urlscan.io logo urlscan.io
SecurityTrails logo

securityaffairs.co Open in urlscan Pro
217.160.0.146  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://t.co/t3IqLxdqrl
Effective URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campa...
Submission: On October 09 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 71 IPs in 11 countries across 71 domains to perform 349 HTTP transactions. The main IP is 217.160.0.146, located in Germany and belongs to IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE. The main domain is securityaffairs.co.
TLS certificate: Issued by GeoTrust TLS DV RSA Mixed SHA256 2020... on March 24th 2021. Valid for: a year.
This is the only time securityaffairs.co was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 104.244.42.5 13414 (TWITTER)
1 1 67.199.248.12 396982 (GOOGLE-PR...)
46 217.160.0.146 8560 (IONOS-AS ...)
1 172.217.16.136 15169 (GOOGLE)
1 104.18.10.207 13335 (CLOUDFLAR...)
1 13.35.253.67 16509 (AMAZON-02)
1 13.32.29.9 16509 (AMAZON-02)
33 2.18.235.93 16625 (AKAMAI-AS)
13 68.183.31.14 14061 (DIGITALOC...)
8 192.0.77.2 2635 (AUTOMATTIC)
2 157.240.20.19 32934 (FACEBOOK)
3 192.0.76.3 2635 (AUTOMATTIC)
3 142.250.74.206 15169 (GOOGLE)
3 3.124.181.115 16509 (AMAZON-02)
1 65.9.66.81 16509 (AMAZON-02)
1 172.217.23.100 15169 (GOOGLE)
1 192.0.73.2 2635 (AUTOMATTIC)
1 157.240.20.15 32934 (FACEBOOK)
3 104.26.10.156 13335 (CLOUDFLAR...)
1 52.28.96.148 16509 (AMAZON-02)
4 34.102.149.62 15169 (GOOGLE)
2 178.250.2.146 44788 (ASN-CRITE...)
1 51.195.5.234 16276 (OVH)
3 8 76.223.111.131 16509 (AMAZON-02)
3 5 185.33.223.178 29990 (ASN-APPNEX)
5 157.245.94.128 14061 (DIGITALOC...)
4 69.173.144.140 26667 (RUBICONPR...)
4 34.107.148.139 15169 (GOOGLE)
24 34.98.64.218 15169 (GOOGLE)
2 15 185.33.220.243 29990 (ASN-APPNEX)
4 178.162.133.150 60781 (LEASEWEB-...)
4 63.251.14.14 32475 (SINGLEHOP...)
3 18.158.15.79 16509 (AMAZON-02)
4 185.64.189.112 62713 (AS-PUBMATIC)
4 34.149.20.76 15169 (GOOGLE)
2 52.28.203.152 16509 (AMAZON-02)
1 46.249.52.249 50673 (SERVERIUS-AS)
27 142.250.185.66 15169 (GOOGLE)
3 142.250.181.226 15169 (GOOGLE)
3 142.250.185.130 15169 (GOOGLE)
1 10 172.217.23.98 15169 (GOOGLE)
15 142.250.185.225 15169 (GOOGLE)
2 142.250.184.226 15169 (GOOGLE)
1 4 142.250.185.228 15169 (GOOGLE)
5 2.18.233.180 16625 (AKAMAI-AS)
4 151.101.129.108 54113 (FASTLY)
1 208.100.17.172 32748 (STEADFAST)
2 104.109.78.125 16625 (AKAMAI-AS)
7 7 185.29.132.241 30419 (MEDIAMATH...)
5 5 91.228.74.134 16509 (AMAZON-02)
9 10 37.157.4.39 198622 (ADFORM)
12 24 216.58.212.130 15169 (GOOGLE)
1 185.64.190.78 62713 (AS-PUBMATIC)
2 2 213.155.156.166 1299 (TWELVE99 ...)
19 185.64.189.110 62713 (AS-PUBMATIC)
1 178.250.2.151 44788 (ASN-CRITE...)
1 1 85.114.159.118 24961 (MYLOC-AS ...)
5 5 52.215.68.151 16509 (AMAZON-02)
1 1 198.148.27.140 19189 (PULSEPOINT)
1 1 185.86.138.144 201081 (SMARTADSE...)
1 1 162.55.6.210 24940 (HETZNER-AS)
3 3 213.19.147.44 3356 (LEVEL3)
1 1 87.98.242.60 16276 (OVH)
1 104.26.10.209 13335 (CLOUDFLAR...)
1 72.251.241.196 29791 (VOXEL-DOT...)
1 2 104.18.12.5 13335 (CLOUDFLAR...)
1 2 151.101.65.44 54113 (FASTLY)
1 169.197.150.7 398989 (DEEPINTENT)
3 185.64.189.114 62713 (AS-PUBMATIC)
4 4 51.210.112.236 16276 (OVH)
2 2 52.209.129.133 16509 (AMAZON-02)
1 104.111.215.191 16625 (AKAMAI-AS)
1 2 169.50.137.190 36351 (SOFTLAYER)
2 2 3.126.56.137 16509 (AMAZON-02)
1 212.82.100.176 34010 (YAHOO-IRD)
3 3 3.126.38.41 16509 (AMAZON-02)
1 1 18.184.212.65 16509 (AMAZON-02)
4 4 151.101.194.49 54113 (FASTLY)
2 89.207.16.137 41041 (VCLK-EU-SE)
2 2 66.155.71.149 13768 (COGECO-PEER1)
1 1 46.228.164.11 56396 (AMOBEE)
1 1 159.65.197.210 14061 (DIGITALOC...)
1 1 34.98.107.212 15169 (GOOGLE)
1 52.18.52.16 16509 (AMAZON-02)
4 69.173.144.165 26667 (RUBICONPR...)
1 35.244.174.68 15169 (GOOGLE)
3 3 69.173.144.139 26667 (RUBICONPR...)
1 87.248.118.23 34010 (YAHOO-IRD)
3 5 2.18.234.21 16625 (AKAMAI-AS)
1 142.250.186.102 15169 (GOOGLE)
1 52.200.159.188 14618 (AMAZON-AES)
1 174.137.133.49 27257 (WEBAIR-IN...)
1 1 37.9.245.57 16345 (BEE-AS Ru...)
2 2 217.66.147.162 29209 (SPBMTS-AS...)
1 1 213.87.44.187 13174 (MTSNET Mo...)
3 3 35.205.207.25 15169 (GOOGLE)
349 71
1    104.244.42.5 (United States)

ASN13414 (TWITTER, US)
t.co
1    67.199.248.12 (United States)

ASN396982 (GOOGLE-PRIVATE-CLOUD, US)
PTR: cname.bitly.com
ift.tt
46    217.160.0.146 (Germany)

ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE)
PTR: 217-160-0-146.elastic-ssl.ui-r.com
securityaffairs.co
1    172.217.16.136 (United States)

ASN15169 (GOOGLE, US)
PTR: zrh04s06-in-f136.1e100.net
www.googletagmanager.com
1    104.18.10.207 (None, )

ASN13335 (CLOUDFLARENET, US)
maxcdn.bootstrapcdn.com
1    13.35.253.67 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-35-253-67.fra6.r.cloudfront.net
ws.sharethis.com
1    13.32.29.9 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-29-9.fra56.r.cloudfront.net
platform-api.sharethis.com
33    2.18.235.93 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-235-93.deploy.static.akamaitechnologies.com
contextual.media.net
lg3.media.net
13    68.183.31.14 (North Bergen, United States)

ASN14061 (DIGITALOCEAN-ASN, US)
served-by.pixfuture.com
8    192.0.77.2 (United States)

ASN2635 (AUTOMATTIC, US)
PTR: i1.wp.com
i0.wp.com
i1.wp.com
i2.wp.com
2    157.240.20.19 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
PTR: xx-fbcdn-shv-02-frt3.fbcdn.net
connect.facebook.net
3    192.0.76.3 (United States)

ASN2635 (AUTOMATTIC, US)
stats.wp.com
pixel.wp.com
3    142.250.74.206 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s02-in-f14.1e100.net
www.google-analytics.com
3    3.124.181.115 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-124-181-115.eu-central-1.compute.amazonaws.com
l.sharethis.com
1    65.9.66.81 (United States)

ASN16509 (AMAZON-02, US)
buttons-config.sharethis.com
1    172.217.23.100 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s45-in-f4.1e100.net
google-analytics.com
1    192.0.73.2 (United States)

ASN2635 (AUTOMATTIC, US)
secure.gravatar.com
1    157.240.20.15 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
PTR: edge-star-shv-02-frt3.facebook.com
graph.facebook.com
3    104.26.10.156 (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.pixfuture.com
1    52.28.96.148 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-28-96-148.eu-central-1.compute.amazonaws.com
aa.agkn.com
4    34.102.149.62 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 62.149.102.34.bc.googleusercontent.com
navvy.media.net
2    178.250.2.146 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
gum.criteo.com
1    51.195.5.234 (France)

ASN16276 (OVH, FR)
PTR: p36.id5-sync.com
id5-sync.com
8    76.223.111.131 (United States)

ASN16509 (AMAZON-02, US)
PTR: a97adde81b00f2ca4.awsglobalaccelerator.com
match.adsrvr.org
5    185.33.223.178 (Amsterdam, Netherlands)

ASN29990 (ASN-APPNEX, US)
PTR: 824.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
secure.adnxs.com
5    157.245.94.128 (North Bergen, United States)

ASN14061 (DIGITALOCEAN-ASN, US)
prebidserver.pixfuture.com
4    69.173.144.140 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)
fastlane.rubiconproject.com
4    34.107.148.139 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 139.148.107.34.bc.googleusercontent.com
prebid.media.net
24    34.98.64.218 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 218.64.98.34.bc.googleusercontent.com
pixfuture2-d.openx.net
eu-u.openx.net
us-u.openx.net
15    185.33.220.243 (Amsterdam, Netherlands)

ASN29990 (ASN-APPNEX, US)
PTR: 722.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
ib.adnxs.com
4    178.162.133.150 (Rotterdam, Netherlands)

ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)
PTR: ams-1-apex.go.sonobi.com
apex.go.sonobi.com
4    63.251.14.14 (United States)

ASN32475 (SINGLEHOP-LLC, US)
ap.lijit.com
3    18.158.15.79 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-158-15-79.eu-central-1.compute.amazonaws.com
btlr.sharethrough.com
4    185.64.189.112 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)
hbopenbid.pubmatic.com
4    34.149.20.76 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 76.20.149.34.bc.googleusercontent.com
ssc.33across.com
2    52.28.203.152 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-28-203-152.eu-central-1.compute.amazonaws.com
c2shb.ssp.yahoo.com
1    46.249.52.249 (Netherlands)

ASN50673 (SERVERIUS-AS, NL)
PTR: ads.us.e-planning.net
ads.us.e-planning.net
27    142.250.185.66 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s48-in-f2.1e100.net
pagead2.googlesyndication.com
3    142.250.181.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s56-in-f2.1e100.net
partner.googleadservices.com
3    142.250.185.130 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s50-in-f2.1e100.net
adservice.google.com
10    172.217.23.98 (United States)

ASN15169 (GOOGLE, US)
PTR: mil04s23-in-f2.1e100.net
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
15    142.250.185.225 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s53-in-f1.1e100.net
tpc.googlesyndication.com
2    142.250.184.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s12-in-f2.1e100.net
www.googletagservices.com
4    142.250.185.228 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s53-in-f4.1e100.net
www.google.com
5    2.18.233.180 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-233-180.deploy.static.akamaitechnologies.com
ads.pubmatic.com
4    151.101.129.108 (United States)

ASN54113 (FASTLY, US)
acdn.adnxs.com
1    208.100.17.172 (United States)

ASN32748 (STEADFAST, US)
PTR: ip172.208-100-17.static.steadfastdns.net
ssc-cms.33across.com
2    104.109.78.125 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-109-78-125.deploy.static.akamaitechnologies.com
eus.rubiconproject.com
7    185.29.132.241 (United Kingdom)

ASN30419 (MEDIAMATH-INC, US)
sync.mathtag.com
5    91.228.74.134 (United Kingdom)

ASN16509 (AMAZON-02, US)
pixel.quantserve.com
10    37.157.4.39 (Denmark)

ASN198622 (ADFORM, DK)
c1.adform.net
24    216.58.212.130 (Mountain View, United States)

ASN15169 (GOOGLE, US)
PTR: ams15s21-in-f130.1e100.net
cm.g.doubleclick.net
1    185.64.190.78 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)
image6.pubmatic.com
2    213.155.156.166 (Uppsala, Sweden)

ASN1299 (TWELVE99 Twelve99, Telia Carrier, SE)
PTR: 213-155-156-166.teliacarrier-cust.com
d5p.de17a.com
19    185.64.189.110 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)
image2.pubmatic.com
simage2.pubmatic.com
1    178.250.2.151 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
dis.criteo.com
1    85.114.159.118 (Germany)

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)
PTR: dsp.adfarm1.adition.com
dsp.adfarm1.adition.com
5    52.215.68.151 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-215-68-151.eu-west-1.compute.amazonaws.com
match.prod.bidr.io
1    198.148.27.140 (New York, United States)

ASN19189 (PULSEPOINT, US)
bh.contextweb.com
1    185.86.138.144 (France)

ASN201081 (SMARTADSERVER, FR)
rtb-csync.smartadserver.com
1    162.55.6.210 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.210.6.55.162.clients.your-server.de
csync.loopme.me
3    213.19.147.44 (United Kingdom)

ASN3356 (LEVEL3, US)
sync.1rx.io
sync.targeting.unrulymedia.com
1    87.98.242.60 (Saarbrücken, Germany)

ASN16276 (OVH, FR)
PTR: ip60.ip-87-98-242.eu
green.erne.co
1    104.26.10.209 (United States)

ASN13335 (CLOUDFLARENET, US)
ad4m.at
1    72.251.241.196 (Amsterdam, Netherlands)

ASN29791 (VOXEL-DOT-NET, US)
cm.adgrx.com
2    104.18.12.5 (None, )

ASN13335 (CLOUDFLARENET, US)
a.tribalfusion.com
s.tribalfusion.com
2    151.101.65.44 (United States)

ASN54113 (FASTLY, US)
trc.taboola.com
match.taboola.com
1    169.197.150.7 (United States)

ASN398989 (DEEPINTENT, US)
PTR: g.deepintent.com
match.deepintent.com
3    185.64.189.114 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)
image4.pubmatic.com
simage4.pubmatic.com
4    51.210.112.236 (France)

ASN16276 (OVH, FR)
PTR: pikafka-1.cloudy.ovh
pixel.onaudience.com
2    52.209.129.133 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-209-129-133.eu-west-1.compute.amazonaws.com
sync.crwdcntrl.net
1    104.111.215.191 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-215-191.deploy.static.akamaitechnologies.com
tags.bluekai.com
2    169.50.137.190 (United States)

ASN36351 (SOFTLAYER, US)
PTR: be.89.32a9.ip4.static.sl-reverse.com
um.simpli.fi
2    3.126.56.137 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-126-56-137.eu-central-1.compute.amazonaws.com
ups.analytics.yahoo.com
1    212.82.100.176 (Dublin, Ireland)

ASN34010 (YAHOO-IRD, GB)
PTR: pr-bh-ing.pbp.vip.ir2.yahoo.com
pr-bh.ybp.yahoo.com
3    3.126.38.41 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-126-38-41.eu-central-1.compute.amazonaws.com
x.bidswitch.net
1    18.184.212.65 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-184-212-65.eu-central-1.compute.amazonaws.com
sonata-notifications.taptapnetworks.com
4    151.101.194.49 (United States)

ASN54113 (FASTLY, US)
sync-tm.everesttech.net
2    89.207.16.137 (Roydon, United Kingdom)

ASN41041 (VCLK-EU-SE, US)
PTR: ams03-usadmm.dotomi.com
pubmatic-match.dotomi.com
dclk-match.dotomi.com
2    66.155.71.149 (Portsmouth, United Kingdom)

ASN13768 (COGECO-PEER1, CA)
pixel-sync.sitescout.com
1    46.228.164.11 (United Kingdom)

ASN56396 (AMOBEE, GB)
ad.turn.com
1    159.65.197.210 (Amsterdam, Netherlands)

ASN14061 (DIGITALOCEAN-ASN, US)
match.adsby.bidtheatre.com
1    34.98.107.212 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 212.107.98.34.bc.googleusercontent.com
ads.playground.xyz
1    52.18.52.16 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-18-52-16.eu-west-1.compute.amazonaws.com
rtb.gumgum.com
4    69.173.144.165 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)
pixel.rubiconproject.com
1    35.244.174.68 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 68.174.244.35.bc.googleusercontent.com
id.rlcdn.com
3    69.173.144.139 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)
token.rubiconproject.com
1    87.248.118.23 (Frankfurt am Main, Germany)

ASN34010 (YAHOO-IRD, GB)
PTR: e2.ycpi.vip.deb.yahoo.com
ads.yahoo.com
5    2.18.234.21 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-234-21.deploy.static.akamaitechnologies.com
dsum-sec.casalemedia.com
1    142.250.186.102 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s06-in-f6.1e100.net
s0.2mdn.net
1    52.200.159.188 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-200-159-188.compute-1.amazonaws.com
sync.adaptv.advertising.com
1    174.137.133.49 (United States)

ASN27257 (WEBAIR-INTERNET, US)
dsp.adkernel.com
1    37.9.245.57 (Russian Federation)

ASN16345 (BEE-AS Russia, RU)
google.ops.beeline.ru
2    217.66.147.162 (St Petersburg, Russian Federation)

ASN29209 (SPBMTS-AS Malaya Monetnaya Street 2-A, RU)
PTR: host-162-147-66-217.spbmts.ru
sm.rtb.mts.ru
1    213.87.44.187 (Moscow, Russian Federation)

ASN13174 (MTSNET Moscow, Russia, RU)
PTR: infrastructure-187-44.mts.ru
tech.rtb.mts.ru
3    35.205.207.25 (Brussels, Belgium)

ASN15169 (GOOGLE, US)
PTR: 25.207.205.35.bc.googleusercontent.com
ads.avads.net
Apex Domain
Subdomains		 Transfer
46 securityaffairs.co
securityaffairs.co
1 MB
42 googlesyndication.com
pagead2.googlesyndication.com
tpc.googlesyndication.com
680 KB
41 media.net
contextual.media.net
lg3.media.net
navvy.media.net
prebid.media.net
338 KB
34 doubleclick.net
googleads.g.doubleclick.net
cm.g.doubleclick.net
googleads4.g.doubleclick.net
59 KB
32 pubmatic.com
hbopenbid.pubmatic.com
ads.pubmatic.com
image6.pubmatic.com
image2.pubmatic.com
simage2.pubmatic.com
image4.pubmatic.com
simage4.pubmatic.com
47 KB
24 openx.net
pixfuture2-d.openx.net
eu-u.openx.net
us-u.openx.net
6 KB
24 adnxs.com
secure.adnxs.com
ib.adnxs.com
acdn.adnxs.com
86 KB
21 pixfuture.com
served-by.pixfuture.com
cdn.pixfuture.com
prebidserver.pixfuture.com
529 KB
13 rubiconproject.com
fastlane.rubiconproject.com
eus.rubiconproject.com
pixel.rubiconproject.com
token.rubiconproject.com
17 KB
11 wp.com
i0.wp.com
i1.wp.com
stats.wp.com
i2.wp.com
pixel.wp.com
49 KB
10 adform.net
c1.adform.net
5 KB
8 adsrvr.org
match.adsrvr.org
3 KB
7 mathtag.com
sync.mathtag.com
4 KB
7 google.com
adservice.google.com
www.google.com
3 KB
6 yahoo.com
c2shb.ssp.yahoo.com
ups.analytics.yahoo.com
pr-bh.ybp.yahoo.com
ads.yahoo.com
4 KB
6 sharethis.com
ws.sharethis.com
platform-api.sharethis.com
l.sharethis.com
buttons-config.sharethis.com
50 KB
5 casalemedia.com
dsum-sec.casalemedia.com
4 KB
5 bidr.io
match.prod.bidr.io
2 KB
5 quantserve.com
pixel.quantserve.com
2 KB
5 33across.com
ssc.33across.com
ssc-cms.33across.com
733 B
4 everesttech.net
sync-tm.everesttech.net
1 KB
4 onaudience.com
pixel.onaudience.com
2 KB
4 lijit.com
ap.lijit.com
3 KB
4 sonobi.com
apex.go.sonobi.com
3 KB
4 google-analytics.com
www.google-analytics.com
google-analytics.com
39 KB
3 avads.net
ads.avads.net
952 B
3 mts.ru
sm.rtb.mts.ru
tech.rtb.mts.ru
2 KB
3 bidswitch.net
x.bidswitch.net
2 KB
3 googleadservices.com
partner.googleadservices.com
934 B
3 sharethrough.com
btlr.sharethrough.com
340 B
3 criteo.com
gum.criteo.com
dis.criteo.com
966 B
2 sitescout.com
pixel-sync.sitescout.com
947 B
2 dotomi.com
pubmatic-match.dotomi.com
dclk-match.dotomi.com
207 B
2 simpli.fi
um.simpli.fi
1 KB
2 crwdcntrl.net
sync.crwdcntrl.net
1 KB
2 taboola.com
trc.taboola.com
match.taboola.com
557 B
2 tribalfusion.com
a.tribalfusion.com
s.tribalfusion.com
1 KB
2 1rx.io
sync.1rx.io
1 KB
2 de17a.com
d5p.de17a.com
634 B
2 googletagservices.com
www.googletagservices.com
75 KB
2 facebook.net
connect.facebook.net
77 KB
1 beeline.ru
google.ops.beeline.ru
762 B
1 adkernel.com
dsp.adkernel.com
233 B
1 advertising.com
sync.adaptv.advertising.com
14 B
1 2mdn.net
s0.2mdn.net
60 KB
1 gumgum.com
rtb.gumgum.com
238 B
1 playground.xyz
ads.playground.xyz
485 B
1 bidtheatre.com
match.adsby.bidtheatre.com
550 B
1 turn.com
ad.turn.com
518 B
1 taptapnetworks.com
sonata-notifications.taptapnetworks.com
316 B
1 bluekai.com
tags.bluekai.com
304 B
1 deepintent.com
match.deepintent.com
43 B
1 adgrx.com
cm.adgrx.com
408 B
1 ad4m.at
ad4m.at
974 B
1 erne.co
green.erne.co
326 B
1 unrulymedia.com
sync.targeting.unrulymedia.com
535 B
1 loopme.me
csync.loopme.me
217 B
1 smartadserver.com
rtb-csync.smartadserver.com
757 B
1 contextweb.com
bh.contextweb.com
497 B
1 adition.com
dsp.adfarm1.adition.com
501 B
1 e-planning.net
ads.us.e-planning.net
91 B
1 rlcdn.com
api.rlcdn.com Failed
id.rlcdn.com
1 id5-sync.com
id5-sync.com
536 B
1 agkn.com
aa.agkn.com
1 facebook.com
graph.facebook.com
671 B
1 gravatar.com
secure.gravatar.com
1 KB
1 bootstrapcdn.com
maxcdn.bootstrapcdn.com
6 KB
1 googletagmanager.com
www.googletagmanager.com
39 KB
1 ift.tt
ift.tt
330 B
1 t.co
t.co
490 B
0 googleapis.com Failed
fonts.googleapis.com Failed
349 71
Domain Requested by
46 securityaffairs.co t.co
securityaffairs.co
27 pagead2.googlesyndication.com cdn.pixfuture.com
pagead2.googlesyndication.com
googleads.g.doubleclick.net
tpc.googlesyndication.com
www.googletagservices.com
24 cm.g.doubleclick.net 12 redirects eu-u.openx.net
googleads.g.doubleclick.net
22 contextual.media.net securityaffairs.co
contextual.media.net
t.co
cdn.pixfuture.com
15 tpc.googlesyndication.com googleads.g.doubleclick.net
pagead2.googlesyndication.com
tpc.googlesyndication.com
15 ib.adnxs.com 2 redirects cdn.pixfuture.com
acdn.adnxs.com
googleads.g.doubleclick.net
13 served-by.pixfuture.com securityaffairs.co
cdn.pixfuture.com
pagead2.googlesyndication.com
12 eu-u.openx.net cdn.pixfuture.com
eu-u.openx.net
11 simage2.pubmatic.com ads.pubmatic.com
11 lg3.media.net securityaffairs.co
contextual.media.net
10 c1.adform.net 9 redirects ads.pubmatic.com
8 image2.pubmatic.com ads.pubmatic.com
8 us-u.openx.net eu-u.openx.net
8 googleads.g.doubleclick.net 1 redirects pagead2.googlesyndication.com
googleads.g.doubleclick.net
www.googletagservices.com
8 match.adsrvr.org 3 redirects cdn.pixfuture.com
eu-u.openx.net
7 sync.mathtag.com 7 redirects
5 dsum-sec.casalemedia.com 3 redirects googleads.g.doubleclick.net
5 match.prod.bidr.io 5 redirects
5 pixel.quantserve.com 5 redirects
5 ads.pubmatic.com cdn.pixfuture.com
ads.pubmatic.com
5 prebidserver.pixfuture.com cdn.pixfuture.com
5 secure.adnxs.com 3 redirects
4 pixel.rubiconproject.com
4 sync-tm.everesttech.net 4 redirects
4 pixel.onaudience.com 4 redirects
4 acdn.adnxs.com cdn.pixfuture.com
4 www.google.com 1 redirects tpc.googlesyndication.com
4 ssc.33across.com cdn.pixfuture.com
4 hbopenbid.pubmatic.com cdn.pixfuture.com
4 ap.lijit.com cdn.pixfuture.com
4 apex.go.sonobi.com cdn.pixfuture.com
4 pixfuture2-d.openx.net cdn.pixfuture.com
4 prebid.media.net cdn.pixfuture.com
4 fastlane.rubiconproject.com cdn.pixfuture.com
4 navvy.media.net contextual.media.net
4 i0.wp.com securityaffairs.co
3 ads.avads.net 3 redirects
3 token.rubiconproject.com 3 redirects
3 x.bidswitch.net 3 redirects
3 adservice.google.com pagead2.googlesyndication.com
3 partner.googleadservices.com pagead2.googlesyndication.com
3 btlr.sharethrough.com cdn.pixfuture.com
3 cdn.pixfuture.com served-by.pixfuture.com
cdn.pixfuture.com
securityaffairs.co
3 l.sharethis.com ws.sharethis.com
securityaffairs.co
3 www.google-analytics.com www.googletagmanager.com
www.google-analytics.com
3 i1.wp.com securityaffairs.co
2 sm.rtb.mts.ru 2 redirects
2 googleads4.g.doubleclick.net googleads.g.doubleclick.net
2 pixel-sync.sitescout.com 2 redirects
2 ups.analytics.yahoo.com 2 redirects
2 um.simpli.fi 1 redirects ads.pubmatic.com
2 sync.crwdcntrl.net 2 redirects
2 image4.pubmatic.com ads.pubmatic.com
2 sync.1rx.io 2 redirects
2 d5p.de17a.com 2 redirects
2 eus.rubiconproject.com cdn.pixfuture.com
eus.rubiconproject.com
2 www.googletagservices.com googleads.g.doubleclick.net
2 c2shb.ssp.yahoo.com cdn.pixfuture.com
2 gum.criteo.com cdn.pixfuture.com
2 pixel.wp.com securityaffairs.co
2 connect.facebook.net securityaffairs.co
connect.facebook.net
1 simage4.pubmatic.com ads.pubmatic.com
1 tech.rtb.mts.ru 1 redirects
1 google.ops.beeline.ru 1 redirects
1 dsp.adkernel.com googleads.g.doubleclick.net
1 sync.adaptv.advertising.com googleads.g.doubleclick.net
1 dclk-match.dotomi.com googleads.g.doubleclick.net
1 s0.2mdn.net googleads.g.doubleclick.net
1 ads.yahoo.com
1 id.rlcdn.com
1 rtb.gumgum.com ads.pubmatic.com
1 ads.playground.xyz 1 redirects
1 match.adsby.bidtheatre.com 1 redirects
1 ad.turn.com 1 redirects
1 pubmatic-match.dotomi.com ads.pubmatic.com
1 sonata-notifications.taptapnetworks.com 1 redirects
1 pr-bh.ybp.yahoo.com ads.pubmatic.com
1 tags.bluekai.com ads.pubmatic.com
1 match.deepintent.com ads.pubmatic.com
1 match.taboola.com ads.pubmatic.com
1 trc.taboola.com 1 redirects
1 s.tribalfusion.com ads.pubmatic.com
1 a.tribalfusion.com 1 redirects
1 cm.adgrx.com ads.pubmatic.com
1 ad4m.at ads.pubmatic.com
1 green.erne.co 1 redirects
1 sync.targeting.unrulymedia.com 1 redirects
1 csync.loopme.me 1 redirects
1 rtb-csync.smartadserver.com 1 redirects
1 bh.contextweb.com 1 redirects
1 dsp.adfarm1.adition.com 1 redirects
1 dis.criteo.com ads.pubmatic.com
1 image6.pubmatic.com ads.pubmatic.com
1 ssc-cms.33across.com cdn.pixfuture.com
1 ads.us.e-planning.net cdn.pixfuture.com
1 id5-sync.com cdn.pixfuture.com
1 aa.agkn.com cdn.pixfuture.com
1 graph.facebook.com securityaffairs.co
1 i2.wp.com securityaffairs.co
1 secure.gravatar.com securityaffairs.co
1 google-analytics.com securityaffairs.co
1 buttons-config.sharethis.com platform-api.sharethis.com
1 stats.wp.com securityaffairs.co
1 platform-api.sharethis.com securityaffairs.co
1 ws.sharethis.com securityaffairs.co
1 maxcdn.bootstrapcdn.com securityaffairs.co
1 www.googletagmanager.com securityaffairs.co
1 ift.tt 1 redirects
1 t.co
0 api.rlcdn.com Failed cdn.pixfuture.com
0 fonts.googleapis.com Failed securityaffairs.co
349 111
Subject Issuer Validity Valid
t.co
DigiCert TLS RSA SHA256 2020 CA1		 2021-02-05 -
2022-02-04		 a year crt.sh
www.securityaffairs.co
GeoTrust TLS DV RSA Mixed SHA256 2020 CA-1		 2021-03-24 -
2022-04-06		 a year crt.sh
*.google-analytics.com
GTS CA 1C3		 2021-09-13 -
2021-11-20		 2 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2021-03-01 -
2022-02-28		 a year crt.sh
sharethis.com
Amazon		 2021-07-19 -
2022-08-17		 a year crt.sh
*.media.net
DigiCert SHA2 Secure Server CA		 2021-04-12 -
2022-04-20		 a year crt.sh
*.pixfuture.com
Sectigo RSA Domain Validation Secure Server CA		 2019-12-03 -
2021-12-02		 2 years crt.sh
*.wp.com
Sectigo RSA Domain Validation Secure Server CA		 2020-04-02 -
2022-07-05		 2 years crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2021-07-19 -
2021-10-17		 3 months crt.sh
*.gravatar.com
Sectigo RSA Domain Validation Secure Server CA		 2020-08-14 -
2022-11-16		 2 years crt.sh
*.agkn.com
RapidSSL RSA CA 2018		 2020-07-25 -
2022-09-18		 2 years crt.sh
*.criteo.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2021-09-09 -
2021-12-07		 3 months crt.sh
*.id5-sync.com
R3		 2021-10-05 -
2022-01-03		 3 months crt.sh
*.adsrvr.org
GlobalSign GCC R3 DV TLS CA 2020		 2021-03-18 -
2022-04-19		 a year crt.sh
*.adnxs.com
GeoTrust ECC CA 2018		 2021-03-05 -
2022-02-19		 a year crt.sh
*.rubiconproject.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-03-30 -
2022-04-04		 a year crt.sh
*.openx.net
GeoTrust RSA CA 2018		 2021-07-08 -
2022-08-08		 a year crt.sh
*.go.sonobi.com
Go Daddy Secure Certificate Authority - G2		 2020-12-06 -
2022-01-07		 a year crt.sh
*.lijit.com
Go Daddy Secure Certificate Authority - G2		 2021-03-11 -
2022-04-12		 a year crt.sh
*.sharethrough.com
Amazon		 2021-08-13 -
2022-09-11		 a year crt.sh
*.pubmatic.com
DigiCert Baltimore TLS RSA SHA256 2020 CA1		 2020-12-07 -
2021-12-14		 a year crt.sh
ssc.33across.com
GTS CA 1D4		 2021-09-28 -
2021-12-27		 3 months crt.sh
web.ssp.yahoo.com
DigiCert SHA2 High Assurance Server CA		 2021-08-30 -
2022-02-23		 6 months crt.sh
ads.us.e-planning.net
R3		 2021-10-09 -
2022-01-07		 3 months crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2021-09-13 -
2021-11-20		 2 months crt.sh
*.googleadservices.com
GTS CA 1C3		 2021-09-13 -
2021-11-20		 2 months crt.sh
*.google.com
GTS CA 1C3		 2021-09-13 -
2021-11-20		 2 months crt.sh
tpc.googlesyndication.com
GTS CA 1C3		 2021-09-13 -
2021-11-20		 2 months crt.sh
cdn.adnxs.com
GlobalSign Organization Validated CA - SHA256 - G4		 2021-05-10 -
2022-06-11		 a year crt.sh
*.33across.com
Sectigo RSA Domain Validation Secure Server CA		 2021-09-23 -
2022-09-30		 a year crt.sh
track.adform.net
DigiCert TLS RSA SHA256 2020 CA1		 2021-09-06 -
2022-10-07		 a year crt.sh
public1.adgear.com
Sectigo RSA Domain Validation Secure Server CA		 2021-02-24 -
2022-03-26		 a year crt.sh
*.taboola.com
DigiCert TLS RSA SHA256 2020 CA1		 2020-11-25 -
2021-12-26		 a year crt.sh
*.deepintent.com
Go Daddy Secure Certificate Authority - G2		 2020-04-09 -
2022-06-08		 2 years crt.sh
odc-pixel-prod-01.oracle.com
DigiCert SHA2 Secure Server CA		 2021-04-25 -
2022-04-26		 a year crt.sh
*.simpli.fi
DigiCert SHA2 Secure Server CA		 2019-09-18 -
2021-12-12		 2 years crt.sh
*.pbp.bf2.yahoo.com
DigiCert SHA2 High Assurance Server CA		 2021-08-18 -
2021-11-17		 3 months crt.sh
*.dotomi.com
GlobalSign RSA OV SSL CA 2018		 2021-08-10 -
2022-09-11		 a year crt.sh
*.gumgum.com
Amazon		 2021-06-05 -
2022-07-04		 a year crt.sh
*.rlcdn.com
Sectigo RSA Domain Validation Secure Server CA		 2021-02-25 -
2022-03-28		 a year crt.sh
*.ads.yahoo.com
DigiCert SHA2 High Assurance Server CA		 2021-09-27 -
2021-11-17		 2 months crt.sh
san.casalemedia.com
GeoTrust RSA CA 2018		 2021-02-05 -
2022-02-09		 a year crt.sh
*.doubleclick.net
GTS CA 1C3		 2021-09-13 -
2021-11-20		 2 months crt.sh
*.v.ssp.yahoo.com
DigiCert SHA2 High Assurance Server CA		 2021-05-24 -
2021-11-17		 6 months crt.sh
*.adkernel.com
Sectigo RSA Domain Validation Secure Server CA		 2020-12-22 -
2022-01-05		 a year crt.sh

This page contains 60 frames:

Primary Page: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
Frame ID: C722AD3B6B7BB8ACDA0E9C94762F98F4
Requests: 153 HTTP requests in this frame

Frame: https://contextual.media.net/checksync.php?&gdpr=1&usp_status=0&cs=2&cv=31&cid=8CU5BD6EW&https=1&itype=CM
Frame ID: F921CCA15E2872C7C61FF5B8DDF013AF
Requests: 1 HTTP requests in this frame

Frame: https://contextual.media.net/checksync.php?&gdpr=1&usp_status=0&cs=2&cv=31&cid=8CU5BD6EW&https=1&itype=CM
Frame ID: EFBDB09B6558170CB6E06BC5854B2CA7
Requests: 1 HTTP requests in this frame

Frame: https://contextual.media.net/checksync.php?&gdpr=1&usp_status=0&cs=2&cv=31&cid=8CU5BD6EW&https=1&itype=CM
Frame ID: 76A7593C229E9DD9E139C25CB77CAACB
Requests: 1 HTTP requests in this frame

Frame: https://contextual.media.net/checksync.php?&gdpr=1&usp_status=0&cs=2&cv=31&cid=8CU5BD6EW&https=1&itype=CM
Frame ID: 7D5E500318D47808BA82E640F8946454
Requests: 1 HTTP requests in this frame

Frame: https://contextual.media.net/4a/nrrV72800.js
Frame ID: B5DA213877531C20DF786014A34A3A40
Requests: 6 HTTP requests in this frame

Frame: https://contextual.media.net/4a/nrrV72800.js
Frame ID: CFAE47C2D08DE62BF3A0995B1BF696C1
Requests: 6 HTTP requests in this frame

Frame: https://contextual.media.net/4a/nrrV72800.js
Frame ID: 018D4A4608D1713F74CCCCA4FDD07FC4
Requests: 6 HTTP requests in this frame

Frame: https://contextual.media.net/4a/nrrV72800.js
Frame ID: 1F82661B66B1841D7CD810CC1AF95E4E
Requests: 7 HTTP requests in this frame

Frame: https://ads.us.e-planning.net/uspd/1/?du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Frame ID: C18BCE5D7FD09045795E1D09C091FEBB
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/show_ads.js
Frame ID: 1C29ADF222D10A73775B09E3789E4121
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/show_ads.js
Frame ID: 3F879C16DFAF15BBAC4F18B16BD7C6B1
Requests: 7 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/show_ads.js
Frame ID: D313CDC7FB9566D4C7D0FF11D7255B4A
Requests: 7 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/show_ads.js
Frame ID: B487EEC1F19A7FFF335A9AB2ADE707ED
Requests: 7 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=50&slotname=Internal_320x50_0.10&adk=468307373&adf=1480696190&pi=t.ma~as.Internal_320x50_0.10&w=320&lmt=1633777932&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F123136%2Fmalware%2Fcox-media-group-ransomware.html%3Futm_source%3Drss%26utm_medium%3Drss%26utm_campaign%3Dcox-media-group-ransomware&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1633777932085&bpp=13&bdt=69&idt=101&shv=r20211006&mjsv=m202110070201&ptt=5&saldr=sa&correlator=4075843604342&frm=21&ife=1&pv=2&ga_vid=1026516623.1633777931&ga_sid=1633777932&ga_hid=448423975&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=320&ady=844&biw=1600&bih=1200&isw=320&ish=50&ifk=1965715624&scr_x=0&scr_y=0&eid=31062938%2C31062944%2C31063089%2C31063103&oid=2&pvsid=2265266584299941&pem=686&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.13muzde6ulen&fsb=1&xpc=z3kiqxzK3Y&p=https%3A//securityaffairs.co&dtd=117
Frame ID: B2A267BDDA0E55EDC92D7A998B717C6D
Requests: 10 HTTP requests in this frame

Frame: https://served-by.pixfuture.com/www/delivery/afr.php
Frame ID: 6973AFD534531A4E4A638995FB71A567
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si
Frame ID: B88DF67BF99CA0DDDEFE9AE2A17FA5AC
Requests: 2 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Frame ID: 51913BC950CD87C1F8E8BC51C4E92471
Requests: 24 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Frame ID: 028DC2C2B14A42E0A8378E8CC33D1A90
Requests: 1 HTTP requests in this frame

Frame: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUIUMTP7&prvid=2034%2C2033%2C2011%2C3022%2C3020%2C2030%2C273%2C251%2C175%2C2009%2C255%2C178%2C3018%2C2028%2C3017%2C2027%2C3016%2C236%2C214%2C237%2C2025%2C3014%2C238%2C117%2C97%2C99%2C77%2C38%2C3012%2C3011%2C3010%2C182%2C261%2C141%2C222%2C3007%2C201%2C4%2C301%2C246%2C225%2C203%2C80%2C10000%2C9%2C108&purpose1=1&gdprconsent=0&gdpr=1&usp_status=0&usp_consent=1&itype=PREBID
Frame ID: 394294AE59E31C2E3F18F6FD44D6C243
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: FE7EA1BBADB123C5A569E93211BB3559
Requests: 3 HTTP requests in this frame

Frame: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
Frame ID: 9C5EA56A7AEAB3015DC971E2B14BA023
Requests: 7 HTTP requests in this frame

Frame: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
Frame ID: 9CFD5C668F276510A9B294E59E48DD0E
Requests: 7 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: E3E847F9541F61E44BBEF9FC22E3B1E3
Requests: 3 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Frame ID: 35FC1D1E958D18C7B90E7500FA3CEF27
Requests: 1 HTTP requests in this frame

Frame: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
Frame ID: 25466BD793AD9B9D23163B327C6C3052
Requests: 7 HTTP requests in this frame

Frame: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
Frame ID: 9020AD12D9BC4BD628A94C5E1D2D96F8
Requests: 7 HTTP requests in this frame

Frame: https://ssc-cms.33across.com/ps/?m=xch&rt=html&ru=deb&id=azC7qard4r6OkMaKlId8sQ&gdpr_consent=undefined&us_privacy=undefined
Frame ID: 65108744560898B79C680126BB990A8B
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Frame ID: C8BD8F1A3F6B922BD6FFD62E58EC5142
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: 544AA3CBB693133405893093CB682EE1
Requests: 3 HTTP requests in this frame

Frame: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUIUMTP7&prvid=2034%2C2033%2C2011%2C3022%2C3020%2C2030%2C273%2C251%2C175%2C2009%2C255%2C178%2C3018%2C2028%2C3017%2C2027%2C3016%2C236%2C214%2C237%2C2025%2C3014%2C238%2C117%2C97%2C99%2C77%2C38%2C3012%2C3011%2C3010%2C182%2C261%2C141%2C222%2C3007%2C201%2C4%2C301%2C246%2C225%2C203%2C80%2C10000%2C9%2C108&purpose1=1&gdprconsent=0&gdpr=1&usp_status=0&usp_consent=1&itype=PREBID
Frame ID: BD89156C226EB7E6270D40AE3B73E006
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: 506B4B656DAE42414A230A1536D4F173
Requests: 3 HTTP requests in this frame

Frame: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUIUMTP7&prvid=2034%2C2033%2C2011%2C3022%2C3020%2C2030%2C273%2C251%2C175%2C2009%2C255%2C178%2C3018%2C2028%2C3017%2C2027%2C3016%2C236%2C214%2C237%2C2025%2C3014%2C238%2C117%2C97%2C99%2C77%2C38%2C3012%2C3011%2C3010%2C182%2C261%2C141%2C222%2C3007%2C201%2C4%2C301%2C246%2C225%2C203%2C80%2C10000%2C9%2C108&purpose1=1&gdprconsent=0&gdpr=1&usp_status=0&usp_consent=1&itype=PREBID
Frame ID: C583B6D8F57E102FC13E86DBA3C7F383
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html
Frame ID: 92169A7B14950D17BD6B37CCDC35AD90
Requests: 10 HTTP requests in this frame

Frame: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUIUMTP7&prvid=2034%2C2033%2C2011%2C3022%2C3020%2C2030%2C273%2C251%2C175%2C2009%2C255%2C178%2C3018%2C2028%2C3017%2C2027%2C3016%2C236%2C214%2C237%2C2025%2C3014%2C238%2C117%2C97%2C99%2C77%2C38%2C3012%2C3011%2C3010%2C182%2C261%2C141%2C222%2C3007%2C201%2C4%2C301%2C246%2C225%2C203%2C80%2C10000%2C9%2C108&purpose1=1&gdprconsent=0&gdpr=1&usp_status=0&usp_consent=1&itype=PREBID
Frame ID: 5720F11CBC79FC38E218C548B09D34D5
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/Op0h1o4bLATv4Gekw87wLIhuIhk3mUgQ1PXLVSVUXpk.js
Frame ID: B6D9BE989479E3FA0CEA5BA73A2EA432
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=250&slotname=Internal_300x250_0.10&adk=1639670682&adf=1174745095&pi=t.ma~as.Internal_300x250_0._&w=300&lmt=1633777933&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F123136%2Fmalware%2Fcox-media-group-ransomware.html%3Futm_source%3Drss%26utm_medium%3Drss%26utm_campaign%3Dcox-media-group-ransomware&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1633777932130&bpp=8&bdt=56&idt=942&shv=r20211006&mjsv=m202110060101&ptt=5&saldr=sa&cookie=ID%3D196d8e7f801c5845-22092b89e7ca00d9%3AT%3D1633777932%3ART%3D1633777932%3AS%3DALNI_MZ43NaiwjCjOep31Py9jmYXJBET-w&correlator=4075843604342&frm=21&ife=1&pv=1&ga_vid=1026516623.1633777931&ga_sid=1633777933&ga_hid=1671679630&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=320&ady=2414&biw=1600&bih=1200&isw=300&ish=250&ifk=2721514989&scr_x=0&scr_y=0&eid=31063076%2C31062930&oid=2&pvsid=2428993641080329&pem=686&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C250&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.6wt58ugvvb33&btvi=1&fsb=1&xpc=9qlfgNbbVz&p=https%3A//securityaffairs.co&dtd=970
Frame ID: 8B3589E3BF1A2C3A9BAA4F0A79120430
Requests: 13 HTTP requests in this frame

Frame: https://c1.adform.net/serving/cookie/match?party=14&cid=E929A88B-44D7-460C-87B2-D524F9C2DD83
Frame ID: C37B183E82844444A1BC9BD2FF041C38
Requests: 1 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=403435026075199129
Frame ID: 910CB5A5D7748D6F063E44E42B45155D
Requests: 1 HTTP requests in this frame

Frame: https://dis.criteo.com/dis/usersync.aspx?r=3&p=4&cp=pubmaticUS&cu=1&&gdpr=0&gdpr_consent=&url=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:@@CRITEO_USERID@@
Frame ID: 4B9704DC8E12CB60FD1230185BE71FFC
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA=&piggybackCookie=7017022791164819604
Frame ID: D304947651D8944CF991242E80E81139
Requests: 1 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyOTcmdGw9MTI5NjAw&piggybackCookie=AAEfUU7CwvIAABfVqaEewA
Frame ID: A334472DEF48EDE46E40B4F37866E9DC
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode&gdpr_consent=null&piggybackCookie={device_id}&gdpr=0
Frame ID: 910780BF2662C5B5F869F8821229DACF
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=RX-fad4045b-1ae9-4d30-86bf-df47bd4b7bff-003
Frame ID: 1ABA628B200BD06D70781E70365A493D
Requests: 1 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw&piggybackCookie=QA5ll3H8VoBvV8BxZudeXniA
Frame ID: 4B754CCADF96C79756DED3A69A2A1FFB
Requests: 1 HTTP requests in this frame

Frame: https://ad4m.at/ad/dpe?b=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjkmdGw9MTI5NjAw&piggybackCookie=$UID
Frame ID: EB1BD67BD49895113C9BED6346B544E5
Requests: 1 HTTP requests in this frame

Frame: https://cm.adgrx.com/bridge?AG_PID=pubmatic&AG_SETCOOKIE&gdpr=0&gdpr_consent=
Frame ID: 346E0FD78D01ADC2FF888CFE892800D5
Requests: 1 HTTP requests in this frame

Frame: https://s.tribalfusion.com/z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID}
Frame ID: 17C851C11769B38C81560D60929BFB97
Requests: 1 HTTP requests in this frame

Frame: https://match.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&tbid=09c1189c-7a7a-4bdc-8efd-5f1655100870-tuct85afe8d&query=taboola_hm%3D1%26redir%3Dhttps%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw%26piggybackCookie%3Duid%3A%24UID&isDirect=0
Frame ID: 7931A0880B3E81753F2E360C5FF97A73
Requests: 1 HTTP requests in this frame

Frame: https://match.deepintent.com/usersync/141?gdpr=0&gdpr_consent=
Frame ID: 6A743CAFA6ECF67F546CF16A5C68BF92
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Frame ID: 67B66D7E9FC7F224C5C2BAC91FE4F95A
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 047EAA1134A70953104000920F587DDB
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Frame ID: 62EBED5547368259787BDB820E6E1A4C
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 54E622F313DAAEEA4CE0C197B0A5859A
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CO-t7QIQhsvvAhj5p_-tATAB&v=APEucNWA02vWq6-v7muQghXJRyOCQOGT1XSjwq3VwPE7mxRkL2pr3FlTkiBLj2np5LWi4h7WOBxEGoqkUNcGwa_-2xz-6O3kow
Frame ID: 30228D0B6D594F86C28314C52821E596
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: EAADE6B03C649B1260B49311007AFC61
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 45BDA1E93E6DDA091C7842FA6A4A20A1
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Frame ID: DCAE76B7212A3D24CE28061D9B531D7F
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 8F7A1C14D69230479149ED507010FD7F
Requests: 2 HTTP requests in this frame

Frame: https://cdn.pixfuture.com/banners/728x90.png
Frame ID: 6F1BB614C8AFB8FE3B39648FC5B10EFE
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Cox Media Group took down broadcasts after a ransomware attackSecurity Affairs

Page URL History Show full URLs

  1. https://t.co/t3IqLxdqrl Page URL
  2. https://ift.tt/2WUM2H9 HTTP 301
    https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
  • /wp-(?:content|includes)/
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
Overall confidence: 100%
Detected patterns
  • <!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -
Overall confidence: 100%
Detected patterns
  • adnxs\.(?:net|com)
Overall confidence: 100%
Detected patterns
  • googlesyndication\.com/pagead/show_ads\.js
Overall confidence: 100%
Detected patterns
  • 2mdn\.net
Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
  • <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Overall confidence: 100%
Detected patterns
  • googlesyndication\.com/
  • 2mdn\.net
Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtag/js
Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.openx\.net
Overall confidence: 100%
Detected patterns
  • adnxs\.com/[^"]*(?:prebid|/pb\.js)
Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.pubmatic\.com
Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.rubiconproject\.com
Overall confidence: 100%
Detected patterns
  • tracker\.js
Overall confidence: 100%
Detected patterns
  • twemoji(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Overall confidence: 100%
Detected patterns
  • jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Page Statistics

