by
Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=56e008e903a7e3a3b98e19f313435afe
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
3f20c78edf350544b354f8245729db4c74f21682d2f6669114bee39346548129

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.threatminer.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-vcl-time-ms
0
date
Tue, 22 Mar 2022 14:19:51 GMT
via
1.1 varnish, 1.1 varnish
age
608262
edge-cache-tag
516946417714186164303027548019906206945,459052303457394366171479749282851127576,29ecf9b93bbf306179626feeda1fab70
cache-tag
516946417714186164303027548019906206945,459052303457394366171479749282851127576,29ecf9b93bbf306179626feeda1fab70
x-ratelimit-remaining
99
x-envoy-upstream-service-time
74
expiration
expiry-date="Fri, 25 Mar 2022 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
x-cache
HIT, HIT, HIT
x-debug
/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/0fce2f0ef08ab2f0d6b8fa82f1cfc6a4.png
content-length
11558
x-backend-name
CH_DIR:3FP7YNX3LMizprTZsG7BSW--F_CH_nlb804
last-modified
Tue, 22 Feb 2022 13:50:40 GMT
server
nginx
x-timer
S1647958792.840914,VS0,VE0
etag
"2aa5151ffa488025232882f76c221d7f"
x-served-by
cache-wdc5557-WDC, cache-iad-kjyo7100079-IAD, cache-hhn4027-HHN
vary
ImageFormat
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-ratelimit-reset
1
x-ratelimit-limit
101
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-headers
X-Requested-With
x-cache-hits
1, 1, 4
c550b5c61cbb034102b1b0820278e4d1.jpg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ Frame 548E
17 KB
18 KB
Image
General
Full URL
https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/c550b5c61cbb034102b1b0820278e4d1.jpg
Requested by
Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=56e008e903a7e3a3b98e19f313435afe
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
9bc50e346a5772ba1724948a53082df46c70edc300a38b75f61e8cb203f0a8cf

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.threatminer.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-vcl-time-ms
0
date
Tue, 22 Mar 2022 14:19:51 GMT
via
1.1 varnish, 1.1 varnish
age
441819
edge-cache-tag
570440351580815921467581476724027591677,459052303457394366171479749282851127576,29ecf9b93bbf306179626feeda1fab70
cache-tag
570440351580815921467581476724027591677,459052303457394366171479749282851127576,29ecf9b93bbf306179626feeda1fab70
x-ratelimit-remaining
99
x-envoy-upstream-service-time
91
expiration
expiry-date="Sun, 10 Apr 2022 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
x-cache
HIT, HIT, HIT
x-debug
/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/c550b5c61cbb034102b1b0820278e4d1.jpg
content-length
17428
x-backend-name
LA_DIR:3FP7YNX3LMizprTZsG7BSW--F_LA_nlb204
last-modified
Thu, 10 Mar 2022 14:24:16 GMT
server
nginx
x-timer
S1647958792.841113,VS0,VE0
etag
"2dcfc655599e7b3d92e07a7aae9e1d3f"
x-served-by
cache-wdc5542-WDC, cache-iad-kcgs7200148-IAD, cache-hhn4027-HHN
vary
ImageFormat
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-ratelimit-reset
1
x-ratelimit-limit
101
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-headers
X-Requested-With
x-cache-hits
1, 1, 3
truncated
/ Frame 0968
219 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
0f8e2e5d76ec34f9ceaa02cd4a2e7850080b4c87fcbcfc645cc62a317304e736

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ Frame 85FF
212 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
c7a2cbd4070619a7d0b1ec4957c8a3e79bddca26f0ca9f3f76f54248fbbae399

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type
image/png
4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
fonts.gstatic.com/s/googlesans/v42/ Frame 06F3
28 KB
28 KB
Font
General
Full URL
https://fonts.gstatic.com/s/googlesans/v42/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a67d07f733785876b3192826e76f537e2b9dc0be172ce52c773d30d65f712a07
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://googleads.g.doubleclick.net
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 15 Mar 2022 22:47:37 GMT
x-content-type-options
nosniff
age
574334
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
28328
x-xss-protection
0
last-modified
Tue, 01 Mar 2022 21:57:43 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 15 Mar 2023 22:47:37 GMT
truncated
/ Frame FCA7
213 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
b90487a5e3fd0047cdb5de238607dd5fb3455236da1ee3b4c051bbd120d1964d

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ Frame 85FF
1 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
93145f73267d49fb0755c373ac2ce47a9e39866da0bf529443810b769d8d6b68

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ Frame 85FF
1 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
2eebf35211143c8364122917c63490e1f22a4ca895a8e50e1f3ab840943cbcec

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type
image/png
creative_js.js
vidstat.taboola.com/vpaid/units/27_2_17/creatives/ Frame 725C
4 KB
2 KB
Script
General
Full URL
https://vidstat.taboola.com/vpaid/units/27_2_17/creatives/creative_js.js
Requested by
Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20220319-2-RELEASE.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
6258018e9f890f2383a09a2be6df7792affd977d856e7247ace8341f5b5487f0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.threatminer.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:19:51 GMT
via
1.1 c2a926ef1bafe1ab239d4761594a8099.cloudfront.net (CloudFront), 1.1 varnish
age
1437593
x-amz-meta-mtime
1580720676
x-cache
Hit from cloudfront, HIT
x-amz-meta-ctime
1580720957
x-amz-meta-mode
33188
content-encoding
gzip
content-length
1904
x-served-by
cache-hhn4027-HHN
last-modified
Mon, 03 Feb 2020 09:09:18 GMT
server
AmazonS3
x-timer
S1647958792.929033,VS0,VE0
etag
"d80eacb3ed43f93a2da80d76e65d19a8"
x-amz-meta-uid
0
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS, HEAD
x-amz-meta-gid
0
access-control-allow-origin
*
cache-control
public, max-age=2592000
x-amz-cf-pop
FRA2-C1
accept-ranges
bytes
content-type
application/javascript
access-control-allow-headers
*
x-amz-cf-id
weURnwUwOHgFt6bTo3Iz_wVjW8GmAzFabBY2qdh0wOmhvZi_Ab2wtQ==
x-cache-hits
6571
fc47205c0ca2dce69b72d3f6b5ea6e0f.jpeg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ Frame 725C
11 KB
12 KB
Image
General
Full URL
https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/fc47205c0ca2dce69b72d3f6b5ea6e0f.jpeg
Requested by
Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=56e008e903a7e3a3b98e19f313435afe
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
93f393a2b1de6e84b23b0eb105987bd779b48e788c48b7a91db7becf6e237218

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.threatminer.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-vcl-time-ms
0
date
Tue, 22 Mar 2022 14:19:51 GMT
via
1.1 varnish, 1.1 varnish
age
538286
edge-cache-tag
365836330699709642365401133871586342678,459052303457394366171479749282851127576,29ecf9b93bbf306179626feeda1fab70
cache-tag
365836330699709642365401133871586342678,459052303457394366171479749282851127576,29ecf9b93bbf306179626feeda1fab70
x-ratelimit-remaining
100
x-envoy-upstream-service-time
182
expiration
expiry-date="Thu, 14 Apr 2022 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
x-cache
MISS, HIT, HIT
x-debug
/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/fc47205c0ca2dce69b72d3f6b5ea6e0f.jpeg
content-length
11244
x-backend-name
LA_DIR:3FP7YNX3LMizprTZsG7BSW--F_LA_nlb201
last-modified
Mon, 14 Mar 2022 14:24:14 GMT
server
nginx
x-timer
S1647958792.970052,VS0,VE0
etag
"db036f3de24fd53ed87df577a05b01c0"
x-served-by
cache-bwi5029-BWI, cache-iad-kcgs7200058-IAD, cache-hhn4027-HHN
vary
ImageFormat
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-ratelimit-reset
1
x-ratelimit-limit
101
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-headers
X-Requested-With
x-cache-hits
0, 1, 351
0fce2f0ef08ab2f0d6b8fa82f1cfc6a4.png
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ Frame 725C
11 KB
12 KB
Image
General
Full URL
https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/0fce2f0ef08ab2f0d6b8fa82f1cfc6a4.png
Requested by
Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=56e008e903a7e3a3b98e19f313435afe
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
3f20c78edf350544b354f8245729db4c74f21682d2f6669114bee39346548129

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.threatminer.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-vcl-time-ms
0
date
Tue, 22 Mar 2022 14:19:51 GMT
via
1.1 varnish, 1.1 varnish
age
608262
edge-cache-tag
516946417714186164303027548019906206945,459052303457394366171479749282851127576,29ecf9b93bbf306179626feeda1fab70
cache-tag
516946417714186164303027548019906206945,459052303457394366171479749282851127576,29ecf9b93bbf306179626feeda1fab70
x-ratelimit-remaining
99
x-envoy-upstream-service-time
74
expiration
expiry-date="Fri, 25 Mar 2022 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
x-cache
HIT, HIT, HIT
x-debug
/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/0fce2f0ef08ab2f0d6b8fa82f1cfc6a4.png
content-length
11558
x-backend-name
CH_DIR:3FP7YNX3LMizprTZsG7BSW--F_CH_nlb804
last-modified
Tue, 22 Feb 2022 13:50:40 GMT
server
nginx
x-timer
S1647958792.970199,VS0,VE0
etag
"2aa5151ffa488025232882f76c221d7f"
x-served-by
cache-wdc5557-WDC, cache-iad-kjyo7100079-IAD, cache-hhn4027-HHN
vary
ImageFormat
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-ratelimit-reset
1
x-ratelimit-limit
101
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-headers
X-Requested-With
x-cache-hits
1, 1, 5
656985b9ca98e7cefd482c216e06d904.jpg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ Frame 725C
15 KB
15 KB
Image
General
Full URL
https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/656985b9ca98e7cefd482c216e06d904.jpg
Requested by
Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=56e008e903a7e3a3b98e19f313435afe
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
54b76b9b87735b56615ee85736257872299a9badb32e1d31ed70f3f26a954158

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.threatminer.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-vcl-time-ms
0
date
Tue, 22 Mar 2022 14:19:51 GMT
via
1.1 varnish, 1.1 varnish
age
352271
edge-cache-tag
382912112058323714276555655145386039340,459052303457394366171479749282851127576,29ecf9b93bbf306179626feeda1fab70
cache-tag
382912112058323714276555655145386039340,459052303457394366171479749282851127576,29ecf9b93bbf306179626feeda1fab70
status
200 OK
x-ratelimit-remaining
99
x-envoy-upstream-service-time
557
x-cache
MISS, HIT, HIT
x-debug
/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/656985b9ca98e7cefd482c216e06d904.jpg
content-length
14866
x-request-id
71bfd54751c2eca843618d03f7c4b39a
x-backend-name
LA_DIR:3FP7YNX3LMizprTZsG7BSW--F_LA_nlb203
last-modified
Fri, 18 Mar 2022 09:50:14 GMT
server
nginx
x-timer
S1647958792.970266,VS0,VE0
etag
"2f4fcda005b77359128f8ab0936527c0"
x-served-by
cache-bwi5040-BWI, cache-iad-kjyo7100073-IAD, cache-hhn4027-HHN
vary
ImageFormat
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-ratelimit-reset
1
x-ratelimit-limit
101
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-headers
X-Requested-With
x-cache-hits
0, 1, 6
9cfa6bf5722188232a1b458cb54c7194.jpg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ Frame 725C
17 KB
18 KB
Image
General
Full URL
https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/9cfa6bf5722188232a1b458cb54c7194.jpg
Requested by
Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=56e008e903a7e3a3b98e19f313435afe
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
7bbd6a2a9e83ef6984e0fc21ad571691780777e0b4b894daf3455748e117554f

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.threatminer.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-vcl-time-ms
0
date
Tue, 22 Mar 2022 14:19:51 GMT
via
1.1 varnish, 1.1 varnish
age
1217884
edge-cache-tag
384909009795398178221486296188876000720,459052303457394366171479749282851127576,29ecf9b93bbf306179626feeda1fab70
cache-tag
384909009795398178221486296188876000720,459052303457394366171479749282851127576,29ecf9b93bbf306179626feeda1fab70
x-ratelimit-remaining
100
x-envoy-upstream-service-time
159
expiration
expiry-date="Fri, 11 Mar 2022 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
x-cache
MISS, HIT, HIT
x-debug
/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/9cfa6bf5722188232a1b458cb54c7194.jpg
content-length
17894
x-backend-name
LA_DIR:3FP7YNX3LMizprTZsG7BSW--F_LA_nlb201
last-modified
Tue, 08 Feb 2022 08:42:25 GMT
server
nginx
x-timer
S1647958792.970381,VS0,VE0
etag
"37d4fa0f500eafb5b79a28704499fb87"
x-served-by
cache-wdc5554-WDC, cache-iad-kiad7000067-IAD, cache-hhn4027-HHN
vary
ImageFormat
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-ratelimit-reset
1
x-ratelimit-limit
101
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-headers
X-Requested-With
x-cache-hits
0, 1, 2
9ccfc93598d017fc15b5ace2c90ac805.png
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ Frame 725C
15 KB
15 KB
Image
General
Full URL
https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/9ccfc93598d017fc15b5ace2c90ac805.png
Requested by
Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=56e008e903a7e3a3b98e19f313435afe
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
1a1fda99cdd8bbe705bc66a681a248975154bee13fb350978472fa20b0f513be

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.threatminer.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-vcl-time-ms
0
date
Tue, 22 Mar 2022 14:19:51 GMT
via
1.1 varnish, 1.1 varnish
age
521747
edge-cache-tag
302852673209151404540504392374238792536,459052303457394366171479749282851127576,29ecf9b93bbf306179626feeda1fab70
cache-tag
302852673209151404540504392374238792536,459052303457394366171479749282851127576,29ecf9b93bbf306179626feeda1fab70
x-ratelimit-remaining
99
x-envoy-upstream-service-time
200
expiration
expiry-date="Thu, 17 Mar 2022 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
x-cache
MISS, HIT, HIT
x-debug
/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/9ccfc93598d017fc15b5ace2c90ac805.png
content-length
14860
x-backend-name
LA_DIR:3FP7YNX3LMizprTZsG7BSW--F_LA_nlb203
last-modified
Mon, 14 Feb 2022 10:34:36 GMT
server
nginx
x-timer
S1647958792.970559,VS0,VE0
etag
"bb612a9315d390adb08b81b9099bd5eb"
x-served-by
cache-wdc5556-WDC, cache-iad-kjyo7100038-IAD, cache-hhn4027-HHN
vary
ImageFormat
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-ratelimit-reset
1
x-ratelimit-limit
101
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-headers
X-Requested-With
x-cache-hits
0, 1, 2
c550b5c61cbb034102b1b0820278e4d1.jpg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ Frame 725C
17 KB
18 KB
Image
General
Full URL
https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/c550b5c61cbb034102b1b0820278e4d1.jpg
Requested by
Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=56e008e903a7e3a3b98e19f313435afe
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
9bc50e346a5772ba1724948a53082df46c70edc300a38b75f61e8cb203f0a8cf