349
Requests

98 %
HTTPS

0 %
IPv6

71
Domains

111
Subdomains

71
IPs

11
Countries

3604 kB
Transfer

6286 kB
Size

104
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://t.co/t3IqLxdqrl Page URL
  2. https://ift.tt/2WUM2H9 HTTP 301
    https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 129
  • https://secure.adnxs.com/seg?add=27578926%2C27578926&t=1 HTTP 307
  • https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D27578926%252C27578926%26t%3D1
Request Chain 130
  • https://secure.adnxs.com/seg?add=27578935%2C27578935&t=1 HTTP 307
  • https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D27578935%252C27578935%26t%3D1
Request Chain 193
  • https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=90&slotname=Internal_728x90_0.10&adk=1194620937&adf=1174745092&pi=t.ma~as.Internal_728x90_0.10&w=728&lmt=1633777932&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F123136%2Fmalware%2Fcox-media-group-ransomware.html%3Futm_source%3Drss%26utm_medium%3Drss%26utm_campaign%3Dcox-media-group-ransomware&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1633777932157&bpp=16&bdt=53&idt=77&shv=r20211006&mjsv=m202110040101&ptt=5&saldr=sa&correlator=4075843604342&frm=21&ife=1&pv=1&ga_vid=1026516623.1633777931&ga_sid=1633777932&ga_hid=1848176237&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=320&ady=518&biw=1600&bih=1200&isw=728&ish=90&ifk=2660921550&scr_x=0&scr_y=0&oid=2&pvsid=4265722531479805&pem=686&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.88bfg1wshg5a&fsb=1&xpc=iWH5dETTGS&p=https%3A//securityaffairs.co&dtd=92 HTTP 302
  • https://served-by.pixfuture.com/www/delivery/afr.php
Request Chain 201
  • https://www.google.com/pagead/drt/ui HTTP 302
  • https://googleads.g.doubleclick.net/pagead/drt/si
Request Chain 222
  • https://sync.mathtag.com/sync/img?mt_exid=5&redir=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D536872786%26val%3D%5BMM_UUID%5D HTTP 302
  • https://eu-u.openx.net/w/1.0/sd?id=536872786&val=ecc46161-790c-4100-bfdc-fc35f01e5f4d
Request Chain 223
  • https://pixel.quantserve.com/pixel/p-25CIknq_eSg16.gif?idmatch=0&gdpr=0 HTTP 302
  • https://us-u.openx.net/w/1.0/sd?id=537072956&gdpr=0&val=wNLD-8HaxanbhcX4xtvY_sLWwP7b08yvl9sO1Zqg
Request Chain 224
  • https://c1.adform.net/serving/cookie/match?party=22 HTTP 302
  • https://c1.adform.net/serving/cookie/match?CC=1&party=22 HTTP 302
  • https://eu-u.openx.net/w/1.0/sd?id=537113484&val=4193834106182578382
Request Chain 227
  • https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc HTTP 302
  • https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEKNZOBriQSorOiXaVG86Tjc&google_cver=1
Request Chain 228
  • https://sync.mathtag.com/sync/img?mt_exid=5&redir=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D536872786%26val%3D%5BMM_UUID%5D HTTP 302
  • https://eu-u.openx.net/w/1.0/sd?id=536872786&val=4e1f6161-790c-4a00-af65-a4800e9df82f
Request Chain 229
  • https://pixel.quantserve.com/pixel/p-25CIknq_eSg16.gif?idmatch=0&gdpr=0 HTTP 302
  • https://us-u.openx.net/w/1.0/sd?id=537072956&gdpr=0&val=AWToWQBs7gsaM-5aAWTzCVQx7FwaM71bBW2rjfd7
Request Chain 230
  • https://c1.adform.net/serving/cookie/match?party=22 HTTP 302
  • https://c1.adform.net/serving/cookie/match?CC=1&party=22 HTTP 302
  • https://eu-u.openx.net/w/1.0/sd?id=537113484&val=1413885060248384874
Request Chain 233
  • https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc HTTP 302
  • https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEAvKJb83cGwgy6gWTNbBn7M&google_cver=1
Request Chain 234
  • https://sync.mathtag.com/sync/img?mt_exid=5&redir=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D536872786%26val%3D%5BMM_UUID%5D HTTP 302
  • https://eu-u.openx.net/w/1.0/sd?id=536872786&val=ff006161-790c-4a00-8f46-925ea55601bd
Request Chain 235
  • https://pixel.quantserve.com/pixel/p-25CIknq_eSg16.gif?idmatch=0&gdpr=0 HTTP 302
  • https://us-u.openx.net/w/1.0/sd?id=537072956&gdpr=0&val=bC1I5W0lTrd3ek7nYn1T4mt9Sex3ekrjbH1bwVGx
Request Chain 236
  • https://c1.adform.net/serving/cookie/match?party=22 HTTP 302
  • https://c1.adform.net/serving/cookie/match?CC=1&party=22 HTTP 302
  • https://eu-u.openx.net/w/1.0/sd?id=537113484&val=2785713147766716868
Request Chain 239
  • https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc HTTP 302
  • https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEC18egDazzzYDBQl_CvU0Uk&google_cver=1
Request Chain 240
  • https://sync.mathtag.com/sync/img?mt_exid=5&redir=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D536872786%26val%3D%5BMM_UUID%5D HTTP 302
  • https://eu-u.openx.net/w/1.0/sd?id=536872786&val=29296161-790c-4600-98d0-e0beac74b122
Request Chain 241
  • https://pixel.quantserve.com/pixel/p-25CIknq_eSg16.gif?idmatch=0&gdpr=0 HTTP 302
  • https://us-u.openx.net/w/1.0/sd?id=537072956&gdpr=0&val=q-QQ-qrsFqiwsxb5ruUL-6viQKiw5kSvpOQvIHIx
Request Chain 242
  • https://c1.adform.net/serving/cookie/match?party=22 HTTP 302
  • https://c1.adform.net/serving/cookie/match?CC=1&party=22 HTTP 302
  • https://eu-u.openx.net/w/1.0/sd?id=537113484&val=6859712665053151069
Request Chain 245
  • https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc HTTP 302
  • https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESECnzb3YYrb5ATTxZ2Nxbzqs&google_cver=1
Request Chain 262
  • https://d5p.de17a.com/getuid/pubmatic?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID HTTP 302
  • https://d5p.de17a.com/getuid/pubmatic;c?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=403435026075199129
Request Chain 264
  • https://dsp.adfarm1.adition.com/cookie/?ssp=9 HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA=&piggybackCookie=7017022791164819604
Request Chain 265
  • https://match.prod.bidr.io/cookie-sync/pm&gdpr=0&gdpr_consent= HTTP 303
  • https://match.prod.bidr.io/cookie-sync/pm&gdpr=0&gdpr_consent=?_bee_ppp=1 HTTP 303
  • https://cm.g.doubleclick.net/pixel?google_nid=beeswaxio&google_sc=&google_hm=QUFFZlVVN0N3dklBQUJmVnFhRWV3QQ&bee_sync_partners=pp%2Csas%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sync_hop_count=1 HTTP 302
  • https://match.prod.bidr.io/cookie-sync/adx?bee_sync_partners=pp%2Csas%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sync_hop_count=1 HTTP 303
  • https://bh.contextweb.com/bh/rtset?do=add&pid=558502&ev=AAEfUU7CwvIAABfVqaEewA&rurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dsas%252Cpm%26bee_sync_current_partner%3Dpp%26bee_sync_initiator%3Dadx%26bee_sync_hop_count%3D2 HTTP 302
  • https://match.prod.bidr.io/cookie-sync?bee_sync_partners=sas%2Cpm&bee_sync_current_partner=pp&bee_sync_initiator=adx&bee_sync_hop_count=2&ev=AAEfUU7CwvIAABfVqaEewA&pid=558502&do=add HTTP 303
  • https://rtb-csync.smartadserver.com/redir?partnerid=127&partneruserid=AAEfUU7CwvIAABfVqaEewA&redirurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dpm%26bee_sync_current_partner%3Dsas%26bee_sync_initiator%3Dadx%26bee_sync_hop_count%3D3%26userid%3DSMART_USER_ID HTTP 302
  • https://match.prod.bidr.io/cookie-sync?bee_sync_partners=pm&bee_sync_current_partner=sas&bee_sync_initiator=adx&bee_sync_hop_count=3&userid=6600803794281955515 HTTP 303
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyOTcmdGw9MTI5NjAw&piggybackCookie=AAEfUU7CwvIAABfVqaEewA
Request Chain 266
  • https://csync.loopme.me/?redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzImdGw9MTI5NjAw&piggybackCookie={device_id}&gdpr=0&gdpr_consent= HTTP 307
  • https://simage2.pubmatic.com/AdServer/Pug?vcode&gdpr_consent=null&piggybackCookie={device_id}&gdpr=0
Request Chain 267
  • https://sync.1rx.io/usersync2/pubmatic&gdpr=0&gdpr_consent= HTTP 302
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=152441696 HTTP 302
  • https://sync.1rx.io/usersync/tradedesk/1dd5785e-2f3a-4d49-9043-ead9d52c2c52 HTTP 302
  • https://sync.targeting.unrulymedia.com/csync/RX-fad4045b-1ae9-4d30-86bf-df47bd4b7bff-003?redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA%3D%26piggybackCookie%3DRX-fad4045b-1ae9-4d30-86bf-df47bd4b7bff-003 HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=RX-fad4045b-1ae9-4d30-86bf-df47bd4b7bff-003
Request Chain 268
  • https://green.erne.co/pubmatic/cm HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw&piggybackCookie=QA5ll3H8VoBvV8BxZudeXniA
Request Chain 271
  • https://a.tribalfusion.com/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID} HTTP 302
  • https://s.tribalfusion.com/z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID}
Request Chain 272
  • https://trc.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw&piggybackCookie=uid:$UID HTTP 302
  • https://match.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&tbid=09c1189c-7a7a-4bdc-8efd-5f1655100870-tuct85afe8d&query=taboola_hm%3D1%26redir%3Dhttps%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw%26piggybackCookie%3Duid%3A%24UID&isDirect=0
Request Chain 274
  • https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=6Smoi0TXRgyHstUk-cLdgw%3D%3D HTTP 302
  • https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=
Request Chain 275
  • https://sync.mathtag.com/sync/img?mt_exid=3&redir=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3FpartnerID%3D27%26partnerUID%3D%5BMM_UUID%5D HTTP 302
  • https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=ecc46161-790c-4100-bfdc-fc35f01e5f4d
Request Chain 276
  • https://pixel.onaudience.com/?partner=214&mapped=E929A88B-44D7-460C-87B2-D524F9C2DD83 HTTP 302
  • https://sync.crwdcntrl.net/map/c=8587/tp=CLOD?https%3A%2F%2Fpixel.onaudience.com%2F%3Fpartner%3D104%26icm%26cver%26mapped%3D%24%7Bprofile_id%7D HTTP 302
  • https://sync.crwdcntrl.net/map/ct=y/c=8587/tp=CLOD?https%3A%2F%2Fpixel.onaudience.com%2F%3Fpartner%3D104%26icm%26cver%26mapped%3D%24%7Bprofile_id%7D HTTP 302
  • https://pixel.onaudience.com/?partner=104&icm&cver&mapped=afa9bf8a85af729ac5acc326bbea9c0e HTTP 302
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=xksw9la&ttd_tpi=1 HTTP 302
  • https://pixel.onaudience.com/?partner=147&mapped=1dd5785e-2f3a-4d49-9043-ead9d52c2c52&icm HTTP 302
  • https://pixel.onaudience.com/?partner=109&icm&cver&smartmap=1&redirect=tags.bluekai.com%2Fsite%2F33141%3F%26id%3D%25m HTTP 302
  • https://tags.bluekai.com/site/33141?&id=d441cb2f09ae045e
Request Chain 277
  • https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=RTkyOUE4OEItNDRENy00NjBDLTg3QjItRDUyNEY5QzJERDgz&gdpr=0&gdpr_consent= HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
Request Chain 278
  • https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent= HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEAuWxXhW7mQ2EU4MExmDtjo&google_cver=1
Request Chain 280
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=1dd5785e-2f3a-4d49-9043-ead9d52c2c52
Request Chain 281
  • https://c1.adform.net/serving/cookie/match?party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COOKIES%20HERE]&gdpr=0&gdpr_consent= HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=1413885060248384874
Request Chain 282
  • https://sync.mathtag.com/sync/img?mt_exid=3&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA%3D%3D%26piggybackCookie%3Duid%3A%5BMM_UUID%5D HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA==&piggybackCookie=uid:ecc46161-790c-4100-bfdc-fc35f01e5f4d&gdpr=0&gdpr_consent=
Request Chain 283
  • https://ib.adnxs.com/getuid?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=$UID&gdpr=0&gdpr_consent= HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=3371712957801144948&gdpr=0&gdpr_consent=
Request Chain 284
  • https://pixel.quantserve.com/pixel/p-5aWVS_roA1dVM.gif?idmatch=0&gdpr=0&gdpr_consent= HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=UZV6KVCdfHtKwnwqVJRhKFGTKntKly58XpURs-7c
Request Chain 285
  • https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=E929A88B-44D7-460C-87B2-D524F9C2DD83&redir=true&gdpr=0&gdpr_consent= HTTP 302
  • https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=E929A88B-44D7-460C-87B2-D524F9C2DD83&redir=true&gdpr=0&gdpr_consent=&verify=true HTTP 302
  • https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-Hhu4dy5E2uWUdXZFgzlbdCIQ5z3Fe68-~A&gdpr=0&gdpr_consent=
Request Chain 287
  • https://x.bidswitch.net/sync?ssp=pubmatic&gdpr=0&gdpr_consent= HTTP 302
  • https://x.bidswitch.net/ul_cb/sync?ssp=pubmatic&gdpr=0&gdpr_consent= HTTP 302
  • https://sonata-notifications.taptapnetworks.com/web/cookie/bidswitch/sync?bidswitch_ssp_id=pubmatic&bsw_custom_parameter=b4ea6427-c713-454e-a4ee-8d2f87debcb3&gdpr=0&gdpr_consent=&gdpr_pd= HTTP 302
  • https://x.bidswitch.net/sync?dsp_id=413&ssp=pubmatic&user_id=csonata_6d4e5bd3-e558-496b-9f1d-ef914d5722be&bsw_param=b4ea6427-c713-454e-a4ee-8d2f87debcb3&expires=10 HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=b4ea6427-c713-454e-a4ee-8d2f87debcb3&gdpr=&gdpr_consent=&gdpr_pd=
Request Chain 288
  • https://sync-tm.everesttech.net/upi/pid/b9pj45k4?redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%7D%26gdpr%3D0%26gdpr_consent%3D HTTP 302
  • https://sync-tm.everesttech.net/ct/upi/pid/b9pj45k4?redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%7D%26gdpr%3D0%26gdpr_consent%3D&_test=YWF5DQAHurgAYAAR HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=YWF5DQAHurgAYAAR&gdpr=0&gdpr_consent=&_test=YWF5DQAHurgAYAAR
Request Chain 290
  • https://pixel-sync.sitescout.com/dmp/pixelSync?nid=3&gdpr=0&gdpr_consent= HTTP 302
  • https://pixel-sync.sitescout.com/dmp/pixelSync?cookieQ=1&nid=3&gdpr=0&gdpr_consent= HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5NjkmdGw9MjU5MjAw=&piggybackCookie=f17d52dc-50a9-47da-b18e-76980ef19679-6161790d-5553&gdpr=0&gdpr_consent=
Request Chain 291
  • https://ad.turn.com/r/cs?pid=1&gdpr=0&gdpr_consent= HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=8162890501504201051&gdpr=0&gdpr_consent=&us_privacy=
Request Chain 292
  • https://match.adsby.bidtheatre.com/pubmaticmatch?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent= HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?piggybackCookie=uid:36f95fec-cb93-46f1-87a5-38038b55a625&vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw
Request Chain 293
  • https://ads.playground.xyz/usersync/apn?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=$UID HTTP 302
  • https://secure.adnxs.com/getuid?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=$UID HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=3371712957801144948
Request Chain 297
  • https://sync-tm.everesttech.net/upi/pid/btu4jd3a?redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D191940%26nid%3D3778%26put%3D%24%7BUSER_ID%7D HTTP 302
  • https://sync-tm.everesttech.net/ct/upi/pid/btu4jd3a?redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D191940%26nid%3D3778%26put%3D%24%7BUSER_ID%7D&_test=YWF5DQAHxqVkmwA6 HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=191940&nid=3778&put=YWF5DQAHxqVkmwA6&_test=YWF5DQAHxqVkmwA6
Request Chain 299
  • https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEJDs-I6FjDOJAb0YclLj9Is&google_cver=1
Request Chain 301
  • https://token.rubiconproject.com/token?pid=26594 HTTP 302
  • https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=KUJP73V7-15-4H48&sigv=1&esig=2~512dc6e6be0e4bed772ad6b9878fa7c0c64cffab
Request Chain 302
  • https://sync.mathtag.com/sync/img?mt_exid=9&redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D4222%26nid%3D1512%26put%3D%5BMM_UUID%5D HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=4222&nid=1512&put=ecc46161-790c-4100-bfdc-fc35f01e5f4d&expires=28
Request Chain 303
  • https://token.rubiconproject.com/token?pid=25470 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1VKUDczVjctMTUtNEg0OA==
Request Chain 304
  • https://token.rubiconproject.com/token?pid=2249&pt=n HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=YzA1MjVkOTIyNTliMmFhNjNiODdlNmQ3YTE2ZWI3YTg5ODUzNmUxZg
Request Chain 317
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBX7GKUpnamMXTQ0cFqG2KU&google_cver=1 HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBX7GKUpnamMXTQ0cFqG2KU&google_cver=1&C=1
Request Chain 318
  • https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
  • https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YWF5DY.PDzvwxI.lNx-09AAA HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBX7GKUpnamMXTQ0cFqG2KU&google_cver=1&google_hm=2
Request Chain 319
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
  • https://ib.adnxs.com/setuid?entity=101&code=CAESEHz2cWjkpJzuCbuz4Bmw2aw&google_cver=1
Request Chain 320
  • https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzM3MTcxMjk1NzgwMTE0NDk0OA%3D%3D
Request Chain 332
  • https://um.simpli.fi/gp_match?google_gid=CAESEBgZidHqO8X34CXXHlZOoNk&google_cver=1&google_push=AYg5qPIt1qjv5WhKmi66zj4y8fUQVySh8JtfNhamCwz7E86A5x2bvDx9Kk_vr435n98lh3sFJwJYQUn43cZ9_HiahcKhHWG3nC4Y HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=7C6872371FE240FEA532E713FA4DCE7A&google_push=AYg5qPIt1qjv5WhKmi66zj4y8fUQVySh8JtfNhamCwz7E86A5x2bvDx9Kk_vr435n98lh3sFJwJYQUn43cZ9_HiahcKhHWG3nC4Y
Request Chain 335
  • https://google.ops.beeline.ru/p?ssp=gl&google_gid=CAESECMt4eS_nE8QAOxhnQrvTDQ&google_cver=1&google_push=AYg5qPKEsJzeeUql3Ywp9KO199Xgz_KRHHq_1qoY0lfOwpG0xI8Rk1V3xbrRuJvPwj0W-IrkcUn1Br-4_-VB5tlzqFR8HqjwiRHplw HTTP 301
  • https://cm.g.doubleclick.net/pixel?google_nid=vimpelcom_pjsc&google_hm=MDgyMzY5ZTQtYjcxMS00MTU0LWI1MzMtYmE0NjNhZTY1Yzdi&google_push=AYg5qPKEsJzeeUql3Ywp9KO199Xgz_KRHHq_1qoY0lfOwpG0xI8Rk1V3xbrRuJvPwj0W-IrkcUn1Br-4_-VB5tlzqFR8HqjwiRHplw
Request Chain 336
  • https://sm.rtb.mts.ru/p?ssp=googlevid&pm=1&google_gid=CAESEJczlfRcaBJnzTzitL1I2x4&google_cver=1&google_push=AYg5qPKKhhVdrQzf1lH_nh7Do6DoFbDJuRUmOGxmbohm5zlUi69z7E_-Yog0hWoRqxEKoZLGN8pJr07V6QEEsSasjJm3dyG_z617YA HTTP 301
  • https://sm.rtb.mts.ru/match/second?r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dstream_llc_2%26id%3Dedea10d5-3ca0-4399-ac93-425306be5fef%26google_push%3DAYg5qPKKhhVdrQzf1lH_nh7Do6DoFbDJuRUmOGxmbohm5zlUi69z7E_-Yog0hWoRqxEKoZLGN8pJr07V6QEEsSasjJm3dyG_z617YA&ssp=googlevid&exu=CAESEJczlfRcaBJnzTzitL1I2x4 HTTP 301
  • https://tech.rtb.mts.ru/?dsp_uid=edea10d5-3ca0-4399-ac93-425306be5fef&return_url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dstream_llc_2%26id%3Dedea10d5-3ca0-4399-ac93-425306be5fef%26google_push%3DAYg5qPKKhhVdrQzf1lH_nh7Do6DoFbDJuRUmOGxmbohm5zlUi69z7E_-Yog0hWoRqxEKoZLGN8pJr07V6QEEsSasjJm3dyG_z617YA HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=stream_llc_2&id=edea10d5-3ca0-4399-ac93-425306be5fef&google_push=AYg5qPKKhhVdrQzf1lH_nh7Do6DoFbDJuRUmOGxmbohm5zlUi69z7E_-Yog0hWoRqxEKoZLGN8pJr07V6QEEsSasjJm3dyG_z617YA
Request Chain 337
  • https://ads.avads.net/sync/ggl?google_gid=CAESEIJ-liGgV4wg2luE_3qfMGI&google_cver=1&google_push=AYg5qPLaOF-DiJFywz2Hk1CFGamsI7IsBdzzcgse92lD81rIs3BtvkOxrw7dxmpt7DY1bUmXRNoh4r8UbllLKbziWEyyV_an26flMQ HTTP 302
  • https://ads.avads.net/sync/ggl?google_gid=CAESEIJ-liGgV4wg2luE_3qfMGI&google_cver=1&google_push=AYg5qPLaOF-DiJFywz2Hk1CFGamsI7IsBdzzcgse92lD81rIs3BtvkOxrw7dxmpt7DY1bUmXRNoh4r8UbllLKbziWEyyV_an26flMQ&av_tc=True HTTP 302
  • https://ads.avads.net/sync/ggl?google_gid=CAESEIJ-liGgV4wg2luE_3qfMGI&google_cver=1&google_push=AYg5qPLaOF-DiJFywz2Hk1CFGamsI7IsBdzzcgse92lD81rIs3BtvkOxrw7dxmpt7DY1bUmXRNoh4r8UbllLKbziWEyyV_an26flMQ HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=MGVjYTVmNzMtYTc1MS00Nzg3LWI2M2ItYWU1NGNkMGIyMjBj&google_push=AYg5qPLaOF-DiJFywz2Hk1CFGamsI7IsBdzzcgse92lD81rIs3BtvkOxrw7dxmpt7DY1bUmXRNoh4r8UbllLKbziWEyyV_an26flMQ

349 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
t3IqLxdqrl
t.co/ 		221 B
490 B 		Document
General
Check archive.org
Download Go to
Full URL
https://t.co/t3IqLxdqrl
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.244.42.5 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_o /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=0
X-Xss-Protection 0

Request headers

:method
GET
:authority
t.co
:scheme
https
:path
/t3IqLxdqrl
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

date
Sat, 09 Oct 2021 11:12:07 GMT
vary
Origin
server
tsa_o
expires
Sat, 09 Oct 2021 11:17:08 GMT
set-cookie
muc=ddeec802-5d81-4506-9f73-c22b67134720; Max-Age=63072000; Expires=Mon, 09 Oct 2023 11:12:08 GMT; Domain=t.co; Secure; SameSite=None
content-type
text/html; charset=utf-8
cache-control
private,max-age=300
content-length
174
content-encoding
gzip
x-xss-protection
0
strict-transport-security
max-age=0
x-connection-hash
ea2e07231dbd852d45c955eb2791d686456ff3a31ef9bbf1bfa104338453478d
Primary Request cox-media-group-ransomware.html
securityaffairs.co/wordpress/123136/malware/
Redirect Chain
  • https://ift.tt/2WUM2H9
  • https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
91 KB
24 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
Requested by
Host: t.co
URL: https://t.co/t3IqLxdqrl
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
217.160.0.146 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
217-160-0-146.elastic-ssl.ui-r.com
Software
Apache /
Resource Hash
9557145aba2e67816ea2f5076529aca9c7bfd829eaaf5af93a8be091647a043e

Request headers

:method
GET
:authority
securityaffairs.co
:scheme
https
:path
/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
document
referer
https://t.co/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://t.co/t3IqLxdqrl

Response headers

content-type
text/html; charset=UTF-8
date
Sat, 09 Oct 2021 11:12:08 GMT
server
Apache
x-pingback
https://securityaffairs.co/wordpress/xmlrpc.php
link
<https://securityaffairs.co/wordpress/wp-json/>; rel="https://api.w.org/", <https://securityaffairs.co/wordpress/wp-json/wp/v2/posts/123136>; rel="alternate"; type="application/json", <https://securityaffairs.co/wordpress/?p=123136>; rel=shortlink
content-encoding
gzip

Redirect headers

cache-control
private, max-age=90
content-security-policy
referrer always;
content-type
text/html; charset=utf-8
date
Sat, 09 Oct 2021 11:12:08 GMT
location
https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
referrer-policy
unsafe-url
server
nginx
set-cookie
_bit=l99bc8-ee15bb660c9a23ab87-00c; Domain=ift.tt; Expires=Thu, 07 Apr 2022 11:12:08 GMT
strict-transport-security
max-age=1209600
content-length
248
js
www.googletagmanager.com/gtag/ 		97 KB
39 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=UA-59069958-1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.16.136 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
zrh04s06-in-f136.1e100.net
Software
Google Tag Manager /
Resource Hash
3c08635177b7c63dd3c975dc9c02525b72f45dd933d5638afe9380514d50a582
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Sat, 09 Oct 2021 11:12:09 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
39158
x-xss-protection
0
last-modified
Sat, 09 Oct 2021 09:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Sat, 09 Oct 2021 11:12:09 GMT
style.css
securityaffairs.co/wordpress/wp-includes/css/dist/block-library/ 		91 KB
91 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-includes/css/dist/block-library/style.css?ver=4e9fb397a60a1f94ccb51524dee6bbf2
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
217.160.0.146 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
217-160-0-146.elastic-ssl.ui-r.com
Software
Apache /
Resource Hash
175437ab2d5703d39c01d0f479b19f9b1569bfb2cf43dca8cbf30ff962f0f48b

Request headers

:path
/wordpress/wp-includes/css/dist/block-library/style.css?ver=4e9fb397a60a1f94ccb51524dee6bbf2
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
securityaffairs.co
referer
https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Sat, 09 Oct 2021 11:12:09 GMT
last-modified
Fri, 23 Jul 2021 22:11:52 GMT
server
Apache
accept-ranges
bytes
etag
"16cb1-5c7d1b0db415e"
content-length
93361
content-type
text/css
mediaelementplayer-legacy.min.css
securityaffairs.co/wordpress/wp-includes/js/mediaelement/ 		11 KB
11 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css?ver=4.2.16
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
217.160.0.146 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
217-160-0-146.elastic-ssl.ui-r.com
Software
Apache /
Resource Hash
b7908a015a567ec2363011df2475368dbff34360e9da3fdff50604d6395fb646

Request headers

:path
/wordpress/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css?ver=4.2.16
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
securityaffairs.co
referer
https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Sat, 09 Oct 2021 11:12:09 GMT
last-modified
Wed, 09 Dec 2020 23:31:00 GMT
server
Apache
accept-ranges
bytes
etag
"2bf8-5b61073af996a"
content-length
11256
content-type
text/css
wp-mediaelement.css
securityaffairs.co/wordpress/wp-includes/js/mediaelement/ 		5 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-includes/js/mediaelement/wp-mediaelement.css?ver=4e9fb397a60a1f94ccb51524dee6bbf2
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
217.160.0.146 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
217-160-0-146.elastic-ssl.ui-r.com
Software
Apache /
Resource Hash
6d9f061cba81145d9bab0964192d66cb2e13a71591482cdfaf5b718341171da1

Request headers

:path
/wordpress/wp-includes/js/mediaelement/wp-mediaelement.css?ver=4e9fb397a60a1f94ccb51524dee6bbf2
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
securityaffairs.co
referer
https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Sat, 09 Oct 2021 11:12:09 GMT
last-modified
Wed, 13 Nov 2019 23:52:08 GMT
server
Apache
accept-ranges
bytes
etag
"1360-597430d7ee92b"
content-length
4960
content-type
text/css
cookie-law-info-public.css
securityaffairs.co/wordpress/wp-content/plugins/cookie-law-info/public/css/ 		3 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/plugins/cookie-law-info/public/css/cookie-law-info-public.css?ver=2.0.6
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
217.160.0.146 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
217-160-0-146.elastic-ssl.ui-r.com
Software
Apache /
Resource Hash
b8fa20af264fcdd99621fc4e3a770927452b0fe382599e0d890a3bfa31152f80

Request headers

:path
/wordpress/wp-content/plugins/cookie-law-info/public/css/cookie-law-info-public.css?ver=2.0.6
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
securityaffairs.co
referer
https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Sat, 09 Oct 2021 11:12:09 GMT
last-modified
Wed, 29 Sep 2021 22:16:12 GMT
server
Apache
accept-ranges
bytes
etag
"c25-5cd29ad8a380c"
content-length
3109
content-type
text/css
cookie-law-info-gdpr.css
securityaffairs.co/wordpress/wp-content/plugins/cookie-law-info/public/css/ 		28 KB
28 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/plugins/cookie-law-info/public/css/cookie-law-info-gdpr.css?ver=2.0.6
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
217.160.0.146 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
217-160-0-146.elastic-ssl.ui-r.com
Software
Apache /
Resource Hash
1523ddaa632d195a1240668fb5c6870519e3cdfeabd5a346141bcbb03222e2e7

Request headers

:path
/wordpress/wp-content/plugins/cookie-law-info/public/css/cookie-law-info-gdpr.css?ver=2.0.6
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
securityaffairs.co
referer
https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Sat, 09 Oct 2021 11:12:09 GMT
last-modified
Wed, 29 Sep 2021 22:16:12 GMT
server
Apache
accept-ranges
bytes
etag
"7045-5cd29ad8a380c"
content-length
28741
content-type
text/css
font-awesome.min.css
maxcdn.bootstrapcdn.com/font-awesome/4.3.0/css/ 		23 KB
6 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://maxcdn.bootstrapcdn.com/font-awesome/4.3.0/css/font-awesome.min.css?ver=4e9fb397a60a1f94ccb51524dee6bbf2
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.10.207 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
541ac58217a8ade1a5e292a65a0661dc9db7a49ae13654943817a4fbc6761afd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Sat, 09 Oct 2021 11:12:09 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
cdn-edgestorageid
632, 617, 617
age
2596973
cdn-cachedat
2021-06-08 21:08:57
cdn-pullzone
252412
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
timing-allow-origin
*
access-control-allow-origin
*
last-modified
Mon, 25 Jan 2021 22:04:54 GMT
server
cloudflare
cdn-requestpullcode
200
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/css; charset=utf-8
cdn-cache
HIT
vary
Accept-Encoding
cache-control
public, max-age=31919000
cdn-uid
b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid
b034e617fbf9c231f9166f3690415fc1
cf-ray
69b72c1b7826bf00-FRA
cdn-requestcountrycode
DE
cdn-status
200
cdn-requestpullsuccess
True
custom.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/jqueryui/ 		19 KB
20 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/jqueryui/custom.css?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
217.160.0.146 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
217-160-0-146.elastic-ssl.ui-r.com
Software
Apache /
Resource Hash
e89bbc7723c5114f9cf138c6019bbca4e4f5e13f6b9febaa38c92c4c3584a964

Request headers

:path
/wordpress/wp-content/themes/rigel_old/css/jqueryui/custom.css?ver=1.4.1
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
securityaffairs.co
referer
https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Sat, 09 Oct 2021 11:12:09 GMT
last-modified
Wed, 16 Dec 2015 13:54:59 GMT
server
Apache
accept-ranges
bytes
etag
"4d92-52704407f72c0"
content-length
19858
content-type
text/css
tipsy.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/ 		539 B
683 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/tipsy.css?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
217.160.0.146 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
217-160-0-146.elastic-ssl.ui-r.com
Software
Apache /
Resource Hash
8d732b3483eb44546a848a82cc9d6a584c81860aae7255f7ac589dcb3f130535

Request headers

:path
/wordpress/wp-content/themes/rigel_old/css/tipsy.css?ver=1.4.1
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
securityaffairs.co
referer
https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Sat, 09 Oct 2021 11:12:09 GMT
last-modified
Wed, 16 Dec 2015 06:58:04 GMT
server
Apache
accept-ranges
bytes
etag
"21b-526fe6d7cd700"
content-length
539
content-type
text/css
flexslider.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/flexslider/ 		6 KB
6 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/flexslider/flexslider.css?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
217.160.0.146 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
217-160-0-146.elastic-ssl.ui-r.com
Software
Apache /
Resource Hash
759949fb0ffaa47eb3755d704adfee7be3ab4fd3d3fa2f37381ca6ea8b9506b1

Request headers

:path
/wordpress/wp-content/themes/rigel_old/js/flexslider/flexslider.css?ver=1.4.1
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
securityaffairs.co
referer
https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Sat, 09 Oct 2021 11:12:09 GMT
last-modified
Wed, 16 Dec 2015 13:55:09 GMT
server
Apache
accept-ranges
bytes
etag
"1851-5270441180940"
content-length
6225
content-type
text/css
animation.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/ 		2 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/animation.css?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
217.160.0.146 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
217-160-0-146.elastic-ssl.ui-r.com
Software
Apache /
Resource Hash
2333802e4a0c86b4cc4c71b376fc0aedc3b03039bfc777d96105f82231215732

Request headers

:path
/wordpress/wp-content/themes/rigel_old/css/animation.css?ver=1.4.1
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
securityaffairs.co
referer
https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Sat, 09 Oct 2021 11:12:09 GMT
last-modified
Wed, 16 Dec 2015 06:58:02 GMT
server
Apache
accept-ranges
bytes
etag
"6b4-526fe6d5e5280"
content-length
1716
content-type
text/css
font-awesome.min.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/ 		17 KB
18 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/font-awesome.min.css?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
217.160.0.146 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
217-160-0-146.elastic-ssl.ui-r.com
Software
Apache /
Resource Hash
b12c1cd811f54d11bfdcb5e235e73934a8b8a7a85eafb8529117f9a5bb64ccf8

Request headers

:path
/wordpress/wp-content/themes/rigel_old/css/font-awesome.min.css?ver=1.4.1
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
securityaffairs.co
referer
https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Sat, 09 Oct 2021 11:12:09 GMT
last-modified
Wed, 16 Dec 2015 06:58:02 GMT
server
Apache
accept-ranges
bytes
etag
"4574-526fe6d5e5280"
content-length
17780
content-type
text/css
swipebox.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 		4 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/swipebox.css?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
217.160.0.146 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
217-160-0-146.elastic-ssl.ui-r.com
Software
Apache /
Resource Hash
9a47abcc220084cd32dd51bd76f84ff7839e2dbf1a132fb970e8a1437f03726b

Request headers

:path
/wordpress/wp-content/themes/rigel_old/js/swipebox.css?ver=1.4.1
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
securityaffairs.co
referer
https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Sat, 09 Oct 2021 11:12:09 GMT
last-modified
Wed, 16 Dec 2015 06:58:18 GMT
server
Apache
accept-ranges
bytes
etag
"118d-526fe6e527680"
content-length
4493
content-type
text/css
jquery.circliful.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/ 		334 B
478 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/jquery.circliful.css?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
217.160.0.146 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
217-160-0-146.elastic-ssl.ui-r.com
Software
Apache /
Resource Hash
7478123ab457a28ecf9df78f2832fbdbefc205eaef0930b4f6666903e756be46

Request headers

:path
/wordpress/wp-content/themes/rigel_old/css/jquery.circliful.css?ver=1.4.1
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
securityaffairs.co
referer
https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Sat, 09 Oct 2021 11:12:09 GMT
last-modified
Wed, 16 Dec 2015 06:58:02 GMT
server
Apache
accept-ranges
bytes
etag
"14e-526fe6d5e5280"
content-length
334
content-type
text/css
screen.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/ 		110 KB
110 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/screen.css?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
217.160.0.146 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
217-160-0-146.elastic-ssl.ui-r.com
Software
Apache /
Resource Hash
13b61826fde5b78966364a0bfe1f2309da1f0ccd75923528a5014978b7276742

Request headers

:path
/wordpress/wp-content/themes/rigel_old/css/screen.css?ver=1.4.1
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
securityaffairs.co
referer
https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Sat, 09 Oct 2021 11:12:09 GMT
last-modified
Wed, 16 Dec 2015 06:58:04 GMT
server
Apache
accept-ranges
bytes
etag
"1b844-526fe6d7cd700"
content-length
112708
content-type
text/css
custom-css.php
securityaffairs.co/wordpress/wp-content/themes/rigel_old/templates/ 		12 KB
12 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/templates/custom-css.php?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
217.160.0.146 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
217-160-0-146.elastic-ssl.ui-r.com
Software
Apache /
Resource Hash
18d61b5ee68a57bd7a4733f776f9f8aa5c353e7f35a420881523b6edbf7c6b19

Request headers

:path
/wordpress/wp-content/themes/rigel_old/templates/custom-css.php?ver=1.4.1
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
securityaffairs.co
referer
https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Sat, 09 Oct 2021 11:12:09 GMT
content-type
text/css; charset: UTF-8;charset=UTF-8
server
Apache
grid.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/ 		49 KB
50 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/grid.css?ver=4e9fb397a60a1f94ccb51524dee6bbf2
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
217.160.0.146 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
217-160-0-146.elastic-ssl.ui-r.com
Software
Apache /
Resource Hash
00d534b6d1d7adf2faa7861ce9557403c3c08304e2791fd4301029b0e142c286

Request headers

:path
/wordpress/wp-content/themes/rigel_old/css/grid.css?ver=4e9fb397a60a1f94ccb51524dee6bbf2
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
securityaffairs.co
referer
https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Sat, 09 Oct 2021 11:12:09 GMT
last-modified
Wed, 16 Dec 2015 06:58:03 GMT
server
Apache
accept-ranges
bytes
etag
"c5f2-526fe6d6d94c0"
content-length
50674
content-type
text/css
sharing.css
securityaffairs.co/wordpress/wp-content/plugins/jetpack/modules/sharedaddy/ 		19 KB
19 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/plugins/jetpack/modules/sharedaddy/sharing.css?ver=10.2
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
217.160.0.146 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
217-160-0-146.elastic-ssl.ui-r.com
Software
Apache /
Resource Hash
8e6479cd4913a87170eb62978960f57a2966a67fe1ce10ece3cbf9ee4097aa70

Request headers

:path
/wordpress/wp-content/plugins/jetpack/modules/sharedaddy/sharing.css?ver=10.2
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
securityaffairs.co
referer
https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Sat, 09 Oct 2021 11:12:09 GMT
last-modified
Wed, 06 Oct 2021 04:54:29 GMT
server
Apache
accept-ranges
bytes
etag
"4cb9-5cda7f0f3d183"
content-length
19641
content-type
text/css
social-logos.css
securityaffairs.co/wordpress/wp-content/plugins/jetpack/_inc/social-logos/ 		12 KB
12 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/plugins/jetpack/_inc/social-logos/social-logos.css?ver=10.2
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
217.160.0.146 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
217-160-0-146.elastic-ssl.ui-r.com
Software
Apache /
Resource Hash
4cdecc62f5b2c8e9f7cf7b14b9fd42e0c4787d912c1b71426cdfbe0144cede46

Request headers

:path
/wordpress/wp-content/plugins/jetpack/_inc/social-logos/social-logos.css?ver=10.2
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
securityaffairs.co
referer
https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Sat, 09 Oct 2021 11:12:09 GMT
last-modified
Wed, 06 Oct 2021 04:54:27 GMT
server
Apache
accept-ranges
bytes
etag
"312f-5cda7f0d5e937"
content-length
12591
content-type
text/css
frontend-gtag.js
securityaffairs.co/wordpress/wp-content/plugins/google-analytics-dashboard-for-wp/assets/js/ 		28 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/plugins/google-analytics-dashboard-for-wp/assets/js/frontend-gtag.js?ver=1633777929
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
217.160.0.146 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
217-160-0-146.elastic-ssl.ui-r.com
Software
Apache /
Resource Hash
b0534210815c3c9ee7e1df828e0916d2997bf39db55466c2cb7353e423db4499

Request headers

:path
/wordpress/wp-content/plugins/google-analytics-dashboard-for-wp/assets/js/frontend-gtag.js?ver=1633777929
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
securityaffairs.co
referer
https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Sat, 09 Oct 2021 11:12:09 GMT
last-modified
Wed, 29 Sep 2021 22:16:15 GMT
server
Apache
accept-ranges
bytes
etag
"6ffc-5cd29adbd0faf"
content-length
28668
content-type
application/javascript
jquery.js
securityaffairs.co/wordpress/wp-includes/js/jquery/ 		282 KB
282 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-includes/js/jquery/jquery.js?ver=3.6.0
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
217.160.0.146 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
217-160-0-146.elastic-ssl.ui-r.com
Software
Apache /
Resource Hash
8c3010509fc7480b59413a90d69e9fafcb3d5aa202faf7862466f6bb8be1a335

Request headers

:path
/wordpress/wp-includes/js/jquery/jquery.js?ver=3.6.0
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
securityaffairs.co
referer
https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Sat, 09 Oct 2021 11:12:09 GMT
last-modified
Fri, 23 Jul 2021 22:11:53 GMT
server
Apache
accept-ranges
bytes
etag
"46758-5c7d1b0e12d00"
content-length
288600
content-type
application/javascript
jquery-migrate.js
securityaffairs.co/wordpress/wp-includes/js/jquery/ 		25 KB
25 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-includes/js/jquery/jquery-migrate.js?ver=3.3.2
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
217.160.0.146 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
217-160-0-146.elastic-ssl.ui-r.com
Software
Apache /
Resource Hash
9c062d10663416484b5a59bb47a0308526bec56cc69e9f3499fa087d8eae5c7a

Request headers

:path
/wordpress/wp-includes/js/jquery/jquery-migrate.js?ver=3.3.2
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
securityaffairs.co
referer
https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Sat, 09 Oct 2021 11:12:09 GMT
last-modified
Wed, 09 Dec 2020 23:31:00 GMT
server
Apache
accept-ranges
bytes
etag
"62d4-5b61073af5aea"
content-length
25300
content-type
application/javascript
cookie-law-info-public.js
securityaffairs.co/wordpress/wp-content/plugins/cookie-law-info/public/js/ 		34 KB
35 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/plugins/cookie-law-info/public/js/cookie-law-info-public.js?ver=2.0.6
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
217.160.0.146 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
217-160-0-146.elastic-ssl.ui-r.com
Software
Apache /
Resource Hash
7739eefcdee8afcb00fbe9a35cc795fff0cff7092b10d56c4190484d42892433

Request headers

:path
/wordpress/wp-content/plugins/cookie-law-info/public/js/cookie-law-info-public.js?ver=2.0.6
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
securityaffairs.co
referer
https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Sat, 09 Oct 2021 11:12:09 GMT
last-modified
Wed, 29 Sep 2021 22:16:12 GMT
server
Apache
accept-ranges
bytes
etag
"8960-5cd29ad8a47ac"
content-length
35168
content-type
application/javascript
medianetAdInjector.js
securityaffairs.co/wordpress/wp-content/plugins/media-net-ads-manager/js/ 		562 B
716 B 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/plugins/media-net-ads-manager/js/medianetAdInjector.js?ver=2.10.13
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
217.160.0.146 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
217-160-0-146.elastic-ssl.ui-r.com
Software
Apache /
Resource Hash
37d925559381e9d5388c4a096fe1383570546b7b11548d7d6a7e560adcc24e5d

Request headers

:path
/wordpress/wp-content/plugins/media-net-ads-manager/js/medianetAdInjector.js?ver=2.10.13
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
securityaffairs.co
referer
https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Sat, 09 Oct 2021 11:12:09 GMT
last-modified
Sat, 08 May 2021 23:27:41 GMT
server
Apache
accept-ranges
bytes
etag
"232-5c1d9e407bb22"
content-length
562
content-type
application/javascript
st_insights.js
ws.sharethis.com/button/ 		25 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ws.sharethis.com/button/st_insights.js?publisher=4d48b7c5-0ae3-43d4-bfbe-3ff8c17a8ae6&product=simpleshare
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.35.253.67 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-35-253-67.fra6.r.cloudfront.net
Software
nginx/1.20.1 /
Resource Hash
5c8bd0c2f891239145b9a187e6490a89c8af9f6b5224cea83884f6c5662d1b48

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Thu, 07 Oct 2021 20:47:44 GMT
content-encoding
gzip
age
138265
x-edge-origin-shield-skipped
0
x-cache
Hit from cloudfront
content-length
7318
server
nginx/1.20.1
etag
W/"612ef1c2-63db"
vary
Accept-Encoding
content-type
application/javascript
via
1.1 b8e900270aa30d899882e71796feca9c.cloudfront.net (CloudFront)
cache-control
max-age=259200
x-amz-cf-pop
FRA6-C1
x-robots-tag
noindex, nofollow
x-amz-cf-id
f0bPtKTxDba9Atprpaq-R5EmIkZBgwDNaMc8Z28lsCn6jxva99VIDg==
expires
Sun, 10 Oct 2021 20:47:44 GMT
sharethis.js
platform-api.sharethis.com/js/ 		183 KB
41 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://platform-api.sharethis.com/js/sharethis.js
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.29.9 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-29-9.fra56.r.cloudfront.net
Software
/
Resource Hash
b3dca6992b4f8770bc3dba5f82f6325a82d2adabf685da88d950f6fe87b16716

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Sat, 09 Oct 2021 11:07:47 GMT
content-encoding
gzip
age
262
etag
W/"2dcf1-RQaJcGO9+DuZ32kDJGMESLkOoPg"
vary
Accept-Encoding
x-edge-origin-shield-skipped
0
content-type
text/javascript; charset=utf-8
via
1.1 cb1bcb02f5d0667fafd0890701965f18.cloudfront.net (CloudFront)
edge-control
cache-maxage=60m,downstream-ttl=60m
cache-control
max-age=600, public
x-cache
Hit from cloudfront
x-amz-cf-pop
FRA56-C2
x-amz-cf-id
xxkgOryX2QZU4QdkkK8bL3zzz2NTF8oH0bXu66VsPrAP3_j56DzwKQ==
dmedianet.js
contextual.media.net/ 		158 KB
53 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://contextual.media.net/dmedianet.js?cid=8CU5BD6EW
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-235-93.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
30913ad6947d623fe2ffb126516eee0bc0e181b51238f292caf37b6a6ea463b5
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-mnt-h
10-6
content-encoding
gzip
server
Apache
p3p
CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
etag
"c805e8a31c9b3163f5c77d9323bc6179"
vary
Accept-Encoding
content-type
text/javascript; charset=utf-8
cache-control
max-age=300
date
Sat, 09 Oct 2021 11:12:10 GMT
strict-transport-security
max-age=604800
x-mnt-w
8-8
expires
Sat, 09 Oct 2021 11:17:10 GMT
logo_SecurityAffairs.png
securityaffairs.co/wordpress/wp-content/uploads/2015/12/ 		44 KB
44 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://securityaffairs.co/wordpress/wp-content/uploads/2015/12/logo_SecurityAffairs.png
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
217.160.0.146 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
217-160-0-146.elastic-ssl.ui-r.com
Software
Apache /
Resource Hash
00f28fdb987ce0f9edc935ffe381123a2e1f79fcc0f55759a7bb4a83b4a88584

Request headers

:path
/wordpress/wp-content/uploads/2015/12/logo_SecurityAffairs.png
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
securityaffairs.co
referer
https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Sat, 09 Oct 2021 11:12:10 GMT
last-modified
Wed, 16 Dec 2015 17:30:42 GMT
server
Apache
accept-ranges
bytes
etag
"b0e9-5270743f5f480"
content-length
45289
content-type
image/png
headerbid.js
served-by.pixfuture.com/www/delivery/ 		973 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://served-by.pixfuture.com/www/delivery/headerbid.js
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
d490f2efc64637640a21c5282a89dd22344e58974641bc7bbbfa4c7e4dc8648e

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Sat, 09 Oct 2021 11:12:10 GMT
last-modified
Tue, 02 Mar 2021 20:36:48 GMT
server
nginx/1.10.3 (Ubuntu)
etag
"603ea1e0-3cd"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=172800, public, no-transform
access-control-allow-credentials
true
accept-ranges
bytes
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length
973
expires
Mon, 11 Oct 2021 11:12:10 GMT
facebook.png
i0.wp.com/securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/ 		830 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i0.wp.com/securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/facebook.png?ssl=1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i1.wp.com
Software
nginx /
Resource Hash
4c6b4ef22f4c5dd8fd6e17ab6706d8c55d236824c20b3d8dcd310f7de744def6
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-nc
HIT hhn 1
date
Sat, 09 Oct 2021 11:12:10 GMT
x-content-type-options
nosniff
last-modified
Wed, 10 Jun 2020 20:34:29 GMT
server
nginx
etag
"509a053c355d6394"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<https://securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/facebook.png>; rel="canonical"
content-length
830
expires
Sat, 11 Jun 2022 08:34:29 GMT
twitter.png
i1.wp.com/securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i1.wp.com/securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/twitter.png?ssl=1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i1.wp.com
Software
nginx /
Resource Hash
650868ebc4c00b2ea4ea72747f655f8a0552ba53c9b5b55defd9457be75f1aa9
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-nc
HIT hhn 4
date
Sat, 09 Oct 2021 11:12:10 GMT
x-content-type-options
nosniff
last-modified
Thu, 05 Nov 2020 08:12:40 GMT
server
nginx
etag
"fbafb4fa36d9fc66"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<https://securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/twitter.png>; rel="canonical"
content-length
1082
expires
Sat, 05 Nov 2022 20:12:40 GMT
linkedin.png
i1.wp.com/securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i1.wp.com/securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/linkedin.png?ssl=1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i1.wp.com
Software
nginx /
Resource Hash
b97d80b9eedfeb29936f0d7f89afbdd425ef8d930d09fa1f98030ceb8b26cabd
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-nc
HIT hhn 4
date
Sat, 09 Oct 2021 11:12:10 GMT
x-content-type-options
nosniff
last-modified
Thu, 05 Nov 2020 08:12:40 GMT
server
nginx
etag
"8daaaf021369fdba"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<https://securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/linkedin.png>; rel="canonical"
content-length
1184
expires
Sat, 05 Nov 2022 20:12:40 GMT
The-Netherlands-flag.jpg
securityaffairs.co/wordpress/wp-content/uploads/2021/10/ 		99 KB
100 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://securityaffairs.co/wordpress/wp-content/uploads/2021/10/The-Netherlands-flag.jpg
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
217.160.0.146 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
217-160-0-146.elastic-ssl.ui-r.com
Software
Apache /
Resource Hash
843f77ef599ca3177f3b2750a31e08e3d2e3eddfcc535756cfde8f6016724d90

Request headers

:path
/wordpress/wp-content/uploads/2021/10/The-Netherlands-flag.jpg
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
securityaffairs.co
referer
https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Sat, 09 Oct 2021 11:12:10 GMT
last-modified
Fri, 08 Oct 2021 11:30:19 GMT
server
Apache
accept-ranges
bytes
etag
"18d1a-5cdd5b448a369"
content-length
101658
content-type
image/jpeg
Gmail-alert.jpg
securityaffairs.co/wordpress/wp-content/uploads/2021/10/ 		73 KB
73 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://securityaffairs.co/wordpress/wp-content/uploads/2021/10/Gmail-alert.jpg
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
217.160.0.146 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
217-160-0-146.elastic-ssl.ui-r.com
Software
Apache /
Resource Hash
b84ddaf19d3b0119177885ed3dc6b4437d400dd0255aa9d76288070beb3a9041