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.threatminer.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-vcl-time-ms
0
date
Tue, 22 Mar 2022 14:19:51 GMT
via
1.1 varnish, 1.1 varnish
age
441819
edge-cache-tag
570440351580815921467581476724027591677,459052303457394366171479749282851127576,29ecf9b93bbf306179626feeda1fab70
cache-tag
570440351580815921467581476724027591677,459052303457394366171479749282851127576,29ecf9b93bbf306179626feeda1fab70
x-ratelimit-remaining
99
x-envoy-upstream-service-time
91
expiration
expiry-date="Sun, 10 Apr 2022 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
x-cache
HIT, HIT, HIT
x-debug
/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/c550b5c61cbb034102b1b0820278e4d1.jpg
content-length
17428
x-backend-name
LA_DIR:3FP7YNX3LMizprTZsG7BSW--F_LA_nlb204
last-modified
Thu, 10 Mar 2022 14:24:16 GMT
server
nginx
x-timer
S1647958792.970654,VS0,VE0
etag
"2dcfc655599e7b3d92e07a7aae9e1d3f"
x-served-by
cache-wdc5542-WDC, cache-iad-kcgs7200148-IAD, cache-hhn4027-HHN
vary
ImageFormat
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-ratelimit-reset
1
x-ratelimit-limit
101
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-headers
X-Requested-With
x-cache-hits
1, 1, 4
/
track.seadform.net/adfserve/ Frame 1B99
35 B
0
Fetch
General
Full URL
https://track.seadform.net/adfserve/?bn=53733599;1x1inv=1;srctype=3;ord=3441996010
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&h=591&slotname=4336667154&adk=296923673&adf=1593494102&pi=t.ma~as.4336667154&w=1182&cr_col=4&cr_row=2&fwrn=2&lmt=1647958790&rafmt=9&psa=0&format=1182x591&url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe&crui=image_stacked&fwr=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1647958790506&bpp=1&bdt=393&idt=194&shv=r20220317&mjsv=m202203170101&ptt=9&saldr=aa&abxe=1&prev_fmts=299x250%2C299x600%2C1182x200%2C1200x200%2C1200x200%2C1200x200&correlator=1619148827151&frm=20&pv=1&ga_vid=288048568.1647958790&ga_sid=1647958791&ga_hid=1115656681&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=359&ady=2953&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C21066432%2C31065702%2C44760495%2C31063247&oid=2&pvsid=3871871897982972&pem=22&tmod=415969553&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=7&uci=a!7&btvi=3&fsb=1&xpc=BzyDBnNSkW&p=https%3A//www.threatminer.org&dtd=197
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.2.239 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 22 Mar 2022 14:19:52 GMT
server
nginx
strict-transport-security
max-age=31536000; includeSubDomains
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, no-transform
content-type
image/gif
expires
-1
adview
googleads.g.doubleclick.net/pagead/ Frame 1B99
0
0
Fetch
General
Full URL
https://googleads.g.doubleclick.net/pagead/adview?ai=Cl4VDBts5YsCULta6YNKGlrAButaXi2iY-4eCrw_a2R4QASDVs65tKA5gleKQgqAHoAGcr_uoAsgBBqgDAcgDAqoE5gFP0FiN4nM2HqLWiTlyyAny_goAmefB0dyn-2Ux4eHeEZZhzIgRelMft8dRD53NDoj6NkjhoPdjHPnq1IvUCKOpP8BFolqs7xXx3aDb27x6H-01SwenxeIkRpGHUIVbu0L1GfrzYq8UEBkQNZM-yf1FPjfLEiPWIi39kJ-4no4MUzvREXTSu4JGa1PGI2Q6z8_AZKkWqvRJ5hpDrErq9hPZumIHOzZppGj1STcXzE4fQG55hgOo-fZaBVQdNNIUl29IREkyfT7w4zH3mBWDoHkAe38o8lDGQWSRVVWItm_A4oumt5OSA8AEj92iuekDkgUECAQYAZIFBAgFGASgBjeAB8zQhNcBqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhvYBwHyBwQQkdYC0ggJCIDhgBAQARgfgAoByAsBwhMGGJyv-6gC2BMN0BUBmBYBgBcBshccChoIABIUcHViLTU3MjA3NjMyNzE1MzIzNzcYAA&sigh=DHLsDLhdcBo&uach_m=[UACH]&template_id=492
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&h=591&slotname=4336667154&adk=296923673&adf=1593494102&pi=t.ma~as.4336667154&w=1182&cr_col=4&cr_row=2&fwrn=2&lmt=1647958790&rafmt=9&psa=0&format=1182x591&url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe&crui=image_stacked&fwr=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1647958790506&bpp=1&bdt=393&idt=194&shv=r20220317&mjsv=m202203170101&ptt=9&saldr=aa&abxe=1&prev_fmts=299x250%2C299x600%2C1182x200%2C1200x200%2C1200x200%2C1200x200&correlator=1619148827151&frm=20&pv=1&ga_vid=288048568.1647958790&ga_sid=1647958791&ga_hid=1115656681&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=359&ady=2953&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C21066432%2C31065702%2C44760495%2C31063247&oid=2&pvsid=3871871897982972&pem=22&tmod=415969553&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=7&uci=a!7&btvi=3&fsb=1&xpc=BzyDBnNSkW&p=https%3A//www.threatminer.org&dtd=197
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&h=591&slotname=4336667154&adk=296923673&adf=1593494102&pi=t.ma~as.4336667154&w=1182&cr_col=4&cr_row=2&fwrn=2&lmt=1647958790&rafmt=9&psa=0&format=1182x591&url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe&crui=image_stacked&fwr=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1647958790506&bpp=1&bdt=393&idt=194&shv=r20220317&mjsv=m202203170101&ptt=9&saldr=aa&abxe=1&prev_fmts=299x250%2C299x600%2C1182x200%2C1200x200%2C1200x200%2C1200x200&correlator=1619148827151&frm=20&pv=1&ga_vid=288048568.1647958790&ga_sid=1647958791&ga_hid=1115656681&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=359&ady=2953&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C21066432%2C31065702%2C44760495%2C31063247&oid=2&pvsid=3871871897982972&pem=22&tmod=415969553&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=7&uci=a!7&btvi=3&fsb=1&xpc=BzyDBnNSkW&p=https%3A//www.threatminer.org&dtd=197
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin
*
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
date
Tue, 22 Mar 2022 14:19:52 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
adview
googleads.g.doubleclick.net/pagead/ Frame 1B99
0
0
Fetch
General
Full URL
https://googleads.g.doubleclick.net/pagead/adview?ai=Cil9gBts5YsCULta6YNKGlrAB46To9WPQ-tzexw7RoZPPvCgQAiDVs65tKA5gleKQgqAHoAGL3PqaA8gBBqkC0M6UHDGbqj6oAwHIAwKqBOQBT9BM6OVzNR6i1ok5csgJ8v4KAJnnwdHcp_tlMeHh3hGWYcyIEXpTH7fHUQ-dzQ6I-jZI4aD3Yxz56tSL1AijqT_ARaJarO8V8d2g29u8eh_tNUsHp8XiJEaRh0qFW_tkriPg82KvFBAZEDWTPsn9RT43yxIj1iIt_ZCfuJ6ODFM70RF00ruCRmtTxiNkOs_PwGSpFqr0SeYaQ6xK6vYT2bpiBzs2aaRo9Uk3F8xOH3IJQxTiTzyAaouT2DxeGJzL2GxilTkO5GcuTtsVyH1EIcd0Cv5IbdRw0tG_nZRh2FUEoZsfwASZsfzI3wOSBQQIBBgBkgUECAUYBKAGN4AH3aOFZagHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4b2AcB8gcEEJHWAtIICQiA4YAQEAEYH4AKAcgLAcITBhiL3PqaA9gTDdAVAZgWAYAXAbIXHAoaCAASFHB1Yi01NzIwNzYzMjcxNTMyMzc3GAA&sigh=ZimeKo0rFpA&uach_m=[UACH]&template_id=492
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&h=591&slotname=4336667154&adk=296923673&adf=1593494102&pi=t.ma~as.4336667154&w=1182&cr_col=4&cr_row=2&fwrn=2&lmt=1647958790&rafmt=9&psa=0&format=1182x591&url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe&crui=image_stacked&fwr=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1647958790506&bpp=1&bdt=393&idt=194&shv=r20220317&mjsv=m202203170101&ptt=9&saldr=aa&abxe=1&prev_fmts=299x250%2C299x600%2C1182x200%2C1200x200%2C1200x200%2C1200x200&correlator=1619148827151&frm=20&pv=1&ga_vid=288048568.1647958790&ga_sid=1647958791&ga_hid=1115656681&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=359&ady=2953&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C21066432%2C31065702%2C44760495%2C31063247&oid=2&pvsid=3871871897982972&pem=22&tmod=415969553&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=7&uci=a!7&btvi=3&fsb=1&xpc=BzyDBnNSkW&p=https%3A//www.threatminer.org&dtd=197
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&h=591&slotname=4336667154&adk=296923673&adf=1593494102&pi=t.ma~as.4336667154&w=1182&cr_col=4&cr_row=2&fwrn=2&lmt=1647958790&rafmt=9&psa=0&format=1182x591&url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe&crui=image_stacked&fwr=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1647958790506&bpp=1&bdt=393&idt=194&shv=r20220317&mjsv=m202203170101&ptt=9&saldr=aa&abxe=1&prev_fmts=299x250%2C299x600%2C1182x200%2C1200x200%2C1200x200%2C1200x200&correlator=1619148827151&frm=20&pv=1&ga_vid=288048568.1647958790&ga_sid=1647958791&ga_hid=1115656681&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=359&ady=2953&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C21066432%2C31065702%2C44760495%2C31063247&oid=2&pvsid=3871871897982972&pem=22&tmod=415969553&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=7&uci=a!7&btvi=3&fsb=1&xpc=BzyDBnNSkW&p=https%3A//www.threatminer.org&dtd=197
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin
*
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
date
Tue, 22 Mar 2022 14:19:52 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
adview
googleads.g.doubleclick.net/pagead/ Frame 1B99
0
0
Fetch
General
Full URL
https://googleads.g.doubleclick.net/pagead/adview?ai=C5QK_Bts5YsCULta6YNKGlrAB4LuBhWnzodLj1w_a2R4QAyDVs65tKA5gleKQgqAHoAHJl5ixKMgBBqkCWCz0URRysj6oAwHIAwKqBPkBT9Ar9N1zNB6i1ok5csgJ8v4KAJnnwdHcp_tlMeHh3hGWYcyIEXpTH7fHUQ-dzQ6I-jZI4aD3Yxz56tSL1AijqT_ARaJarO8V8d2g29u8eh_tNUsHp8WaJ0bRh1eNWz0FYilT0Jtv_vvC8Nh433cXroa2LfmjYsjbRJJqu9p7D5fO0pGB0bv3RWsmxSORM886yWRcFaoBSubvQKy_6fbm2riXBDnDaqSd9kjCFM2uGd8A59zpwm03DoacZLhU1dRUdmZUoLb1abDQKevOFLfCv3FiCkDnVPCmd3SXv5RvyfQh2NmjEz4edFwrXSAkA3-j25fjCijr4d7swASLmvXH9AOSBQQIBBgBkgUECAUYBKAGN4AHyc_okAOoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G9gHAfIHBBCR1gLSCAkIgOGAEBABGB-ACgHICwHCEwYYyZeYsSjYEwzQFQGAFwGyFxwKGggAEhRwdWItNTcyMDc2MzI3MTUzMjM3NxgA&sigh=KwmKRrX-s2Q&uach_m=[UACH]&template_id=492
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&h=591&slotname=4336667154&adk=296923673&adf=1593494102&pi=t.ma~as.4336667154&w=1182&cr_col=4&cr_row=2&fwrn=2&lmt=1647958790&rafmt=9&psa=0&format=1182x591&url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe&crui=image_stacked&fwr=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1647958790506&bpp=1&bdt=393&idt=194&shv=r20220317&mjsv=m202203170101&ptt=9&saldr=aa&abxe=1&prev_fmts=299x250%2C299x600%2C1182x200%2C1200x200%2C1200x200%2C1200x200&correlator=1619148827151&frm=20&pv=1&ga_vid=288048568.1647958790&ga_sid=1647958791&ga_hid=1115656681&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=359&ady=2953&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C21066432%2C31065702%2C44760495%2C31063247&oid=2&pvsid=3871871897982972&pem=22&tmod=415969553&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=7&uci=a!7&btvi=3&fsb=1&xpc=BzyDBnNSkW&p=https%3A//www.threatminer.org&dtd=197
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&h=591&slotname=4336667154&adk=296923673&adf=1593494102&pi=t.ma~as.4336667154&w=1182&cr_col=4&cr_row=2&fwrn=2&lmt=1647958790&rafmt=9&psa=0&format=1182x591&url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe&crui=image_stacked&fwr=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1647958790506&bpp=1&bdt=393&idt=194&shv=r20220317&mjsv=m202203170101&ptt=9&saldr=aa&abxe=1&prev_fmts=299x250%2C299x600%2C1182x200%2C1200x200%2C1200x200%2C1200x200&correlator=1619148827151&frm=20&pv=1&ga_vid=288048568.1647958790&ga_sid=1647958791&ga_hid=1115656681&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=359&ady=2953&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C21066432%2C31065702%2C44760495%2C31063247&oid=2&pvsid=3871871897982972&pem=22&tmod=415969553&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=7&uci=a!7&btvi=3&fsb=1&xpc=BzyDBnNSkW&p=https%3A//www.threatminer.org&dtd=197
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin
*
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
date
Tue, 22 Mar 2022 14:19:52 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
adview
googleads.g.doubleclick.net/pagead/ Frame 1B99
0
0
Fetch
General
Full URL
https://googleads.g.doubleclick.net/pagead/adview?ai=CKj9FBts5YsCULta6YNKGlrABqPPql2msuKyI5A_a2R4QBCDVs65tKA5gleKQgqAHoAGKl_yIA8gBBqkCfxSS1kprjz6oAwHIAwKqBPIBT9ARyYxzMx6i1ok5csgJ8v4KAJnnwdHcp_tlMeHh3hGWYcyIEXpTH7fHUQ-dzQ6I-jZI4aD3Yxz56tSL1AijqT_ARaJarO8V8d2g29u8eh_tNUsHp8WaJ0bRh1ftW7sH1TL522Ny3vrVPp-5P5r8dT9cxhglhCNj_HicO9STDGk5JBKB0btGs2gmxSNkxcw6Q2Sp46kBSuwatq-_6fYTLLuXBDs2nKed9kg14s-uGd_gFHIDSP40boVfMDrB130mMkmojjjMrHQm_0SThmpHKHeN-nFPysNYpGKLtUxl4uyTY1-Q7ee-YnIzgoCrBZBxWIjABMuqwqLeA5IFBAgEGAGSBQQIBRgEkgUECAUYGJIFBQgFGKgBoAY3gAfe6IN3qAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhvYBwHyBwQQkdYC0ggJCIDhgBAQARgfgAoByAsBwhMGGIqX_IgD2BMM0BUBmBYBgBcBshccChoIABIUcHViLTU3MjA3NjMyNzE1MzIzNzcYAA&sigh=6rMGAiVdZQo&uach_m=[UACH]&template_id=492
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&h=591&slotname=4336667154&adk=296923673&adf=1593494102&pi=t.ma~as.4336667154&w=1182&cr_col=4&cr_row=2&fwrn=2&lmt=1647958790&rafmt=9&psa=0&format=1182x591&url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe&crui=image_stacked&fwr=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1647958790506&bpp=1&bdt=393&idt=194&shv=r20220317&mjsv=m202203170101&ptt=9&saldr=aa&abxe=1&prev_fmts=299x250%2C299x600%2C1182x200%2C1200x200%2C1200x200%2C1200x200&correlator=1619148827151&frm=20&pv=1&ga_vid=288048568.1647958790&ga_sid=1647958791&ga_hid=1115656681&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=359&ady=2953&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C21066432%2C31065702%2C44760495%2C31063247&oid=2&pvsid=3871871897982972&pem=22&tmod=415969553&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=7&uci=a!7&btvi=3&fsb=1&xpc=BzyDBnNSkW&p=https%3A//www.threatminer.org&dtd=197
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&h=591&slotname=4336667154&adk=296923673&adf=1593494102&pi=t.ma~as.4336667154&w=1182&cr_col=4&cr_row=2&fwrn=2&lmt=1647958790&rafmt=9&psa=0&format=1182x591&url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe&crui=image_stacked&fwr=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1647958790506&bpp=1&bdt=393&idt=194&shv=r20220317&mjsv=m202203170101&ptt=9&saldr=aa&abxe=1&prev_fmts=299x250%2C299x600%2C1182x200%2C1200x200%2C1200x200%2C1200x200&correlator=1619148827151&frm=20&pv=1&ga_vid=288048568.1647958790&ga_sid=1647958791&ga_hid=1115656681&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=359&ady=2953&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C21066432%2C31065702%2C44760495%2C31063247&oid=2&pvsid=3871871897982972&pem=22&tmod=415969553&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=7&uci=a!7&btvi=3&fsb=1&xpc=BzyDBnNSkW&p=https%3A//www.threatminer.org&dtd=197
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin
*
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
date
Tue, 22 Mar 2022 14:19:52 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
adview
googleads.g.doubleclick.net/pagead/ Frame 1B99
0
0
Fetch
General
Full URL
https://googleads.g.doubleclick.net/pagead/adview?ai=CJ307Bts5YsCULta6YNKGlrABx7vNo2i35_qw_Q7a2R4QBSDVs65tKA5gleKQgqAHoAHRouT_AsgBAakCrcBHatIetj6oAwHIAwKqBOYBT9Aq1MFzMh6i1ok5csgJ8v4KAJnnwdHcp_tlMeHh3hGWYcyIEXpTH7fHUQ-dzQ6I-jZI4aD3Yxz56tSL1AijqT_ARaJarO8V8d2g29u8eh_tNUsHp8WaJ0bRh1eFW6Jy73b682KvFBAZEDWTPsn9RT43yxIj1iIt_ZCfuJ6ODFM70RF00ruCRmtTxiNkOs_PwGSpFqr0SeYaQ6xK6vYT2bpiBzs2aaRo9Uk3F8xOHxMvW_EDqPn2WgVUHTReGNwRSERJMh8Ck4Iz9-okgbB5AHt_KPJQxkEWoFdFiLZvwOKLxIvw8wHABJ-X1tbvA5IFBAgEGAGSBQQIBRgEoAZmgAeX3ZuAAagHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4b2AcB8gcEEJHWAtIICQiA4YAQEAEYH4AKAcgLAcITBhjRouT_AtgTDIgUAdAVAZgWAYAXAbIXHAoaCAASFHB1Yi01NzIwNzYzMjcxNTMyMzc3GAA&sigh=Bo2J_-SMX-0&uach_m=[UACH]
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&h=591&slotname=4336667154&adk=296923673&adf=1593494102&pi=t.ma~as.4336667154&w=1182&cr_col=4&cr_row=2&fwrn=2&lmt=1647958790&rafmt=9&psa=0&format=1182x591&url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe&crui=image_stacked&fwr=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1647958790506&bpp=1&bdt=393&idt=194&shv=r20220317&mjsv=m202203170101&ptt=9&saldr=aa&abxe=1&prev_fmts=299x250%2C299x600%2C1182x200%2C1200x200%2C1200x200%2C1200x200&correlator=1619148827151&frm=20&pv=1&ga_vid=288048568.1647958790&ga_sid=1647958791&ga_hid=1115656681&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=359&ady=2953&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C21066432%2C31065702%2C44760495%2C31063247&oid=2&pvsid=3871871897982972&pem=22&tmod=415969553&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=7&uci=a!7&btvi=3&fsb=1&xpc=BzyDBnNSkW&p=https%3A//www.threatminer.org&dtd=197
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&h=591&slotname=4336667154&adk=296923673&adf=1593494102&pi=t.ma~as.4336667154&w=1182&cr_col=4&cr_row=2&fwrn=2&lmt=1647958790&rafmt=9&psa=0&format=1182x591&url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe&crui=image_stacked&fwr=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1647958790506&bpp=1&bdt=393&idt=194&shv=r20220317&mjsv=m202203170101&ptt=9&saldr=aa&abxe=1&prev_fmts=299x250%2C299x600%2C1182x200%2C1200x200%2C1200x200%2C1200x200&correlator=1619148827151&frm=20&pv=1&ga_vid=288048568.1647958790&ga_sid=1647958791&ga_hid=1115656681&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=359&ady=2953&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C21066432%2C31065702%2C44760495%2C31063247&oid=2&pvsid=3871871897982972&pem=22&tmod=415969553&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=7&uci=a!7&btvi=3&fsb=1&xpc=BzyDBnNSkW&p=https%3A//www.threatminer.org&dtd=197
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin
*
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
date
Tue, 22 Mar 2022 14:19:52 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
adview
googleads.g.doubleclick.net/pagead/ Frame 1B99
0
0
Fetch
General
Full URL
https://googleads.g.doubleclick.net/pagead/adview?ai=CkMUeBts5YsCULta6YNKGlrAB0NuP0WfCp9jVqQ_AjbcBEAYg1bOubSgOYJXikIKgB6ABra6QnwPIAQGoAwHIAwKqBOUBT9AxoNRzMR6i1ok5csgJ8v4KAJnnwdHcp_tlMeHh3hGWYcyIEXpTH7fHUQ-dzQ6I-jZI4aD3Yxz56tSL1AijqT_ARaJarO8V8d2g29u8eh_tNUsHp8WaJ0bRh1eFW5cNpmrg82KvFBAZEDWTPsn9RT43yxIj1iIt_ZCfuJ6ODFM70RF00ruCRmtTxiNkOs_PwGSpFqr0SeYaQ6xK6vYT2bpiBzs2aaRo9Uk3F8xOH0sGbBDiTzyAaouT2DxeGJzL2G1inSZyimUuCPRhg31ErOxWCvJc0qYI5VWIv5RvzvQ8_fvpFMAEroHyyO4DkgUECAQYAZIFBAgFGASgBlGAB7vR72CoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G9gHAfIHBBCR1gLSCAkIgOGAEBABGB-ACgHICwHCEwYYra6QnwPYEwKIFALQFQGYFgGAFwGyFxwKGggAEhRwdWItNTcyMDc2MzI3MTUzMjM3NxgA&sigh=JVs6i5b_I1E&uach_m=[UACH]
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&h=591&slotname=4336667154&adk=296923673&adf=1593494102&pi=t.ma~as.4336667154&w=1182&cr_col=4&cr_row=2&fwrn=2&lmt=1647958790&rafmt=9&psa=0&format=1182x591&url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe&crui=image_stacked&fwr=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1647958790506&bpp=1&bdt=393&idt=194&shv=r20220317&mjsv=m202203170101&ptt=9&saldr=aa&abxe=1&prev_fmts=299x250%2C299x600%2C1182x200%2C1200x200%2C1200x200%2C1200x200&correlator=1619148827151&frm=20&pv=1&ga_vid=288048568.1647958790&ga_sid=1647958791&ga_hid=1115656681&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=359&ady=2953&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C21066432%2C31065702%2C44760495%2C31063247&oid=2&pvsid=3871871897982972&pem=22&tmod=415969553&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=7&uci=a!7&btvi=3&fsb=1&xpc=BzyDBnNSkW&p=https%3A//www.threatminer.org&dtd=197
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&h=591&slotname=4336667154&adk=296923673&adf=1593494102&pi=t.ma~as.4336667154&w=1182&cr_col=4&cr_row=2&fwrn=2&lmt=1647958790&rafmt=9&psa=0&format=1182x591&url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe&crui=image_stacked&fwr=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1647958790506&bpp=1&bdt=393&idt=194&shv=r20220317&mjsv=m202203170101&ptt=9&saldr=aa&abxe=1&prev_fmts=299x250%2C299x600%2C1182x200%2C1200x200%2C1200x200%2C1200x200&correlator=1619148827151&frm=20&pv=1&ga_vid=288048568.1647958790&ga_sid=1647958791&ga_hid=1115656681&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=359&ady=2953&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C21066432%2C31065702%2C44760495%2C31063247&oid=2&pvsid=3871871897982972&pem=22&tmod=415969553&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=7&uci=a!7&btvi=3&fsb=1&xpc=BzyDBnNSkW&p=https%3A//www.threatminer.org&dtd=197
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin
*
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
date
Tue, 22 Mar 2022 14:19:52 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
adview
googleads.g.doubleclick.net/pagead/ Frame 1B99
0
0
Fetch
General
Full URL
https://googleads.g.doubleclick.net/pagead/adview?ai=CF3jXBts5YsCULta6YNKGlrAB4L2WnFHvs631mwnP18fUkw4QByDVs65tKA5gleKQgqAHoAGq-fSbA8gBAagDAcgDAqoE5wFP0EGqw3MwHqLWiTlyyAny_goAmefB0dyn-2Ux4eHeEZZhzIgRelMft8dRD53NDoj6NkjhoPdjHPnq1IvUCKOpP8BFolqs7xXx3aDb27x6H-01SwenxZonRtGHV41bKQViJxK04W7--8Lw2HjfdxeuhrYt-aNiyNtEkmq72nsPl87SkYHRu_dFaybFI5EzzzrJZFwVqgFK5u9ArL_p9ubauJcEOcNqpJ32SMIUza4Z3wDnrbrhmtTpQ-pUNpMQ3FHSDvAwns7H58VXQNvNu7T78Fxf0FDKVajxUXY9mE3A7J13ntndzwvABLOov6PBAZIFBAgEGAGSBQQIBRgEoAZmgAe-hotkqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhvYBwHyBwQQkdYC0ggJCIDhgBAQARgfgAoByAsBwhMGGKr59JsD2BMHiBQB0BUBmBYBgBcBshccChoIABIUcHViLTU3MjA3NjMyNzE1MzIzNzcYAA&sigh=zUA4swjviUw&uach_m=[UACH]
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&h=591&slotname=4336667154&adk=296923673&adf=1593494102&pi=t.ma~as.4336667154&w=1182&cr_col=4&cr_row=2&fwrn=2&lmt=1647958790&rafmt=9&psa=0&format=1182x591&url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe&crui=image_stacked&fwr=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1647958790506&bpp=1&bdt=393&idt=194&shv=r20220317&mjsv=m202203170101&ptt=9&saldr=aa&abxe=1&prev_fmts=299x250%2C299x600%2C1182x200%2C1200x200%2C1200x200%2C1200x200&correlator=1619148827151&frm=20&pv=1&ga_vid=288048568.1647958790&ga_sid=1647958791&ga_hid=1115656681&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=359&ady=2953&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C21066432%2C31065702%2C44760495%2C31063247&oid=2&pvsid=3871871897982972&pem=22&tmod=415969553&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=7&uci=a!7&btvi=3&fsb=1&xpc=BzyDBnNSkW&p=https%3A//www.threatminer.org&dtd=197
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&h=591&slotname=4336667154&adk=296923673&adf=1593494102&pi=t.ma~as.4336667154&w=1182&cr_col=4&cr_row=2&fwrn=2&lmt=1647958790&rafmt=9&psa=0&format=1182x591&url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe&crui=image_stacked&fwr=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1647958790506&bpp=1&bdt=393&idt=194&shv=r20220317&mjsv=m202203170101&ptt=9&saldr=aa&abxe=1&prev_fmts=299x250%2C299x600%2C1182x200%2C1200x200%2C1200x200%2C1200x200&correlator=1619148827151&frm=20&pv=1&ga_vid=288048568.1647958790&ga_sid=1647958791&ga_hid=1115656681&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=359&ady=2953&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C21066432%2C31065702%2C44760495%2C31063247&oid=2&pvsid=3871871897982972&pem=22&tmod=415969553&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=7&uci=a!7&btvi=3&fsb=1&xpc=BzyDBnNSkW&p=https%3A//www.threatminer.org&dtd=197
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin
*
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
date
Tue, 22 Mar 2022 14:19:52 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
adview
googleads.g.doubleclick.net/pagead/ Frame 1B99
0
0
Fetch
General
Full URL
https://googleads.g.doubleclick.net/pagead/adview?ai=Cp7lsBts5YsCULta6YNKGlrAB5teC9Giln7mUvw-X5az52A8QCCDVs65tKA5gleKQgqAHoAHMkISKA8gBBqkC_tKoKWXssT6oAwHIAwKqBPgBT9AzgMFzPx6i1ok5csgJ8v4KAJnnwdHcp_tlMeHh3hGWYcyIEXpTH7fHUQ-dzQ6I-jZI4aD3Yxz56tSL1AijqT_ARaJarO8V8d2g29u8eh_tNUsHp8WaJ0bRh1eNWykFYhJrkq12_vvC8Nh433cXroa2LfmjYsjbRJJqu9p7D5fO0pGB0bv3RWsmxSORM886yWRcFaoBSubvQKy_6fbm2riXBDnDaqSd9kjCFM2uGd8A59ea0ojU6UPqVDaTENxR0g7wMI_Ow9OPHlbb2KT3svN0hij3Xk-YhMi_nZRm2GBJyNMcJxweeEj_ThUpgUuB25n1uEu01mPABPThgJz6A5IFBAgEGAGSBQQIBRgEoAY3gAec7_t1qAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhvYBwHyBwQQkdYC0ggJCIDhgBAQARgfgAoByAsBwhMGGMyQhIoD2BMM0BUBgBcBshccChoIABIUcHViLTU3MjA3NjMyNzE1MzIzNzcYAA&sigh=bws0m5xeE9g&uach_m=[UACH]&template_id=492
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&h=591&slotname=4336667154&adk=296923673&adf=1593494102&pi=t.ma~as.4336667154&w=1182&cr_col=4&cr_row=2&fwrn=2&lmt=1647958790&rafmt=9&psa=0&format=1182x591&url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe&crui=image_stacked&fwr=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1647958790506&bpp=1&bdt=393&idt=194&shv=r20220317&mjsv=m202203170101&ptt=9&saldr=aa&abxe=1&prev_fmts=299x250%2C299x600%2C1182x200%2C1200x200%2C1200x200%2C1200x200&correlator=1619148827151&frm=20&pv=1&ga_vid=288048568.1647958790&ga_sid=1647958791&ga_hid=1115656681&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=359&ady=2953&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C21066432%2C31065702%2C44760495%2C31063247&oid=2&pvsid=3871871897982972&pem=22&tmod=415969553&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=7&uci=a!7&btvi=3&fsb=1&xpc=BzyDBnNSkW&p=https%3A//www.threatminer.org&dtd=197
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&h=591&slotname=4336667154&adk=296923673&adf=1593494102&pi=t.ma~as.4336667154&w=1182&cr_col=4&cr_row=2&fwrn=2&lmt=1647958790&rafmt=9&psa=0&format=1182x591&url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe&crui=image_stacked&fwr=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1647958790506&bpp=1&bdt=393&idt=194&shv=r20220317&mjsv=m202203170101&ptt=9&saldr=aa&abxe=1&prev_fmts=299x250%2C299x600%2C1182x200%2C1200x200%2C1200x200%2C1200x200&correlator=1619148827151&frm=20&pv=1&ga_vid=288048568.1647958790&ga_sid=1647958791&ga_hid=1115656681&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=359&ady=2953&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C21066432%2C31065702%2C44760495%2C31063247&oid=2&pvsid=3871871897982972&pem=22&tmod=415969553&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=7&uci=a!7&btvi=3&fsb=1&xpc=BzyDBnNSkW&p=https%3A//www.threatminer.org&dtd=197
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin
*
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
date
Tue, 22 Mar 2022 14:19:52 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
adview
googleads.g.doubleclick.net/pagead/ Frame 1B99
0
0
Fetch
General
Full URL
https://googleads.g.doubleclick.net/pagead/adview?ai=CIjIjBts5YsCULta6YNKGlrABxOnxi2moz8abvg_a2R4QCSDVs65tKA5gleKQgqAHoAHnt6CVA8gBBqkCWCz0URRysj6oAwHIAwKqBOUBT9BmocFzPR6i1ok5csgJ8v4KAJnnwdHcp_tlMeHh3hGWYcyIEXpTH7fHUQ-dzQ6I-jZI4aD3Yxz56tSL1AijqT_ARaJarO8V8d2g29u8eh_tNUsHp8XiJEaRh1OFW-c_u1Dg82KvFBAZEDWTPsn9RT43yxIj1iIt_ZCfuJ6ODFM70RF00ruCRmtTxiNkOs_PwGSpFqr0SeYaQ6xK6vYT2bpiBzs2aaRo9Uk3F8xOHw9dHxviTzyAaouT2JfYPuPL2G1iul1D8WQuLblVvn5EzexWCvJc0oNF0WiLv5RvzvQbhsqSFcAE-qS5ufYDkgUECAQYAZIFBAgFGASSBQQIBRgYkgUFCAUYqAGgBjeAB4HI32qoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G9gHAfIHBBCR1gLSCAkIgOGAEBABGB-ACgHICwHCEwYY57eglQPYEw3QFQGAFwGyFxwKGggAEhRwdWItNTcyMDc2MzI3MTUzMjM3NxgA&sigh=CEH8Fl6wcnE&uach_m=[UACH]&template_id=492
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&h=591&slotname=4336667154&adk=296923673&adf=1593494102&pi=t.ma~as.4336667154&w=1182&cr_col=4&cr_row=2&fwrn=2&lmt=1647958790&rafmt=9&psa=0&format=1182x591&url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe&crui=image_stacked&fwr=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1647958790506&bpp=1&bdt=393&idt=194&shv=r20220317&mjsv=m202203170101&ptt=9&saldr=aa&abxe=1&prev_fmts=299x250%2C299x600%2C1182x200%2C1200x200%2C1200x200%2C1200x200&correlator=1619148827151&frm=20&pv=1&ga_vid=288048568.1647958790&ga_sid=1647958791&ga_hid=1115656681&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=359&ady=2953&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C21066432%2C31065702%2C44760495%2C31063247&oid=2&pvsid=3871871897982972&pem=22&tmod=415969553&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=7&uci=a!7&btvi=3&fsb=1&xpc=BzyDBnNSkW&p=https%3A//www.threatminer.org&dtd=197
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&h=591&slotname=4336667154&adk=296923673&adf=1593494102&pi=t.ma~as.4336667154&w=1182&cr_col=4&cr_row=2&fwrn=2&lmt=1647958790&rafmt=9&psa=0&format=1182x591&url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe&crui=image_stacked&fwr=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1647958790506&bpp=1&bdt=393&idt=194&shv=r20220317&mjsv=m202203170101&ptt=9&saldr=aa&abxe=1&prev_fmts=299x250%2C299x600%2C1182x200%2C1200x200%2C1200x200%2C1200x200&correlator=1619148827151&frm=20&pv=1&ga_vid=288048568.1647958790&ga_sid=1647958791&ga_hid=1115656681&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=359&ady=2953&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C21066432%2C31065702%2C44760495%2C31063247&oid=2&pvsid=3871871897982972&pem=22&tmod=415969553&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=7&uci=a!7&btvi=3&fsb=1&xpc=BzyDBnNSkW&p=https%3A//www.threatminer.org&dtd=197
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin
*
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
date
Tue, 22 Mar 2022 14:19:52 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
adview
googleads.g.doubleclick.net/pagead/ Frame 1B99
0
0
Fetch
General
Full URL
https://googleads.g.doubleclick.net/pagead/adview?ai=CPK8dBts5YsCULta6YNKGlrABqIOElWmFjNulyw_a2R4QCiDVs65tKA5gleKQgqAHoAHI_qunAsgBBqkC-BGZyYglgT6oAwHIAwKqBPABT9At-59zPB6i1ok5csgJ8v4KAJnnwdHcp_tlMeHh3hGWYcyIEXpTH7fHUQ-dzQ6I-jZI4aD3Yxz56tSL1AijqT_ARaJarO8V8d2g29u8eh_tNUsHp8XiJEbxh9bB1KXPoN7-02OwgUic69h45XAXrt-xLfmbbsjbfZ53u2B5-tA70RHFJLiCRmumMCBksM86NmepFqABv-UaQ6y_HPUT2biX8Tg2aaSfA0s3F8yu7Nzh4XECyPo1DoeUDtLbGjxWEPruMHHOYXwmv97ZP2iJ7W7pHPLJYp0fSepNlLZvwOCL9u_Oqgo8dFA9mmt2HPSXwATjjoT05QOSBQQIBBgBkgUECAUYBKAGN4AHyYn24gGoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G9gHAfIHBBCR1gLSCAkIgOGAEBABGB-ACgHICwHCEwYYyP6rpwLYEwzQFQGAFwGyFxwKGggAEhRwdWItNTcyMDc2MzI3MTUzMjM3NxgA&sigh=9dRAzzEhVRg&uach_m=[UACH]&template_id=492
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&h=591&slotname=4336667154&adk=296923673&adf=1593494102&pi=t.ma~as.4336667154&w=1182&cr_col=4&cr_row=2&fwrn=2&lmt=1647958790&rafmt=9&psa=0&format=1182x591&url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe&crui=image_stacked&fwr=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1647958790506&bpp=1&bdt=393&idt=194&shv=r20220317&mjsv=m202203170101&ptt=9&saldr=aa&abxe=1&prev_fmts=299x250%2C299x600%2C1182x200%2C1200x200%2C1200x200%2C1200x200&correlator=1619148827151&frm=20&pv=1&ga_vid=288048568.1647958790&ga_sid=1647958791&ga_hid=1115656681&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=359&ady=2953&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C21066432%2C31065702%2C44760495%2C31063247&oid=2&pvsid=3871871897982972&pem=22&tmod=415969553&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=7&uci=a!7&btvi=3&fsb=1&xpc=BzyDBnNSkW&p=https%3A//www.threatminer.org&dtd=197
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&h=591&slotname=4336667154&adk=296923673&adf=1593494102&pi=t.ma~as.4336667154&w=1182&cr_col=4&cr_row=2&fwrn=2&lmt=1647958790&rafmt=9&psa=0&format=1182x591&url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe&crui=image_stacked&fwr=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1647958790506&bpp=1&bdt=393&idt=194&shv=r20220317&mjsv=m202203170101&ptt=9&saldr=aa&abxe=1&prev_fmts=299x250%2C299x600%2C1182x200%2C1200x200%2C1200x200%2C1200x200&correlator=1619148827151&frm=20&pv=1&ga_vid=288048568.1647958790&ga_sid=1647958791&ga_hid=1115656681&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=359&ady=2953&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C21066432%2C31065702%2C44760495%2C31063247&oid=2&pvsid=3871871897982972&pem=22&tmod=415969553&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=7&uci=a!7&btvi=3&fsb=1&xpc=BzyDBnNSkW&p=https%3A//www.threatminer.org&dtd=197
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin
*
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
date
Tue, 22 Mar 2022 14:19:52 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
adview
googleads.g.doubleclick.net/pagead/ Frame 1B99
0
0
Fetch
General
Full URL
https://googleads.g.doubleclick.net/pagead/adview?ai=C0YebBts5YsCULta6YNKGlrABwe3e82jw6qmP9QuwkB8QCyDVs65tKA5gleKQgqAHoAH02syZA8gBBqkCWCz0URRysj6oAwHIAwKqBOUBT9BN0edzOx6i1ok5csgJ8v4KAJnnwdHcp_tlMeHh3hGWYcyIEXpTH7fHUQ-dzQ6I-jZI4aD3Yxz56tSL1AijqT_ARaJarO8V8d2g29u8eh_tNUsHp8XiJEaRh1OFW-lXu0jg82KvFBAZEDWTPsn9RT43yxIj1iIt_ZCfuJ6ODFM70RF00ruCRmtTxiNkOs_PwGSpFqr0SeYaQ6xK6vYT2bpiBzs2aaRo9Uk3F8xOH1gQMBfiTzyAaouT2DxeGJzL2G1i0kQe2GQuc99ijX5Enu9WCvJc0t0j5luLv5RvzvRzn5e7FcAEtPHErYICkgUECAQYAZIFBAgFGASSBQQIBRgYkgUFCAUYqAGgBjeAB_Sks2aoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G9gHAfIHBBCR1gLSCAkIgOGAEBABGB-ACgHICwHCEwYY9NrMmQPYEwyIFAPQFQGYFgGAFwGyFxwKGggAEhRwdWItNTcyMDc2MzI3MTUzMjM3NxgA&sigh=kDHQX8XYy1I&uach_m=[UACH]&template_id=492
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&h=591&slotname=4336667154&adk=296923673&adf=1593494102&pi=t.ma~as.4336667154&w=1182&cr_col=4&cr_row=2&fwrn=2&lmt=1647958790&rafmt=9&psa=0&format=1182x591&url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe&crui=image_stacked&fwr=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1647958790506&bpp=1&bdt=393&idt=194&shv=r20220317&mjsv=m202203170101&ptt=9&saldr=aa&abxe=1&prev_fmts=299x250%2C299x600%2C1182x200%2C1200x200%2C1200x200%2C1200x200&correlator=1619148827151&frm=20&pv=1&ga_vid=288048568.1647958790&ga_sid=1647958791&ga_hid=1115656681&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=359&ady=2953&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C21066432%2C31065702%2C44760495%2C31063247&oid=2&pvsid=3871871897982972&pem=22&tmod=415969553&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=7&uci=a!7&btvi=3&fsb=1&xpc=BzyDBnNSkW&p=https%3A//www.threatminer.org&dtd=197
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&h=591&slotname=4336667154&adk=296923673&adf=1593494102&pi=t.ma~as.4336667154&w=1182&cr_col=4&cr_row=2&fwrn=2&lmt=1647958790&rafmt=9&psa=0&format=1182x591&url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe&crui=image_stacked&fwr=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1647958790506&bpp=1&bdt=393&idt=194&shv=r20220317&mjsv=m202203170101&ptt=9&saldr=aa&abxe=1&prev_fmts=299x250%2C299x600%2C1182x200%2C1200x200%2C1200x200%2C1200x200&correlator=1619148827151&frm=20&pv=1&ga_vid=288048568.1647958790&ga_sid=1647958791&ga_hid=1115656681&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=359&ady=2953&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C21066432%2C31065702%2C44760495%2C31063247&oid=2&pvsid=3871871897982972&pem=22&tmod=415969553&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=7&uci=a!7&btvi=3&fsb=1&xpc=BzyDBnNSkW&p=https%3A//www.threatminer.org&dtd=197
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin
*
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
date
Tue, 22 Mar 2022 14:19:52 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
adview
googleads.g.doubleclick.net/pagead/ Frame 1B99
0
0
Fetch
General
Full URL
https://googleads.g.doubleclick.net/pagead/adview?ai=CJVwoBts5YsCULta6YNKGlrABqufC92i6xfHrzA-PsvbF-xsQDCDVs65tKA5gleKQgqAHoAGSmav8AsgBBqgDAcgDAqoE5gFP0HWV03M6HqLWiTlyyAny_goAmefB0dyn-2Ux4eHeEZZhzIgRelMft8dRD53NDoj6NkjhoPdjHPnq1IvUCKOpP8BFolqs7xXx3aDb27x6H-01SwenxeIkRpGHSoVbmHXnL_nzYq8UEBkQNZM-yf1FPjfLEiPWIi39kJ-4no4MUzvREXTSu4JGa1PGI2Q6z8_AZKkWqvRJ5hpDrErq9hPZumIHOzZppGj1STcXzE4fEggT8gOo-fZaBVQdNF4Y3BFIREkyMQK94TT3zzDr83oAe38o8lDGQTO0PQaLtm_A4ovqi96QBsAEptCD8rEDkgUECAQYAZIFBAgFGASgBjeAB9bm1IMBqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhvYBwHyBwQQkdYC0ggJCIDhgBAQARgfgAoByAsBwhMGGJKZq_wC2BMNiBQB0BUBmBYBgBcBshccChoIABIUcHViLTU3MjA3NjMyNzE1MzIzNzcYAA&sigh=5qNA69z9v2w&uach_m=[UACH]&template_id=492
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&h=591&slotname=4336667154&adk=296923673&adf=1593494102&pi=t.ma~as.4336667154&w=1182&cr_col=4&cr_row=2&fwrn=2&lmt=1647958790&rafmt=9&psa=0&format=1182x591&url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe&crui=image_stacked&fwr=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1647958790506&bpp=1&bdt=393&idt=194&shv=r20220317&mjsv=m202203170101&ptt=9&saldr=aa&abxe=1&prev_fmts=299x250%2C299x600%2C1182x200%2C1200x200%2C1200x200%2C1200x200&correlator=1619148827151&frm=20&pv=1&ga_vid=288048568.1647958790&ga_sid=1647958791&ga_hid=1115656681&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=359&ady=2953&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C21066432%2C31065702%2C44760495%2C31063247&oid=2&pvsid=3871871897982972&pem=22&tmod=415969553&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=7&uci=a!7&btvi=3&fsb=1&xpc=BzyDBnNSkW&p=https%3A//www.threatminer.org&dtd=197
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&h=591&slotname=4336667154&adk=296923673&adf=1593494102&pi=t.ma~as.4336667154&w=1182&cr_col=4&cr_row=2&fwrn=2&lmt=1647958790&rafmt=9&psa=0&format=1182x591&url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe&crui=image_stacked&fwr=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1647958790506&bpp=1&bdt=393&idt=194&shv=r20220317&mjsv=m202203170101&ptt=9&saldr=aa&abxe=1&prev_fmts=299x250%2C299x600%2C1182x200%2C1200x200%2C1200x200%2C1200x200&correlator=1619148827151&frm=20&pv=1&ga_vid=288048568.1647958790&ga_sid=1647958791&ga_hid=1115656681&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=359&ady=2953&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C21066432%2C31065702%2C44760495%2C31063247&oid=2&pvsid=3871871897982972&pem=22&tmod=415969553&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=7&uci=a!7&btvi=3&fsb=1&xpc=BzyDBnNSkW&p=https%3A//www.threatminer.org&dtd=197
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin
*
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
date
Tue, 22 Mar 2022 14:19:52 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
adview
googleads.g.doubleclick.net/pagead/ Frame 1B99
0
0
Fetch
General
Full URL
https://googleads.g.doubleclick.net/pagead/adview?ai=C9Ag1Bts5YsCULta6YNKGlrABze2B1Gegs7v6ww2n45amlQ4QDSDVs65tKA5gleKQgqAHoAHFkYyUAsgBBqgDAcgDAqoE6AFP0BC5wnM5HqLWiTlyyAny_goAmefB0dyn-2Ux4eHeEZZhzIgRelMft8dRD53NDoj6NkjhoPdjHPnq1IvUCKOpP8BFolqs7xXx3aDb27x6H-01SwenxZonRtGHV41bKQViVHy56G7--8Lw2HjfdxeuhrYt-aNiyNtEkmq72nsPl87SkYHRu_dFaybFI5EzzzrJZFwVqgFK5u9ArL_p9ubauJcEOcNqpJ32SMIUza4Z3wDnkKv-bjYOhpxkuFTV1FHSTiqgtuRp2qsw5M4U84vbRWIi-3LKWbxHbBhaPHri7JNhX5Hi775iwASZi6vCrgOSBQQIBBgBkgUECAUYBKAGN4AHo-7z6wGoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G9gHAfIHBBCR1gLSCAkIgOGAEBABGB-ACgHICwHCEwYYxZGMlALYEwzQFQGYFgGAFwGyFxwKGggAEhRwdWItNTcyMDc2MzI3MTUzMjM3NxgA&sigh=KVa3Q9FDJnU&uach_m=[UACH]&template_id=492
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&h=591&slotname=4336667154&adk=296923673&adf=1593494102&pi=t.ma~as.4336667154&w=1182&cr_col=4&cr_row=2&fwrn=2&lmt=1647958790&rafmt=9&psa=0&format=1182x591&url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe&crui=image_stacked&fwr=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1647958790506&bpp=1&bdt=393&idt=194&shv=r20220317&mjsv=m202203170101&ptt=9&saldr=aa&abxe=1&prev_fmts=299x250%2C299x600%2C1182x200%2C1200x200%2C1200x200%2C1200x200&correlator=1619148827151&frm=20&pv=1&ga_vid=288048568.1647958790&ga_sid=1647958791&ga_hid=1115656681&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=359&ady=2953&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C21066432%2C31065702%2C44760495%2C31063247&oid=2&pvsid=3871871897982972&pem=22&tmod=415969553&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=7&uci=a!7&btvi=3&fsb=1&xpc=BzyDBnNSkW&p=https%3A//www.threatminer.org&dtd=197
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&h=591&slotname=4336667154&adk=296923673&adf=1593494102&pi=t.ma~as.4336667154&w=1182&cr_col=4&cr_row=2&fwrn=2&lmt=1647958790&rafmt=9&psa=0&format=1182x591&url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe&crui=image_stacked&fwr=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1647958790506&bpp=1&bdt=393&idt=194&shv=r20220317&mjsv=m202203170101&ptt=9&saldr=aa&abxe=1&prev_fmts=299x250%2C299x600%2C1182x200%2C1200x200%2C1200x200%2C1200x200&correlator=1619148827151&frm=20&pv=1&ga_vid=288048568.1647958790&ga_sid=1647958791&ga_hid=1115656681&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=359&ady=2953&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C21066432%2C31065702%2C44760495%2C31063247&oid=2&pvsid=3871871897982972&pem=22&tmod=415969553&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=7&uci=a!7&btvi=3&fsb=1&xpc=BzyDBnNSkW&p=https%3A//www.threatminer.org&dtd=197
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin
*
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
date
Tue, 22 Mar 2022 14:19:52 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
adview
googleads.g.doubleclick.net/pagead/ Frame 1B99
0
0
Fetch
General
Full URL
https://googleads.g.doubleclick.net/pagead/adview?ai=CSAx6Bts5YsCULta6YNKGlrAB77rj0mi4vOCy_Q_bsZ_10SsQDiDVs65tKA5gleKQgqAHoAHI5NeKA8gBBqkCWCz0URRysj6oAwHIAwKqBOUBT9Aw7NVzPh6i1ok5csgJ8v4KAJnnwdHcp_tlMeHh3hGWYcyIEXpTH7fHUQ-dzQ6I-jZI4aD3Yxz56tSL1AijqT_ARaJarO8V8d2g29u8eh_tNUsHp8WaJ0bRh1eFW_cC5gH582KvFBAZEDWTPsn9RT43yxIj1iIt_ZCfuJ6ODFM70RF00ruCRmtTxiNkOs_PwGSpFqr0SeYaQ6xK6vYT2bpiBzs2aaRo9Uk3F8xOHwcCJwTiTzyAaouT2DxeGJzL2G1i8hFh5m4uW_po6X1Ehe9WCvJc0vUG7D-Iv5RvzvRTyuiFH8AEmrSCrvEDkgUECAQYAZIFBAgFGASSBQQIBRgYkgUFCAUYqAGgBjeAB6CbqHWoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G9gHAfIHBBCR1gLSCAkIgOGAEBABGB-ACgHICwHCEwYYyOTXigPYEw3QFQGYFgGAFwGyFxwKGggAEhRwdWItNTcyMDc2MzI3MTUzMjM3NxgA&sigh=wQCGJ54Y9tc&uach_m=[UACH]&template_id=492
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&h=591&slotname=4336667154&adk=296923673&adf=1593494102&pi=t.ma~as.4336667154&w=1182&cr_col=4&cr_row=2&fwrn=2&lmt=1647958790&rafmt=9&psa=0&format=1182x591&url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe&crui=image_stacked&fwr=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1647958790506&bpp=1&bdt=393&idt=194&shv=r20220317&mjsv=m202203170101&ptt=9&saldr=aa&abxe=1&prev_fmts=299x250%2C299x600%2C1182x200%2C1200x200%2C1200x200%2C1200x200&correlator=1619148827151&frm=20&pv=1&ga_vid=288048568.1647958790&ga_sid=1647958791&ga_hid=1115656681&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=359&ady=2953&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C21066432%2C31065702%2C44760495%2C31063247&oid=2&pvsid=3871871897982972&pem=22&tmod=415969553&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=7&uci=a!7&btvi=3&fsb=1&xpc=BzyDBnNSkW&p=https%3A//www.threatminer.org&dtd=197
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&h=591&slotname=4336667154&adk=296923673&adf=1593494102&pi=t.ma~as.4336667154&w=1182&cr_col=4&cr_row=2&fwrn=2&lmt=1647958790&rafmt=9&psa=0&format=1182x591&url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe&crui=image_stacked&fwr=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1647958790506&bpp=1&bdt=393&idt=194&shv=r20220317&mjsv=m202203170101&ptt=9&saldr=aa&abxe=1&prev_fmts=299x250%2C299x600%2C1182x200%2C1200x200%2C1200x200%2C1200x200&correlator=1619148827151&frm=20&pv=1&ga_vid=288048568.1647958790&ga_sid=1647958791&ga_hid=1115656681&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=359&ady=2953&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C21066432%2C31065702%2C44760495%2C31063247&oid=2&pvsid=3871871897982972&pem=22&tmod=415969553&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=7&uci=a!7&btvi=3&fsb=1&xpc=BzyDBnNSkW&p=https%3A//www.threatminer.org&dtd=197
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin
*
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
date
Tue, 22 Mar 2022 14:19:52 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
animejs.js
static.criteo.net/animejs/ Frame 24A7
12 KB
6 KB
Script
General
Full URL
https://static.criteo.net/animejs/animejs.js
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=YjnbBgALJNQIu8ZKAACOAR93n3iKa0OY_VSalw&u=%7CEqx3jKV1DZXJNqL%2FvmTofLMhp4jJnXGjxAPA4gjvkrc%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM0j2hknANCpMoZ3wmmJmKy__U_jolI7iL-L4oo_FnJwhiD6XEKNVdGPbb-6J8D005IDm9Rql_SVJGy9NVdCAfiWII0YZM3VSSfF4RZOXBcp4xRDprOO4fbJpclnaPC-RTWwsQ7G7XiDgHbICEQxcjlMOmjG_Z_XKXolG-gcOr47qM6mQv-5KkQmuYwE7P6nmsoyDUH-zAbgl-nVrnWvtIFTxwYsxV5mY8nrt-NgOJPYfqHr3ss2q9Fze9x2eRN3wEHmcTjwhFJD9u9TjMZmFPrU_jZYRwcvNQv1fKRM70qu9wZGYbThHREvFm2iGI2CKe7TR-eRiml2xoJwQXkgmLlnbC1XgTFGjNFO1y14Qlvrqxj-RJ-Bsu-8mgq0IwCf1fO8tndQIWkK7Nmw09I0YbgftwT7VZRNVb&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCEuvkBts5YtTJLMqM7_UPgZyCqAvJntKxXL2Ol_dwwI23ARABIABgleKQgqAHggEXY2EtcHViLTU3MjA3NjMyNzE1MzIzNzegAdW20uoDyAEJqQLL5yCrq22yPqgDAaoE1gFP0BUCmFBu3XLj-qSG5nNj5RTgTDVKgCPHv7Gxfy2CW257-dm0yM98bVy70zhEWC7Gyc_mwqhqjJ-xmVIWWeyTgzXvzIv8z6ZEsenllbmK4OLCCrtpwTmjHYfjw2bt_OC76jPtD7uiWALa86WSrd3BfhzxR0RgLfbGf_Xe3AJ75pYFUAlkfWbkUo7oXBd0yEKQm8LmYp-wk7wlrwztS8SKFOUkOznr_Efftkyf1FL6-mh8K7lmFs9PMui1SPR1oFDGRAuIIm2HweMKtOThfwQZWifP26w3gAbUoIrLpJuoo2ygBiGoB4qYsQKoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_1eKWicQTeBrxt2UvIc0uNQ3ABpMQ%26client%3Dca-pub-5720763271532377%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
a2e14a498cfcc1b6920f069a9d657ad3c6fbbe217dd26dbfe54815db5107fed6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:19:52 GMT
content-encoding
gzip
last-modified
Tue, 26 Mar 2019 17:44:11 GMT
server
nginx
cross-origin-embedder-policy
require-corp
etag
W/"5c9a64eb-3181"
strict-transport-security
max-age=31536000; preload;
content-type
text/javascript
access-control-allow-origin
*
cache-control
max-age=31104000, public
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
expires
Fri, 17 Mar 2023 14:19:52 GMT
img
pix.eu.criteo.net/img/ Frame 24A7
25 KB
25 KB
Image
General
Full URL
https://pix.eu.criteo.net/img/img?h=116&m=0&partner=2861&q=80&r=0&u=http%3A%2F%2Fstatic.nl.eu.criteo.net%2Fdesign%2Fdt%2F2861%2F190124%2F79f2c646e3f74b54931cff1f39d769d0_blue.png&v=3&w=594&s=x3NeXAkvXYD2FSNYDOZETeAu
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=YjnbBgALJNQIu8ZKAACOAR93n3iKa0OY_VSalw&u=%7CEqx3jKV1DZXJNqL%2FvmTofLMhp4jJnXGjxAPA4gjvkrc%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM0j2hknANCpMoZ3wmmJmKy__U_jolI7iL-L4oo_FnJwhiD6XEKNVdGPbb-6J8D005IDm9Rql_SVJGy9NVdCAfiWII0YZM3VSSfF4RZOXBcp4xRDprOO4fbJpclnaPC-RTWwsQ7G7XiDgHbICEQxcjlMOmjG_Z_XKXolG-gcOr47qM6mQv-5KkQmuYwE7P6nmsoyDUH-zAbgl-nVrnWvtIFTxwYsxV5mY8nrt-NgOJPYfqHr3ss2q9Fze9x2eRN3wEHmcTjwhFJD9u9TjMZmFPrU_jZYRwcvNQv1fKRM70qu9wZGYbThHREvFm2iGI2CKe7TR-eRiml2xoJwQXkgmLlnbC1XgTFGjNFO1y14Qlvrqxj-RJ-Bsu-8mgq0IwCf1fO8tndQIWkK7Nmw09I0YbgftwT7VZRNVb&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCEuvkBts5YtTJLMqM7_UPgZyCqAvJntKxXL2Ol_dwwI23ARABIABgleKQgqAHggEXY2EtcHViLTU3MjA3NjMyNzE1MzIzNzegAdW20uoDyAEJqQLL5yCrq22yPqgDAaoE1gFP0BUCmFBu3XLj-qSG5nNj5RTgTDVKgCPHv7Gxfy2CW257-dm0yM98bVy70zhEWC7Gyc_mwqhqjJ-xmVIWWeyTgzXvzIv8z6ZEsenllbmK4OLCCrtpwTmjHYfjw2bt_OC76jPtD7uiWALa86WSrd3BfhzxR0RgLfbGf_Xe3AJ75pYFUAlkfWbkUo7oXBd0yEKQm8LmYp-wk7wlrwztS8SKFOUkOznr_Efftkyf1FL6-mh8K7lmFs9PMui1SPR1oFDGRAuIIm2HweMKtOThfwQZWifP26w3gAbUoIrLpJuoo2ygBiGoB4qYsQKoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_1eKWicQTeBrxt2UvIc0uNQ3ABpMQ%26client%3Dca-pub-5720763271532377%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
pix.par.vip.prod.criteo.com
Software
Finatra /
Resource Hash
0b13f84a6dde5e31b8a9e05852d609f5aa9d41b1b86c26d2d4f773b7dca0a675
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:19:51 GMT
last-modified
Wed, 4 Jun 2008 06:06:06 GMT
server
Finatra
vary
Origin
content-type
image/png
cache-control
public, max-age=29885869
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; preload;
timing-allow-origin
*
content-length
25396
expires
Fri, 03 Mar 2023 11:57:41 GMT
img
pix.eu.criteo.net/img/ Frame 24A7
2 KB
2 KB
Image
General
Full URL
https://pix.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=2861&q=80&r=0&u=http%3A%2F%2Fwww.stepstone.de%2Fupload_DE%2Flogo%2F6%2FlogoBosch-Gruppe-2804DE-1909091413.gif%3Feb%3D1&v=3&w=400&s=mpSaavc37cTAcDERDSmhZdBJ&b=400
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=YjnbBgALJNQIu8ZKAACOAR93n3iKa0OY_VSalw&u=%7CEqx3jKV1DZXJNqL%2FvmTofLMhp4jJnXGjxAPA4gjvkrc%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM0j2hknANCpMoZ3wmmJmKy__U_jolI7iL-L4oo_FnJwhiD6XEKNVdGPbb-6J8D005IDm9Rql_SVJGy9NVdCAfiWII0YZM3VSSfF4RZOXBcp4xRDprOO4fbJpclnaPC-RTWwsQ7G7XiDgHbICEQxcjlMOmjG_Z_XKXolG-gcOr47qM6mQv-5KkQmuYwE7P6nmsoyDUH-zAbgl-nVrnWvtIFTxwYsxV5mY8nrt-NgOJPYfqHr3ss2q9Fze9x2eRN3wEHmcTjwhFJD9u9TjMZmFPrU_jZYRwcvNQv1fKRM70qu9wZGYbThHREvFm2iGI2CKe7TR-eRiml2xoJwQXkgmLlnbC1XgTFGjNFO1y14Qlvrqxj-RJ-Bsu-8mgq0IwCf1fO8tndQIWkK7Nmw09I0YbgftwT7VZRNVb&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCEuvkBts5YtTJLMqM7_UPgZyCqAvJntKxXL2Ol_dwwI23ARABIABgleKQgqAHggEXY2EtcHViLTU3MjA3NjMyNzE1MzIzNzegAdW20uoDyAEJqQLL5yCrq22yPqgDAaoE1gFP0BUCmFBu3XLj-qSG5nNj5RTgTDVKgCPHv7Gxfy2CW257-dm0yM98bVy70zhEWC7Gyc_mwqhqjJ-xmVIWWeyTgzXvzIv8z6ZEsenllbmK4OLCCrtpwTmjHYfjw2bt_OC76jPtD7uiWALa86WSrd3BfhzxR0RgLfbGf_Xe3AJ75pYFUAlkfWbkUo7oXBd0yEKQm8LmYp-wk7wlrwztS8SKFOUkOznr_Efftkyf1FL6-mh8K7lmFs9PMui1SPR1oFDGRAuIIm2HweMKtOThfwQZWifP26w3gAbUoIrLpJuoo2ygBiGoB4qYsQKoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_1eKWicQTeBrxt2UvIc0uNQ3ABpMQ%26client%3Dca-pub-5720763271532377%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
pix.par.vip.prod.criteo.com
Software
Finatra /
Resource Hash
490319aff00a55cfc00d9e24f71f39fc0801858055c62c07bec8fabf2f6e24ff
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:19:51 GMT
last-modified
Wed, 4 Jun 2008 06:06:06 GMT
server
Finatra
vary
Origin
content-type
image/webp
cache-control
public, max-age=1951066
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; preload;
timing-allow-origin
*
content-length
1584
expires
Thu, 14 Apr 2022 04:17:38 GMT
img
pix.eu.criteo.net/img/ Frame 24A7
1 KB
1 KB
Image
General
Full URL
https://pix.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=2861&q=80&r=0&u=http%3A%2F%2Fwww.stepstone.de%2Fupload_DE%2Flogo%2FZ%2FlogoZEISS-3427DE.gif%3Feb%3D1&v=3&w=400&s=57jpJpXqQqO6aPmte_wy5ihf&b=400
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=YjnbBgALJNQIu8ZKAACOAR93n3iKa0OY_VSalw&u=%7CEqx3jKV1DZXJNqL%2FvmTofLMhp4jJnXGjxAPA4gjvkrc%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM0j2hknANCpMoZ3wmmJmKy__U_jolI7iL-L4oo_FnJwhiD6XEKNVdGPbb-6J8D005IDm9Rql_SVJGy9NVdCAfiWII0YZM3VSSfF4RZOXBcp4xRDprOO4fbJpclnaPC-RTWwsQ7G7XiDgHbICEQxcjlMOmjG_Z_XKXolG-gcOr47qM6mQv-5KkQmuYwE7P6nmsoyDUH-zAbgl-nVrnWvtIFTxwYsxV5mY8nrt-NgOJPYfqHr3ss2q9Fze9x2eRN3wEHmcTjwhFJD9u9TjMZmFPrU_jZYRwcvNQv1fKRM70qu9wZGYbThHREvFm2iGI2CKe7TR-eRiml2xoJwQXkgmLlnbC1XgTFGjNFO1y14Qlvrqxj-RJ-Bsu-8mgq0IwCf1fO8tndQIWkK7Nmw09I0YbgftwT7VZRNVb&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCEuvkBts5YtTJLMqM7_UPgZyCqAvJntKxXL2Ol_dwwI23ARABIABgleKQgqAHggEXY2EtcHViLTU3MjA3NjMyNzE1MzIzNzegAdW20uoDyAEJqQLL5yCrq22yPqgDAaoE1gFP0BUCmFBu3XLj-qSG5nNj5RTgTDVKgCPHv7Gxfy2CW257-dm0yM98bVy70zhEWC7Gyc_mwqhqjJ-xmVIWWeyTgzXvzIv8z6ZEsenllbmK4OLCCrtpwTmjHYfjw2bt_OC76jPtD7uiWALa86WSrd3BfhzxR0RgLfbGf_Xe3AJ75pYFUAlkfWbkUo7oXBd0yEKQm8LmYp-wk7wlrwztS8SKFOUkOznr_Efftkyf1FL6-mh8K7lmFs9PMui1SPR1oFDGRAuIIm2HweMKtOThfwQZWifP26w3gAbUoIrLpJuoo2ygBiGoB4qYsQKoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_1eKWicQTeBrxt2UvIc0uNQ3ABpMQ%26client%3Dca-pub-5720763271532377%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
pix.par.vip.prod.criteo.com
Software
Finatra /
Resource Hash
a6c11502463f3445d37d3184cef1016bb3c77dbc12b88636788632bfe5e87b98
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:19:51 GMT
last-modified
Wed, 4 Jun 2008 06:06:06 GMT
server
Finatra
vary
Origin
content-type
image/webp
cache-control
public, max-age=2080813
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; preload;
timing-allow-origin
*
content-length
1244
expires
Fri, 15 Apr 2022 16:20:05 GMT
img
pix.eu.criteo.net/img/ Frame 24A7
400 B
663 B
Image
General
Full URL
https://pix.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=2861&q=80&r=0&u=http%3A%2F%2Fwww.stepstone.de%2Fupload_DE%2Flogo%2FD%2FlogoDB_Mobility_Logistics_AG_60544DE.gif%3Feb%3D1&v=3&w=400&s=qejL_9Irgvb-0KwTC4SpoEgt&b=400
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=YjnbBgALJNQIu8ZKAACOAR93n3iKa0OY_VSalw&u=%7CEqx3jKV1DZXJNqL%2FvmTofLMhp4jJnXGjxAPA4gjvkrc%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM0j2hknANCpMoZ3wmmJmKy__U_jolI7iL-L4oo_FnJwhiD6XEKNVdGPbb-6J8D005IDm9Rql_SVJGy9NVdCAfiWII0YZM3VSSfF4RZOXBcp4xRDprOO4fbJpclnaPC-RTWwsQ7G7XiDgHbICEQxcjlMOmjG_Z_XKXolG-gcOr47qM6mQv-5KkQmuYwE7P6nmsoyDUH-zAbgl-nVrnWvtIFTxwYsxV5mY8nrt-NgOJPYfqHr3ss2q9Fze9x2eRN3wEHmcTjwhFJD9u9TjMZmFPrU_jZYRwcvNQv1fKRM70qu9wZGYbThHREvFm2iGI2CKe7TR-eRiml2xoJwQXkgmLlnbC1XgTFGjNFO1y14Qlvrqxj-RJ-Bsu-8mgq0IwCf1fO8tndQIWkK7Nmw09I0YbgftwT7VZRNVb&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCEuvkBts5YtTJLMqM7_UPgZyCqAvJntKxXL2Ol_dwwI23ARABIABgleKQgqAHggEXY2EtcHViLTU3MjA3NjMyNzE1MzIzNzegAdW20uoDyAEJqQLL5yCrq22yPqgDAaoE1gFP0BUCmFBu3XLj-qSG5nNj5RTgTDVKgCPHv7Gxfy2CW257-dm0yM98bVy70zhEWC7Gyc_mwqhqjJ-xmVIWWeyTgzXvzIv8z6ZEsenllbmK4OLCCrtpwTmjHYfjw2bt_OC76jPtD7uiWALa86WSrd3BfhzxR0RgLfbGf_Xe3AJ75pYFUAlkfWbkUo7oXBd0yEKQm8LmYp-wk7wlrwztS8SKFOUkOznr_Efftkyf1FL6-mh8K7lmFs9PMui1SPR1oFDGRAuIIm2HweMKtOThfwQZWifP26w3gAbUoIrLpJuoo2ygBiGoB4qYsQKoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_1eKWicQTeBrxt2UvIc0uNQ3ABpMQ%26client%3Dca-pub-5720763271532377%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
pix.par.vip.prod.criteo.com
Software
Finatra /
Resource Hash
42c9e4f9d8c14ea0ecac49e147f029a6bb58b69e544bd63667e5b0e64169f631
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:19:51 GMT
last-modified
Wed, 4 Jun 2008 06:06:06 GMT
server
Finatra
vary
Origin
content-type
image/png
cache-control
public, max-age=1399864
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; preload;
timing-allow-origin
*
content-length
400
expires
Thu, 07 Apr 2022 19:10:56 GMT
img
pix.eu.criteo.net/img/ Frame 24A7
6 KB
7 KB
Image
General
Full URL
https://pix.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=2861&q=80&r=0&u=http%3A%2F%2Fwww.stepstone.de%2Fupload_DE%2Flogo%2FE%2FlogoBMW-Group-27361DE-2101221525.gif%3Feb%3D1&v=3&w=400&s=dFHfkKfrT00cr7cY4ODYaBcE&b=400
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=YjnbBgALJNQIu8ZKAACOAR93n3iKa0OY_VSalw&u=%7CEqx3jKV1DZXJNqL%2FvmTofLMhp4jJnXGjxAPA4gjvkrc%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM0j2hknANCpMoZ3wmmJmKy__U_jolI7iL-L4oo_FnJwhiD6XEKNVdGPbb-6J8D005IDm9Rql_SVJGy9NVdCAfiWII0YZM3VSSfF4RZOXBcp4xRDprOO4fbJpclnaPC-RTWwsQ7G7XiDgHbICEQxcjlMOmjG_Z_XKXolG-gcOr47qM6mQv-5KkQmuYwE7P6nmsoyDUH-zAbgl-nVrnWvtIFTxwYsxV5mY8nrt-NgOJPYfqHr3ss2q9Fze9x2eRN3wEHmcTjwhFJD9u9TjMZmFPrU_jZYRwcvNQv1fKRM70qu9wZGYbThHREvFm2iGI2CKe7TR-eRiml2xoJwQXkgmLlnbC1XgTFGjNFO1y14Qlvrqxj-RJ-Bsu-8mgq0IwCf1fO8tndQIWkK7Nmw09I0YbgftwT7VZRNVb&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCEuvkBts5YtTJLMqM7_UPgZyCqAvJntKxXL2Ol_dwwI23ARABIABgleKQgqAHggEXY2EtcHViLTU3MjA3NjMyNzE1MzIzNzegAdW20uoDyAEJqQLL5yCrq22yPqgDAaoE1gFP0BUCmFBu3XLj-qSG5nNj5RTgTDVKgCPHv7Gxfy2CW257-dm0yM98bVy70zhEWC7Gyc_mwqhqjJ-xmVIWWeyTgzXvzIv8z6ZEsenllbmK4OLCCrtpwTmjHYfjw2bt_OC76jPtD7uiWALa86WSrd3BfhzxR0RgLfbGf_Xe3AJ75pYFUAlkfWbkUo7oXBd0yEKQm8LmYp-wk7wlrwztS8SKFOUkOznr_Efftkyf1FL6-mh8K7lmFs9PMui1SPR1oFDGRAuIIm2HweMKtOThfwQZWifP26w3gAbUoIrLpJuoo2ygBiGoB4qYsQKoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_1eKWicQTeBrxt2UvIc0uNQ3ABpMQ%26client%3Dca-pub-5720763271532377%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
pix.par.vip.prod.criteo.com
Software
Finatra /
Resource Hash
f8de8ee65552be2f01a67a6dc47020a4a132e9bfe4b8eb02143d89fb2df08241
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:19:51 GMT
last-modified
Wed, 4 Jun 2008 06:06:06 GMT
server
Finatra
vary
Origin
content-type
image/png
cache-control
public, max-age=31104000
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; preload;
timing-allow-origin
*
content-length
6422
expires
Fri, 17 Mar 2023 14:19:52 GMT
img
pix.eu.criteo.net/img/ Frame 24A7
2 KB
2 KB
Image
General
Full URL
https://pix.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=2861&q=80&r=0&u=http%3A%2F%2Fwww.stepstone.de%2Fupload_DE%2Flogo%2FA%2FlogoNext-Kraftwerke-GmbH-77259DE.gif%3Feb%3D1&v=3&w=400&s=eR_RzuTwOMigG4cEIEBj-t8y&b=400
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=YjnbBgALJNQIu8ZKAACOAR93n3iKa0OY_VSalw&u=%7CEqx3jKV1DZXJNqL%2FvmTofLMhp4jJnXGjxAPA4gjvkrc%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM0j2hknANCpMoZ3wmmJmKy__U_jolI7iL-L4oo_FnJwhiD6XEKNVdGPbb-6J8D005IDm9Rql_SVJGy9NVdCAfiWII0YZM3VSSfF4RZOXBcp4xRDprOO4fbJpclnaPC-RTWwsQ7G7XiDgHbICEQxcjlMOmjG_Z_XKXolG-gcOr47qM6mQv-5KkQmuYwE7P6nmsoyDUH-zAbgl-nVrnWvtIFTxwYsxV5mY8nrt-NgOJPYfqHr3ss2q9Fze9x2eRN3wEHmcTjwhFJD9u9TjMZmFPrU_jZYRwcvNQv1fKRM70qu9wZGYbThHREvFm2iGI2CKe7TR-eRiml2xoJwQXkgmLlnbC1XgTFGjNFO1y14Qlvrqxj-RJ-Bsu-8mgq0IwCf1fO8tndQIWkK7Nmw09I0YbgftwT7VZRNVb&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCEuvkBts5YtTJLMqM7_UPgZyCqAvJntKxXL2Ol_dwwI23ARABIABgleKQgqAHggEXY2EtcHViLTU3MjA3NjMyNzE1MzIzNzegAdW20uoDyAEJqQLL5yCrq22yPqgDAaoE1gFP0BUCmFBu3XLj-qSG5nNj5RTgTDVKgCPHv7Gxfy2CW257-dm0yM98bVy70zhEWC7Gyc_mwqhqjJ-xmVIWWeyTgzXvzIv8z6ZEsenllbmK4OLCCrtpwTmjHYfjw2bt_OC76jPtD7uiWALa86WSrd3BfhzxR0RgLfbGf_Xe3AJ75pYFUAlkfWbkUo7oXBd0yEKQm8LmYp-wk7wlrwztS8SKFOUkOznr_Efftkyf1FL6-mh8K7lmFs9PMui1SPR1oFDGRAuIIm2HweMKtOThfwQZWifP26w3gAbUoIrLpJuoo2ygBiGoB4qYsQKoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_1eKWicQTeBrxt2UvIc0uNQ3ABpMQ%26client%3Dca-pub-5720763271532377%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
pix.par.vip.prod.criteo.com
Software
Finatra /
Resource Hash
49c20df08217f7af46d30047436e74bf3adc75f5a64bcd6226e9823b0b864c04
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:19:51 GMT
last-modified
Wed, 4 Jun 2008 06:06:06 GMT
server
Finatra
vary
Origin
content-type
image/webp
cache-control
public, max-age=1754700
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; preload;
timing-allow-origin
*
content-length
1774
expires
Mon, 11 Apr 2022 21:44:52 GMT
all
csm.eu.criteo.net/ Frame 24A7
0
128 B
Ping
General
Full URL
https://csm.eu.criteo.net/all?cppv=3&cpp=iSUpgbOaLfYm41xtKn4rE-uEcEmSPUnxt4dAjIBpWcmJsmD8nLSkSy-rbM0GfgIQKFfUpkhLiFYYvR_aVt2HTCXv6RrAVBNbRZRGV7GXGm5jIqmBeLLrM9CjvL5KzRjj586KcBMlvrZKcPTDuutuwMCsdmwa5j1KVaByj2m5E5C3J5XJsPUWqDuW4fIzpn1QoD30d2-tyGdrCnf-RPjAimNEinQBIUiYj78t-lGZMI4pT4dsLu_e3SDjDH4ERFaL1XGq4Q&sds=2&rev=80956&sendBeacon=true
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=YjnbBgALJNQIu8ZKAACOAR93n3iKa0OY_VSalw&u=%7CEqx3jKV1DZXJNqL%2FvmTofLMhp4jJnXGjxAPA4gjvkrc%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM0j2hknANCpMoZ3wmmJmKy__U_jolI7iL-L4oo_FnJwhiD6XEKNVdGPbb-6J8D005IDm9Rql_SVJGy9NVdCAfiWII0YZM3VSSfF4RZOXBcp4xRDprOO4fbJpclnaPC-RTWwsQ7G7XiDgHbICEQxcjlMOmjG_Z_XKXolG-gcOr47qM6mQv-5KkQmuYwE7P6nmsoyDUH-zAbgl-nVrnWvtIFTxwYsxV5mY8nrt-NgOJPYfqHr3ss2q9Fze9x2eRN3wEHmcTjwhFJD9u9TjMZmFPrU_jZYRwcvNQv1fKRM70qu9wZGYbThHREvFm2iGI2CKe7TR-eRiml2xoJwQXkgmLlnbC1XgTFGjNFO1y14Qlvrqxj-RJ-Bsu-8mgq0IwCf1fO8tndQIWkK7Nmw09I0YbgftwT7VZRNVb&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCEuvkBts5YtTJLMqM7_UPgZyCqAvJntKxXL2Ol_dwwI23ARABIABgleKQgqAHggEXY2EtcHViLTU3MjA3NjMyNzE1MzIzNzegAdW20uoDyAEJqQLL5yCrq22yPqgDAaoE1gFP0BUCmFBu3XLj-qSG5nNj5RTgTDVKgCPHv7Gxfy2CW257-dm0yM98bVy70zhEWC7Gyc_mwqhqjJ-xmVIWWeyTgzXvzIv8z6ZEsenllbmK4OLCCrtpwTmjHYfjw2bt_OC76jPtD7uiWALa86WSrd3BfhzxR0RgLfbGf_Xe3AJ75pYFUAlkfWbkUo7oXBd0yEKQm8LmYp-wk7wlrwztS8SKFOUkOznr_Efftkyf1FL6-mh8K7lmFs9PMui1SPR1oFDGRAuIIm2HweMKtOThfwQZWifP26w3gAbUoIrLpJuoo2ygBiGoB4qYsQKoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_1eKWicQTeBrxt2UvIc0uNQ3ABpMQ%26client%3Dca-pub-5720763271532377%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.2.150 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Finatra /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Referer
https://ads.eu.criteo.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