Request headers

:path
/wordpress/wp-content/uploads/2021/10/Gmail-alert.jpg
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
securityaffairs.co
referer
https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Sat, 09 Oct 2021 11:12:10 GMT
last-modified
Fri, 08 Oct 2021 09:04:24 GMT
server
Apache
accept-ranges
bytes
etag
"12438-5cdd3aa6df0bb"
content-length
74808
content-type
image/jpeg
sdk.js
connect.facebook.net/en_US/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/sdk.js
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
157.240.20.19 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
xx-fbcdn-shv-02-frt3.fbcdn.net
Software
/
Resource Hash
cfe365d084fe9e5bc9ad57f8c42f748721d83bc315e31bf8572b977e3f4dff09
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
content-md5
ctIAA7SpdFoqP2jnOKKlcQ==
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=3600,h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
1685
x-fb-rlafr
0
x-fb-debug
S3Z0UOyxPww3e4O+2Ma+kwhVH/YcXoBAYMyBNIIQw+b5BOQS/y67/Do0Nt9jOQ7ApM/MbNoVYuJqDHf+tFQJKw==
x-fb-trip-id
686109401
x-fb-content-md5
67c6beee9238ef635e0856a64fd352ae
x-frame-options
DENY
date
Sat, 09 Oct 2021 11:12:10 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
X-FB-Content-MD5
cache-control
public,max-age=1200,stale-while-revalidate=3600
etag
"206cfdca62f6f7bdebdd7bf990bddc52"
timing-allow-origin
*
priority
u=3,i
expires
Sat, 09 Oct 2021 11:18:54 GMT
Russia-linked-nation-state-actor.jpg
i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2021/10/ 		11 KB
11 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2021/10/Russia-linked-nation-state-actor.jpg?resize=300%2C300&ssl=1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i1.wp.com
Software
nginx /
Resource Hash
5d0074cbdb9785fbf7a269393a3466e1f2764ebf191469851f1dcee6b4eb0885
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-nc
HIT hhn 2
date
Sat, 09 Oct 2021 11:12:10 GMT
x-content-type-options
nosniff
last-modified
Sat, 09 Oct 2021 08:31:47 GMT
server
nginx
etag
"0f4e6c794ef2af37"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<https://securityaffairs.co/wordpress/wp-content/uploads/2021/10/Russia-linked-nation-state-actor.jpg>; rel="canonical"
content-length
11212
expires
Mon, 09 Oct 2023 20:31:47 GMT
ssba.css
securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/css/ 		156 KB
157 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/css/ssba.css?ver=4e9fb397a60a1f94ccb51524dee6bbf2
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
217.160.0.146 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
217-160-0-146.elastic-ssl.ui-r.com
Software
Apache /
Resource Hash
1cc4f4c92b087dcaf73fae7b25faeb55c5b3399e5ccf1d8ac5dbc01231fdb61a

Request headers

:path
/wordpress/wp-content/plugins/simple-share-buttons-adder/css/ssba.css?ver=4e9fb397a60a1f94ccb51524dee6bbf2
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
securityaffairs.co
referer
https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Sat, 09 Oct 2021 11:12:09 GMT
last-modified
Wed, 06 Oct 2021 04:54:36 GMT
server
Apache
accept-ranges
bytes
etag
"2719b-5cda7f1621c10"
content-length
160155
content-type
text/css
photon.js
securityaffairs.co/wordpress/wp-content/plugins/jetpack/modules/photon/ 		2 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/plugins/jetpack/modules/photon/photon.js?ver=20191001
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
217.160.0.146 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
217-160-0-146.elastic-ssl.ui-r.com
Software
Apache /
Resource Hash
e2dc35b0dbaa16b45d96eb3691927df48e091f4983ed2cc079568b789f9559da

Request headers

:path
/wordpress/wp-content/plugins/jetpack/modules/photon/photon.js?ver=20191001
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
securityaffairs.co
referer
https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Sat, 09 Oct 2021 11:12:09 GMT
last-modified
Wed, 06 Oct 2021 04:54:29 GMT
server
Apache
accept-ranges
bytes
etag
"6e0-5cda7f0ef7c22"
content-length
1760
content-type
application/javascript
jquery.adrotate.clicktracker.js
securityaffairs.co/wordpress/wp-content/plugins/adrotate/library/ 		365 B
519 B 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/plugins/adrotate/library/jquery.adrotate.clicktracker.js
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
217.160.0.146 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
217-160-0-146.elastic-ssl.ui-r.com
Software
Apache /
Resource Hash
65cfa6801a0886fab249b224e8a6982b4740fe7879fce99ff13ddaac9aaca01a

Request headers

:path
/wordpress/wp-content/plugins/adrotate/library/jquery.adrotate.clicktracker.js
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
securityaffairs.co
referer
https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Sat, 09 Oct 2021 11:12:09 GMT
last-modified
Sun, 05 Sep 2021 22:22:00 GMT
server
Apache
accept-ranges
bytes
etag
"16d-5cb46f619b099"
content-length
365
content-type
application/javascript
ssba.js
securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/js/ 		2 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/js/ssba.js?ver=4e9fb397a60a1f94ccb51524dee6bbf2
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
217.160.0.146 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
217-160-0-146.elastic-ssl.ui-r.com
Software
Apache /
Resource Hash
76a18f5f0637e0d73ce1afece898ce8b0fa75bb6b1c1990ae4a7ac6b083045ce

Request headers

:path
/wordpress/wp-content/plugins/simple-share-buttons-adder/js/ssba.js?ver=4e9fb397a60a1f94ccb51524dee6bbf2
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
securityaffairs.co
referer
https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Sat, 09 Oct 2021 11:12:09 GMT
last-modified
Wed, 06 Oct 2021 04:54:36 GMT
server
Apache
accept-ranges
bytes
etag
"792-5cda7f1635491"
content-length
1938
content-type
application/javascript
hint.js
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 		987 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/hint.js?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
217.160.0.146 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
217-160-0-146.elastic-ssl.ui-r.com
Software
Apache /
Resource Hash
d99ea9db1da8549489666d36c9e3fb717842550eed1554e96860af8d30c3b008

Request headers

:path
/wordpress/wp-content/themes/rigel_old/js/hint.js?ver=1.4.1
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
securityaffairs.co
referer
https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Sat, 09 Oct 2021 11:12:09 GMT
last-modified
Wed, 16 Dec 2015 06:58:17 GMT
server
Apache
accept-ranges
bytes
etag
"3db-526fe6e433440"
content-length
987
content-type
application/javascript
jquery.tipsy.js
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 		4 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/jquery.tipsy.js?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
217.160.0.146 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
217-160-0-146.elastic-ssl.ui-r.com
Software
Apache /
Resource Hash
0e53466218d7ff174e0a083ecce89b1c090c67ccbe55775eddca03e930ff9e35

Request headers

:path
/wordpress/wp-content/themes/rigel_old/js/jquery.tipsy.js?ver=1.4.1
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
securityaffairs.co
referer
https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Sat, 09 Oct 2021 11:12:09 GMT
last-modified
Wed, 16 Dec 2015 06:58:17 GMT
server
Apache
accept-ranges
bytes
etag
"1113-526fe6e433440"
content-length
4371
content-type
application/javascript
jquery.easing.js
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 		8 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/jquery.easing.js?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
217.160.0.146 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
217-160-0-146.elastic-ssl.ui-r.com
Software
Apache /
Resource Hash
0757f7ff6e5f6a581922a5e2d42c5e0cf7475d880885a9802e8bdd5e4188dd34

Request headers

:path
/wordpress/wp-content/themes/rigel_old/js/jquery.easing.js?ver=1.4.1
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
securityaffairs.co
referer
https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Sat, 09 Oct 2021 11:12:09 GMT
last-modified
Wed, 16 Dec 2015 06:58:17 GMT
server
Apache
accept-ranges
bytes
etag
"1fa1-526fe6e433440"
content-length
8097
content-type
application/javascript
browser.js
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 		3 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/browser.js?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
217.160.0.146 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
217-160-0-146.elastic-ssl.ui-r.com
Software
Apache /
Resource Hash
1aaab3c3d6f974416ae34893cebe3a544aea17931439b2449ec392061d11ec82

Request headers

:path
/wordpress/wp-content/themes/rigel_old/js/browser.js?ver=1.4.1
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
securityaffairs.co
referer
https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Sat, 09 Oct 2021 11:12:09 GMT
last-modified
Wed, 16 Dec 2015 06:58:16 GMT
server
Apache
accept-ranges
bytes
etag
"a36-526fe6e33f200"
content-length
2614
content-type
application/javascript
jquery.flexslider-min.js
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/flexslider/ 		21 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/flexslider/jquery.flexslider-min.js?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
217.160.0.146 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
217-160-0-146.elastic-ssl.ui-r.com
Software
Apache /
Resource Hash
45185c8f6cd2f9b42e3a02b78af40edc7d61328fac3167a0490c9c69bbecaaa6

Request headers

:path
/wordpress/wp-content/themes/rigel_old/js/flexslider/jquery.flexslider-min.js?ver=1.4.1
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
securityaffairs.co
referer
https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Sat, 09 Oct 2021 11:12:09 GMT
last-modified
Wed, 16 Dec 2015 13:55:10 GMT
server
Apache
accept-ranges
bytes
etag
"53ae-5270441274b80"
content-length
21422
content-type
application/javascript
waypoints.min.js
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 		8 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/waypoints.min.js?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
217.160.0.146 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
217-160-0-146.elastic-ssl.ui-r.com
Software
Apache /
Resource Hash
a0fded691aed767f851011cd3185b928619298a21a0fbdad4808a9e88b490833

Request headers

:path
/wordpress/wp-content/themes/rigel_old/js/waypoints.min.js?ver=1.4.1
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
securityaffairs.co
referer
https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Sat, 09 Oct 2021 11:12:09 GMT
last-modified
Wed, 16 Dec 2015 06:58:18 GMT
server
Apache
accept-ranges
bytes
etag
"1f6c-526fe6e527680"
content-length
8044
content-type
application/javascript
mediaelement-and-player.min.js
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/mediaelement/ 		69 KB
70 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/mediaelement/mediaelement-and-player.min.js?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
217.160.0.146 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
217-160-0-146.elastic-ssl.ui-r.com
Software
Apache /
Resource Hash
f0c6d2d27de284102b03e30cd74be808801ec53ca49f30b4d15620ee84ea39f5

Request headers

:path
/wordpress/wp-content/themes/rigel_old/js/mediaelement/mediaelement-and-player.min.js?ver=1.4.1
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
securityaffairs.co
referer
https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Sat, 09 Oct 2021 11:12:09 GMT
last-modified
Wed, 16 Dec 2015 13:55:14 GMT
server
Apache
accept-ranges
bytes
etag
"11571-5270441645480"
content-length
71025
content-type
application/javascript
jquery.swipebox.min.js
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 		11 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/jquery.swipebox.min.js?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
217.160.0.146 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
217-160-0-146.elastic-ssl.ui-r.com
Software
Apache /
Resource Hash
2199990352edbb7ec586e01d26e2f6a7010a2fce1517711019b614dcec353ba3

Request headers

:path
/wordpress/wp-content/themes/rigel_old/js/jquery.swipebox.min.js?ver=1.4.1
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
securityaffairs.co
referer
https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Sat, 09 Oct 2021 11:12:10 GMT
last-modified
Wed, 16 Dec 2015 06:58:17 GMT
server
Apache
accept-ranges
bytes
etag
"2a67-526fe6e433440"
content-length
10855
content-type
application/javascript
jquery.circliful.min.js
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 		3 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/jquery.circliful.min.js?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
217.160.0.146 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
217-160-0-146.elastic-ssl.ui-r.com
Software
Apache /
Resource Hash
1832a6ee34745b08b1fcae42c24468086358b43071d7679a738951aa7dc243ea

Request headers

:path
/wordpress/wp-content/themes/rigel_old/js/jquery.circliful.min.js?ver=1.4.1
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
securityaffairs.co
referer
https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Sat, 09 Oct 2021 11:12:10 GMT
last-modified
Wed, 16 Dec 2015 06:58:17 GMT
server
Apache
accept-ranges
bytes
etag
"c18-526fe6e433440"
content-length
3096
content-type
application/javascript
jquery.smarticker.min.js
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 		13 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/jquery.smarticker.min.js?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
217.160.0.146 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
217-160-0-146.elastic-ssl.ui-r.com
Software
Apache /
Resource Hash
5525d57ced576560de8777ea78e4bc0c9d55396c0b668a7563b354de9c165aee

Request headers

:path
/wordpress/wp-content/themes/rigel_old/js/jquery.smarticker.min.js?ver=1.4.1
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
securityaffairs.co
referer
https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Sat, 09 Oct 2021 11:12:10 GMT
last-modified
Wed, 16 Dec 2015 06:58:17 GMT
server
Apache
accept-ranges
bytes
etag
"3225-526fe6e433440"
content-length
12837
content-type
application/javascript
custom.js
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 		12 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/custom.js?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
217.160.0.146 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
217-160-0-146.elastic-ssl.ui-r.com
Software
Apache /
Resource Hash
0c27a9c1aee9eacb73655f930a6bbf9ec721006695e5c38405296081cdbcb878

Request headers

:path
/wordpress/wp-content/themes/rigel_old/js/custom.js?ver=1.4.1
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
securityaffairs.co
referer
https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Sat, 09 Oct 2021 11:12:10 GMT
last-modified
Wed, 16 Dec 2015 06:58:16 GMT
server
Apache
accept-ranges
bytes
etag
"31d4-526fe6e33f200"
content-length
12756
content-type
application/javascript
wp-embed.js
securityaffairs.co/wordpress/wp-includes/js/ 		3 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-includes/js/wp-embed.js?ver=4e9fb397a60a1f94ccb51524dee6bbf2
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
217.160.0.146 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
217-160-0-146.elastic-ssl.ui-r.com
Software
Apache /
Resource Hash
d931ba2089021a1357761939c18bcc09aa856d39be2a707ea450333f5b3443c4

Request headers

:path
/wordpress/wp-includes/js/wp-embed.js?ver=4e9fb397a60a1f94ccb51524dee6bbf2
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
securityaffairs.co
referer
https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Sat, 09 Oct 2021 11:12:10 GMT
last-modified
Thu, 21 Feb 2019 22:56:38 GMT
server
Apache
accept-ranges
bytes
etag
"c8e-5826f6315ef61"
content-length
3214
content-type
application/javascript
sharing.js
securityaffairs.co/wordpress/wp-content/plugins/jetpack/modules/sharedaddy/ 		23 KB
23 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/plugins/jetpack/modules/sharedaddy/sharing.js?ver=10.2
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
217.160.0.146 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
217-160-0-146.elastic-ssl.ui-r.com
Software
Apache /
Resource Hash
bc29c34d0738c5cb3f96585219667566799d9e142699e982f9406d5b04fa9794

Request headers

:path
/wordpress/wp-content/plugins/jetpack/modules/sharedaddy/sharing.js?ver=10.2
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
securityaffairs.co
referer
https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Sat, 09 Oct 2021 11:12:10 GMT
last-modified
Wed, 06 Oct 2021 04:54:29 GMT
server
Apache
accept-ranges
bytes
etag
"5a9e-5cda7f0f3d183"
content-length
23198
content-type
application/javascript
e-202140.js
stats.wp.com/ 		9 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://stats.wp.com/e-202140.js
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.76.3 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
0ebbc7fba9a50d36ef5422345f624431710db4528f25749d1d438c2c10bb69f2

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-nc
HIT hhn
date
Sat, 09 Oct 2021 11:12:10 GMT
content-encoding
gzip
server
nginx
etag
W/"5c6340e3-350a"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=31536000
expires
Wed, 21 Sep 2022 02:00:41 GMT
twemoji.js
securityaffairs.co/wordpress/wp-includes/js/ 		31 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-includes/js/twemoji.js?ver=4e9fb397a60a1f94ccb51524dee6bbf2
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
217.160.0.146 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
217-160-0-146.elastic-ssl.ui-r.com
Software
Apache /
Resource Hash
f9fae20d30474c95bf8745df26cfa5c62803462a9ee57dd710c8266d7ece3f3e

Request headers

:path
/wordpress/wp-includes/js/twemoji.js?ver=4e9fb397a60a1f94ccb51524dee6bbf2
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
securityaffairs.co
referer
https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Sat, 09 Oct 2021 11:12:10 GMT
last-modified
Fri, 23 Jul 2021 22:11:53 GMT
server
Apache
accept-ranges
bytes
etag
"7cdc-5c7d1b0e301c1"
content-length
31964
content-type
application/javascript
wp-emoji.js
securityaffairs.co/wordpress/wp-includes/js/ 		9 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-includes/js/wp-emoji.js?ver=4e9fb397a60a1f94ccb51524dee6bbf2
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
217.160.0.146 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
217-160-0-146.elastic-ssl.ui-r.com
Software
Apache /
Resource Hash
e503c59c36fc19803b2e9572b10e7c06236bda692aebd97f29e2a5a96f9aa5b6

Request headers

:path
/wordpress/wp-includes/js/wp-emoji.js?ver=4e9fb397a60a1f94ccb51524dee6bbf2
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
securityaffairs.co
referer
https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Sat, 09 Oct 2021 11:12:10 GMT
last-modified
Tue, 31 Mar 2020 22:49:14 GMT
server
Apache
accept-ranges
bytes
etag
"231d-5a22e608152f1"
content-length
8989
content-type
application/javascript
css
fonts.googleapis.com/ 		0
0
css
fonts.googleapis.com/ 		0
0
css
fonts.googleapis.com/ 		0
0
css
fonts.googleapis.com/ 		0
0
analytics.js
www.google-analytics.com/ 		48 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-59069958-1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.74.206 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s02-in-f14.1e100.net
Software
Golfe2 /
Resource Hash
fd222137f245c06ddb4c4d44db41f12138dad6cf8ef5d4d4a5e500f38f0c8c62
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 11 Aug 2021 00:32:57 GMT
server
Golfe2
age
4264
date
Sat, 09 Oct 2021 10:01:06 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
19747
expires
Sat, 09 Oct 2021 12:01:06 GMT
pview
l.sharethis.com/ 		0
340 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://l.sharethis.com/pview?event=pview&version=st_insights.js&lang=en&sessionID=1633777930257.89894&hostname=securityaffairs.co&location=%2Fwordpress%2F123136%2Fmalware%2Fcox-media-group-ransomware.html&product=simpleshare&fcmp=false&fcmpv2=false&publisher=4d48b7c5-0ae3-43d4-bfbe-3ff8c17a8ae6&refDomain=t.co&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F123136%2Fmalware%2Fcox-media-group-ransomware.html%3Futm_source%3Drss%26utm_medium%3Drss%26utm_campaign%3Dcox-media-group-ransomware&title=Cox%20Media%20Group%20took%20down%20broadcasts%20after%20a%20ransomware%20attackSecurity%20Affairs&sop=false&description=American%20media%20conglomerate%20Cox%20Media%20Group%20(CMG)%20was%20hit%20by%20a%20ransomware%20attack%20that%20took%20down%20live%20TV%20and%20radio%20broadcast%20streams%20in%20June%202021.%20The%20American%20media%20conglomerate%20Cox%20Media%20Group%20(CMG)%20announced%20it%20was%20hit%20by%20a%20ransomware%20attack%20that%20caused%20the%20interruption%20of%20the%20live%20TV%20and%20radio%20broadcast%20streams%20in%20June%20%5B%E2%80%A6%5D
Requested by
Host: ws.sharethis.com
URL: https://ws.sharethis.com/button/st_insights.js?publisher=4d48b7c5-0ae3-43d4-bfbe-3ff8c17a8ae6&product=simpleshare
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.124.181.115 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-124-181-115.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Sat, 09 Oct 2021 11:12:10 GMT
Access-Control-Max-Age
1728000
Access-Control-Allow-Origin
https://securityaffairs.co
Access-Control-Expose-Headers
stid
Cache-Control
no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Access-Control-Allow-Headers
*
log
l.sharethis.com/ 		0
315 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://l.sharethis.com/log?event=ibl&url=https://t.co/&description=American%20media%20conglomerate%20Cox%20Media%20Group%20(CMG)%20was%20hit%20by%20a%20ransomware%20attack%20that%20took%20down%20live%20TV%20and%20radio%20broadcast%20streams%20in%20June%202021.%20The%20American%20media%20conglomerate%20Cox%20Media%20Group%20(CMG)%20announced%20it%20was%20hit%20by%20a%20ransomware%20attack%20that%20caused%20the%20interruption%20of%20the%20live%20TV%20and%20radio%20broadcast%20streams%20in%20June%20%5B%E2%80%A6%5D&img_pview=true
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.124.181.115 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-124-181-115.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Sat, 09 Oct 2021 11:12:10 GMT
Access-Control-Max-Age
1728000
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
stid
Cache-Control
no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Access-Control-Allow-Headers
*
5b71b64b04b9a500117b1015.js
buttons-config.sharethis.com/js/ 		30 B
373 B 		Script
General
Check archive.org
Download Go to
Full URL
https://buttons-config.sharethis.com/js/5b71b64b04b9a500117b1015.js
Requested by
Host: platform-api.sharethis.com
URL: https://platform-api.sharethis.com/js/sharethis.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.66.81 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
2c29defe29114d0e8b948e78d50ebb281035df53a9167089deb1e77e801bbd2f

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Sat, 09 Oct 2021 11:12:10 GMT
via
1.1 c2b4a332b09677da722930ae336c8bfc.cloudfront.net (CloudFront)
last-modified
Mon, 13 Aug 2018 16:48:12 GMT
server
AmazonS3
x-amz-cf-pop
FRA56-C1
etag
"e6e1643313740711175f51662a65b42f"
x-cache
Hit from cloudfront
content-type
text/javascript
cache-control
max-age=60,public
accept-ranges
bytes
content-length
30
x-amz-cf-id
5_jjJO7yZ4IFfayXuMzbijcRkYJcYhmgFwtdV011gaXlWzX8iK6wgQ==
analytics.js
google-analytics.com/ 		48 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://google-analytics.com/analytics.js
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.23.100 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s45-in-f4.1e100.net
Software
Golfe2 /
Resource Hash
fd222137f245c06ddb4c4d44db41f12138dad6cf8ef5d4d4a5e500f38f0c8c62
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 11 Aug 2021 00:32:57 GMT
server
Golfe2
age
5008
date
Sat, 09 Oct 2021 09:48:42 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
19747
expires
Sat, 09 Oct 2021 11:48:42 GMT
fontawesome-webfont.woff
securityaffairs.co/wordpress/wp-content/themes/rigel_old/fonts/ 		43 KB
44 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/fonts/fontawesome-webfont.woff?v=4.0.3
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/font-awesome.min.css?ver=1.4.1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
217.160.0.146 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
217-160-0-146.elastic-ssl.ui-r.com
Software
Apache /
Resource Hash
0fd28fece9ebd606b8b071460ebd3fc2ed7bc7a66ef91c8834f11dfacab4a849

Request headers

:path
/wordpress/wp-content/themes/rigel_old/fonts/fontawesome-webfont.woff?v=4.0.3
pragma
no-cache
origin
https://securityaffairs.co
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
font
:authority
securityaffairs.co
referer
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/font-awesome.min.css?ver=1.4.1
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/font-awesome.min.css?ver=1.4.1
Origin
https://securityaffairs.co
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Sat, 09 Oct 2021 11:12:10 GMT
last-modified
Wed, 16 Dec 2015 06:58:09 GMT
server
Apache
accept-ranges
bytes
etag
"ad90-526fe6dc92240"
content-length
44432
content-type
application/font-woff
pview
l.sharethis.com/ 		0
315 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://l.sharethis.com/pview?event=pview&version=st_insights.js&lang=en&sessionID=1633777930257.89894&hostname=securityaffairs.co&location=%2Fwordpress%2F123136%2Fmalware%2Fcox-media-group-ransomware.html&product=simpleshare&fcmp=false&fcmpv2=false&publisher=4d48b7c5-0ae3-43d4-bfbe-3ff8c17a8ae6&refDomain=t.co&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F123136%2Fmalware%2Fcox-media-group-ransomware.html%3Futm_source%3Drss%26utm_medium%3Drss%26utm_campaign%3Dcox-media-group-ransomware&title=Cox%20Media%20Group%20took%20down%20broadcasts%20after%20a%20ransomware%20attackSecurity%20Affairs&sop=false&description=American%20media%20conglomerate%20Cox%20Media%20Group%20(CMG)%20was%20hit%20by%20a%20ransomware%20attack%20that%20took%20down%20live%20TV%20and%20radio%20broadcast%20streams%20in%20June%202021.%20The%20American%20media%20conglomerate%20Cox%20Media%20Group%20(CMG)%20announced%20it%20was%20hit%20by%20a%20ransomware%20attack%20that%20caused%20the%20interruption%20of%20the%20live%20TV%20and%20radio%20broadcast%20streams%20in%20June%20%5B%E2%80%A6%5D&description=American%20media%20conglomerate%20Cox%20Media%20Group%20(CMG)%20was%20hit%20by%20a%20ransomware%20attack%20that%20took%20down%20live%20TV%20and%20radio%20broadcast%20streams%20in%20June%202021.%20The%20American%20media%20conglomerate%20Cox%20Media%20Group%20(CMG)%20announced%20it%20was%20hit%20by%20a%20ransomware%20attack%20that%20caused%20the%20interruption%20of%20the%20live%20TV%20and%20radio%20broadcast%20streams%20in%20June%20%5B%E2%80%A6%5D&img_pview=true
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.124.181.115 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-124-181-115.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Sat, 09 Oct 2021 11:12:10 GMT
Access-Control-Max-Age
1728000
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
stid
Cache-Control
no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Access-Control-Allow-Headers
*
f00db26378ef7df7c440a8ee60ead62b
secure.gravatar.com/avatar/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://secure.gravatar.com/avatar/f00db26378ef7df7c440a8ee60ead62b?s=60&d=mm&r=g
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.73.2 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
5cbf31f01d7d1ce4853bcd6cc64dbfd103d412ec14d8bcc4ebca3b35dc3f3b74

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-nc
HIT hhn 1
date
Sat, 09 Oct 2021 11:12:10 GMT
last-modified
Wed, 11 Jan 1984 08:00:00 GMT
server
nginx
content-type
image/jpeg
access-control-allow-origin
*
cache-control
max-age=300
content-disposition
inline; filename="f00db26378ef7df7c440a8ee60ead62b.png"
accept-ranges
bytes
link
<https://www.gravatar.com/avatar/f00db26378ef7df7c440a8ee60ead62b?s=60&d=mm&r=g>; rel="canonical"
content-length
1186
expires
Sat, 09 Oct 2021 11:17:10 GMT
Digging-The-Deep-Web.png
i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2018/03/ 		6 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2018/03/Digging-The-Deep-Web.png?resize=236%2C300&ssl=1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i1.wp.com
Software
nginx /
Resource Hash
ba716187f8cc8c54806f5b9de46d1d94bec574ddf31c82f68532cd181e242b7f
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-nc
HIT hhn 3
date
Sat, 09 Oct 2021 11:12:10 GMT
x-content-type-options
nosniff
last-modified
Thu, 05 Nov 2020 08:12:40 GMT
server
nginx
etag
"156244085faab7d3"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<https://securityaffairs.co/wordpress/wp-content/uploads/2018/03/Digging-The-Deep-Web.png>; rel="canonical"
content-length
6414
expires
Sat, 05 Nov 2022 20:12:40 GMT
securityaffairs-best-european-blog2.png
i2.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2020/06/ 		10 KB
10 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i2.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2020/06/securityaffairs-best-european-blog2.png?resize=300%2C217&ssl=1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i1.wp.com
Software
nginx /
Resource Hash
e8caad51a19c5667e4fc7ae6a3b9bf8a23559bb64b09b0c6e90cad6d24083ea6
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Sat, 09 Oct 2021 11:12:10 GMT
x-content-type-options
nosniff
x-bytes-saved
103276
content-length
10314
x-nc
HIT hhn 2
last-modified
Tue, 02 Jun 2020 21:29:55 GMT
server
nginx
etag
"c8c3d7b06b174426"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<https://securityaffairs.co/wordpress/wp-content/uploads/2020/06/securityaffairs-best-european-blog2.png>; rel="canonical"
expires
Fri, 03 Jun 2022 09:29:55 GMT
logo-center-for-cybersecurity.jpg
i1.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2020/10/ 		7 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i1.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2020/10/logo-center-for-cybersecurity.jpg?resize=290%2C300&ssl=1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i1.wp.com
Software
nginx /
Resource Hash
73cadf4725483d9a9290b8ea3ad87fe2afc746de5f70e89f088a3df9996bd8dd
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-nc
HIT hhn 2
date
Sat, 09 Oct 2021 11:12:10 GMT
x-content-type-options
nosniff
last-modified
Thu, 05 Nov 2020 08:12:40 GMT
server
nginx
etag
"312ff21e46f29f3d"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<https://securityaffairs.co/wordpress/wp-content/uploads/2020/10/logo-center-for-cybersecurity.jpg>; rel="canonical"
content-length
7482
expires
Sat, 05 Nov 2022 20:12:40 GMT
newsletter.png
i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2015/03/ 		6 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2015/03/newsletter.png?resize=300%2C207&ssl=1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i1.wp.com
Software
nginx /
Resource Hash
40bc46248d8f8d5fbea7678bd0c0031327e206daaf99f3bf6723b9a70f665f7f
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-nc
HIT hhn 4
date
Sat, 09 Oct 2021 11:12:10 GMT
x-content-type-options
nosniff
last-modified
Tue, 15 Dec 2020 07:29:12 GMT
server
nginx
etag
"a6fb49f7a00a0498"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<https://securityaffairs.co/wordpress/wp-content/uploads/2015/03/newsletter.png>; rel="canonical"
content-length
6336
expires
Thu, 15 Dec 2022 19:29:12 GMT
g.gif
pixel.wp.com/ 		50 B
92 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.wp.com/g.gif?v=ext&j=1%3A10.2&blog=29506073&post=123136&tz=0&srv=securityaffairs.co&host=securityaffairs.co&ref=https%3A%2F%2Ft.co%2F&fcp=2156&rand=0.3705162701938409
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.76.3 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Sat, 09 Oct 2021 11:12:10 GMT
cache-control
no-cache
server
nginx
content-length
50
content-type
image/gif
/
graph.facebook.com/ 		244 B
671 B 		Script
General
Check archive.org
Download Go to
Full URL
https://graph.facebook.com/?callback=WPCOMSharing.update_facebook_count&ids=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F123136%2Fmalware%2Fcox-media-group-ransomware.html
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/wp-content/plugins/jetpack/modules/sharedaddy/sharing.js?ver=10.2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
157.240.20.15 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
edge-star-shv-02-frt3.facebook.com
Software
/
Resource Hash
40a53de23291c133169e25cfa28f667be48b906b91ea60ae25d3da29476c8942
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; preload

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security
max-age=15552000; preload
content-encoding
br
www-authenticate
OAuth "Facebook Platform" "invalid_request" "(#2) Service temporarily unavailable"
x-fb-rev
1004529132
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
181
x-fb-rlafr
0
pragma
no-cache
x-fb-debug
MuKHcq/0gFcDk9rcNK9iM3/jn5Gr7WdYmqNGFFU821nlpHWiSMKlonZR4c/KKgG09SxNsDpAl08C0I5Eq3ZuyQ==
x-fb-trace-id
Ax3qGrszMZN
date
Sat, 09 Oct 2021 11:12:10 GMT
vary
Origin, Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
x-fb-request-id
A0f3PRtNAx1c7SRRu8cUlnd
cache-control
no-store
facebook-api-version
v4.0
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
g.gif
pixel.wp.com/ 		50 B
74 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.wp.com/g.gif?v=wpcom-no-pv&x_sharing-count-request=facebook&r=0.7978799507751024
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.76.3 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Sat, 09 Oct 2021 11:12:10 GMT
cache-control
no-cache
server
nginx
content-length
50
content-type
image/gif
sdk.js
connect.facebook.net/en_US/ 		264 KB
74 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/sdk.js?hash=59cbe1bb72f9fcfb7f4e5781578ac40c
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
157.240.20.19 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
xx-fbcdn-shv-02-frt3.fbcdn.net
Software
/
Resource Hash
0bece55a15ec2615a8625e70fa5f139626b654c1a9aaeb8c2e30a0de48deef5a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://securityaffairs.co/
Origin
https://securityaffairs.co
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
content-md5
GRIh7lwzAshY6KNm5RbXtg==
cross-origin-resource-policy
cross-origin
expires
Sun, 09 Oct 2022 10:58:54 GMT
alt-svc
h3=":443"; ma=3600,h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
76086
x-fb-rlafr
0
x-fb-debug
V/q824L6AD9rswrc+HP9QwyjA/c6vQg7IKVtgRY1AfuHuntBmE/K1rzOfS4gmuVvQiVJYpOZ5G0yPCNTmG/+zw==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
x-fb-content-md5
314328e7256978b0780dfbf300da4074
cross-origin-opener-policy
same-origin-allow-popups
date
Sat, 09 Oct 2021 11:12:10 GMT
x-frame-options
DENY
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public,max-age=31536000,stale-while-revalidate=3600,immutable
etag
"421d096be601c9b30df5c87f6068f7a0"
timing-allow-origin
*
priority
u=3,i
access-control-expose-headers
X-FB-Content-MD5
collect
www.google-analytics.com/j/ 		1 B
21 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j93&a=1689038864&t=pageview&_s=1&dl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F123136%2Fmalware%2Fcox-media-group-ransomware.html%3Futm_source%3Drss%26utm_medium%3Drss%26utm_campaign%3Dcox-media-group-ransomware&dr=https%3A%2F%2Ft.co%2F&ul=en-us&de=UTF-8&dt=Cox%20Media%20Group%20took%20down%20broadcasts%20after%20a%20ransomware%20attackSecurity%20Affairs&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAUABAAAAAC~&jid=186393214&gjid=370121203&cid=1026516623.1633777931&tid=UA-59069958-1&_gid=1374328988.1633777931&_r=1&gtm=2oua60&did=dNDMyYj&z=1584763855
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.74.206 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s02-in-f14.1e100.net
Software
Golfe2 /
Resource Hash
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://securityaffairs.co/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sat, 09 Oct 2021 11:12:10 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://securityaffairs.co
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/j/ 		2 B
22 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j93&a=1689038864&t=pageview&_s=1&dl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F123136%2Fmalware%2Fcox-media-group-ransomware.html%3Futm_source%3Drss%26utm_medium%3Drss%26utm_campaign%3Dcox-media-group-ransomware&dr=https%3A%2F%2Ft.co%2F&ul=en-us&de=UTF-8&dt=Cox%20Media%20Group%20took%20down%20broadcasts%20after%20a%20ransomware%20attackSecurity%20Affairs&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEDAAUABAAAAAC~&jid=1831770522&gjid=1926026010&cid=1026516623.1633777931&tid=UA-59069958-1&_gid=1374328988.1633777931&_r=1&_slc=1&z=1646891315
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.74.206 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s02-in-f14.1e100.net
Software
Golfe2 /
Resource Hash
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://securityaffairs.co/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sat, 09 Oct 2021 11:12:10 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://securityaffairs.co
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2
expires
Fri, 01 Jan 1990 00:00:00 GMT
fcmain.js
contextual.media.net/1017354394/ 		74 KB
24 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://contextual.media.net/1017354394/fcmain.js?cb=window._mNDetails.initAd&&gdpr=1&cid=8CU5BD6EW&cpcd=RlAcVccC-RdUYIl-LjF9ag%3D%3D&crid=816788371&size=300x250&cc=DE&https=1&vif=1&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F123136%2Fmalware%2Fcox-media-group-ransomware.html%3Futm_source%3Drss&kwrf=https%3A%2F%2Ft.co&nse=5&vi=1633777930214184376&lw=1&ugd=4&nb=1
Requested by
Host: contextual.media.net
URL: https://contextual.media.net/dmedianet.js?cid=8CU5BD6EW
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-235-93.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
f1f626589d51def15353d1c48c6877db92d5360b93fd9cfb450118fa4c4db2da
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=604800
content-encoding
gzip
server
Apache
x-mnt-hl2
10-6
vary
Accept-Encoding
content-type
text/javascript
cache-control
max-age=0, no-cache, no-store
date
Sat, 09 Oct 2021 11:12:10 GMT
x-mnt-w
10-4, 10-6
content-length
24319
expires
Sat, 09 Oct 2021 11:12:10 GMT
checksync.php
contextual.media.net/ Frame F921 		15 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://contextual.media.net/checksync.php?&gdpr=1&usp_status=0&cs=2&cv=31&cid=8CU5BD6EW&https=1&itype=CM
Requested by
Host: t.co
URL: https://t.co/t3IqLxdqrl
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-235-93.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
35b68a4a6b135e744e7eb4808a90da92cefff01e96c9e78b83b1268fd578e40a
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

:method
GET
:authority
contextual.media.net
:scheme
https
:path
/checksync.php?&gdpr=1&usp_status=0&cs=2&cv=31&cid=8CU5BD6EW&https=1&itype=CM
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://securityaffairs.co/
accept-encoding
gzip, deflate, br
cookie
gdpr_status=1
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/

Response headers

server
Apache
content-type
text/html; charset=UTF-8
set-cookie
gdpr_status=1; Expires=Tue, 12 Apr 2022 11:12:10 GMT; domain=.media.net; Path=/; sameSite=none; secure=true
x-mnet-hl2
E
strict-transport-security
max-age=604800
vary
Accept-Encoding
content-encoding
gzip
cache-control
max-age=172800
expires
Mon, 11 Oct 2021 11:12:10 GMT
date
Sat, 09 Oct 2021 11:12:10 GMT
content-length
5705
fcmain.js
contextual.media.net/1017354394/ 		74 KB
24 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://contextual.media.net/1017354394/fcmain.js?cb=window._mNDetails.initAd&&gdpr=1&cid=8CU5BD6EW&cpcd=RlAcVccC-RdUYIl-LjF9ag%3D%3D&crid=816788371&size=300x250&cc=DE&https=1&vif=1&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F123136%2Fmalware%2Fcox-media-group-ransomware.html%3Futm_source%3Drss&kwrf=https%3A%2F%2Ft.co&nse=5&vi=1633777930781686374&lw=1&ugd=4&nb=1
Requested by
Host: contextual.media.net
URL: https://contextual.media.net/dmedianet.js?cid=8CU5BD6EW
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-235-93.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1a690e4eb56d285c6050385d8690a59dff3c22ed8256a0745c16ca38a7dfd51
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=604800
content-encoding
gzip
server
Apache
x-mnt-hl2
10-6
vary
Accept-Encoding
content-type
text/javascript
cache-control
max-age=0, no-cache, no-store
date
Sat, 09 Oct 2021 11:12:10 GMT
x-mnt-w
10-4, 10-6
content-length
24320
expires
Sat, 09 Oct 2021 11:12:10 GMT
checksync.php
contextual.media.net/ Frame EFBD 		15 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://contextual.media.net/checksync.php?&gdpr=1&usp_status=0&cs=2&cv=31&cid=8CU5BD6EW&https=1&itype=CM
Requested by
Host: t.co
URL: https://t.co/t3IqLxdqrl
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-235-93.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
35b68a4a6b135e744e7eb4808a90da92cefff01e96c9e78b83b1268fd578e40a
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

:method
GET
:authority
contextual.media.net
:scheme
https
:path
/checksync.php?&gdpr=1&usp_status=0&cs=2&cv=31&cid=8CU5BD6EW&https=1&itype=CM
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://securityaffairs.co/
accept-encoding
gzip, deflate, br
cookie
gdpr_status=1
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/

Response headers

server
Apache
content-type
text/html; charset=UTF-8
set-cookie
gdpr_status=1; Expires=Tue, 12 Apr 2022 11:12:10 GMT; domain=.media.net; Path=/; sameSite=none; secure=true
x-mnet-hl2
E
strict-transport-security
max-age=604800
vary
Accept-Encoding
content-encoding
gzip
cache-control
max-age=172800
expires
Mon, 11 Oct 2021 11:12:10 GMT
date
Sat, 09 Oct 2021 11:12:10 GMT
content-length
5705
fcmain.js
contextual.media.net/1017354394/ 		77 KB
24 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://contextual.media.net/1017354394/fcmain.js?cb=window._mNDetails.initAd&&gdpr=1&cid=8CU5BD6EW&cpcd=RlAcVccC-RdUYIl-LjF9ag%3D%3D&crid=184323154&size=300x250&cc=DE&https=1&vif=1&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F123136%2Fmalware%2Fcox-media-group-ransomware.html%3Futm_source%3Drss&kwrf=https%3A%2F%2Ft.co&nse=5&vi=1633777930295247159&lw=1&ugd=4&nb=1
Requested by
Host: contextual.media.net
URL: https://contextual.media.net/dmedianet.js?cid=8CU5BD6EW
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-235-93.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
d626b266b304ecb23a43909e22f8320b30db9b3fdc552eccba155f725ea37fa3
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=604800
content-encoding
gzip
server
Apache
x-mnt-hl2
10-6
vary
Accept-Encoding
content-type
text/javascript
cache-control
max-age=0, no-cache, no-store
date
Sat, 09 Oct 2021 11:12:10 GMT
x-mnt-w
21-3nxb, 21-3v9c
content-length
24579
expires
Sat, 09 Oct 2021 11:12:10 GMT
checksync.php
contextual.media.net/ Frame 76A7 		15 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://contextual.media.net/checksync.php?&gdpr=1&usp_status=0&cs=2&cv=31&cid=8CU5BD6EW&https=1&itype=CM
Requested by
Host: t.co
URL: https://t.co/t3IqLxdqrl
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-235-93.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
35b68a4a6b135e744e7eb4808a90da92cefff01e96c9e78b83b1268fd578e40a
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

:method
GET
:authority
contextual.media.net
:scheme
https
:path
/checksync.php?&gdpr=1&usp_status=0&cs=2&cv=31&cid=8CU5BD6EW&https=1&itype=CM
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://securityaffairs.co/
accept-encoding
gzip, deflate, br
cookie
gdpr_status=1
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/

Response headers

server
Apache
content-type
text/html; charset=UTF-8
set-cookie
gdpr_status=1; Expires=Tue, 12 Apr 2022 11:12:10 GMT; domain=.media.net; Path=/; sameSite=none; secure=true
x-mnet-hl2
E
strict-transport-security
max-age=604800
vary
Accept-Encoding
content-encoding
gzip
cache-control
max-age=172800
expires
Mon, 11 Oct 2021 11:12:10 GMT
date
Sat, 09 Oct 2021 11:12:10 GMT
content-length
5705
fcmain.js
contextual.media.net/1017354394/ 		86 KB
26 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://contextual.media.net/1017354394/fcmain.js?cb=window._mNDetails.initAd&&gdpr=1&cid=8CU5BD6EW&cpcd=RlAcVccC-RdUYIl-LjF9ag%3D%3D&crid=647633027&size=300x250&cc=DE&https=1&vif=1&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F123136%2Fmalware%2Fcox-media-group-ransomware.html%3Futm_source%3Drss&kwrf=https%3A%2F%2Ft.co&nse=5&vi=1633777930827215715&lw=1&ugd=4&nb=1
Requested by
Host: contextual.media.net
URL: https://contextual.media.net/dmedianet.js?cid=8CU5BD6EW
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-235-93.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
42f85e6ad4509f4e953a813a68bb04b3eb562b7d917a290b61355b51d0e620eb
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=604800
content-encoding
gzip
server
Apache
x-mnt-hl2
10-6
vary
Accept-Encoding
content-type
text/javascript
cache-control
max-age=0, no-cache, no-store
date
Sat, 09 Oct 2021 11:12:11 GMT
x-mnt-w
10-9, 10-5
content-length
26745
expires
Sat, 09 Oct 2021 11:12:11 GMT
checksync.php
contextual.media.net/ Frame 7D5E 		15 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://contextual.media.net/checksync.php?&gdpr=1&usp_status=0&cs=2&cv=31&cid=8CU5BD6EW&https=1&itype=CM
Requested by
Host: t.co
URL: https://t.co/t3IqLxdqrl
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-235-93.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
35b68a4a6b135e744e7eb4808a90da92cefff01e96c9e78b83b1268fd578e40a
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

:method
GET
:authority
contextual.media.net
:scheme
https
:path
/checksync.php?&gdpr=1&usp_status=0&cs=2&cv=31&cid=8CU5BD6EW&https=1&itype=CM
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://securityaffairs.co/
accept-encoding
gzip, deflate, br
cookie
gdpr_status=1
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/

Response headers

server
Apache
content-type
text/html; charset=UTF-8
set-cookie
gdpr_status=1; Expires=Tue, 12 Apr 2022 11:12:10 GMT; domain=.media.net; Path=/; sameSite=none; secure=true
x-mnet-hl2
E
strict-transport-security
max-age=604800
vary
Accept-Encoding
content-encoding
gzip
cache-control
max-age=172800
expires
Mon, 11 Oct 2021 11:12:10 GMT
date
Sat, 09 Oct 2021 11:12:10 GMT
content-length
5705
bping.php
lg3.media.net/ 		35 B
187 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lg3.media.net/bping.php?&gdpr=1&prid=8PRHGG6T9&cid=8CU5BD6EW&crid=816788371&vi=1633777930214184376&ugd=4&lf=6&kwrf=https%3A%2F%2Ft.co&cc=DE&sc=HE&lper=100&wsip=2886781036&r=1633777930590&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F123136%2Fmalware%2Fcox-media-group-ransomware.html%3Futm_source%3Drss&vgd_l2type=setting&vgd_sbSup=1&vgd_is_amp=0&vgd_asn=33438&vgd_rakh=1633777930134220853&vgd_l1rhst=contextual.media.net&vgd_rpth=%2Fdmedianet.js&vgd_pgid=p1404547308t202110091112&vgd_pgids=1&vgd_uspa=0&hvsid=00001633777930585036324930565234&gdpr=1&vgd_end=1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-235-93.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
0915fad60bc9b61b6dcd82d05da7ec4bc0232a647e75b8507c3cba6d4d6602f9
Security Headers
Name Value
Strict-Transport-Security max-age=21600

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=21600
server
Apache
date
Sat, 09 Oct 2021 11:12:10 GMT
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
content-length
35
expires
Sat, 09 Oct 2021 11:12:10 GMT
bping.php
lg3.media.net/ 		35 B
187 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lg3.media.net/bping.php?&gdpr=1&prid=8PRHGG6T9&cid=8CU5BD6EW&crid=816788371&vi=1633777930781686374&ugd=4&lf=6&kwrf=https%3A%2F%2Ft.co&cc=DE&sc=HE&lper=100&wsip=2886781036&r=1633777930608&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F123136%2Fmalware%2Fcox-media-group-ransomware.html%3Futm_source%3Drss&vgd_l2type=setting&vgd_sbSup=1&vgd_is_amp=0&vgd_asn=33438&vgd_rakh=1633777930134220853&vgd_l1rhst=contextual.media.net&vgd_rpth=%2Fdmedianet.js&vgd_pgid=p1404547308t202110091112&vgd_pgids=2&vgd_uspa=0&hvsid=00001633777930585036324930565234&gdpr=1&vgd_end=1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-235-93.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
0915fad60bc9b61b6dcd82d05da7ec4bc0232a647e75b8507c3cba6d4d6602f9
Security Headers
Name Value
Strict-Transport-Security max-age=21600

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=21600
server
Apache
date
Sat, 09 Oct 2021 11:12:10 GMT
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
content-length
35
expires
Sat, 09 Oct 2021 11:12:10 GMT
bping.php
lg3.media.net/ 		35 B
187 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lg3.media.net/bping.php?&gdpr=1&prid=8PRHGG6T9&cid=8CU5BD6EW&crid=184323154&vi=1633777930295247159&ugd=4&lf=6&kwrf=https%3A%2F%2Ft.co&cc=DE&sc=HE&wsip=2886781036&r=1633777930617&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F123136%2Fmalware%2Fcox-media-group-ransomware.html%3Futm_source%3Drss&vgd_l2type=setting&vgd_sbSup=1&vgd_is_amp=0&vgd_asn=33438&vgd_rakh=1633777930134220853&vgd_l1rhst=contextual.media.net&vgd_rpth=%2Fdmedianet.js&vgd_pgid=p1404547308t202110091112&vgd_pgids=2&vgd_uspa=0&hvsid=00001633777930616036324930567182&gdpr=1&vgd_end=1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-235-93.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
0915fad60bc9b61b6dcd82d05da7ec4bc0232a647e75b8507c3cba6d4d6602f9
Security Headers
Name Value
Strict-Transport-Security max-age=21600

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=21600
server
Apache
date
Sat, 09 Oct 2021 11:12:10 GMT
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
content-length
35
expires
Sat, 09 Oct 2021 11:12:10 GMT
bping.php
lg3.media.net/ 		35 B
187 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lg3.media.net/bping.php?&gdpr=1&prid=8PRHGG6T9&cid=8CU5BD6EW&crid=647633027&vi=1633777930827215715&ugd=4&lf=6&kwrf=https%3A%2F%2Ft.co&cc=DE&sc=HE&lper=100&wsip=2886781036&r=1633777930629&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F123136%2Fmalware%2Fcox-media-group-ransomware.html%3Futm_source%3Drss&vgd_l2type=setting&vgd_sbSup=1&vgd_is_amp=0&vgd_asn=33438&vgd_rakh=1633777930134220853&vgd_l1rhst=contextual.media.net&vgd_rpth=%2Fdmedianet.js&vgd_pgid=p1404547308t202110091112&vgd_pgids=2&vgd_uspa=0&hvsid=00001633777930626036324930568202&gdpr=1&vgd_end=1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-235-93.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
0915fad60bc9b61b6dcd82d05da7ec4bc0232a647e75b8507c3cba6d4d6602f9
Security Headers
Name Value
Strict-Transport-Security max-age=21600

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=21600
server
Apache
date
Sat, 09 Oct 2021 11:12:10 GMT
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
content-length
35
expires
Sat, 09 Oct 2021 11:12:10 GMT
hb_v2.js
cdn.pixfuture.com/ 		33 KB
34 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.pixfuture.com/hb_v2.js
Requested by
Host: served-by.pixfuture.com
URL: https://served-by.pixfuture.com/www/delivery/headerbid.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.10.156 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
45df10c585e01c07a3602ed16c1c6842d2572d6b15bceff9cb1f58256d330e31

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Sat, 09 Oct 2021 11:12:10 GMT
cf-cache-status
HIT
last-modified
Tue, 28 Sep 2021 15:09:43 GMT
server
cloudflare
age
72090
etag
W/"61533037-84f5"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BVOp%2BfcXsF0GCfEftCPSyfR248fPse9W3OsR4MWvVG2nThcGvwXYTw%2Bj4%2BTPi1b4%2BJrjlY%2FK0jnTBLmQP6IgMuQmP34u0MD5jbAuppJ5fbhHwvNz7uRdMcqeFeuA62Ocb1Ey"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
expires
Sun, 10 Oct 2021 15:09:56 GMT
cache-control
public, max-age=2678400, no-transform
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
69b72c22fe60410e-PRG
cf-bgj
minify
pbix.js
cdn.pixfuture.com/ 		423 KB
424 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.pixfuture.com/pbix.js
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.10.156 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
536386f4e5a08dcde004ad0d24c4ea816a2054ba53f5da25ebb12fa4493f693f