access-control-allow-origin
*
date
Tue, 22 Mar 2022 14:19:49 GMT
cross-origin-resource-policy
cross-origin
server
Finatra
content-length
0
strict-transport-security
max-age=31536000; preload;
criteo_logo_2021.svg
static.criteo.net/flash/icon/ Frame 24A7
2 KB
1 KB
Image
General
Full URL
https://static.criteo.net/flash/icon/criteo_logo_2021.svg
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=YjnbBgALJNQIu8ZKAACOAR93n3iKa0OY_VSalw&u=%7CEqx3jKV1DZXJNqL%2FvmTofLMhp4jJnXGjxAPA4gjvkrc%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM0j2hknANCpMoZ3wmmJmKy__U_jolI7iL-L4oo_FnJwhiD6XEKNVdGPbb-6J8D005IDm9Rql_SVJGy9NVdCAfiWII0YZM3VSSfF4RZOXBcp4xRDprOO4fbJpclnaPC-RTWwsQ7G7XiDgHbICEQxcjlMOmjG_Z_XKXolG-gcOr47qM6mQv-5KkQmuYwE7P6nmsoyDUH-zAbgl-nVrnWvtIFTxwYsxV5mY8nrt-NgOJPYfqHr3ss2q9Fze9x2eRN3wEHmcTjwhFJD9u9TjMZmFPrU_jZYRwcvNQv1fKRM70qu9wZGYbThHREvFm2iGI2CKe7TR-eRiml2xoJwQXkgmLlnbC1XgTFGjNFO1y14Qlvrqxj-RJ-Bsu-8mgq0IwCf1fO8tndQIWkK7Nmw09I0YbgftwT7VZRNVb&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCEuvkBts5YtTJLMqM7_UPgZyCqAvJntKxXL2Ol_dwwI23ARABIABgleKQgqAHggEXY2EtcHViLTU3MjA3NjMyNzE1MzIzNzegAdW20uoDyAEJqQLL5yCrq22yPqgDAaoE1gFP0BUCmFBu3XLj-qSG5nNj5RTgTDVKgCPHv7Gxfy2CW257-dm0yM98bVy70zhEWC7Gyc_mwqhqjJ-xmVIWWeyTgzXvzIv8z6ZEsenllbmK4OLCCrtpwTmjHYfjw2bt_OC76jPtD7uiWALa86WSrd3BfhzxR0RgLfbGf_Xe3AJ75pYFUAlkfWbkUo7oXBd0yEKQm8LmYp-wk7wlrwztS8SKFOUkOznr_Efftkyf1FL6-mh8K7lmFs9PMui1SPR1oFDGRAuIIm2HweMKtOThfwQZWifP26w3gAbUoIrLpJuoo2ygBiGoB4qYsQKoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_1eKWicQTeBrxt2UvIc0uNQ3ABpMQ%26client%3Dca-pub-5720763271532377%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:19:52 GMT
content-encoding
gzip
last-modified
Thu, 27 May 2021 13:21:59 GMT
server
nginx
cross-origin-embedder-policy
require-corp
etag
W/"60af9cf7-891"
strict-transport-security
max-age=31536000; preload;
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=31104000, public
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
expires
Fri, 17 Mar 2023 14:19:52 GMT
privacy.svg
static.criteo.net/flash/icon/ Frame 24A7
2 KB
1 KB
Image
General
Full URL
https://static.criteo.net/flash/icon/privacy.svg
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=YjnbBgALJNQIu8ZKAACOAR93n3iKa0OY_VSalw&u=%7CEqx3jKV1DZXJNqL%2FvmTofLMhp4jJnXGjxAPA4gjvkrc%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM0j2hknANCpMoZ3wmmJmKy__U_jolI7iL-L4oo_FnJwhiD6XEKNVdGPbb-6J8D005IDm9Rql_SVJGy9NVdCAfiWII0YZM3VSSfF4RZOXBcp4xRDprOO4fbJpclnaPC-RTWwsQ7G7XiDgHbICEQxcjlMOmjG_Z_XKXolG-gcOr47qM6mQv-5KkQmuYwE7P6nmsoyDUH-zAbgl-nVrnWvtIFTxwYsxV5mY8nrt-NgOJPYfqHr3ss2q9Fze9x2eRN3wEHmcTjwhFJD9u9TjMZmFPrU_jZYRwcvNQv1fKRM70qu9wZGYbThHREvFm2iGI2CKe7TR-eRiml2xoJwQXkgmLlnbC1XgTFGjNFO1y14Qlvrqxj-RJ-Bsu-8mgq0IwCf1fO8tndQIWkK7Nmw09I0YbgftwT7VZRNVb&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCEuvkBts5YtTJLMqM7_UPgZyCqAvJntKxXL2Ol_dwwI23ARABIABgleKQgqAHggEXY2EtcHViLTU3MjA3NjMyNzE1MzIzNzegAdW20uoDyAEJqQLL5yCrq22yPqgDAaoE1gFP0BUCmFBu3XLj-qSG5nNj5RTgTDVKgCPHv7Gxfy2CW257-dm0yM98bVy70zhEWC7Gyc_mwqhqjJ-xmVIWWeyTgzXvzIv8z6ZEsenllbmK4OLCCrtpwTmjHYfjw2bt_OC76jPtD7uiWALa86WSrd3BfhzxR0RgLfbGf_Xe3AJ75pYFUAlkfWbkUo7oXBd0yEKQm8LmYp-wk7wlrwztS8SKFOUkOznr_Efftkyf1FL6-mh8K7lmFs9PMui1SPR1oFDGRAuIIm2HweMKtOThfwQZWifP26w3gAbUoIrLpJuoo2ygBiGoB4qYsQKoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_1eKWicQTeBrxt2UvIc0uNQ3ABpMQ%26client%3Dca-pub-5720763271532377%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:19:52 GMT
content-encoding
gzip
last-modified
Wed, 19 Feb 2020 10:57:21 GMT
server
nginx
cross-origin-embedder-policy
require-corp
etag
W/"5e4d1491-646"
strict-transport-security
max-age=31536000; preload;
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=31104000, public
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
expires
Fri, 17 Mar 2023 14:19:52 GMT
truncated
/ Frame 1B99
218 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
0a560a3cf9eb076812dd9915d939ffd6f6a09b935749169ddc6dd875efe599c6

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type
image/png
si
googleads.g.doubleclick.net/pagead/drt/ Frame 9C28
Redirect Chain
  • https://www.google.com/pagead/drt/ui
  • https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
0
17 B
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&h=200&slotname=3926415687&adk=3167179422&adf=3170887745&pi=t.ma~as.3926415687&w=1200&fwrn=4&lmt=1647958790&rafmt=11&psa=0&format=1200x200&url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1647958790505&bpp=1&bdt=391&idt=191&shv=r20220317&mjsv=m202203170101&ptt=9&saldr=aa&abxe=1&prev_fmts=299x250%2C299x600%2C1182x200%2C1200x200%2C1200x200&correlator=1619148827151&frm=20&pv=1&ga_vid=288048568.1647958790&ga_sid=1647958791&ga_hid=1115656681&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=350&ady=2598&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C21066432%2C31065702%2C44760495%2C31063247&oid=2&pvsid=3871871897982972&pem=22&tmod=415969553&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=6&uci=a!6&btvi=2&fsb=1&xpc=BS04Z9cZfB&p=https%3A//www.threatminer.org&dtd=193
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
date
Tue, 22 Mar 2022 14:19:52 GMT
server
cafe
content-length
0
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Tue, 22 Mar 2022 14:19:52 GMT
cache-control
private