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Sat, 09 Oct 2021 11:12:10 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
77215
cf-polished
origSize=433266
cf-bgj
minify
last-modified
Mon, 23 Aug 2021 13:19:22 GMT
server
cloudflare
etag
W/"6123a05a-69c72"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ryzOWUg8gcv3S6eJZgiisbFy5vZynAhvXNBpvddOd49tFHb%2Baf24iaSPTqDEgB5GA6NiB4J7N2%2FSLbtLmYvkpDEj0z%2FiqQA54pgFU4HQqGzedlXMdZtU5g3Mk1E%2FerrmMUgG"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=2678400, no-transform
cf-ray
69b72c23fed1410e-PRG
expires
Sun, 10 Oct 2021 13:44:09 GMT
r.js
aa.agkn.com/adscores/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://aa.agkn.com/adscores/r.js?sid=9112309848
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.28.96.148 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-28-96-148.eu-central-1.compute.amazonaws.com
Software
AAWebServer /
Resource Hash

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Sat, 09 Oct 2021 11:12:10 GMT
server
AAWebServer
content-type
text/plain
content-length
22
p3p
policyref="https://www.agkn.com/p3p/p3p.xml",CP="NOI NID"
hb_v2.php
served-by.pixfuture.com/www/delivery/ 		11 KB
11 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://served-by.pixfuture.com/www/delivery/hb_v2.php?dat=24274x728x90x4142x_ADSLOT1&keywords=cox,media,group,took,down,broadcasts,after,ransomware,attacksecurity,affairs&refUrl=https://t.co/&refresh=false&innerWidth=1600
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
13d0e1dd4f7c5edd26e3ff420ef4ea62954a33c88db4371829d91ceb76958ac4

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 09 Oct 2021 11:12:11 GMT
server
nginx/1.10.3 (Ubuntu)
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
*
cache-control
max-age=172800, public, no-transform
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
expires
Mon, 11 Oct 2021 11:12:11 GMT
hb_v2.php
served-by.pixfuture.com/www/delivery/ 		9 KB
9 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://served-by.pixfuture.com/www/delivery/hb_v2.php?dat=24270x300x250x4142x_ADSLOT1&keywords=cox,media,group,took,down,broadcasts,after,ransomware,attacksecurity,affairs&refUrl=https://t.co/&refresh=false&innerWidth=1600
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
bb21755bd14ce34bcb9ef440e59e48aed5d442ff889787e8061be82b1122ac90

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 09 Oct 2021 11:12:11 GMT
server
nginx/1.10.3 (Ubuntu)
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
*
cache-control
max-age=172800, public, no-transform
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
expires
Mon, 11 Oct 2021 11:12:11 GMT
hb_v2.php
served-by.pixfuture.com/www/delivery/ 		9 KB
9 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://served-by.pixfuture.com/www/delivery/hb_v2.php?dat=24272x320x50x4142x_ADSLOT1&keywords=cox,media,group,took,down,broadcasts,after,ransomware,attacksecurity,affairs&refUrl=https://t.co/&refresh=false&innerWidth=1600
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
4a7fc41d3a93b893035ad7c9fde8beefd1ba77a7cd79de000d1555e86e2272dc

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 09 Oct 2021 11:12:11 GMT
server
nginx/1.10.3 (Ubuntu)
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
*
cache-control
max-age=172800, public, no-transform
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
expires
Mon, 11 Oct 2021 11:12:11 GMT
hb_v2.php
served-by.pixfuture.com/www/delivery/ 		9 KB
9 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://served-by.pixfuture.com/www/delivery/hb_v2.php?dat=24272x320x50x4142x_ADSLOT1&keywords=cox,media,group,took,down,broadcasts,after,ransomware,attacksecurity,affairs&refUrl=https://t.co/&refresh=false&innerWidth=1600
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
4a7fc41d3a93b893035ad7c9fde8beefd1ba77a7cd79de000d1555e86e2272dc

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 09 Oct 2021 11:12:11 GMT
server
nginx/1.10.3 (Ubuntu)
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
*
cache-control
max-age=172800, public, no-transform
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
expires
Mon, 11 Oct 2021 11:12:11 GMT
nrrV72800.js
contextual.media.net/4a/ Frame B5DA 		91 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://contextual.media.net/4a/nrrV72800.js
Requested by
Host: contextual.media.net
URL: https://contextual.media.net/dmedianet.js?cid=8CU5BD6EW
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-235-93.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b4fa3f78fd5de15328ba71f880dc61f00fb0b26013deeb115cf2865347be1851
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
max-age=2592000
strict-transport-security
max-age=604800
content-encoding
gzip
server
Apache
etag
"6886442ba24a2b87df682d7c632eab66"
vary
Accept-Encoding
x-mnet-h
8-12
content-type
text/javascript; charset=utf-8
cache-control
max-age=1209600
date
Sat, 09 Oct 2021 11:12:10 GMT
content-length
30050
expires
Sat, 23 Oct 2021 11:12:10 GMT
nrrV72800.js
contextual.media.net/4a/ Frame CFAE 		91 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://contextual.media.net/4a/nrrV72800.js
Requested by
Host: contextual.media.net
URL: https://contextual.media.net/dmedianet.js?cid=8CU5BD6EW
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-235-93.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b4fa3f78fd5de15328ba71f880dc61f00fb0b26013deeb115cf2865347be1851
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
max-age=2592000
strict-transport-security
max-age=604800
content-encoding
gzip
server
Apache
etag
"6886442ba24a2b87df682d7c632eab66"
vary
Accept-Encoding
x-mnet-h
8-12
content-type
text/javascript; charset=utf-8
cache-control
max-age=1209600
date
Sat, 09 Oct 2021 11:12:10 GMT
content-length
30050
expires
Sat, 23 Oct 2021 11:12:10 GMT
nrrV72800.js
contextual.media.net/4a/ Frame 018D 		91 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://contextual.media.net/4a/nrrV72800.js
Requested by
Host: contextual.media.net
URL: https://contextual.media.net/dmedianet.js?cid=8CU5BD6EW
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-235-93.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b4fa3f78fd5de15328ba71f880dc61f00fb0b26013deeb115cf2865347be1851
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
max-age=2592000
strict-transport-security
max-age=604800
content-encoding
gzip
server
Apache
etag
"6886442ba24a2b87df682d7c632eab66"
vary
Accept-Encoding
x-mnet-h
8-12
content-type
text/javascript; charset=utf-8
cache-control
max-age=1209600
date
Sat, 09 Oct 2021 11:12:10 GMT
content-length
30050
expires
Sat, 23 Oct 2021 11:12:10 GMT
truncated
/ Frame B5DA 		4 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
326c32d7ffbd04762a10cf5bb37441d418397959381d3893c9e9a48217aa5347

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ Frame B5DA 		2 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
b00af338864761a37a208806e2e8815b46327a5e7e47bf141f4fbdf6d1fd3bcc

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type
image/png
bullet13.woff
contextual.media.net/__media__/fonts/bullet13/ Frame B5DA 		2 KB
2 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://contextual.media.net/__media__/fonts/bullet13/bullet13.woff
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-235-93.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
6139b4d0af528ec1d0e26ae865c1ca04ac061d844ffa6ccc9e4adaa3af93a2f7
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Referer
https://securityaffairs.co/
Origin
https://securityaffairs.co
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Sat, 09 Oct 2021 11:12:10 GMT
last-modified
Mon, 16 May 2016 10:39:41 GMT
server
Apache
strict-transport-security
max-age=604800
content-type
application/font-woff
access-control-allow-origin
*
cache-control
max-age=86400
accept-ranges
bytes
content-length
1692
expires
Sun, 10 Oct 2021 11:12:10 GMT
1x1.gif
contextual.media.net/__media__/pics/800028474/ Frame CFAE 		42 B
204 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://contextual.media.net/__media__/pics/800028474/1x1.gif
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-235-93.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Sat, 09 Oct 2021 11:12:10 GMT
last-modified
Mon, 04 Jun 2018 10:04:19 GMT
server
Apache
strict-transport-security
max-age=604800
content-type
image/gif
cache-control
max-age=1157227
accept-ranges
bytes
content-length
42
expires
Fri, 22 Oct 2021 20:39:17 GMT
truncated
/ Frame CFAE 		4 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
326c32d7ffbd04762a10cf5bb37441d418397959381d3893c9e9a48217aa5347

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ Frame CFAE 		2 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
b00af338864761a37a208806e2e8815b46327a5e7e47bf141f4fbdf6d1fd3bcc

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type
image/png
1x1.gif
contextual.media.net/__media__/pics/800028474/ Frame 018D 		42 B
204 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://contextual.media.net/__media__/pics/800028474/1x1.gif
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-235-93.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Sat, 09 Oct 2021 11:12:10 GMT
last-modified
Mon, 04 Jun 2018 10:04:19 GMT
server
Apache
strict-transport-security
max-age=604800
content-type
image/gif
cache-control
max-age=1157227
accept-ranges
bytes
content-length
42
expires
Fri, 22 Oct 2021 20:39:17 GMT
truncated
/ Frame 018D 		4 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
326c32d7ffbd04762a10cf5bb37441d418397959381d3893c9e9a48217aa5347

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ Frame 018D 		2 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
b00af338864761a37a208806e2e8815b46327a5e7e47bf141f4fbdf6d1fd3bcc

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type
image/png
bql.php
lg3.media.net/ Frame CFAE 		15 B
214 B 		Script
General
Check archive.org
Download Go to
Full URL
https://lg3.media.net/bql.php?&vgd_l2type=setting&v=1&gdpr=1&hvsid=00001633777930585036324930565234&geo=50.12|8.68&dlper=25&lper=100&fp=EIMN-ehR7Pps_CSyS_Yzo-2i1OixKc5bcJvKkD7oNWATQGXYvCMCREXyc94bP8ReiI6qGPArmN6bwyCLL8j8tL0LKYsQCzKhlUdzXLbIHwkTKcc75Kwp3m8Ia4yK828_&lpid=&tsid=1&q=&prv=&type=&ps=&cme=-qkzMpzS_SLpFOh7mgKCyzntUuKVKYabu3tBC30L42yGrf3M-zBwYKuCN8len12-DQjov_w-V51uiWnAXhks1Ruu730cubc016_w4QjPLrpn5BgoFoCk4zJ0eRgH1Cumnf9uRsSudWbzk2IhYxuy8zdxi-ffDqfk9-gkrQng6O1X4AYWDsCGA5wpzd9iezJ8UF5kpx-Jm5PudKhah_WaIAWLj4t3dywPau2iSXnVDsA%3D%7C%7CNDHRnZ9Gz3KXlI-i9OnZqQ%3D%3D%7C5gDUJdTGiJzedmq9hanWYg%3D%3D%7Cy2SqoJcE0s-9IUO1sSido6Y3VR48iOc4%7CP8cYadgfGfArsAfiaYve9iaq7AkkuSc-ea5Y5nVo_CB552rXBjvS56aipPjOfVpw7KdR2FZ-mLIM0aKG18UXnpEo4sPiNtQSySPewllgQcgGU2cUSXiV1JRq3o_ng5sT%7CN7fu2vKt8_s%3D%7CJ2Q8L7Evo4jWjBxrwCdmvB6DfKgF8dgDhJl_d63rD-klkvmqjzCi_iujWQC-7s8NXeoM4sIS6I1zqXyniCdlGJdxLwC9Pt3xdrMZMxo-vrI6ejvvUAfobej8g2FNyxVD1vlO3G-il6uE4Ep_9nhy0svzSvcqLQMMiil-g3VCaBOFAJQ5j4CGvJdbPjbNlfVUqqPRdaRJFsGKP_nCy9_ke-c2_vAwdmnf%7C&hint=&td=&cc=DE&wsip=2887305230&bca=0&ugd=4&vgd_chost=contextual.media.net&vgd_fcic=1&vgde_kbbh=u9oNu9&vgde_setid=Nu9&&rc=0&ksu=207&oref=https%3A%2F%2Ft.co&fdkt=341&kwd[]=Report%20Identity%20Theft&kwt[]=341&kbc[]=im14678836&kwp[]=1&kid[]=24267917&kbc2[]=identity%20theft%7C%7Cps%3D0.989%7C%7Crpc%3D0.96%7C%7Clvl%3D1.00&ktd[]=274911658240&kwd[]=US%20Social%20Security&kwt[]=341&kbc[]=im26416785&kwp[]=2&kid[]=29494590&kbc2[]=-pron-%20government%7C%7Cps%3D0.989%7C%7Crpc%3D0.91%7C%7Clvl%3D1.00&ktd[]=274911658240&kwd[]=Free%20Social%20Security%20Services&kwt[]=341&kbc[]=im330029491&kwp[]=3&kid[]=330029491&kbc2[]=health%20insurance%20information%7C%7Cps%3D0.989%7C%7Crpc%3D0.29%7C%7Clvl%3D1.00&ktd[]=274894881024&kwd[]=Fraud%20Prevention%20Tips&kwt[]=341&kbc[]=im2996009&kwp[]=4&kid[]=86409734&kbc2[]=identity%20theft%7C%7Cps%3D0.989%7C%7Crpc%3D0.23%7C%7Clvl%3D1.00&ktd[]=274911658240&kwd[]=Tips%20to%20Prevent%20Ransomware&kwt[]=439&kbc[]=1261626550&kwp[]=5&kid[]=329660538&kbc2[]=clust%3D1%7C%7Ccomputers%20%26%20electronics%20%3E%20computer%20security%7C%7Cdiff%3D1%7C%7Csetid%3D3%7C%7Cps%3D0.981%7C%7Crpc%3D0.56%7C%7Clvl%3D1.00&ktd[]=864693602373472512&rand=1633777930970&cid=8CU5BD6EW&vwid=1633777930214184376&vi=1633777930214184376&l3ch=1&slnkp=no&tdAdd[]=ib=0&vgd_uspa=0&vgd_sc=HE&vgd_l1rakh=1633777930134220853&vgd_l1rhst=contextual.media.net&vgd_lhl=992&tdAdd[]=%7C%40%7Csde%3D1%7C%40%7Cadepth%3D1%7C%40%7Cddepth%3D1%7C%40%7Cfsap%3D0&vgd_ifrmode=00&sttm=1633777930585&upk=1633777931.2088&hvsid=00001633777930585036324930565234&verid=3121199&kbbq=%26sde%3D1%26adepth%3D1%26ddepth%3D1%26asn%3D33438&vgd_isiolc=1&pid=8PO9OT5EW&katen=1&pc=31&vgd_pgid=p1404547308t202110091112&matm=1633777930975&vgd_ltime=398&vgd_ltimesrc=2&abpl=2&tdAdd[]=nw%3DNone&tdAdd[]=nwType%3DNone&tdAdd[]=asnum%3D33438&tdAdd[]=proxy%3DNone&tdAdd[]=comp%3DNone&vgd_l3_sc=HE&vgd_l1ch=1&vgd_refdomain=t.co&vgd_katid=806241101&vgd_katbid=-21&vgd_kals=ttype%3D10002%7C%7Cpc%3D31&vgd_kasts=tstype%3D-10408%7C%7Cgbid%3D-1&vgd_altbql=sb&vgd_pdtid=1&vgd_implt=3&vgd_sbSup=1&vgd_l2wsip=2887305232&vgd_nrrsf=nrr&vgd_nrrv=72800&vgd_nrrs=72800&vgd_nrrmf=4a&vgd_cntrdt=AS%7CDIV-816788371%7CDIV&vgd_x_pos=325&vgd_y_pos=1784&vgd_ren_page_h=3975&vgd_cty=FRANKFURT&vgd_l1hcsd=N6%7C6737&vgd_sethcsd=N6%7C6640&vgd_cfud=200203&vgd_is_amp=0&vgd_icat=608&vgd_spcat=500434&vgd_optout=0&vgd_l2ch=1&vgd_ect=4g&vgd_rensize=610_250&vgd_scr_h=1200&vgd_scr_w=1600&vgd_mbr=1&vgd_l1rpth=%2Fdmedianet.js&vgd_pgids=1&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F123136%2Fmalware%2Fcox-media-group-ransomware.html%3Futm_source%3Drss&oRurl=http%3A%2F%2Fcdn3e%2Fmediamain.html%3F%26nb%3D1%26settings%3D1%26%26cc%3DDE%26isOffice%3D0%26fvips%3D0%26vi%3D1633777766732836493%26lw%3D1%26esi%3D1%26size%3D300x250%26crid%3D816788371%26vpf%3D000%26kwrf%3Dhttps%253a%252f%252ft.co%26cid%3D8CU5BD6EW%26ugd%3D4%26chost%3Dcontextual.media.net%26vif%3D1%26blacpfl%3D1%26https%3D1%26blapd%3D0%26nse%3D5%26baeFlag%3D1%26cpcd%3DRlAcVccC-RdUYIl-LjF9ag%253d%253d%26nb%3D1%26cb%3Dwindow._mNDetails.initAd%26gdpr%3D1%26pid%3D8PO9OT5EW%26requrl%3Dhttps%253a%252f%252fsecurityaffairs.co%252fwordpress%252f123136%252fmalware%252fcox-media-group-ransomware.html%253futm_source%253drss%26%26katid%3D806241101%26katen%3D1%26katbid%3D-21&tdAdd[]=uiparams%3D%3Brend_w%3A610%3Brend_h%3A250%3Bwin_w%3A1600%3Bwin_h%3A1200%3Bkwd_scnt%3A5&vgd_crefurl=https://t.co/&vgd_end=1
Requested by
Host: contextual.media.net
URL: https://contextual.media.net/4a/nrrV72800.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-235-93.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
c787e9dd6dc8ea3c935f5f0f30e3b9e4a3e066b4619bb244f569883f8e318a24
Security Headers
Name Value
Strict-Transport-Security max-age=21600

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=21600
server
Apache
date
Sat, 09 Oct 2021 11:12:10 GMT
ntcoent-length
15
vary
Accept-Encoding
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
*
cache-control
max-age=0, no-cache, no-store
content-length
15
expires
Sat, 09 Oct 2021 11:12:10 GMT
log
navvy.media.net/ Frame CFAE 		35 B
205 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://navvy.media.net/log
Requested by
Host: contextual.media.net
URL: https://contextual.media.net/4a/nrrV72800.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.102.149.62 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
62.149.102.34.bc.googleusercontent.com
Software
Jetty(9.4.7.v20170914) /
Resource Hash
796c46ec10bc9105545f6f90d51593921b69956bd9087eb72bee83f40ad86f90

Request headers

Referer
https://securityaffairs.co/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Sat, 09 Oct 2021 11:12:11 GMT
via
1.1 google
server
Jetty(9.4.7.v20170914)
content-type
image/gif
access-control-allow-origin
*
cache-control
max-age=0, no-cache,no-store
alt-svc
clear
content-length
35
expires
Sat, 09 Oct 2021 11:12:11 GMT
bql.php
lg3.media.net/ Frame B5DA 		15 B
214 B 		Script
General
Check archive.org
Download Go to
Full URL
https://lg3.media.net/bql.php?&vgd_l2type=setting&v=1&gdpr=1&hvsid=00001633777930616036324930567182&geo=50.12|8.68&dlper=25&lper=100&fp=EIMN-ehR7Pps_CSyS_Yzo-2i1OixKc5bcJvKkD7oNWATQGXYvCMCRDl7YBmbNomxpVjos55XbsW-vxNM53BY8CEaticdivAlGZTvBXdj5zlUGefVKXQpZqQgK7Esxykr&lpid=&tsid=1&q=&prv=&type=&ps=&cme=W-WrbjnUWoQmjNH6RcJ9xfelA5wbcDqpjRROOujnEawxWTKzjq8cxQzPC4eTw7kOkymNItpPNcsDfN0FiLMrk9pGpNWX5u42aSZHR6T8jqn9afDEGh0a1k9ugxYOElDMttiwZV1_MG6XDeAGFhcJEQg0g72tNEzt_stCKxRg7NoI4GLrNT451HjORkU-r6WeOzIaDUBJ35nHoaPOGPluYI6_gZ8ZVo3THZPa1PPsQGk%3D%7C%7CNDHRnZ9Gz3KXlI-i9OnZqQ%3D%3D%7C5gDUJdTGiJzedmq9hanWYg%3D%3D%7Cy2SqoJcE0s-9IUO1sSido6Y3VR48iOc4%7CP8cYadgfGfArsAfiaYve9iaq7AkkuSc-ea5Y5nVo_CB552rXBjvS56aipPjOfVpw7KdR2FZ-mLIM0aKG18UXnpEo4sPiNtQSySPewllgQcgGU2cUSXiV1JRq3o_ng5sT%7CN7fu2vKt8_s%3D%7CzeQrVoT0xVFxfEvYc9skDbZAquoHgBMH_b189u2poV1aqLzF8HAvKdUNbKGKcTKDOQl9tKV_gN6Hk5JwVgH97WpMoahMGZXD8m3dOnzwSTaDQBuOHnmI_9iN-c7klcBSFrDNkHZ-vMKQLO8AzW52xWpAczIMRhn5ESe9ZBgS8sGmXSt_8aBZEmQuSCOOR42zOpHZTQjUbP-zkHanyVKet2CcIKK_ws9Y%7C&hint=&td=&cc=DE&wsip=170721399&bca=0&ugd=4&vgd_chost=contextual.media.net&vgd_fcic=1&vgde_kbbh=fuoyxQBuG&vgde_setid=Nfu&&rc=0&ksu=207&oref=https%3A%2F%2Ft.co&fdkt=439&kwd[]=Tips%20to%20Prevent%20Ransomware&kwt[]=439&kbc[]=1261626550&kwp[]=1&kid[]=329660538&kbc2[]=clust%3D1%7C%7Ccomputers%20%26%20electronics%20%3E%20computer%20security%7C%7Cdiff%3D1%7C%7Csetid%3D3%7C%7Cps%3D0.966%7C%7Crpc%3D0.56%7C%7Clvl%3D1.00&ktd[]=864693602373472512&kwd[]=Malware%20Detection%20Software&kwt[]=439&kbc[]=1261626550&kwp[]=2&kid[]=118382350&kbc2[]=clust%3D1%7C%7Ccomputers%20%26%20electronics%20%3E%20computer%20security%7C%7Cdiff%3D1%7C%7Csetid%3D7%7C%7Cps%3D0.966%7C%7Crpc%3D0.03%7C%7Clvl%3D1.00&ktd[]=2017615106980319488&kwd[]=Top%20Anti%20-%20Ransomware%20Software&kwt[]=439&kbc[]=1261626550&kwp[]=3&kid[]=330150788&kbc2[]=clust%3D1%7C%7Ccomputers%20%26%20electronics%20%3E%20computer%20security%7C%7Cdiff%3D1%7C%7Csetid%3D3%7C%7Cps%3D0.966%7C%7Crpc%3D0.29%7C%7Clvl%3D1.00&ktd[]=864693602373472512&kwd[]=Best%20Ransomware%20Protection%20Tools&kwt[]=439&kbc[]=1261626550&kwp[]=4&kid[]=330029440&kbc2[]=clust%3D1%7C%7Ccomputers%20%26%20electronics%20%3E%20computer%20security%7C%7Cdiff%3D1%7C%7Csetid%3D3%7C%7Cps%3D0.966%7C%7Crpc%3D0.49%7C%7Clvl%3D1.17&ktd[]=864693602373472512&kwd[]=Ransomeware%20Virus%20Removal%20Tool&kwt[]=439&kbc[]=1261626550&kwp[]=5&kid[]=329867252&kbc2[]=clust%3D1%7C%7Ccomputers%20%26%20electronics%20%3E%20computer%20security%7C%7Cdiff%3D1%7C%7Csetid%3D5%7C%7Cps%3D0.966%7C%7Crpc%3D0.05%7C%7Clvl%3D1.00&ktd[]=1441154354676896000&rand=1633777930981&cid=8CU5BD6EW&vwid=1633777930295247159&vi=1633777930295247159&l3ch=1&slnkp=no&tdAdd[]=ib=0&vgd_uspa=0&vgd_sc=HE&vgd_l1rakh=1633777930134220853&vgd_l1rhst=contextual.media.net&vgd_lhl=996&tdAdd[]=%7C%40%7Csde%3D1%7C%40%7Cadepth%3D1%7C%40%7Cddepth%3D1%7C%40%7Cfsap%3D0&vgd_ifrmode=00&sttm=1633777930616&upk=1633777931.2088&hvsid=00001633777930616036324930567182&verid=3121199&kbbq=%26sde%3D1%26adepth%3D1%26ddepth%3D1%26asn%3D33438&vgd_isiolc=1&npgv=1&pid=8PO9OT5EW&katen=1&pc=6&vgd_pgid=p1404547308t202110091112&matm=1633777930984&vgd_ltime=370&vgd_ltimesrc=2&abpl=2&tdAdd[]=nw%3DNone&tdAdd[]=nwType%3DNone&tdAdd[]=asnum%3D33438&tdAdd[]=proxy%3DNone&tdAdd[]=comp%3DNone&vgd_l3_sc=HE&vgd_l1ch=1&vgd_refdomain=t.co&vgd_katid=801333013&vgd_katbid=-21&vgd_kals=ttype%3D10007%7C%7Cpc%3D6&vgd_kasts=tstype%3D-10408%7C%7Cgbid%3D-1&vgd_altbql=sb&vgd_pdtid=1&vgd_implt=3&vgd_sbSup=1&vgd_l2wsip=170721651&vgd_nrrsf=nrr&vgd_nrrv=72800&vgd_nrrs=72800&vgd_nrrmf=4a&vgd_cntrdt=AS%7CDIV-184323154%7CDIV&vgd_x_pos=980&vgd_y_pos=413&vgd_ren_page_h=3975&vgd_cty=FRANKFURT&vgd_l1hcsd=N6%7C6737&vgd_sethcsd=N6%7C6640&vgd_cfud=200203&vgd_is_amp=0&vgd_icat=608&vgd_spcat=500434&vgd_optout=0&vgd_l2ch=1&vgd_ect=4g&vgd_rensize=300_250&vgd_scr_h=1200&vgd_scr_w=1600&vgd_mbr=1&vgd_l1rpth=%2Fdmedianet.js&vgd_pgids=2&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F123136%2Fmalware%2Fcox-media-group-ransomware.html%3Futm_source%3Drss&oRurl=http%3A%2F%2Fcdn3gor%2Fmediamain.html%3F%26nb%3D1%26settings%3D1%26%26cc%3DDE%26isOffice%3D0%26fvips%3D0%26vi%3D1633777766674370754%26lw%3D1%26esi%3D1%26size%3D300x250%26crid%3D184323154%26vpf%3D000%26kwrf%3Dhttps%253a%252f%252ft.co%26cid%3D8CU5BD6EW%26ugd%3D4%26chost%3Dcontextual.media.net%26vif%3D1%26blacpfl%3D1%26https%3D1%26blapd%3D0%26nse%3D5%26baeFlag%3D1%26cpcd%3DRlAcVccC-RdUYIl-LjF9ag%253d%253d%26nb%3D1%26cb%3Dwindow._mNDetails.initAd%26gdpr%3D1%26pid%3D8PO9OT5EW%26requrl%3Dhttps%253a%252f%252fsecurityaffairs.co%252fwordpress%252f123136%252fmalware%252fcox-media-group-ransomware.html%253futm_source%253drss%26%26katid%3D801333013%26katen%3D1%26katbid%3D-21&tdAdd[]=uiparams%3D%3Brend_w%3A300%3Brend_h%3A250%3Bwin_w%3A1600%3Bwin_h%3A1200%3Bkwd_scnt%3A5&vgd_crefurl=https://t.co/&vgd_end=1
Requested by
Host: contextual.media.net
URL: https://contextual.media.net/4a/nrrV72800.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-235-93.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
c787e9dd6dc8ea3c935f5f0f30e3b9e4a3e066b4619bb244f569883f8e318a24
Security Headers
Name Value
Strict-Transport-Security max-age=21600

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=21600
server
Apache
date
Sat, 09 Oct 2021 11:12:10 GMT
ntcoent-length
15
vary
Accept-Encoding
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
*
cache-control
max-age=0, no-cache, no-store
content-length
15
expires
Sat, 09 Oct 2021 11:12:10 GMT
log
navvy.media.net/ Frame B5DA 		35 B
96 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://navvy.media.net/log
Requested by
Host: contextual.media.net
URL: https://contextual.media.net/4a/nrrV72800.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.102.149.62 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
62.149.102.34.bc.googleusercontent.com
Software
Jetty(9.4.7.v20170914) /
Resource Hash
796c46ec10bc9105545f6f90d51593921b69956bd9087eb72bee83f40ad86f90

Request headers

Referer
https://securityaffairs.co/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Sat, 09 Oct 2021 11:12:11 GMT
via
1.1 google
server
Jetty(9.4.7.v20170914)
content-type
image/gif
access-control-allow-origin
*
cache-control
max-age=0, no-cache,no-store
alt-svc
clear
content-length
35
expires
Sat, 09 Oct 2021 11:12:11 GMT
bql.php
lg3.media.net/ Frame 018D 		15 B
214 B 		Script
General
Check archive.org
Download Go to
Full URL
https://lg3.media.net/bql.php?&vgd_l2type=setting&v=1&gdpr=1&hvsid=00001633777930585036324930565234&geo=50.12|8.68&dlper=25&lper=100&fp=EIMN-ehR7Pps_CSyS_Yzo-2i1OixKc5bcJvKkD7oNWATQGXYvCMCREXyc94bP8ReiI6qGPArmN6bwyCLL8j8tL0LKYsQCzKhlUdzXLbIHwkTKcc75Kwp3m8Ia4yK828_&lpid=&tsid=1&q=&prv=&type=&ps=&cme=-qkzMpzS_SLpFOh7mgKCyzntUuKVKYabu3tBC30L42yGrf3M-zBwYKuCN8len12-DQjov_w-V51uiWnAXhks1Ruu730cubc016_w4QjPLrpn5BgoFoCk4zJ0eRgH1Cumnf9uRsSudWbzk2IhYxuy8zdxi-ffDqfk9-gkrQng6O1X4AYWDsCGA5wpzd9iezJ8UF5kpx-Jm5PudKhah_WaIAWLj4t3dywPau2iSXnVDsA%3D%7C%7CNDHRnZ9Gz3KXlI-i9OnZqQ%3D%3D%7C5gDUJdTGiJzedmq9hanWYg%3D%3D%7Cy2SqoJcE0s-9IUO1sSido6Y3VR48iOc4%7CP8cYadgfGfArsAfiaYve9iaq7AkkuSc-ea5Y5nVo_CB552rXBjvS56aipPjOfVpw7KdR2FZ-mLIM0aKG18UXnpEo4sPiNtQSySPewllgQcgGU2cUSXiV1JRq3o_ng5sT%7CN7fu2vKt8_s%3D%7CJ2Q8L7Evo4jWjBxrwCdmvB6DfKgF8dgDhJl_d63rD-klkvmqjzCi_iujWQC-7s8NXeoM4sIS6I1zqXyniCdlGJdxLwC9Pt3xdrMZMxo-vrI6ejvvUAfobej8g2FNyxVD1vlO3G-il6uE4Ep_9nhy0svzSvcqLQMMiil-g3VCaBOFAJQ5j4CGvJdbPjbNlfVUqqPRdaRJFsGKP_nCy9_ke-c2_vAwdmnf%7C&hint=&td=&cc=DE&wsip=2887305230&bca=0&ugd=4&vgd_chost=contextual.media.net&vgd_fcic=1&vgde_kbbh=u9oNu9&vgde_setid=Nu9&&rc=0&ksu=207&oref=https%3A%2F%2Ft.co&fdkt=341&kwd[]=Report%20Identity%20Theft&kwt[]=341&kbc[]=im14678836&kwp[]=1&kid[]=24267917&kbc2[]=identity%20theft%7C%7Cps%3D0.989%7C%7Crpc%3D0.96%7C%7Clvl%3D1.00&ktd[]=274911658240&kwd[]=US%20Social%20Security&kwt[]=341&kbc[]=im26416785&kwp[]=2&kid[]=29494590&kbc2[]=-pron-%20government%7C%7Cps%3D0.989%7C%7Crpc%3D0.91%7C%7Clvl%3D1.00&ktd[]=274911658240&kwd[]=Free%20Social%20Security%20Services&kwt[]=341&kbc[]=im330029491&kwp[]=3&kid[]=330029491&kbc2[]=health%20insurance%20information%7C%7Cps%3D0.989%7C%7Crpc%3D0.29%7C%7Clvl%3D1.00&ktd[]=274894881024&kwd[]=Fraud%20Prevention%20Tips&kwt[]=341&kbc[]=im2996009&kwp[]=4&kid[]=86409734&kbc2[]=identity%20theft%7C%7Cps%3D0.989%7C%7Crpc%3D0.23%7C%7Clvl%3D1.00&ktd[]=274911658240&kwd[]=Tips%20to%20Prevent%20Ransomware&kwt[]=439&kbc[]=1261626550&kwp[]=5&kid[]=329660538&kbc2[]=clust%3D1%7C%7Ccomputers%20%26%20electronics%20%3E%20computer%20security%7C%7Cdiff%3D1%7C%7Csetid%3D3%7C%7Cps%3D0.981%7C%7Crpc%3D0.56%7C%7Clvl%3D1.00&ktd[]=864693602373472512&rand=1633777930989&cid=8CU5BD6EW&vwid=1633777930781686374&vi=1633777930781686374&l3ch=1&slnkp=no&tdAdd[]=ib=0&vgd_uspa=0&vgd_sc=HE&vgd_l1rakh=1633777930134220853&vgd_l1rhst=contextual.media.net&vgd_lhl=999&tdAdd[]=%7C%40%7Csde%3D1%7C%40%7Cadepth%3D2%7C%40%7Cddepth%3D1%7C%40%7Cfsap%3D0&vgd_ifrmode=00&sttm=1633777930606&upk=1633777931.2088&hvsid=00001633777930585036324930565234&verid=3121199&kbbq=%26sde%3D1%26adepth%3D2%26ddepth%3D1%26asn%3D33438&vgd_isiolc=1&npgv=1&pid=8PO9OT5EW&katen=1&pc=31&vgd_pgid=p1404547308t202110091112&matm=1633777930993&vgd_ltime=388&vgd_ltimesrc=2&abpl=2&tdAdd[]=nw%3DNone&tdAdd[]=nwType%3DNone&tdAdd[]=asnum%3D33438&tdAdd[]=proxy%3DNone&tdAdd[]=comp%3DNone&vgd_l3_sc=HE&vgd_l1ch=1&vgd_refdomain=t.co&vgd_katid=806241101&vgd_katbid=-21&vgd_kals=ttype%3D10002%7C%7Cpc%3D31&vgd_kasts=tstype%3D-10408%7C%7Cgbid%3D-1&vgd_altbql=sb&vgd_pdtid=1&vgd_implt=3&vgd_sbSup=1&vgd_l2wsip=2887305232&vgd_nrrsf=nrr&vgd_nrrv=72800&vgd_nrrs=72800&vgd_nrrmf=4a&vgd_cntrdt=AS%7CDIV-816788371%7CDIV&vgd_x_pos=325&vgd_y_pos=2041&vgd_ren_page_h=3975&vgd_cty=FRANKFURT&vgd_l1hcsd=N6%7C6737&vgd_sethcsd=N6%7C6640&vgd_cfud=200203&vgd_is_amp=0&vgd_icat=608&vgd_spcat=500434&vgd_optout=0&vgd_l2ch=1&vgd_ect=4g&vgd_rensize=610_250&vgd_scr_h=1200&vgd_scr_w=1600&vgd_mbr=1&vgd_l1rpth=%2Fdmedianet.js&vgd_pgids=2&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F123136%2Fmalware%2Fcox-media-group-ransomware.html%3Futm_source%3Drss&oRurl=http%3A%2F%2Fcdn3e%2Fmediamain.html%3F%26nb%3D1%26settings%3D1%26%26cc%3DDE%26isOffice%3D0%26fvips%3D0%26vi%3D1633777766732836493%26lw%3D1%26esi%3D1%26size%3D300x250%26crid%3D816788371%26vpf%3D000%26kwrf%3Dhttps%253a%252f%252ft.co%26cid%3D8CU5BD6EW%26ugd%3D4%26chost%3Dcontextual.media.net%26vif%3D1%26blacpfl%3D1%26https%3D1%26blapd%3D0%26nse%3D5%26baeFlag%3D1%26cpcd%3DRlAcVccC-RdUYIl-LjF9ag%253d%253d%26nb%3D1%26cb%3Dwindow._mNDetails.initAd%26gdpr%3D1%26pid%3D8PO9OT5EW%26requrl%3Dhttps%253a%252f%252fsecurityaffairs.co%252fwordpress%252f123136%252fmalware%252fcox-media-group-ransomware.html%253futm_source%253drss%26%26katid%3D806241101%26katen%3D1%26katbid%3D-21&tdAdd[]=uiparams%3D%3Brend_w%3A610%3Brend_h%3A250%3Bwin_w%3A1600%3Bwin_h%3A1200%3Bkwd_scnt%3A5&vgd_crefurl=https://t.co/&vgd_end=1
Requested by
Host: contextual.media.net
URL: https://contextual.media.net/4a/nrrV72800.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-235-93.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
c787e9dd6dc8ea3c935f5f0f30e3b9e4a3e066b4619bb244f569883f8e318a24
Security Headers
Name Value
Strict-Transport-Security max-age=21600

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=21600
server
Apache
date
Sat, 09 Oct 2021 11:12:11 GMT
ntcoent-length
15
vary
Accept-Encoding
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
*
cache-control
max-age=0, no-cache, no-store
content-length
15
expires
Sat, 09 Oct 2021 11:12:11 GMT
log
navvy.media.net/ Frame 018D 		35 B
96 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://navvy.media.net/log
Requested by
Host: contextual.media.net
URL: https://contextual.media.net/4a/nrrV72800.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.102.149.62 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
62.149.102.34.bc.googleusercontent.com
Software
Jetty(9.4.7.v20170914) /
Resource Hash
796c46ec10bc9105545f6f90d51593921b69956bd9087eb72bee83f40ad86f90

Request headers

Referer
https://securityaffairs.co/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Sat, 09 Oct 2021 11:12:11 GMT
via
1.1 google
server
Jetty(9.4.7.v20170914)
content-type
image/gif
access-control-allow-origin
*
cache-control
max-age=0, no-cache,no-store
alt-svc
clear
content-length
35
expires
Sat, 09 Oct 2021 11:12:11 GMT
nrrV72800.js
contextual.media.net/4a/ Frame 1F82 		91 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://contextual.media.net/4a/nrrV72800.js
Requested by
Host: contextual.media.net
URL: https://contextual.media.net/dmedianet.js?cid=8CU5BD6EW
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-235-93.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b4fa3f78fd5de15328ba71f880dc61f00fb0b26013deeb115cf2865347be1851
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
max-age=2592000
strict-transport-security
max-age=604800
content-encoding
gzip
server
Apache
etag
"6886442ba24a2b87df682d7c632eab66"
vary
Accept-Encoding
x-mnet-h
8-12
content-type
text/javascript; charset=utf-8
cache-control
max-age=1209600
date
Sat, 09 Oct 2021 11:12:11 GMT
content-length
30050
expires
Sat, 23 Oct 2021 11:12:11 GMT
truncated
/ Frame 1F82 		4 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
326c32d7ffbd04762a10cf5bb37441d418397959381d3893c9e9a48217aa5347

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ Frame 1F82 		2 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
b00af338864761a37a208806e2e8815b46327a5e7e47bf141f4fbdf6d1fd3bcc

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type
image/png
bullet11.woff
contextual.media.net/__media__/fonts/bullet11/ Frame 1F82 		2 KB
2 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://contextual.media.net/__media__/fonts/bullet11/bullet11.woff
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-235-93.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
c300b6a2877bb5b77918987020634e2c4981146589638e918bc4de730d19df90
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Referer
https://securityaffairs.co/
Origin
https://securityaffairs.co
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Sat, 09 Oct 2021 11:12:11 GMT
last-modified
Mon, 16 May 2016 10:39:41 GMT
server
Apache
strict-transport-security
max-age=604800
content-type
font/woff
access-control-allow-origin
*
cache-control
max-age=86400
accept-ranges
bytes
content-length
1748
expires
Sun, 10 Oct 2021 11:12:11 GMT
bullet13.woff
contextual.media.net/__media__/fonts/bullet13/ Frame 1F82 		2 KB
2 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://contextual.media.net/__media__/fonts/bullet13/bullet13.woff
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-235-93.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
6139b4d0af528ec1d0e26ae865c1ca04ac061d844ffa6ccc9e4adaa3af93a2f7
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Referer
https://securityaffairs.co/
Origin
https://securityaffairs.co
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Sat, 09 Oct 2021 11:12:11 GMT
last-modified
Mon, 16 May 2016 10:39:41 GMT
server
Apache
strict-transport-security
max-age=604800
content-type
application/font-woff
access-control-allow-origin
*
cache-control
max-age=86400
accept-ranges
bytes
content-length
1692
expires
Sun, 10 Oct 2021 11:12:11 GMT
bql.php
lg3.media.net/ Frame 1F82 		15 B
214 B 		Script
General
Check archive.org
Download Go to
Full URL
https://lg3.media.net/bql.php?&vgd_l2type=setting&v=1&gdpr=1&hvsid=00001633777930626036324930568202&geo=50.12|8.68&dlper=25&lper=100&fp=EIMN-ehR7Pps_CSyS_Yzo-2i1OixKc5bcJvKkD7oNWATQGXYvCMCRCfywJM27wD_ao2Z3QLyabmZrOeNVtUHMn3lRpgGKU-OSQmVOOQrm24Un5FULaJjNhycNp7gPW5mm7GMw_H8WNs%3D&lpid=&tsid=1&q=&prv=&type=&ps=&cme=-qkzMpzS_SK6EICjJFr7UQAVq03pMX1w2AtlG2GW5XHowJrMsa_Hqf_dl5zyQ7bcT21Y6V3tiC-c_tDKjJ_J2DwqU8e7iV2ikywvpn7xHym1gE6W6Qwi1Y_KJa67Ku1-64yBo53DwTdiSOQ9fEwbEP_Ru6trIePxPUV_dt_4u1pb8lZkWUaaJ-Oq0twQCL6aFAY86PuWxRE4vskDHbnwMc_LV1BnpC60UGFZ9mBDV4k%3D%7C%7CNDHRnZ9Gz3KXlI-i9OnZqQ%3D%3D%7C5gDUJdTGiJzedmq9hanWYg%3D%3D%7Cy2SqoJcE0s-9IUO1sSido6Y3VR48iOc4%7CP8cYadgfGfArsAfiaYve9iaq7AkkuSc-ea5Y5nVo_CB552rXBjvS56aipPjOfVpw7KdR2FZ-mLIM0aKG18UXnpEo4sPiNtQSySPewllgQcgGU2cUSXiV1JRq3o_ng5sT%7CN7fu2vKt8_s%3D%7CzuBrT_LoIFUZwfa_2v5ciz6e38l4RKAbbRPVxACR-do9ACfds50-KM1GyonRNQ1OlKtEOp1javMlhfdgEGnDarTsoDDaPoJ1qkdnWonZ6WaFbs9CuZC2Dei7NdXU-Plk4jtG_X-cME98MjNiZ7aDNwm7FcNJQkrgfc5tORV8dzN4POMxyyVAJh3m8YBUqm1ZHqGrLaJz14hbS8hMU2Gd6g%3D%3D%7C&hint=&td=&cc=DE&wsip=2887305235&bca=0&ugd=4&vgd_chost=contextual.media.net&vgd_fcic=1&vgde_kbbh=u9oNu9&vgde_setid=Nu9&&rc=0&ksu=207&oref=https%3A%2F%2Ft.co&fdkt=341&kwd[]=Report%20Identity%20Theft&kwt[]=341&kbc[]=im14678836&kwp[]=1&kid[]=24267917&kbc2[]=identity%20theft%7C%7Cps%3D0.989%7C%7Crpc%3D0.96%7C%7Clvl%3D1.00&ktd[]=274911658240&kwd[]=US%20Social%20Security&kwt[]=341&kbc[]=im26416785&kwp[]=2&kid[]=29494590&kbc2[]=-pron-%20government%7C%7Cps%3D0.989%7C%7Crpc%3D0.91%7C%7Clvl%3D1.00&ktd[]=274911658240&kwd[]=Free%20Social%20Security%20Services&kwt[]=341&kbc[]=im330029491&kwp[]=3&kid[]=330029491&kbc2[]=health%20insurance%20information%7C%7Cps%3D0.989%7C%7Crpc%3D0.29%7C%7Clvl%3D1.00&ktd[]=274894881024&kwd[]=Fraud%20Prevention%20Tips&kwt[]=341&kbc[]=im2996009&kwp[]=4&kid[]=86409734&kbc2[]=identity%20theft%7C%7Cps%3D0.989%7C%7Crpc%3D0.23%7C%7Clvl%3D1.00&ktd[]=274911658240&kwd[]=Locate%20Cell%20Phone%20by%20GPS&kwt[]=244&kbc[]=1203861796&kwp[]=5&kid[]=115340367&kbc2[]=ps%3D0.531%7C%7Crpc%3D0.09%7C%7Clvl%3D1.57&ktd[]=274911658240&rand=1633777931112&cid=8CU5BD6EW&vwid=1633777930827215715&vi=1633777930827215715&l3ch=0&slnkp=no&tdAdd[]=ib=0&vgd_uspa=0&vgd_sc=HE&vgd_l1rakh=1633777930134220853&vgd_l1rhst=contextual.media.net&vgd_lhl=997&tdAdd[]=%7C%40%7Csde%3D1%7C%40%7Cadepth%3D1%7C%40%7Cddepth%3D1%7C%40%7Cfsap%3D0&vgd_ifrmode=00&sttm=1633777930626&upk=1633777931.2088&hvsid=00001633777930626036324930568202&verid=3121199&kbbq=%26sde%3D1%26adepth%3D1%26ddepth%3D1%26asn%3D33438&vgd_isiolc=1&npgv=1&pid=8PO9OT5EW&katen=1&pc=4&vgd_pgid=p1404547308t202110091112&matm=1633777931116&vgd_ltime=492&vgd_ltimesrc=2&abpl=2&tdAdd[]=nw%3DNone&tdAdd[]=nwType%3DNone&tdAdd[]=asnum%3D33438&tdAdd[]=proxy%3DNone&tdAdd[]=comp%3DNone&vgd_l3_sc=HE&vgd_l1ch=1&vgd_refdomain=t.co&vgd_katid=800621998&vgd_katbid=-21&vgd_kals=ttype%3D10011%7C%7Cpc%3D4&vgd_kasts=tstype%3D-10408%7C%7Cgbid%3D-1&vgd_altbql=sb&vgd_pdtid=1&vgd_implt=3&vgd_sbSup=1&vgd_l2wsip=2887305231&vgd_nrrsf=nrr&vgd_nrrv=72800&vgd_nrrs=72800&vgd_nrrmf=4a&vgd_cntrdt=AS%7CDIV-647633027%7CDIV&vgd_x_pos=980&vgd_y_pos=723&vgd_ren_page_h=3975&vgd_cty=FRANKFURT&vgd_l1hcsd=N6%7C6737&vgd_sethcsd=N6%7C6640&vgd_cfud=200214&vgd_is_amp=0&vgd_icat=608&vgd_spcat=500434&vgd_optout=0&vgd_l2ch=1&vgd_ect=4g&vgd_rensize=300_250&vgd_scr_h=1200&vgd_scr_w=1600&vgd_mbr=1&vgd_l1rpth=%2Fdmedianet.js&vgd_pgids=2&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F123136%2Fmalware%2Fcox-media-group-ransomware.html%3Futm_source%3Drss&oRurl=http%3A%2F%2Fcdn3e%2Fmediamain.html%3F%26nb%3D1%26settings%3D1%26%26cc%3DDE%26isOffice%3D0%26fvips%3D0%26vi%3D1633777930827215715%26lw%3D1%26esi%3D1%26size%3D300x250%26crid%3D647633027%26vpf%3D000%26kwrf%3Dhttps%253a%252f%252ft.co%26cid%3D8CU5BD6EW%26ugd%3D4%26chost%3Dcontextual.media.net%26vif%3D1%26blacpfl%3D1%26https%3D1%26blapd%3D0%26nse%3D5%26baeFlag%3D1%26cpcd%3DRlAcVccC-RdUYIl-LjF9ag%253d%253d%26nb%3D1%26cb%3Dwindow._mNDetails.initAd%26gdpr%3D1%26pid%3D8PO9OT5EW%26requrl%3Dhttps%253a%252f%252fsecurityaffairs.co%252fwordpress%252f123136%252fmalware%252fcox-media-group-ransomware.html%253futm_source%253drss%26%26katid%3D800621998%26katen%3D1%26katbid%3D-21&tdAdd[]=uiparams%3D%3Brend_w%3A300%3Brend_h%3A250%3Bwin_w%3A1600%3Bwin_h%3A1200%3Bkwd_scnt%3A5&vgd_crefurl=https://t.co/&vgd_end=1
Requested by
Host: contextual.media.net
URL: https://contextual.media.net/4a/nrrV72800.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-235-93.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
c787e9dd6dc8ea3c935f5f0f30e3b9e4a3e066b4619bb244f569883f8e318a24
Security Headers
Name Value
Strict-Transport-Security max-age=21600

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=21600
server
Apache
date
Sat, 09 Oct 2021 11:12:11 GMT
ntcoent-length
15
vary
Accept-Encoding
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
*
cache-control
max-age=0, no-cache, no-store
content-length
15
expires
Sat, 09 Oct 2021 11:12:11 GMT
log
navvy.media.net/ Frame 1F82 		35 B
96 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://navvy.media.net/log
Requested by
Host: contextual.media.net
URL: https://contextual.media.net/4a/nrrV72800.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.102.149.62 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
62.149.102.34.bc.googleusercontent.com
Software
Jetty(9.4.7.v20170914) /
Resource Hash
796c46ec10bc9105545f6f90d51593921b69956bd9087eb72bee83f40ad86f90

Request headers

Referer
https://securityaffairs.co/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Sat, 09 Oct 2021 11:12:11 GMT
via
1.1 google
server
Jetty(9.4.7.v20170914)
content-type
image/gif
access-control-allow-origin
*
cache-control
max-age=0, no-cache,no-store
alt-svc
clear
content-length
35
expires
Sat, 09 Oct 2021 11:12:11 GMT
log
lg3.media.net/ 		35 B
204 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lg3.media.net/log?&logid=kfk&evtid=adPrvLog&otherprov=0&cid=8CU5BD6EW&crid=184323154&cc=DE&ugd=4&timeTaken=1&vi=1633777930295247159&r=1633777931122
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-235-93.deploy.static.akamaitechnologies.com
Software
Jetty(9.4.35.v20201120) /
Resource Hash
796c46ec10bc9105545f6f90d51593921b69956bd9087eb72bee83f40ad86f90
Security Headers
Name Value
Strict-Transport-Security max-age=21600

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 09 Oct 2021 11:12:11 GMT
server
Jetty(9.4.35.v20201120)
strict-transport-security
max-age=21600
content-type
image/gif
access-control-allow-origin
*
cache-control
max-age=0, no-cache, no-store
content-length
35
expires
Sat, 09 Oct 2021 11:12:11 GMT
json
gum.criteo.com/sid/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fsecurityaffairs.co%2F&domain=securityaffairs.co&cw=1&lsw=1
Protocol
H2
Server
178.250.2.146 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept
*/*
Access-Control-Request-Method
GET
Access-Control-Request-Headers
content-type
Origin
https://securityaffairs.co
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
content-type
application/json; charset=utf-8
expires
0
strict-transport-security
max-age=31536000
access-control-allow-origin
https://securityaffairs.co
access-control-allow-headers
content-type
access-control-allow-credentials
true
access-control-allow-methods
GET
server-processing-duration-in-ticks
1223
date
Sat, 09 Oct 2021 11:12:10 GMT
content-encoding
gzip
vary
Accept-Encoding
json
gum.criteo.com/sid/ 		353 B
632 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fsecurityaffairs.co%2F&domain=securityaffairs.co&cw=1&lsw=1
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.2.146 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
/
Resource Hash
2f463337669a76ba14b6b42f545cd44faeb9cd0f85c4cc9a7f0705643af6f047
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://securityaffairs.co/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type
application/json

Response headers

pragma
no-cache
strict-transport-security
max-age=31536000
content-encoding
gzip
date
Sat, 09 Oct 2021 11:12:11 GMT
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/json; charset=utf-8
access-control-allow-origin
https://securityaffairs.co
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
server-processing-duration-in-ticks
2085
expires
0
529.json
id5-sync.com/g/v2/ 		213 B
536 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://id5-sync.com/g/v2/529.json
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
51.195.5.234 , France, ASN16276 (OVH, FR),
Reverse DNS
p36.id5-sync.com
Software
/
Resource Hash
d3e2a8298f1fcad8a4b387a0571c901e18789ca8ad7b01589331a64ea9ef37b7
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Referer
https://securityaffairs.co/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type
text/plain

Response headers

Access-Control-Allow-Origin
https://securityaffairs.co
Date
Sat, 09 Oct 2021 11:12:10 GMT
Access-Control-Allow-Credentials
true
Vary
Origin
Transfer-Encoding
chunked
Strict-Transport-Security
max-age=63072000; includeSubDomains; preload
Content-Type
application/json;charset=UTF-8
envelope
api.rlcdn.com/api/identity/ 		0
0
rid
match.adsrvr.org/track/ 		109 B
543 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://match.adsrvr.org/track/rid?ttd_pid=yoni5uv&fmt=json
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
76.223.111.131 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a97adde81b00f2ca4.awsglobalaccelerator.com
Software
/
Resource Hash
832b5e3927e50906234e44a009836556e67cff96e6efcc1cc51e6f856ca5fb20

Request headers

Referer
https://securityaffairs.co/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type
text/plain

Response headers

date
Sat, 09 Oct 2021 11:12:11 GMT
x-aspnet-version
4.0.30319
vary
Origin
content-type
application/json; charset=utf-8
access-control-allow-origin
https://securityaffairs.co
cache-control
private
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Content-Length, Content-Encoding, Vary, Cache-Control, Accept
content-length
109
expires
Mon, 08 Nov 2021 11:12:11 GMT
bounce
secure.adnxs.com/
Redirect Chain
  • https://secure.adnxs.com/seg?add=27578926%2C27578926&t=1
  • https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D27578926%252C27578926%26t%3D1
0
1009 B 		Script
General
Check archive.org
Download Go to
Full URL
https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D27578926%252C27578926%26t%3D1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.223.178 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
824.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.17.9 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 09 Oct 2021 11:12:11 GMT
X-Proxy-Origin
216.131.114.222; 216.131.114.222; 824.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid
1daff289-25b0-4432-b7f1-747858205491
Server
nginx/1.17.9
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
*
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/javascript; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Sat, 09 Oct 2021 11:12:11 GMT
X-Proxy-Origin
216.131.114.222; 216.131.114.222; 824.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid
747f677e-617f-46c3-ad58-7469ad381410
Server
nginx/1.17.9
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D27578926%252C27578926%26t%3D1
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
bounce
secure.adnxs.com/
Redirect Chain
  • https://secure.adnxs.com/seg?add=27578935%2C27578935&t=1
  • https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D27578935%252C27578935%26t%3D1
0
1009 B 		Script
General
Check archive.org
Download Go to
Full URL
https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D27578935%252C27578935%26t%3D1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.223.178 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
824.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.17.9 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 09 Oct 2021 11:12:11 GMT
X-Proxy-Origin
216.131.114.222; 216.131.114.222; 824.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid
2ac227d4-61ee-4ab1-8bb8-0c195a4c660c
Server
nginx/1.17.9
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
*
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/javascript; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Sat, 09 Oct 2021 11:12:11 GMT
X-Proxy-Origin
216.131.114.222; 216.131.114.222; 824.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid
e1070a4c-99bb-4e65-8f65-fa6708ee31f4
Server
nginx/1.17.9
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D27578935%252C27578935%26t%3D1
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
cookie_sync
prebidserver.pixfuture.com/ 		288 B
660 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebidserver.pixfuture.com/cookie_sync
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
157.245.94.128 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
f7a761c71e69933698cdf0bbe387fbeebeb3de97c36e692f1f924cdeadce993b

Request headers

Referer
https://securityaffairs.co/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Sat, 09 Oct 2021 11:12:11 GMT
Server
nginx/1.14.0 (Ubuntu)
Vary
Origin
Content-Type
application/json; charset=utf-8
Access-Control-Allow-Origin
https://securityaffairs.co
Cache-Control
no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
288
Expires
0
auction
prebidserver.pixfuture.com/openrtb2/ 		229 B
586 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebidserver.pixfuture.com/openrtb2/auction
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
157.245.94.128 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
5978a4bc1dc3d8f1c681398d53ba953a6aec693b4029df103b73ae90cf705079

Request headers

Referer
https://securityaffairs.co/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Sat, 09 Oct 2021 11:12:11 GMT
Server
nginx/1.14.0 (Ubuntu)
Vary
Origin
Content-Type
application/json
Access-Control-Allow-Origin
https://securityaffairs.co
Cache-Control
no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
229
Expires
0
fastlane.json
fastlane.rubiconproject.com/a/api/ 		241 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=23564&site_id=378734&zone_id=2094440&size_id=43&p_pos=atf&rp_schain=1.0,1!pixfuture.com,4142,1,,,&rf=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F123136%2Fmalware%2Fcox-media-group-ransomware.html%3Futm_source%3Drss%26utm_medium%3Drss%26utm_campaign%3Dcox-media-group-ransomware&tk_flint=pbjs_lite_v5.9.0-pre&x_source.tid=c3797f40-f673-4bb6-97b9-53cc144ec9af&p_screen_res=1600x1200&rp_floor=0.1&rp_secure=1&rp_maxbids=1&slots=1&rand=0.9790231577720325
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_GCM
Server
69.173.144.140 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.16.0 /
Resource Hash
f9e853f6b024d14bd6d887e11a37838c3545e558e3e4079b008b7698edac71ac

Request headers

Referer
https://securityaffairs.co/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Sat, 09 Oct 2021 11:12:11 GMT
Server
nginx/1.16.0
Vary
Accept-Encoding
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
https://securityaffairs.co
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json
Content-Length
241
Expires
Wed, 17 Sep 1975 21:32:10 GMT
prebid
prebid.media.net/rtb/ 		1 KB
802 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebid.media.net/rtb/prebid?cid=8CUIUMTP7
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.107.148.139 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
139.148.107.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
32d6bf2fb9aa075733140baf986a5e8dbfb28e4a6eee429777e35e6b550528ca

Request headers

Referer
https://securityaffairs.co/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sat, 09 Oct 2021 11:12:11 GMT
content-encoding
gzip
server
nginx
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://securityaffairs.co
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
alt-svc
clear
via
1.1 google
arj
pixfuture2-d.openx.net/w/1.0/ 		173 B
355 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://pixfuture2-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F123136%2Fmalware%2Fcox-media-group-ransomware.html%3Futm_source%3Drss%26utm_medium%3Drss%26utm_campaign%3Dcox-media-group-ransomware&ch=UTF-8&res=1600x1200x24&ifr=false&tz=0&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=c3797f40-f673-4bb6-97b9-53cc144ec9af&nocache=1633777931248&pubcid=289cb6b8-1c54-4932-9ad9-665438eaf9c1&schain=1.0%2C1!pixfuture.com%2C4142%2C1%2C%2C%2C&aus=320x50&divids=24272x320x50x4142x_ADSLOT1&aucs=&auid=540580841&tps=bXlrZXl3b3JkPWNveCxtZWRpYSxncm91cCx0b29rLGRvd24sYnJvYWRjYXN0cyxhZnRlcixyYW5zb213YXJlLGF0dGFja3NlY3VyaXR5LGFmZmFpcnMmbXlvdGhlcmtleXdvcmQ9Y294LG1lZGlhLGdyb3VwLHRvb2ssZG93bixicm9hZGNhc3RzLGFmdGVyLHJhbnNvbXdhcmUsYXR0YWNrc2VjdXJpdHksYWZmYWlycw%3D%3D
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/16.216.4 /
Resource Hash
cb3898539f295f6bfabd91ce75396ef053214987ec3724f9412f2069bce77179

Request headers

Referer
https://securityaffairs.co/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sat, 09 Oct 2021 11:12:11 GMT
content-encoding
gzip
server
OXGW/16.216.4
vary
Accept, Accept-Encoding
p3p
CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin
https://securityaffairs.co
cache-control
private, max-age=0, no-cache
access-control-allow-credentials
true
content-type
application/json
alt-svc
clear
content-length
164
via
1.1 google
expires
Mon, 26 Jul 1997 05:00:00 GMT
prebid
ib.adnxs.com/ut/v3/ 		144 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.220.243 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
722.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.17.9 /
Resource Hash
dbd3586d412945dc310695757488e0a69ee0435183f46db38481d96b72f1f593
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://securityaffairs.co/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Sat, 09 Oct 2021 11:12:11 GMT
X-Proxy-Origin
216.131.114.222; 216.131.114.222; 722.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid
5372ed97-0316-46a1-a39e-7f38278f643e
Server
nginx/1.17.9
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
https://securityaffairs.co
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json; charset=utf-8
Content-Length
144
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
trinity.json
apex.go.sonobi.com/ 		95 B
737 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://apex.go.sonobi.com/trinity.json?key_maker=%7B%22124b875b4d6e75d%22%3A%22277a716b3c3b01668abf%7C320x50%7Cf%3D0.3%22%7D&ref=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F123136%2Fmalware%2Fcox-media-group-ransomware.html%3Futm_source%3Drss%26utm_medium%3Drss%26utm_campaign%3Dcox-media-group-ransomware&s=cf9a2d6c-2d38-49f1-a8ef-f5b4ed30a753&pv=6f3bf4c6-7b4f-4410-91da-9664fc263b70&vp=desktop&lib_name=prebid&lib_v=5.9.0-pre&us=0&ius=1&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22pixfuture.com%22%2C%22sid%22%3A%224142%22%2C%22hp%22%3A1%7D%5D%7D&kw=cox%2Cmedia%2Cgroup%2Ctook%2Cdown%2Cbroadcasts%2Cafter%2Cransomware%2Cattacksecurity%2Caffairs&coppa=0
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
178.162.133.150 Rotterdam, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
ams-1-apex.go.sonobi.com
Software
sonobi-go /
Resource Hash
cc08fba6cebc2050e5dfa05b7f56b15533b5edbb1b5add4c2f3657b5faf49259
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://securityaffairs.co/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Sat, 09 Oct 2021 11:12:11 GMT
Content-Encoding
gzip
Server
sonobi-go
Vary
negotiate,Accept-Encoding
X-Go-Server
apex-ams-1-6-129
P3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin
https://securityaffairs.co
Cache-Control
no-cache, no-store, private
Access-Control-Allow-Credentials
true
Tcn
Choice
Content-Type
application/json
Content-Length
120
X-Xss-Protection
0
Expires
Sat, 26 Jul 1997 05:00:00 GMT
bid
ap.lijit.com/rtb/ 		24 B
650 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ap.lijit.com/rtb/bid?src=prebid_prebid_5.9.0-pre
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
63.251.14.14 , United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
Software
/
Resource Hash
a741a8edd1174dc1585e82df21186c8fc990d1799c9c4fd536c9298b1be80b14

Request headers

Referer
https://securityaffairs.co/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type
text/plain

Response headers

Date
Sat, 09 Oct 2021 11:12:11 GMT
Vary
Accept-Encoding, User-Agent
Access-Control-Allow-Methods
GET, POST, DELETE, PUT
Content-Type
application/json
Access-Control-Allow-Origin
https://securityaffairs.co
Access-Control-Allow-Credentials
true
X-Sovrn-Pod
ad_ap1sea1
Access-Control-Allow-Headers
X-Requested-With, Content-Type
Content-Length
24
v1
btlr.sharethrough.com/WYu2BXv1/ 		0
114 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://btlr.sharethrough.com/WYu2BXv1/v1
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.158.15.79 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-158-15-79.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://securityaffairs.co/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://securityaffairs.co
date
Sat, 09 Oct 2021 11:12:11 GMT
access-control-allow-credentials
true
vary
Origin
translator
hbopenbid.pubmatic.com/ 		0
116 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://securityaffairs.co/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://securityaffairs.co
date
Sat, 09 Oct 2021 11:12:10 GMT
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
hb
ssc.33across.com/api/v1/ 		66 B
289 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ssc.33across.com/api/v1/hb?guid=azC7qard4r6OkMaKlId8sQ
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.149.20.76 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
76.20.149.34.bc.googleusercontent.com
Software
/ 33Across
Resource Hash
69a8bcf21ec4a8d29e1e52f2a810bc6d54d0fa8ff15153e188f200c23c9363a6

Request headers

Referer
https://securityaffairs.co/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type
text/plain

Response headers

date
Sat, 09 Oct 2021 11:12:11 GMT
content-encoding
gzip
status
200 OK
x-powered-by
33Across
vary
Accept-Encoding, Origin
content-type
application/json; charset=utf-8
access-control-allow-origin
https://securityaffairs.co
access-control-allow-credentials
true
alt-svc
clear
via
1.1 google
auction
prebidserver.pixfuture.com/openrtb2/ 		154 B
511 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebidserver.pixfuture.com/openrtb2/auction
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
157.245.94.128 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
1ec3529d04b3a13b0ee1679c517edc48ca180123213148c2447504431af6478c

Request headers

Referer
https://securityaffairs.co/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Sat, 09 Oct 2021 11:12:11 GMT
Server
nginx/1.14.0 (Ubuntu)
Vary
Origin
Content-Type
application/json
Access-Control-Allow-Origin
https://securityaffairs.co
Cache-Control
no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
154
Expires
0
prebid
prebid.media.net/rtb/ 		1 KB
664 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebid.media.net/rtb/prebid?cid=8CUIUMTP7
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.107.148.139 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
139.148.107.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
8a98ea1ee04c0678362e15338269029c9b8d6e0f53c61f58bcd5e76579bc3ace

Request headers

Referer
https://securityaffairs.co/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sat, 09 Oct 2021 11:12:11 GMT
content-encoding
gzip
server
nginx
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://securityaffairs.co
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
alt-svc
clear
via
1.1 google
bid
ap.lijit.com/rtb/ 		24 B
650 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ap.lijit.com/rtb/bid?src=prebid_prebid_5.9.0-pre
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
63.251.14.14 , United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
Software
/
Resource Hash
41fcae5996e565973710c6bcc948cccba5b22d79ac6c8aa0b31eea59c0c60e3c

Request headers

Referer
https://securityaffairs.co/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type
text/plain

Response headers

Date
Sat, 09 Oct 2021 11:12:11 GMT
Vary
Accept-Encoding, User-Agent
Access-Control-Allow-Methods
GET, POST, DELETE, PUT
Content-Type
application/json
Access-Control-Allow-Origin
https://securityaffairs.co
Access-Control-Allow-Credentials
true
X-Sovrn-Pod
ad_ap1sea1
Access-Control-Allow-Headers
X-Requested-With, Content-Type
Content-Length
24
v1
btlr.sharethrough.com/WYu2BXv1/ 		0
113 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://btlr.sharethrough.com/WYu2BXv1/v1
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.158.15.79 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-158-15-79.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://securityaffairs.co/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://securityaffairs.co
date
Sat, 09 Oct 2021 11:12:11 GMT
access-control-allow-credentials
true
vary
Origin
trinity.json
apex.go.sonobi.com/ 		95 B
735 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://apex.go.sonobi.com/trinity.json?key_maker=%7B%2231bf8a61f5eae3b%22%3A%22277a716b3c3b01668abf%7C320x50%7Cf%3D0.3%22%7D&ref=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F123136%2Fmalware%2Fcox-media-group-ransomware.html%3Futm_source%3Drss%26utm_medium%3Drss%26utm_campaign%3Dcox-media-group-ransomware&s=51542140-14ce-4914-9b91-d11d3c0d5dfa&pv=6f3bf4c6-7b4f-4410-91da-9664fc263b70&vp=desktop&lib_name=prebid&lib_v=5.9.0-pre&us=0&ius=1&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22pixfuture.com%22%2C%22sid%22%3A%224142%22%2C%22hp%22%3A1%7D%5D%7D&kw=cox%2Cmedia%2Cgroup%2Ctook%2Cdown%2Cbroadcasts%2Cafter%2Cransomware%2Cattacksecurity%2Caffairs&coppa=0
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
178.162.133.150 Rotterdam, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
ams-1-apex.go.sonobi.com
Software
sonobi-go /
Resource Hash
f8c3768115647733e83b8ba617baf5c82d6d8d1c069e1b366cc2be117ffb6f98
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://securityaffairs.co/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Sat, 09 Oct 2021 11:12:11 GMT
Content-Encoding
gzip
Server
sonobi-go
Vary
negotiate,Accept-Encoding
X-Go-Server
apex-ams-1-6-10
P3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin
https://securityaffairs.co
Cache-Control
no-cache, no-store, private
Access-Control-Allow-Credentials
true
Tcn
Choice
Content-Type
application/json
Content-Length
120
X-Xss-Protection
0
Expires
Sat, 26 Jul 1997 05:00:00 GMT
fastlane.json
fastlane.rubiconproject.com/a/api/ 		241 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=23564&site_id=378734&zone_id=2094440&size_id=43&p_pos=atf&rp_schain=1.0,1!pixfuture.com,4142,1,,,&rf=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F123136%2Fmalware%2Fcox-media-group-ransomware.html%3Futm_source%3Drss%26utm_medium%3Drss%26utm_campaign%3Dcox-media-group-ransomware&tk_flint=pbjs_lite_v5.9.0-pre&x_source.tid=a617e616-2619-4e5e-8cad-7471812c6562&p_screen_res=1600x1200&rp_floor=0.1&rp_secure=1&rp_maxbids=1&slots=1&rand=0.3781538379883851
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_GCM
Server
69.173.144.140 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.16.0 /
Resource Hash
8d3399f1e2a2ddb7d3eb397afd4aed218ade10f45bbac659bd85ed25611057f4

Request headers

Referer
https://securityaffairs.co/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Sat, 09 Oct 2021 11:12:11 GMT
Server
nginx/1.16.0
Vary
Accept-Encoding
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
https://securityaffairs.co
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json
Content-Length
241
Expires
Wed, 17 Sep 1975 21:32:10 GMT
hb
ssc.33across.com/api/v1/ 		66 B
148 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ssc.33across.com/api/v1/hb?guid=azC7qard4r6OkMaKlId8sQ
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.149.20.76 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
76.20.149.34.bc.googleusercontent.com
Software
/ 33Across
Resource Hash
c1f91573e1d33e0d1ca2f815b2abd793fd7bb2413aa196b36563dc99166b212b

Request headers

Referer
https://securityaffairs.co/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type
text/plain

Response headers

date
Sat, 09 Oct 2021 11:12:11 GMT
content-encoding
gzip
status
200 OK
x-powered-by
33Across
vary
Accept-Encoding, Origin
content-type
application/json; charset=utf-8
access-control-allow-origin
https://securityaffairs.co
access-control-allow-credentials
true
alt-svc
clear
via
1.1 google
translator
hbopenbid.pubmatic.com/ 		0
60 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://securityaffairs.co/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://securityaffairs.co
date
Sat, 09 Oct 2021 11:12:10 GMT
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
prebid
ib.adnxs.com/ut/v3/ 		145 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.220.243 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
722.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.17.9 /
Resource Hash
0de95a04e26a71572528a1f70c39db43a3656197a28643aee11694c32a3c861f
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://securityaffairs.co/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Sat, 09 Oct 2021 11:12:11 GMT
X-Proxy-Origin
216.131.114.222; 216.131.114.222; 722.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid
11d4b76e-6ce8-463c-83c9-58bccbb14385
Server
nginx/1.17.9
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
https://securityaffairs.co
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json; charset=utf-8
Content-Length
145
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
arj
pixfuture2-d.openx.net/w/1.0/ 		173 B
560 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://pixfuture2-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F123136%2Fmalware%2Fcox-media-group-ransomware.html%3Futm_source%3Drss%26utm_medium%3Drss%26utm_campaign%3Dcox-media-group-ransomware&ch=UTF-8&res=1600x1200x24&ifr=false&tz=0&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=a617e616-2619-4e5e-8cad-7471812c6562&nocache=1633777931268&pubcid=289cb6b8-1c54-4932-9ad9-665438eaf9c1&schain=1.0%2C1!pixfuture.com%2C4142%2C1%2C%2C%2C&aus=320x50&divids=24272x320x50x4142x_ADSLOT1&aucs=&auid=540580841&tps=bXlrZXl3b3JkPWNveCxtZWRpYSxncm91cCx0b29rLGRvd24sYnJvYWRjYXN0cyxhZnRlcixyYW5zb213YXJlLGF0dGFja3NlY3VyaXR5LGFmZmFpcnMmbXlvdGhlcmtleXdvcmQ9Y294LG1lZGlhLGdyb3VwLHRvb2ssZG93bixicm9hZGNhc3RzLGFmdGVyLHJhbnNvbXdhcmUsYXR0YWNrc2VjdXJpdHksYWZmYWlycw%3D%3D
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/16.216.4 /
Resource Hash
25f82e367169cac25434d78d4122c9291a7df2e0da52386fcde75c845811e5be

Request headers

Referer
https://securityaffairs.co/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sat, 09 Oct 2021 11:12:11 GMT
content-encoding
gzip
server
OXGW/16.216.4
vary
Accept, Accept-Encoding
p3p
CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin
https://securityaffairs.co
cache-control
private, max-age=0, no-cache
access-control-allow-credentials
true
content-type
application/json
alt-svc
clear
content-length
164
via
1.1 google
expires
Mon, 26 Jul 1997 05:00:00 GMT
auction
prebidserver.pixfuture.com/openrtb2/ 		567 B
924 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebidserver.pixfuture.com/openrtb2/auction
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
157.245.94.128 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
cd5a495df796181926b443bb4de67f231f3c05f1ebea6cf8e921a47e57177115

Request headers

Referer
https://securityaffairs.co/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Sat, 09 Oct 2021 11:12:12 GMT
Server
nginx/1.14.0 (Ubuntu)
Vary
Origin
Content-Type
application/json
Access-Control-Allow-Origin
https://securityaffairs.co
Cache-Control
no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
567
Expires
0
bid
ap.lijit.com/rtb/ 		24 B
650 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ap.lijit.com/rtb/bid?src=prebid_prebid_5.9.0-pre
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
63.251.14.14 , United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
Software
/
Resource Hash
f60f5344d7e96de6c0687d6dec06a542a74840af306ca243b1d864333ee814d4

Request headers

Referer
https://securityaffairs.co/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type
text/plain

Response headers

Date
Sat, 09 Oct 2021 11:12:11 GMT
Vary
Accept-Encoding, User-Agent
Access-Control-Allow-Methods
GET, POST, DELETE, PUT
Content-Type
application/json
Access-Control-Allow-Origin
https://securityaffairs.co
Access-Control-Allow-Credentials
true
X-Sovrn-Pod
ad_ap1sea1
Access-Control-Allow-Headers
X-Requested-With, Content-Type
Content-Length
24
translator
hbopenbid.pubmatic.com/ 		0
60 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://securityaffairs.co/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://securityaffairs.co
date
Sat, 09 Oct 2021 11:12:10 GMT
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
hb
ssc.33across.com/api/v1/ 		66 B
148 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ssc.33across.com/api/v1/hb?guid=azC7qard4r6OkMaKlId8sQ
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.149.20.76 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
76.20.149.34.bc.googleusercontent.com
Software
/ 33Across
Resource Hash
96e6e10694fe4331640d1d82803b91c779f54997e6f901b32ebd7935a84c04be

Request headers

Referer
https://securityaffairs.co/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type
text/plain

Response headers

date
Sat, 09 Oct 2021 11:12:11 GMT
content-encoding
gzip
status
200 OK
x-powered-by
33Across
vary
Accept-Encoding, Origin
content-type
application/json; charset=utf-8
access-control-allow-origin
https://securityaffairs.co
access-control-allow-credentials
true
alt-svc
clear
via
1.1 google
trinity.json
apex.go.sonobi.com/ 		95 B
737 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://apex.go.sonobi.com/trinity.json?key_maker=%7B%22529ed48f632ed36%22%3A%22833199e4bd4003904bc3%7C300x250%7Cf%3D0.3%22%7D&ref=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F123136%2Fmalware%2Fcox-media-group-ransomware.html%3Futm_source%3Drss%26utm_medium%3Drss%26utm_campaign%3Dcox-media-group-ransomware&s=913c930b-eca9-4ed7-9e07-490c190148eb&pv=6f3bf4c6-7b4f-4410-91da-9664fc263b70&vp=desktop&lib_name=prebid&lib_v=5.9.0-pre&us=0&ius=1&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22pixfuture.com%22%2C%22sid%22%3A%224142%22%2C%22hp%22%3A1%7D%5D%7D&userid=%7B%22id5id%22%3A%220%22%7D&eids=%5B%7B%22source%22%3A%22id5-sync.com%22%2C%22uids%22%3A%5B%7B%22id%22%3A%220%22%2C%22atype%22%3A1%2C%22ext%22%3A%7B%22linkType%22%3A0%7D%7D%5D%7D%5D&kw=cox%2Cmedia%2Cgroup%2Ctook%2Cdown%2Cbroadcasts%2Cafter%2Cransomware%2Cattacksecurity%2Caffairs&coppa=0
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
178.162.133.150 Rotterdam, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
ams-1-apex.go.sonobi.com
Software
sonobi-go /
Resource Hash
c23e514f1516f1bc826157d5dfa2ceca6d447de5d8fbf2622fe6bbba1f907166
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://securityaffairs.co/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Sat, 09 Oct 2021 11:12:11 GMT
Content-Encoding
gzip
Server
sonobi-go
Vary
negotiate,Accept-Encoding
X-Go-Server
apex-ams-1-6-128
P3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin
https://securityaffairs.co
Cache-Control
no-cache, no-store, private
Access-Control-Allow-Credentials
true
Tcn
Choice
Content-Type
application/json
Content-Length
120
X-Xss-Protection
0
Expires
Sat, 26 Jul 1997 05:00:00 GMT
bidRequest
c2shb.ssp.yahoo.com/ 		62 B
478 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a969105017575db4f32dc2eda5c0067&pos=pixfuture_network_news_300x250&cmd=bid&eidid5-sync.com=0&secure=1
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
52.28.203.152 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-28-203-152.eu-central-1.compute.amazonaws.com
Software
ATS/7.1.2.138 /
Resource Hash
8375383069ddf04a2f833cedbf929693077af09b1d3ba60bb01c54c508d70961

Request headers

Referer
https://securityaffairs.co/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type
text/plain

Response headers

Date
Sat, 09 Oct 2021 11:12:11 GMT
Server
ATS/7.1.2.138
Age
0
Vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods
POST,GET,HEAD,OPTIONS
Content-Type
application/json;charset=utf-8
Access-Control-Allow-Origin
https://securityaffairs.co
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
62
prebid
prebid.media.net/rtb/ 		1 KB
663 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebid.media.net/rtb/prebid?cid=8CUIUMTP7
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.107.148.139 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
139.148.107.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
c96bdc8e52fd7fed4899a9d07c0db2d07d9198cb686632a7f464501e43b3bff1

Request headers

Referer
https://securityaffairs.co/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sat, 09 Oct 2021 11:12:11 GMT
content-encoding
gzip
server
nginx
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://securityaffairs.co
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
alt-svc
clear
via
1.1 google
arj
pixfuture2-d.openx.net/w/1.0/ 		173 B
355 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://pixfuture2-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F123136%2Fmalware%2Fcox-media-group-ransomware.html%3Futm_source%3Drss%26utm_medium%3Drss%26utm_campaign%3Dcox-media-group-ransomware&ch=UTF-8&res=1600x1200x24&ifr=false&tz=0&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=40c027f7-b24f-44f8-8530-e50fed71a49c&nocache=1633777931314&id5id=0&pubcid=289cb6b8-1c54-4932-9ad9-665438eaf9c1&schain=1.0%2C1!pixfuture.com%2C4142%2C1%2C%2C%2C&aus=300x250&divids=24270x300x250x4142x_ADSLOT1&aucs=&auid=540580840&tps=bXlrZXl3b3JkPWNveCxtZWRpYSxncm91cCx0b29rLGRvd24sYnJvYWRjYXN0cyxhZnRlcixyYW5zb213YXJlLGF0dGFja3NlY3VyaXR5LGFmZmFpcnMmbXlvdGhlcmtleXdvcmQ9Y294LG1lZGlhLGdyb3VwLHRvb2ssZG93bixicm9hZGNhc3RzLGFmdGVyLHJhbnNvbXdhcmUsYXR0YWNrc2VjdXJpdHksYWZmYWlycw%3D%3D
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/16.216.4 /
Resource Hash
07e9ed75312f8e8b07d6895214908e9fe814b28f29e539cc9383e1e6bebe9a24

Request headers

Referer
https://securityaffairs.co/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sat, 09 Oct 2021 11:12:11 GMT
content-encoding
gzip
server
OXGW/16.216.4
vary
Accept, Accept-Encoding
p3p
CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin
https://securityaffairs.co
cache-control
private, max-age=0, no-cache
access-control-allow-credentials
true
content-type
application/json
alt-svc
clear
content-length
164
via
1.1 google
expires
Mon, 26 Jul 1997 05:00:00 GMT
v1
btlr.sharethrough.com/WYu2BXv1/ 		0
113 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://btlr.sharethrough.com/WYu2BXv1/v1
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.158.15.79 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-158-15-79.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://securityaffairs.co/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://securityaffairs.co
date
Sat, 09 Oct 2021 11:12:11 GMT
access-control-allow-credentials
true
vary
Origin
prebid
ib.adnxs.com/ut/v3/ 		145 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.220.243 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
722.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.17.9 /
Resource Hash
34009480c0169d19093d8f0c005598da01d4f2bfa1dc57a6820566e15bc238a9
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://securityaffairs.co/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Sat, 09 Oct 2021 11:12:11 GMT
X-Proxy-Origin
216.131.114.222; 216.131.114.222; 722.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid
b384ba97-9a4a-4f8e-a57d-383cd55c3b3a
Server
nginx/1.17.9
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
https://securityaffairs.co
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json; charset=utf-8
Content-Length
145
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
fastlane.json
fastlane.rubiconproject.com/a/api/ 		241 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=23564&site_id=378734&zone_id=2094440&size_id=15&p_pos=atf&rp_schain=1.0,1!pixfuture.com,4142,1,,,&eid_id5-sync.com=0%5E1%5E&rf=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F123136%2Fmalware%2Fcox-media-group-ransomware.html%3Futm_source%3Drss%26utm_medium%3Drss%26utm_campaign%3Dcox-media-group-ransomware&tk_flint=pbjs_lite_v5.9.0-pre&x_source.tid=40c027f7-b24f-44f8-8530-e50fed71a49c&p_screen_res=1600x1200&rp_floor=0.1&rp_secure=1&rp_maxbids=1&slots=1&rand=0.11127501073500645
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_GCM
Server
69.173.144.140 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.16.0 /
Resource Hash
21baf3a385791252be8a2d62a32e3b8124a972d0df48e5eff133e1236fca290c

Request headers

Referer
https://securityaffairs.co/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Sat, 09 Oct 2021 11:12:11 GMT
Server
nginx/1.16.0
Vary
Accept-Encoding
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
https://securityaffairs.co
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json
Content-Length
241
Expires
Wed, 17 Sep 1975 21:32:10 GMT
auction
prebidserver.pixfuture.com/openrtb2/ 		229 B
586 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebidserver.pixfuture.com/openrtb2/auction
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
157.245.94.128 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
7e158cb3833d2797c78acf8b6182846ff1c5971ede11ae0910b7a08178c1da2a

Request headers

Referer
https://securityaffairs.co/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Sat, 09 Oct 2021 11:12:12 GMT
Server
nginx/1.14.0 (Ubuntu)
Vary
Origin
Content-Type
application/json
Access-Control-Allow-Origin
https://securityaffairs.co
Cache-Control
no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
229
Expires
0
hb
ssc.33across.com/api/v1/ 		66 B
148 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ssc.33across.com/api/v1/hb?guid=azC7qard4r6OkMaKlId8sQ
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.149.20.76 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
76.20.149.34.bc.googleusercontent.com
Software
/ 33Across
Resource Hash
0894b04acc46592994ed1d4c24269d12c7aaef0c634f8b5e9de2cdeae78143fb

Request headers

Referer
https://securityaffairs.co/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type
text/plain

Response headers

date
Sat, 09 Oct 2021 11:12:11 GMT
content-encoding
gzip
status
200 OK
x-powered-by
33Across
vary
Accept-Encoding, Origin
content-type
application/json; charset=utf-8
access-control-allow-origin
https://securityaffairs.co
access-control-allow-credentials
true
alt-svc
clear
via
1.1 google
trinity.json
apex.go.sonobi.com/ 		95 B
649 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://apex.go.sonobi.com/trinity.json?key_maker=%7B%22710f8ff096bb645%22%3A%22951d83dd852c9348161e%7C728x90%7Cf%3D0.3%22%7D&ref=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F123136%2Fmalware%2Fcox-media-group-ransomware.html%3Futm_source%3Drss%26utm_medium%3Drss%26utm_campaign%3Dcox-media-group-ransomware&s=72e59eb7-2f2e-4160-8f76-de90316c8e9d&pv=6f3bf4c6-7b4f-4410-91da-9664fc263b70&vp=desktop&lib_name=prebid&lib_v=5.9.0-pre&us=0&ius=1&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22pixfuture.com%22%2C%22sid%22%3A%224142%22%2C%22hp%22%3A1%7D%5D%7D&userid=%7B%22id5id%22%3A%220%22%7D&eids=%5B%7B%22source%22%3A%22id5-sync.com%22%2C%22uids%22%3A%5B%7B%22id%22%3A%220%22%2C%22atype%22%3A1%2C%22ext%22%3A%7B%22linkType%22%3A0%7D%7D%5D%7D%5D&kw=cox%2Cmedia%2Cgroup%2Ctook%2Cdown%2Cbroadcasts%2Cafter%2Cransomware%2Cattacksecurity%2Caffairs&coppa=0
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
178.162.133.150 Rotterdam, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
ams-1-apex.go.sonobi.com
Software
sonobi-go /
Resource Hash
1466daf68a53edf18f5bff340913257fbb76c0f84c84827e767182b72ec5ad0e
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://securityaffairs.co/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Sat, 09 Oct 2021 11:12:11 GMT
Content-Encoding
gzip
Server
sonobi-go
Vary
negotiate,Accept-Encoding
X-Go-Server
apex-ams-1-6-129
P3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin
https://securityaffairs.co
Cache-Control
no-cache, no-store, private
Access-Control-Allow-Credentials
true
Tcn
Choice
Content-Type
application/json
Content-Length
120
X-Xss-Protection
0
Expires
Sat, 26 Jul 1997 05:00:00 GMT
arj
pixfuture2-d.openx.net/w/1.0/ 		173 B
355 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://pixfuture2-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F123136%2Fmalware%2Fcox-media-group-ransomware.html%3Futm_source%3Drss%26utm_medium%3Drss%26utm_campaign%3Dcox-media-group-ransomware&ch=UTF-8&res=1600x1200x24&ifr=false&tz=0&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=d510c44e-f104-46c9-a7ae-fc33fe0ab3c5&nocache=1633777931335&id5id=0&pubcid=289cb6b8-1c54-4932-9ad9-665438eaf9c1&schain=1.0%2C1!pixfuture.com%2C4142%2C1%2C%2C%2C&aus=728x90&divids=24274x728x90x4142x_ADSLOT1&aucs=&auid=540580842&tps=bXlrZXl3b3JkPWNveCxtZWRpYSxncm91cCx0b29rLGRvd24sYnJvYWRjYXN0cyxhZnRlcixyYW5zb213YXJlLGF0dGFja3NlY3VyaXR5LGFmZmFpcnMmbXlvdGhlcmtleXdvcmQ9Y294LG1lZGlhLGdyb3VwLHRvb2ssZG93bixicm9hZGNhc3RzLGFmdGVyLHJhbnNvbXdhcmUsYXR0YWNrc2VjdXJpdHksYWZmYWlycw%3D%3D
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/16.216.4 /
Resource Hash
08a16581503f4c0e6957275413c1efdcf509902d4c98cb659ab17cf5ac992fc6

Request headers

Referer
https://securityaffairs.co/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sat, 09 Oct 2021 11:12:11 GMT
content-encoding
gzip
server
OXGW/16.216.4
vary
Accept, Accept-Encoding
p3p
CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin
https://securityaffairs.co
cache-control
private, max-age=0, no-cache
access-control-allow-credentials
true
content-type
application/json
alt-svc
clear
content-length
164
via
1.1 google
expires
Mon, 26 Jul 1997 05:00:00 GMT
bid
ap.lijit.com/rtb/ 		24 B
650 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ap.lijit.com/rtb/bid?src=prebid_prebid_5.9.0-pre
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
63.251.14.14 , United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
Software
/
Resource Hash
6a3efc5b3e8d2fc30f967a2dd94212f1301b97427b2dfabe9eb1033b46890b17

Request headers

Referer
https://securityaffairs.co/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type
text/plain

Response headers

Date
Sat, 09 Oct 2021 11:12:11 GMT
Vary
Accept-Encoding, User-Agent
Access-Control-Allow-Methods
GET, POST, DELETE, PUT
Content-Type
application/json
Access-Control-Allow-Origin
https://securityaffairs.co
Access-Control-Allow-Credentials
true
X-Sovrn-Pod
ad_ap1sea1
Access-Control-Allow-Headers
X-Requested-With, Content-Type
Content-Length
24
fastlane.json
fastlane.rubiconproject.com/a/api/ 		240 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=23564&site_id=378734&zone_id=2094440&size_id=2&p_pos=atf&rp_schain=1.0,1!pixfuture.com,4142,1,,,&eid_id5-sync.com=0%5E1%5E&rf=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F123136%2Fmalware%2Fcox-media-group-ransomware.html%3Futm_source%3Drss%26utm_medium%3Drss%26utm_campaign%3Dcox-media-group-ransomware&tk_flint=pbjs_lite_v5.9.0-pre&x_source.tid=d510c44e-f104-46c9-a7ae-fc33fe0ab3c5&p_screen_res=1600x1200&rp_floor=0.1&rp_secure=1&rp_maxbids=1&slots=1&rand=0.4081811564997857
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_GCM
Server
69.173.144.140 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.16.0 /
Resource Hash
2777e3fde8dfe70c838c3c48ca35e9bbd60de2a6cc213c520d9a0a8ca6bdd93b

Request headers

Referer
https://securityaffairs.co/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Sat, 09 Oct 2021 11:12:11 GMT
Server
nginx/1.16.0
Vary
Accept-Encoding
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
https://securityaffairs.co
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json
Content-Length
240
Expires
Wed, 17 Sep 1975 21:32:10 GMT
prebid
ib.adnxs.com/ut/v3/ 		139 B
980 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.220.243 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
722.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.17.9 /
Resource Hash
9bc0743dc0b10efbf06c1ce901f27ba6b649a3cc3294abf6f2ffbaf92287de4f
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://securityaffairs.co/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Sat, 09 Oct 2021 11:12:11 GMT
X-Proxy-Origin
216.131.114.222; 216.131.114.222; 722.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid
d7635324-1d7d-4c44-9a5c-789aa5de4061
Server
nginx/1.17.9
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
https://securityaffairs.co
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json; charset=utf-8
Content-Length
139
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
translator
hbopenbid.pubmatic.com/ 		0
61 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://securityaffairs.co/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://securityaffairs.co
date
Sat, 09 Oct 2021 11:12:09 GMT
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
prebid
prebid.media.net/rtb/ 		1 KB
663 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebid.media.net/rtb/prebid?cid=8CUIUMTP7
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.107.148.139 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
139.148.107.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
e2ba90b4bfc83e3a44ff0c83f65daf900439cf88933e88b3d08a447adf1eaa8b

Request headers

Referer
https://securityaffairs.co/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sat, 09 Oct 2021 11:12:11 GMT
content-encoding
gzip
server
nginx
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://securityaffairs.co
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
alt-svc
clear
via
1.1 google
bidRequest
c2shb.ssp.yahoo.com/ 		62 B
478 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a969105017575db4f32dc2eda5c0067&pos=pixfuture_network_news_728x90&cmd=bid&eidid5-sync.com=0&secure=1
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
52.28.203.152 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-28-203-152.eu-central-1.compute.amazonaws.com
Software
ATS/7.1.2.138 /
Resource Hash
fc019fee7795b856bb151449a388c95a7139e614a4428b623d927365d634927f

Request headers

Referer
https://securityaffairs.co/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type
text/plain

Response headers

Date
Sat, 09 Oct 2021 11:12:11 GMT
Server
ATS/7.1.2.138
Age
0
Vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods
POST,GET,HEAD,OPTIONS
Content-Type
application/json;charset=utf-8
Access-Control-Allow-Origin
https://securityaffairs.co
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
62
/
ads.us.e-planning.net/uspd/1/ Frame C18B 		13 B
91 B 		Document
General
Check archive.org
Download Go to
Full URL
https://ads.us.e-planning.net/uspd/1/?du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
46.249.52.249 , Netherlands, ASN50673 (SERVERIUS-AS, NL),
Reverse DNS
ads.us.e-planning.net
Software
openresty /
Resource Hash
b633a587c652d02386c4f16f8c6f6aab7352d97f16367c3c40576214372dd628

Request headers

:method
GET
:authority
ads.us.e-planning.net
:scheme
https
:path
/uspd/1/?du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://securityaffairs.co/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/

Response headers

server
openresty
date
Sat, 09 Oct 2021 11:12:11 GMT
content-type
text/html
content-length
13
x-sid
AMS-732
show_ads.js
pagead2.googlesyndication.com/pagead/ Frame 1C29 		114 KB
40 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/show_ads.js
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s48-in-f2.1e100.net
Software
cafe /
Resource Hash
1c427129aad521c6b115b48fd0679df6e09affa78f7e163a8bb95837559dbb7f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Sat, 09 Oct 2021 11:12:11 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
40890
x-xss-protection
0
server
cafe
etag
9832435751225601100
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Sat, 09 Oct 2021 11:12:11 GMT
tracking.php
served-by.pixfuture.com/www/headerbid/library/tracking/ 		0
307 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://served-by.pixfuture.com/www/headerbid/library/tracking/tracking.php
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://securityaffairs.co/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

pragma
no-cache
date
Sat, 09 Oct 2021 11:12:11 GMT
server
nginx/1.10.3 (Ubuntu)
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
cache-control
max-age=172800
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
expires
Mon, 11 Oct 2021 11:12:11 GMT
show_ads_impl_fy2019.js
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202110060101/ Frame 1C29 		0
0
bqi.php
lg3.media.net/ 		15 B
15 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lg3.media.net/bqi.php?lf=3&&vgd_l2type=setting&pid=8PO9OT5EW&katid=801333013&kals=ttype%3D10007%7C%7Cpc%3D6&katen=1&pc=6&kata=aton&katbid=-21&kasts=tstype%3D-10408%7C%7Cgbid%3D-1&cme=W-WrbjnUWoQmjNH6RcJ9xfelA5wbcDqpjRROOujnEawxWTKzjq8cxQzPC4eTw7kOkymNItpPNcsDfN0FiLMrk9pGpNWX5u42aSZHR6T8jqn9afDEGh0a1k9ugxYOElDMttiwZV1_MG6XDeAGFhcJEQg0g72tNEzt_stCKxRg7NoI4GLrNT451HjORkU-r6WeOzIaDUBJ35nHoaPOGPluYI6_gZ8ZVo3THZPa1PPsQGk=||NDHRnZ9Gz3KXlI-i9OnZqQ==|5gDUJdTGiJzedmq9hanWYg==|y2SqoJcE0s-9IUO1sSido6Y3VR48iOc4|P8cYadgfGfArsAfiaYve9iaq7AkkuSc-ea5Y5nVo_CB552rXBjvS56aipPjOfVpw7KdR2FZ-mLIM0aKG18UXnpEo4sPiNtQSySPewllgQcgGU2cUSXiV1JRq3o_ng5sT|N7fu2vKt8_s=|zeQrVoT0xVFxfEvYc9skDbZAquoHgBMH_b189u2poV1aqLzF8HAvKdUNbKGKcTKDOQl9tKV_gN6Hk5JwVgH97WpMoahMGZXD8m3dOnzwSTaDQBuOHnmI_9iN-c7klcBSFrDNkHZ-vMKQLO8AzW52xWpAczIMRhn5ESe9ZBgS8sGmXSt_8aBZEmQuSCOOR42zOpHZTQjUbP-zkHanyVKet2CcIKK_ws9Y|&gdpr=1&prid=8PRHGG6T9&cid=8CU5BD6EW&crid=184323154&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F123136%2Fmalware%2Fcox-media-group-ransomware.html%3Futm_source%3Drss&vi=1633777930295247159&ugd=4&cc=DE&sc=HE&startTime=1633777930615&l2type=setting&vgd_l1rakh=1633777930134220853&l1ch=1&cref=https%3A%2F%2Ft.co%2F&sttm=1633777930616&upk=1633777931.2088&hvsid=00001633777930616036324930567182&verid=3121199&vgd_sc=HE&tdAdd[]=%7C%40%7Csde%3D1%7C%40%7Cadepth%3D1%7C%40%7Cddepth%3D1%7C%40%7Cfsap%3D0&kbbq=%26sde%3D1%26adepth%3D1%26ddepth%3D1&l1hcsd=l1!N6|6737&vgd_l1rhst=contextual.media.net&vgd_uspa=0&vgd_isiolc=1&npgv=1&clp=%7B%7D&cl=%7B%7D&l2ch=1&l2wsip=170721651&sethcsd=set!N6%7C6640&vgd_pgid=p1404547308t202110091112&vgd_pgids=2
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-235-93.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=21600

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=21600
server
Apache
date
Sat, 09 Oct 2021 11:12:11 GMT
ntcoent-length
15
vary
Accept-Encoding
content-type
text/javascript;charset=UTF-8
cache-control
max-age=0, no-cache, no-store
content-length
15
expires
Sat, 09 Oct 2021 11:12:11 GMT
show_ads.js
pagead2.googlesyndication.com/pagead/ Frame 3F87 		114 KB
40 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/show_ads.js
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s48-in-f2.1e100.net
Software
cafe /
Resource Hash
e213ceaa6b7063b10b8b805208d0de8cc2e1d7993023f228ce2de15040617c7c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Sat, 09 Oct 2021 11:12:12 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
40886
x-xss-protection
0
server
cafe
etag
9320970032475359200
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Sat, 09 Oct 2021 11:12:12 GMT
tracking.php
served-by.pixfuture.com/www/headerbid/library/tracking/ 		0
307 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://served-by.pixfuture.com/www/headerbid/library/tracking/tracking.php
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://securityaffairs.co/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

pragma
no-cache
date
Sat, 09 Oct 2021 11:12:12 GMT
server
nginx/1.10.3 (Ubuntu)
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
cache-control
max-age=172800
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
expires
Mon, 11 Oct 2021 11:12:12 GMT
show_ads.js
pagead2.googlesyndication.com/pagead/ Frame D313 		114 KB
40 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/show_ads.js
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s48-in-f2.1e100.net
Software
cafe /
Resource Hash
1c427129aad521c6b115b48fd0679df6e09affa78f7e163a8bb95837559dbb7f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Sat, 09 Oct 2021 11:12:12 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
40890
x-xss-protection
0
server
cafe
etag
9832435751225601100
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Sat, 09 Oct 2021 11:12:12 GMT
tracking.php
served-by.pixfuture.com/www/headerbid/library/tracking/ 		0
307 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://served-by.pixfuture.com/www/headerbid/library/tracking/tracking.php
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://securityaffairs.co/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

pragma
no-cache
date
Sat, 09 Oct 2021 11:12:12 GMT
server
nginx/1.10.3 (Ubuntu)
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
cache-control
max-age=172800
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
expires
Mon, 11 Oct 2021 11:12:12 GMT
show_ads_impl_fy2019.js
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202110070201/ Frame 3F87 		272 KB
98 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202110070201/show_ads_impl_fy2019.js?bust=31063089
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/show_ads.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s48-in-f2.1e100.net
Software
cafe /
Resource Hash
03a83e5f1f875e3d5b5456d3d631d8587dfdc1a8208a7c9d90baf46feb736a78
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Sat, 09 Oct 2021 11:12:12 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
99863
x-xss-protection
0
server
cafe
etag
4794946601217608588
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=1209600
timing-allow-origin
*
expires
Sat, 09 Oct 2021 11:12:12 GMT
bqi.php
lg3.media.net/ 		15 B
15 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lg3.media.net/bqi.php?lf=3&&vgd_l2type=setting&pid=8PO9OT5EW&katid=800621998&kals=ttype%3D10011%7C%7Cpc%3D4&katen=1&pc=4&kata=aton&katbid=-21&kasts=tstype%3D-10408%7C%7Cgbid%3D-1&cme=-qkzMpzS_SK6EICjJFr7UQAVq03pMX1w2AtlG2GW5XHowJrMsa_Hqf_dl5zyQ7bcT21Y6V3tiC-c_tDKjJ_J2DwqU8e7iV2ikywvpn7xHym1gE6W6Qwi1Y_KJa67Ku1-64yBo53DwTdiSOQ9fEwbEP_Ru6trIePxPUV_dt_4u1pb8lZkWUaaJ-Oq0twQCL6aFAY86PuWxRE4vskDHbnwMc_LV1BnpC60UGFZ9mBDV4k=||NDHRnZ9Gz3KXlI-i9OnZqQ==|5gDUJdTGiJzedmq9hanWYg==|y2SqoJcE0s-9IUO1sSido6Y3VR48iOc4|P8cYadgfGfArsAfiaYve9iaq7AkkuSc-ea5Y5nVo_CB552rXBjvS56aipPjOfVpw7KdR2FZ-mLIM0aKG18UXnpEo4sPiNtQSySPewllgQcgGU2cUSXiV1JRq3o_ng5sT|N7fu2vKt8_s=|zuBrT_LoIFUZwfa_2v5ciz6e38l4RKAbbRPVxACR-do9ACfds50-KM1GyonRNQ1OlKtEOp1javMlhfdgEGnDarTsoDDaPoJ1qkdnWonZ6WaFbs9CuZC2Dei7NdXU-Plk4jtG_X-cME98MjNiZ7aDNwm7FcNJQkrgfc5tORV8dzN4POMxyyVAJh3m8YBUqm1ZHqGrLaJz14hbS8hMU2Gd6g==|&gdpr=1&prid=8PRHGG6T9&cid=8CU5BD6EW&crid=647633027&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F123136%2Fmalware%2Fcox-media-group-ransomware.html%3Futm_source%3Drss&vi=1633777930827215715&ugd=4&cc=DE&sc=HE&startTime=1633777930625&l2type=setting&vgd_l1rakh=1633777930134220853&l1ch=1&cref=https%3A%2F%2Ft.co%2F&sttm=1633777930626&upk=1633777931.2088&hvsid=00001633777930626036324930568202&verid=3121199&vgd_sc=HE&tdAdd[]=%7C%40%7Csde%3D1%7C%40%7Cadepth%3D1%7C%40%7Cddepth%3D1%7C%40%7Cfsap%3D0&kbbq=%26sde%3D1%26adepth%3D1%26ddepth%3D1&l1hcsd=l1!N6|6737&vgd_l1rhst=contextual.media.net&vgd_uspa=0&vgd_isiolc=1&npgv=1&clp=%7B%7D&cl=%7B%7D&l2ch=1&l2wsip=2887305231&sethcsd=set!N6%7C6640&vgd_pgid=p1404547308t202110091112&vgd_pgids=2
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-235-93.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=21600