Redirect headers

location
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control
private
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
date
Tue, 22 Mar 2022 14:19:52 GMT
server
cafe
content-length
0
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
J_qxQZjuUB_uQp7BvnBI0K8a5e4rJKdHhykRiRTCxyY.js
pagead2.googlesyndication.com/bg/ Frame 0746
36 KB
14 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/bg/J_qxQZjuUB_uQp7BvnBI0K8a5e4rJKdHhykRiRTCxyY.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&h=200&slotname=3926415687&adk=3167179422&adf=3170887745&pi=t.ma~as.3926415687&w=1200&fwrn=4&lmt=1647958790&rafmt=11&psa=0&format=1200x200&url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1647958790505&bpp=1&bdt=391&idt=191&shv=r20220317&mjsv=m202203170101&ptt=9&saldr=aa&abxe=1&prev_fmts=299x250%2C299x600%2C1182x200%2C1200x200%2C1200x200&correlator=1619148827151&frm=20&pv=1&ga_vid=288048568.1647958790&ga_sid=1647958791&ga_hid=1115656681&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=350&ady=2598&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C21066432%2C31065702%2C44760495%2C31063247&oid=2&pvsid=3871871897982972&pem=22&tmod=415969553&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=6&uci=a!6&btvi=2&fsb=1&xpc=BS04Z9cZfB&p=https%3A//www.threatminer.org&dtd=193
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
27fab14198ee501fee429ec1be7048d0af1ae5ee2b24a7478729118914c2c726
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 13:32:52 GMT
content-encoding
br
x-content-type-options
nosniff
age
2820
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13888
x-xss-protection
0
last-modified
Mon, 14 Mar 2022 11:18:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Wed, 22 Mar 2023 13:32:52 GMT
animejs.js
static.criteo.net/animejs/ Frame E41A
12 KB
6 KB
Script
General
Full URL
https://static.criteo.net/animejs/animejs.js
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=YjnbBgALaTAKGJQHAAeJDiBb9flhU0ymLIKmhg&u=%7CEqx3jKV1DZW0j%2BXV282WfXB93ji5o7M6qSoYzqwaNP8%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM0j2hknANCpMoZ3wmmJmKy2vlXc6UG1VzF2Kd270zxfYMEBacBPm4uqHZzUD3NyaasmJxrOCYpJSBEMyJexuvWoYoU6__bXTOLSoXbRKYy3jnnSpos5sgv1U4zUYcFxOVlYohPlC1jeVfCXqxkrTcKRdkCxx660Le-h0f_IPSaWN4n1pFQy9RtGsFaQHFPOjz8LXfFKUw1bGWY8nhef7y6IDC4LsplPI0MxbfC4po4XU1ah2rUcCP3MwfpH6fp30R-UpEEueu2wqqYXcF8n3NxDxEO6g9rHjPT9LwQEb9PECc-7QSLyF-gwqdi7D1dztrl2eF5Xauarb9GFE3fsr6xOV0FToP-0N-k5DzuakT6x03wh3fkJMiD5MbCu-mBa4iXdXM7KhupqRVzf1KOo-pQPXef6q7kzGx&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCr0E7Bts5YrDSLYeoYo6SnvgPyZ7SsVzFspj3cMCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi01NzIwNzYzMjcxNTMyMzc3oAHVttLqA8gBCakCWCz0URRysj6oAwGqBNgBT9BB4pGmsbfb0qAfLieF5AjM6TY9SW6qgSLiAfWzweDKFaToWTCaGUDolPrXYDrObodvb7WZQ8kMHu8OVoIZDr_tLSDPitpIxgt4x39CPsG0y6R2_-Eeqw9Pf14RlX9sHvLDtKuC0rc35Z02y9mMjWfk3wLrirgvNc0zZ3QFC0EzXwI9_U3hK0V6j-epIc4kq-t6-lBzkV4n1euZJWDmfQM6AH3ULA2ApWpASzIj5LHyryitoD-3kw1RJj-VmHo9xbFZjN9bFMxrSa1c-awFIw2oAHqJDVpOgAbUoIrLpJuoo2ygBiGoB4qYsQKoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0BHRcEaNeQ2JO_9m1ewhk7AmfGZQ%26client%3Dca-pub-5720763271532377%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
a2e14a498cfcc1b6920f069a9d657ad3c6fbbe217dd26dbfe54815db5107fed6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:19:52 GMT
content-encoding
gzip
last-modified
Tue, 26 Mar 2019 17:44:11 GMT
server
nginx
cross-origin-embedder-policy
require-corp
etag
W/"5c9a64eb-3181"
strict-transport-security
max-age=31536000; preload;
content-type
text/javascript
access-control-allow-origin
*
cache-control
max-age=31104000, public
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
expires
Fri, 17 Mar 2023 14:19:52 GMT
img
pix.eu.criteo.net/img/ Frame E41A
7 KB
7 KB
Image
General
Full URL
https://pix.eu.criteo.net/img/img?h=396&m=0&partner=2861&q=80&r=0&u=http%3A%2F%2Fstatic.nl.eu.criteo.net%2Fdesign%2Fdt%2F2861%2F190124%2F79f2c646e3f74b54931cff1f39d769d0_blue.png&v=3&w=196&s=VeFegqT8bXFJP1TUO2R8q-fm
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=YjnbBgALaTAKGJQHAAeJDiBb9flhU0ymLIKmhg&u=%7CEqx3jKV1DZW0j%2BXV282WfXB93ji5o7M6qSoYzqwaNP8%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM0j2hknANCpMoZ3wmmJmKy2vlXc6UG1VzF2Kd270zxfYMEBacBPm4uqHZzUD3NyaasmJxrOCYpJSBEMyJexuvWoYoU6__bXTOLSoXbRKYy3jnnSpos5sgv1U4zUYcFxOVlYohPlC1jeVfCXqxkrTcKRdkCxx660Le-h0f_IPSaWN4n1pFQy9RtGsFaQHFPOjz8LXfFKUw1bGWY8nhef7y6IDC4LsplPI0MxbfC4po4XU1ah2rUcCP3MwfpH6fp30R-UpEEueu2wqqYXcF8n3NxDxEO6g9rHjPT9LwQEb9PECc-7QSLyF-gwqdi7D1dztrl2eF5Xauarb9GFE3fsr6xOV0FToP-0N-k5DzuakT6x03wh3fkJMiD5MbCu-mBa4iXdXM7KhupqRVzf1KOo-pQPXef6q7kzGx&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCr0E7Bts5YrDSLYeoYo6SnvgPyZ7SsVzFspj3cMCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi01NzIwNzYzMjcxNTMyMzc3oAHVttLqA8gBCakCWCz0URRysj6oAwGqBNgBT9BB4pGmsbfb0qAfLieF5AjM6TY9SW6qgSLiAfWzweDKFaToWTCaGUDolPrXYDrObodvb7WZQ8kMHu8OVoIZDr_tLSDPitpIxgt4x39CPsG0y6R2_-Eeqw9Pf14RlX9sHvLDtKuC0rc35Z02y9mMjWfk3wLrirgvNc0zZ3QFC0EzXwI9_U3hK0V6j-epIc4kq-t6-lBzkV4n1euZJWDmfQM6AH3ULA2ApWpASzIj5LHyryitoD-3kw1RJj-VmHo9xbFZjN9bFMxrSa1c-awFIw2oAHqJDVpOgAbUoIrLpJuoo2ygBiGoB4qYsQKoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0BHRcEaNeQ2JO_9m1ewhk7AmfGZQ%26client%3Dca-pub-5720763271532377%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
pix.par.vip.prod.criteo.com
Software
Finatra /
Resource Hash
bfcd7a262745ac2a8520d46dbe261c5db424c001970e9ebe83c440bfb48454f7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:19:51 GMT
last-modified
Wed, 4 Jun 2008 06:06:06 GMT
server
Finatra
vary
Origin
content-type
image/png
cache-control
public, max-age=29885869
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; preload;
timing-allow-origin
*
content-length
6722
expires
Fri, 03 Mar 2023 11:57:41 GMT
img
pix.eu.criteo.net/img/ Frame E41A
2 KB
2 KB
Image
General
Full URL
https://pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=2861&q=80&r=0&u=http%3A%2F%2Fwww.stepstone.de%2Fupload_DE%2Flogo%2F6%2FlogoBosch-Gruppe-2804DE-1909091413.gif%3Feb%3D1&v=3&w=800&s=HYbmSDVtbe5wAnm1TH3AhaIB&b=1200
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=YjnbBgALaTAKGJQHAAeJDiBb9flhU0ymLIKmhg&u=%7CEqx3jKV1DZW0j%2BXV282WfXB93ji5o7M6qSoYzqwaNP8%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM0j2hknANCpMoZ3wmmJmKy2vlXc6UG1VzF2Kd270zxfYMEBacBPm4uqHZzUD3NyaasmJxrOCYpJSBEMyJexuvWoYoU6__bXTOLSoXbRKYy3jnnSpos5sgv1U4zUYcFxOVlYohPlC1jeVfCXqxkrTcKRdkCxx660Le-h0f_IPSaWN4n1pFQy9RtGsFaQHFPOjz8LXfFKUw1bGWY8nhef7y6IDC4LsplPI0MxbfC4po4XU1ah2rUcCP3MwfpH6fp30R-UpEEueu2wqqYXcF8n3NxDxEO6g9rHjPT9LwQEb9PECc-7QSLyF-gwqdi7D1dztrl2eF5Xauarb9GFE3fsr6xOV0FToP-0N-k5DzuakT6x03wh3fkJMiD5MbCu-mBa4iXdXM7KhupqRVzf1KOo-pQPXef6q7kzGx&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCr0E7Bts5YrDSLYeoYo6SnvgPyZ7SsVzFspj3cMCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi01NzIwNzYzMjcxNTMyMzc3oAHVttLqA8gBCakCWCz0URRysj6oAwGqBNgBT9BB4pGmsbfb0qAfLieF5AjM6TY9SW6qgSLiAfWzweDKFaToWTCaGUDolPrXYDrObodvb7WZQ8kMHu8OVoIZDr_tLSDPitpIxgt4x39CPsG0y6R2_-Eeqw9Pf14RlX9sHvLDtKuC0rc35Z02y9mMjWfk3wLrirgvNc0zZ3QFC0EzXwI9_U3hK0V6j-epIc4kq-t6-lBzkV4n1euZJWDmfQM6AH3ULA2ApWpASzIj5LHyryitoD-3kw1RJj-VmHo9xbFZjN9bFMxrSa1c-awFIw2oAHqJDVpOgAbUoIrLpJuoo2ygBiGoB4qYsQKoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0BHRcEaNeQ2JO_9m1ewhk7AmfGZQ%26client%3Dca-pub-5720763271532377%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
pix.par.vip.prod.criteo.com
Software
Finatra /
Resource Hash
490319aff00a55cfc00d9e24f71f39fc0801858055c62c07bec8fabf2f6e24ff
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:19:51 GMT
last-modified
Wed, 4 Jun 2008 06:06:06 GMT
server
Finatra
vary
Origin
content-type
image/webp
cache-control
public, max-age=1951066
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; preload;
timing-allow-origin
*
content-length
1584
expires
Thu, 14 Apr 2022 04:17:38 GMT
img
pix.eu.criteo.net/img/ Frame E41A
1 KB
1 KB
Image
General
Full URL
https://pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=2861&q=80&r=0&u=http%3A%2F%2Fwww.stepstone.de%2Fupload_DE%2Flogo%2FZ%2FlogoZEISS-3427DE.gif%3Feb%3D1&v=3&w=800&s=RrXO-dKDwT9QyY0iBiT47Xw6&b=1200
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=YjnbBgALaTAKGJQHAAeJDiBb9flhU0ymLIKmhg&u=%7CEqx3jKV1DZW0j%2BXV282WfXB93ji5o7M6qSoYzqwaNP8%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM0j2hknANCpMoZ3wmmJmKy2vlXc6UG1VzF2Kd270zxfYMEBacBPm4uqHZzUD3NyaasmJxrOCYpJSBEMyJexuvWoYoU6__bXTOLSoXbRKYy3jnnSpos5sgv1U4zUYcFxOVlYohPlC1jeVfCXqxkrTcKRdkCxx660Le-h0f_IPSaWN4n1pFQy9RtGsFaQHFPOjz8LXfFKUw1bGWY8nhef7y6IDC4LsplPI0MxbfC4po4XU1ah2rUcCP3MwfpH6fp30R-UpEEueu2wqqYXcF8n3NxDxEO6g9rHjPT9LwQEb9PECc-7QSLyF-gwqdi7D1dztrl2eF5Xauarb9GFE3fsr6xOV0FToP-0N-k5DzuakT6x03wh3fkJMiD5MbCu-mBa4iXdXM7KhupqRVzf1KOo-pQPXef6q7kzGx&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCr0E7Bts5YrDSLYeoYo6SnvgPyZ7SsVzFspj3cMCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi01NzIwNzYzMjcxNTMyMzc3oAHVttLqA8gBCakCWCz0URRysj6oAwGqBNgBT9BB4pGmsbfb0qAfLieF5AjM6TY9SW6qgSLiAfWzweDKFaToWTCaGUDolPrXYDrObodvb7WZQ8kMHu8OVoIZDr_tLSDPitpIxgt4x39CPsG0y6R2_-Eeqw9Pf14RlX9sHvLDtKuC0rc35Z02y9mMjWfk3wLrirgvNc0zZ3QFC0EzXwI9_U3hK0V6j-epIc4kq-t6-lBzkV4n1euZJWDmfQM6AH3ULA2ApWpASzIj5LHyryitoD-3kw1RJj-VmHo9xbFZjN9bFMxrSa1c-awFIw2oAHqJDVpOgAbUoIrLpJuoo2ygBiGoB4qYsQKoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0BHRcEaNeQ2JO_9m1ewhk7AmfGZQ%26client%3Dca-pub-5720763271532377%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
pix.par.vip.prod.criteo.com
Software
Finatra /
Resource Hash
a6c11502463f3445d37d3184cef1016bb3c77dbc12b88636788632bfe5e87b98
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:19:51 GMT
last-modified
Wed, 4 Jun 2008 06:06:06 GMT
server
Finatra
vary
Origin
content-type
image/webp
cache-control
public, max-age=2080813
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; preload;
timing-allow-origin
*
content-length
1244
expires
Fri, 15 Apr 2022 16:20:05 GMT
img
pix.eu.criteo.net/img/ Frame E41A
5 KB
5 KB
Image
General
Full URL
https://pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=2861&q=80&r=0&u=http%3A%2F%2Fwww.stepstone.de%2Fupload_DE%2Flogo%2FB%2FlogoBosch-Rexroth-95598DE.gif%3Feb%3D1&v=3&w=800&s=8RD_AXk_aAd6BSts8IaeoNRO&b=1200
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=YjnbBgALaTAKGJQHAAeJDiBb9flhU0ymLIKmhg&u=%7CEqx3jKV1DZW0j%2BXV282WfXB93ji5o7M6qSoYzqwaNP8%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM0j2hknANCpMoZ3wmmJmKy2vlXc6UG1VzF2Kd270zxfYMEBacBPm4uqHZzUD3NyaasmJxrOCYpJSBEMyJexuvWoYoU6__bXTOLSoXbRKYy3jnnSpos5sgv1U4zUYcFxOVlYohPlC1jeVfCXqxkrTcKRdkCxx660Le-h0f_IPSaWN4n1pFQy9RtGsFaQHFPOjz8LXfFKUw1bGWY8nhef7y6IDC4LsplPI0MxbfC4po4XU1ah2rUcCP3MwfpH6fp30R-UpEEueu2wqqYXcF8n3NxDxEO6g9rHjPT9LwQEb9PECc-7QSLyF-gwqdi7D1dztrl2eF5Xauarb9GFE3fsr6xOV0FToP-0N-k5DzuakT6x03wh3fkJMiD5MbCu-mBa4iXdXM7KhupqRVzf1KOo-pQPXef6q7kzGx&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCr0E7Bts5YrDSLYeoYo6SnvgPyZ7SsVzFspj3cMCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi01NzIwNzYzMjcxNTMyMzc3oAHVttLqA8gBCakCWCz0URRysj6oAwGqBNgBT9BB4pGmsbfb0qAfLieF5AjM6TY9SW6qgSLiAfWzweDKFaToWTCaGUDolPrXYDrObodvb7WZQ8kMHu8OVoIZDr_tLSDPitpIxgt4x39CPsG0y6R2_-Eeqw9Pf14RlX9sHvLDtKuC0rc35Z02y9mMjWfk3wLrirgvNc0zZ3QFC0EzXwI9_U3hK0V6j-epIc4kq-t6-lBzkV4n1euZJWDmfQM6AH3ULA2ApWpASzIj5LHyryitoD-3kw1RJj-VmHo9xbFZjN9bFMxrSa1c-awFIw2oAHqJDVpOgAbUoIrLpJuoo2ygBiGoB4qYsQKoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0BHRcEaNeQ2JO_9m1ewhk7AmfGZQ%26client%3Dca-pub-5720763271532377%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
pix.par.vip.prod.criteo.com
Software
Finatra /
Resource Hash
f3b9b7cc354873851730c03156775fdcb6ba8b7342f3f9f26f9279b9b0eb5482
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:19:51 GMT
last-modified
Wed, 4 Jun 2008 06:06:06 GMT
server
Finatra
vary
Origin
content-type
image/png
cache-control
public, max-age=2686
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; preload;
timing-allow-origin
*
content-length
4844
expires
Tue, 22 Mar 2022 15:04:38 GMT
img
pix.eu.criteo.net/img/ Frame E41A
1 KB
1 KB
Image
General
Full URL
https://pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=2861&q=80&r=0&u=http%3A%2F%2Fwww.stepstone.de%2Fupload_DE%2Flogo%2FR%2FlogoRohde-Schwarz-Cybersecurity-GmbH-171555DE.gif%3Feb%3D1&v=3&w=800&s=GM8cFe1TKyXPbVZwCyXgbMs5&b=1200
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=YjnbBgALaTAKGJQHAAeJDiBb9flhU0ymLIKmhg&u=%7CEqx3jKV1DZW0j%2BXV282WfXB93ji5o7M6qSoYzqwaNP8%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM0j2hknANCpMoZ3wmmJmKy2vlXc6UG1VzF2Kd270zxfYMEBacBPm4uqHZzUD3NyaasmJxrOCYpJSBEMyJexuvWoYoU6__bXTOLSoXbRKYy3jnnSpos5sgv1U4zUYcFxOVlYohPlC1jeVfCXqxkrTcKRdkCxx660Le-h0f_IPSaWN4n1pFQy9RtGsFaQHFPOjz8LXfFKUw1bGWY8nhef7y6IDC4LsplPI0MxbfC4po4XU1ah2rUcCP3MwfpH6fp30R-UpEEueu2wqqYXcF8n3NxDxEO6g9rHjPT9LwQEb9PECc-7QSLyF-gwqdi7D1dztrl2eF5Xauarb9GFE3fsr6xOV0FToP-0N-k5DzuakT6x03wh3fkJMiD5MbCu-mBa4iXdXM7KhupqRVzf1KOo-pQPXef6q7kzGx&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCr0E7Bts5YrDSLYeoYo6SnvgPyZ7SsVzFspj3cMCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi01NzIwNzYzMjcxNTMyMzc3oAHVttLqA8gBCakCWCz0URRysj6oAwGqBNgBT9BB4pGmsbfb0qAfLieF5AjM6TY9SW6qgSLiAfWzweDKFaToWTCaGUDolPrXYDrObodvb7WZQ8kMHu8OVoIZDr_tLSDPitpIxgt4x39CPsG0y6R2_-Eeqw9Pf14RlX9sHvLDtKuC0rc35Z02y9mMjWfk3wLrirgvNc0zZ3QFC0EzXwI9_U3hK0V6j-epIc4kq-t6-lBzkV4n1euZJWDmfQM6AH3ULA2ApWpASzIj5LHyryitoD-3kw1RJj-VmHo9xbFZjN9bFMxrSa1c-awFIw2oAHqJDVpOgAbUoIrLpJuoo2ygBiGoB4qYsQKoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0BHRcEaNeQ2JO_9m1ewhk7AmfGZQ%26client%3Dca-pub-5720763271532377%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
pix.par.vip.prod.criteo.com
Software
Finatra /
Resource Hash
31844a6a9bdbed5ea86ca5f91a6837fdf9fad712f9f163a98d2f053b6727efcc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:19:51 GMT
last-modified
Wed, 4 Jun 2008 06:06:06 GMT
server
Finatra
vary
Origin
content-type
image/webp
cache-control
public, max-age=2244653
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; preload;
timing-allow-origin
*
content-length
1066
expires
Sun, 17 Apr 2022 13:50:45 GMT
img
pix.eu.criteo.net/img/ Frame E41A
1 KB
2 KB
Image
General
Full URL
https://pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=2861&q=80&r=0&u=http%3A%2F%2Fwww.stepstone.de%2Fupload_DE%2Flogo%2F8%2FlogoCapgemini-Invent-22500DE-2108181202.gif%3Feb%3D1&v=3&w=800&s=tVkfmikv7VsuRPZ-a-VAh2e4&b=1200
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=YjnbBgALaTAKGJQHAAeJDiBb9flhU0ymLIKmhg&u=%7CEqx3jKV1DZW0j%2BXV282WfXB93ji5o7M6qSoYzqwaNP8%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM0j2hknANCpMoZ3wmmJmKy2vlXc6UG1VzF2Kd270zxfYMEBacBPm4uqHZzUD3NyaasmJxrOCYpJSBEMyJexuvWoYoU6__bXTOLSoXbRKYy3jnnSpos5sgv1U4zUYcFxOVlYohPlC1jeVfCXqxkrTcKRdkCxx660Le-h0f_IPSaWN4n1pFQy9RtGsFaQHFPOjz8LXfFKUw1bGWY8nhef7y6IDC4LsplPI0MxbfC4po4XU1ah2rUcCP3MwfpH6fp30R-UpEEueu2wqqYXcF8n3NxDxEO6g9rHjPT9LwQEb9PECc-7QSLyF-gwqdi7D1dztrl2eF5Xauarb9GFE3fsr6xOV0FToP-0N-k5DzuakT6x03wh3fkJMiD5MbCu-mBa4iXdXM7KhupqRVzf1KOo-pQPXef6q7kzGx&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCr0E7Bts5YrDSLYeoYo6SnvgPyZ7SsVzFspj3cMCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi01NzIwNzYzMjcxNTMyMzc3oAHVttLqA8gBCakCWCz0URRysj6oAwGqBNgBT9BB4pGmsbfb0qAfLieF5AjM6TY9SW6qgSLiAfWzweDKFaToWTCaGUDolPrXYDrObodvb7WZQ8kMHu8OVoIZDr_tLSDPitpIxgt4x39CPsG0y6R2_-Eeqw9Pf14RlX9sHvLDtKuC0rc35Z02y9mMjWfk3wLrirgvNc0zZ3QFC0EzXwI9_U3hK0V6j-epIc4kq-t6-lBzkV4n1euZJWDmfQM6AH3ULA2ApWpASzIj5LHyryitoD-3kw1RJj-VmHo9xbFZjN9bFMxrSa1c-awFIw2oAHqJDVpOgAbUoIrLpJuoo2ygBiGoB4qYsQKoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0BHRcEaNeQ2JO_9m1ewhk7AmfGZQ%26client%3Dca-pub-5720763271532377%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
pix.par.vip.prod.criteo.com
Software
Finatra /
Resource Hash
28dd16c670efe7d607a46f8232d78b0c8470d2b9395042a6cd18254f6fcc4199
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:19:51 GMT
last-modified
Wed, 4 Jun 2008 06:06:06 GMT
server
Finatra
vary
Origin
content-type
image/webp
cache-control
public, max-age=989440
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; preload;
timing-allow-origin
*
content-length
1482
expires
Sun, 03 Apr 2022 01:10:32 GMT
img
pix.eu.criteo.net/img/ Frame E41A
6 KB
7 KB
Image
General
Full URL
https://pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=2861&q=80&r=0&u=http%3A%2F%2Fwww.stepstone.de%2Fupload_DE%2Flogo%2FE%2FlogoBMW-Group-27361DE-2101221525.gif%3Feb%3D1&v=3&w=800&s=MsH_5I1fgPst-J4Jpa9CEsh7&b=1200
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=YjnbBgALaTAKGJQHAAeJDiBb9flhU0ymLIKmhg&u=%7CEqx3jKV1DZW0j%2BXV282WfXB93ji5o7M6qSoYzqwaNP8%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM0j2hknANCpMoZ3wmmJmKy2vlXc6UG1VzF2Kd270zxfYMEBacBPm4uqHZzUD3NyaasmJxrOCYpJSBEMyJexuvWoYoU6__bXTOLSoXbRKYy3jnnSpos5sgv1U4zUYcFxOVlYohPlC1jeVfCXqxkrTcKRdkCxx660Le-h0f_IPSaWN4n1pFQy9RtGsFaQHFPOjz8LXfFKUw1bGWY8nhef7y6IDC4LsplPI0MxbfC4po4XU1ah2rUcCP3MwfpH6fp30R-UpEEueu2wqqYXcF8n3NxDxEO6g9rHjPT9LwQEb9PECc-7QSLyF-gwqdi7D1dztrl2eF5Xauarb9GFE3fsr6xOV0FToP-0N-k5DzuakT6x03wh3fkJMiD5MbCu-mBa4iXdXM7KhupqRVzf1KOo-pQPXef6q7kzGx&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCr0E7Bts5YrDSLYeoYo6SnvgPyZ7SsVzFspj3cMCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi01NzIwNzYzMjcxNTMyMzc3oAHVttLqA8gBCakCWCz0URRysj6oAwGqBNgBT9BB4pGmsbfb0qAfLieF5AjM6TY9SW6qgSLiAfWzweDKFaToWTCaGUDolPrXYDrObodvb7WZQ8kMHu8OVoIZDr_tLSDPitpIxgt4x39CPsG0y6R2_-Eeqw9Pf14RlX9sHvLDtKuC0rc35Z02y9mMjWfk3wLrirgvNc0zZ3QFC0EzXwI9_U3hK0V6j-epIc4kq-t6-lBzkV4n1euZJWDmfQM6AH3ULA2ApWpASzIj5LHyryitoD-3kw1RJj-VmHo9xbFZjN9bFMxrSa1c-awFIw2oAHqJDVpOgAbUoIrLpJuoo2ygBiGoB4qYsQKoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0BHRcEaNeQ2JO_9m1ewhk7AmfGZQ%26client%3Dca-pub-5720763271532377%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
pix.par.vip.prod.criteo.com
Software
Finatra /
Resource Hash
f8de8ee65552be2f01a67a6dc47020a4a132e9bfe4b8eb02143d89fb2df08241
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:19:51 GMT
last-modified
Wed, 4 Jun 2008 06:06:06 GMT
server
Finatra
vary
Origin
content-type
image/png
cache-control
public, max-age=31104000
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; preload;
timing-allow-origin
*
content-length
6422
expires
Fri, 17 Mar 2023 14:19:52 GMT
all
csm.eu.criteo.net/ Frame E41A
0
127 B
Ping
General
Full URL
https://csm.eu.criteo.net/all?cppv=3&cpp=QyZeZLOaLfYm41xtdtHc3d9T1s4_HkR7Lf8GDyT9VR7APKyf9zaAl-T8P3dva4t1XC4RFtNP-gUcttVCfZOOx7Dx4atrQK8HSSezzQU3Zu6KM5CxK2sX_D5fx_6dM4xVxz201KoMx_3SEj9Zrp7ju76L2xBAGJ1orBqVrtQhn3f0p_Qs7RM5JtHkXTFQdAJfW4AjfVOTRVbTzdQumrdgAHrwIO9bwSPgUIKZXG2cFZtq85W5fZ82Aj2lnpr60Ly9uIn0tA&sds=2&rev=80956&sendBeacon=true
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=YjnbBgALaTAKGJQHAAeJDiBb9flhU0ymLIKmhg&u=%7CEqx3jKV1DZW0j%2BXV282WfXB93ji5o7M6qSoYzqwaNP8%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM0j2hknANCpMoZ3wmmJmKy2vlXc6UG1VzF2Kd270zxfYMEBacBPm4uqHZzUD3NyaasmJxrOCYpJSBEMyJexuvWoYoU6__bXTOLSoXbRKYy3jnnSpos5sgv1U4zUYcFxOVlYohPlC1jeVfCXqxkrTcKRdkCxx660Le-h0f_IPSaWN4n1pFQy9RtGsFaQHFPOjz8LXfFKUw1bGWY8nhef7y6IDC4LsplPI0MxbfC4po4XU1ah2rUcCP3MwfpH6fp30R-UpEEueu2wqqYXcF8n3NxDxEO6g9rHjPT9LwQEb9PECc-7QSLyF-gwqdi7D1dztrl2eF5Xauarb9GFE3fsr6xOV0FToP-0N-k5DzuakT6x03wh3fkJMiD5MbCu-mBa4iXdXM7KhupqRVzf1KOo-pQPXef6q7kzGx&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCr0E7Bts5YrDSLYeoYo6SnvgPyZ7SsVzFspj3cMCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi01NzIwNzYzMjcxNTMyMzc3oAHVttLqA8gBCakCWCz0URRysj6oAwGqBNgBT9BB4pGmsbfb0qAfLieF5AjM6TY9SW6qgSLiAfWzweDKFaToWTCaGUDolPrXYDrObodvb7WZQ8kMHu8OVoIZDr_tLSDPitpIxgt4x39CPsG0y6R2_-Eeqw9Pf14RlX9sHvLDtKuC0rc35Z02y9mMjWfk3wLrirgvNc0zZ3QFC0EzXwI9_U3hK0V6j-epIc4kq-t6-lBzkV4n1euZJWDmfQM6AH3ULA2ApWpASzIj5LHyryitoD-3kw1RJj-VmHo9xbFZjN9bFMxrSa1c-awFIw2oAHqJDVpOgAbUoIrLpJuoo2ygBiGoB4qYsQKoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0BHRcEaNeQ2JO_9m1ewhk7AmfGZQ%26client%3Dca-pub-5720763271532377%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.2.150 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Finatra /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Referer
https://ads.eu.criteo.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

access-control-allow-origin
*
date
Tue, 22 Mar 2022 14:19:52 GMT
cross-origin-resource-policy
cross-origin
server
Finatra
content-length
0
strict-transport-security
max-age=31536000; preload;
criteo_logo_2021.svg
static.criteo.net/flash/icon/ Frame E41A
2 KB
1 KB
Image
General
Full URL
https://static.criteo.net/flash/icon/criteo_logo_2021.svg
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=YjnbBgALaTAKGJQHAAeJDiBb9flhU0ymLIKmhg&u=%7CEqx3jKV1DZW0j%2BXV282WfXB93ji5o7M6qSoYzqwaNP8%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM0j2hknANCpMoZ3wmmJmKy2vlXc6UG1VzF2Kd270zxfYMEBacBPm4uqHZzUD3NyaasmJxrOCYpJSBEMyJexuvWoYoU6__bXTOLSoXbRKYy3jnnSpos5sgv1U4zUYcFxOVlYohPlC1jeVfCXqxkrTcKRdkCxx660Le-h0f_IPSaWN4n1pFQy9RtGsFaQHFPOjz8LXfFKUw1bGWY8nhef7y6IDC4LsplPI0MxbfC4po4XU1ah2rUcCP3MwfpH6fp30R-UpEEueu2wqqYXcF8n3NxDxEO6g9rHjPT9LwQEb9PECc-7QSLyF-gwqdi7D1dztrl2eF5Xauarb9GFE3fsr6xOV0FToP-0N-k5DzuakT6x03wh3fkJMiD5MbCu-mBa4iXdXM7KhupqRVzf1KOo-pQPXef6q7kzGx&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCr0E7Bts5YrDSLYeoYo6SnvgPyZ7SsVzFspj3cMCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi01NzIwNzYzMjcxNTMyMzc3oAHVttLqA8gBCakCWCz0URRysj6oAwGqBNgBT9BB4pGmsbfb0qAfLieF5AjM6TY9SW6qgSLiAfWzweDKFaToWTCaGUDolPrXYDrObodvb7WZQ8kMHu8OVoIZDr_tLSDPitpIxgt4x39CPsG0y6R2_-Eeqw9Pf14RlX9sHvLDtKuC0rc35Z02y9mMjWfk3wLrirgvNc0zZ3QFC0EzXwI9_U3hK0V6j-epIc4kq-t6-lBzkV4n1euZJWDmfQM6AH3ULA2ApWpASzIj5LHyryitoD-3kw1RJj-VmHo9xbFZjN9bFMxrSa1c-awFIw2oAHqJDVpOgAbUoIrLpJuoo2ygBiGoB4qYsQKoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0BHRcEaNeQ2JO_9m1ewhk7AmfGZQ%26client%3Dca-pub-5720763271532377%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:19:52 GMT
content-encoding
gzip
last-modified
Thu, 27 May 2021 13:21:59 GMT
server
nginx
cross-origin-embedder-policy
require-corp
etag
W/"60af9cf7-891"
strict-transport-security
max-age=31536000; preload;
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=31104000, public
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
expires
Fri, 17 Mar 2023 14:19:52 GMT
privacy.svg
static.criteo.net/flash/icon/ Frame E41A
2 KB
1 KB
Image
General
Full URL
https://static.criteo.net/flash/icon/privacy.svg
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=YjnbBgALaTAKGJQHAAeJDiBb9flhU0ymLIKmhg&u=%7CEqx3jKV1DZW0j%2BXV282WfXB93ji5o7M6qSoYzqwaNP8%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM0j2hknANCpMoZ3wmmJmKy2vlXc6UG1VzF2Kd270zxfYMEBacBPm4uqHZzUD3NyaasmJxrOCYpJSBEMyJexuvWoYoU6__bXTOLSoXbRKYy3jnnSpos5sgv1U4zUYcFxOVlYohPlC1jeVfCXqxkrTcKRdkCxx660Le-h0f_IPSaWN4n1pFQy9RtGsFaQHFPOjz8LXfFKUw1bGWY8nhef7y6IDC4LsplPI0MxbfC4po4XU1ah2rUcCP3MwfpH6fp30R-UpEEueu2wqqYXcF8n3NxDxEO6g9rHjPT9LwQEb9PECc-7QSLyF-gwqdi7D1dztrl2eF5Xauarb9GFE3fsr6xOV0FToP-0N-k5DzuakT6x03wh3fkJMiD5MbCu-mBa4iXdXM7KhupqRVzf1KOo-pQPXef6q7kzGx&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCr0E7Bts5YrDSLYeoYo6SnvgPyZ7SsVzFspj3cMCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi01NzIwNzYzMjcxNTMyMzc3oAHVttLqA8gBCakCWCz0URRysj6oAwGqBNgBT9BB4pGmsbfb0qAfLieF5AjM6TY9SW6qgSLiAfWzweDKFaToWTCaGUDolPrXYDrObodvb7WZQ8kMHu8OVoIZDr_tLSDPitpIxgt4x39CPsG0y6R2_-Eeqw9Pf14RlX9sHvLDtKuC0rc35Z02y9mMjWfk3wLrirgvNc0zZ3QFC0EzXwI9_U3hK0V6j-epIc4kq-t6-lBzkV4n1euZJWDmfQM6AH3ULA2ApWpASzIj5LHyryitoD-3kw1RJj-VmHo9xbFZjN9bFMxrSa1c-awFIw2oAHqJDVpOgAbUoIrLpJuoo2ygBiGoB4qYsQKoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0BHRcEaNeQ2JO_9m1ewhk7AmfGZQ%26client%3Dca-pub-5720763271532377%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:19:52 GMT
content-encoding
gzip
last-modified
Wed, 19 Feb 2020 10:57:21 GMT
server
nginx
cross-origin-embedder-policy
require-corp
etag
W/"5e4d1491-646"
strict-transport-security
max-age=31536000; preload;
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=31104000, public
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
expires
Fri, 17 Mar 2023 14:19:52 GMT
animejs.js
static.criteo.net/animejs/ Frame 648B
12 KB
6 KB
Script
General
Full URL
https://static.criteo.net/animejs/animejs.js
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=YjnbBgALpckKGJhYAAcItII2jY6vLgWaMGf5xg&u=%7CEqx3jKV1DZUOfrkxdG%2BOU%2BFwN%2Bg8IQv98EAAaGYuegI%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM0j2hknANCpMoZ3wmmJmKy2vlXc6UG1VzF2Kd270zxfZ1qieSPxN3xWOPdW3T4GgFoRdOZYM0vCb57nHrvMljEyIvCs5fbPFCk2Jnmwu9Bx0CYTDsFlw5sVCwgowuIFXhzLF4TIP1GjG8Nyf4vvMXWWXmov0ib8EcLcSaPRspZkmCf9MevEvt23BMWZ9Y4bkOc20QCUEKC6QzWy5nIzMv4Q6au3s0rZx78-zQOVWlpsboorLA0boS3JYDCtmCsZwYCJm4HNgYKzwWV5zqyVvsIilH1Cd6ARi28O76Gejzt68HC2YnQlyYbauKXX35m9vv44ZHdAMx3mzK-Rt12ufJcj1D1YnLRltkgf9ovAPulilcm1r6jIRQ34D8MDDy-tUHLyuEk4c19BNscbe9NaH1LLk4ozTzBY_Bt0o8hTLbU0k&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCnoeJBts5YsnLLtiwYrSRnEjJntKxXMWMi-CaAcCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi01NzIwNzYzMjcxNTMyMzc3oAHVttLqA8gBCakCWCz0URRysj6oAwGqBNkBT9Dqc6f432dl7Jml4Oo6vS0gRzGVHTWGXZ7AFz43ZuhgRHN0Ud2VGLX4IgJ4-Sm7owrZyBunr3-Axwr6AIxzF1oA9rZ0mjWxuofq2cqJXAkhU1To_uIcQuAKfxOOFXxIQdkyzcJd2V6qNbKRvaWpl9jb2KgiBg_TwO-k4eF8bS4uC6F9UWonvLcTK40rlzrvju_pUA949xUNVEbgzkriyG-b9NzUgc3yI0dhkQDczdhPS-OIqjVVR1fIFS7Af7iWFGLcgH1IeNjuXxgwyfl7Klxzec5tVW1uzYAG1KCKy6SbqKNsoAYhqAeKmLECqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_2_Pu_weGdscXD7rHQTj9bSkQpNfg%26client%3Dca-pub-5720763271532377%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
a2e14a498cfcc1b6920f069a9d657ad3c6fbbe217dd26dbfe54815db5107fed6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:19:52 GMT
content-encoding
gzip
last-modified
Tue, 26 Mar 2019 17:44:11 GMT
server
nginx
cross-origin-embedder-policy
require-corp
etag
W/"5c9a64eb-3181"
strict-transport-security
max-age=31536000; preload;
content-type
text/javascript
access-control-allow-origin
*
cache-control
max-age=31104000, public
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
expires
Fri, 17 Mar 2023 14:19:52 GMT
img
pix.eu.criteo.net/img/ Frame 648B
7 KB
7 KB
Image
General
Full URL
https://pix.eu.criteo.net/img/img?h=396&m=0&partner=2861&q=80&r=0&u=http%3A%2F%2Fstatic.nl.eu.criteo.net%2Fdesign%2Fdt%2F2861%2F190124%2F79f2c646e3f74b54931cff1f39d769d0_blue.png&v=3&w=196&s=VeFegqT8bXFJP1TUO2R8q-fm
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=YjnbBgALpckKGJhYAAcItII2jY6vLgWaMGf5xg&u=%7CEqx3jKV1DZUOfrkxdG%2BOU%2BFwN%2Bg8IQv98EAAaGYuegI%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM0j2hknANCpMoZ3wmmJmKy2vlXc6UG1VzF2Kd270zxfZ1qieSPxN3xWOPdW3T4GgFoRdOZYM0vCb57nHrvMljEyIvCs5fbPFCk2Jnmwu9Bx0CYTDsFlw5sVCwgowuIFXhzLF4TIP1GjG8Nyf4vvMXWWXmov0ib8EcLcSaPRspZkmCf9MevEvt23BMWZ9Y4bkOc20QCUEKC6QzWy5nIzMv4Q6au3s0rZx78-zQOVWlpsboorLA0boS3JYDCtmCsZwYCJm4HNgYKzwWV5zqyVvsIilH1Cd6ARi28O76Gejzt68HC2YnQlyYbauKXX35m9vv44ZHdAMx3mzK-Rt12ufJcj1D1YnLRltkgf9ovAPulilcm1r6jIRQ34D8MDDy-tUHLyuEk4c19BNscbe9NaH1LLk4ozTzBY_Bt0o8hTLbU0k&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCnoeJBts5YsnLLtiwYrSRnEjJntKxXMWMi-CaAcCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi01NzIwNzYzMjcxNTMyMzc3oAHVttLqA8gBCakCWCz0URRysj6oAwGqBNkBT9Dqc6f432dl7Jml4Oo6vS0gRzGVHTWGXZ7AFz43ZuhgRHN0Ud2VGLX4IgJ4-Sm7owrZyBunr3-Axwr6AIxzF1oA9rZ0mjWxuofq2cqJXAkhU1To_uIcQuAKfxOOFXxIQdkyzcJd2V6qNbKRvaWpl9jb2KgiBg_TwO-k4eF8bS4uC6F9UWonvLcTK40rlzrvju_pUA949xUNVEbgzkriyG-b9NzUgc3yI0dhkQDczdhPS-OIqjVVR1fIFS7Af7iWFGLcgH1IeNjuXxgwyfl7Klxzec5tVW1uzYAG1KCKy6SbqKNsoAYhqAeKmLECqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_2_Pu_weGdscXD7rHQTj9bSkQpNfg%26client%3Dca-pub-5720763271532377%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
pix.par.vip.prod.criteo.com
Software
Finatra /
Resource Hash
bfcd7a262745ac2a8520d46dbe261c5db424c001970e9ebe83c440bfb48454f7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:19:51 GMT
last-modified
Wed, 4 Jun 2008 06:06:06 GMT
server
Finatra
vary
Origin
content-type
image/png
cache-control
public, max-age=29885869
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; preload;
timing-allow-origin
*
content-length
6722
expires
Fri, 03 Mar 2023 11:57:41 GMT
img
pix.eu.criteo.net/img/ Frame 648B
2 KB
2 KB
Image
General
Full URL
https://pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=2861&q=80&r=0&u=http%3A%2F%2Fwww.stepstone.de%2Fupload_DE%2Flogo%2F6%2FlogoBosch-Gruppe-2804DE-1909091413.gif%3Feb%3D1&v=3&w=800&s=HYbmSDVtbe5wAnm1TH3AhaIB&b=800
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=YjnbBgALpckKGJhYAAcItII2jY6vLgWaMGf5xg&u=%7CEqx3jKV1DZUOfrkxdG%2BOU%2BFwN%2Bg8IQv98EAAaGYuegI%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM0j2hknANCpMoZ3wmmJmKy2vlXc6UG1VzF2Kd270zxfZ1qieSPxN3xWOPdW3T4GgFoRdOZYM0vCb57nHrvMljEyIvCs5fbPFCk2Jnmwu9Bx0CYTDsFlw5sVCwgowuIFXhzLF4TIP1GjG8Nyf4vvMXWWXmov0ib8EcLcSaPRspZkmCf9MevEvt23BMWZ9Y4bkOc20QCUEKC6QzWy5nIzMv4Q6au3s0rZx78-zQOVWlpsboorLA0boS3JYDCtmCsZwYCJm4HNgYKzwWV5zqyVvsIilH1Cd6ARi28O76Gejzt68HC2YnQlyYbauKXX35m9vv44ZHdAMx3mzK-Rt12ufJcj1D1YnLRltkgf9ovAPulilcm1r6jIRQ34D8MDDy-tUHLyuEk4c19BNscbe9NaH1LLk4ozTzBY_Bt0o8hTLbU0k&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCnoeJBts5YsnLLtiwYrSRnEjJntKxXMWMi-CaAcCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi01NzIwNzYzMjcxNTMyMzc3oAHVttLqA8gBCakCWCz0URRysj6oAwGqBNkBT9Dqc6f432dl7Jml4Oo6vS0gRzGVHTWGXZ7AFz43ZuhgRHN0Ud2VGLX4IgJ4-Sm7owrZyBunr3-Axwr6AIxzF1oA9rZ0mjWxuofq2cqJXAkhU1To_uIcQuAKfxOOFXxIQdkyzcJd2V6qNbKRvaWpl9jb2KgiBg_TwO-k4eF8bS4uC6F9UWonvLcTK40rlzrvju_pUA949xUNVEbgzkriyG-b9NzUgc3yI0dhkQDczdhPS-OIqjVVR1fIFS7Af7iWFGLcgH1IeNjuXxgwyfl7Klxzec5tVW1uzYAG1KCKy6SbqKNsoAYhqAeKmLECqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_2_Pu_weGdscXD7rHQTj9bSkQpNfg%26client%3Dca-pub-5720763271532377%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
pix.par.vip.prod.criteo.com
Software
Finatra /
Resource Hash
490319aff00a55cfc00d9e24f71f39fc0801858055c62c07bec8fabf2f6e24ff
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:19:51 GMT
last-modified
Wed, 4 Jun 2008 06:06:06 GMT
server
Finatra
vary
Origin
content-type
image/webp
cache-control
public, max-age=1951066
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; preload;
timing-allow-origin
*
content-length
1584
expires
Thu, 14 Apr 2022 04:17:38 GMT
img
pix.eu.criteo.net/img/ Frame 648B
1 KB
2 KB
Image
General
Full URL
https://pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=2861&q=80&r=0&u=http%3A%2F%2Fwww.stepstone.de%2Fupload_DE%2Flogo%2F8%2FlogoCapgemini-Invent-22500DE-2108181202.gif%3Feb%3D1&v=3&w=800&s=tVkfmikv7VsuRPZ-a-VAh2e4&b=800
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=YjnbBgALpckKGJhYAAcItII2jY6vLgWaMGf5xg&u=%7CEqx3jKV1DZUOfrkxdG%2BOU%2BFwN%2Bg8IQv98EAAaGYuegI%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM0j2hknANCpMoZ3wmmJmKy2vlXc6UG1VzF2Kd270zxfZ1qieSPxN3xWOPdW3T4GgFoRdOZYM0vCb57nHrvMljEyIvCs5fbPFCk2Jnmwu9Bx0CYTDsFlw5sVCwgowuIFXhzLF4TIP1GjG8Nyf4vvMXWWXmov0ib8EcLcSaPRspZkmCf9MevEvt23BMWZ9Y4bkOc20QCUEKC6QzWy5nIzMv4Q6au3s0rZx78-zQOVWlpsboorLA0boS3JYDCtmCsZwYCJm4HNgYKzwWV5zqyVvsIilH1Cd6ARi28O76Gejzt68HC2YnQlyYbauKXX35m9vv44ZHdAMx3mzK-Rt12ufJcj1D1YnLRltkgf9ovAPulilcm1r6jIRQ34D8MDDy-tUHLyuEk4c19BNscbe9NaH1LLk4ozTzBY_Bt0o8hTLbU0k&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCnoeJBts5YsnLLtiwYrSRnEjJntKxXMWMi-CaAcCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi01NzIwNzYzMjcxNTMyMzc3oAHVttLqA8gBCakCWCz0URRysj6oAwGqBNkBT9Dqc6f432dl7Jml4Oo6vS0gRzGVHTWGXZ7AFz43ZuhgRHN0Ud2VGLX4IgJ4-Sm7owrZyBunr3-Axwr6AIxzF1oA9rZ0mjWxuofq2cqJXAkhU1To_uIcQuAKfxOOFXxIQdkyzcJd2V6qNbKRvaWpl9jb2KgiBg_TwO-k4eF8bS4uC6F9UWonvLcTK40rlzrvju_pUA949xUNVEbgzkriyG-b9NzUgc3yI0dhkQDczdhPS-OIqjVVR1fIFS7Af7iWFGLcgH1IeNjuXxgwyfl7Klxzec5tVW1uzYAG1KCKy6SbqKNsoAYhqAeKmLECqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_2_Pu_weGdscXD7rHQTj9bSkQpNfg%26client%3Dca-pub-5720763271532377%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
pix.par.vip.prod.criteo.com
Software
Finatra /
Resource Hash
28dd16c670efe7d607a46f8232d78b0c8470d2b9395042a6cd18254f6fcc4199
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:19:52 GMT
last-modified
Wed, 4 Jun 2008 06:06:06 GMT
server
Finatra
vary
Origin
content-type
image/webp
cache-control
public, max-age=989440
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; preload;
timing-allow-origin
*
content-length
1482
expires
Sun, 03 Apr 2022 01:10:32 GMT
img
pix.eu.criteo.net/img/ Frame 648B
1 KB
1 KB
Image
General
Full URL
https://pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=2861&q=80&r=0&u=http%3A%2F%2Fwww.stepstone.de%2Fupload_DE%2Flogo%2FZ%2FlogoZEISS-3427DE.gif%3Feb%3D1&v=3&w=800&s=RrXO-dKDwT9QyY0iBiT47Xw6&b=800
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=YjnbBgALpckKGJhYAAcItII2jY6vLgWaMGf5xg&u=%7CEqx3jKV1DZUOfrkxdG%2BOU%2BFwN%2Bg8IQv98EAAaGYuegI%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM0j2hknANCpMoZ3wmmJmKy2vlXc6UG1VzF2Kd270zxfZ1qieSPxN3xWOPdW3T4GgFoRdOZYM0vCb57nHrvMljEyIvCs5fbPFCk2Jnmwu9Bx0CYTDsFlw5sVCwgowuIFXhzLF4TIP1GjG8Nyf4vvMXWWXmov0ib8EcLcSaPRspZkmCf9MevEvt23BMWZ9Y4bkOc20QCUEKC6QzWy5nIzMv4Q6au3s0rZx78-zQOVWlpsboorLA0boS3JYDCtmCsZwYCJm4HNgYKzwWV5zqyVvsIilH1Cd6ARi28O76Gejzt68HC2YnQlyYbauKXX35m9vv44ZHdAMx3mzK-Rt12ufJcj1D1YnLRltkgf9ovAPulilcm1r6jIRQ34D8MDDy-tUHLyuEk4c19BNscbe9NaH1LLk4ozTzBY_Bt0o8hTLbU0k&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCnoeJBts5YsnLLtiwYrSRnEjJntKxXMWMi-CaAcCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi01NzIwNzYzMjcxNTMyMzc3oAHVttLqA8gBCakCWCz0URRysj6oAwGqBNkBT9Dqc6f432dl7Jml4Oo6vS0gRzGVHTWGXZ7AFz43ZuhgRHN0Ud2VGLX4IgJ4-Sm7owrZyBunr3-Axwr6AIxzF1oA9rZ0mjWxuofq2cqJXAkhU1To_uIcQuAKfxOOFXxIQdkyzcJd2V6qNbKRvaWpl9jb2KgiBg_TwO-k4eF8bS4uC6F9UWonvLcTK40rlzrvju_pUA949xUNVEbgzkriyG-b9NzUgc3yI0dhkQDczdhPS-OIqjVVR1fIFS7Af7iWFGLcgH1IeNjuXxgwyfl7Klxzec5tVW1uzYAG1KCKy6SbqKNsoAYhqAeKmLECqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_2_Pu_weGdscXD7rHQTj9bSkQpNfg%26client%3Dca-pub-5720763271532377%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
pix.par.vip.prod.criteo.com
Software
Finatra /
Resource Hash
a6c11502463f3445d37d3184cef1016bb3c77dbc12b88636788632bfe5e87b98
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:19:51 GMT
last-modified
Wed, 4 Jun 2008 06:06:06 GMT
server
Finatra
vary
Origin
content-type
image/webp
cache-control
public, max-age=2080813
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; preload;
timing-allow-origin
*
content-length
1244
expires
Fri, 15 Apr 2022 16:20:05 GMT
img
pix.eu.criteo.net/img/ Frame 648B
2 KB
3 KB
Image
General
Full URL
https://pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=2861&q=80&r=0&u=http%3A%2F%2Fwww.stepstone.de%2Fupload_DE%2Flogo%2FB%2FlogoRheinmetall-Group-1262DE-2101221907.gif%3Feb%3D1&v=3&w=800&s=p8qnXBvGKrDeqAMuxaFVZDnR&b=800
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=YjnbBgALpckKGJhYAAcItII2jY6vLgWaMGf5xg&u=%7CEqx3jKV1DZUOfrkxdG%2BOU%2BFwN%2Bg8IQv98EAAaGYuegI%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM0j2hknANCpMoZ3wmmJmKy2vlXc6UG1VzF2Kd270zxfZ1qieSPxN3xWOPdW3T4GgFoRdOZYM0vCb57nHrvMljEyIvCs5fbPFCk2Jnmwu9Bx0CYTDsFlw5sVCwgowuIFXhzLF4TIP1GjG8Nyf4vvMXWWXmov0ib8EcLcSaPRspZkmCf9MevEvt23BMWZ9Y4bkOc20QCUEKC6QzWy5nIzMv4Q6au3s0rZx78-zQOVWlpsboorLA0boS3JYDCtmCsZwYCJm4HNgYKzwWV5zqyVvsIilH1Cd6ARi28O76Gejzt68HC2YnQlyYbauKXX35m9vv44ZHdAMx3mzK-Rt12ufJcj1D1YnLRltkgf9ovAPulilcm1r6jIRQ34D8MDDy-tUHLyuEk4c19BNscbe9NaH1LLk4ozTzBY_Bt0o8hTLbU0k&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCnoeJBts5YsnLLtiwYrSRnEjJntKxXMWMi-CaAcCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi01NzIwNzYzMjcxNTMyMzc3oAHVttLqA8gBCakCWCz0URRysj6oAwGqBNkBT9Dqc6f432dl7Jml4Oo6vS0gRzGVHTWGXZ7AFz43ZuhgRHN0Ud2VGLX4IgJ4-Sm7owrZyBunr3-Axwr6AIxzF1oA9rZ0mjWxuofq2cqJXAkhU1To_uIcQuAKfxOOFXxIQdkyzcJd2V6qNbKRvaWpl9jb2KgiBg_TwO-k4eF8bS4uC6F9UWonvLcTK40rlzrvju_pUA949xUNVEbgzkriyG-b9NzUgc3yI0dhkQDczdhPS-OIqjVVR1fIFS7Af7iWFGLcgH1IeNjuXxgwyfl7Klxzec5tVW1uzYAG1KCKy6SbqKNsoAYhqAeKmLECqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_2_Pu_weGdscXD7rHQTj9bSkQpNfg%26client%3Dca-pub-5720763271532377%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
pix.par.vip.prod.criteo.com
Software
Finatra /
Resource Hash
cc5e65f3bf4a6f565b2e549b9b401450a1e7d283ffe50dd4a906b5375808b851
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:19:51 GMT
last-modified
Wed, 4 Jun 2008 06:06:06 GMT
server
Finatra
vary
Origin
content-type
image/png
cache-control
public, max-age=31104000
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; preload;
timing-allow-origin
*
content-length
2446
expires
Fri, 17 Mar 2023 14:19:52 GMT
img
pix.eu.criteo.net/img/ Frame 648B
6 KB
7 KB
Image
General
Full URL
https://pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=2861&q=80&r=0&u=http%3A%2F%2Fwww.stepstone.de%2Fupload_DE%2Flogo%2FE%2FlogoBMW-Group-27361DE-2101221525.gif%3Feb%3D1&v=3&w=800&s=MsH_5I1fgPst-J4Jpa9CEsh7&b=800
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=YjnbBgALpckKGJhYAAcItII2jY6vLgWaMGf5xg&u=%7CEqx3jKV1DZUOfrkxdG%2BOU%2BFwN%2Bg8IQv98EAAaGYuegI%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM0j2hknANCpMoZ3wmmJmKy2vlXc6UG1VzF2Kd270zxfZ1qieSPxN3xWOPdW3T4GgFoRdOZYM0vCb57nHrvMljEyIvCs5fbPFCk2Jnmwu9Bx0CYTDsFlw5sVCwgowuIFXhzLF4TIP1GjG8Nyf4vvMXWWXmov0ib8EcLcSaPRspZkmCf9MevEvt23BMWZ9Y4bkOc20QCUEKC6QzWy5nIzMv4Q6au3s0rZx78-zQOVWlpsboorLA0boS3JYDCtmCsZwYCJm4HNgYKzwWV5zqyVvsIilH1Cd6ARi28O76Gejzt68HC2YnQlyYbauKXX35m9vv44ZHdAMx3mzK-Rt12ufJcj1D1YnLRltkgf9ovAPulilcm1r6jIRQ34D8MDDy-tUHLyuEk4c19BNscbe9NaH1LLk4ozTzBY_Bt0o8hTLbU0k&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCnoeJBts5YsnLLtiwYrSRnEjJntKxXMWMi-CaAcCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi01NzIwNzYzMjcxNTMyMzc3oAHVttLqA8gBCakCWCz0URRysj6oAwGqBNkBT9Dqc6f432dl7Jml4Oo6vS0gRzGVHTWGXZ7AFz43ZuhgRHN0Ud2VGLX4IgJ4-Sm7owrZyBunr3-Axwr6AIxzF1oA9rZ0mjWxuofq2cqJXAkhU1To_uIcQuAKfxOOFXxIQdkyzcJd2V6qNbKRvaWpl9jb2KgiBg_TwO-k4eF8bS4uC6F9UWonvLcTK40rlzrvju_pUA949xUNVEbgzkriyG-b9NzUgc3yI0dhkQDczdhPS-OIqjVVR1fIFS7Af7iWFGLcgH1IeNjuXxgwyfl7Klxzec5tVW1uzYAG1KCKy6SbqKNsoAYhqAeKmLECqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_2_Pu_weGdscXD7rHQTj9bSkQpNfg%26client%3Dca-pub-5720763271532377%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
pix.par.vip.prod.criteo.com
Software
Finatra /
Resource Hash
f8de8ee65552be2f01a67a6dc47020a4a132e9bfe4b8eb02143d89fb2df08241
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:19:51 GMT
last-modified
Wed, 4 Jun 2008 06:06:06 GMT
server
Finatra
vary
Origin
content-type
image/png
cache-control
public, max-age=31104000
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; preload;
timing-allow-origin
*
content-length
6422
expires
Fri, 17 Mar 2023 14:19:52 GMT
img
pix.eu.criteo.net/img/ Frame 648B
1 KB
1 KB
Image
General
Full URL
https://pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=2861&q=80&r=0&u=http%3A%2F%2Fwww.stepstone.de%2Fupload_DE%2Flogo%2FJ%2FlogoJS_Deutschland_GmbH_24984DE.gif%3Feb%3D1&v=3&w=800&s=kazlmmYaf1I4CAPjpV7VMXGz&b=800
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=YjnbBgALpckKGJhYAAcItII2jY6vLgWaMGf5xg&u=%7CEqx3jKV1DZUOfrkxdG%2BOU%2BFwN%2Bg8IQv98EAAaGYuegI%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM0j2hknANCpMoZ3wmmJmKy2vlXc6UG1VzF2Kd270zxfZ1qieSPxN3xWOPdW3T4GgFoRdOZYM0vCb57nHrvMljEyIvCs5fbPFCk2Jnmwu9Bx0CYTDsFlw5sVCwgowuIFXhzLF4TIP1GjG8Nyf4vvMXWWXmov0ib8EcLcSaPRspZkmCf9MevEvt23BMWZ9Y4bkOc20QCUEKC6QzWy5nIzMv4Q6au3s0rZx78-zQOVWlpsboorLA0boS3JYDCtmCsZwYCJm4HNgYKzwWV5zqyVvsIilH1Cd6ARi28O76Gejzt68HC2YnQlyYbauKXX35m9vv44ZHdAMx3mzK-Rt12ufJcj1D1YnLRltkgf9ovAPulilcm1r6jIRQ34D8MDDy-tUHLyuEk4c19BNscbe9NaH1LLk4ozTzBY_Bt0o8hTLbU0k&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCnoeJBts5YsnLLtiwYrSRnEjJntKxXMWMi-CaAcCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi01NzIwNzYzMjcxNTMyMzc3oAHVttLqA8gBCakCWCz0URRysj6oAwGqBNkBT9Dqc6f432dl7Jml4Oo6vS0gRzGVHTWGXZ7AFz43ZuhgRHN0Ud2VGLX4IgJ4-Sm7owrZyBunr3-Axwr6AIxzF1oA9rZ0mjWxuofq2cqJXAkhU1To_uIcQuAKfxOOFXxIQdkyzcJd2V6qNbKRvaWpl9jb2KgiBg_TwO-k4eF8bS4uC6F9UWonvLcTK40rlzrvju_pUA949xUNVEbgzkriyG-b9NzUgc3yI0dhkQDczdhPS-OIqjVVR1fIFS7Af7iWFGLcgH1IeNjuXxgwyfl7Klxzec5tVW1uzYAG1KCKy6SbqKNsoAYhqAeKmLECqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_2_Pu_weGdscXD7rHQTj9bSkQpNfg%26client%3Dca-pub-5720763271532377%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
pix.par.vip.prod.criteo.com
Software
Finatra /
Resource Hash
639665b9e97aad7d30114d5b9b4d4b391d1ee6e870fd4515ec28e5a24c22863a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:19:51 GMT
last-modified
Wed, 4 Jun 2008 06:06:06 GMT
server
Finatra
vary
Origin
content-type
image/webp
cache-control
public, max-age=1816703
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; preload;
timing-allow-origin
*
content-length
1100
expires
Tue, 12 Apr 2022 14:58:16 GMT
img
pix.eu.criteo.net/img/ Frame 648B
400 B
663 B
Image
General
Full URL
https://pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=2861&q=80&r=0&u=http%3A%2F%2Fwww.stepstone.de%2Fupload_DE%2Flogo%2FD%2FlogoDB_Mobility_Logistics_AG_60544DE.gif%3Feb%3D1&v=3&w=800&s=0y_71H41LXRUcFG_iY9j6SKC&b=800
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=YjnbBgALpckKGJhYAAcItII2jY6vLgWaMGf5xg&u=%7CEqx3jKV1DZUOfrkxdG%2BOU%2BFwN%2Bg8IQv98EAAaGYuegI%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM0j2hknANCpMoZ3wmmJmKy2vlXc6UG1VzF2Kd270zxfZ1qieSPxN3xWOPdW3T4GgFoRdOZYM0vCb57nHrvMljEyIvCs5fbPFCk2Jnmwu9Bx0CYTDsFlw5sVCwgowuIFXhzLF4TIP1GjG8Nyf4vvMXWWXmov0ib8EcLcSaPRspZkmCf9MevEvt23BMWZ9Y4bkOc20QCUEKC6QzWy5nIzMv4Q6au3s0rZx78-zQOVWlpsboorLA0boS3JYDCtmCsZwYCJm4HNgYKzwWV5zqyVvsIilH1Cd6ARi28O76Gejzt68HC2YnQlyYbauKXX35m9vv44ZHdAMx3mzK-Rt12ufJcj1D1YnLRltkgf9ovAPulilcm1r6jIRQ34D8MDDy-tUHLyuEk4c19BNscbe9NaH1LLk4ozTzBY_Bt0o8hTLbU0k&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCnoeJBts5YsnLLtiwYrSRnEjJntKxXMWMi-CaAcCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi01NzIwNzYzMjcxNTMyMzc3oAHVttLqA8gBCakCWCz0URRysj6oAwGqBNkBT9Dqc6f432dl7Jml4Oo6vS0gRzGVHTWGXZ7AFz43ZuhgRHN0Ud2VGLX4IgJ4-Sm7owrZyBunr3-Axwr6AIxzF1oA9rZ0mjWxuofq2cqJXAkhU1To_uIcQuAKfxOOFXxIQdkyzcJd2V6qNbKRvaWpl9jb2KgiBg_TwO-k4eF8bS4uC6F9UWonvLcTK40rlzrvju_pUA949xUNVEbgzkriyG-b9NzUgc3yI0dhkQDczdhPS-OIqjVVR1fIFS7Af7iWFGLcgH1IeNjuXxgwyfl7Klxzec5tVW1uzYAG1KCKy6SbqKNsoAYhqAeKmLECqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_2_Pu_weGdscXD7rHQTj9bSkQpNfg%26client%3Dca-pub-5720763271532377%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
pix.par.vip.prod.criteo.com
Software
Finatra /
Resource Hash
42c9e4f9d8c14ea0ecac49e147f029a6bb58b69e544bd63667e5b0e64169f631
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:19:51 GMT
last-modified
Wed, 4 Jun 2008 06:06:06 GMT
server
Finatra
vary
Origin
content-type
image/png
cache-control
public, max-age=1399864
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; preload;
timing-allow-origin
*
content-length
400
expires
Thu, 07 Apr 2022 19:10:56 GMT
img
pix.eu.criteo.net/img/ Frame 648B
2 KB
3 KB
Image
General
Full URL
https://pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=2861&q=80&r=0&u=http%3A%2F%2Fwww.stepstone.de%2Fupload_DE%2Flogo%2F1%2FlogoAmpega-Asset-Management-GmbH-89031DE-2011181243.gif%3Feb%3D1&v=3&w=800&s=3PfOKQ178mdv-sbfl2sGSwlK&b=800
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=YjnbBgALpckKGJhYAAcItII2jY6vLgWaMGf5xg&u=%7CEqx3jKV1DZUOfrkxdG%2BOU%2BFwN%2Bg8IQv98EAAaGYuegI%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM0j2hknANCpMoZ3wmmJmKy2vlXc6UG1VzF2Kd270zxfZ1qieSPxN3xWOPdW3T4GgFoRdOZYM0vCb57nHrvMljEyIvCs5fbPFCk2Jnmwu9Bx0CYTDsFlw5sVCwgowuIFXhzLF4TIP1GjG8Nyf4vvMXWWXmov0ib8EcLcSaPRspZkmCf9MevEvt23BMWZ9Y4bkOc20QCUEKC6QzWy5nIzMv4Q6au3s0rZx78-zQOVWlpsboorLA0boS3JYDCtmCsZwYCJm4HNgYKzwWV5zqyVvsIilH1Cd6ARi28O76Gejzt68HC2YnQlyYbauKXX35m9vv44ZHdAMx3mzK-Rt12ufJcj1D1YnLRltkgf9ovAPulilcm1r6jIRQ34D8MDDy-tUHLyuEk4c19BNscbe9NaH1LLk4ozTzBY_Bt0o8hTLbU0k&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCnoeJBts5YsnLLtiwYrSRnEjJntKxXMWMi-CaAcCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi01NzIwNzYzMjcxNTMyMzc3oAHVttLqA8gBCakCWCz0URRysj6oAwGqBNkBT9Dqc6f432dl7Jml4Oo6vS0gRzGVHTWGXZ7AFz43ZuhgRHN0Ud2VGLX4IgJ4-Sm7owrZyBunr3-Axwr6AIxzF1oA9rZ0mjWxuofq2cqJXAkhU1To_uIcQuAKfxOOFXxIQdkyzcJd2V6qNbKRvaWpl9jb2KgiBg_TwO-k4eF8bS4uC6F9UWonvLcTK40rlzrvju_pUA949xUNVEbgzkriyG-b9NzUgc3yI0dhkQDczdhPS-OIqjVVR1fIFS7Af7iWFGLcgH1IeNjuXxgwyfl7Klxzec5tVW1uzYAG1KCKy6SbqKNsoAYhqAeKmLECqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_2_Pu_weGdscXD7rHQTj9bSkQpNfg%26client%3Dca-pub-5720763271532377%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
pix.par.vip.prod.criteo.com
Software
Finatra /
Resource Hash
9b313491860295518bea9cdbe75b0105cea02d1e305d5161bd7c6e1921b2a004
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:19:51 GMT
last-modified
Wed, 4 Jun 2008 06:06:06 GMT
server
Finatra
vary
Origin
content-type
image/webp
cache-control
public, max-age=2239967
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; preload;
timing-allow-origin
*
content-length
2540
expires
Sun, 17 Apr 2022 12:32:39 GMT
all
csm.eu.criteo.net/ Frame 648B
0
127 B
Ping
General
Full URL
https://csm.eu.criteo.net/all?cppv=3&cpp=FVX9iLOaLfYm41xtE0KTpaaOEaO8pdscZbVTAGkhMDukrsTcNlMhImJkoStKN7oWpwdZ0DYYgnUvocDeePiI8eoclOuqmhcfi3A932Y5pHmxEa-RBKKd6xBqGvoKj8qDpXT2oxRgthN71rdXg3b_jduuCv9sQB6GlFt4eMQ2WfRYjVxz83_YwGiHy_zcTRN6ZzJqqEl-kSEgPNsE17puq3MO_fUA6uJD4olebsQ0XyKTzY8xuZc5wU8lnD9HWJtB-KzeGg&sds=2&rev=80956&sendBeacon=true
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=YjnbBgALpckKGJhYAAcItII2jY6vLgWaMGf5xg&u=%7CEqx3jKV1DZUOfrkxdG%2BOU%2BFwN%2Bg8IQv98EAAaGYuegI%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM0j2hknANCpMoZ3wmmJmKy2vlXc6UG1VzF2Kd270zxfZ1qieSPxN3xWOPdW3T4GgFoRdOZYM0vCb57nHrvMljEyIvCs5fbPFCk2Jnmwu9Bx0CYTDsFlw5sVCwgowuIFXhzLF4TIP1GjG8Nyf4vvMXWWXmov0ib8EcLcSaPRspZkmCf9MevEvt23BMWZ9Y4bkOc20QCUEKC6QzWy5nIzMv4Q6au3s0rZx78-zQOVWlpsboorLA0boS3JYDCtmCsZwYCJm4HNgYKzwWV5zqyVvsIilH1Cd6ARi28O76Gejzt68HC2YnQlyYbauKXX35m9vv44ZHdAMx3mzK-Rt12ufJcj1D1YnLRltkgf9ovAPulilcm1r6jIRQ34D8MDDy-tUHLyuEk4c19BNscbe9NaH1LLk4ozTzBY_Bt0o8hTLbU0k&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCnoeJBts5YsnLLtiwYrSRnEjJntKxXMWMi-CaAcCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi01NzIwNzYzMjcxNTMyMzc3oAHVttLqA8gBCakCWCz0URRysj6oAwGqBNkBT9Dqc6f432dl7Jml4Oo6vS0gRzGVHTWGXZ7AFz43ZuhgRHN0Ud2VGLX4IgJ4-Sm7owrZyBunr3-Axwr6AIxzF1oA9rZ0mjWxuofq2cqJXAkhU1To_uIcQuAKfxOOFXxIQdkyzcJd2V6qNbKRvaWpl9jb2KgiBg_TwO-k4eF8bS4uC6F9UWonvLcTK40rlzrvju_pUA949xUNVEbgzkriyG-b9NzUgc3yI0dhkQDczdhPS-OIqjVVR1fIFS7Af7iWFGLcgH1IeNjuXxgwyfl7Klxzec5tVW1uzYAG1KCKy6SbqKNsoAYhqAeKmLECqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_2_Pu_weGdscXD7rHQTj9bSkQpNfg%26client%3Dca-pub-5720763271532377%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.2.150 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Finatra /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Referer
https://ads.eu.criteo.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