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=21600
server
Apache
date
Sat, 09 Oct 2021 11:12:12 GMT
ntcoent-length
15
vary
Accept-Encoding
content-type
text/javascript;charset=UTF-8
cache-control
max-age=0, no-cache, no-store
content-length
15
expires
Sat, 09 Oct 2021 11:12:12 GMT
show_ads.js
pagead2.googlesyndication.com/pagead/ Frame B487 		114 KB
40 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/show_ads.js
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s48-in-f2.1e100.net
Software
cafe /
Resource Hash
336eec6d760504f102216e9d89a11be24f825d1d0b57069ec6acda75466a4f4a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Sat, 09 Oct 2021 11:12:12 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
40767
x-xss-protection
0
server
cafe
etag
1723720050214524793
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Sat, 09 Oct 2021 11:12:12 GMT
tracking.php
served-by.pixfuture.com/www/headerbid/library/tracking/ 		0
307 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://served-by.pixfuture.com/www/headerbid/library/tracking/tracking.php
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://securityaffairs.co/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

pragma
no-cache
date
Sat, 09 Oct 2021 11:12:12 GMT
server
nginx/1.10.3 (Ubuntu)
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
cache-control
max-age=172800
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
expires
Mon, 11 Oct 2021 11:12:12 GMT
show_ads_impl_fy2019.js
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202110060101/ Frame D313 		272 KB
97 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202110060101/show_ads_impl_fy2019.js?bust=31063076
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/show_ads.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s48-in-f2.1e100.net
Software
cafe /
Resource Hash
fa30f6e2f8912254f3f741361a1a3da23f1a9a458224cd6576188c5aaad09644
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Sat, 09 Oct 2021 11:12:12 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
99697
x-xss-protection
0
server
cafe
etag
10786849749346559601
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=1209600
timing-allow-origin
*
expires
Sat, 09 Oct 2021 11:12:12 GMT
show_ads_impl_fy2019.js
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202110040101/ Frame B487 		257 KB
95 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202110040101/show_ads_impl_fy2019.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/show_ads.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s48-in-f2.1e100.net
Software
cafe /
Resource Hash
19f362b8270f24033bb3822bc08eeee3f431c8e2ad0c2e33cbf83bfbc8f70dc6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Sat, 09 Oct 2021 11:12:12 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
97103
x-xss-protection
0
server
cafe
etag
1209692965872863621
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=1209600
timing-allow-origin
*
expires
Sat, 09 Oct 2021 11:12:12 GMT
cookie.js
partner.googleadservices.com/gampad/ Frame 3F87 		208 B
661 B 		Script
General
Check archive.org
Download Go to
Full URL
https://partner.googleadservices.com/gampad/cookie.js?domain=securityaffairs.co&callback=_gfp_s_&client=ca-pub-1575911585432548
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202110070201/show_ads_impl_fy2019.js?bust=31063089
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.181.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s56-in-f2.1e100.net
Software
cafe /
Resource Hash
a6241e51f3dba55ebe0abf7599c60a624e0b8c917950fd3691fc9ce7f5505bee
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Sat, 09 Oct 2021 11:12:12 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type
text/javascript; charset=UTF-8
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
196
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ Frame 3F87 		107 B
569 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=securityaffairs.co
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202110070201/show_ads_impl_fy2019.js?bust=31063089
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f2.1e100.net
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

timing-allow-origin
*
date
Sat, 09 Oct 2021 11:12:12 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
ads
googleads.g.doubleclick.net/pagead/ Frame B2A2 		54 KB
21 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=50&slotname=Internal_320x50_0.10&adk=468307373&adf=1480696190&pi=t.ma~as.Internal_320x50_0.10&w=320&lmt=1633777932&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F123136%2Fmalware%2Fcox-media-group-ransomware.html%3Futm_source%3Drss%26utm_medium%3Drss%26utm_campaign%3Dcox-media-group-ransomware&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1633777932085&bpp=13&bdt=69&idt=101&shv=r20211006&mjsv=m202110070201&ptt=5&saldr=sa&correlator=4075843604342&frm=21&ife=1&pv=2&ga_vid=1026516623.1633777931&ga_sid=1633777932&ga_hid=448423975&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=320&ady=844&biw=1600&bih=1200&isw=320&ish=50&ifk=1965715624&scr_x=0&scr_y=0&eid=31062938%2C31062944%2C31063089%2C31063103&oid=2&pvsid=2265266584299941&pem=686&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.13muzde6ulen&fsb=1&xpc=z3kiqxzK3Y&p=https%3A//securityaffairs.co&dtd=117
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202110070201/show_ads_impl_fy2019.js?bust=31063089
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.23.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
mil04s23-in-f2.1e100.net
Software
cafe /
Resource Hash
bf56975db4525ee38aff8811a52e6d781fc0775dc4d8630ae228ca437f98268e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
googleads.g.doubleclick.net
:scheme
https
:path
/pagead/ads?client=ca-pub-1575911585432548&output=html&h=50&slotname=Internal_320x50_0.10&adk=468307373&adf=1480696190&pi=t.ma~as.Internal_320x50_0.10&w=320&lmt=1633777932&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F123136%2Fmalware%2Fcox-media-group-ransomware.html%3Futm_source%3Drss%26utm_medium%3Drss%26utm_campaign%3Dcox-media-group-ransomware&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1633777932085&bpp=13&bdt=69&idt=101&shv=r20211006&mjsv=m202110070201&ptt=5&saldr=sa&correlator=4075843604342&frm=21&ife=1&pv=2&ga_vid=1026516623.1633777931&ga_sid=1633777932&ga_hid=448423975&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=320&ady=844&biw=1600&bih=1200&isw=320&ish=50&ifk=1965715624&scr_x=0&scr_y=0&eid=31062938%2C31062944%2C31063089%2C31063103&oid=2&pvsid=2265266584299941&pem=686&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.13muzde6ulen&fsb=1&xpc=z3kiqxzK3Y&p=https%3A//securityaffairs.co&dtd=117
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://securityaffairs.co/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
br
date
Sat, 09 Oct 2021 11:12:12 GMT
server
cafe
content-length
21181
x-xss-protection
0
set-cookie
test_cookie=CheckForPermission; expires=Sat, 09-Oct-2021 11:27:12 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Sat, 09 Oct 2021 11:12:12 GMT
cache-control
private
cookie.js
partner.googleadservices.com/gampad/ Frame B487 		208 B
220 B 		Script
General
Check archive.org
Download Go to
Full URL
https://partner.googleadservices.com/gampad/cookie.js?domain=securityaffairs.co&callback=_gfp_s_&client=ca-pub-1575911585432548
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202110040101/show_ads_impl_fy2019.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.181.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s56-in-f2.1e100.net
Software
cafe /
Resource Hash
1bc16a142b3a073b127a3bf7ba0a570c5714b39335370ff22e4f36f7494c920c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Sat, 09 Oct 2021 11:12:12 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type
text/javascript; charset=UTF-8
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
198
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ Frame B487 		107 B
122 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=securityaffairs.co
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202110040101/show_ads_impl_fy2019.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f2.1e100.net
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

timing-allow-origin
*
date
Sat, 09 Oct 2021 11:12:12 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
afr.php
served-by.pixfuture.com/www/delivery/ Frame 6973
Redirect Chain
  • https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=90&slotname=Internal_728x90_0.10&adk=1194620937&adf=1174745092&pi=t.ma~as.Internal_728x90_0.10&w=728&lmt=...
  • https://served-by.pixfuture.com/www/delivery/afr.php
1 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://served-by.pixfuture.com/www/delivery/afr.php
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202110040101/show_ads_impl_fy2019.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
64c41a6752147d6209ab9377bd28d1970be83a0a8d8617dfa4ea8dddf0516194

Request headers

:method
GET
:authority
served-by.pixfuture.com
:scheme
https
:path
/www/delivery/afr.php
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://securityaffairs.co/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/

Response headers

server
nginx/1.10.3 (Ubuntu)
date
Sat, 09 Oct 2021 11:12:12 GMT
content-type
text/html; charset=UTF-8
vary
Accept-Encoding
cache-control
max-age=172800 public, no-transform
pragma
no-cache
expires
Mon, 11 Oct 2021 11:12:12 GMT
access-control-allow-origin
*
access-control-allow-credentials
true
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-encoding
gzip

Redirect headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
location
https://served-by.pixfuture.com/www/delivery/afr.php
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
br
date
Sat, 09 Oct 2021 11:12:12 GMT
server
cafe
content-length
46
x-xss-protection
0
set-cookie
test_cookie=CheckForPermission; expires=Sat, 09-Oct-2021 11:27:12 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
17980116652586209019
tpc.googlesyndication.com/daca_images/simgad/ Frame B2A2 		36 KB
36 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/daca_images/simgad/17980116652586209019
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=50&slotname=Internal_320x50_0.10&adk=468307373&adf=1480696190&pi=t.ma~as.Internal_320x50_0.10&w=320&lmt=1633777932&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F123136%2Fmalware%2Fcox-media-group-ransomware.html%3Futm_source%3Drss%26utm_medium%3Drss%26utm_campaign%3Dcox-media-group-ransomware&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1633777932085&bpp=13&bdt=69&idt=101&shv=r20211006&mjsv=m202110070201&ptt=5&saldr=sa&correlator=4075843604342&frm=21&ife=1&pv=2&ga_vid=1026516623.1633777931&ga_sid=1633777932&ga_hid=448423975&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=320&ady=844&biw=1600&bih=1200&isw=320&ish=50&ifk=1965715624&scr_x=0&scr_y=0&eid=31062938%2C31062944%2C31063089%2C31063103&oid=2&pvsid=2265266584299941&pem=686&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.13muzde6ulen&fsb=1&xpc=z3kiqxzK3Y&p=https%3A//securityaffairs.co&dtd=117
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.225 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f1.1e100.net
Software
sffe /
Resource Hash
9c7cf7b96a4c63b4b0620295424e1b6136a02626cdb7c7c02d5053a80d6b7f5e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Sun, 03 Oct 2021 11:51:12 GMT
x-content-type-options
nosniff
age
516060
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
36662
x-xss-protection
0
last-modified
Wed, 22 Sep 2021 06:36:37 GMT
server
sffe
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Mon, 03 Oct 2022 11:51:12 GMT
abg_lite_fy2019.js
tpc.googlesyndication.com/pagead/js/r20211006/r20110914/ Frame B2A2 		18 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20211006/r20110914/abg_lite_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=50&slotname=Internal_320x50_0.10&adk=468307373&adf=1480696190&pi=t.ma~as.Internal_320x50_0.10&w=320&lmt=1633777932&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F123136%2Fmalware%2Fcox-media-group-ransomware.html%3Futm_source%3Drss%26utm_medium%3Drss%26utm_campaign%3Dcox-media-group-ransomware&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1633777932085&bpp=13&bdt=69&idt=101&shv=r20211006&mjsv=m202110070201&ptt=5&saldr=sa&correlator=4075843604342&frm=21&ife=1&pv=2&ga_vid=1026516623.1633777931&ga_sid=1633777932&ga_hid=448423975&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=320&ady=844&biw=1600&bih=1200&isw=320&ish=50&ifk=1965715624&scr_x=0&scr_y=0&eid=31062938%2C31062944%2C31063089%2C31063103&oid=2&pvsid=2265266584299941&pem=686&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.13muzde6ulen&fsb=1&xpc=z3kiqxzK3Y&p=https%3A//securityaffairs.co&dtd=117
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.225 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f1.1e100.net
Software
cafe /
Resource Hash
2df1e67459f1d7eda2c4c5af7e07c73f911f6c898f3d061d8f3e9a32ad63fe31
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Sat, 09 Oct 2021 11:03:03 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
549
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7605
x-xss-protection
0
server
cafe
etag
4152153861754824712
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Sat, 23 Oct 2021 11:03:03 GMT
window_focus_fy2019.js
tpc.googlesyndication.com/pagead/js/r20211006/r20110914/client/ Frame B2A2 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20211006/r20110914/client/window_focus_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=50&slotname=Internal_320x50_0.10&adk=468307373&adf=1480696190&pi=t.ma~as.Internal_320x50_0.10&w=320&lmt=1633777932&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F123136%2Fmalware%2Fcox-media-group-ransomware.html%3Futm_source%3Drss%26utm_medium%3Drss%26utm_campaign%3Dcox-media-group-ransomware&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1633777932085&bpp=13&bdt=69&idt=101&shv=r20211006&mjsv=m202110070201&ptt=5&saldr=sa&correlator=4075843604342&frm=21&ife=1&pv=2&ga_vid=1026516623.1633777931&ga_sid=1633777932&ga_hid=448423975&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=320&ady=844&biw=1600&bih=1200&isw=320&ish=50&ifk=1965715624&scr_x=0&scr_y=0&eid=31062938%2C31062944%2C31063089%2C31063103&oid=2&pvsid=2265266584299941&pem=686&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.13muzde6ulen&fsb=1&xpc=z3kiqxzK3Y&p=https%3A//securityaffairs.co&dtd=117
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.225 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f1.1e100.net
Software
cafe /
Resource Hash
5120f35e394e169ac0839405dbd6e680163a4e02f060f5a6a833ebfacf35d966
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Sat, 09 Oct 2021 11:10:54 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
78
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1344
x-xss-protection
0
server
cafe
etag
10107448882299530629
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Sat, 23 Oct 2021 11:10:54 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame B2A2 		123 KB
38 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=50&slotname=Internal_320x50_0.10&adk=468307373&adf=1480696190&pi=t.ma~as.Internal_320x50_0.10&w=320&lmt=1633777932&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F123136%2Fmalware%2Fcox-media-group-ransomware.html%3Futm_source%3Drss%26utm_medium%3Drss%26utm_campaign%3Dcox-media-group-ransomware&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1633777932085&bpp=13&bdt=69&idt=101&shv=r20211006&mjsv=m202110070201&ptt=5&saldr=sa&correlator=4075843604342&frm=21&ife=1&pv=2&ga_vid=1026516623.1633777931&ga_sid=1633777932&ga_hid=448423975&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=320&ady=844&biw=1600&bih=1200&isw=320&ish=50&ifk=1965715624&scr_x=0&scr_y=0&eid=31062938%2C31062944%2C31063089%2C31063103&oid=2&pvsid=2265266584299941&pem=686&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.13muzde6ulen&fsb=1&xpc=z3kiqxzK3Y&p=https%3A//securityaffairs.co&dtd=117
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.184.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s12-in-f2.1e100.net
Software
sffe /
Resource Hash
e96cb07afdac92a8c77fbd5b9bb721e548070f4657f4f1e71329d2fd9032be47
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Sat, 09 Oct 2021 11:12:12 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
37898
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1633547226118934"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Sat, 09 Oct 2021 11:12:12 GMT
qs_click_protection_fy2019.js
tpc.googlesyndication.com/pagead/js/r20211006/r20110914/client/ Frame B2A2 		14 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20211006/r20110914/client/qs_click_protection_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=50&slotname=Internal_320x50_0.10&adk=468307373&adf=1480696190&pi=t.ma~as.Internal_320x50_0.10&w=320&lmt=1633777932&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F123136%2Fmalware%2Fcox-media-group-ransomware.html%3Futm_source%3Drss%26utm_medium%3Drss%26utm_campaign%3Dcox-media-group-ransomware&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1633777932085&bpp=13&bdt=69&idt=101&shv=r20211006&mjsv=m202110070201&ptt=5&saldr=sa&correlator=4075843604342&frm=21&ife=1&pv=2&ga_vid=1026516623.1633777931&ga_sid=1633777932&ga_hid=448423975&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=320&ady=844&biw=1600&bih=1200&isw=320&ish=50&ifk=1965715624&scr_x=0&scr_y=0&eid=31062938%2C31062944%2C31063089%2C31063103&oid=2&pvsid=2265266584299941&pem=686&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.13muzde6ulen&fsb=1&xpc=z3kiqxzK3Y&p=https%3A//securityaffairs.co&dtd=117
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.225 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f1.1e100.net
Software
cafe /
Resource Hash
51896cb4e932803b983cf59d85b20c705f42a891fa0c9c408e3cb267b5bb949c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Sat, 09 Oct 2021 11:09:02 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
190
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6219
x-xss-protection
0
server
cafe
etag
4041254270185007295
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Sat, 23 Oct 2021 11:09:02 GMT
one_click_handler_one_afma_fy2019.js
tpc.googlesyndication.com/pagead/js/r20211006/r20110914/client/ Frame B2A2 		27 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20211006/r20110914/client/one_click_handler_one_afma_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=50&slotname=Internal_320x50_0.10&adk=468307373&adf=1480696190&pi=t.ma~as.Internal_320x50_0.10&w=320&lmt=1633777932&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F123136%2Fmalware%2Fcox-media-group-ransomware.html%3Futm_source%3Drss%26utm_medium%3Drss%26utm_campaign%3Dcox-media-group-ransomware&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1633777932085&bpp=13&bdt=69&idt=101&shv=r20211006&mjsv=m202110070201&ptt=5&saldr=sa&correlator=4075843604342&frm=21&ife=1&pv=2&ga_vid=1026516623.1633777931&ga_sid=1633777932&ga_hid=448423975&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=320&ady=844&biw=1600&bih=1200&isw=320&ish=50&ifk=1965715624&scr_x=0&scr_y=0&eid=31062938%2C31062944%2C31063089%2C31063103&oid=2&pvsid=2265266584299941&pem=686&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.13muzde6ulen&fsb=1&xpc=z3kiqxzK3Y&p=https%3A//securityaffairs.co&dtd=117
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.225 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f1.1e100.net
Software
cafe /
Resource Hash
ac244053a1b6574a990d3bfa0536eb9c64e1c9736fb7384b4c367de64891d43b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Sat, 09 Oct 2021 10:41:48 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
1824
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
11129
x-xss-protection
0
server
cafe
etag
7413922213441039714
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Sat, 23 Oct 2021 10:41:48 GMT
s
googleads.g.doubleclick.net/pagead/drt/ Frame B88D 		143 B
163 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=50&slotname=Internal_320x50_0.10&adk=468307373&adf=1480696190&pi=t.ma~as.Internal_320x50_0.10&w=320&lmt=1633777932&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F123136%2Fmalware%2Fcox-media-group-ransomware.html%3Futm_source%3Drss%26utm_medium%3Drss%26utm_campaign%3Dcox-media-group-ransomware&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1633777932085&bpp=13&bdt=69&idt=101&shv=r20211006&mjsv=m202110070201&ptt=5&saldr=sa&correlator=4075843604342&frm=21&ife=1&pv=2&ga_vid=1026516623.1633777931&ga_sid=1633777932&ga_hid=448423975&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=320&ady=844&biw=1600&bih=1200&isw=320&ish=50&ifk=1965715624&scr_x=0&scr_y=0&eid=31062938%2C31062944%2C31063089%2C31063103&oid=2&pvsid=2265266584299941&pem=686&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.13muzde6ulen&fsb=1&xpc=z3kiqxzK3Y&p=https%3A//securityaffairs.co&dtd=117
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.23.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
mil04s23-in-f2.1e100.net
Software
safe /
Resource Hash
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
googleads.g.doubleclick.net
:scheme
https
:path
/pagead/drt/s?v=r20120211
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
same-origin
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=50&slotname=Internal_320x50_0.10&adk=468307373&adf=1480696190&pi=t.ma~as.Internal_320x50_0.10&w=320&lmt=1633777932&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F123136%2Fmalware%2Fcox-media-group-ransomware.html%3Futm_source%3Drss%26utm_medium%3Drss%26utm_campaign%3Dcox-media-group-ransomware&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1633777932085&bpp=13&bdt=69&idt=101&shv=r20211006&mjsv=m202110070201&ptt=5&saldr=sa&correlator=4075843604342&frm=21&ife=1&pv=2&ga_vid=1026516623.1633777931&ga_sid=1633777932&ga_hid=448423975&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=320&ady=844&biw=1600&bih=1200&isw=320&ish=50&ifk=1965715624&scr_x=0&scr_y=0&eid=31062938%2C31062944%2C31063089%2C31063103&oid=2&pvsid=2265266584299941&pem=686&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.13muzde6ulen&fsb=1&xpc=z3kiqxzK3Y&p=https%3A//securityaffairs.co&dtd=117
accept-encoding
gzip, deflate, br
cookie
test_cookie=CheckForPermission
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=50&slotname=Internal_320x50_0.10&adk=468307373&adf=1480696190&pi=t.ma~as.Internal_320x50_0.10&w=320&lmt=1633777932&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F123136%2Fmalware%2Fcox-media-group-ransomware.html%3Futm_source%3Drss%26utm_medium%3Drss%26utm_campaign%3Dcox-media-group-ransomware&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1633777932085&bpp=13&bdt=69&idt=101&shv=r20211006&mjsv=m202110070201&ptt=5&saldr=sa&correlator=4075843604342&frm=21&ife=1&pv=2&ga_vid=1026516623.1633777931&ga_sid=1633777932&ga_hid=448423975&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=320&ady=844&biw=1600&bih=1200&isw=320&ish=50&ifk=1965715624&scr_x=0&scr_y=0&eid=31062938%2C31062944%2C31063089%2C31063103&oid=2&pvsid=2265266584299941&pem=686&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.13muzde6ulen&fsb=1&xpc=z3kiqxzK3Y&p=https%3A//securityaffairs.co&dtd=117

Response headers

content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
gzip
date
Sat, 09 Oct 2021 10:35:58 GMT
server
safe
content-length
145
x-xss-protection
0
cache-control
public, max-age=3600
age
2174
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
si
googleads.g.doubleclick.net/pagead/drt/ Frame B88D
Redirect Chain
  • https://www.google.com/pagead/drt/ui
  • https://googleads.g.doubleclick.net/pagead/drt/si
0
16 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/drt/si
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=50&slotname=Internal_320x50_0.10&adk=468307373&adf=1480696190&pi=t.ma~as.Internal_320x50_0.10&w=320&lmt=1633777932&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F123136%2Fmalware%2Fcox-media-group-ransomware.html%3Futm_source%3Drss%26utm_medium%3Drss%26utm_campaign%3Dcox-media-group-ransomware&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1633777932085&bpp=13&bdt=69&idt=101&shv=r20211006&mjsv=m202110070201&ptt=5&saldr=sa&correlator=4075843604342&frm=21&ife=1&pv=2&ga_vid=1026516623.1633777931&ga_sid=1633777932&ga_hid=448423975&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=320&ady=844&biw=1600&bih=1200&isw=320&ish=50&ifk=1965715624&scr_x=0&scr_y=0&eid=31062938%2C31062944%2C31063089%2C31063103&oid=2&pvsid=2265266584299941&pem=686&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.13muzde6ulen&fsb=1&xpc=z3kiqxzK3Y&p=https%3A//securityaffairs.co&dtd=117
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.23.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
mil04s23-in-f2.1e100.net
Software
safe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
googleads.g.doubleclick.net
:scheme
https
:path
/pagead/drt/si
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://googleads.g.doubleclick.net/
accept-encoding
gzip, deflate, br
cookie
test_cookie=CheckForPermission
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
date
Sat, 09 Oct 2021 11:12:12 GMT
server
safe
content-length
0
x-xss-protection
0
set-cookie
DSID=NO_DATA; expires=Sat, 09-Oct-2021 12:12:12 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Sat, 09 Oct 2021 11:12:12 GMT
cache-control
private

Redirect headers

location
https://googleads.g.doubleclick.net/pagead/drt/si
cache-control
private
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
date
Sat, 09 Oct 2021 11:12:12 GMT
server
safe
content-length
246
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 5191 		14 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-233-180.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
2295c7a89c8ac4a19e2641283109be472d8f58bd78e42a38a0d16e34203e4bba

Request headers

:method
GET
:authority
ads.pubmatic.com
:scheme
https
:path
/AdServer/js/user_sync.html?kdntuid=1&p=158127
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://securityaffairs.co/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/

Response headers

last-modified
Tue, 15 Jun 2021 06:08:03 GMT
etag
"1300708-3945-5c4c7cc02bd56"
server
Apache/2.2.15 (CentOS)
accept-ranges
bytes
content-encoding
gzip
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length
5054
content-type
text/html; charset=UTF-8
cache-control
max-age=72265
expires
Sun, 10 Oct 2021 07:16:37 GMT
date
Sat, 09 Oct 2021 11:12:12 GMT
vary
Accept-Encoding
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 028D 		14 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-233-180.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
2295c7a89c8ac4a19e2641283109be472d8f58bd78e42a38a0d16e34203e4bba

Request headers

:method
GET
:authority
ads.pubmatic.com
:scheme
https
:path
/AdServer/js/user_sync.html?kdntuid=1&p=158127
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://securityaffairs.co/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/

Response headers

last-modified
Tue, 15 Jun 2021 06:08:03 GMT
etag
"1300708-3945-5c4c7cc02bd56"
server
Apache/2.2.15 (CentOS)
accept-ranges
bytes
content-encoding
gzip
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length
5054
content-type
text/html; charset=UTF-8
cache-control
max-age=72265
expires
Sun, 10 Oct 2021 07:16:37 GMT
date
Sat, 09 Oct 2021 11:12:12 GMT
vary
Accept-Encoding
checksync.php
contextual.media.net/ Frame 3942 		22 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUIUMTP7&prvid=2034%2C2033%2C2011%2C3022%2C3020%2C2030%2C273%2C251%2C175%2C2009%2C255%2C178%2C3018%2C2028%2C3017%2C2027%2C3016%2C236%2C214%2C237%2C2025%2C3014%2C238%2C117%2C97%2C99%2C77%2C38%2C3012%2C3011%2C3010%2C182%2C261%2C141%2C222%2C3007%2C201%2C4%2C301%2C246%2C225%2C203%2C80%2C10000%2C9%2C108&purpose1=1&gdprconsent=0&gdpr=1&usp_status=0&usp_consent=1&itype=PREBID
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-235-93.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
4cb65af490eea0fb6f1f32f6d01836305f3869ae612f3e9a59f65bbf27f92c0f
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

:method
GET
:authority
contextual.media.net
:scheme
https
:path
/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUIUMTP7&prvid=2034%2C2033%2C2011%2C3022%2C3020%2C2030%2C273%2C251%2C175%2C2009%2C255%2C178%2C3018%2C2028%2C3017%2C2027%2C3016%2C236%2C214%2C237%2C2025%2C3014%2C238%2C117%2C97%2C99%2C77%2C38%2C3012%2C3011%2C3010%2C182%2C261%2C141%2C222%2C3007%2C201%2C4%2C301%2C246%2C225%2C203%2C80%2C10000%2C9%2C108&purpose1=1&gdprconsent=0&gdpr=1&usp_status=0&usp_consent=1&itype=PREBID
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://securityaffairs.co/
accept-encoding
gzip, deflate, br
cookie
gdpr_status=1
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/

Response headers

server
Apache
content-type
text/html; charset=UTF-8
set-cookie
gdpr_status=1; Expires=Tue, 12 Apr 2022 11:12:12 GMT; domain=.media.net; Path=/; sameSite=none; secure=true
x-mnet-hl2
E
strict-transport-security
max-age=604800
vary
Accept-Encoding
content-encoding
gzip
cache-control
max-age=172800
expires
Mon, 11 Oct 2021 11:12:12 GMT
date
Sat, 09 Oct 2021 11:12:12 GMT
content-length
8158
async_usersync.html
acdn.adnxs.com/dmp/ Frame FE7E 		52 KB
17 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://acdn.adnxs.com/dmp/async_usersync.html
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.129.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Host
acdn.adnxs.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Referer
https://securityaffairs.co/
Accept-Encoding
gzip, deflate, br
Cookie
anj=dTM7k!M4/8CxrEQF']wIg2C''<g^'d!@wnf-Te9(>wL5L!!'1l$UAb); icu=ChgI3sJXEAoYASABKAEwi_KFiwY4AUABSAEQi_KFiwYYAA..; uuid2=3371712957801144948
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/

Response headers

Connection
keep-alive
Content-Length
17053
Server
nginx/1.18.0 (Ubuntu)
Content-Type
text/html
Last-Modified
Wed, 02 Dec 2020 20:56:47 GMT
ETag
W/"5fc7ff8f-cf34"
Expires
Fri, 01 Oct 2021 05:08:47 GMT
Cache-Control
max-age=86402
Access-Control-Allow-Origin
*
Content-Encoding
gzip
Via
1.1 varnish, 1.1 varnish
Accept-Ranges
bytes
Date
Sat, 09 Oct 2021 11:12:12 GMT
Age
21789
X-Served-By
cache-lga21975-LGA, cache-fra19173-FRA
X-Cache
HIT, HIT
X-Cache-Hits
228128, 186057
X-Timer
S1633777933.774591,VS0,VE0
Vary
Accept-Encoding
pd
eu-u.openx.net/w/1.0/ Frame 9C5E 		668 B
715 B 		Document
General
Check archive.org
Download Go to
Full URL
https://eu-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/16.216.4 /
Resource Hash
fed71834f03efc309867c597cecba1bd091c325068f7ca59a5229dc8019a4f7d

Request headers

:method
GET
:authority
eu-u.openx.net
:scheme
https
:path
/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://securityaffairs.co/
accept-encoding
gzip, deflate, br
cookie
i=289cb6b8-1c54-4932-9ad9-665438eaf9c1|1633777931
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/

Response headers

vary
Accept, Accept-Encoding
set-cookie
i=289cb6b8-1c54-4932-9ad9-665438eaf9c1|1633777931; Version=1; Expires=Sun, 09-Oct-2022 11:12:12 GMT; Max-Age=31536000; Secure; Domain=.openx.net; Path=/; SameSite=None pd=v2|1633777932|gekin0vNiygu; Version=1; Expires=Sun, 24-Oct-2021 11:12:12 GMT; Max-Age=1296000; Secure; Domain=.openx.net; Path=/; SameSite=None
server
OXGW/16.216.4
p3p
CP="CUR ADM OUR NOR STA NID"
date
Sat, 09 Oct 2021 11:12:12 GMT
content-type
text/html
content-length
417
content-encoding
gzip
via
1.1 google
alt-svc
clear
pd
eu-u.openx.net/w/1.0/ Frame 9CFD 		668 B
727 B 		Document
General
Check archive.org
Download Go to
Full URL
https://eu-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/16.216.4 /
Resource Hash
fed71834f03efc309867c597cecba1bd091c325068f7ca59a5229dc8019a4f7d

Request headers

:method
GET
:authority
eu-u.openx.net
:scheme
https
:path
/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://securityaffairs.co/
accept-encoding
gzip, deflate, br
cookie
i=289cb6b8-1c54-4932-9ad9-665438eaf9c1|1633777931
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/

Response headers

vary
Accept, Accept-Encoding
set-cookie
i=289cb6b8-1c54-4932-9ad9-665438eaf9c1|1633777931; Version=1; Expires=Sun, 09-Oct-2022 11:12:12 GMT; Max-Age=31536000; Secure; Domain=.openx.net; Path=/; SameSite=None pd=v2|1633777932|gekin0vNiygu; Version=1; Expires=Sun, 24-Oct-2021 11:12:12 GMT; Max-Age=1296000; Secure; Domain=.openx.net; Path=/; SameSite=None
server
OXGW/16.216.4
p3p
CP="CUR ADM OUR NOR STA NID"
date
Sat, 09 Oct 2021 11:12:12 GMT
content-type
text/html
content-length
417
content-encoding
gzip
via
1.1 google
alt-svc
clear
async_usersync.html
acdn.adnxs.com/dmp/ Frame E3E8 		52 KB
17 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://acdn.adnxs.com/dmp/async_usersync.html
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.129.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Host
acdn.adnxs.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Referer
https://securityaffairs.co/
Accept-Encoding
gzip, deflate, br
Cookie
anj=dTM7k!M4/8CxrEQF']wIg2C''<g^'d!@wnf-Te9(>wL5L!!'1l$UAb); icu=ChgI3sJXEAoYASABKAEwi_KFiwY4AUABSAEQi_KFiwYYAA..; uuid2=3371712957801144948
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/

Response headers

Connection
keep-alive
Content-Length
17053
Server
nginx/1.18.0 (Ubuntu)
Content-Type
text/html
Last-Modified
Wed, 02 Dec 2020 20:56:47 GMT
ETag
W/"5fc7ff8f-cf34"
Expires
Fri, 01 Oct 2021 05:08:47 GMT
Cache-Control
max-age=86402
Access-Control-Allow-Origin
*
Content-Encoding
gzip
Via
1.1 varnish, 1.1 varnish
Accept-Ranges
bytes
Date
Sat, 09 Oct 2021 11:12:12 GMT
Age
21789
X-Served-By
cache-lga21975-LGA, cache-fra19175-FRA
X-Cache
HIT, HIT
X-Cache-Hits
228128, 184884
X-Timer
S1633777933.775175,VS0,VE0
Vary
Accept-Encoding
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 35FC 		14 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-233-180.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
2295c7a89c8ac4a19e2641283109be472d8f58bd78e42a38a0d16e34203e4bba

Request headers

:method
GET
:authority
ads.pubmatic.com
:scheme
https
:path
/AdServer/js/user_sync.html?kdntuid=1&p=158127
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://securityaffairs.co/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/

Response headers

last-modified
Tue, 15 Jun 2021 06:08:03 GMT
etag
"1300708-3945-5c4c7cc02bd56"
server
Apache/2.2.15 (CentOS)
accept-ranges
bytes
content-encoding
gzip
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length
5054
content-type
text/html; charset=UTF-8
cache-control
max-age=72265
expires
Sun, 10 Oct 2021 07:16:37 GMT
date
Sat, 09 Oct 2021 11:12:12 GMT
vary
Accept-Encoding
pd
eu-u.openx.net/w/1.0/ Frame 2546 		668 B
715 B 		Document
General
Check archive.org
Download Go to
Full URL
https://eu-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/16.216.4 /
Resource Hash
fed71834f03efc309867c597cecba1bd091c325068f7ca59a5229dc8019a4f7d

Request headers

:method
GET
:authority
eu-u.openx.net
:scheme
https
:path
/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://securityaffairs.co/
accept-encoding
gzip, deflate, br
cookie
i=289cb6b8-1c54-4932-9ad9-665438eaf9c1|1633777931
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/

Response headers

vary
Accept, Accept-Encoding
set-cookie
i=289cb6b8-1c54-4932-9ad9-665438eaf9c1|1633777931; Version=1; Expires=Sun, 09-Oct-2022 11:12:12 GMT; Max-Age=31536000; Secure; Domain=.openx.net; Path=/; SameSite=None pd=v2|1633777932|gekin0vNiygu; Version=1; Expires=Sun, 24-Oct-2021 11:12:12 GMT; Max-Age=1296000; Secure; Domain=.openx.net; Path=/; SameSite=None
server
OXGW/16.216.4
p3p
CP="CUR ADM OUR NOR STA NID"
date
Sat, 09 Oct 2021 11:12:12 GMT
content-type
text/html
content-length
417
content-encoding
gzip
via
1.1 google
alt-svc
clear
pd
eu-u.openx.net/w/1.0/ Frame 9020 		668 B
715 B 		Document
General
Check archive.org
Download Go to
Full URL
https://eu-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/16.216.4 /
Resource Hash
fed71834f03efc309867c597cecba1bd091c325068f7ca59a5229dc8019a4f7d

Request headers

:method
GET
:authority
eu-u.openx.net
:scheme
https
:path
/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://securityaffairs.co/
accept-encoding
gzip, deflate, br
cookie
i=289cb6b8-1c54-4932-9ad9-665438eaf9c1|1633777931
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/

Response headers

vary
Accept, Accept-Encoding
set-cookie
i=289cb6b8-1c54-4932-9ad9-665438eaf9c1|1633777931; Version=1; Expires=Sun, 09-Oct-2022 11:12:12 GMT; Max-Age=31536000; Secure; Domain=.openx.net; Path=/; SameSite=None pd=v2|1633777932|gekin0vNiygu; Version=1; Expires=Sun, 24-Oct-2021 11:12:12 GMT; Max-Age=1296000; Secure; Domain=.openx.net; Path=/; SameSite=None
server
OXGW/16.216.4
p3p
CP="CUR ADM OUR NOR STA NID"
date
Sat, 09 Oct 2021 11:12:12 GMT
content-type
text/html
content-length
417
content-encoding
gzip
via
1.1 google
alt-svc
clear
/
ssc-cms.33across.com/ps/ Frame 6510 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://ssc-cms.33across.com/ps/?m=xch&rt=html&ru=deb&id=azC7qard4r6OkMaKlId8sQ&gdpr_consent=undefined&us_privacy=undefined
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
208.100.17.172 , United States, ASN32748 (STEADFAST, US),
Reverse DNS
ip172.208-100-17.static.steadfastdns.net
Software
33XP003 /
Resource Hash

Request headers

:method
GET
:authority
ssc-cms.33across.com
:scheme
https
:path
/ps/?m=xch&rt=html&ru=deb&id=azC7qard4r6OkMaKlId8sQ&gdpr_consent=undefined&us_privacy=undefined
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://securityaffairs.co/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/

Response headers

x-33x-status
2000208
server
33XP003
date
Sat, 09 Oct 2021 11:12:12 GMT
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame C8BD 		14 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-233-180.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
2295c7a89c8ac4a19e2641283109be472d8f58bd78e42a38a0d16e34203e4bba

Request headers

:method
GET
:authority
ads.pubmatic.com
:scheme
https
:path
/AdServer/js/user_sync.html?kdntuid=1&p=158127
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://securityaffairs.co/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/

Response headers

last-modified
Tue, 15 Jun 2021 06:08:03 GMT
etag
"1300708-3945-5c4c7cc02bd56"
server
Apache/2.2.15 (CentOS)
accept-ranges
bytes
content-encoding
gzip
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length
5054
content-type
text/html; charset=UTF-8
cache-control
max-age=72265
expires
Sun, 10 Oct 2021 07:16:37 GMT
date
Sat, 09 Oct 2021 11:12:12 GMT
vary
Accept-Encoding
async_usersync.html
acdn.adnxs.com/dmp/ Frame 544A 		52 KB
17 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://acdn.adnxs.com/dmp/async_usersync.html
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.129.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Host
acdn.adnxs.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Referer
https://securityaffairs.co/
Accept-Encoding
gzip, deflate, br
Cookie
anj=dTM7k!M4/8CxrEQF']wIg2C''<g^'d!@wnf-Te9(>wL5L!!'1l$UAb); icu=ChgI3sJXEAoYASABKAEwi_KFiwY4AUABSAEQi_KFiwYYAA..; uuid2=3371712957801144948
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/

Response headers

Connection
keep-alive
Content-Length
17053
Server
nginx/1.18.0 (Ubuntu)
Content-Type
text/html
Last-Modified
Wed, 02 Dec 2020 20:56:47 GMT
ETag
W/"5fc7ff8f-cf34"
Expires
Fri, 01 Oct 2021 05:08:47 GMT
Cache-Control
max-age=86402
Access-Control-Allow-Origin
*
Content-Encoding
gzip
Via
1.1 varnish, 1.1 varnish
Accept-Ranges
bytes
Date
Sat, 09 Oct 2021 11:12:12 GMT
Age
21789
X-Served-By
cache-lga21972-LGA, cache-hhn4073-HHN
X-Cache
HIT, HIT
X-Cache-Hits
1, 323580
X-Timer
S1633777933.786592,VS0,VE0
Vary
Accept-Encoding
checksync.php
contextual.media.net/ Frame BD89 		22 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUIUMTP7&prvid=2034%2C2033%2C2011%2C3022%2C3020%2C2030%2C273%2C251%2C175%2C2009%2C255%2C178%2C3018%2C2028%2C3017%2C2027%2C3016%2C236%2C214%2C237%2C2025%2C3014%2C238%2C117%2C97%2C99%2C77%2C38%2C3012%2C3011%2C3010%2C182%2C261%2C141%2C222%2C3007%2C201%2C4%2C301%2C246%2C225%2C203%2C80%2C10000%2C9%2C108&purpose1=1&gdprconsent=0&gdpr=1&usp_status=0&usp_consent=1&itype=PREBID
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-235-93.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
4cb65af490eea0fb6f1f32f6d01836305f3869ae612f3e9a59f65bbf27f92c0f
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

:method
GET
:authority
contextual.media.net
:scheme
https
:path
/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUIUMTP7&prvid=2034%2C2033%2C2011%2C3022%2C3020%2C2030%2C273%2C251%2C175%2C2009%2C255%2C178%2C3018%2C2028%2C3017%2C2027%2C3016%2C236%2C214%2C237%2C2025%2C3014%2C238%2C117%2C97%2C99%2C77%2C38%2C3012%2C3011%2C3010%2C182%2C261%2C141%2C222%2C3007%2C201%2C4%2C301%2C246%2C225%2C203%2C80%2C10000%2C9%2C108&purpose1=1&gdprconsent=0&gdpr=1&usp_status=0&usp_consent=1&itype=PREBID
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://securityaffairs.co/
accept-encoding
gzip, deflate, br
cookie
gdpr_status=1
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/

Response headers

server
Apache
content-type
text/html; charset=UTF-8
set-cookie
gdpr_status=1; Expires=Tue, 12 Apr 2022 11:12:12 GMT; domain=.media.net; Path=/; sameSite=none; secure=true
x-mnet-hl2
E
strict-transport-security
max-age=604800
vary
Accept-Encoding
content-encoding
gzip
cache-control
max-age=172800
expires
Mon, 11 Oct 2021 11:12:12 GMT
date
Sat, 09 Oct 2021 11:12:12 GMT
content-length
8158
async_usersync.html
acdn.adnxs.com/dmp/ Frame 506B 		52 KB
17 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://acdn.adnxs.com/dmp/async_usersync.html
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.129.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Host
acdn.adnxs.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Referer
https://securityaffairs.co/
Accept-Encoding
gzip, deflate, br
Cookie
anj=dTM7k!M4/8CxrEQF']wIg2C''<g^'d!@wnf-Te9(>wL5L!!'1l$UAb); icu=ChgI3sJXEAoYASABKAEwi_KFiwY4AUABSAEQi_KFiwYYAA..; uuid2=3371712957801144948
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/

Response headers

Connection
keep-alive
Content-Length
17053
Server
nginx/1.18.0 (Ubuntu)
Content-Type
text/html
Last-Modified
Wed, 02 Dec 2020 20:56:47 GMT
ETag
W/"5fc7ff8f-cf34"
Expires
Fri, 01 Oct 2021 05:08:47 GMT
Cache-Control
max-age=86402
Access-Control-Allow-Origin
*
Content-Encoding
gzip
Via
1.1 varnish, 1.1 varnish
Accept-Ranges
bytes
Date
Sat, 09 Oct 2021 11:12:12 GMT
Age
21788
X-Served-By
cache-lga21975-LGA, cache-fra19125-FRA
X-Cache
HIT, HIT
X-Cache-Hits
228128, 177453
X-Timer
S1633777933.776230,VS0,VE0
Vary
Accept-Encoding
checksync.php
contextual.media.net/ Frame C583 		22 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUIUMTP7&prvid=2034%2C2033%2C2011%2C3022%2C3020%2C2030%2C273%2C251%2C175%2C2009%2C255%2C178%2C3018%2C2028%2C3017%2C2027%2C3016%2C236%2C214%2C237%2C2025%2C3014%2C238%2C117%2C97%2C99%2C77%2C38%2C3012%2C3011%2C3010%2C182%2C261%2C141%2C222%2C3007%2C201%2C4%2C301%2C246%2C225%2C203%2C80%2C10000%2C9%2C108&purpose1=1&gdprconsent=0&gdpr=1&usp_status=0&usp_consent=1&itype=PREBID
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-235-93.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
4cb65af490eea0fb6f1f32f6d01836305f3869ae612f3e9a59f65bbf27f92c0f
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

:method
GET
:authority
contextual.media.net
:scheme
https
:path
/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUIUMTP7&prvid=2034%2C2033%2C2011%2C3022%2C3020%2C2030%2C273%2C251%2C175%2C2009%2C255%2C178%2C3018%2C2028%2C3017%2C2027%2C3016%2C236%2C214%2C237%2C2025%2C3014%2C238%2C117%2C97%2C99%2C77%2C38%2C3012%2C3011%2C3010%2C182%2C261%2C141%2C222%2C3007%2C201%2C4%2C301%2C246%2C225%2C203%2C80%2C10000%2C9%2C108&purpose1=1&gdprconsent=0&gdpr=1&usp_status=0&usp_consent=1&itype=PREBID
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://securityaffairs.co/
accept-encoding
gzip, deflate, br
cookie
gdpr_status=1
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/

Response headers

server
Apache
content-type
text/html; charset=UTF-8
set-cookie
gdpr_status=1; Expires=Tue, 12 Apr 2022 11:12:12 GMT; domain=.media.net; Path=/; sameSite=none; secure=true
x-mnet-hl2
E
strict-transport-security
max-age=604800
vary
Accept-Encoding
content-encoding
gzip
cache-control
max-age=172800
expires
Mon, 11 Oct 2021 11:12:12 GMT
date
Sat, 09 Oct 2021 11:12:12 GMT
content-length
8158
usync.html
eus.rubiconproject.com/ Frame 9216 		281 B
554 B 		Document
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.html
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.109.78.125 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-109-78-125.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Host
eus.rubiconproject.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Referer
https://securityaffairs.co/
Accept-Encoding
gzip, deflate, br
Cookie
rsid=1|HsGqLFsFr/vVSy6g0MQzNQWiuYBcZJvAvCF6IsCkVVAywYaQOmrhQ6qYZL+Njo/JRR6vvVOnYX6qF0anVSaRRFrEpFc6uQw19gMkasvdREJwzG6qEKUxNbX7S8/cWQrERdSf+hE=; khaos=KUJP73V7-15-4H48; audit=1|hLZGFuTafB2nNSJ8F4DpCvMldI1BXCZDBkZriXr0d3mHb75gq7CdaQqbF9i1EU5J751PgjmsPd3gcRgjl6EitQhJSJ8nY+hF3OlDu/ORdD8=
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/

Response headers

Server
Apache/2.2.15 (CentOS)
Last-Modified
Thu, 30 Sep 2021 18:24:26 GMT
ETag
"403b8-119-5cd3a8e7e6a80"
Accept-Ranges
bytes
Content-Encoding
gzip
Content-Length
233
Content-Type
text/html; charset=UTF-8
Date
Sat, 09 Oct 2021 11:12:12 GMT
Connection
keep-alive
Vary
Accept-Encoding
checksync.php
contextual.media.net/ Frame 5720 		22 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUIUMTP7&prvid=2034%2C2033%2C2011%2C3022%2C3020%2C2030%2C273%2C251%2C175%2C2009%2C255%2C178%2C3018%2C2028%2C3017%2C2027%2C3016%2C236%2C214%2C237%2C2025%2C3014%2C238%2C117%2C97%2C99%2C77%2C38%2C3012%2C3011%2C3010%2C182%2C261%2C141%2C222%2C3007%2C201%2C4%2C301%2C246%2C225%2C203%2C80%2C10000%2C9%2C108&purpose1=1&gdprconsent=0&gdpr=1&usp_status=0&usp_consent=1&itype=PREBID
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-235-93.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
4cb65af490eea0fb6f1f32f6d01836305f3869ae612f3e9a59f65bbf27f92c0f
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

:method
GET
:authority
contextual.media.net
:scheme
https
:path
/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUIUMTP7&prvid=2034%2C2033%2C2011%2C3022%2C3020%2C2030%2C273%2C251%2C175%2C2009%2C255%2C178%2C3018%2C2028%2C3017%2C2027%2C3016%2C236%2C214%2C237%2C2025%2C3014%2C238%2C117%2C97%2C99%2C77%2C38%2C3012%2C3011%2C3010%2C182%2C261%2C141%2C222%2C3007%2C201%2C4%2C301%2C246%2C225%2C203%2C80%2C10000%2C9%2C108&purpose1=1&gdprconsent=0&gdpr=1&usp_status=0&usp_consent=1&itype=PREBID
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://securityaffairs.co/
accept-encoding
gzip, deflate, br
cookie
gdpr_status=1
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/

Response headers

server
Apache
content-type
text/html; charset=UTF-8
set-cookie
gdpr_status=1; Expires=Tue, 12 Apr 2022 11:12:12 GMT; domain=.media.net; Path=/; sameSite=none; secure=true
x-mnet-hl2
E
strict-transport-security
max-age=604800
vary
Accept-Encoding
content-encoding
gzip
cache-control
max-age=172800
expires
Mon, 11 Oct 2021 11:12:12 GMT
date
Sat, 09 Oct 2021 11:12:12 GMT
content-length
8158
truncated
/ Frame B2A2 		217 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
7d5e37695ca822303dfb0da777e8962be813fe9dab34db4cc06fa5705d057c98

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type
image/png
vtr.php
served-by.pixfuture.com/www/headerbid/library/tracking/ 		0
307 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://served-by.pixfuture.com/www/headerbid/library/tracking/vtr.php
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://securityaffairs.co/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

pragma
no-cache
date
Sat, 09 Oct 2021 11:12:12 GMT
server
nginx/1.10.3 (Ubuntu)
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
cache-control
max-age=172800
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
expires
Mon, 11 Oct 2021 11:12:12 GMT
sd
eu-u.openx.net/w/1.0/ Frame 9CFD
Redirect Chain
  • https://sync.mathtag.com/sync/img?mt_exid=5&redir=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D536872786%26val%3D%5BMM_UUID%5D
  • https://eu-u.openx.net/w/1.0/sd?id=536872786&val=ecc46161-790c-4100-bfdc-fc35f01e5f4d
43 B
106 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://eu-u.openx.net/w/1.0/sd?id=536872786&val=ecc46161-790c-4100-bfdc-fc35f01e5f4d
Requested by
Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/16.216.4 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eu-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 09 Oct 2021 11:12:13 GMT
via
1.1 google
server
OXGW/16.216.4
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
clear
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