access-control-allow-origin
*
date
Tue, 22 Mar 2022 14:19:52 GMT
cross-origin-resource-policy
cross-origin
server
Finatra
content-length
0
strict-transport-security
max-age=31536000; preload;
criteo_logo_2021.svg
static.criteo.net/flash/icon/ Frame 648B
2 KB
1 KB
Image
General
Full URL
https://static.criteo.net/flash/icon/criteo_logo_2021.svg
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=YjnbBgALpckKGJhYAAcItII2jY6vLgWaMGf5xg&u=%7CEqx3jKV1DZUOfrkxdG%2BOU%2BFwN%2Bg8IQv98EAAaGYuegI%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM0j2hknANCpMoZ3wmmJmKy2vlXc6UG1VzF2Kd270zxfZ1qieSPxN3xWOPdW3T4GgFoRdOZYM0vCb57nHrvMljEyIvCs5fbPFCk2Jnmwu9Bx0CYTDsFlw5sVCwgowuIFXhzLF4TIP1GjG8Nyf4vvMXWWXmov0ib8EcLcSaPRspZkmCf9MevEvt23BMWZ9Y4bkOc20QCUEKC6QzWy5nIzMv4Q6au3s0rZx78-zQOVWlpsboorLA0boS3JYDCtmCsZwYCJm4HNgYKzwWV5zqyVvsIilH1Cd6ARi28O76Gejzt68HC2YnQlyYbauKXX35m9vv44ZHdAMx3mzK-Rt12ufJcj1D1YnLRltkgf9ovAPulilcm1r6jIRQ34D8MDDy-tUHLyuEk4c19BNscbe9NaH1LLk4ozTzBY_Bt0o8hTLbU0k&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCnoeJBts5YsnLLtiwYrSRnEjJntKxXMWMi-CaAcCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi01NzIwNzYzMjcxNTMyMzc3oAHVttLqA8gBCakCWCz0URRysj6oAwGqBNkBT9Dqc6f432dl7Jml4Oo6vS0gRzGVHTWGXZ7AFz43ZuhgRHN0Ud2VGLX4IgJ4-Sm7owrZyBunr3-Axwr6AIxzF1oA9rZ0mjWxuofq2cqJXAkhU1To_uIcQuAKfxOOFXxIQdkyzcJd2V6qNbKRvaWpl9jb2KgiBg_TwO-k4eF8bS4uC6F9UWonvLcTK40rlzrvju_pUA949xUNVEbgzkriyG-b9NzUgc3yI0dhkQDczdhPS-OIqjVVR1fIFS7Af7iWFGLcgH1IeNjuXxgwyfl7Klxzec5tVW1uzYAG1KCKy6SbqKNsoAYhqAeKmLECqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_2_Pu_weGdscXD7rHQTj9bSkQpNfg%26client%3Dca-pub-5720763271532377%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:19:52 GMT
content-encoding
gzip
last-modified
Thu, 27 May 2021 13:21:59 GMT
server
nginx
cross-origin-embedder-policy
require-corp
etag
W/"60af9cf7-891"
strict-transport-security
max-age=31536000; preload;
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=31104000, public
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
expires
Fri, 17 Mar 2023 14:19:52 GMT
privacy.svg
static.criteo.net/flash/icon/ Frame 648B
2 KB
1 KB
Image
General
Full URL
https://static.criteo.net/flash/icon/privacy.svg
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=YjnbBgALpckKGJhYAAcItII2jY6vLgWaMGf5xg&u=%7CEqx3jKV1DZUOfrkxdG%2BOU%2BFwN%2Bg8IQv98EAAaGYuegI%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM0j2hknANCpMoZ3wmmJmKy2vlXc6UG1VzF2Kd270zxfZ1qieSPxN3xWOPdW3T4GgFoRdOZYM0vCb57nHrvMljEyIvCs5fbPFCk2Jnmwu9Bx0CYTDsFlw5sVCwgowuIFXhzLF4TIP1GjG8Nyf4vvMXWWXmov0ib8EcLcSaPRspZkmCf9MevEvt23BMWZ9Y4bkOc20QCUEKC6QzWy5nIzMv4Q6au3s0rZx78-zQOVWlpsboorLA0boS3JYDCtmCsZwYCJm4HNgYKzwWV5zqyVvsIilH1Cd6ARi28O76Gejzt68HC2YnQlyYbauKXX35m9vv44ZHdAMx3mzK-Rt12ufJcj1D1YnLRltkgf9ovAPulilcm1r6jIRQ34D8MDDy-tUHLyuEk4c19BNscbe9NaH1LLk4ozTzBY_Bt0o8hTLbU0k&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCnoeJBts5YsnLLtiwYrSRnEjJntKxXMWMi-CaAcCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi01NzIwNzYzMjcxNTMyMzc3oAHVttLqA8gBCakCWCz0URRysj6oAwGqBNkBT9Dqc6f432dl7Jml4Oo6vS0gRzGVHTWGXZ7AFz43ZuhgRHN0Ud2VGLX4IgJ4-Sm7owrZyBunr3-Axwr6AIxzF1oA9rZ0mjWxuofq2cqJXAkhU1To_uIcQuAKfxOOFXxIQdkyzcJd2V6qNbKRvaWpl9jb2KgiBg_TwO-k4eF8bS4uC6F9UWonvLcTK40rlzrvju_pUA949xUNVEbgzkriyG-b9NzUgc3yI0dhkQDczdhPS-OIqjVVR1fIFS7Af7iWFGLcgH1IeNjuXxgwyfl7Klxzec5tVW1uzYAG1KCKy6SbqKNsoAYhqAeKmLECqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_2_Pu_weGdscXD7rHQTj9bSkQpNfg%26client%3Dca-pub-5720763271532377%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:19:52 GMT
content-encoding
gzip
last-modified
Wed, 19 Feb 2020 10:57:21 GMT
server
nginx
cross-origin-embedder-policy
require-corp
etag
W/"5e4d1491-646"
strict-transport-security
max-age=31536000; preload;
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=31104000, public
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
expires
Fri, 17 Mar 2023 14:19:52 GMT
memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v28/ Frame 1B99
44 KB
44 KB
Font
General
Full URL
https://fonts.gstatic.com/s/opensans/v28/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open%20Sans%3A400%2C700%7COpen%20Sans%3A300%2C400
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
88915cdc03fc5b9a20aec966fe93ee38aa3fd76bfef296e41d305271b3541c96
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://googleads.g.doubleclick.net
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 15 Mar 2022 22:45:30 GMT
x-content-type-options
nosniff
age
574462
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
44656
x-xss-protection
0
last-modified
Tue, 01 Mar 2022 22:03:03 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 15 Mar 2023 22:45:30 GMT
st
imprammp.taboola.com/ Frame 52E6
0
54 B
Document
General
Full URL
https://imprammp.taboola.com/st?cipid=7991117&ttype=0&cirid=44759F818E51156803581966320&cicmp=1337627&cijs=1&dast=V7peoCFgMx4ZFo0aUEZgQx4ZFo0aUEZgUAAAAGBugHHDTarZYz4mK4Yi0Wq9lwMFmsJsvdbjbbDJYwMYvFYjRcrUZjzWKxGE1mq-EUDLbwOd3dbeBA0-nwue71ut_vLjpaXg7T22l3We56y88vBwAAAIAHAKKWaIgd34b2CAAAAAAJnpFrBYqAin8LgQsAAAAADAACsXANACiOAvYb7S5_AAA8KIAAAAhghAAcgk-IAAAAAIwAAAAAkAAIJBaWADjcLZoAAAT8xf5XwpwAAAAc1Mk8bbP8____xwDkvTfJAFCkbdwY9AA8-AA8CAEAAHwMgSwM-LLLFaoTFUAWMQIAAADIrd4kPZrUCZVF1f___78VwBUAQMBf7H_lUdbNSTFrGAAAAMDYAj0sfr_ZYdf43S77_________zf7PwNAE4ISfkwLYkCxV-MZuVZY-wUEAGB7NwCANwG4mAOwAwAAALj7____zwMAAFDao2R7rcazR1nvM9jC53R312_CFqPVZLJZDmfLxWQwHA1Ho_0J5HKAEzFYLieTxWS3Gq1Gm-FuNBssUCAGE6Ro0WCyGo0mi8lwNZqsZsvFbrdBilatZqPNYLiaTWa73Wo4GC5HI5ywxWg1mWyWw9lyMRkMR8PRaIgHVefS-bw6FQ_m43Luaxc-PsRwNZcsNnPFajVXzEarBAAAAAAAAACwhCnzJgAAAACnQcxmk91uxY03eyaItVotawAAAABu3cgB!&excid=22&tst=1&docw=0&cs=false
Requested by
Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=56e008e903a7e3a3b98e19f313435afe
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.threatminer.org/

Response headers

server
nginx
accept-ranges
bytes
date
Tue, 22 Mar 2022 14:19:52 GMT
via
1.1 varnish
x-served-by
cache-hhn4027-HHN
x-cache
MISS
x-cache-hits
0
x-timer
S1647958792.223871,VS0,VE279
content-length
0
cmTagCUSTOM.js
vidstat.taboola.com/vpaid/units/30_3_6010/infra/
604 KB
112 KB
Script
General
Full URL
https://vidstat.taboola.com/vpaid/units/30_3_6010/infra/cmTagCUSTOM.js
Requested by
Host: vidstat.taboola.com
URL: https://vidstat.taboola.com/vpaid/units/27_2_17/creatives/creative_js.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3-br /
Resource Hash
f11884de40899d47234c1cf86074c4e1daf2adf2b83ecff07996dba83044fa47

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.threatminer.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:19:52 GMT
via
1.1 varnish
age
2515175
x-amz-meta-mtime
1637665336
x-cache
HIT
x-amz-meta-ctime
1637665337
x-amz-meta-mode
33188
content-encoding
br
content-length
114684
x-amz-id-2
0nGhQyYL6JJMNrNtgN9DZ54Xe47FlcMytbRNYowkLHISIE+ayuuCG0l+V0ZSZ+siOhY7wKkivBg=
x-served-by
cache-hhn4027-HHN
accept-ranges
bytes
last-modified
Tue, 23 Nov 2021 11:02:18 GMT
server
AmazonS3-br
x-timer
S1647958792.223468,VS0,VE0
etag
"c85616763ae0c5c14b78b36594bb92db"
x-amz-meta-uid
0
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS, HEAD
x-amz-request-id
1BJTM91JQABF5B1D
access-control-allow-origin
*
cache-control
public, max-age=2592000
x-amz-meta-gid
0
content-type
application/javascript
access-control-allow-headers
*
x-cache-hits
5466
cmOsUnit.css
vidstat.taboola.com/vpaid/units/30_3_6010/assets/css/
61 KB
8 KB
Stylesheet
General
Full URL
https://vidstat.taboola.com/vpaid/units/30_3_6010/assets/css/cmOsUnit.css
Requested by
Host: vidstat.taboola.com
URL: https://vidstat.taboola.com/vpaid/units/27_2_17/creatives/creative_js.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3-br /
Resource Hash
e811e414f4376d969d84db459974e258fbea5cb9aaa9fc90049c18946eb2a6e7

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.threatminer.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:19:52 GMT
via
1.1 varnish
age
481324
x-amz-meta-mtime
1637665346
x-cache
HIT
x-amz-meta-ctime
1637665346
x-amz-meta-mode
33188
content-encoding
br
content-length
8011
x-amz-id-2
m4Njt8l0KdE3b55Hic+YCWDucCH5XuqfB7qM4dNOwqD7j/jiiFtNBeDgAuVSAaaNEmlg6m4bOho=
x-served-by
cache-hhn4027-HHN
accept-ranges
bytes
last-modified
Tue, 23 Nov 2021 11:02:27 GMT
server
AmazonS3-br
x-timer
S1647958792.223729,VS0,VE0
etag
"35d592e602402e62e13fc963c20298fc"
x-amz-meta-uid
0
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS, HEAD
x-amz-request-id
9G30P57KSQ4SMK01
access-control-allow-origin
*
cache-control
public, max-age=2592000
x-amz-meta-gid
0
content-type
text/css
access-control-allow-headers
*
x-cache-hits
5124
st
imprammp.taboola.com/ Frame E156
0
54 B
Document
General
Full URL
https://imprammp.taboola.com/st?cipid=7991117&ttype=0&cirid=ECABE043CF1215893371463688933&cicmp=1337627&cijs=1&dast=V7dHsCFgMx4ZFo0aUEZgQx4ZFo0aUEZgUAAAAGBugHHcVhUFiE0WZDY0wWq-Fys5ktRoPJbDKabUZLmJjFYjEarlajsWaxWIwms9VwCgZb-Jzu7jZwoOl0-Fz3et3vdxcdLS-H6e20uyx3veXnlwMAAADAAwBRSzTEjm9DewQAAACABM_ItQJFQMW_hcAFAAAAAAYAgVi4BgAURwH7jXaXPwAAHhRAAAAEMEIADsEVRAAAAABGAAAAAEgABBILSwAc7hZNAAAC_mL_K51OAAAADupknrZZ_v___2MA8t6bZAAo0jZuDHoAHnwAHoQAAAA-hoi5Z63cwRQLiQpUixgBAAAA5FZvkh5N6oTKour____fCuAKACDgL_a_Mi3r5qSYNQwAAABgbIEeFr_f7LBr_G6X_f________-b_Z8BoAlBCT-mBTGg2KvxjFwrrP0CAgCwvRsAwJsAXMwB2AEAAADc_f___-cBAAAI7VGyvVbj2aOs9xls4XO6u-s3YYvRajLZLIez5WIyGI6Go9H-BHI5wIkYLJeTyWKyW41Wo81wN5oNFigQgwlStGgwWY1Gk8VkuBpNVrPlYrfbIEWrVrPRZjBczSaz3W41HAyXoxFO2GK0mkw2y-FsuZgMhqPhaDTEg6pz6XxenYoH83E597ULHx9iuJpLFpu5YrWaK2ajVQIAAAAAAAAAWMKUeRMAAACA0yBms8lut-LGmz0TxFqtljUAAAAAt27kAA!&excid=22&tst=1&docw=0&cs=false
Requested by
Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=56e008e903a7e3a3b98e19f313435afe
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.threatminer.org/

Response headers

server
nginx
accept-ranges
bytes
date
Tue, 22 Mar 2022 14:19:52 GMT
via
1.1 varnish
x-served-by
cache-hhn4027-HHN
x-cache
MISS
x-cache-hits
0
x-timer
S1647958792.225085,VS0,VE114
content-length
0
st
imprammp.taboola.com/ Frame CC20
0
67 B
Document
General
Full URL
https://imprammp.taboola.com/st?cipid=7991117&ttype=0&cirid=B02133C1FC1226639681602768572&cicmp=1337627&cijs=1&dast=V7dvoCFgMx4ZFo0aUEZgQx4ZFo0aUEZgUAAAAGBugHHEKYLDabDWPGYUwms9lmOdvtFsvNajRZjpYwMYvFYjRcrUZjzWKxGE1mq-EUDLbwOd3dbeBA0-nwue71ut_vLjpaXg7T22l3We56y88vBwAAAIAHAKKWaIgd34b2CAAAAAAJnpFrBYqAin8LgQsAAAAADAACsXANACiOAvYb7S5_AAA8KIAAAAhghAAcgk-IAAAAAIwAAAAAkAAIJBaWADjcLZoAAAT8xf5XwpwAAAAc1Mk8bbP8____xwDkvTfJAFCkbdwY9AA8-AA8CAEAAHwM-cKS_njPqT8TFYgWMQIAAADIrd4kPZrUCZVF1f___78VwBUAQMBf7H9lUNbNSTFrGAAAAMDYAj0sfr_ZYdf43S77_________zf7PwNAE4ISfkwLYkCxV-MZuVZY-wUEAGB7NwCANwG4mAOwAwAAALj7____zwMAANDYo2R7rcazR1nvM9jC53R312_CFqPVZLJZDmfLxWQwHA1Ho_0J5HKAEzFYLieTxWS3Gq1Gm-FuNBssUCAGE6Ro0WCyGo0mi8lwNZqsZsvFbrdBilatZqPNYLiaTWa73Wo4GC5HI5ywxWg1mWyWw9lyMRkMR8PRaIgHVefS-bw6FQ_m43Luaxc-PsRwNZcsNnPFajVXzEarBAAAAAAAAACwhCnzJgAAAACnQcxmk91uxY03eyaItVotawAAAABu3cgB!&excid=22&tst=1&docw=0&cs=false
Requested by
Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=56e008e903a7e3a3b98e19f313435afe
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.threatminer.org/

Response headers

server
nginx
accept-ranges
bytes
date
Tue, 22 Mar 2022 14:19:52 GMT
via
1.1 varnish
x-served-by
cache-hhn4027-HHN
x-cache
MISS
x-cache-hits
0
x-timer
S1647958792.226119,VS0,VE9
content-length
0
integrator.js
adservice.google.de/adsid/
107 B
122 B
Script
General
Full URL
https://adservice.google.de/adsid/integrator.js?domain=www.threatminer.org
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202203170101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-5720763271532377&plah=www.threatminer.org&bust=31065702
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.threatminer.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin
*
date
Tue, 22 Mar 2022 14:19:52 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/
107 B
122 B
Script
General
Full URL
https://adservice.google.com/adsid/integrator.js?domain=www.threatminer.org
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202203170101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-5720763271532377&plah=www.threatminer.org&bust=31065702
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.threatminer.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin
*
date
Tue, 22 Mar 2022 14:19:52 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
zrt_lookup.html
googleads.g.doubleclick.net/pagead/html/r20220317/r20110914/ Frame D19A
10 KB
4 KB
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/html/r20220317/r20110914/zrt_lookup.html?fsb=1
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202203170101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-5720763271532377&plah=www.threatminer.org&bust=31065702
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
0ce5fc08d0f617e71e1d61bcd79fc7cc1855f4221945b0c09ac774685fe7f52c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.threatminer.org/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
vary
Accept-Encoding
x-content-type-options
nosniff
content-encoding
gzip
server
cafe
content-length
4502
x-xss-protection
0
date
Mon, 21 Mar 2022 23:13:42 GMT
expires
Mon, 04 Apr 2022 23:13:42 GMT
cache-control
public, max-age=1209600
age
54370
etag
4044455266028820542
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
zrt_lookup.html
googleads.g.doubleclick.net/pagead/html/r20220317/r20110914/ Frame E9DB
10 KB
4 KB
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/html/r20220317/r20110914/zrt_lookup.html?fsb=1
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202203170101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-5720763271532377&plah=www.threatminer.org&bust=31065702
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
0ce5fc08d0f617e71e1d61bcd79fc7cc1855f4221945b0c09ac774685fe7f52c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.threatminer.org/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
vary
Accept-Encoding
x-content-type-options
nosniff
content-encoding
gzip
server
cafe
content-length
4502
x-xss-protection
0
date
Mon, 21 Mar 2022 23:13:42 GMT
expires
Mon, 04 Apr 2022 23:13:42 GMT
cache-control
public, max-age=1209600
age
54370
etag
4044455266028820542
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
J_qxQZjuUB_uQp7BvnBI0K8a5e4rJKdHhykRiRTCxyY.js
pagead2.googlesyndication.com/bg/ Frame 039B
36 KB
14 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/bg/J_qxQZjuUB_uQp7BvnBI0K8a5e4rJKdHhykRiRTCxyY.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&h=200&slotname=1381165906&adk=2644663765&adf=151644923&pi=t.ma~as.1381165906&w=1182&fwrn=4&lmt=1647958790&rafmt=11&psa=0&format=1182x200&url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1647958790503&bpp=1&bdt=390&idt=168&shv=r20220317&mjsv=m202203170101&ptt=9&saldr=aa&abxe=1&prev_fmts=299x250%2C299x600&correlator=1619148827151&frm=20&pv=1&ga_vid=288048568.1647958790&ga_sid=1647958791&ga_hid=1115656681&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=359&ady=115&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C21066432%2C31065702%2C44760495%2C31063247&oid=2&pvsid=3871871897982972&pem=22&tmod=415969553&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=aLQZDLGjzi&p=https%3A//www.threatminer.org&dtd=170
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
27fab14198ee501fee429ec1be7048d0af1ae5ee2b24a7478729118914c2c726
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 13:32:52 GMT
content-encoding
br
x-content-type-options
nosniff
age
2820
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13888
x-xss-protection
0
last-modified
Mon, 14 Mar 2022 11:18:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Wed, 22 Mar 2023 13:32:52 GMT
st
imprammp.taboola.com/ Frame A0C3
0
53 B
Document
General
Full URL
https://imprammp.taboola.com/st?cipid=7991117&ttype=0&cirid=ECABE043CF121589451524359636&cicmp=1337627&cijs=1&dast=V7oWYCFgMx4ZFo0aUEZgQx4ZFo0aUEZgUAAAAGBugHHcVhUFiE0WZDY0wWq-FytBosZsPBZLUcrFZLmJjFYjEarlajsWaxWIwms9VwCgZb-Jzu7jZwoOl0-Fz3et3vdxcdLS-H6e20uyx3veXnlwMAAADAAwBRSzTEjm9DewQAAACABM_ItQJFQMW_hcAFAAAAAAYAgVi4BgAURwH7jXaXPwAAHhRAAAAEMEIADsFRRAAAAABGAAAAAEgABBILSwAc7hZNAAAC_mL_K2dPAAAADupknrZZ_v___2MA8t6bZAAo0jZuDHoAHnwAHoQAAAA-hqQ3G9idfCFqiApUixgBAAAA5FZvkh5N6oTKour____fCuAKACDgL_a_Mjjr5qSYNQwAAABgbIEeFr_f7LBr_G6X_f________-b_Z8BoAlBCT-mBTGg2KvxjFwrrP0CAgCwvRsAwJsAXMwB2AEAAADc_f___-cBAACE7VGyvVbj2aOs9xls4XO6u-s3YYvRajLZLIez5WIyGI6Go9H-BHI5wIkYLJeTyWKyW41Wo81wN5oNFigQgwlStGgwWY1Gk8VkuBpNVrPlYrfbIEWrVrPRZjBczSaz3W41HAyXoxFO2GK0mkw2y-FsuZgMhqPhaDTEg6pz6XxenYoH83E597ULHx9iuJpLFpu5YrWaK2ajVQIAAAAAAAAAWMKUeRMAAACA0yBms8lut-LGmz0TxFqtljUAAAAAt27kAA!&excid=22&tst=1&docw=0&cs=false
Requested by
Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=56e008e903a7e3a3b98e19f313435afe
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.threatminer.org/

Response headers

server
nginx
accept-ranges
bytes
date
Tue, 22 Mar 2022 14:19:52 GMT
via
1.1 varnish
x-served-by
cache-hhn4027-HHN
x-cache
MISS
x-cache-hits
0
x-timer
S1647958792.309874,VS0,VE12
content-length
0
truncated
/
2 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
1f42b6c9dab0b73174621c0daba5d82d4f2d841fed05a3784952e660b13fb78b

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type
image/png
adview.htm
rt3001.infolinks.com/action/
0
178 B
Image
General
Full URL
https://rt3001.infolinks.com/action/adview.htm?rid=3c640820-1335-4f96-93da-56f35757e8b9&bdc=1&midx=0&emd=NDI0fjY0MDI4Ml82NDM3NTI&rts=1647958792308&prod_t=d&jsv=1789.003-3.025&skin=sidebar&theme=lightBlue&sdata=license&scs=0ufidKdznN&rsd=OpPuJcyN72mzOx00Fnwoyd9zGwK4qoC-2CuOJ9GdGR3bifwmlhWyPUmlUKMjlldkHAYSJBTAE9JrcPK4HqiMf8UzLo7H5CgOyRMPNcSH3cv5fnwEcZrSiG3K40YFL3jOU8BiKsPlV4xFBH5qye4iMiergXF5QwoQo-KSigsMI3s&rsk=15&rcs=wxV5p7UxsEGyd9AXh3HmHw
Requested by
Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=56e008e903a7e3a3b98e19f313435afe
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.threatminer.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 22 Mar 2022 14:19:52 GMT
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p
CP="NON DSP NID OUR COR"
content-type
text/html;charset=UTF-8
cache-control
no-cache,no-store
cf-ray
6eff90941b349978-FRA
content-length
0
x-application-context
application:prod
expires
Thu, 01 Jan 1970 00:00:00 GMT
/
node228.impressionssl.adshop.infolinks.com/impression/
37 B
221 B
Image
General
Full URL
https://node228.impressionssl.adshop.infolinks.com/impression/?vh=1415704777&agy=414981&aid=637313&cid=640282&gid=643746&id=643752&st=1647958792&kwid=0&skw=license&sid=3241790_0&sip=3117783808&pid=15&tid=2&mime=image/png&dev=0&mtyp=502&agtyp=0&rid=3c640820-1335-4f96-93da-56f35757e8b9&idfa=&gaid=&site_cat=5&pixel=1
Requested by
Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=56e008e903a7e3a3b98e19f313435afe
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
199.212.255.247 , Canada, ASN25948 (FHMNET, CA),
Reverse DNS
Software
nginx/1.16.1 /
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.threatminer.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 22 Mar 2022 14:19:52 GMT
x-replied-from
199.212.255.222:26080
server
nginx/1.16.1
content-type
image/gif
cache-control
no-cache, max-age=0, must-revalidate, no-store, post-check=0, pre-check=0
content-length
37
expires
0
amp4ads-host-v0.js
cdn.ampproject.org/rtv/012203150226000/
23 KB
8 KB
Script
General
Full URL
https://cdn.ampproject.org/rtv/012203150226000/amp4ads-host-v0.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202203170101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-5720763271532377&plah=www.threatminer.org&bust=31065702
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
9479b3e3bef0f6427206cadb155b1f1e0197e6d87356db3a4dee7732273b2b80
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.threatminer.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
76166
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
8029
x-xss-protection
0
server
sffe
date
Mon, 21 Mar 2022 17:10:26 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"e862474745e2e7b9"
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Tue, 21 Mar 2023 17:10:26 GMT
ping
links.services.disqus.com/api/
317 B
754 B
XHR
General
Full URL
https://links.services.disqus.com/api/ping
Requested by
Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/alfie_v4.63f1ab6d6b9d5807dc0c94ef3fe0b851.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
199.232.192.64 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Apache-Coyote/1.1 /
Resource Hash
53c4e73aab9fe883d50f9493481dd5acde9e1b0d92fef922c1d3aa1788c9b8b3

Request headers

Referer
https://www.threatminer.org/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

Pragma
no-cache
Date
Tue, 22 Mar 2022 14:19:52 GMT
Server
Apache-Coyote/1.1
P3P
CP="ALL IND DSP COR CUR ADM TAIo PSDo OUR COM INT NAV PUR STA UNI"
Access-Control-Allow-Origin
https://www.threatminer.org
Cache-Control
no-cache, no-store
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/javascript;charset=UTF-8
Content-Length
317
Expires
Thu, 01 Jan 1970 00:00:00 GMT
/
node228.impressionssl.adshop.infolinks.com/impression/ Frame EFA4
15 KB
15 KB
Image
General
Full URL
https://node228.impressionssl.adshop.infolinks.com/impression/?vh=1415704777&agy=414981&aid=637313&cid=640282&gid=643746&id=643752&st=1647958792&kwid=0&skw=license&sid=3241790_0&sip=3117783808&pid=15&tid=2&mime=image/png&dev=0&mtyp=502&agtyp=0&rid=3c640820-1335-4f96-93da-56f35757e8b9&idfa=&gaid=&site_cat=5
Requested by
Host: blank
URL: about:blank
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
199.212.255.247 , Canada, ASN25948 (FHMNET, CA),
Reverse DNS
Software
nginx/1.16.1 /
Resource Hash
455098e7d6ff4c0e0081a9248fd0b2c4aaaaec2b0b3b9af729d48252da4d60db

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 22 Mar 2022 14:19:52 GMT
x-replied-from
199.212.255.228:26080
server
nginx/1.16.1
content-type
image/png
cache-control
no-cache, max-age=0, must-revalidate, no-store, post-check=0, pre-check=0
content-length
15611
expires
0
sync.gif
links.services.disqus.com/api/
43 B
375 B
Image
General
Full URL
https://links.services.disqus.com/api/sync.gif?key=cfdfcf52dffd0a702a61bad27507376d
Requested by
Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=56e008e903a7e3a3b98e19f313435afe
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
199.232.192.64 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Apache-Coyote/1.1 /
Resource Hash
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.threatminer.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 22 Mar 2022 14:19:52 GMT
Server
Apache-Coyote/1.1
P3P
CP="ALL IND DSP COR CUR ADM TAIo PSDo OUR COM INT NAV PUR STA UNI"
Cache-Control
no-cache, no-store
Connection
keep-alive
Content-Type
image/gif;charset=UTF-8
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT
PMS.js
vidstat.taboola.com/PMS/2.2.1/
51 KB
16 KB
Script
General
Full URL
https://vidstat.taboola.com/PMS/2.2.1/PMS.js
Requested by
Host: vidstat.taboola.com
URL: https://vidstat.taboola.com/vpaid/units/30_3_6010/infra/cmTagCUSTOM.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
a9e402d2d19f1057cdea09b2152d8cfd35664182564595e19bb83916c1f00201

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.threatminer.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:19:52 GMT
via
1.1 632ee301c4920b52f2463aa9e978c57e.cloudfront.net (CloudFront), 1.1 varnish
age
394933
x-amz-meta-mtime
1542789750
x-cache
Hit from cloudfront, HIT
x-amz-meta-mode
33188
content-encoding
gzip
content-length
15795
x-served-by
cache-hhn4027-HHN
last-modified
Wed, 21 Nov 2018 08:42:31 GMT
server
AmazonS3
x-timer
S1647958793.549577,VS0,VE0
etag
"57a7ebef371550a9ab54a2f0f82547af"
x-amz-meta-uid
0
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS, HEAD
x-amz-meta-gid
0
access-control-allow-origin
*
cache-control
public, max-age=2592000
x-amz-cf-pop
FRA50-C1
accept-ranges
bytes
content-type
application/javascript
access-control-allow-headers
*
x-amz-cf-id
1iIjkCCvqugiylTxHkliY6Bpu-6EzXa_PyvmNpxn5dciIm3YW7IVYw==
x-cache-hits
5609
bulk
trc.taboola.com/disqus-widget-safetylevel20longtail09/log/3/ Frame 548E
0
275 B
XHR
General
Full URL
https://trc.taboola.com/disqus-widget-safetylevel20longtail09/log/3/bulk?route=AM%3AAM%3AV&lti=deflated&bulkSize=1
Requested by
Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20220319-2-RELEASE.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.threatminer.org/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

x-vcl-time-ms
9
pragma
no-cache
date
Tue, 22 Mar 2022 14:19:52 GMT
via
1.1 varnish
server
nginx
x-timer
S1647958793.629457,VS0,VE9
x-served-by
cache-hhn4027-HHN
x-cache
MISS
p3p
policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin
https://www.threatminer.org
cache-control
no-cache
access-control-allow-credentials
true
accept-ranges
bytes
content-type
image/gif
x-cache-hits
0
css2
fonts.googleapis.com/ Frame D19A
4 KB
634 B
Stylesheet
General
Full URL
https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220317/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
ab7475d461d9f613ef90faa375ec3387987dd7536af23c13cacd6be9c0c0e370
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Tue, 22 Mar 2022 12:27:11 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Tue, 22 Mar 2022 14:19:52 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Tue, 22 Mar 2022 14:19:52 GMT
feedback_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame D19A
205 B
229 B
Image
General
Full URL
https://www.gstatic.com/images/icons/material/system/2x/feedback_grey600_24dp.png
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220317/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 08:39:29 GMT
x-content-type-options
nosniff
age
20423
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
205
x-xss-protection
0
last-modified
Tue, 22 Oct 2019 18:15:00 GMT
server
sffe
vary
Origin
report-to
{"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type
image/png
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="static-on-bigtable"
expires
Wed, 22 Mar 2023 08:39:29 GMT
settings_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame D19A
604 B
628 B
Image
General
Full URL
https://www.gstatic.com/images/icons/material/system/2x/settings_grey600_24dp.png
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220317/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 12:07:53 GMT
x-content-type-options
nosniff
age
7919
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
604
x-xss-protection
0
last-modified
Tue, 22 Oct 2019 18:15:00 GMT
server
sffe
vary
Origin
report-to
{"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type
image/png
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="static-on-bigtable"
expires
Wed, 22 Mar 2023 12:07:53 GMT
interstitial_ad_frame_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220317/r20110914/elements/html/ Frame D19A
19 KB
8 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220317/r20110914/elements/html/interstitial_ad_frame_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220317/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
1dfe85a37ae1c79d3e9c52ef1ab91df405010640520a5ee23947929a91345b55
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 12:06:44 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
7988
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
8384
x-xss-protection
0
server
cafe
etag
9346545009329832778
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Tue, 05 Apr 2022 12:06:44 GMT
GR_klima_728x90_1.html
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11177003524201462228/GR_klima_728x90/ Frame FC21
4 KB
1 KB
Document
General
Full URL
https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11177003524201462228/GR_klima_728x90/GR_klima_728x90_1.html
Requested by
Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=56e008e903a7e3a3b98e19f313435afe
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
9c46613d276c29b3a2c454805e4665b2ced97fe0b16adf72c922d1691267cc58
Security Headers
Name Value
Content-Security-Policy default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
access-control-allow-origin
*
content-security-policy
default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
cross-origin-resource-policy
cross-origin
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
timing-allow-origin
*
content-length
1424
x-content-type-options
nosniff
x-dns-prefetch-control
off
content-encoding
gzip
server
sffe
x-xss-protection
0
date
Sat, 19 Mar 2022 23:06:04 GMT
expires
Sun, 19 Mar 2023 23:06:04 GMT
cache-control
public, max-age=31536000
age
227628
last-modified
Thu, 03 Mar 2022 13:51:33 GMT
content-type
text/html
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
abg_lite_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220317/r20110914/ Frame E9DB
19 KB
8 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220317/r20110914/abg_lite_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220317/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
d072a09604e6a1fea8ef42203503771aa36b63a3c91fd1059966e26e6f5812b3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:12:39 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
433
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7871
x-xss-protection
0
server
cafe
etag
7397949449432438406
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Tue, 05 Apr 2022 14:12:39 GMT
domains
links.services.disqus.com/api/
61 B
497 B
XHR
General
Full URL
https://links.services.disqus.com/api/domains
Requested by
Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/alfie_v4.63f1ab6d6b9d5807dc0c94ef3fe0b851.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
199.232.192.64 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Apache-Coyote/1.1 /
Resource Hash
0078d80774959408efdbb3363e3de20f782102e5d79714e23166027efed773c5

Request headers

Referer
https://www.threatminer.org/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

Pragma
no-cache
Date
Tue, 22 Mar 2022 14:19:52 GMT
Server
Apache-Coyote/1.1
P3P
CP="ALL IND DSP COR CUR ADM TAIo PSDo OUR COM INT NAV PUR STA UNI"
Access-Control-Allow-Origin
https://www.threatminer.org
Cache-Control
no-cache, no-store
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/javascript;charset=UTF-8
Content-Length
61
Expires
Thu, 01 Jan 1970 00:00:00 GMT
bulk
trc.taboola.com/disqus-widget-safetylevel20longtail09/log/3/ Frame 725C
0
66 B
XHR
General
Full URL
https://trc.taboola.com/disqus-widget-safetylevel20longtail09/log/3/bulk?tvi2=-2&route=AM%3AAM%3AV&lti=deflated&bulkSize=1
Requested by
Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20220319-2-RELEASE.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.threatminer.org/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

x-vcl-time-ms
10
pragma
no-cache
date
Tue, 22 Mar 2022 14:19:52 GMT
via
1.1 varnish
server
nginx
x-timer
S1647958793.786362,VS0,VE10
x-served-by
cache-hhn4027-HHN
x-cache
MISS
p3p
policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin
https://www.threatminer.org
cache-control
no-cache
access-control-allow-credentials
true
accept-ranges
bytes
content-type
image/gif
x-cache-hits
0
activeview
pagead2.googlesyndication.com/pcs/ Frame 0968
42 B
64 B
Fetch
General
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsufbIX2zNMUZjUNSWyTLgLy_24Pu6u5iAjq75FYr0ASRt_IdaQk30IffErqg8UAiVXRaCtsuiLvFVvWmQDZ5aiv&sig=Cg0ArKJSzL2byPi3hxE-EAE&id=lidar2&mcvt=1055&p=0,0,250,299&mtos=1055,1055,1055,1055,1055&tos=1055,0,0,0,0&v=20220321&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=1382012186&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0%3D&vs=4&r=v&rst=1647958790658&rpt=983&met=ie&wmsd=0
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 22 Mar 2022 14:19:52 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
video-autoplay-detector.js
vidstat.taboola.com/video-autoplay-detector/1.0.0/
8 KB
3 KB
Script
General
Full URL
https://vidstat.taboola.com/video-autoplay-detector/1.0.0/video-autoplay-detector.js
Requested by
Host: vidstat.taboola.com
URL: https://vidstat.taboola.com/vpaid/units/30_3_6010/infra/cmTagCUSTOM.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
5b497b3dea8511b361da644850f9a576c982e26ce7b18754c5c82f50f4049024

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.threatminer.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:19:52 GMT
via
1.1 5ad96647558bd4911f05189f8afefd98.cloudfront.net (CloudFront), 1.1 varnish
age
1852851
x-cache
Hit from cloudfront, HIT
content-encoding
gzip
content-length
2210
x-served-by
cache-hhn4027-HHN
last-modified
Mon, 10 Jun 2019 11:55:53 GMT
server
AmazonS3
x-timer
S1647958793.818168,VS0,VE0
etag
"2fac39530c1c168282a35d1ab56450ed"
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=2592000
x-amz-cf-pop
FRA50-C1
accept-ranges
bytes
access-control-allow-headers
*
x-amz-cf-id
dMQndaMYz4lAKRlFPrdUyMaueOEjTlwBX-FuhX2o7-w7PeNmsjlMEw==
x-cache-hits
18012
963b2bd78ec4af37edcfda9a372ce867.png
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/
0
0

963b2bd78ec4af37edcfda9a372ce867.png
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ Frame 548E
5 KB
6 KB
Image
General
Full URL
https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/963b2bd78ec4af37edcfda9a372ce867.png
Requested by
Host: vidstat.taboola.com
URL: https://vidstat.taboola.com/vpaid/units/30_3_6010/infra/cmTagCUSTOM.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
7b0c413bcb3674fc6edd5efdd7942e521fccae2795c7573a3285d8cb6c28fcbb

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.threatminer.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-vcl-time-ms
0
date
Tue, 22 Mar 2022 14:19:52 GMT
via
1.1 varnish, 1.1 varnish
age
870965
edge-cache-tag
500528341747144064097578862576342679755,459052303457394366171479749282851127576,29ecf9b93bbf306179626feeda1fab70
cache-tag
500528341747144064097578862576342679755,459052303457394366171479749282851127576,29ecf9b93bbf306179626feeda1fab70
x-ratelimit-remaining
100
x-envoy-upstream-service-time
112
expiration
expiry-date="Thu, 24 Mar 2022 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
x-cache
HIT, HIT, HIT
x-debug
/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/963b2bd78ec4af37edcfda9a372ce867.png
content-length
5536
x-backend-name
CH_DIR:3FP7YNX3LMizprTZsG7BSW--F_CH_nlb801
last-modified
Mon, 21 Feb 2022 12:04:14 GMT
server
nginx
x-timer
S1647958793.824106,VS0,VE0
etag
"0e6d7a96188bd3fafd26c17d9f8d364d"
x-served-by
cache-bwi5075-BWI, cache-iad-kcgs7200176-IAD, cache-hhn4027-HHN
vary
ImageFormat
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-ratelimit-reset
1
x-ratelimit-limit
101
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-headers
X-Requested-With
x-cache-hits
1, 1, 5
5caf2e65bec1862417560f766e3017ed.jpg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/
0
0

5caf2e65bec1862417560f766e3017ed.jpg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ Frame 548E
29 KB
30 KB
Image
General
Full URL
https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/5caf2e65bec1862417560f766e3017ed.jpg
Requested by
Host: vidstat.taboola.com
URL: https://vidstat.taboola.com/vpaid/units/30_3_6010/infra/cmTagCUSTOM.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
69d3945a8d076a254a46eacaee06ae6cf7db0306c8727fd7c451f23c3a2b26ce

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.threatminer.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-vcl-time-ms
0
date
Tue, 22 Mar 2022 14:19:52 GMT
via
1.1 varnish, 1.1 varnish
age
1203154
edge-cache-tag
473510749030488951307065470310466400699,459052303457394366171479749282851127576,29ecf9b93bbf306179626feeda1fab70
cache-tag
473510749030488951307065470310466400699,459052303457394366171479749282851127576,29ecf9b93bbf306179626feeda1fab70
x-ratelimit-remaining
100
x-envoy-upstream-service-time
183
expiration
expiry-date="Sat, 12 Mar 2022 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
x-cache
HIT, HIT, HIT
x-debug
/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/5caf2e65bec1862417560f766e3017ed.jpg
content-length
29726
x-backend-name
LA_DIR:3FP7YNX3LMizprTZsG7BSW--F_LA_nlb202
last-modified
Wed, 09 Feb 2022 05:23:19 GMT
server
nginx
x-timer
S1647958793.843526,VS0,VE0
etag
"0a4c867f6f6dfd844a117a9a44931b11"
x-served-by
cache-bwi5036-BWI, cache-iad-kiad7000038-IAD, cache-hhn4027-HHN
vary
ImageFormat
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-ratelimit-reset
1
x-ratelimit-limit
101
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-headers
X-Requested-With
x-cache-hits
1, 1, 4
fc47205c0ca2dce69b72d3f6b5ea6e0f.jpeg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/
0
0

fc47205c0ca2dce69b72d3f6b5ea6e0f.jpeg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ Frame 548E
11 KB
11 KB
Image
General
Full URL
https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/fc47205c0ca2dce69b72d3f6b5ea6e0f.jpeg
Requested by
Host: vidstat.taboola.com
URL: https://vidstat.taboola.com/vpaid/units/30_3_6010/infra/cmTagCUSTOM.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
93f393a2b1de6e84b23b0eb105987bd779b48e788c48b7a91db7becf6e237218

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.threatminer.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-vcl-time-ms
0
date
Tue, 22 Mar 2022 14:19:52 GMT
via
1.1 varnish, 1.1 varnish
age
538287
edge-cache-tag
365836330699709642365401133871586342678,459052303457394366171479749282851127576,29ecf9b93bbf306179626feeda1fab70
cache-tag
365836330699709642365401133871586342678,459052303457394366171479749282851127576,29ecf9b93bbf306179626feeda1fab70
x-ratelimit-remaining
100
x-envoy-upstream-service-time
182
expiration
expiry-date="Thu, 14 Apr 2022 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
x-cache
MISS, HIT, HIT
x-debug
/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/fc47205c0ca2dce69b72d3f6b5ea6e0f.jpeg
content-length
11244
x-backend-name
LA_DIR:3FP7YNX3LMizprTZsG7BSW--F_LA_nlb201
last-modified
Mon, 14 Mar 2022 14:24:14 GMT
server
nginx
x-timer
S1647958793.853192,VS0,VE0
etag
"db036f3de24fd53ed87df577a05b01c0"
x-served-by
cache-bwi5029-BWI, cache-iad-kcgs7200058-IAD, cache-hhn4027-HHN
vary
ImageFormat
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-ratelimit-reset
1
x-ratelimit-limit
101
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-headers
X-Requested-With
x-cache-hits
0, 1, 353
fc47205c0ca2dce69b72d3f6b5ea6e0f.jpeg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/
0
0

fc47205c0ca2dce69b72d3f6b5ea6e0f.jpeg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ Frame 725C
11 KB
11 KB
Image
General
Full URL
https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/fc47205c0ca2dce69b72d3f6b5ea6e0f.jpeg
Requested by
Host: vidstat.taboola.com
URL: https://vidstat.taboola.com/vpaid/units/30_3_6010/infra/cmTagCUSTOM.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
93f393a2b1de6e84b23b0eb105987bd779b48e788c48b7a91db7becf6e237218

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.threatminer.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-vcl-time-ms
0
date
Tue, 22 Mar 2022 14:19:52 GMT
via
1.1 varnish, 1.1 varnish
age
538287
edge-cache-tag
365836330699709642365401133871586342678,459052303457394366171479749282851127576,29ecf9b93bbf306179626feeda1fab70
cache-tag
365836330699709642365401133871586342678,459052303457394366171479749282851127576,29ecf9b93bbf306179626feeda1fab70
x-ratelimit-remaining
100
x-envoy-upstream-service-time
182
expiration
expiry-date="Thu, 14 Apr 2022 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
x-cache
MISS, HIT, HIT
x-debug
/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/fc47205c0ca2dce69b72d3f6b5ea6e0f.jpeg
content-length
11244
x-backend-name
LA_DIR:3FP7YNX3LMizprTZsG7BSW--F_LA_nlb201
last-modified
Mon, 14 Mar 2022 14:24:14 GMT
server
nginx
x-timer
S1647958793.869064,VS0,VE0
etag
"db036f3de24fd53ed87df577a05b01c0"
x-served-by
cache-bwi5029-BWI, cache-iad-kcgs7200058-IAD, cache-hhn4027-HHN
vary
ImageFormat
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-ratelimit-reset
1
x-ratelimit-limit
101
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-headers
X-Requested-With
x-cache-hits
0, 1, 355
css
fonts.googleapis.com/ Frame AD2B
8 KB
892 B
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220317/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
1e046a89bb90f44dadb24f5fdfbe412b5f6d320b790f7317fad956b193234726
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Tue, 22 Mar 2022 12:21:15 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Tue, 22 Mar 2022 14:19:52 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Tue, 22 Mar 2022 14:19:52 GMT
load_preloaded_resource_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220317/r20110914/client/ Frame AD2B
2 KB
904 B
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220317/r20110914/client/load_preloaded_resource_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220317/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
7a487d46a028c374c609924015d8c7ef6dd28b613a3739aa97ed2080984775bb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 13:53:02 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
1610
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
877
x-xss-protection
0
server
cafe
etag
13035868154101442325
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Tue, 05 Apr 2022 13:53:02 GMT
abg_lite_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220317/r20110914/ Frame AD2B
19 KB
8 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220317/r20110914/abg_lite_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220317/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
d072a09604e6a1fea8ef42203503771aa36b63a3c91fd1059966e26e6f5812b3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:12:39 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
433
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7871
x-xss-protection
0
server
cafe
etag
7397949449432438406
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Tue, 05 Apr 2022 14:12:39 GMT
window_focus_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220317/r20110914/client/ Frame AD2B
2 KB
1 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220317/r20110914/client/window_focus_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220317/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
68026f99511fbc5c2275b7068b5fac19797d638977ffb9db12c5c1523614c18f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:07:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
758
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1233
x-xss-protection
0
server
cafe
etag
16517525077337815633
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Tue, 05 Apr 2022 14:07:14 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame AD2B
118 KB
36 KB
Script
General
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220317/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f74c04529f8d5f9c248eda87caec654de5e5c61dd40e9ac4696b026d2841b131
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:19:52 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
36708
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1647862282720048"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Tue, 22 Mar 2022 14:19:52 GMT
qs_click_protection_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220317/r20110914/client/ Frame AD2B
15 KB
6 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220317/r20110914/client/qs_click_protection_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220317/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ecc2e585ea072abb205881f3aad6f36e92d556537e7100a8a128ddbc75edb436
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:14:19 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
333
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6407
x-xss-protection
0
server
cafe
etag
6055885685211612390
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Tue, 05 Apr 2022 14:14:19 GMT
c5c2d0ec538305d3144caccb9e9ba20c.js
www.gstatic.com/mysidia/ Frame AD2B
28 KB
12 KB
Script
General
Full URL
https://www.gstatic.com/mysidia/c5c2d0ec538305d3144caccb9e9ba20c.js?tag=mysidia_one_click_handler_one_afma_2019
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220317/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
56b292bab6c777111694aa0bffda487c3108b1e83091ea8471e316272f9d1aff
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Thu, 17 Mar 2022 03:21:20 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
471512
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
11812
x-xss-protection
0
last-modified
Thu, 17 Mar 2022 03:07:09 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="mysidia"
vary
Accept-Encoding
report-to
{"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type
text/javascript
cache-control
public, max-age=7776000
accept-ranges
bytes
expires
Wed, 15 Jun 2022 03:21:20 GMT
wclhchlxnktrbgxyp5r7.mp4
cdn.taboola.com/libtrc/static/video/t_PERFORMANCE_VIDEO_DEFAULT/v1620714746/ Frame 548E
254 KB
254 KB
Media
General
Full URL
https://cdn.taboola.com/libtrc/static/video/t_PERFORMANCE_VIDEO_DEFAULT/v1620714746/wclhchlxnktrbgxyp5r7.mp4
Requested by
Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=56e008e903a7e3a3b98e19f313435afe
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
8353939c18e5e60087a56330c04beccc678c088e8a94d613a91ebbffb9fd0308

Request headers

Referer
https://www.threatminer.org/
Accept-Encoding
identity;q=1, *;q=0
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Range
bytes=0-

Response headers

x-amz-version-id
iPiaD7vFxBYrnVM2pR84_w2Eli0UUa4.
via
1.1 varnish
etag
"a49074376651913305d0529d4006aaae"
age
45
x-cache
HIT
Content-Range
bytes 0-259804/259805
x-amz-replication-status
COMPLETED
Content-Length
259805
x-amz-id-2
I2SEhvtNsh35ZCIRcZm73qpwIUG0UzZY3xcstEz/4J4TAAdPuME9/nV+gqR+3R5bG7/edhlouS0=
x-served-by
cache-hhn4027-HHN
last-modified
Tue, 11 May 2021 06:32:33 GMT
server
AmazonS3
x-timer
S1647958793.926267,VS0,VE1
date
Tue, 22 Mar 2022 14:19:52 GMT
x-amz-request-id
QNYEVB12XFM3KE34
cache-control
private,max-age=31536000
accept-ranges
bytes
content-type
video/mp4;codecs=avc1
abp
19
x-cache-hits
0
p2ir5zp3hsomahuoskft.mp4
cdn.taboola.com/libtrc/static/video/v1636621236/ Frame 548E
949 KB
950 KB
Media
General
Full URL
https://cdn.taboola.com/libtrc/static/video/v1636621236/p2ir5zp3hsomahuoskft.mp4
Requested by
Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=56e008e903a7e3a3b98e19f313435afe
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
628c4ca6a2e9b9d5537bcb63c21f00a08db72948fadf002274908eac0c839f37

Request headers

Referer
https://www.threatminer.org/
Accept-Encoding
identity;q=1, *;q=0
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Range
bytes=0-

Response headers

x-amz-version-id
4ZVchzla.3qns74npXpEJ86MwRvO9TvZ
via
1.1 varnish
etag
"a2a9ca0c50f6fd644e369a50d94beb7f"
age
14
x-cache
HIT
Content-Range
bytes 0-971562/971563
x-amz-replication-status
COMPLETED
Content-Length
971563
x-amz-id-2
2eRoEuTK6klu4RC9rkc9XcHP5F5F+R5Vz8bjjdqcA2CMbARWET6rs8VpJW8DQYBRNyLUiV/z8WY=
x-served-by
cache-hhn4027-HHN
last-modified
Thu, 11 Nov 2021 09:00:44 GMT
server
AmazonS3
x-timer
S1647958793.929419,VS0,VE1
date
Tue, 22 Mar 2022 14:19:52 GMT
x-amz-request-id
67APG9V93434QWRN
cache-control
private,max-age=31536000
accept-ranges
bytes
content-type
video/mp4;codecs=avc1
abp
19
x-cache-hits
0
nw6ei68ixdmmglceadvk.mp4
cdn.taboola.com/libtrc/static/video/v1647513107/ Frame 548E
1 MB
1 MB
Media
General
Full URL
https://cdn.taboola.com/libtrc/static/video/v1647513107/nw6ei68ixdmmglceadvk.mp4
Requested by
Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=56e008e903a7e3a3b98e19f313435afe
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
ed69c80626dd979265437b824a8b0890becd990c7fce41a2b00167c985603cca

Request headers

Referer
https://www.threatminer.org/
Accept-Encoding
identity;q=1, *;q=0
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Range
bytes=0-

Response headers

x-amz-version-id
MaZ_9iQ60Fj6tWz1oDSKVGIZb6YTBZIM
via
1.1 varnish
etag
"e58c20c52c79de83680781d77c5950ec"
age
32
x-cache
HIT
Content-Range
bytes 0-1198416/1198417
x-amz-replication-status
COMPLETED
Content-Length
1198417
x-amz-id-2
p6aZ40JF0YGRSTo6yn/I6+M9Ax5n9y5SmTaFds62fZ2xkALwRxxzpjzndJ8L3eXs5/hwsoAoVNw=
x-served-by
cache-hhn4027-HHN
last-modified
Thu, 17 Mar 2022 10:31:56 GMT
server
AmazonS3
x-timer
S1647958793.929726,VS0,VE1
date
Tue, 22 Mar 2022 14:19:52 GMT
x-amz-request-id
2JD5VXC1WX14BK2W
cache-control
private,max-age=31536000
accept-ranges
bytes
content-type
video/mp4;codecs=avc1
abp
19
x-cache-hits
0
nw6ei68ixdmmglceadvk.mp4
cdn.taboola.com/libtrc/static/video/v1647513107/ Frame 725C
1 MB
1 MB
Media
General
Full URL
https://cdn.taboola.com/libtrc/static/video/v1647513107/nw6ei68ixdmmglceadvk.mp4
Requested by
Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=56e008e903a7e3a3b98e19f313435afe
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
ed69c80626dd979265437b824a8b0890becd990c7fce41a2b00167c985603cca

Request headers

Referer
https://www.threatminer.org/
Accept-Encoding
identity;q=1, *;q=0
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Range
bytes=0-

Response headers

x-amz-version-id
MaZ_9iQ60Fj6tWz1oDSKVGIZb6YTBZIM
via
1.1 varnish
etag
"e58c20c52c79de83680781d77c5950ec"
age
32
x-cache
HIT
Content-Range
bytes 0-1198416/1198417
x-amz-replication-status
COMPLETED
Content-Length
1198417
x-amz-id-2
p6aZ40JF0YGRSTo6yn/I6+M9Ax5n9y5SmTaFds62fZ2xkALwRxxzpjzndJ8L3eXs5/hwsoAoVNw=
x-served-by
cache-hhn4027-HHN
last-modified
Thu, 17 Mar 2022 10:31:56 GMT
server
AmazonS3
x-timer
S1647958793.929730,VS0,VE1
date
Tue, 22 Mar 2022 14:19:52 GMT
x-amz-request-id
2JD5VXC1WX14BK2W
cache-control
private,max-age=31536000
accept-ranges
bytes
content-type
video/mp4;codecs=avc1
abp
19
x-cache-hits
0
f539211219b796ffbb49949997c764f0.png
cdn.taboola.com/libtrc/static/thumbnails/ Frame 548E
254 B
726 B
Image
General
Full URL
https://cdn.taboola.com/libtrc/static/thumbnails/f539211219b796ffbb49949997c764f0.png
Requested by
Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=56e008e903a7e3a3b98e19f313435afe
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
f68019eb4b4e5933301d4ee75969e0cb94ed8333bf514630fa749eb9c3e483c9

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.threatminer.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-amz-version-id
hL.cyLD7Q4TL5ceY.7JQwF9m5IYI8mkC
via
1.1 varnish
etag
"dfa7b52c86e56bd67fa4002f6ed19854"
age
25526
x-cache
HIT
x-amz-replication-status
COMPLETED
content-length
254
x-amz-id-2
yeuhtSaIHTRzn5Sb/BhoRbmorY6jlIGKTN3jBjNJ2gjscig6jQv3GZOmCUvDSqzUCzHWH69H00k=
x-served-by
cache-hhn4027-HHN
last-modified
Wed, 24 Jun 2015 07:14:11 GMT
server
AmazonS3
x-amz-meta-s3cmd-attrs
uid:0/gname:root/uname:root/gid:0/mode:33188/mtime:1377415166/atime:1435052450/md5:dfa7b52c86e56bd67fa4002f6ed19854/ctime:1422381567
x-timer
S1647958793.938206,VS0,VE0
date
Tue, 22 Mar 2022 14:19:52 GMT
x-amz-request-id
DM4PBFJ9QH08DD7N
cache-control
private,max-age=31536000
accept-ranges
bytes
content-type
image/png
abp
19
x-cache-hits
10831
s
googleads.g.doubleclick.net/pagead/drt/ Frame 903A
143 B
163 B
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220317/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/html/r20220317/r20110914/zrt_lookup.html?fsb=1

Response headers

x-content-type-options
nosniff
content-encoding
gzip
server
cafe
content-length
145
x-xss-protection
0
date
Tue, 22 Mar 2022 14:06:52 GMT
cache-control
public, max-age=3600
content-type
text/html; charset=UTF-8
age
780
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
window_focus_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220317/r20110914/client/ Frame E9DB
2 KB
1 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220317/r20110914/client/window_focus_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220317/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
68026f99511fbc5c2275b7068b5fac19797d638977ffb9db12c5c1523614c18f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:07:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
758
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1233
x-xss-protection
0
server
cafe
etag
16517525077337815633
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Tue, 05 Apr 2022 14:07:14 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame E9DB
118 KB
36 KB
Script
General
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220317/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f74c04529f8d5f9c248eda87caec654de5e5c61dd40e9ac4696b026d2841b131
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:19:52 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
36708
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1647862282720048"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Tue, 22 Mar 2022 14:19:52 GMT
s
googleads.g.doubleclick.net/pagead/drt/ Frame 878B
143 B
163 B
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220317/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/html/r20220317/r20110914/zrt_lookup.html?fsb=1