Date
Sat, 09 Oct 2021 11:12:12 GMT
Server
MT3 3984 0e3af3b master zrh-pixel-x8 config:1.0.0
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location
https://eu-u.openx.net/w/1.0/sd?id=536872786&val=ecc46161-790c-4100-bfdc-fc35f01e5f4d
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Keep-Alive
timeout=360
Content-Length
0
Expires
Sat, 09 Oct 2021 11:12:11 GMT
sd
us-u.openx.net/w/1.0/ Frame 9CFD
Redirect Chain
  • https://pixel.quantserve.com/pixel/p-25CIknq_eSg16.gif?idmatch=0&gdpr=0
  • https://us-u.openx.net/w/1.0/sd?id=537072956&gdpr=0&val=wNLD-8HaxanbhcX4xtvY_sLWwP7b08yvl9sO1Zqg
43 B
106 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://us-u.openx.net/w/1.0/sd?id=537072956&gdpr=0&val=wNLD-8HaxanbhcX4xtvY_sLWwP7b08yvl9sO1Zqg
Requested by
Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/16.216.4 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eu-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 09 Oct 2021 11:12:13 GMT
via
1.1 google
server
OXGW/16.216.4
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
clear
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma
no-cache
date
Sat, 09 Oct 2021 11:12:12 GMT
strict-transport-security
max-age=86400
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
location
https://us-u.openx.net/w/1.0/sd?id=537072956&gdpr=0&val=wNLD-8HaxanbhcX4xtvY_sLWwP7b08yvl9sO1Zqg
cache-control
private, no-cache, no-store, proxy-revalidate
content-length
0
expires
Fri, 04 Aug 1978 12:00:00 GMT
sd
eu-u.openx.net/w/1.0/ Frame 9CFD
Redirect Chain
  • https://c1.adform.net/serving/cookie/match?party=22
  • https://c1.adform.net/serving/cookie/match?CC=1&party=22
  • https://eu-u.openx.net/w/1.0/sd?id=537113484&val=4193834106182578382
43 B
106 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://eu-u.openx.net/w/1.0/sd?id=537113484&val=4193834106182578382
Requested by
Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/16.216.4 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eu-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 09 Oct 2021 11:12:13 GMT
via
1.1 google
server
OXGW/16.216.4
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
clear
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma
no-cache
date
Sat, 09 Oct 2021 11:12:13 GMT
server
nginx
location
https://eu-u.openx.net/w/1.0/sd?id=537113484&val=4193834106182578382
access-control-max-age
86400
access-control-allow-methods
GET
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length
0
expires
-1
openx
match.adsrvr.org/track/cmf/ Frame 9CFD 		70 B
263 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.adsrvr.org/track/cmf/openx?oxid=fb3089e1-b5d3-76c5-c00f-aebc5ccdca3c&gdpr=0
Requested by
Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
76.223.111.131 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a97adde81b00f2ca4.awsglobalaccelerator.com
Software
/
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eu-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 09 Oct 2021 11:12:12 GMT
cache-control
private,no-cache, must-revalidate
x-aspnet-version
4.0.30319
content-type
image/gif
content-length
70
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
pixel
cm.g.doubleclick.net/ Frame 9CFD 		170 B
522 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=ZDc1ZjVhMmItN2NhNC0yODYxLWQ1ZWYtZjQwNTk2MmYwNDVj
Requested by
Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.58.212.130 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
ams15s21-in-f130.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eu-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 09 Oct 2021 11:12:12 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
sd
us-u.openx.net/w/1.0/ Frame 9CFD
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc
  • https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEKNZOBriQSorOiXaVG86Tjc&google_cver=1
43 B
106 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEKNZOBriQSorOiXaVG86Tjc&google_cver=1
Requested by
Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/16.216.4 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eu-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 09 Oct 2021 11:12:13 GMT
via
1.1 google
server
OXGW/16.216.4
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
clear
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma
no-cache
date
Sat, 09 Oct 2021 11:12:12 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEKNZOBriQSorOiXaVG86Tjc&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
295
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
sd
eu-u.openx.net/w/1.0/ Frame 9C5E
Redirect Chain
  • https://sync.mathtag.com/sync/img?mt_exid=5&redir=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D536872786%26val%3D%5BMM_UUID%5D
  • https://eu-u.openx.net/w/1.0/sd?id=536872786&val=4e1f6161-790c-4a00-af65-a4800e9df82f
43 B
106 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://eu-u.openx.net/w/1.0/sd?id=536872786&val=4e1f6161-790c-4a00-af65-a4800e9df82f
Requested by
Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/16.216.4 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eu-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 09 Oct 2021 11:12:13 GMT
via
1.1 google
server
OXGW/16.216.4
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
clear
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

Date
Sat, 09 Oct 2021 11:12:12 GMT
Server
MT3 3984 0e3af3b master zrh-pixel-x26 config:1.0.0
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location
https://eu-u.openx.net/w/1.0/sd?id=536872786&val=4e1f6161-790c-4a00-af65-a4800e9df82f
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Keep-Alive
timeout=360
Content-Length
0
Expires
Sat, 09 Oct 2021 11:12:11 GMT
sd
us-u.openx.net/w/1.0/ Frame 9C5E
Redirect Chain
  • https://pixel.quantserve.com/pixel/p-25CIknq_eSg16.gif?idmatch=0&gdpr=0
  • https://us-u.openx.net/w/1.0/sd?id=537072956&gdpr=0&val=AWToWQBs7gsaM-5aAWTzCVQx7FwaM71bBW2rjfd7
43 B
106 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://us-u.openx.net/w/1.0/sd?id=537072956&gdpr=0&val=AWToWQBs7gsaM-5aAWTzCVQx7FwaM71bBW2rjfd7
Requested by
Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/16.216.4 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eu-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 09 Oct 2021 11:12:13 GMT
via
1.1 google
server
OXGW/16.216.4
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
clear
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma
no-cache
date
Sat, 09 Oct 2021 11:12:12 GMT
strict-transport-security
max-age=86400
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
location
https://us-u.openx.net/w/1.0/sd?id=537072956&gdpr=0&val=AWToWQBs7gsaM-5aAWTzCVQx7FwaM71bBW2rjfd7
cache-control
private, no-cache, no-store, proxy-revalidate
content-length
0
expires
Fri, 04 Aug 1978 12:00:00 GMT
sd
eu-u.openx.net/w/1.0/ Frame 9C5E
Redirect Chain
  • https://c1.adform.net/serving/cookie/match?party=22
  • https://c1.adform.net/serving/cookie/match?CC=1&party=22
  • https://eu-u.openx.net/w/1.0/sd?id=537113484&val=1413885060248384874
43 B
106 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://eu-u.openx.net/w/1.0/sd?id=537113484&val=1413885060248384874
Requested by
Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/16.216.4 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eu-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 09 Oct 2021 11:12:13 GMT
via
1.1 google
server
OXGW/16.216.4
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
clear
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma
no-cache
date
Sat, 09 Oct 2021 11:12:13 GMT
server
nginx
location
https://eu-u.openx.net/w/1.0/sd?id=537113484&val=1413885060248384874
access-control-max-age
86400
access-control-allow-methods
GET
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length
0
expires
-1
openx
match.adsrvr.org/track/cmf/ Frame 9C5E 		70 B
263 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.adsrvr.org/track/cmf/openx?oxid=fb3089e1-b5d3-76c5-c00f-aebc5ccdca3c&gdpr=0
Requested by
Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
76.223.111.131 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a97adde81b00f2ca4.awsglobalaccelerator.com
Software
/
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eu-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 09 Oct 2021 11:12:12 GMT
cache-control
private,no-cache, must-revalidate
x-aspnet-version
4.0.30319
content-type
image/gif
content-length
70
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
pixel
cm.g.doubleclick.net/ Frame 9C5E 		170 B
231 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=ZDc1ZjVhMmItN2NhNC0yODYxLWQ1ZWYtZjQwNTk2MmYwNDVj
Requested by
Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.58.212.130 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
ams15s21-in-f130.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eu-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 09 Oct 2021 11:12:12 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
sd
us-u.openx.net/w/1.0/ Frame 9C5E
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc
  • https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEAvKJb83cGwgy6gWTNbBn7M&google_cver=1
43 B
106 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEAvKJb83cGwgy6gWTNbBn7M&google_cver=1
Requested by
Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/16.216.4 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eu-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 09 Oct 2021 11:12:13 GMT
via
1.1 google
server
OXGW/16.216.4
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
clear
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma
no-cache
date
Sat, 09 Oct 2021 11:12:12 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEAvKJb83cGwgy6gWTNbBn7M&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
295
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
sd
eu-u.openx.net/w/1.0/ Frame 9020
Redirect Chain
  • https://sync.mathtag.com/sync/img?mt_exid=5&redir=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D536872786%26val%3D%5BMM_UUID%5D
  • https://eu-u.openx.net/w/1.0/sd?id=536872786&val=ff006161-790c-4a00-8f46-925ea55601bd
43 B
106 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://eu-u.openx.net/w/1.0/sd?id=536872786&val=ff006161-790c-4a00-8f46-925ea55601bd
Requested by
Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/16.216.4 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eu-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 09 Oct 2021 11:12:13 GMT
via
1.1 google
server
OXGW/16.216.4
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
clear
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

Date
Sat, 09 Oct 2021 11:12:12 GMT
Server
MT3 3984 0e3af3b master zrh-pixel-x28 config:1.0.0
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location
https://eu-u.openx.net/w/1.0/sd?id=536872786&val=ff006161-790c-4a00-8f46-925ea55601bd
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Keep-Alive
timeout=360
Content-Length
0
Expires
Sat, 09 Oct 2021 11:12:11 GMT
sd
us-u.openx.net/w/1.0/ Frame 9020
Redirect Chain
  • https://pixel.quantserve.com/pixel/p-25CIknq_eSg16.gif?idmatch=0&gdpr=0
  • https://us-u.openx.net/w/1.0/sd?id=537072956&gdpr=0&val=bC1I5W0lTrd3ek7nYn1T4mt9Sex3ekrjbH1bwVGx
43 B
106 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://us-u.openx.net/w/1.0/sd?id=537072956&gdpr=0&val=bC1I5W0lTrd3ek7nYn1T4mt9Sex3ekrjbH1bwVGx
Requested by
Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/16.216.4 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eu-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 09 Oct 2021 11:12:13 GMT
via
1.1 google
server
OXGW/16.216.4
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
clear
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma
no-cache
date
Sat, 09 Oct 2021 11:12:12 GMT
strict-transport-security
max-age=86400
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
location
https://us-u.openx.net/w/1.0/sd?id=537072956&gdpr=0&val=bC1I5W0lTrd3ek7nYn1T4mt9Sex3ekrjbH1bwVGx
cache-control
private, no-cache, no-store, proxy-revalidate
content-length
0
expires
Fri, 04 Aug 1978 12:00:00 GMT
sd
eu-u.openx.net/w/1.0/ Frame 9020
Redirect Chain
  • https://c1.adform.net/serving/cookie/match?party=22
  • https://c1.adform.net/serving/cookie/match?CC=1&party=22
  • https://eu-u.openx.net/w/1.0/sd?id=537113484&val=2785713147766716868
43 B
106 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://eu-u.openx.net/w/1.0/sd?id=537113484&val=2785713147766716868
Requested by
Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/16.216.4 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eu-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 09 Oct 2021 11:12:13 GMT
via
1.1 google
server
OXGW/16.216.4
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
clear
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma
no-cache
date
Sat, 09 Oct 2021 11:12:13 GMT
server
nginx
location
https://eu-u.openx.net/w/1.0/sd?id=537113484&val=2785713147766716868
access-control-max-age
86400
access-control-allow-methods
GET
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length
0
expires
-1
openx
match.adsrvr.org/track/cmf/ Frame 9020 		70 B
263 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.adsrvr.org/track/cmf/openx?oxid=fb3089e1-b5d3-76c5-c00f-aebc5ccdca3c&gdpr=0
Requested by
Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
76.223.111.131 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a97adde81b00f2ca4.awsglobalaccelerator.com
Software
/
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eu-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 09 Oct 2021 11:12:12 GMT
cache-control
private,no-cache, must-revalidate
x-aspnet-version
4.0.30319
content-type
image/gif
content-length
70
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
pixel
cm.g.doubleclick.net/ Frame 9020 		170 B
231 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=ZDc1ZjVhMmItN2NhNC0yODYxLWQ1ZWYtZjQwNTk2MmYwNDVj
Requested by
Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.58.212.130 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
ams15s21-in-f130.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eu-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 09 Oct 2021 11:12:12 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
sd
us-u.openx.net/w/1.0/ Frame 9020
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc
  • https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEC18egDazzzYDBQl_CvU0Uk&google_cver=1
43 B
122 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEC18egDazzzYDBQl_CvU0Uk&google_cver=1
Requested by
Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/16.216.4 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eu-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 09 Oct 2021 11:12:13 GMT
via
1.1 google
server
OXGW/16.216.4
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
clear
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma
no-cache
date
Sat, 09 Oct 2021 11:12:12 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEC18egDazzzYDBQl_CvU0Uk&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
295
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
sd
eu-u.openx.net/w/1.0/ Frame 2546
Redirect Chain
  • https://sync.mathtag.com/sync/img?mt_exid=5&redir=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D536872786%26val%3D%5BMM_UUID%5D
  • https://eu-u.openx.net/w/1.0/sd?id=536872786&val=29296161-790c-4600-98d0-e0beac74b122
43 B
106 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://eu-u.openx.net/w/1.0/sd?id=536872786&val=29296161-790c-4600-98d0-e0beac74b122
Requested by
Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/16.216.4 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eu-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 09 Oct 2021 11:12:13 GMT
via
1.1 google
server
OXGW/16.216.4
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
clear
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

Date
Sat, 09 Oct 2021 11:12:12 GMT
Server
MT3 3984 0e3af3b master zrh-pixel-x2 config:1.0.0
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location
https://eu-u.openx.net/w/1.0/sd?id=536872786&val=29296161-790c-4600-98d0-e0beac74b122
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Keep-Alive
timeout=360
Content-Length
0
Expires
Sat, 09 Oct 2021 11:12:11 GMT
sd
us-u.openx.net/w/1.0/ Frame 2546
Redirect Chain
  • https://pixel.quantserve.com/pixel/p-25CIknq_eSg16.gif?idmatch=0&gdpr=0
  • https://us-u.openx.net/w/1.0/sd?id=537072956&gdpr=0&val=q-QQ-qrsFqiwsxb5ruUL-6viQKiw5kSvpOQvIHIx
43 B
106 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://us-u.openx.net/w/1.0/sd?id=537072956&gdpr=0&val=q-QQ-qrsFqiwsxb5ruUL-6viQKiw5kSvpOQvIHIx
Requested by
Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/16.216.4 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eu-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 09 Oct 2021 11:12:13 GMT
via
1.1 google
server
OXGW/16.216.4
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
clear
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma
no-cache
date
Sat, 09 Oct 2021 11:12:12 GMT
strict-transport-security
max-age=86400
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
location
https://us-u.openx.net/w/1.0/sd?id=537072956&gdpr=0&val=q-QQ-qrsFqiwsxb5ruUL-6viQKiw5kSvpOQvIHIx
cache-control
private, no-cache, no-store, proxy-revalidate
content-length
0
expires
Fri, 04 Aug 1978 12:00:00 GMT
sd
eu-u.openx.net/w/1.0/ Frame 2546
Redirect Chain
  • https://c1.adform.net/serving/cookie/match?party=22
  • https://c1.adform.net/serving/cookie/match?CC=1&party=22
  • https://eu-u.openx.net/w/1.0/sd?id=537113484&val=6859712665053151069
43 B
106 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://eu-u.openx.net/w/1.0/sd?id=537113484&val=6859712665053151069
Requested by
Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/16.216.4 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eu-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 09 Oct 2021 11:12:13 GMT
via
1.1 google
server
OXGW/16.216.4
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
clear
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma
no-cache
date
Sat, 09 Oct 2021 11:12:13 GMT
server
nginx
location
https://eu-u.openx.net/w/1.0/sd?id=537113484&val=6859712665053151069
access-control-max-age
86400
access-control-allow-methods
GET
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length
0
expires
-1
openx
match.adsrvr.org/track/cmf/ Frame 2546 		70 B
263 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.adsrvr.org/track/cmf/openx?oxid=fb3089e1-b5d3-76c5-c00f-aebc5ccdca3c&gdpr=0
Requested by
Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
76.223.111.131 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a97adde81b00f2ca4.awsglobalaccelerator.com
Software
/
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eu-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 09 Oct 2021 11:12:12 GMT
cache-control
private,no-cache, must-revalidate
x-aspnet-version
4.0.30319
content-type
image/gif
content-length
70
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
pixel
cm.g.doubleclick.net/ Frame 2546 		170 B
231 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=ZDc1ZjVhMmItN2NhNC0yODYxLWQ1ZWYtZjQwNTk2MmYwNDVj
Requested by
Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.58.212.130 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
ams15s21-in-f130.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eu-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 09 Oct 2021 11:12:12 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
sd
us-u.openx.net/w/1.0/ Frame 2546
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc
  • https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESECnzb3YYrb5ATTxZ2Nxbzqs&google_cver=1
43 B
106 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESECnzb3YYrb5ATTxZ2Nxbzqs&google_cver=1
Requested by
Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/16.216.4 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eu-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 09 Oct 2021 11:12:13 GMT
via
1.1 google
server
OXGW/16.216.4
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
clear
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma
no-cache
date
Sat, 09 Oct 2021 11:12:12 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESECnzb3YYrb5ATTxZ2Nxbzqs&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
295
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
sodar
pagead2.googlesyndication.com/getconfig/ Frame 3F87 		11 KB
8 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20211006&st=env
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202110070201/show_ads_impl_fy2019.js?bust=31063089
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s48-in-f2.1e100.net
Software
cafe /
Resource Hash
9897dca16863ff1e2b67e2c56f71d74477a73050bb9d077f42d12e5f025b730a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

timing-allow-origin
*
date
Sat, 09 Oct 2021 11:12:12 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
8537
x-xss-protection
0
async_usersync
ib.adnxs.com/ Frame FE7E 		0
735 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/async_usersync?cbfn=queuePixels
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.220.243 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
722.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.17.9 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://acdn.adnxs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 09 Oct 2021 11:12:12 GMT
X-Proxy-Origin
216.131.114.222; 216.131.114.222; 722.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid
5c1c8e2c-de3e-4e4a-9ed8-9d6b6c8e75c9
Server
nginx/1.17.9
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
async_usersync
ib.adnxs.com/ Frame E3E8 		0
735 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/async_usersync?cbfn=queuePixels
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.220.243 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
722.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.17.9 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://acdn.adnxs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 09 Oct 2021 11:12:12 GMT
X-Proxy-Origin
216.131.114.222; 216.131.114.222; 722.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid
2ddc1163-e9a1-438b-a56d-53e0b146fdf5
Server
nginx/1.17.9
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
PugMaster
image6.pubmatic.com/AdServer/ Frame 5191 		5 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=67976701&p=158127&s=0&a=0&ptask=ALL&np=0&fp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.190.78 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
579001a3e4ebdcb435375500f093293a4cdebde77534de9b389b766c9245fff0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Sat, 09 Oct 2021 11:12:12 GMT
content-type
text/html; charset=UTF-8
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
async_usersync
ib.adnxs.com/ Frame 506B 		0
735 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/async_usersync?cbfn=queuePixels
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.220.243 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
722.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.17.9 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://acdn.adnxs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 09 Oct 2021 11:12:12 GMT
X-Proxy-Origin
216.131.114.222; 216.131.114.222; 722.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid
d8ee1746-6c76-478d-9f87-38b1d9aef802
Server
nginx/1.17.9
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
async_usersync
ib.adnxs.com/ Frame 544A 		0
735 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/async_usersync?cbfn=queuePixels
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.220.243 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
722.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.17.9 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://acdn.adnxs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 09 Oct 2021 11:12:13 GMT
X-Proxy-Origin
216.131.114.222; 216.131.114.222; 722.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid
7b7ce9d5-9466-4cf3-8e22-ffdbaef98ad8
Server
nginx/1.17.9
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
usync.js
eus.rubiconproject.com/ Frame 9216 		31 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.js
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.109.78.125 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-109-78-125.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash
6eac4f1bf5bf8976cc74f9d784adc40029ac907cf2ba54cc3c5a50c8e38cd122

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/usync.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Sat, 09 Oct 2021 11:12:13 GMT
Content-Encoding
gzip
Last-Modified
Thu, 30 Sep 2021 18:24:26 GMT
Server
Apache/2.2.15 (CentOS)
X-Powered-By
PHP/5.3.3
Vary
Accept-Encoding
p3p
CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control
max-age=51876
Connection
keep-alive
Content-Type
text/html; charset=UTF-8
Content-Length
9275
Expires
Sun, 10 Oct 2021 01:36:49 GMT
Op0h1o4bLATv4Gekw87wLIhuIhk3mUgQ1PXLVSVUXpk.js
pagead2.googlesyndication.com/bg/ Frame B6D9 		35 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/Op0h1o4bLATv4Gekw87wLIhuIhk3mUgQ1PXLVSVUXpk.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=50&slotname=Internal_320x50_0.10&adk=468307373&adf=1480696190&pi=t.ma~as.Internal_320x50_0.10&w=320&lmt=1633777932&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F123136%2Fmalware%2Fcox-media-group-ransomware.html%3Futm_source%3Drss%26utm_medium%3Drss%26utm_campaign%3Dcox-media-group-ransomware&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1633777932085&bpp=13&bdt=69&idt=101&shv=r20211006&mjsv=m202110070201&ptt=5&saldr=sa&correlator=4075843604342&frm=21&ife=1&pv=2&ga_vid=1026516623.1633777931&ga_sid=1633777932&ga_hid=448423975&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=320&ady=844&biw=1600&bih=1200&isw=320&ish=50&ifk=1965715624&scr_x=0&scr_y=0&eid=31062938%2C31062944%2C31063089%2C31063103&oid=2&pvsid=2265266584299941&pem=686&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.13muzde6ulen&fsb=1&xpc=z3kiqxzK3Y&p=https%3A//securityaffairs.co&dtd=117
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s48-in-f2.1e100.net
Software
sffe /
Resource Hash
3a9d21d68e1b2c04efe067a4c3cef02c886e221937994810d4f5cb5525545e99
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Tue, 05 Oct 2021 20:38:05 GMT
content-encoding
br
x-content-type-options
nosniff
age
311648
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13306
x-xss-protection
0
last-modified
Tue, 05 Oct 2021 11:38:00 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="botguard-scs"
expires
Wed, 05 Oct 2022 20:38:05 GMT
sodar2.js
tpc.googlesyndication.com/sodar/ Frame 3F87 		17 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202110070201/show_ads_impl_fy2019.js?bust=31063089
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.225 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f1.1e100.net
Software
sffe /
Resource Hash
a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Sat, 09 Oct 2021 11:12:13 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1624308425655142"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6467
x-xss-protection
0
cross-origin-opener-policy-report-only
same-origin; report-to="adspam-signals-scs"
expires
Sat, 09 Oct 2021 11:12:13 GMT
sodar
pagead2.googlesyndication.com/getconfig/ Frame B487 		11 KB
8 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20211006&st=env
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202110040101/show_ads_impl_fy2019.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s48-in-f2.1e100.net
Software
cafe /
Resource Hash
9fbe10b652f90029d4980425bffe57ccd3b157bc682d8996fbfec22546bbc7c7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

timing-allow-origin
*
date
Sat, 09 Oct 2021 11:12:13 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
8508
x-xss-protection
0
cookie.js
partner.googleadservices.com/gampad/ Frame D313 		12 B
53 B 		Script
General
Check archive.org
Download Go to
Full URL
https://partner.googleadservices.com/gampad/cookie.js?domain=securityaffairs.co&callback=_gfp_s_&client=ca-pub-1575911585432548&cookie=ID%3D196d8e7f801c5845-22092b89e7ca00d9%3AT%3D1633777932%3ART%3D1633777932%3AS%3DALNI_MZ43NaiwjCjOep31Py9jmYXJBET-w
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202110060101/show_ads_impl_fy2019.js?bust=31063076
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.181.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s56-in-f2.1e100.net
Software
cafe /
Resource Hash
daa795332e5dbcf893adf2d5f3349f02b8c1cb957ff3b5f4c11b742e33c3376f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Sat, 09 Oct 2021 11:12:13 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type
text/javascript; charset=UTF-8
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
32
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ Frame D313 		107 B
122 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=securityaffairs.co
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202110060101/show_ads_impl_fy2019.js?bust=31063076
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f2.1e100.net
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

timing-allow-origin
*
date
Sat, 09 Oct 2021 11:12:13 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
ads
googleads.g.doubleclick.net/pagead/ Frame 8B35 		15 KB
9 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=250&slotname=Internal_300x250_0.10&adk=1639670682&adf=1174745095&pi=t.ma~as.Internal_300x250_0._&w=300&lmt=1633777933&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F123136%2Fmalware%2Fcox-media-group-ransomware.html%3Futm_source%3Drss%26utm_medium%3Drss%26utm_campaign%3Dcox-media-group-ransomware&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1633777932130&bpp=8&bdt=56&idt=942&shv=r20211006&mjsv=m202110060101&ptt=5&saldr=sa&cookie=ID%3D196d8e7f801c5845-22092b89e7ca00d9%3AT%3D1633777932%3ART%3D1633777932%3AS%3DALNI_MZ43NaiwjCjOep31Py9jmYXJBET-w&correlator=4075843604342&frm=21&ife=1&pv=1&ga_vid=1026516623.1633777931&ga_sid=1633777933&ga_hid=1671679630&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=320&ady=2414&biw=1600&bih=1200&isw=300&ish=250&ifk=2721514989&scr_x=0&scr_y=0&eid=31063076%2C31062930&oid=2&pvsid=2428993641080329&pem=686&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C250&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.6wt58ugvvb33&btvi=1&fsb=1&xpc=9qlfgNbbVz&p=https%3A//securityaffairs.co&dtd=970
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202110060101/show_ads_impl_fy2019.js?bust=31063076
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.23.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
mil04s23-in-f2.1e100.net
Software
cafe /
Resource Hash
7843dea28dca52e10a15edd76553dbc3604f8aaa3ebeed31d775fd2ce87b5cde
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
googleads.g.doubleclick.net
:scheme
https
:path
/pagead/ads?client=ca-pub-1575911585432548&output=html&h=250&slotname=Internal_300x250_0.10&adk=1639670682&adf=1174745095&pi=t.ma~as.Internal_300x250_0._&w=300&lmt=1633777933&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F123136%2Fmalware%2Fcox-media-group-ransomware.html%3Futm_source%3Drss%26utm_medium%3Drss%26utm_campaign%3Dcox-media-group-ransomware&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1633777932130&bpp=8&bdt=56&idt=942&shv=r20211006&mjsv=m202110060101&ptt=5&saldr=sa&cookie=ID%3D196d8e7f801c5845-22092b89e7ca00d9%3AT%3D1633777932%3ART%3D1633777932%3AS%3DALNI_MZ43NaiwjCjOep31Py9jmYXJBET-w&correlator=4075843604342&frm=21&ife=1&pv=1&ga_vid=1026516623.1633777931&ga_sid=1633777933&ga_hid=1671679630&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=320&ady=2414&biw=1600&bih=1200&isw=300&ish=250&ifk=2721514989&scr_x=0&scr_y=0&eid=31063076%2C31062930&oid=2&pvsid=2428993641080329&pem=686&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C250&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.6wt58ugvvb33&btvi=1&fsb=1&xpc=9qlfgNbbVz&p=https%3A//securityaffairs.co&dtd=970
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://securityaffairs.co/
accept-encoding
gzip, deflate, br
cookie
DSID=NO_DATA; IDE=AHWqTUmj5QHxlXmgPPPGFpesAxSJs_lGTo6UIGbcus-WIBLio2VKogXuQg2RwshdlN0
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
br
date
Sat, 09 Oct 2021 11:12:13 GMT
server
cafe
content-length
8905
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
sodar2.js
tpc.googlesyndication.com/sodar/ Frame B487 		17 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202110040101/show_ads_impl_fy2019.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.225 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f1.1e100.net
Software
sffe /
Resource Hash
a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Sat, 09 Oct 2021 11:12:13 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1624308425655142"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6467
x-xss-protection
0
cross-origin-opener-policy-report-only
same-origin; report-to="adspam-signals-scs"
expires
Sat, 09 Oct 2021 11:12:13 GMT
vtr.php
served-by.pixfuture.com/www/headerbid/library/tracking/ 		0
309 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://served-by.pixfuture.com/www/headerbid/library/tracking/vtr.php
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://securityaffairs.co/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

pragma
no-cache
date
Sat, 09 Oct 2021 11:12:13 GMT
server
nginx/1.10.3 (Ubuntu)
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
cache-control
max-age=172800
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
expires
Mon, 11 Oct 2021 11:12:13 GMT
match
c1.adform.net/serving/cookie/ Frame C37B 		35 B
467 B 		Document
General
Check archive.org
Download Go to
Full URL
https://c1.adform.net/serving/cookie/match?party=14&cid=E929A88B-44D7-460C-87B2-D524F9C2DD83
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.4.39 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

:method
GET
:authority
c1.adform.net
:scheme
https
:path
/serving/cookie/match?party=14&cid=E929A88B-44D7-460C-87B2-D524F9C2DD83
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://ads.pubmatic.com/
accept-encoding
gzip, deflate, br
cookie
C=1; uid=1413885060248384874
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/

Response headers

server
nginx
date
Sat, 09 Oct 2021 11:12:13 GMT
content-type
image/gif
cache-control
no-cache, no-store, must-revalidate, no-transform
pragma
no-cache
expires
-1
set-cookie
uid=1413885060248384874; expires=Wed, 08 Dec 2021 11:12:13 GMT; domain=adform.net; path=/; secure; samesite=none
access-control-allow-credentials
true
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods
GET
access-control-allow-origin
*
access-control-max-age
86400
strict-transport-security
max-age=31536000; includeSubDomains
Pug
image2.pubmatic.com/AdServer/ Frame 910C
Redirect Chain
  • https://d5p.de17a.com/getuid/pubmatic?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID
  • https://d5p.de17a.com/getuid/pubmatic;c?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=403435026075199129
42 B
208 B 		Document
General
Check archive.org
Download Go to
Full URL
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=403435026075199129
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

:method
GET
:authority
image2.pubmatic.com
:scheme
https
:path
/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=403435026075199129
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://ads.pubmatic.com/
accept-encoding
gzip, deflate, br
cookie
KADUSERCOOKIE=E929A88B-44D7-460C-87B2-D524F9C2DD83; chkChromeAb67Sec=1; DPSync3=1634947200%3A201_197_219%7C1633824000%3A174; SyncRTB3=1634947200%3A21_204_8_88_222_161_3_99_176_71_55_165_7_230_231_22_166_220_13_54_56_81_234_189%7C1635033600%3A35%7C1634342400%3A223_15_2%7C1634601600%3A63%7C1636329600%3A203; KRTBCOOKIE_1101=23040-7017022791164819604; PUBMDCID=3; KRTBCOOKIE_409=22966-QA5ll3H8VoBvV8BxZudeXniA; PugT=1633777932; KRTBCOOKIE_391=22924-1413885060248384874&KRTB&23263-1413885060248384874; KRTBCOOKIE_27=16735-uid:ecc46161-790c-4100-bfdc-fc35f01e5f4d&KRTB&16736-uid:ecc46161-790c-4100-bfdc-fc35f01e5f4d&KRTB&23019-uid:ecc46161-790c-4100-bfdc-fc35f01e5f4d&KRTB&23114-uid:ecc46161-790c-4100-bfdc-fc35f01e5f4d; KRTBCOOKIE_57=22776-3371712957801144948; KRTBCOOKIE_377=6810-1dd5785e-2f3a-4d49-9043-ead9d52c2c52&KRTB&22918-1dd5785e-2f3a-4d49-9043-ead9d52c2c52&KRTB&23031-1dd5785e-2f3a-4d49-9043-ead9d52c2c52; KRTBCOOKIE_153=19420-UZV6KVCdfHtKwnwqVJRhKFGTKntKly58XpURs-7c&KRTB&22979-UZV6KVCdfHtKwnwqVJRhKFGTKntKly58XpURs-7c; KRTBCOOKIE_80=22987-CAESEAuWxXhW7mQ2EU4MExmDtjo&KRTB&16514-CAESEAuWxXhW7mQ2EU4MExmDtjo&KRTB&23025-CAESEAuWxXhW7mQ2EU4MExmDtjo
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/

Response headers

server
nginx
date
Sat, 09 Oct 2021 11:12:12 GMT
content-type
image/gif; charset=utf-8
content-length
42
set-cookie
KRTBCOOKIE_336=5844-403435026075199129; domain=pubmatic.com; SameSite=None; secure; expires=Mon, 08-Nov-2021 11:12:12 GMT; path=/ PugT=1633777932; domain=pubmatic.com; SameSite=None; secure; expires=Mon, 08-Nov-2021 11:12:12 GMT; path=/ PUBMDCID=3; domain=pubmatic.com; SameSite=None; secure; expires=Fri, 07-Jan-2022 11:12:12 GMT; path=/
x-lat
amspug013:0:440
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control
no-store, no-cache, private

Redirect headers

location
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=403435026075199129
content-length
0
p3p
CP=NON CURa ADMa DEVa TAIa OUR STP IND UNI COM NAV
usersync.aspx
dis.criteo.com/dis/ Frame 4B97 		43 B
334 B 		Document
General
Check archive.org
Download Go to
Full URL
https://dis.criteo.com/dis/usersync.aspx?r=3&p=4&cp=pubmaticUS&cu=1&&gdpr=0&gdpr_consent=&url=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:@@CRITEO_USERID@@
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.2.151 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

:method
GET
:authority
dis.criteo.com
:scheme
https
:path
/dis/usersync.aspx?r=3&p=4&cp=pubmaticUS&cu=1&&gdpr=0&gdpr_consent=&url=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:@@CRITEO_USERID@@
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://ads.pubmatic.com/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/

Response headers

date
Sat, 09 Oct 2021 11:12:12 GMT
content-type
image/gif
server
Kestrel
cache-control
no-cache
pragma
no-cache
expires
Sat, 09 Oct 2021 00:00:00 GMT
x-errorlevel
0
p3p
CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
cross-origin-resource-policy
cross-origin
server-processing-duration-in-ticks
665965
Pug
simage2.pubmatic.com/AdServer/ Frame D304
Redirect Chain
  • https://dsp.adfarm1.adition.com/cookie/?ssp=9
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA=&piggybackCookie=7017022791164819604
42 B
382 B 		Document
General
Check archive.org
Download Go to
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA=&piggybackCookie=7017022791164819604
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

:method
GET
:authority
simage2.pubmatic.com
:scheme
https
:path
/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA=&piggybackCookie=7017022791164819604
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://ads.pubmatic.com/
accept-encoding
gzip, deflate, br
cookie
KADUSERCOOKIE=E929A88B-44D7-460C-87B2-D524F9C2DD83; chkChromeAb67Sec=1; DPSync3=1634947200%3A201_197_219%7C1633824000%3A174; SyncRTB3=1634947200%3A21_204_8_88_222_161_3_99_176_71_55_165_7_230_231_22_166_220_13_54_56_81_234_189%7C1635033600%3A35%7C1634342400%3A223_15_2%7C1634601600%3A63%7C1636329600%3A203
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/

Response headers

server
nginx
date
Sat, 09 Oct 2021 11:12:11 GMT
content-type
image/gif; charset=utf-8
content-length
42
set-cookie
KRTBCOOKIE_1101=23040-7017022791164819604; domain=pubmatic.com; SameSite=None; secure; expires=Mon, 08-Nov-2021 11:12:11 GMT; path=/ PugT=1633777931; domain=pubmatic.com; SameSite=None; secure; expires=Mon, 08-Nov-2021 11:12:11 GMT; path=/ PUBMDCID=3; domain=pubmatic.com; SameSite=None; secure; expires=Fri, 07-Jan-2022 11:12:11 GMT; path=/
x-lat
amspug001:0:414
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control
no-store, no-cache, private

Redirect headers

Server
nginx
Date
Sat, 09 Oct 2021 11:12:13 GMT
Transfer-Encoding
chunked
Connection
keep-alive
p3p
policyref="http://imagesrv.adition.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"
Set-Cookie
UserID1=7017022791164819604; Max-Age=7776000; domain=.adfarm1.adition.com; Path=/; SameSite=None; Secure
Location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA=&piggybackCookie=7017022791164819604
Pug
image2.pubmatic.com/AdServer/ Frame A334
Redirect Chain
  • https://match.prod.bidr.io/cookie-sync/pm&gdpr=0&gdpr_consent=
  • https://match.prod.bidr.io/cookie-sync/pm&gdpr=0&gdpr_consent=?_bee_ppp=1
  • https://cm.g.doubleclick.net/pixel?google_nid=beeswaxio&google_sc=&google_hm=QUFFZlVVN0N3dklBQUJmVnFhRWV3QQ&bee_sync_partners=pp%2Csas%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sy...
  • https://match.prod.bidr.io/cookie-sync/adx?bee_sync_partners=pp%2Csas%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sync_hop_count=1
  • https://bh.contextweb.com/bh/rtset?do=add&pid=558502&ev=AAEfUU7CwvIAABfVqaEewA&rurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dsas%252Cpm%26bee_sync_current_partner%3Dpp%2...
  • https://match.prod.bidr.io/cookie-sync?bee_sync_partners=sas%2Cpm&bee_sync_current_partner=pp&bee_sync_initiator=adx&bee_sync_hop_count=2&ev=AAEfUU7CwvIAABfVqaEewA&pid=558502&do=add
  • https://rtb-csync.smartadserver.com/redir?partnerid=127&partneruserid=AAEfUU7CwvIAABfVqaEewA&redirurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dpm%26bee_sync_current_part...
  • https://match.prod.bidr.io/cookie-sync?bee_sync_partners=pm&bee_sync_current_partner=sas&bee_sync_initiator=adx&bee_sync_hop_count=3&userid=6600803794281955515
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyOTcmdGw9MTI5NjAw&piggybackCookie=AAEfUU7CwvIAABfVqaEewA
42 B
497 B 		Document
General
Check archive.org
Download Go to
Full URL
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyOTcmdGw9MTI5NjAw&piggybackCookie=AAEfUU7CwvIAABfVqaEewA
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

:method
GET
:authority
image2.pubmatic.com
:scheme
https
:path
/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyOTcmdGw9MTI5NjAw&piggybackCookie=AAEfUU7CwvIAABfVqaEewA
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://ads.pubmatic.com/
accept-encoding
gzip, deflate, br
cookie
KADUSERCOOKIE=E929A88B-44D7-460C-87B2-D524F9C2DD83; chkChromeAb67Sec=1; DPSync3=1634947200%3A201_197_219%7C1633824000%3A174; SyncRTB3=1634947200%3A21_204_8_88_222_161_3_99_176_71_55_165_7_230_231_22_166_220_13_54_56_81_234_189%7C1635033600%3A35%7C1634342400%3A223_15_2%7C1634601600%3A63%7C1636329600%3A203; KRTBCOOKIE_1101=23040-7017022791164819604; PUBMDCID=3; KRTBCOOKIE_409=22966-QA5ll3H8VoBvV8BxZudeXniA; KRTBCOOKIE_391=22924-1413885060248384874&KRTB&23263-1413885060248384874; KRTBCOOKIE_27=16735-uid:ecc46161-790c-4100-bfdc-fc35f01e5f4d&KRTB&16736-uid:ecc46161-790c-4100-bfdc-fc35f01e5f4d&KRTB&23019-uid:ecc46161-790c-4100-bfdc-fc35f01e5f4d&KRTB&23114-uid:ecc46161-790c-4100-bfdc-fc35f01e5f4d; KRTBCOOKIE_57=22776-3371712957801144948; KRTBCOOKIE_377=6810-1dd5785e-2f3a-4d49-9043-ead9d52c2c52&KRTB&22918-1dd5785e-2f3a-4d49-9043-ead9d52c2c52&KRTB&23031-1dd5785e-2f3a-4d49-9043-ead9d52c2c52; KRTBCOOKIE_153=19420-UZV6KVCdfHtKwnwqVJRhKFGTKntKly58XpURs-7c&KRTB&22979-UZV6KVCdfHtKwnwqVJRhKFGTKntKly58XpURs-7c; KRTBCOOKIE_80=22987-CAESEAuWxXhW7mQ2EU4MExmDtjo&KRTB&16514-CAESEAuWxXhW7mQ2EU4MExmDtjo&KRTB&23025-CAESEAuWxXhW7mQ2EU4MExmDtjo; KRTBCOOKIE_336=5844-403435026075199129; SPugT=1633777932; KRTBCOOKIE_22=14911-8162890501504201051; KRTBCOOKIE_594=17105-RX-fad4045b-1ae9-4d30-86bf-df47bd4b7bff-003&KRTB&17107-RX-fad4045b-1ae9-4d30-86bf-df47bd4b7bff-003; KRTBCOOKIE_218=22978-YWF5DQAHurgAYAAR&KRTB&23194-YWF5DQAHurgAYAAR&KRTB&23209-YWF5DQAHurgAYAAR&KRTB&23244-YWF5DQAHurgAYAAR; KRTBCOOKIE_466=16530-b4ea6427-c713-454e-a4ee-8d2f87debcb3; KRTBCOOKIE_188=3189-f17d52dc-50a9-47da-b18e-76980ef19679-6161790d-5553; PugT=1633777932
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/

Response headers

server
nginx
date
Sat, 09 Oct 2021 11:12:13 GMT
content-type
image/gif; charset=utf-8
content-length
42
set-cookie
KRTBCOOKIE_699=22727-AAEfUU7CwvIAABfVqaEewA; domain=pubmatic.com; SameSite=None; secure; expires=Mon, 08-Nov-2021 11:12:13 GMT; path=/ PugT=1633777933; domain=pubmatic.com; SameSite=None; secure; expires=Mon, 08-Nov-2021 11:12:13 GMT; path=/ PUBMDCID=3; domain=pubmatic.com; SameSite=None; secure; expires=Fri, 07-Jan-2022 11:12:13 GMT; path=/
x-lat
amspug009:0:420
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control
no-store, no-cache, private

Redirect headers

Date
Sat, 09 Oct 2021 11:12:13 GMT
location
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyOTcmdGw9MTI5NjAw&piggybackCookie=AAEfUU7CwvIAABfVqaEewA
Server
nginx
strict-transport-security
max-age=2592000; includeSubDomains
Content-Length
0
Connection
keep-alive
Pug
simage2.pubmatic.com/AdServer/ Frame 9107
Redirect Chain
  • https://csync.loopme.me/?redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzImdGw9MTI5NjAw&piggybackCookie={device_id}&gdpr=0&gdpr_consent=
  • https://simage2.pubmatic.com/AdServer/Pug?vcode&gdpr_consent=null&piggybackCookie={device_id}&gdpr=0
0
242 B 		Document
General
Check archive.org
Download Go to
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode&gdpr_consent=null&piggybackCookie={device_id}&gdpr=0
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:method
GET
:authority
simage2.pubmatic.com
:scheme
https
:path
/AdServer/Pug?vcode&gdpr_consent=null&piggybackCookie={device_id}&gdpr=0
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://ads.pubmatic.com/
accept-encoding
gzip, deflate, br
cookie
KADUSERCOOKIE=E929A88B-44D7-460C-87B2-D524F9C2DD83; chkChromeAb67Sec=1; DPSync3=1634947200%3A201_197_219%7C1633824000%3A174; SyncRTB3=1634947200%3A21_204_8_88_222_161_3_99_176_71_55_165_7_230_231_22_166_220_13_54_56_81_234_189%7C1635033600%3A35%7C1634342400%3A223_15_2%7C1634601600%3A63%7C1636329600%3A203
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/

Response headers

server
nginx
date
Sat, 09 Oct 2021 11:12:11 GMT
content-type
text/html; charset=utf-8
x-lat
amspug008:2:252
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control
no-store, no-cache, private
content-encoding
gzip

Redirect headers

set-cookie
viewer_token=ff890750-7471-4e93-a959-be1d430f0a71; path=/; domain=csync.loopme.me; Expires=Tue, 09-Nov-2021 11:12:13 GMT
location
https://simage2.pubmatic.com/AdServer/Pug?vcode&gdpr_consent=null&piggybackCookie={device_id}&gdpr=0
content-length
0
date
Sat, 09 Oct 2021 11:12:13 GMT
server
_
Pug
simage2.pubmatic.com/AdServer/ Frame 1ABA
Redirect Chain
  • https://sync.1rx.io/usersync2/pubmatic&gdpr=0&gdpr_consent=
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=152441696
  • https://sync.1rx.io/usersync/tradedesk/1dd5785e-2f3a-4d49-9043-ead9d52c2c52
  • https://sync.targeting.unrulymedia.com/csync/RX-fad4045b-1ae9-4d30-86bf-df47bd4b7bff-003?redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA%...
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=RX-fad4045b-1ae9-4d30-86bf-df47bd4b7bff-003
42 B
269 B 		Document
General
Check archive.org
Download Go to
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=RX-fad4045b-1ae9-4d30-86bf-df47bd4b7bff-003
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

:method
GET
:authority
simage2.pubmatic.com
:scheme
https
:path
/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=RX-fad4045b-1ae9-4d30-86bf-df47bd4b7bff-003
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://ads.pubmatic.com/
accept-encoding
gzip, deflate, br
cookie
KADUSERCOOKIE=E929A88B-44D7-460C-87B2-D524F9C2DD83; chkChromeAb67Sec=1; DPSync3=1634947200%3A201_197_219%7C1633824000%3A174; SyncRTB3=1634947200%3A21_204_8_88_222_161_3_99_176_71_55_165_7_230_231_22_166_220_13_54_56_81_234_189%7C1635033600%3A35%7C1634342400%3A223_15_2%7C1634601600%3A63%7C1636329600%3A203; KRTBCOOKIE_1101=23040-7017022791164819604; PUBMDCID=3; KRTBCOOKIE_409=22966-QA5ll3H8VoBvV8BxZudeXniA; PugT=1633777932; KRTBCOOKIE_391=22924-1413885060248384874&KRTB&23263-1413885060248384874; KRTBCOOKIE_27=16735-uid:ecc46161-790c-4100-bfdc-fc35f01e5f4d&KRTB&16736-uid:ecc46161-790c-4100-bfdc-fc35f01e5f4d&KRTB&23019-uid:ecc46161-790c-4100-bfdc-fc35f01e5f4d&KRTB&23114-uid:ecc46161-790c-4100-bfdc-fc35f01e5f4d; KRTBCOOKIE_57=22776-3371712957801144948; KRTBCOOKIE_377=6810-1dd5785e-2f3a-4d49-9043-ead9d52c2c52&KRTB&22918-1dd5785e-2f3a-4d49-9043-ead9d52c2c52&KRTB&23031-1dd5785e-2f3a-4d49-9043-ead9d52c2c52; KRTBCOOKIE_153=19420-UZV6KVCdfHtKwnwqVJRhKFGTKntKly58XpURs-7c&KRTB&22979-UZV6KVCdfHtKwnwqVJRhKFGTKntKly58XpURs-7c; KRTBCOOKIE_80=22987-CAESEAuWxXhW7mQ2EU4MExmDtjo&KRTB&16514-CAESEAuWxXhW7mQ2EU4MExmDtjo&KRTB&23025-CAESEAuWxXhW7mQ2EU4MExmDtjo; KRTBCOOKIE_336=5844-403435026075199129; SPugT=1633777932
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/

Response headers

server
nginx
date
Sat, 09 Oct 2021 11:12:12 GMT
content-type
image/gif; charset=utf-8
content-length
42
set-cookie
KRTBCOOKIE_594=17105-RX-fad4045b-1ae9-4d30-86bf-df47bd4b7bff-003&KRTB&17107-RX-fad4045b-1ae9-4d30-86bf-df47bd4b7bff-003; domain=pubmatic.com; SameSite=None; secure; expires=Fri, 07-Jan-2022 11:12:12 GMT; path=/ PugT=1633777932; domain=pubmatic.com; SameSite=None; secure; expires=Mon, 08-Nov-2021 11:12:12 GMT; path=/ PUBMDCID=3; domain=pubmatic.com; SameSite=None; secure; expires=Fri, 07-Jan-2022 11:12:12 GMT; path=/
x-lat
amspug006:0:546
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control
no-store, no-cache, private

Redirect headers

server
Tengine
date
Sat, 09 Oct 2021 11:12:13 GMT
content-type
text/html
set-cookie
_rxuuid=%7B%22rx_uuid%22%3A%22RX-fad4045b-1ae9-4d30-86bf-df47bd4b7bff-003%22%7D; path=/; expires=Sun, 09 Oct 2022 11:12:13 GMT; domain=.targeting.unrulymedia.com; samesite=none; secure; httponly
p3p
CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=RX-fad4045b-1ae9-4d30-86bf-df47bd4b7bff-003
etag
RXfad4045b1ae94d3086bfdf47bd4b7bff003
Pug
image2.pubmatic.com/AdServer/ Frame 4B75
Redirect Chain
  • https://green.erne.co/pubmatic/cm?
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw&piggybackCookie=QA5ll3H8VoBvV8BxZudeXniA
42 B
370 B 		Document
General
Check archive.org
Download Go to
Full URL
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw&piggybackCookie=QA5ll3H8VoBvV8BxZudeXniA
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

:method
GET
:authority
image2.pubmatic.com
:scheme
https
:path
/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw&piggybackCookie=QA5ll3H8VoBvV8BxZudeXniA
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://ads.pubmatic.com/
accept-encoding
gzip, deflate, br
cookie
KADUSERCOOKIE=E929A88B-44D7-460C-87B2-D524F9C2DD83; chkChromeAb67Sec=1; DPSync3=1634947200%3A201_197_219%7C1633824000%3A174; SyncRTB3=1634947200%3A21_204_8_88_222_161_3_99_176_71_55_165_7_230_231_22_166_220_13_54_56_81_234_189%7C1635033600%3A35%7C1634342400%3A223_15_2%7C1634601600%3A63%7C1636329600%3A203
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/

Response headers

server
nginx
date
Sat, 09 Oct 2021 11:12:12 GMT
content-type
image/gif; charset=utf-8
content-length
42
set-cookie
KRTBCOOKIE_409=22966-QA5ll3H8VoBvV8BxZudeXniA; domain=pubmatic.com; SameSite=None; secure; expires=Mon, 08-Nov-2021 11:12:12 GMT; path=/ PugT=1633777932; domain=pubmatic.com; SameSite=None; secure; expires=Mon, 08-Nov-2021 11:12:12 GMT; path=/ PUBMDCID=3; domain=pubmatic.com; SameSite=None; secure; expires=Fri, 07-Jan-2022 11:12:12 GMT; path=/
x-lat
amspug013:0:398
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control
no-store, no-cache, private

Redirect headers

server
openresty
date
Sat, 09 Oct 2021 11:12:13 GMT
content-length
0
p3p
CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
set-cookie
u=QA5ll3H8VoBvV8BxZudeXniA; Max-Age=31536000; Domain=.erne.co; Path=/; Secure; SameSite=None
location
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw&piggybackCookie=QA5ll3H8VoBvV8BxZudeXniA
strict-transport-security
max-age=0; includeSubDomains;
dpe
ad4m.at/ad/ Frame EB1B 		42 B
974 B 		Document
General
Check archive.org
Download Go to
Full URL
https://ad4m.at/ad/dpe?b=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjkmdGw9MTI5NjAw&piggybackCookie=$UID
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.10.209 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; report-to report-endpoint; report-uri https://as.ad4m.at/ad/rcv; upgrade-insecure-requests; sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox

Request headers

:method
GET
:authority
ad4m.at
:scheme
https
:path
/ad/dpe?b=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjkmdGw9MTI5NjAw&piggybackCookie=$UID
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://ads.pubmatic.com/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/