Response headers

x-content-type-options
nosniff
content-encoding
gzip
server
cafe
content-length
145
x-xss-protection
0
date
Tue, 22 Mar 2022 14:06:52 GMT
cache-control
public, max-age=3600
content-type
text/html; charset=UTF-8
age
780
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
exitapi-impl.js
tpc.googlesyndication.com/pagead/gadgets/html5/api/ Frame FC21
9 KB
3 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/gadgets/html5/api/exitapi-impl.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11177003524201462228/GR_klima_728x90/GR_klima_728x90_1.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
d661244532ddce6a92fb96fde511e23ea4de69ff2e41a5bffb884caa71166e01
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 13:42:50 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
2223
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
3271
x-xss-protection
0
server
cafe
etag
7483759447172721109
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=86400
timing-allow-origin
*
expires
Wed, 23 Mar 2022 13:42:50 GMT
addata.js
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame FC21
26 KB
10 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11177003524201462228/GR_klima_728x90/GR_klima_728x90_1.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
54a66c4693bfd79901040269ae7d7304508cbd02859797a1780f2bbe72176e23
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Mon, 21 Mar 2022 14:22:05 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
86268
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
10382
x-xss-protection
0
server
cafe
etag
12806417668659483808
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=86400
timing-allow-origin
*
expires
Tue, 22 Mar 2022 14:22:05 GMT
txt1.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11177003524201462228/GR_klima_728x90/images/ Frame FC21
2 KB
2 KB
Image
General
Full URL
https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11177003524201462228/GR_klima_728x90/images/txt1.png
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11177003524201462228/GR_klima_728x90/GR_klima_728x90_1.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
2438d75b3ecab8905611476dc704d6bb50a5222b60ff5bd79f7199b4661799a3
Security Headers
Name Value
Content-Security-Policy default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy
default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options
nosniff
age
227629
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2354
x-xss-protection
0
last-modified
Thu, 03 Mar 2022 13:51:33 GMT
server
sffe
date
Sat, 19 Mar 2022 23:06:04 GMT
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Sun, 19 Mar 2023 23:06:04 GMT
txt2.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11177003524201462228/GR_klima_728x90/images/ Frame FC21
2 KB
2 KB
Image
General
Full URL
https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11177003524201462228/GR_klima_728x90/images/txt2.png
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11177003524201462228/GR_klima_728x90/GR_klima_728x90_1.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
3a2d2b45c3c755e79fed20f4b82f45443e7046c319952ab22bcb3d5373f11569
Security Headers
Name Value
Content-Security-Policy default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy
default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options
nosniff
age
227629
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2136
x-xss-protection
0
last-modified
Thu, 03 Mar 2022 13:51:33 GMT
server
sffe
date
Sat, 19 Mar 2022 23:06:04 GMT
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Sun, 19 Mar 2023 23:06:04 GMT
zug_1.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11177003524201462228/GR_klima_728x90/images/ Frame FC21
997 B
1 KB
Image
General
Full URL
https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11177003524201462228/GR_klima_728x90/images/zug_1.png
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11177003524201462228/GR_klima_728x90/GR_klima_728x90_1.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a86648a99fd78591b8847f3fe58fe7ba16309c4d1de013a1d01e07bfc8a94d65
Security Headers
Name Value
Content-Security-Policy default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy
default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options
nosniff
age
227629
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
997
x-xss-protection
0
last-modified
Thu, 03 Mar 2022 13:51:33 GMT
server
sffe
date
Sat, 19 Mar 2022 23:06:04 GMT
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Sun, 19 Mar 2023 23:06:04 GMT
zug_2.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11177003524201462228/GR_klima_728x90/images/ Frame FC21
1 KB
1 KB
Image
General
Full URL
https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11177003524201462228/GR_klima_728x90/images/zug_2.png
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11177003524201462228/GR_klima_728x90/GR_klima_728x90_1.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
b881bcdf2ea43a0920ac08c18a0bb5c6bad92c7413409caeef6c80246e352873
Security Headers
Name Value
Content-Security-Policy default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy
default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options
nosniff
age
227629
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1101
x-xss-protection
0
last-modified
Thu, 03 Mar 2022 13:51:33 GMT
server
sffe
date
Sat, 19 Mar 2022 23:06:04 GMT
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Sun, 19 Mar 2023 23:06:04 GMT
txt3.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11177003524201462228/GR_klima_728x90/images/ Frame FC21
2 KB
2 KB
Image
General
Full URL
https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11177003524201462228/GR_klima_728x90/images/txt3.png
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11177003524201462228/GR_klima_728x90/GR_klima_728x90_1.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
691d52745e56549c713f2481d84dca4247372891b8541c4db4e1eae684c2fbac
Security Headers
Name Value
Content-Security-Policy default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy
default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options
nosniff
age
227629
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2460
x-xss-protection
0
last-modified
Thu, 03 Mar 2022 13:51:33 GMT
server
sffe
date
Sat, 19 Mar 2022 23:06:04 GMT
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Sun, 19 Mar 2023 23:06:04 GMT
txt4.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11177003524201462228/GR_klima_728x90/images/ Frame FC21
6 KB
6 KB
Image
General
Full URL
https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11177003524201462228/GR_klima_728x90/images/txt4.png
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11177003524201462228/GR_klima_728x90/GR_klima_728x90_1.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
d925e452c6b414143590afb638fc53f0f76954ece6a3146d5ec74787f4127897
Security Headers
Name Value
Content-Security-Policy default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy
default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options
nosniff
age
227629
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5632
x-xss-protection
0
last-modified
Thu, 03 Mar 2022 13:51:33 GMT
server
sffe
date
Sat, 19 Mar 2022 23:06:04 GMT
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Sun, 19 Mar 2023 23:06:04 GMT
txt5.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11177003524201462228/GR_klima_728x90/images/ Frame FC21
3 KB
3 KB
Image
General
Full URL
https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11177003524201462228/GR_klima_728x90/images/txt5.png
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11177003524201462228/GR_klima_728x90/GR_klima_728x90_1.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c6ce67f6ca4cb878b6bf9543d317fcb9b7b1e35d945ec2bedeed8351c7c812c6
Security Headers
Name Value
Content-Security-Policy default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy
default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options
nosniff
age
227629
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
3067
x-xss-protection
0
last-modified
Thu, 03 Mar 2022 13:51:33 GMT
server
sffe
date
Sat, 19 Mar 2022 23:06:04 GMT
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Sun, 19 Mar 2023 23:06:04 GMT
txt6.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11177003524201462228/GR_klima_728x90/images/ Frame FC21
2 KB
2 KB
Image
General
Full URL
https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11177003524201462228/GR_klima_728x90/images/txt6.png
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11177003524201462228/GR_klima_728x90/GR_klima_728x90_1.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e99e3924496c43ef96bff070455e63d00a681e400cd93fa87e9e9215761e864e
Security Headers
Name Value
Content-Security-Policy default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy
default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options
nosniff
age
227629
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1911
x-xss-protection
0
last-modified
Thu, 03 Mar 2022 13:51:33 GMT
server
sffe
date
Sat, 19 Mar 2022 23:06:04 GMT
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Sun, 19 Mar 2023 23:06:04 GMT
ice.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11177003524201462228/GR_klima_728x90/images/ Frame FC21
8 KB
8 KB
Image
General
Full URL
https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11177003524201462228/GR_klima_728x90/images/ice.png
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11177003524201462228/GR_klima_728x90/GR_klima_728x90_1.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
d417e3e34e11cacb90b2183eb2730db4dbe7d63b7ed0bf3869b2ca77de9f8414
Security Headers
Name Value
Content-Security-Policy default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy
default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options
nosniff
age
227629
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
8406
x-xss-protection
0
last-modified
Thu, 03 Mar 2022 13:51:33 GMT
server
sffe
date
Sat, 19 Mar 2022 23:06:04 GMT
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/content-ads-owners
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Sun, 19 Mar 2023 23:06:04 GMT
ice2.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11177003524201462228/GR_klima_728x90/images/ Frame FC21
7 KB
7 KB
Image
General
Full URL
https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11177003524201462228/GR_klima_728x90/images/ice2.png
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11177003524201462228/GR_klima_728x90/GR_klima_728x90_1.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
7dabe55ab2224b685e65607238653b544cdad84b21f31fdac7a1a735c51a5904
Security Headers
Name Value
Content-Security-Policy default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy
default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options
nosniff
age
227629
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7494
x-xss-protection
0
last-modified
Thu, 03 Mar 2022 13:51:33 GMT
server
sffe
date
Sat, 19 Mar 2022 23:06:04 GMT
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Sun, 19 Mar 2023 23:06:04 GMT
CTA.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11177003524201462228/GR_klima_728x90/images/ Frame FC21
957 B
988 B
Image
General
Full URL
https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11177003524201462228/GR_klima_728x90/images/CTA.png
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11177003524201462228/GR_klima_728x90/GR_klima_728x90_1.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
df2fe4fc7d9a2c3bc843e0019a8d91701afa5059461c43de93494ace434bfa0b
Security Headers
Name Value
Content-Security-Policy default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy
default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options
nosniff
age
227629
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
957
x-xss-protection
0
last-modified
Thu, 03 Mar 2022 13:51:33 GMT
server
sffe
date
Sat, 19 Mar 2022 23:06:04 GMT
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Sun, 19 Mar 2023 23:06:04 GMT
DBx.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11177003524201462228/GR_klima_728x90/images/ Frame FC21
1 KB
1 KB
Image
General
Full URL
https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11177003524201462228/GR_klima_728x90/images/DBx.png
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11177003524201462228/GR_klima_728x90/GR_klima_728x90_1.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
3325d5e8eba6ce383a5c52630091fa64254e836866666a55a39b85d61faddabc
Security Headers
Name Value
Content-Security-Policy default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy
default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options
nosniff
age
227629
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1186
x-xss-protection
0
last-modified
Thu, 03 Mar 2022 13:51:33 GMT
server
sffe
date
Sat, 19 Mar 2022 23:06:04 GMT
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Sun, 19 Mar 2023 23:06:04 GMT
f539211219b796ffbb49949997c764f0.png
cdn.taboola.com/libtrc/static/thumbnails/ Frame 725C
254 B
354 B
Image
General
Full URL
https://cdn.taboola.com/libtrc/static/thumbnails/f539211219b796ffbb49949997c764f0.png
Requested by
Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=56e008e903a7e3a3b98e19f313435afe
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
f68019eb4b4e5933301d4ee75969e0cb94ed8333bf514630fa749eb9c3e483c9

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.threatminer.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-amz-version-id
hL.cyLD7Q4TL5ceY.7JQwF9m5IYI8mkC
via
1.1 varnish
etag
"dfa7b52c86e56bd67fa4002f6ed19854"
age
25527
x-cache
HIT
x-amz-replication-status
COMPLETED
content-length
254
x-amz-id-2
yeuhtSaIHTRzn5Sb/BhoRbmorY6jlIGKTN3jBjNJ2gjscig6jQv3GZOmCUvDSqzUCzHWH69H00k=
x-served-by
cache-hhn4027-HHN
last-modified
Wed, 24 Jun 2015 07:14:11 GMT
server
AmazonS3
x-amz-meta-s3cmd-attrs
uid:0/gname:root/uname:root/gid:0/mode:33188/mtime:1377415166/atime:1435052450/md5:dfa7b52c86e56bd67fa4002f6ed19854/ctime:1422381567
x-timer
S1647958793.048932,VS0,VE0
date
Tue, 22 Mar 2022 14:19:53 GMT
x-amz-request-id
DM4PBFJ9QH08DD7N
cache-control
private,max-age=31536000
accept-ranges
bytes
content-type
image/png
abp
19
x-cache-hits
10832
gsap_3.5.1_min.js
s0.2mdn.net/ads/studio/cached_libs/ Frame FC21
60 KB
24 KB
Script
General
Full URL
https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11177003524201462228/GR_klima_728x90/GR_klima_728x90_1.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
341e0d761251ee538d0cad6322c66abdbf78dc7d6f3ca62f3459fab822a2103f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:19:53 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
0
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
24155
x-xss-protection
0
last-modified
Mon, 31 Aug 2020 21:23:17 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=0
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Tue, 22 Mar 2022 14:19:53 GMT
qs_click_protection_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220317/r20110914/client/ Frame E9DB
15 KB
6 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220317/r20110914/client/qs_click_protection_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220317/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ecc2e585ea072abb205881f3aad6f36e92d556537e7100a8a128ddbc75edb436
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:14:19 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
334
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6407
x-xss-protection
0
server
cafe
etag
6055885685211612390
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Tue, 05 Apr 2022 14:14:19 GMT
si
googleads.g.doubleclick.net/pagead/drt/ Frame 903A
Redirect Chain
  • https://www.google.com/pagead/drt/ui
  • https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
0
16 B
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220317/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
date
Tue, 22 Mar 2022 14:19:53 GMT
server
cafe
content-length
0
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Tue, 22 Mar 2022 14:19:53 GMT
cache-control
private

Redirect headers

location
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control
private
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
date
Tue, 22 Mar 2022 14:19:53 GMT
server
cafe
content-length
0
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
si
googleads.g.doubleclick.net/pagead/drt/ Frame 878B
Redirect Chain
  • https://www.google.com/pagead/drt/ui
  • https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
0
16 B
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220317/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
date
Tue, 22 Mar 2022 14:19:53 GMT
server
cafe
content-length
0
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Tue, 22 Mar 2022 14:19:53 GMT
cache-control
private

Redirect headers

location
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control
private
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
date
Tue, 22 Mar 2022 14:19:53 GMT
server
cafe
content-length
0
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
J_qxQZjuUB_uQp7BvnBI0K8a5e4rJKdHhykRiRTCxyY.js
pagead2.googlesyndication.com/bg/ Frame 4657
36 KB
14 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/bg/J_qxQZjuUB_uQp7BvnBI0K8a5e4rJKdHhykRiRTCxyY.js
Requested by
Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=56e008e903a7e3a3b98e19f313435afe
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
27fab14198ee501fee429ec1be7048d0af1ae5ee2b24a7478729118914c2c726
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 13:32:52 GMT
content-encoding
br
x-content-type-options
nosniff
age
2821
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13888
x-xss-protection
0
last-modified
Mon, 14 Mar 2022 11:18:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Wed, 22 Mar 2023 13:32:52 GMT
jot.html
platform.twitter.com/ Frame D638
Redirect Chain
  • https://syndication.twitter.com/i/jot
  • https://platform.twitter.com/jot.html
80 B
635 B
Document
General
Full URL
https://platform.twitter.com/jot.html
Requested by
Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=56e008e903a7e3a3b98e19f313435afe
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/67AA) /
Resource Hash
90214d135602962e47ea9587a7eeb62fac1c64a541e373ea76e2b4e8b33e3f88

Request headers

Upgrade-Insecure-Requests
1
Origin
https://www.threatminer.org
Content-Type
application/x-www-form-urlencoded
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Access-Control-Allow-Methods
GET
Access-Control-Allow-Origin
*
Age
575055
Cache-Control
public, max-age=315360000
Content-Type
text/html; charset=utf-8
Date
Tue, 22 Mar 2022 14:19:53 GMT
Etag
"d9592a6c704736fa4da218d4357976dd"
Last-Modified
Wed, 16 Feb 2022 18:46:17 GMT
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server
ECS (frb/67AA)
Server-Timing
"x-cache;desc= HIT,x-tw-cdn;desc=VZ",edge;dur=1
X-Cache
HIT
x-tw-cdn
VZ
Content-Length
80

Redirect headers

date
Tue, 22 Mar 2022 14:19:53 GMT
pragma
no-cache
server
tsa_o
status
302 Found
expires
Tue, 31 Mar 1981 05:00:00 GMT
location
https://platform.twitter.com/jot.html
content-type
text/html;charset=utf-8
cache-control
no-cache, no-store, must-revalidate, pre-check=0, post-check=0
last-modified
Tue, 22 Mar 2022 14:19:53 GMT
x-transaction
70acb86b19de5712
content-length
0
x-frame-options
SAMEORIGIN
x-xss-protection
0
x-content-type-options
nosniff
x-twitter-response-tags
BouncerCompliant
strict-transport-security
max-age=631138519
x-response-time
131
x-connection-hash
8ac1a01f73d0799f4081584eca9caf0ab38e2a234e4b06f6694122b1ee80b0a1
activeview
pagead2.googlesyndication.com/pcs/ Frame 06F3
42 B
64 B
Fetch
General
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuQHyZD03NnWVO6HwKg0kROFiTQMWkjvW3jwJFj33U9UbosPApC3XN3eeuPCtBQ_0yd-USE8d_Awn_3UseBXIc_vL68DpnSuzaMdc0QqJB63o6948mwlQ&sai=AMfl-YTdK5OD-3XOe_KzuZifdMwds-icHoENpXwO56D6aSiV-suNY8TE9zA3mhLrtBw0gO9JPEM1rsbKp6BM&sig=Cg0ArKJSzOymlywwR7ppEAE&id=lidar2&mcvt=1038&p=0,0,200,1182&mtos=1038,1038,1038,1038,1038&tos=1038,0,0,0,0&v=20220321&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=22&adk=2644663765&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0%3D&vs=4&r=v&rst=1647958790674&rpt=1408&met=mue&wmsd=0
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 22 Mar 2022 14:19:53 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
all
csm.eu.criteo.net/ Frame 24A7
0
127 B
Ping
General
Full URL
https://csm.eu.criteo.net/all?cppv=3&cpp=iSUpgbOaLfYm41xtKn4rE-uEcEmSPUnxt4dAjIBpWcmJsmD8nLSkSy-rbM0GfgIQKFfUpkhLiFYYvR_aVt2HTCXv6RrAVBNbRZRGV7GXGm5jIqmBeLLrM9CjvL5KzRjj586KcBMlvrZKcPTDuutuwMCsdmwa5j1KVaByj2m5E5C3J5XJsPUWqDuW4fIzpn1QoD30d2-tyGdrCnf-RPjAimNEinQBIUiYj78t-lGZMI4pT4dsLu_e3SDjDH4ERFaL1XGq4Q&sds=2&rev=80956&sendBeacon=true
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=YjnbBgALJNQIu8ZKAACOAR93n3iKa0OY_VSalw&u=%7CEqx3jKV1DZXJNqL%2FvmTofLMhp4jJnXGjxAPA4gjvkrc%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM0j2hknANCpMoZ3wmmJmKy__U_jolI7iL-L4oo_FnJwhiD6XEKNVdGPbb-6J8D005IDm9Rql_SVJGy9NVdCAfiWII0YZM3VSSfF4RZOXBcp4xRDprOO4fbJpclnaPC-RTWwsQ7G7XiDgHbICEQxcjlMOmjG_Z_XKXolG-gcOr47qM6mQv-5KkQmuYwE7P6nmsoyDUH-zAbgl-nVrnWvtIFTxwYsxV5mY8nrt-NgOJPYfqHr3ss2q9Fze9x2eRN3wEHmcTjwhFJD9u9TjMZmFPrU_jZYRwcvNQv1fKRM70qu9wZGYbThHREvFm2iGI2CKe7TR-eRiml2xoJwQXkgmLlnbC1XgTFGjNFO1y14Qlvrqxj-RJ-Bsu-8mgq0IwCf1fO8tndQIWkK7Nmw09I0YbgftwT7VZRNVb&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCEuvkBts5YtTJLMqM7_UPgZyCqAvJntKxXL2Ol_dwwI23ARABIABgleKQgqAHggEXY2EtcHViLTU3MjA3NjMyNzE1MzIzNzegAdW20uoDyAEJqQLL5yCrq22yPqgDAaoE1gFP0BUCmFBu3XLj-qSG5nNj5RTgTDVKgCPHv7Gxfy2CW257-dm0yM98bVy70zhEWC7Gyc_mwqhqjJ-xmVIWWeyTgzXvzIv8z6ZEsenllbmK4OLCCrtpwTmjHYfjw2bt_OC76jPtD7uiWALa86WSrd3BfhzxR0RgLfbGf_Xe3AJ75pYFUAlkfWbkUo7oXBd0yEKQm8LmYp-wk7wlrwztS8SKFOUkOznr_Efftkyf1FL6-mh8K7lmFs9PMui1SPR1oFDGRAuIIm2HweMKtOThfwQZWifP26w3gAbUoIrLpJuoo2ygBiGoB4qYsQKoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_1eKWicQTeBrxt2UvIc0uNQ3ABpMQ%26client%3Dca-pub-5720763271532377%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.2.150 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Finatra /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Referer
https://ads.eu.criteo.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

access-control-allow-origin
*
date
Tue, 22 Mar 2022 14:19:52 GMT
cross-origin-resource-policy
cross-origin
server
Finatra
content-length
0
strict-transport-security
max-age=31536000; preload;
cds-pips.js
cdn.taboola.com/scripts/ Frame 548E
2 KB
1 KB
Script
General
Full URL
https://cdn.taboola.com/scripts/cds-pips.js
Requested by
Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20220319-2-RELEASE.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
7faef21187e15aefd3d8a5a585ca32c66358f597a97f5abd276517eaea1057d3

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.threatminer.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-amz-version-id
iYtYacMlAb7PnD4NbVgysKvLj2fov4iK
content-encoding
gzip
etag
"3aa74dbf5cd656dbb65deda2d238ddbd"
age
1375
x-cache
HIT
x-amz-replication-status
COMPLETED
content-length
911
x-amz-id-2
3ooERr0EdY38VCsujzdBLxFyMxxIwT9TvmjmUUsyE7y0ZsXAo3xsmgaOj6Q8i0uVgL3KsmWI/jru4l7xGcurVg==
x-served-by
cache-hhn4027-HHN
last-modified
Wed, 14 Jul 2021 05:06:01 GMT
server
AmazonS3
x-timer
S1647958793.439071,VS0,VE0
date
Tue, 22 Mar 2022 14:19:53 GMT
vary
Accept-Encoding
x-amz-request-id
WS5T00GB0CFS2RGF
via
1.1 varnish
cache-control
private, max-age=3600
accept-ranges
bytes
content-type
application/javascript
abp
19
x-cache-hits
3288
eid.js
cdn.taboola.com/scripts/ Frame 548E
14 KB
5 KB
Script
General
Full URL
https://cdn.taboola.com/scripts/eid.js
Requested by
Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20220319-2-RELEASE.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
82f3e86bf88366e93c62eb14a8a7aa06afb75aa135c27988f3ccb946875d2f33

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.threatminer.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-amz-version-id
Rgk6TX83.a2Xbi9.mRUycMEPnxVzEJhe
content-encoding
gzip
etag
"f7917ed1eb799a729725a7db50d1f828"
age
23968
x-cache
HIT
x-amz-replication-status
COMPLETED
content-length
5258
x-amz-id-2
EwjnA1m7DFjnk4Q/HTHhIyhScuXOn45gr6W3OjlUeJRdijSn84zkGq2a9MhWZXCEkR6K5jj11w0=
x-served-by
cache-hhn4027-HHN
last-modified
Tue, 28 Dec 2021 08:10:40 GMT
server
AmazonS3
x-timer
S1647958793.439145,VS0,VE0
date
Tue, 22 Mar 2022 14:19:53 GMT
vary
Accept-Encoding
x-amz-request-id
2NXV5CRDB1RZETY5
via
1.1 varnish
cache-control
private,max-age=14400
accept-ranges
bytes
content-type
application/javascript
abp
19
x-cache-hits
80270
cds-pips.js
cdn.taboola.com/scripts/ Frame 725C
2 KB
1 KB
Script
General
Full URL
https://cdn.taboola.com/scripts/cds-pips.js
Requested by
Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20220319-2-RELEASE.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
7faef21187e15aefd3d8a5a585ca32c66358f597a97f5abd276517eaea1057d3

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.threatminer.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-amz-version-id
iYtYacMlAb7PnD4NbVgysKvLj2fov4iK
content-encoding
gzip
etag
"3aa74dbf5cd656dbb65deda2d238ddbd"
age
1375
x-cache
HIT
x-amz-replication-status
COMPLETED
content-length
911
x-amz-id-2
3ooERr0EdY38VCsujzdBLxFyMxxIwT9TvmjmUUsyE7y0ZsXAo3xsmgaOj6Q8i0uVgL3KsmWI/jru4l7xGcurVg==
x-served-by
cache-hhn4027-HHN
last-modified
Wed, 14 Jul 2021 05:06:01 GMT
server
AmazonS3
x-timer
S1647958793.479022,VS0,VE0
date
Tue, 22 Mar 2022 14:19:53 GMT
vary
Accept-Encoding
x-amz-request-id
WS5T00GB0CFS2RGF
via
1.1 varnish
cache-control
private, max-age=3600
accept-ranges
bytes
content-type
application/javascript
abp
19
x-cache-hits
3289
eid.js
cdn.taboola.com/scripts/ Frame 725C
14 KB
5 KB
Script
General
Full URL
https://cdn.taboola.com/scripts/eid.js
Requested by
Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20220319-2-RELEASE.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
82f3e86bf88366e93c62eb14a8a7aa06afb75aa135c27988f3ccb946875d2f33

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.threatminer.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-amz-version-id
Rgk6TX83.a2Xbi9.mRUycMEPnxVzEJhe
content-encoding
gzip
etag
"f7917ed1eb799a729725a7db50d1f828"
age
23968
x-cache
HIT
x-amz-replication-status
COMPLETED
content-length
5258
x-amz-id-2
EwjnA1m7DFjnk4Q/HTHhIyhScuXOn45gr6W3OjlUeJRdijSn84zkGq2a9MhWZXCEkR6K5jj11w0=
x-served-by
cache-hhn4027-HHN
last-modified
Tue, 28 Dec 2021 08:10:40 GMT
server
AmazonS3
x-timer
S1647958793.479307,VS0,VE0
date
Tue, 22 Mar 2022 14:19:53 GMT
vary
Accept-Encoding
x-amz-request-id
2NXV5CRDB1RZETY5
via
1.1 varnish
cache-control
private,max-age=14400
accept-ranges
bytes
content-type
application/javascript
abp
19
x-cache-hits
80271
/
pips.taboola.com/ Frame 548E
64 B
243 B
XHR
General
Full URL
https://pips.taboola.com/
Requested by
Host: cdn.taboola.com
URL: https://cdn.taboola.com/scripts/cds-pips.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42::300 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Varnish /
Resource Hash
ae86f4dd65c4e172b6835e3ca7199ba5775404599a4a4ddafb1df68280c4fdcb

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.threatminer.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:19:53 GMT
via
1.1 varnish
server
Varnish
x-served-by
cache-hhn4023-HHN
access-control-allow-methods
GET
access-control-allow-origin
https://www.threatminer.org
cache-control
no-store
x-cache
HIT
accept-ranges
bytes
content-length
64
retry-after
0
x-cache-hits
0
J_qxQZjuUB_uQp7BvnBI0K8a5e4rJKdHhykRiRTCxyY.js
pagead2.googlesyndication.com/bg/ Frame FC21
36 KB
14 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/bg/J_qxQZjuUB_uQp7BvnBI0K8a5e4rJKdHhykRiRTCxyY.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
27fab14198ee501fee429ec1be7048d0af1ae5ee2b24a7478729118914c2c726
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 13:32:52 GMT
content-encoding
br
x-content-type-options
nosniff
age
2821
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13888
x-xss-protection
0
last-modified
Mon, 14 Mar 2022 11:18:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Wed, 22 Mar 2023 13:32:52 GMT
/
pips.taboola.com/ Frame 725C
64 B
99 B
XHR
General
Full URL
https://pips.taboola.com/
Requested by
Host: cdn.taboola.com
URL: https://cdn.taboola.com/scripts/cds-pips.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42::300 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Varnish /
Resource Hash
ae86f4dd65c4e172b6835e3ca7199ba5775404599a4a4ddafb1df68280c4fdcb

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.threatminer.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:19:53 GMT
via
1.1 varnish
server
Varnish
x-served-by
cache-hhn4023-HHN
access-control-allow-methods
GET
access-control-allow-origin
https://www.threatminer.org
cache-control
no-store
x-cache
HIT
accept-ranges
bytes
content-length
64
retry-after
0
x-cache-hits
0
/
cds.taboola.com/ Frame 548E
0
155 B
XHR
General
Full URL
https://cds.taboola.com/?uid=3d096272-be93-45f5-80ec-523e23651b93-tuct9336086&uad=d8f4f7589e5ecac8f3938b7c06d4496f218a7e0c6ab4eb15596d9c6a3c351367
Requested by
Host: cdn.taboola.com
URL: https://cdn.taboola.com/scripts/cds-pips.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
141.226.224.32 , United States, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.threatminer.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Access-Control-Allow-Origin
*
Date
Tue, 22 Mar 2022 14:19:53 GMT
Cache-Control
no-store
Server
nginx
Connection
close
/
cds.taboola.com/ Frame 725C
0
155 B
XHR
General
Full URL
https://cds.taboola.com/?uid=9e8e1b47-4874-4f05-b886-a8ca805928a4-tuct9336086&uad=d8f4f7589e5ecac8f3938b7c06d4496f218a7e0c6ab4eb15596d9c6a3c351367
Requested by
Host: cdn.taboola.com
URL: https://cdn.taboola.com/scripts/cds-pips.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
141.226.224.32 , United States, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.threatminer.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Access-Control-Allow-Origin
*
Date
Tue, 22 Mar 2022 14:19:53 GMT
Cache-Control
no-store
Server
nginx
Connection
close
activeview
pagead2.googlesyndication.com/pcs/ Frame 85FF
42 B
64 B
Image
General
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstn4ZdWI-07Y9LfPvaCzk-duqXUBzMwJs6b-Kti4Mgx4Og75NKEnLjzvurw7CXVNaPgbGAsk4OkNCsKjkyVAW6oDzUXMki6UAHyvz3e7REkRTDRw1KI4g&sai=AMfl-YSqKWZVxp4QXNjjrRXEvdPB09AYt6MBq9o11z0Z9ApZthwXbxZnvdsDKqW7y2jgGcNJDrxqaEECkEe9&sig=Cg0ArKJSzAu65pDC5wkHEAE&id=ampim&o=0,735&d=299,600&ss=1600,1200&bs=1600,1200&mcvt=1000&mtos=0,0,1000,1000,1000&tos=0,0,1000,0,0&tfs=2115&tls=3115&g=77.49999761581421&h=77.49999761581421&tt=3115&r=v&avms=ampa&uap=&uapv=&uaa=&uam=&uafv=&uab=&adk=2989800909
Requested by
Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=56e008e903a7e3a3b98e19f313435afe
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 22 Mar 2022 14:19:53 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
img
pix.eu.criteo.net/img/ Frame 648B
2 KB
2 KB
Image
General
Full URL
https://pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=2861&q=80&r=0&u=http%3A%2F%2Fwww.stepstone.de%2Fupload_DE%2Flogo%2F6%2FlogoBosch-Gruppe-2804DE-1909091413.gif%3Feb%3D1&v=3&w=800&s=HYbmSDVtbe5wAnm1TH3AhaIB&b=800
Requested by
Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=56e008e903a7e3a3b98e19f313435afe
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
pix.par.vip.prod.criteo.com
Software
Finatra /
Resource Hash
490319aff00a55cfc00d9e24f71f39fc0801858055c62c07bec8fabf2f6e24ff
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 22 Mar 2022 14:19:54 GMT
last-modified
Wed, 4 Jun 2008 06:06:06 GMT
server
Finatra
vary
Origin
content-type
image/webp
cache-control
public, max-age=1951063
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; preload;
timing-allow-origin
*
content-length
1584
expires
Thu, 14 Apr 2022 04:17:38 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
reporting.services.disqus.com
URL
https://reporting.services.disqus.com/_log/taboola?placement=%7B%22domain%22%3A%20%22https%3A%2F%2Fwww.threatminer.org%22%2C%20%22experiment%22%3A%20%22network_default%22%2C%20%22position%22%3A%20%22bottom%22%2C%20%22shortname%22%3A%20%22threatminer%22%2C%20%22variant%22%3A%20%22fallthrough%22%7D&is_taboola_named=false&language=en&colorscheme=light&typeface=sans-serif&variant=fallthrough&forum_id=5993718&source_url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe&organization_id=4448595&taboola_publisher_name=disqus-widget-safetylevel20longtail09&experiment=network_default&mode=thumbnails-b&position=bottom&shortname=threatminer&referrer_url=https%3A%2F%2Fwww.threatminer.org%2F&canonical_url&q=56e008e903a7e3a3b98e19f313435afe&1647958790766
Domain
reporting.services.disqus.com
URL
https://reporting.services.disqus.com/_log/taboola?placement=%7B%22domain%22%3A%20%22https%3A%2F%2Fwww.threatminer.org%22%2C%20%22experiment%22%3A%20%22network_default%22%2C%20%22position%22%3A%20%22top%22%2C%20%22shortname%22%3A%20%22threatminer%22%2C%20%22variant%22%3A%20%22fallthrough%22%7D&is_taboola_named=false&language=en&colorscheme=light&typeface=sans-serif&variant=fallthrough&forum_id=5993718&source_url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe&organization_id=4448595&taboola_publisher_name=disqus-widget-safetylevel20longtail09&experiment=network_default&mode=thumbnails-a&position=top&shortname=threatminer&referrer_url=https%3A%2F%2Fwww.threatminer.org%2F&canonical_url&q=56e008e903a7e3a3b98e19f313435afe&1647958790775
Domain
sync.inmobi.com
URL
https://sync.inmobi.com/oRTB?redirect=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fim-usync%3Fuid%3D%7BID5UID%7D
Domain
images.taboola.com
URL
https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/963b2bd78ec4af37edcfda9a372ce867.png
Domain
images.taboola.com
URL
https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/5caf2e65bec1862417560f766e3017ed.jpg
Domain
images.taboola.com
URL
https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/fc47205c0ca2dce69b72d3f6b5ea6e0f.jpeg
Domain
images.taboola.com
URL
https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/fc47205c0ca2dce69b72d3f6b5ea6e0f.jpeg

Verdicts & Comments Add Verdict or Comment

150 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| 6 object| 7 object| 8 object| 9 object| 10 object| 11 object| 12 object| 13 object| 14 object| 15 object| 16 object| 17 object| 18 object| 19 object| 20 object| 21 object| 22 object| 23 object| 24 object| 25 object| 26 object| 27 function| structuredClone object| oncontextlost object| oncontextrestored string| GoogleAnalyticsObject function| ga object| adsbygoogle function| disqus_config function| $ function| jQuery object| __twttrll object| twttr object| __twttr object| jQuery1124026947816000273717 undefined| _ function| setImmediate function| clearImmediate object| __core-js_shared__ object| pdfMake function| createPdf function| JSZip function| check_have_i_been_pwned function| getData function| getReportData function| getReport function| find_reports function| show_report function| checkForm function| createCookie function| readCookie function| eraseCookie object| SocialShareKit number| infolinks_pid number| infolinks_wsid object| $iceboot object| INFOLINKS object| google_tag_data object| gaplugins object| gaGlobal object| gaData object| DISQUS object| googletag object| google_js_reporting_queue number| google_srt object| google_logging_queue number| tmod object| google_ad_modifications object| ggeac object| google_persistent_state_async boolean| google_measure_js_timing object| google_reactive_ads_global_state boolean| _gfp_a_ object| google_sa_queue function| google_process_slots boolean| google_apltlad function| google_spfd number| google_lpabyc number| google_unique_id object| google_sv_map string| google_user_agent_client_hint function| _typeof object| $ice object| $infolinks function| google_sa_impl object| googleToken object| googleIMState boolean| _gfp_p_ function| processGoogleToken number| google_global_correlator object| google_prev_clients object| ampInaboxIframes object| ampInaboxPendingMessages object| __gcse object| google_image_requests number| $iceId object| TRC number| taboola_view_id object| module$exports$cse$search object| module$exports$cse$CustomImageSearch object| module$exports$cse$CustomWebSearch object| google object| module$exports$cse$searchcontrol object| module$exports$cse$customsearchcontrol function| _googCsa number| nextSearchboxId number| googleNDT_ number| googleAltLoader function| __sasCookie object| _google_rum_ns_ function| mb function| Goog_AdSense_Lidar_sendVastEvent function| Goog_AdSense_Lidar_getViewability function| Goog_AdSense_Lidar_getUrlSignalsArray function| Goog_AdSense_Lidar_getUrlSignalsList object| module$contents$ima$CompanionAdSelectionSettings_CompanionAdSelectionSettings object| ima object| module$contents$ima$AdsRenderingSettings_AdsRenderingSettings object| module$contents$ima$AdCuePoints_AdCuePoints object| module$contents$ima$AdError_AdError object| module$contents$ima$AdErrorEvent_AdErrorEvent object| module$contents$ima$AdEvent_AdEvent object| module$contents$ima$AdsManagerLoadedEvent_AdsManagerLoadedEvent boolean| __v5k function| vl_cB function| vl_disable function| vglnk_16479587917486 object| vglnk object| google_llp function| ILVideo object| cmTag undefined| vglnk_16479587923617 function| webpackHotUpdate function| startCMTagMain object| _taboola undefined| vglnk_16479587927749 object| __AMP_LOG object| __AMP_ERRORS boolean| ampInaboxInitialized object| __AMP_MODE function| __AMP_REPORT_ERROR object| ampInaboxPositionObserver object| ampInaboxFrameOverlayManager object| AMP

56 Cookies

Domain/Path Name / Value
www.threatminer.org/ Name: PHPSESSID
Value: lhqhil0qmcsopk1jo4832kgbb6
.threatminer.org/ Name: _ga
Value: GA1.2.288048568.1647958790
.threatminer.org/ Name: _gid
Value: GA1.2.663742177.1647958790
.threatminer.org/ Name: _gat
Value: 1
www.threatminer.org/ Name: logglytrackingsession
Value: 502eb830-a2f1-4201-aaf0-c217dbf1eecd
.infolinks.com/ Name: cuid
Value: bd667326-8c77-4db9-b2f4-810b96b9bf92
.threatminer.org/ Name: __gads
Value: ID=d22323cc57c8dc71-229cf8cf62cd00e8:T=1647958790:RT=1647958790:S=ALNI_Mbh805SH0LOXCb3S1Xd4Td93RrNYw
.adnxs.com/ Name: uuid2
Value: 2843408346336645752
.yahoo.com/ Name: A3
Value: d=AQABBAbbOWICEEGPaYzOTTtcpq7cEn-lw7MFEgEBAQEsO2JDYgAAAAAA_eMAAA&S=AQAAAvMJFfG2ZXvg912NIVMxZJc
.pubmatic.com/ Name: KTPCACOOKIE
Value: YES
.casalemedia.com/ Name: CMID
Value: YjnbBjS4PehpXSLSwhYw9AAA
.casalemedia.com/ Name: CMPS
Value: 3269
.pubmatic.com/ Name: SyncRTB3
Value: 1649116800%3A220
.pubmatic.com/ Name: KADUSERCOOKIE
Value: 8B767A46-5061-4AFF-80C5-9BF67C1CEA96
.casalemedia.com/ Name: CMPRO
Value: 1135
.360yield.com/ Name: tuuid
Value: 92a6f32d-36da-44dc-87a9-9edb1dba7fe8
.360yield.com/ Name: tuuid_lu
Value: 1647958790
.advertising.com/ Name: APID
Value: UP22de5ea8-a9eb-11ec-8372-02e24adefb4c
.cpx.to/ Name: cpSess
Value: 1bded078941ff588
.cpx.to/ Name: dsp_app_nexus
Value: 2843408346336645752#1647958790976
.casalemedia.com/ Name: CMST
Value: YjnbBmI52wcA
.infolinks.com/ Name: ANUSERCOOKIE
Value: 2843408346336645752
.infolinks.com/ Name: VRUSERCOOKIE
Value: y-kNpO2QxE2uGKC2x9nFN8X4Ste.riUF8Ew15h9Oo-~A
.scorecardresearch.com/ Name: UID
Value: 1D32953427990a5f6d674e81647958791
.analytics.yahoo.com/ Name: IDSYNC
Value: "192u~23we:18xp~23we"
.rfihub.com/ Name: eud
Value: H4sIAAAAAAAAAFslzmtoZmJuaWphbmloYGEBABnSKDoQAAAA
.rfihub.com/ Name: ruds
Value: H4sIAAAAAAAAAOMSNjU0NjQwNzc3MrA0NbMwMwCyhfgMdVNLXXLDoizSk_I9HQF6BtxkJQAAAA
.rfihub.com/ Name: rud
Value: H4sIAAAAAAAAAOMSNjU0NjQwNzc3MrA0NbMwMwCyhfgMdVNLXXLDoizSk_I9HaV4Dc1MzC1NLcwtDQ0szAF1yR9TNAAAAA
.infolinks.com/ Name: IMDUSERCOOKIE
Value: 92a6f32d-36da-44dc-87a9-9edb1dba7fe8
.infolinks.com/ Name: OUTHUSERCOOKIE
Value: y-xfH7ugBE2uG1NOdTrho4IENi3HgFJwtj~A~UP22de5ea8-a9eb-11ec-8372-02e24adefb4c
.infolinks.com/ Name: IXUSERCOOKIE
Value: YjnbBjS4PehpXSLSwhYw9AAA&1135
.brand-display.com/ Name: _knxq_
Value: 6f272d75-955e-dd6c-c2975258.1647958791.0.1647958791.1647958791
.bidr.io/ Name: bito
Value: AACXR07Ec7YAADH5JbgpTg
.bidr.io/ Name: bitoIsSecure
Value: ok
.doubleclick.net/ Name: IDE
Value: AHWqTUkjxOAGAgnY_s5_FTskmT5vUmJakygOvs19iT831TnjI7R6avg55NNhf8OEg38
.pubmatic.com/ Name: PUBMDCID
Value: 3
.infolinks.com/ Name: ZTUSERCOOKIE
Value: 5131077720956860077
.pubmatic.com/ Name: pi
Value: 156872:3
.pubmatic.com/ Name: chkChromeAb67Sec
Value: 3
.casalemedia.com/ Name: CMRUM3
Value: 2d6239db0605a0&b06239db0605a00&276239db060b40&be6239db0605a0&826239db072760AACXR07Ec7YAADH5JbgpTg&f16239db0605a0&e66239db062760&bf6239db0727606f272d75-955e-dd6c-c2975258
.infolinks.com/ Name: KADUSERCOOKIE
Value: 8B767A46-5061-4AFF-80C5-9BF67C1CEA96~1647966567265
www.threatminer.org/ Name: trc_cookie_storage
Value: taboola%2520global%253Auser-id%3D9e8e1b47-4874-4f05-b886-a8ca805928a4-tuct9336086
.www.threatminer.org/ Name: __gsas
Value: ID=6752bf4ed4cfb6e7:T=1647958791:S=ALNI_MYBXL1M_tyAxKuVKaUxyxGu2oRblA
.infolinks.com/ Name: PUBMUSERCOOKIE
Value: 8B767A46-5061-4AFF-80C5-9BF67C1CEA96
.adsrvr.org/ Name: TDID
Value: 2ba16ead-3562-48a7-81d7-cfa46fe93e17
.tapad.com/ Name: TapAd_TS
Value: 1647958791883
.tapad.com/ Name: TapAd_DID
Value: 121a9a89-9803-4310-a53f-0f0f2ff1d99b
.adsrvr.org/ Name: TDCPM
Value: CAEYBSABKAIyCwj0mvequIbGOhAFOAE.
.tapad.com/ Name: TapAd_3WAY_SYNCS
Value:
.1rx.io/ Name: _rxuuid
Value: %7B%22rx_uuid%22%3A%22RX-55f5cc61-5e33-4350-845d-8732829256fd-003%22%2C%22nxtrdr%22%3Afalse%7D
.targeting.unrulymedia.com/ Name: _rxuuid
Value: %7B%22rx_uuid%22%3A%22RX-55f5cc61-5e33-4350-845d-8732829256fd-003%22%7D
.threatminer.org/ Name: fc
Value: %7B%22NDI0fjY0MDI4Ml82NDM3NTI%22%3A%221%3A1647958792307%22%7D
.threatminer.org/ Name: pv
Value: %7B%22d%22%3A%221%3A1647958792307%22%7D
.doubleclick.net/ Name: DSID
Value: NO_DATA
.infolinks.com/ Name: tv
Value: |NDI0fjY0MDI4Ml82NDM3NTI~1
.infolinks.com/ Name: R1USERCOOKIE
Value: RX-55f5cc61-5e33-4350-845d-8732829256fd-003

7 Console Messages

Source Level URL
Text
network error URL: https://ib.adnxs.com/getuid?https://dsum.casalemedia.com/crum?cm_dsp_id=190&external_user_id=$UID&gdpr=1
Message:
Failed to load resource: the server responded with a status of 400 (Request failed due to privacy signals)
javascript error URL: https://www.threatminer.org/sample.php?q=56e008e903a7e3a3b98e19f313435afe
Message:
Access to XMLHttpRequest at 'https://reporting.services.disqus.com/_log/taboola?placement=%7B%22domain%22%3A%20%22https%3A%2F%2Fwww.threatminer.org%22%2C%20%22experiment%22%3A%20%22network_default%22%2C%20%22position%22%3A%20%22bottom%22%2C%20%22shortname%22%3A%20%22threatminer%22%2C%20%22variant%22%3A%20%22fallthrough%22%7D&is_taboola_named=false&language=en&colorscheme=light&typeface=sans-serif&variant=fallthrough&forum_id=5993718&source_url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe&organization_id=4448595&taboola_publisher_name=disqus-widget-safetylevel20longtail09&experiment=network_default&mode=thumbnails-b&position=bottom&shortname=threatminer&referrer_url=https%3A%2F%2Fwww.threatminer.org%2F&canonical_url&q=56e008e903a7e3a3b98e19f313435afe&1647958790766' from origin 'https://www.threatminer.org' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network error URL: https://reporting.services.disqus.com/_log/taboola?placement=%7B%22domain%22%3A%20%22https%3A%2F%2Fwww.threatminer.org%22%2C%20%22experiment%22%3A%20%22network_default%22%2C%20%22position%22%3A%20%22bottom%22%2C%20%22shortname%22%3A%20%22threatminer%22%2C%20%22variant%22%3A%20%22fallthrough%22%7D&is_taboola_named=false&language=en&colorscheme=light&typeface=sans-serif&variant=fallthrough&forum_id=5993718&source_url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe&organization_id=4448595&taboola_publisher_name=disqus-widget-safetylevel20longtail09&experiment=network_default&mode=thumbnails-b&position=bottom&shortname=threatminer&referrer_url=https%3A%2F%2Fwww.threatminer.org%2F&canonical_url&q=56e008e903a7e3a3b98e19f313435afe&1647958790766
Message:
Failed to load resource: net::ERR_FAILED
javascript error URL: https://www.threatminer.org/sample.php?q=56e008e903a7e3a3b98e19f313435afe
Message:
Access to XMLHttpRequest at 'https://reporting.services.disqus.com/_log/taboola?placement=%7B%22domain%22%3A%20%22https%3A%2F%2Fwww.threatminer.org%22%2C%20%22experiment%22%3A%20%22network_default%22%2C%20%22position%22%3A%20%22top%22%2C%20%22shortname%22%3A%20%22threatminer%22%2C%20%22variant%22%3A%20%22fallthrough%22%7D&is_taboola_named=false&language=en&colorscheme=light&typeface=sans-serif&variant=fallthrough&forum_id=5993718&source_url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe&organization_id=4448595&taboola_publisher_name=disqus-widget-safetylevel20longtail09&experiment=network_default&mode=thumbnails-a&position=top&shortname=threatminer&referrer_url=https%3A%2F%2Fwww.threatminer.org%2F&canonical_url&q=56e008e903a7e3a3b98e19f313435afe&1647958790775' from origin 'https://www.threatminer.org' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network error URL: https://reporting.services.disqus.com/_log/taboola?placement=%7B%22domain%22%3A%20%22https%3A%2F%2Fwww.threatminer.org%22%2C%20%22experiment%22%3A%20%22network_default%22%2C%20%22position%22%3A%20%22top%22%2C%20%22shortname%22%3A%20%22threatminer%22%2C%20%22variant%22%3A%20%22fallthrough%22%7D&is_taboola_named=false&language=en&colorscheme=light&typeface=sans-serif&variant=fallthrough&forum_id=5993718&source_url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3D56e008e903a7e3a3b98e19f313435afe&organization_id=4448595&taboola_publisher_name=disqus-widget-safetylevel20longtail09&experiment=network_default&mode=thumbnails-a&position=top&shortname=threatminer&referrer_url=https%3A%2F%2Fwww.threatminer.org%2F&canonical_url&q=56e008e903a7e3a3b98e19f313435afe&1647958790775
Message:
Failed to load resource: net::ERR_FAILED
other warning URL: https://cdn.ampproject.org/rtv/012203150226000/v0/amp-ad-exit-0.1.mjs(Line 1)
Message:
Unrecognized feature: 'attribution-reporting'.
security error URL: https://googleads.g.doubleclick.net/pagead/html/r20220317/r20110914/zrt_lookup.html?fsb=1(Line 22)
Message:
The Content Security Policy 'child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11177003524201462228/GR_klima_728x90/GR_klima_728x90_1.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11177003524201462228/GR_klima_728x90/GR_klima_728x90_1.html' was delivered via a <meta> element outside the document's <head>, which is disallowed. The policy has been ignored.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

15.taboola.com
a.disquscdn.com
abs.twimg.com
ad.360yield.com
ads.eu.criteo.com
adservice.google.com
adservice.google.de
ap.lijit.com
b1sync.zemanta.com
c.disquscdn.com
cat.nl.eu.criteo.com
cdn.ampproject.org
cdn.syndication.twimg.com
cdn.taboola.com
cdn.viglink.com
cds.taboola.com
clients1.google.com
cm.g.doubleclick.net
cse.google.com
csm.eu.criteo.net
de.tynt.com
disqus.com
dmp.brand-display.com
dsp.adkernel.com
dsum-sec.casalemedia.com
dsum.casalemedia.com
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
i.creativecommons.org
ib.adnxs.com
image2.pubmatic.com
image4.pubmatic.com
image8.pubmatic.com
images.taboola.com
imasdk.googleapis.com
imprammp.taboola.com
licensebuttons.net
links.services.disqus.com
match.adsrvr.org
match.bnmla.com
match.deepintent.com
match.prod.bidr.io
node228.impressionssl.adshop.infolinks.com
onetag-sys.com
p.rfihub.com
pagead2.googlesyndication.com
partner.googleadservices.com
pbs.twimg.com
pips.taboola.com
pix.eu.criteo.net
pixel.advertising.com
pixel.tapad.com
platform.twitter.com
referrer.disqus.com
reporting.services.disqus.com
resources.infolinks.com
router.infolinks.com
rt3001.infolinks.com
rtb.fr.eu.criteo.com
rtb.nl.eu.criteo.com
s.amazon-adsystem.com
s.cpx.to
s0.2mdn.net
sb.scorecardresearch.com
secure-gl.imrworldwide.com
ssc-cms.33across.com
ssum-sec.casalemedia.com
static.criteo.net
sync.1rx.io
sync.go.sonobi.com
sync.inmobi.com
sync.targeting.unrulymedia.com
syndication.twitter.com
tempest.services.disqus.com
threatminer.disqus.com
ton.twimg.com
tpc.googlesyndication.com
track.seadform.net
trc.taboola.com
u.openx.net
ups.analytics.yahoo.com
vidstat.taboola.com
www.google-analytics.com
www.google.com
www.googleapis.com
www.googletagservices.com
www.gstatic.com
www.threatminer.org
images.taboola.com
reporting.services.disqus.com
sync.inmobi.com
104.244.42.72
141.226.224.32
142.250.181.226
142.250.186.34
151.101.0.134
151.101.1.44
172.66.41.9
174.137.133.49
178.162.133.149
178.250.0.139
178.250.2.148
178.250.2.150
184.30.20.241
185.64.189.110
193.0.160.128
198.47.127.18
198.47.127.20
199.212.255.247
199.232.192.134
199.232.192.64
199.232.194.49
199.232.196.134
199.232.196.64
209.54.180.144
213.19.147.45
216.52.2.19
2600:9000:2057:8600:6:8656:f5c0:93a1
2600:9000:206f:c00:1e:a43d:b640:93a1
2606:2800:134:fa2:1627:1fe:edb:1665
2606:2800:233:7ee2:97c:ab4c:6c70:be36
2606:2800:233:8173:898f:63b3:95c3:79d2
2606:2800:234:59:254c:406:2366:268c
2606:4700:10::6814:9710
2606:4700:20::681a:5d6
2606:4700:20::681a:feb
2606:4700::6810:a40d
2a00:1450:4001:800::200a
2a00:1450:4001:802::2002
2a00:1450:4001:808::200e
2a00:1450:4001:809::2003
2a00:1450:4001:80e::200a
2a00:1450:4001:810::2003
2a00:1450:4001:828::2006
2a00:1450:4001:82a::2001
2a00:1450:4001:82a::2002
2a00:1450:4001:82b::2001
2a00:1450:4001:82b::2002
2a00:1450:4001:82f::2004
2a00:1450:4001:82f::200e
2a00:1450:4001:830::2002
2a00:1450:4001:830::200a
2a00:1450:4001:831::200e
2a02:2638:1::11
2a02:2638:1::2
2a02:2638::2
2a02:2638::3
2a04:4e42::300
3.126.56.137
3.33.220.150
34.111.151.213
34.98.64.218
35.227.248.159
37.157.2.239
37.252.172.37
38.27.122.101
38.91.45.7
50.31.142.223
51.75.86.98
52.30.111.237
52.31.243.45
52.59.41.116
67.202.105.24
67.202.105.33
99.80.176.170
99.86.7.38
0078d80774959408efdbb3363e3de20f782102e5d79714e23166027efed773c5
00d8a7baf470f53edf147b35b3642edbffb15548bd353869d2bcfddff5b18147
00f24d35adc5a60b6457d6b9ccd31e654cf3f8f8c76b4cc668be2a46834d1fce
058b7f33a61ef0de50995d1e74f6d171f0923c3305824a47bf588c6c4cf2fd8a
06e4108ed045249eeec3ffd0b0520922f0b46eaf1d5a54db1bf9dc549ff7dc80
0719dc7da4a6300d136e33db60c72ca75e1e22de59752410b237ff63401707ec
07a081c6a38ab09a0163aecaaf77713ffae6e09d06ba1a112efef22e01857ddc
095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6
0a560a3cf9eb076812dd9915d939ffd6f6a09b935749169ddc6dd875efe599c6
0b13f84a6dde5e31b8a9e05852d609f5aa9d41b1b86c26d2d4f773b7dca0a675
0b43999f77e447254a78e068f55a6cc9075071b252277337b901e095e607e474
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0ce5fc08d0f617e71e1d61bcd79fc7cc1855f4221945b0c09ac774685fe7f52c
0d59fe84b6f62a4dae19c39889a0c4da2f2ab5f6d11bdbb1069d5bd6ed17bd32
0df35dc4906a0b5425ab3e2dd3e7b4aee3c01734f8966c3f38aade193df6bbca
0f8e2e5d76ec34f9ceaa02cd4a2e7850080b4c87fcbcfc645cc62a317304e736
0fb1bbca73646e8e2b93c82e8d8b219647b13d4b440c48e338290b9a685b8de1
106f36a58408c097b1febcc9f0fe8fdf3dc79fb29b120f06e2172dcc1ac0c921
13da23e323658067823edcbc9f6033522a57cbe4325eb72470ab93f6c77f5c38
13e68e27467c0153e0ccc25ec44b611d871cde24469f22c06b442d6ad9cf0b53
13ecb0102d7c88c80852077beeaac9e53fb33e8b1ab4006dc267a84161702cce
16957a3bb9422d4ba380be3b630db7a310e87e65f224e2be865dd64dd0b5664d
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
199411f659f41aaccb959bacb1b0de30e54f244352a48c6f9894e65ae0f8a9a1
1a1fda99cdd8bbe705bc66a681a248975154bee13fb350978472fa20b0f513be
1aeceef378724433f1a66549d593a39a79cf997c78cbde925187be550d58ee68
1de1b94f2eb27f99f30e3a3afdfc9db5333cca95520d2342b73ee5db60fd8bae
1dfe85a37ae1c79d3e9c52ef1ab91df405010640520a5ee23947929a91345b55
1e046a89bb90f44dadb24f5fdfbe412b5f6d320b790f7317fad956b193234726
1ebb3517513b70fa9a58d0987ea7d7860da4476152593154ddc7274df199258c
1ed4c8a8cbe31d3903b2903265b1b5df60688fb01475d5097e9bb942df8e078b
1f42b6c9dab0b73174621c0daba5d82d4f2d841fed05a3784952e660b13fb78b
213738a8de7a1e55874dcbc92825c84599256579b64f60f19c2514e61844e6bb
23d73e82db2eacc7b04298fa1be270e911f33c8b5289f29b3293c1676ad5b40d
2438d75b3ecab8905611476dc704d6bb50a5222b60ff5bd79f7199b4661799a3
268dfb1131e147b12fe728c27f9e8186fa739a25a9ab7d70946d9e8d1d5b597a
26b455d05301acda19c24cf35fa5aec0945bf50244421d00678502a785d33393
27fab14198ee501fee429ec1be7048d0af1ae5ee2b24a7478729118914c2c726
28350b1ee2c38c7a5eb134d520dedd01ab578d81c2ebe814e63e5d212c6ab1f1
28dd16c670efe7d607a46f8232d78b0c8470d2b9395042a6cd18254f6fcc4199
299ea571b2d2696bc505f52435e0b2948e1fc7065a72d2b5a9f438ad18f2c278
2b0789c3ab7df1f2580e95bb47eb5bb6dc19b4fc5a91b1f1ae1d9484dab534a9
2c2744fe747215e6a27c0eddb2b548eba36d35c5baa0a8b856ccf56a5c31d2ec
2eb2a641ec9143273f4f5ba4f1526364fd4b1a040b628b4be54b77dbe362690f
2eebf35211143c8364122917c63490e1f22a4ca895a8e50e1f3ab840943cbcec
31844a6a9bdbed5ea86ca5f91a6837fdf9fad712f9f163a98d2f053b6727efcc
3270642c89180c12db93775e2a774b6dadd9bd98cffc963075c85afd2c17b6e4
329d1a750114920332eadc55c129957d9dbe5a1b25745e2f7e0ed4fad75e04cd
331b2b1241f1f2a53744bdca867c5b76954d9431970e91f490f64c707fc24a16
3325d5e8eba6ce383a5c52630091fa64254e836866666a55a39b85d61faddabc
341e0d761251ee538d0cad6322c66abdbf78dc7d6f3ca62f3459fab822a2103f
3440a4ed11dc3850b1dba284faede277b2ab478291db867f46a2742ea8d646c6
36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1
36ef66124133ca33c8b44c487293c3180e5ab681ff3cad3c728ea4f894ec3444
37a31642af0a7fe695ed0fd68a06a55af44e854d083dc7f5d0e70535f0189ae0
3a2d2b45c3c755e79fed20f4b82f45443e7046c319952ab22bcb3d5373f11569
3ab0a74bbd399efdf7c9c9bffb689f0a755fc7131d5af04c8393d45f5163a69b
3c40772a7d96d171b5675d99dae36bfd06e41272fdfdb9e7aa583802b3211532
3d56f2bc68d9d190a05df1dc24bd2653eaff3c20660fa4e8b4fda71ebd8ada64
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
3f20c78edf350544b354f8245729db4c74f21682d2f6669114bee39346548129
42c9e4f9d8c14ea0ecac49e147f029a6bb58b69e544bd63667e5b0e64169f631
44c4835adccc8a59b074ef388191535b8d7ba76e63bb89e959057a6e81827b31
455098e7d6ff4c0e0081a9248fd0b2c4aaaaec2b0b3b9af729d48252da4d60db
45b3ffadbc785de6091fa798527891eb7264e4d115e3c1a37acb60e3d70d4966
46b665aec587754215aca2c2e84218bef73ed2bb059fed084caef1df300a0008
47f4726d397a53427c2057a941a24dfe03156a6b6be251a47ddb1cbbc59745bf
48c9a4d4aa290a866126159687441006eb39adf48ae31e1910aa0f21e0b21376
490319aff00a55cfc00d9e24f71f39fc0801858055c62c07bec8fabf2f6e24ff
497784962396c3e6376fbec9dbde4406909d5dead68a80102ef8773286575e13
49c20df08217f7af46d30047436e74bf3adc75f5a64bcd6226e9823b0b864c04
4a2266339c6f702080a356cb4823f95f42dfb25eb49dc3b5f6d56711761379a6
4c4491dcfa94cb46fb73742fc2caf49a1cd59027304af1830c7dc6ce1889857c
4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840
4d9e28bf1814e0986b8e5b001e2c8d55d164f9cf8ee3ddc1ccf5560fe7053b66
4dc8736a1f88ba8b83372678be7d33ec790a58f91125c1794c65219d533e891a
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4eafe722db0cddc9c3d79cc271e97598833c51f463faeb0b8f3a40f4db83c6f1
50d6e541020cbfdddf888aa2c42ad1c8d2296f9045709983354441032e2eb55d
513db1539e2636a80095ea5400aba7f55aa44b4d78eb0440cc87b6d693cf6090
53c4e73aab9fe883d50f9493481dd5acde9e1b0d92fef922c1d3aa1788c9b8b3
547db896422820a406f6c849460bd878aeff86944dd36992300a2b342decd91e
54a66c4693bfd79901040269ae7d7304508cbd02859797a1780f2bbe72176e23
54b76b9b87735b56615ee85736257872299a9badb32e1d31ed70f3f26a954158
54c83065ce4764478e5412fcded3e3fe0309429eedc34211fabf373ea9cba097
558e624c6b2b348a585985d9204bf4c76539d9b66a40f9fb0c6c23d341f5468b
56b292bab6c777111694aa0bffda487c3108b1e83091ea8471e316272f9d1aff
5a7b3090bd9f8835e6add21f9c4e519a19af8fcedb40d3e9488d0e5e23a2fe36
5b497b3dea8511b361da644850f9a576c982e26ce7b18754c5c82f50f4049024
5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b
5f82d10b244c0811546fce6bc98e767655bceee2b7f41c6b41aef2e630a1ace8
5f927aafbd390915d4b143333d53ec5e5c70cb14b33e1f39bae3555ee6be1685
605eefd6f113ffc50e197d237861a4fbfefc52a781370ed5ad047e2e32632091
60adb5d029ec8a5d4613d7d57ff8a799c43caae1d1d1c2e5c230d65850fd5273
622165818dbe4d9b4ba1d82a9da69ce79204e89ca9cbb27cff3e7b4f40384509
6258018e9f890f2383a09a2be6df7792affd977d856e7247ace8341f5b5487f0
628c4ca6a2e9b9d5537bcb63c21f00a08db72948fadf002274908eac0c839f37
639665b9e97aad7d30114d5b9b4d4b391d1ee6e870fd4515ec28e5a24c22863a
65419e5f1266cd94c03d8768df25bc06685d976170ca30809939f90875b8f288
668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404
68026f99511fbc5c2275b7068b5fac19797d638977ffb9db12c5c1523614c18f
68f30b9bd309413b1274d8023504d62a9bed9a1333802a314071ecf6acd7580e
691d52745e56549c713f2481d84dca4247372891b8541c4db4e1eae684c2fbac
697c41fffac431521f2db48c7426ac23b972b6eb7b1242f0bb47d6079884d3a4
69d3945a8d076a254a46eacaee06ae6cf7db0306c8727fd7c451f23c3a2b26ce
6bfdbf5f5eec59ff6ec78cb4fa062c0797c9e9e8a0e8b39740bc6e67aa33c7d3
70f157c3fb7e1d05c83d4f8f269d9c6b67203e37863329eefc5202b97af308cc
7a487d46a028c374c609924015d8c7ef6dd28b613a3739aa97ed2080984775bb
7b0c413bcb3674fc6edd5efdd7942e521fccae2795c7573a3285d8cb6c28fcbb
7bbd6a2a9e83ef6984e0fc21ad571691780777e0b4b894daf3455748e117554f
7be5f63793eef79dfde6edc1d8e29918e831ac49766cdc8f03960efd1550fa74
7c4546e022f2c24eb7014a2f977c0ca617e9bd3d44d217abdaa6c511e16c6efa
7dabe55ab2224b685e65607238653b544cdad84b21f31fdac7a1a735c51a5904
7f0c1f19b130d4562fa0a60a6a3b3d2d6d8cbb7048ba045c1c3f3f6579bac7e6
7faef21187e15aefd3d8a5a585ca32c66358f597a97f5abd276517eaea1057d3
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
82f3e86bf88366e93c62eb14a8a7aa06afb75aa135c27988f3ccb946875d2f33
8353939c18e5e60087a56330c04beccc678c088e8a94d613a91ebbffb9fd0308
8771f93d2878d5532147d7d5356893babf64c7097f2cc390e4c0c8a61ac537b3
8784042e14531617c1aef40d7623d3dd1d0b24730721c779e0c3ae86ed03990e
8875e0e5a0f6bfaf4d66fde0622a609e9fe7b599adaef3ad01d6d613574c69b1
8882c05ade8d73602a50fccfc5e3d2ad0ff2427e6c7adafc2d8f13a1da7f1ec4
88915cdc03fc5b9a20aec966fe93ee38aa3fd76bfef296e41d305271b3541c96
88de0c9ca1d26447fa0b512503be596f6388d5ca75f356674b195810b61068c8
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
8a322ede0b619b9051fccbe2a1a31f402f416d45f92c245aafcbe75e42f6f2b2
8aeaf60f6f34ced8ed9c83b249bdfc8544cc8f318294074898e6ced1d04e678c
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395
8f4d3b47b47a8a31163dad5d7fb15e27a0056d07b0c34c6089fd9225664e847c
8f9a7962cf58f27b89c0627d094ee1b631ec118675f9eae1dc06031353360422
90214d135602962e47ea9587a7eeb62fac1c64a541e373ea76e2b4e8b33e3f88
91b4ac439a88193b25a302f46fc9a2b0c5455ca4b1f30b7406a541fbc6201200
91ccad943b75171869dacbe5c42de58887b92a1d9fbc567651ade87e7193984d
9219490d546d2ec3d3d040fd4f08346c9de5305917ca68a8d6c1d1fea61d7836
93145f73267d49fb0755c373ac2ce47a9e39866da0bf529443810b769d8d6b68
934abde684325043e16edeffd73752cd5f0ab00b5723d8e47a618ce3f16a3799
93f2072c521fbd53054fe2a73577cff9b62b94dac4573502aacd93625d9d52fd
93f393a2b1de6e84b23b0eb105987bd779b48e788c48b7a91db7becf6e237218
9479b3e3bef0f6427206cadb155b1f1e0197e6d87356db3a4dee7732273b2b80
95659b37ed5cee772e87828fe4a9fa0991c41a77d8920cfb2adbdd28be772799
9714221c828961b20f45a782c3281c0596f6652cfe1299bee18097f98e8fb7b3
98afb7990b095c653fdc5fc7ec849f697b686ed697354c70af2e642719efdde6
9926a0d226b45faff8db829a1c445f33efa6522e213fafed1000365d5abf73df
999a740fc678f340320d75cf6083acc26c1d005b81d6819cc3af4598b328d503
9b313491860295518bea9cdbe75b0105cea02d1e305d5161bd7c6e1921b2a004
9bc50e346a5772ba1724948a53082df46c70edc300a38b75f61e8cb203f0a8cf
9c46613d276c29b3a2c454805e4665b2ced97fe0b16adf72c922d1691267cc58
9e3eee424592373e4e30bea9fcd924f10fcabfafbbe03b092ecc5d8ff570eab2
9e3f824116bf1ec3acc0dd7c003055cfb201ab314633e5874a4c4df752bfa018
9efb3d5e1b082a66bd94908b42afb4cf6fe0e8eb8f50b8d2a18f6a5da03e6a18
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a20ab124db98e272a6f169012c51c35fcdad976d0f5608daf82ee753cfdd0818
a256529bd5b1b8846f8d2536ce7581fb6cea4479992f222d01535903dff48d79
a2e14a498cfcc1b6920f069a9d657ad3c6fbbe217dd26dbfe54815db5107fed6
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a549034009f79ead18a2154a8b730d8acb61e2f36c0434c0f9cff0f73df5d8cf
a67d07f733785876b3192826e76f537e2b9dc0be172ce52c773d30d65f712a07
a6c11502463f3445d37d3184cef1016bb3c77dbc12b88636788632bfe5e87b98
a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37
a86648a99fd78591b8847f3fe58fe7ba16309c4d1de013a1d01e07bfc8a94d65
a905062b971bfb70ba70dda1a454d9cb7f7389be7ff515f6eb9009c8e697a34b
a98187a68b2512ba8073f68fb559db3b672ad9a36459d74af942d8bb4ed3278f
a9e402d2d19f1057cdea09b2152d8cfd35664182564595e19bb83916c1f00201
ab7475d461d9f613ef90faa375ec3387987dd7536af23c13cacd6be9c0c0e370
ac74cddb007ace18442f5111c4c23125de6031dca42bcead5ea5bfb12d2ca332
acba8956287ec74ba144c311b37acd17330423a5e9449a8f12ddefe839af3079
ace69c570be8661dd9976b64fdec65170788bca6da18bcc5939376458121fe4e
ae86f4dd65c4e172b6835e3ca7199ba5775404599a4a4ddafb1df68280c4fdcb
aec5ee5147fdc283bcb601dc6231c234d9bec077d32756aef2a75eeedf78038f
aed2b79c1781327cef4d7eff908056ced95ca202d0d5780f8989169a0a7a50f5
afa4429500bc68b1b9c5cc6e07075cf1bcdeb46c80643c17d928f4cea193961e
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b2bdac211f43fbee9eeb4d50f8755206599f76296cd15316a97c9d2cb2050d2f
b32e2a199c3c9352689ae64546f5d70094b7208f0188067d7f583982f9886ef1
b6959badc42ed321f3170a8518f312b7ca475edb34a8fef12c3a51865d2af955
b6f6facd55ab986290b7cdd3aa2a8acfcc6f7edf53bf37689cf51f33dc54bcec
b79e342ee881ef2ab38b3f53ff291337ace2c939dd3dc7e44cb08f56e9c1cfb4
b7ecab7ec302a94b951db8b33d02978117fe6994a7d9adfb8d83666eda3a647f
b881bcdf2ea43a0920ac08c18a0bb5c6bad92c7413409caeef6c80246e352873
b90487a5e3fd0047cdb5de238607dd5fb3455236da1ee3b4c051bbd120d1964d
b94ed570e00f5bba0eaed65da67bf6f2fc5e107446a682eb045f20dbd12ab0e8
b968113e586107906911e61864086ba097b7b45cf857c0de3c4fd20963a90e61
b9cce687259803b513d2ea269400b8ef83a08d980d57721898f5e0b26f588daf
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bb35c990687adce309473f322847f1ed00df5d747b878d1c1fb17ed08bb4c6d2
bb6fe6ea51772638f8c2a04593fa4ee92717aa3d899c2def04b8509c50975e3a
bc8904cf494c040131cf5c61ed0ee8b3af200a356ea113a3e54a4d7c798159d3
bd4931d50b0d38f40443bbcc4b46856d39c9f16a3b28b3ab9c0c7b3fe1165582
bdb581fa06f3f03a95aabe175a9d30c381faaf15cc34c35a0ff4c5cc13c45f48
be3b15b1e68cf3e9278293d3b50491fe16c985e0ee5968852cac4fc062a7134e
bf27786b4381176350787d768bf5f7c5310ba640aa48ee98a3d2c310ddd971ab
bfcd7a262745ac2a8520d46dbe261c5db424c001970e9ebe83c440bfb48454f7
bff68cefb592e08162e39774e93f04960477b78c17e5cab63b4c2b91973afc98
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
c252a58367211c11d839155e50dc5e98551826c64b8d2e8d6267124c054ceae0
c284dcb06ef882b1b45e11e0a16baa223b4117eca94e243c8e725c4ce3f909b3
c39babc5b1ebc44eacdc9a8033fcacb34a85a83e5b2f5e2d3f54d58b8d61042a
c41896ee7b4524bd50de896a3e2ead44700fad37e563805235b76a6621751c3e
c608315f2e0cb3a3a1b13b4a55927548e4784021d3774e596d660ee75c23bef6
c692f0d15d92d902c12d745947ba1f892a76bbf3f74c6f3a9f590afd0653ee04
c6ce67f6ca4cb878b6bf9543d317fcb9b7b1e35d945ec2bedeed8351c7c812c6
c6d03b7a5561687268e57b13d9d4a6a4c71ee570ea74718040ce9227676e3e5e
c7a2cbd4070619a7d0b1ec4957c8a3e79bddca26f0ca9f3f76f54248fbbae399
c7d55fb721c0a1bb591d30b6e06f7781fbd13ab200a8aef0fa8df62e455bc0b1
c80da8eb6e9150d66697643e8d59db022fd32060461f75d428bf63687c5b38de
c9a35e6a04a65ef59009f7f48fda051d802dea8c7814533ba432b6477410c9b0
c9c6073864da0f83dc8e7f845b4d5f8959e934c29edd2c90534467cecccadce1
ca90f71c66820cf27d476f06d5847dbeaf652586e5d612ab0f787fa1cea9fee5
cbba4583ff22ef332128d85a685b42b9e0b75a6ee0e6619c127e66b24d460de9
cc5e65f3bf4a6f565b2e549b9b401450a1e7d283ffe50dd4a906b5375808b851
ccf362270f55814120b056e10ad90c85288a54f8aacb297641a23d412e0423e5
cd189b4bf2528794b4a4e85b4177f7d258e8dfb2b2904050765c7abbffe286a9
cec65ee7ed23f5724798c193f8570661a789c210836ee2c8cb7dd16aacbcee18
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
cf919e6fbfbf62a4f8cfaab4cf5c5f80e7c10be2bc9f7e4c70142175c0b49b4f
d072a09604e6a1fea8ef42203503771aa36b63a3c91fd1059966e26e6f5812b3
d255ea735df9904ce9d01698cdd7ac82050d30bab88ceb088605bc151bb00d2d
d3e950f0201ddc55974927feff2c27f2edcfc04bc1cbe8f95d4f30044b75e70c
d417e3e34e11cacb90b2183eb2730db4dbe7d63b7ed0bf3869b2ca77de9f8414
d5fd173d00d9733900834e0e1083de86b532e048b15c0420ba5c2db0623644b8
d661244532ddce6a92fb96fde511e23ea4de69ff2e41a5bffb884caa71166e01
d925e452c6b414143590afb638fc53f0f76954ece6a3146d5ec74787f4127897
dcec22bbcb68119d6c7d6d5e088fb82183a9826d0c9e3403f1386fd837f06a89
df2fe4fc7d9a2c3bc843e0019a8d91701afa5059461c43de93494ace434bfa0b
e0dc574fb2b266dba913861d60b0c69d1e41f0fd095a3341a45f26401cd8b6b3
e170d20dbbd5a22f50118e25fa2eefb1e85d2ad780e5477ed3a9643186090442
e2bafd2165eb1387adb1f6e0491591298a5db55db74a00c8121b3e6f1367fdd9
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e725928ffb665a91ca8a3631e3002edba9b0f9ec66b40a59d53db0f44827e34e
e811e414f4376d969d84db459974e258fbea5cb9aaa9fc90049c18946eb2a6e7
e8a74579fb64e402c0bf5ff5ab4c91a522f812ce8c082588e95e08d21eecc45b
e8f0c88ed1f811308a51a043c12b8208f7dca3f30cccebb701f7b623bf8980f6
e92552bc193c8bae835c7b6db6eea8a39593fa14fb75a227f738c415330cc84e
e99e3924496c43ef96bff070455e63d00a681e400cd93fa87e9e9215761e864e
e9e6d43114b4187eb4c0f6550554d9b422eaad45083e345d1fa7b82dd6afcd24
ecc2e585ea072abb205881f3aad6f36e92d556537e7100a8a128ddbc75edb436
ecee1d502f45731162f99f4d6aa07c0315a26a8382c1b1bc3c9958ab3ff04000
ed69c80626dd979265437b824a8b0890becd990c7fce41a2b00167c985603cca
ed7183f93a802ee78e950cf0193cac592885ba883af2068b98fdf0fda9b20e63
ed99491fe47b5733d1ad2fbf90f5d9066d049a530d1b92ebe47be5e0c527a32e
edce17cae96873e2cf08323e45f8316b500e4596563b8c69b63e162250038e91
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef2e787c889ef3a99f9115a673a38a8f14b8ce4f4a8a685f7610c0120a81865c
f04b517ba5d6a0510485689a3e42dac000f51640fd71b986804cba178eae42a5
f11884de40899d47234c1cf86074c4e1daf2adf2b83ecff07996dba83044fa47
f1a5c62afaf2fe49a1885b10bc57bd0b1b14a59d9939bc0c4f9c8f4bad6ab6ef
f2a341fc815d45c21da726d4c843c2c5d3e1f333465347c3c75d040d556df4e5
f3b9b7cc354873851730c03156775fdcb6ba8b7342f3f9f26f9279b9b0eb5482
f43d4d35e7ac1e815dc0c8897806e30d928ee62e1aa6ac20f49c649f8b694004
f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1
f68019eb4b4e5933301d4ee75969e0cb94ed8333bf514630fa749eb9c3e483c9
f6a8ee66594aca8034752c88745d4ab5c134408b2e0413e05477c176b111d0d5
f6c92042870cd0cad5e699dceba929aaca2330c179b2c959d7f10be2691677b2
f74c04529f8d5f9c248eda87caec654de5e5c61dd40e9ac4696b026d2841b131
f78dc99c9429308b9954c5308aa377315d6d2ba3894659448496ef0fd9c7bd17
f8de8ee65552be2f01a67a6dc47020a4a132e9bfe4b8eb02143d89fb2df08241
fac55d188233bffb66023997fcdf69c38df2f62ee4654ad62c61a85b6e81d705
fb9c4f920d1aca2e9df89d4efeaf0c8e2250805b4ec991506ffad137aa9f1861