Response headers

date
Sat, 09 Oct 2021 11:12:13 GMT
content-type
image/gif
content-length
42
report-to
{"endpoints":[{"url":"https://as.ad4m.at/ad/vre"}],"group":"report-endpoint","max_age":86400}
nel
{"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0"}
expires
0
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate
content-security-policy
block-all-mixed-content; report-to report-endpoint; report-uri https://as.ad4m.at/ad/rcv; upgrade-insecure-requests; sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox
feature-policy
geolocation 'none';midi 'none';sync-xhr 'none';microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';fullscreen 'none';payment 'none';accelerometer 'none';usb 'none';autoplay 'self'
referrer-policy
same-origin
pragma
no-cache
surrogate-control
no-store
x-fastcgi-cache
BYPASS
x-backend-server
adsrv-wmp3
via
1.1 google
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
69b72c328d9527c0-PRG
bridge
cm.adgrx.com/ Frame 346E 		43 B
408 B 		Document
General
Check archive.org
Download Go to
Full URL
https://cm.adgrx.com/bridge?AG_PID=pubmatic&AG_SETCOOKIE&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
72.251.241.196 Amsterdam, Netherlands, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software
Cowboy /
Resource Hash
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

Host
cm.adgrx.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Referer
https://ads.pubmatic.com/
Accept-Encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/

Response headers

Date
Sat, 09 Oct 2021 11:12:13 GMT
Content-Type
image/gif
Content-Length
43
Connection
keep-alive
server
Cowboy
X-RealServer-NX
ams-delivery-5
Cache-Control
no-cache, no-store, must-revalidate, proxy-revalidate
Pragma
no-cache
Expires
Thu, 23 Sep 2004 17:42:04 GMT
P3P
CP="NOI OTC OTP OUR NOR"
Access-Control-Allow-Origin
*
i.match
s.tribalfusion.com/z/ Frame 17C8
Redirect Chain
  • https://a.tribalfusion.com/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATI...
  • https://s.tribalfusion.com/z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMA...
43 B
411 B 		Document
General
Check archive.org
Download Go to
Full URL
https://s.tribalfusion.com/z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID}
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.12.5 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4f49e616d278a16d9cd55a6d5fe19c99ebd37d7d3848d14422190618b67011e0

Request headers

:method
GET
:authority
s.tribalfusion.com
:scheme
https
:path
/z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID}
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://ads.pubmatic.com/
accept-encoding
gzip, deflate, br
cookie
ANON_ID=annoeUoZdUQsR2HpburbgdE3TAcTHqqKayxglsALZa
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/

Response headers

date
Sat, 09 Oct 2021 11:12:13 GMT
content-type
image/gif; charset=utf-8
content-length
43
p3p
CP="NOI DEVo TAIa OUR BUS"
x-function
302
cache-control
no-cache private
expires
Thu, 01 Jan 1970 00:00:00 GMT
pragma
no-cache
set-cookie
ANON_ID=aWnseFujieFo7YxU36xXK1fQrPR48mQ6l0JT3FUGh0JcRA15BZdRpP6IvdfQH6UgdSmgY3T18vxSIqAOL4gkj; path=/; domain=.tribalfusion.com; expires=Fri, 07-Jan-2022 11:12:13 GMT; SameSite=None; Secure; ANON_ID_old=aWnseFujieFo7YxU36xXK1fQrPR48mQ6l0JT3FUGh0JcRA15BZdRpP6IvdfQH6UgdSmgY3T18vxSIqAOL4gkj; path=/; domain=.tribalfusion.com; expires=Fri, 07-Jan-2022 11:12:13 GMT;
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
69b72c337c0c4401-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

Redirect headers

date
Sat, 09 Oct 2021 11:12:13 GMT
content-type
text/html
p3p
CP="NOI DEVo TAIa OUR BUS"
x-function
206
x-reuse-index
1300
cache-control
no-cache private
expires
Thu, 01 Jan 1970 00:00:00 GMT
pragma
no-cache
set-cookie
ANON_ID=annoeUoZdUQsR2HpburbgdE3TAcTHqqKayxglsALZa; path=/; domain=.tribalfusion.com; expires=Fri, 07-Jan-2022 11:12:13 GMT; SameSite=None; Secure; ANON_ID_old=annoeUoZdUQsR2HpburbgdE3TAcTHqqKayxglsALZa; path=/; domain=.tribalfusion.com; expires=Fri, 07-Jan-2022 11:12:13 GMT;
location
https://s.tribalfusion.com/z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID}
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
69b72c3269954401-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
rtb-h
match.taboola.com/sg/pubmatic-ssp-network/1/ Frame 7931
Redirect Chain
  • https://trc.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw&piggybackCookie=uid:$UID
  • https://match.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&tbid=09c1189c-7a7a-4bdc-8efd-5f1655100870-tuct85afe8d&query=taboola_hm%3D1%26redir%3Dhttps%3A%2F%2Fsimage2.pubmatic.com%2FAdSe...
0
53 B 		Document
General
Check archive.org
Download Go to
Full URL
https://match.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&tbid=09c1189c-7a7a-4bdc-8efd-5f1655100870-tuct85afe8d&query=taboola_hm%3D1%26redir%3Dhttps%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw%26piggybackCookie%3Duid%3A%24UID&isDirect=0
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.65.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:method
GET
:authority
match.taboola.com
:scheme
https
:path
/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&tbid=09c1189c-7a7a-4bdc-8efd-5f1655100870-tuct85afe8d&query=taboola_hm%3D1%26redir%3Dhttps%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw%26piggybackCookie%3Duid%3A%24UID&isDirect=0
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://ads.pubmatic.com/
accept-encoding
gzip, deflate, br
cookie
t_gid=09c1189c-7a7a-4bdc-8efd-5f1655100870-tuct85afe8d
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/

Response headers

server
nginx
accept-ranges
bytes
date
Sat, 09 Oct 2021 11:12:13 GMT
via
1.1 varnish
x-served-by
cache-hhn4034-HHN
x-cache
MISS
x-cache-hits
0
x-timer
S1633777933.215043,VS0,VE8
content-length
0

Redirect headers

server
nginx
set-cookie
t_gid=09c1189c-7a7a-4bdc-8efd-5f1655100870-tuct85afe8d;Version=1;Path=/;Domain=.taboola.com;Expires=Sun, 09-Oct-2022 11:12:13 GMT;Max-Age=31536000;Secure;SameSite=None
location
https://match.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&tbid=09c1189c-7a7a-4bdc-8efd-5f1655100870-tuct85afe8d&query=taboola_hm%3D1%26redir%3Dhttps%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw%26piggybackCookie%3Duid%3A%24UID&isDirect=0
accept-ranges
bytes
date
Sat, 09 Oct 2021 11:12:13 GMT
via
1.1 varnish
x-served-by
cache-hhn4034-HHN
x-cache
MISS
x-cache-hits
0
x-timer
S1633777933.188459,VS0,VE8
x-vcl-time-ms
8
content-length
0
141
match.deepintent.com/usersync/ Frame 6A74 		0
43 B 		Document
General
Check archive.org
Download Go to
Full URL
https://match.deepintent.com/usersync/141?gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
169.197.150.7 , United States, ASN398989 (DEEPINTENT, US),
Reverse DNS
g.deepintent.com
Software
b /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:method
GET
:authority
match.deepintent.com
:scheme
https
:path
/usersync/141?gdpr=0&gdpr_consent=
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://ads.pubmatic.com/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/

Response headers

content-length
0
date
Sat, 09 Oct 2021 11:12:12 GMT
server
b
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 5191
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=6Smoi0TXRgyHstUk-cLdgw%3D%3D
  • https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=
14 KB
14 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-233-180.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Sat, 09 Oct 2021 11:12:13 GMT
content-encoding
gzip
last-modified
Tue, 15 Jun 2021 06:08:03 GMT
server
Apache/2.2.15 (CentOS)
etag
"1300708-3945-5c4c7cc02bd56"
vary
Accept-Encoding
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control
max-age=72264
accept-ranges
bytes
content-type
text/html; charset=UTF-8
content-length
5054
expires
Sun, 10 Oct 2021 07:16:37 GMT

Redirect headers

pragma
no-cache
date
Sat, 09 Oct 2021 11:12:13 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
272
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
SPug
image4.pubmatic.com/AdServer/ Frame 5191
Redirect Chain
  • https://sync.mathtag.com/sync/img?mt_exid=3&redir=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3FpartnerID%3D27%26partnerUID%3D%5BMM_UUID%5D
  • https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=ecc46161-790c-4100-bfdc-fc35f01e5f4d
0
259 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=ecc46161-790c-4100-bfdc-fc35f01e5f4d
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.114 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Sat, 09 Oct 2021 11:12:11 GMT
cache-control
no-store, no-cache, private
server
nginx
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Date
Sat, 09 Oct 2021 11:12:13 GMT
Server
MT3 3984 0e3af3b master zrh-pixel-x13 config:1.0.0
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location
https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=ecc46161-790c-4100-bfdc-fc35f01e5f4d
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Keep-Alive
timeout=360
Content-Length
0
Expires
Sat, 09 Oct 2021 11:12:12 GMT
33141
tags.bluekai.com/site/ Frame 5191
Redirect Chain
  • https://pixel.onaudience.com/?partner=214&mapped=E929A88B-44D7-460C-87B2-D524F9C2DD83
  • https://sync.crwdcntrl.net/map/c=8587/tp=CLOD?https%3A%2F%2Fpixel.onaudience.com%2F%3Fpartner%3D104%26icm%26cver%26mapped%3D%24%7Bprofile_id%7D
  • https://sync.crwdcntrl.net/map/ct=y/c=8587/tp=CLOD?https%3A%2F%2Fpixel.onaudience.com%2F%3Fpartner%3D104%26icm%26cver%26mapped%3D%24%7Bprofile_id%7D
  • https://pixel.onaudience.com/?partner=104&icm&cver&mapped=afa9bf8a85af729ac5acc326bbea9c0e
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=xksw9la&ttd_tpi=1
  • https://pixel.onaudience.com/?partner=147&mapped=1dd5785e-2f3a-4d49-9043-ead9d52c2c52&icm
  • https://pixel.onaudience.com/?partner=109&icm&cver&smartmap=1&redirect=tags.bluekai.com%2Fsite%2F33141%3F%26id%3D%25m
  • https://tags.bluekai.com/site/33141?&id=d441cb2f09ae045e
62 B
304 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tags.bluekai.com/site/33141?&id=d441cb2f09ae045e
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.111.215.191 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-215-191.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
0af3aae90b7de9fdceee2ab421378ea2f54c74be81ef43fc6c1790a032755d80

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Sat, 09 Oct 2021 11:12:13 GMT
Connection
keep-alive
P3P
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
Content-Length
62
Content-Type
image/gif

Redirect headers

location
https://tags.bluekai.com/site/33141?&id=d441cb2f09ae045e
content-length
0
Pug
image2.pubmatic.com/AdServer/ Frame 5191
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=RTkyOUE4OEItNDRENy00NjBDLTg3QjItRDUyNEY5QzJERDgz&gdpr=0&gdpr_consent=
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
42 B
109 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Sat, 09 Oct 2021 11:12:12 GMT
cache-control
no-store, no-cache, private
x-lat
amspug018:0:356
server
nginx
content-type
image/gif; charset=utf-8
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma
no-cache
date
Sat, 09 Oct 2021 11:12:13 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
313
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
Pug
image2.pubmatic.com/AdServer/ Frame 5191
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent=
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEAuWxXhW7mQ2EU4MExmDtjo&google_cver=1
42 B
281 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEAuWxXhW7mQ2EU4MExmDtjo&google_cver=1
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Sat, 09 Oct 2021 11:12:12 GMT
cache-control
no-store, no-cache, private
x-lat
amspug020:0:396
server
nginx
content-type
image/gif; charset=utf-8
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma
no-cache
date
Sat, 09 Oct 2021 11:12:13 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEAuWxXhW7mQ2EU4MExmDtjo&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
379
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pubmatic
um.simpli.fi/ Frame 5191 		43 B
610 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://um.simpli.fi/pubmatic?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODA2JnRsPTUxODQwMA==&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
169.50.137.190 , United States, ASN36351 (SOFTLAYER, US),
Reverse DNS
be.89.32a9.ip4.static.sl-reverse.com
Software
/
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Sat, 09 Oct 2021 11:12:13 GMT
x-content-type-options
nosniff
last-modified
Mon, 28 Sep 1970 06:00:00 GMT
strict-transport-security
max-age=63072000; includeSubdomains; preload
access-control-allow-methods
GET, POST, OPTIONS
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length
43
expires
Fri, 08 Oct 2021 11:12:13 GMT
Pug
simage2.pubmatic.com/AdServer/ Frame 5191
Redirect Chain
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent=
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=1dd5785e-2f3a-4d49-9043-ead9d52c2c52
42 B
291 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=1dd5785e-2f3a-4d49-9043-ead9d52c2c52
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Sat, 09 Oct 2021 11:12:12 GMT
cache-control
no-store, no-cache, private
x-lat
amspug017:0:555
server
nginx
content-type
image/gif; charset=utf-8
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma
no-cache
date
Sat, 09 Oct 2021 11:12:13 GMT
x-aspnet-version
4.0.30319
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=1dd5785e-2f3a-4d49-9043-ead9d52c2c52
cache-control
private,no-cache, must-revalidate
content-type
text/html
content-length
313
Pug
simage2.pubmatic.com/AdServer/ Frame 5191
Redirect Chain
  • https://c1.adform.net/serving/cookie/match?party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COO...
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=1413885060248384874
42 B
232 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=1413885060248384874
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Sat, 09 Oct 2021 11:12:12 GMT
cache-control
no-store, no-cache, private
x-lat
amspug012:0:420
server
nginx
content-type
image/gif; charset=utf-8
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma
no-cache
date
Sat, 09 Oct 2021 11:12:13 GMT
server
nginx
location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=1413885060248384874
access-control-max-age
86400
access-control-allow-methods
GET
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length
0
expires
-1
Pug
simage2.pubmatic.com/AdServer/ Frame 5191
Redirect Chain
  • https://sync.mathtag.com/sync/img?mt_exid=3&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA%3D%3D%26piggybackCookie%3...
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA==&piggybackCookie=uid:ecc46161-790c-4100-bfdc-fc35f01e5f4d&gdpr=0&gdpr_consent=
42 B
337 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA==&piggybackCookie=uid:ecc46161-790c-4100-bfdc-fc35f01e5f4d&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Sat, 09 Oct 2021 11:12:12 GMT
cache-control
no-store, no-cache, private
x-lat
amspug011:0:391
server
nginx
content-type
image/gif; charset=utf-8
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Date
Sat, 09 Oct 2021 11:12:13 GMT
Server
MT3 3984 0e3af3b master zrh-pixel-x10 config:1.0.0
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA==&piggybackCookie=uid:ecc46161-790c-4100-bfdc-fc35f01e5f4d&gdpr=0&gdpr_consent=
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Keep-Alive
timeout=360
Content-Length
0
Expires
Sat, 09 Oct 2021 11:12:12 GMT
Pug
image2.pubmatic.com/AdServer/ Frame 5191
Redirect Chain
  • https://ib.adnxs.com/getuid?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=$UID&gdpr=0&gdpr_consent=
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=3371712957801144948&gdpr=0&gdpr_consent=
42 B
208 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=3371712957801144948&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Sat, 09 Oct 2021 11:12:12 GMT
cache-control
no-store, no-cache, private
x-lat
amspug015:0:415
server
nginx
content-type
image/gif; charset=utf-8
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Pragma
no-cache
Date
Sat, 09 Oct 2021 11:12:13 GMT
X-Proxy-Origin
216.131.114.222; 216.131.114.222; 722.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid
cad5b4f9-a5c8-4be3-86cf-e541f4cdb58b
Server
nginx/1.17.9
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=3371712957801144948&gdpr=0&gdpr_consent=
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
Pug
image2.pubmatic.com/AdServer/ Frame 5191
Redirect Chain
  • https://pixel.quantserve.com/pixel/p-5aWVS_roA1dVM.gif?idmatch=0&gdpr=0&gdpr_consent=
  • https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=UZV6KVCdfHtKwnwqVJRhKFGTKntKly58XpURs-7c
42 B
272 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=UZV6KVCdfHtKwnwqVJRhKFGTKntKly58XpURs-7c
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Sat, 09 Oct 2021 11:12:12 GMT
cache-control
no-store, no-cache, private
x-lat
amspug010:0:1082
server
nginx
content-type
image/gif; charset=utf-8
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma
no-cache
date
Sat, 09 Oct 2021 11:12:13 GMT
strict-transport-security
max-age=86400
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
location
https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=UZV6KVCdfHtKwnwqVJRhKFGTKntKly58XpURs-7c
cache-control
private, no-cache, no-store, proxy-revalidate
content-length
0
expires
Fri, 04 Aug 1978 12:00:00 GMT
SPug
image4.pubmatic.com/AdServer/ Frame 5191
Redirect Chain
  • https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=E929A88B-44D7-460C-87B2-D524F9C2DD83&redir=true&gdpr=0&gdpr_consent=
  • https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=E929A88B-44D7-460C-87B2-D524F9C2DD83&redir=true&gdpr=0&gdpr_consent=&verify=true
  • https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-Hhu4dy5E2uWUdXZFgzlbdCIQ5z3Fe68-~A&gdpr=0&gdpr_consent=
0
127 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-Hhu4dy5E2uWUdXZFgzlbdCIQ5z3Fe68-~A&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.114 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Sat, 09 Oct 2021 11:12:12 GMT
cache-control
no-store, no-cache, private
server
nginx
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Date
Sat, 09 Oct 2021 11:12:13 GMT
Server
ATS/7.1.2.138
Age
0
Strict-Transport-Security
max-age=31536000
P3P
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Location
https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-Hhu4dy5E2uWUdXZFgzlbdCIQ5z3Fe68-~A&gdpr=0&gdpr_consent=
Connection
keep-alive
Content-Length
0
E929A88B-44D7-460C-87B2-D524F9C2DD83
pr-bh.ybp.yahoo.com/sync/pubmatic/ Frame 5191 		43 B
837 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pr-bh.ybp.yahoo.com/sync/pubmatic/E929A88B-44D7-460C-87B2-D524F9C2DD83?gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
212.82.100.176 Dublin, Ireland, ASN34010 (YAHOO-IRD, GB),
Reverse DNS
pr-bh-ing.pbp.vip.ir2.yahoo.com
Software
ATS /
Resource Hash
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Sat, 09 Oct 2021 11:12:13 GMT
referrer-policy
strict-origin-when-cross-origin
server
ATS
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security
max-age=31536000
content-type
image/gif
x-xss-protection
1; mode=block
content-length
43
x-content-type-options
nosniff
expires
Thu, 01 Jan 1970 00:00:00 GMT
Pug
simage2.pubmatic.com/AdServer/ Frame 5191
Redirect Chain
  • https://x.bidswitch.net/sync?ssp=pubmatic&gdpr=0&gdpr_consent=
  • https://x.bidswitch.net/ul_cb/sync?ssp=pubmatic&gdpr=0&gdpr_consent=
  • https://sonata-notifications.taptapnetworks.com/web/cookie/bidswitch/sync?bidswitch_ssp_id=pubmatic&bsw_custom_parameter=b4ea6427-c713-454e-a4ee-8d2f87debcb3&gdpr=0&gdpr_consent=&gdpr_pd=
  • https://x.bidswitch.net/sync?dsp_id=413&ssp=pubmatic&user_id=csonata_6d4e5bd3-e558-496b-9f1d-ef914d5722be&bsw_param=b4ea6427-c713-454e-a4ee-8d2f87debcb3&expires=10
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=b4ea6427-c713-454e-a4ee-8d2f87debcb3&gdpr=&gdpr_consent=&gdpr_pd=
1 B
179 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=b4ea6427-c713-454e-a4ee-8d2f87debcb3&gdpr=&gdpr_consent=&gdpr_pd=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Sat, 09 Oct 2021 11:12:11 GMT
cache-control
no-store, no-cache, private
x-lat
amspug014:0:402
server
nginx
content-type
text/html; charset=utf-8
content-length
1
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Location
//simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=b4ea6427-c713-454e-a4ee-8d2f87debcb3&gdpr=&gdpr_consent=&gdpr_pd=
Date
Sat, 09 Oct 2021 11:12:13 GMT
Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Content-Length
0
Pug
simage2.pubmatic.com/AdServer/ Frame 5191
Redirect Chain
  • https://sync-tm.everesttech.net/upi/pid/b9pj45k4?redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%7D%...
  • https://sync-tm.everesttech.net/ct/upi/pid/b9pj45k4?redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%...
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=YWF5DQAHurgAYAAR&gdpr=0&gdpr_consent=&_test=YWF5DQAHurgAYAAR
1 B
235 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=YWF5DQAHurgAYAAR&gdpr=0&gdpr_consent=&_test=YWF5DQAHurgAYAAR
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Sat, 09 Oct 2021 11:12:12 GMT
cache-control
no-store, no-cache, private
x-lat
amspug018:0:386
server
nginx
content-type
text/html; charset=utf-8
content-length
1
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma
no-cache
date
Sat, 09 Oct 2021 11:12:13 GMT
via
1.1 varnish
server
Varnish
x-timer
S1633777933.337914,VS0,VE0
x-served-by
cache-hhn4054-HHN
x-cache
HIT
location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=YWF5DQAHurgAYAAR&gdpr=0&gdpr_consent=&_test=YWF5DQAHurgAYAAR
cache-control
no-cache
accept-ranges
bytes
content-length
0
retry-after
0
x-cache-hits
0
current
pubmatic-match.dotomi.com/match/bounce/ Frame 5191 		0
104 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pubmatic-match.dotomi.com/match/bounce/current?networkId=17100&version=1&nuid=E929A88B-44D7-460C-87B2-D524F9C2DD83&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
89.207.16.137 Roydon, United Kingdom, ASN41041 (VCLK-EU-SE, US),
Reverse DNS
ams03-usadmm.dotomi.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 09 Oct 2021 11:12:13 GMT
cache-control
no-cache, private, max-age=0, no-store
server
nginx
expires
0
Pug
image2.pubmatic.com/AdServer/ Frame 5191
Redirect Chain
  • https://pixel-sync.sitescout.com/dmp/pixelSync?nid=3&gdpr=0&gdpr_consent=
  • https://pixel-sync.sitescout.com/dmp/pixelSync?cookieQ=1&nid=3&gdpr=0&gdpr_consent=
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5NjkmdGw9MjU5MjAw=&piggybackCookie=f17d52dc-50a9-47da-b18e-76980ef19679-6161790d-5553&gdpr=0&gdpr_consent=
42 B
231 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5NjkmdGw9MjU5MjAw=&piggybackCookie=f17d52dc-50a9-47da-b18e-76980ef19679-6161790d-5553&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Sat, 09 Oct 2021 11:12:12 GMT
cache-control
no-store, no-cache, private
x-lat
amspug013:0:456
server
nginx
content-type
image/gif; charset=utf-8
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma
no-cache
date
Sat, 09 Oct 2021 11:12:13 GMT
server
AC1.1
p3p
CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
location
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5NjkmdGw9MjU5MjAw=&piggybackCookie=f17d52dc-50a9-47da-b18e-76980ef19679-6161790d-5553&gdpr=0&gdpr_consent=
cache-control
max-age=0,no-cache,no-store
content-length
0
expires
Tue, 11 Oct 1977 12:34:56 GMT
Pug
simage2.pubmatic.com/AdServer/ Frame 5191
Redirect Chain
  • https://ad.turn.com/r/cs?pid=1&gdpr=0&gdpr_consent=
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=8162890501504201051&gdpr=0&gdpr_consent=&us_privacy=
1 B
165 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=8162890501504201051&gdpr=0&gdpr_consent=&us_privacy=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Sat, 09 Oct 2021 11:12:12 GMT
cache-control
no-store, no-cache, private
x-lat
amspug019:0:521
server
nginx
content-type
text/html; charset=utf-8
content-length
1
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=8162890501504201051&gdpr=0&gdpr_consent=&us_privacy=
pragma
no-cache
date
Sat, 09 Oct 2021 11:12:12 GMT
cache-control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length
0
p3p
policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Pug
simage2.pubmatic.com/AdServer/ Frame 5191
Redirect Chain
  • https://match.adsby.bidtheatre.com/pubmaticmatch?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent=
  • https://simage2.pubmatic.com/AdServer/Pug?piggybackCookie=uid:36f95fec-cb93-46f1-87a5-38038b55a625&vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw
42 B
204 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://simage2.pubmatic.com/AdServer/Pug?piggybackCookie=uid:36f95fec-cb93-46f1-87a5-38038b55a625&vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Sat, 09 Oct 2021 11:12:14 GMT
cache-control
no-store, no-cache, private
x-lat
amspug003:0:334
server
nginx
content-type
image/gif; charset=utf-8
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Location
https://simage2.pubmatic.com/AdServer/Pug?piggybackCookie=uid:36f95fec-cb93-46f1-87a5-38038b55a625&vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw
Date
Sat, 09 Oct 2021 11:12:14 GMT
Server
Apache/2.4.41 (Ubuntu)
Connection
Keep-Alive
Keep-Alive
timeout=5, max=3000
Content-Length
0
P3P
policyref="/w3c/p3p.xml", CP="DSP NON LAW OUR CUR DEVo PSAo PSDo IND STA NAV COM INT"
Pug
simage2.pubmatic.com/AdServer/ Frame 5191
Redirect Chain
  • https://ads.playground.xyz/usersync/apn?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=$UID
  • https://secure.adnxs.com/getuid?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=$UID
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=3371712957801144948
42 B
114 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=3371712957801144948
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Sat, 09 Oct 2021 11:12:12 GMT
cache-control
no-store, no-cache, private
x-lat
amspug010:0:243
server
nginx
content-type
image/gif; charset=utf-8
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Pragma
no-cache
Date
Sat, 09 Oct 2021 11:12:13 GMT
X-Proxy-Origin
216.131.114.222; 216.131.114.222; 824.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid
a3ab3297-a13e-4319-ae43-6b94ec217a32
Server
nginx/1.17.9
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=3371712957801144948
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
d1ba4609
rtb.gumgum.com/getuid/ Frame 5191 		35 B
238 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb.gumgum.com/getuid/d1ba4609?gdpr=0&gdpr_consent=&r=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzNDImdGw9MTI5NjAw%26piggybackCookie%3D
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.18.52.16 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-18-52-16.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 09 Oct 2021 11:12:13 GMT
content-type
image/gif;charset=UTF-8
server
nginx
p3p
CP="This is not a P3P policy"
cache-control
private, no-store, must-revalidate, max-age=0
timing-allow-origin
*
content-length
35
expires
0
runner.html
tpc.googlesyndication.com/sodar/sodar2/224/ Frame 67B6 		12 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.225 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f1.1e100.net
Software
sffe /
Resource Hash
4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
tpc.googlesyndication.com
:scheme
https
:path
/sodar/sodar2/224/runner.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://securityaffairs.co/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
cross-origin-resource-policy
cross-origin
cross-origin-opener-policy-report-only
same-origin; report-to="adspam-signals-scs"
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length
5029
date
Fri, 08 Oct 2021 20:51:41 GMT
expires
Sat, 08 Oct 2022 20:51:41 GMT
last-modified
Wed, 02 Jun 2021 17:09:45 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
cache-control
public, max-age=31536000
age
51632
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
aframe
www.google.com/recaptcha/api2/ Frame 047E 		783 B
535 B 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/aframe
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.228 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f4.1e100.net
Software
GSE /
Resource Hash
edf97b73a5f2f3a2435d87ad92fc1d30a12422614a8efa1e36a7d763135d708f
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-BSmffGu1Qyx6tr17kdcZhQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
www.google.com
:scheme
https
:path
/recaptcha/api2/aframe
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://securityaffairs.co/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/

Response headers

cross-origin-resource-policy
cross-origin
cross-origin-embedder-policy-report-only
require-corp; report-to="recaptcha"
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires
Sat, 09 Oct 2021 11:12:13 GMT
date
Sat, 09 Oct 2021 11:12:13 GMT
cache-control
private, max-age=300
content-type
text/html; charset=utf-8
content-security-policy
script-src 'report-sample' 'nonce-BSmffGu1Qyx6tr17kdcZhQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding
gzip
x-content-type-options
nosniff
x-xss-protection
1; mode=block
content-length
513
server
GSE
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
tap.php
pixel.rubiconproject.com/ Frame 9216
Redirect Chain
  • https://sync-tm.everesttech.net/upi/pid/btu4jd3a?redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D191940%26nid%3D3778%26put%3D%24%7BUSER_ID%7D
  • https://sync-tm.everesttech.net/ct/upi/pid/btu4jd3a?redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D191940%26nid%3D3778%26put%3D%24%7BUSER_ID%7D&_test=YWF5DQAHxqVkmwA6
  • https://pixel.rubiconproject.com/tap.php?v=191940&nid=3778&put=YWF5DQAHxqVkmwA6&_test=YWF5DQAHxqVkmwA6
0
239 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.rubiconproject.com/tap.php?v=191940&nid=3778&put=YWF5DQAHxqVkmwA6&_test=YWF5DQAHxqVkmwA6
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
69.173.144.165 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost
a66cbf3142c6ef39e3614b84a34262cf
Content-Type
image/gif

Redirect headers

pragma
no-cache
date
Sat, 09 Oct 2021 11:12:13 GMT
via
1.1 varnish
server
Varnish
x-timer
S1633777933.382779,VS0,VE0
x-served-by
cache-hhn4054-HHN
x-cache
HIT
location
https://pixel.rubiconproject.com/tap.php?v=191940&nid=3778&put=YWF5DQAHxqVkmwA6&_test=YWF5DQAHxqVkmwA6
cache-control
no-cache
accept-ranges
bytes
content-length
0
retry-after
0
x-cache-hits
0
sync.php
pixel.rubiconproject.com/exchange/ Frame 9216 		0
239 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.rubiconproject.com/exchange/sync.php?p=a9us
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
69.173.144.165 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost
a66cbf3142c6ef39e3614b84a34262cf
Content-Type
image/gif
tap.php
pixel.rubiconproject.com/ Frame 9216
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc
  • https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEJDs-I6FjDOJAb0YclLj9Is&google_cver=1
0
239 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEJDs-I6FjDOJAb0YclLj9Is&google_cver=1
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
69.173.144.165 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost
a66cbf3142c6ef39e3614b84a34262cf
Content-Type
image/gif

Redirect headers

pragma
no-cache
date
Sat, 09 Oct 2021 11:12:13 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEJDs-I6FjDOJAb0YclLj9Is&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
326
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
709414.gif
id.rlcdn.com/ Frame 9216 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://id.rlcdn.com/709414.gif
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
68.174.244.35.bc.googleusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers
v1
ads.yahoo.com/cms/ Frame 9216
Redirect Chain
  • https://token.rubiconproject.com/token?pid=26594
  • https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=KUJP73V7-15-4H48&sigv=1&esig=2~512dc6e6be0e4bed772ad6b9878fa7c0c64cffab
0
443 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=KUJP73V7-15-4H48&sigv=1&esig=2~512dc6e6be0e4bed772ad6b9878fa7c0c64cffab
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
87.248.118.23 Frankfurt am Main, Germany, ASN34010 (YAHOO-IRD, GB),
Reverse DNS
e2.ycpi.vip.deb.yahoo.com
Software
ATS /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Sat, 09 Oct 2021 11:12:13 GMT
cache-control
no-store
x-content-type-options
nosniff
server
ATS
strict-transport-security
max-age=15552000
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-xss-protection
1; mode=block

Redirect headers

Location
https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=KUJP73V7-15-4H48&sigv=1&esig=2~512dc6e6be0e4bed772ad6b9878fa7c0c64cffab
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
611afce88997db6fdd35eb213e662871
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
tap.php
pixel.rubiconproject.com/ Frame 9216
Redirect Chain
  • https://sync.mathtag.com/sync/img?mt_exid=9&redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D4222%26nid%3D1512%26put%3D%5BMM_UUID%5D
  • https://pixel.rubiconproject.com/tap.php?v=4222&nid=1512&put=ecc46161-790c-4100-bfdc-fc35f01e5f4d&expires=28
0
239 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.rubiconproject.com/tap.php?v=4222&nid=1512&put=ecc46161-790c-4100-bfdc-fc35f01e5f4d&expires=28
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
69.173.144.165 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost
a66cbf3142c6ef39e3614b84a34262cf
Content-Type
image/gif

Redirect headers

Date
Sat, 09 Oct 2021 11:12:13 GMT
Server
MT3 3984 0e3af3b master zrh-pixel-x25 config:1.0.0
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location
https://pixel.rubiconproject.com/tap.php?v=4222&nid=1512&put=ecc46161-790c-4100-bfdc-fc35f01e5f4d&expires=28
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Keep-Alive
timeout=360
Content-Length
0
Expires
Sat, 09 Oct 2021 11:12:12 GMT
pixel
cm.g.doubleclick.net/ Frame 9216
Redirect Chain
  • https://token.rubiconproject.com/token?pid=25470
  • https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1VKUDczVjctMTUtNEg0OA==
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1VKUDczVjctMTUtNEg0OA==
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
216.58.212.130 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
ams15s21-in-f130.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 09 Oct 2021 11:12:13 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1VKUDczVjctMTUtNEg0OA==
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
611afce88997db6fdd35eb213e662871
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
pixel
cm.g.doubleclick.net/ Frame 9216
Redirect Chain
  • https://token.rubiconproject.com/token?pid=2249&pt=n
  • https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=YzA1MjVkOTIyNTliMmFhNjNiODdlNmQ3YTE2ZWI3YTg5ODUzNmUxZg
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=YzA1MjVkOTIyNTliMmFhNjNiODdlNmQ3YTE2ZWI3YTg5ODUzNmUxZg
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
216.58.212.130 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
ams15s21-in-f130.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 09 Oct 2021 11:12:13 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=YzA1MjVkOTIyNTliMmFhNjNiODdlNmQ3YTE2ZWI3YTg5ODUzNmUxZg
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
611afce88997db6fdd35eb213e662871
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
runner.html
tpc.googlesyndication.com/sodar/sodar2/224/ Frame 62EB 		12 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.225 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f1.1e100.net
Software
sffe /
Resource Hash
4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
tpc.googlesyndication.com
:scheme
https
:path
/sodar/sodar2/224/runner.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://securityaffairs.co/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
cross-origin-resource-policy
cross-origin
cross-origin-opener-policy-report-only
same-origin; report-to="adspam-signals-scs"
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length
5029
date
Fri, 08 Oct 2021 20:51:41 GMT
expires
Sat, 08 Oct 2022 20:51:41 GMT
last-modified
Wed, 02 Jun 2021 17:09:45 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
cache-control
public, max-age=31536000
age
51632
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
aframe
www.google.com/recaptcha/api2/ Frame 54E6 		783 B
535 B 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/aframe
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.228 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f4.1e100.net
Software
GSE /
Resource Hash
216754a5122c17b37dee7df406ed85a2d614f3974d3124ddb812368eddb40979
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-bEGtP5EZk65ucSA4Xa4gzw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
www.google.com
:scheme
https
:path
/recaptcha/api2/aframe
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://securityaffairs.co/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/

Response headers

cross-origin-resource-policy
cross-origin
cross-origin-embedder-policy
require-corp
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires
Sat, 09 Oct 2021 11:12:13 GMT
date
Sat, 09 Oct 2021 11:12:13 GMT
cache-control
private, max-age=300
content-type
text/html; charset=utf-8
content-security-policy
script-src 'report-sample' 'nonce-bEGtP5EZk65ucSA4Xa4gzw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding
gzip
x-content-type-options
nosniff
x-xss-protection
1; mode=block
content-length
513
server
GSE
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
sodar
pagead2.googlesyndication.com/pagead/ Frame 047E 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=224&li=gda_r20211006&jk=2265266584299941&rc=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s48-in-f2.1e100.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers
sodar
pagead2.googlesyndication.com/pagead/ Frame 54E6 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=224&li=gda_r20211006&jk=4265722531479805&rc=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s48-in-f2.1e100.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers
Op0h1o4bLATv4Gekw87wLIhuIhk3mUgQ1PXLVSVUXpk.js
pagead2.googlesyndication.com/bg/ Frame 67B6 		35 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/Op0h1o4bLATv4Gekw87wLIhuIhk3mUgQ1PXLVSVUXpk.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s48-in-f2.1e100.net
Software
sffe /
Resource Hash
3a9d21d68e1b2c04efe067a4c3cef02c886e221937994810d4f5cb5525545e99
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Tue, 05 Oct 2021 20:38:05 GMT
content-encoding
br
x-content-type-options
nosniff
age
311648
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13306
x-xss-protection
0
last-modified
Tue, 05 Oct 2021 11:38:00 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="botguard-scs"
expires
Wed, 05 Oct 2022 20:38:05 GMT
Op0h1o4bLATv4Gekw87wLIhuIhk3mUgQ1PXLVSVUXpk.js
pagead2.googlesyndication.com/bg/ Frame 62EB 		35 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/Op0h1o4bLATv4Gekw87wLIhuIhk3mUgQ1PXLVSVUXpk.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s48-in-f2.1e100.net
Software
sffe /
Resource Hash
3a9d21d68e1b2c04efe067a4c3cef02c886e221937994810d4f5cb5525545e99
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Tue, 05 Oct 2021 20:38:05 GMT
content-encoding
br
x-content-type-options
nosniff
age
311648
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13306
x-xss-protection
0
last-modified
Tue, 05 Oct 2021 11:38:00 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="botguard-scs"
expires
Wed, 05 Oct 2022 20:38:05 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 8B35 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-AtazXjn-j7xD9rv2qHmmZiUcDWydRbhPcxnooFOpWbboop542nFf6jVDOVZl7_Ctn5oXMGqFMSBQSrwPZ6Ex0zdtmB9cvWgpvVmEkiEpxePnDpmJo
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=250&slotname=Internal_300x250_0.10&adk=1639670682&adf=1174745095&pi=t.ma~as.Internal_300x250_0._&w=300&lmt=1633777933&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F123136%2Fmalware%2Fcox-media-group-ransomware.html%3Futm_source%3Drss%26utm_medium%3Drss%26utm_campaign%3Dcox-media-group-ransomware&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1633777932130&bpp=8&bdt=56&idt=942&shv=r20211006&mjsv=m202110060101&ptt=5&saldr=sa&cookie=ID%3D196d8e7f801c5845-22092b89e7ca00d9%3AT%3D1633777932%3ART%3D1633777932%3AS%3DALNI_MZ43NaiwjCjOep31Py9jmYXJBET-w&correlator=4075843604342&frm=21&ife=1&pv=1&ga_vid=1026516623.1633777931&ga_sid=1633777933&ga_hid=1671679630&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=320&ady=2414&biw=1600&bih=1200&isw=300&ish=250&ifk=2721514989&scr_x=0&scr_y=0&eid=31063076%2C31062930&oid=2&pvsid=2428993641080329&pem=686&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C250&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.6wt58ugvvb33&btvi=1&fsb=1&xpc=9qlfgNbbVz&p=https%3A//securityaffairs.co&dtd=970
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s48-in-f2.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 09 Oct 2021 11:12:13 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
window_focus_fy2019.js
tpc.googlesyndication.com/pagead/js/r20211006/r20110914/client/ Frame 8B35 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20211006/r20110914/client/window_focus_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=250&slotname=Internal_300x250_0.10&adk=1639670682&adf=1174745095&pi=t.ma~as.Internal_300x250_0._&w=300&lmt=1633777933&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F123136%2Fmalware%2Fcox-media-group-ransomware.html%3Futm_source%3Drss%26utm_medium%3Drss%26utm_campaign%3Dcox-media-group-ransomware&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1633777932130&bpp=8&bdt=56&idt=942&shv=r20211006&mjsv=m202110060101&ptt=5&saldr=sa&cookie=ID%3D196d8e7f801c5845-22092b89e7ca00d9%3AT%3D1633777932%3ART%3D1633777932%3AS%3DALNI_MZ43NaiwjCjOep31Py9jmYXJBET-w&correlator=4075843604342&frm=21&ife=1&pv=1&ga_vid=1026516623.1633777931&ga_sid=1633777933&ga_hid=1671679630&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=320&ady=2414&biw=1600&bih=1200&isw=300&ish=250&ifk=2721514989&scr_x=0&scr_y=0&eid=31063076%2C31062930&oid=2&pvsid=2428993641080329&pem=686&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C250&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.6wt58ugvvb33&btvi=1&fsb=1&xpc=9qlfgNbbVz&p=https%3A//securityaffairs.co&dtd=970
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.225 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f1.1e100.net
Software
cafe /
Resource Hash
5120f35e394e169ac0839405dbd6e680163a4e02f060f5a6a833ebfacf35d966
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Sat, 09 Oct 2021 11:10:54 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
79
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1344
x-xss-protection
0
server
cafe
etag
10107448882299530629
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Sat, 23 Oct 2021 11:10:54 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 8B35 		123 KB
37 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=250&slotname=Internal_300x250_0.10&adk=1639670682&adf=1174745095&pi=t.ma~as.Internal_300x250_0._&w=300&lmt=1633777933&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F123136%2Fmalware%2Fcox-media-group-ransomware.html%3Futm_source%3Drss%26utm_medium%3Drss%26utm_campaign%3Dcox-media-group-ransomware&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1633777932130&bpp=8&bdt=56&idt=942&shv=r20211006&mjsv=m202110060101&ptt=5&saldr=sa&cookie=ID%3D196d8e7f801c5845-22092b89e7ca00d9%3AT%3D1633777932%3ART%3D1633777932%3AS%3DALNI_MZ43NaiwjCjOep31Py9jmYXJBET-w&correlator=4075843604342&frm=21&ife=1&pv=1&ga_vid=1026516623.1633777931&ga_sid=1633777933&ga_hid=1671679630&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=320&ady=2414&biw=1600&bih=1200&isw=300&ish=250&ifk=2721514989&scr_x=0&scr_y=0&eid=31063076%2C31062930&oid=2&pvsid=2428993641080329&pem=686&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C250&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.6wt58ugvvb33&btvi=1&fsb=1&xpc=9qlfgNbbVz&p=https%3A//securityaffairs.co&dtd=970
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.184.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s12-in-f2.1e100.net
Software
sffe /
Resource Hash
e96cb07afdac92a8c77fbd5b9bb721e548070f4657f4f1e71329d2fd9032be47
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Sat, 09 Oct 2021 11:12:13 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
37898
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1633547226118934"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Sat, 09 Oct 2021 11:12:13 GMT
qs_click_protection_fy2019.js
tpc.googlesyndication.com/pagead/js/r20211006/r20110914/client/ Frame 8B35 		14 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20211006/r20110914/client/qs_click_protection_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=250&slotname=Internal_300x250_0.10&adk=1639670682&adf=1174745095&pi=t.ma~as.Internal_300x250_0._&w=300&lmt=1633777933&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F123136%2Fmalware%2Fcox-media-group-ransomware.html%3Futm_source%3Drss%26utm_medium%3Drss%26utm_campaign%3Dcox-media-group-ransomware&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1633777932130&bpp=8&bdt=56&idt=942&shv=r20211006&mjsv=m202110060101&ptt=5&saldr=sa&cookie=ID%3D196d8e7f801c5845-22092b89e7ca00d9%3AT%3D1633777932%3ART%3D1633777932%3AS%3DALNI_MZ43NaiwjCjOep31Py9jmYXJBET-w&correlator=4075843604342&frm=21&ife=1&pv=1&ga_vid=1026516623.1633777931&ga_sid=1633777933&ga_hid=1671679630&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=320&ady=2414&biw=1600&bih=1200&isw=300&ish=250&ifk=2721514989&scr_x=0&scr_y=0&eid=31063076%2C31062930&oid=2&pvsid=2428993641080329&pem=686&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C250&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.6wt58ugvvb33&btvi=1&fsb=1&xpc=9qlfgNbbVz&p=https%3A//securityaffairs.co&dtd=970
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.225 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f1.1e100.net
Software
cafe /
Resource Hash
51896cb4e932803b983cf59d85b20c705f42a891fa0c9c408e3cb267b5bb949c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Sat, 09 Oct 2021 11:09:02 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
191
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6219
x-xss-protection
0
server
cafe
etag
4041254270185007295
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Sat, 23 Oct 2021 11:09:02 GMT
pixel
googleads.g.doubleclick.net/xbbe/ Frame 3022 		624 B
297 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/xbbe/pixel?d=CO-t7QIQhsvvAhj5p_-tATAB&v=APEucNWA02vWq6-v7muQghXJRyOCQOGT1XSjwq3VwPE7mxRkL2pr3FlTkiBLj2np5LWi4h7WOBxEGoqkUNcGwa_-2xz-6O3kow
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=250&slotname=Internal_300x250_0.10&adk=1639670682&adf=1174745095&pi=t.ma~as.Internal_300x250_0._&w=300&lmt=1633777933&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F123136%2Fmalware%2Fcox-media-group-ransomware.html%3Futm_source%3Drss%26utm_medium%3Drss%26utm_campaign%3Dcox-media-group-ransomware&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1633777932130&bpp=8&bdt=56&idt=942&shv=r20211006&mjsv=m202110060101&ptt=5&saldr=sa&cookie=ID%3D196d8e7f801c5845-22092b89e7ca00d9%3AT%3D1633777932%3ART%3D1633777932%3AS%3DALNI_MZ43NaiwjCjOep31Py9jmYXJBET-w&correlator=4075843604342&frm=21&ife=1&pv=1&ga_vid=1026516623.1633777931&ga_sid=1633777933&ga_hid=1671679630&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=320&ady=2414&biw=1600&bih=1200&isw=300&ish=250&ifk=2721514989&scr_x=0&scr_y=0&eid=31063076%2C31062930&oid=2&pvsid=2428993641080329&pem=686&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C250&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.6wt58ugvvb33&btvi=1&fsb=1&xpc=9qlfgNbbVz&p=https%3A//securityaffairs.co&dtd=970
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.23.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
mil04s23-in-f2.1e100.net
Software
cafe /
Resource Hash
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
googleads.g.doubleclick.net
:scheme
https
:path
/xbbe/pixel?d=CO-t7QIQhsvvAhj5p_-tATAB&v=APEucNWA02vWq6-v7muQghXJRyOCQOGT1XSjwq3VwPE7mxRkL2pr3FlTkiBLj2np5LWi4h7WOBxEGoqkUNcGwa_-2xz-6O3kow
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
same-origin
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=250&slotname=Internal_300x250_0.10&adk=1639670682&adf=1174745095&pi=t.ma~as.Internal_300x250_0._&w=300&lmt=1633777933&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F123136%2Fmalware%2Fcox-media-group-ransomware.html%3Futm_source%3Drss%26utm_medium%3Drss%26utm_campaign%3Dcox-media-group-ransomware&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1633777932130&bpp=8&bdt=56&idt=942&shv=r20211006&mjsv=m202110060101&ptt=5&saldr=sa&cookie=ID%3D196d8e7f801c5845-22092b89e7ca00d9%3AT%3D1633777932%3ART%3D1633777932%3AS%3DALNI_MZ43NaiwjCjOep31Py9jmYXJBET-w&correlator=4075843604342&frm=21&ife=1&pv=1&ga_vid=1026516623.1633777931&ga_sid=1633777933&ga_hid=1671679630&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=320&ady=2414&biw=1600&bih=1200&isw=300&ish=250&ifk=2721514989&scr_x=0&scr_y=0&eid=31063076%2C31062930&oid=2&pvsid=2428993641080329&pem=686&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C250&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.6wt58ugvvb33&btvi=1&fsb=1&xpc=9qlfgNbbVz&p=https%3A//securityaffairs.co&dtd=970
accept-encoding
gzip, deflate, br
cookie
DSID=NO_DATA; IDE=AHWqTUmj5QHxlXmgPPPGFpesAxSJs_lGTo6UIGbcus-WIBLio2VKogXuQg2RwshdlN0
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=250&slotname=Internal_300x250_0.10&adk=1639670682&adf=1174745095&pi=t.ma~as.Internal_300x250_0._&w=300&lmt=1633777933&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F123136%2Fmalware%2Fcox-media-group-ransomware.html%3Futm_source%3Drss%26utm_medium%3Drss%26utm_campaign%3Dcox-media-group-ransomware&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1633777932130&bpp=8&bdt=56&idt=942&shv=r20211006&mjsv=m202110060101&ptt=5&saldr=sa&cookie=ID%3D196d8e7f801c5845-22092b89e7ca00d9%3AT%3D1633777932%3ART%3D1633777932%3AS%3DALNI_MZ43NaiwjCjOep31Py9jmYXJBET-w&correlator=4075843604342&frm=21&ife=1&pv=1&ga_vid=1026516623.1633777931&ga_sid=1633777933&ga_hid=1671679630&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=320&ady=2414&biw=1600&bih=1200&isw=300&ish=250&ifk=2721514989&scr_x=0&scr_y=0&eid=31063076%2C31062930&oid=2&pvsid=2428993641080329&pem=686&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C250&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.6wt58ugvvb33&btvi=1&fsb=1&xpc=9qlfgNbbVz&p=https%3A//securityaffairs.co&dtd=970

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
gzip
date
Sat, 09 Oct 2021 11:12:13 GMT
server
cafe
cache-control
private
content-length
276
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
ad
googleads.g.doubleclick.net/dbm/ Frame 8B35 		50 KB
24 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-C0LvVY1_rAkW0m2EGs2jcWr9gUy1Th4dWl9DV6MvfB61zDvt1aWVE4Dcr-EzzSw2C8_oeCTy6Hxv3LgZo5bPgReBW_KoVbcAzdOtDBYWAdQAP5RGZli3zEtFp9zcax53cuy9gY5mU8ECIRXar6GBwrP9rgTw&cry=1&dbm_d=AKAmf-AdFKVTingL5q3tcFQYt1o41rVSslBtA0K8or91uWs3LOABng8SE8rR10EdxW1oheDT6R8iCZ4Eayh-O5LWQNifBtTw6jXbmKtvSX63c6_bnbgQSR_imdHmO-gB2P6SH4UVAEcbzcckxazINUTpLO_YTUMezkjPAA-8jDVngc-XjhwpDaIYzGxm5lcmwRGbfkw3DAO3F1PfhCvEWjufjcDq5sbvPWvLaf0SnQQ4KDMwI3GTvX8N-TDn_TwwhzXDBcvh3-HdN0z1CXJm2Cvu9F1QC1R-Yh8SlwTyBo3X7QRaOhvydN4k6fJqxItLSGiGGLitSMO8r0qVnPzBCwXGEdoPPx8RAauHjrqQ12LhT9sbyiBGSrCIJDtMNKBuWYBt5HIsTn6piGp6wM765qZUwd7kBO6_N-PPJgMKEUkL3X093xhXF62lVjsfxy9Dz9TQSd5TzFrD3JgPbkNgadvKw-rUAYH9jZpc19PgcUZP45wv2YrghFzPoswszMjj4MdF8DIf1ELR_OQqX7jj4tnvgkVpntjvafT-qwj-cvZMP0ijtDK4T6oU9KzEf5iWYW2_I-awoGMgDcFEA6vIgS5DqfiJCflpXA6RkAsl0ahfI312eI4miYs-FlnYHOSQxjEFvJuJkbkZolZyaoFqb3bPaNWMOCn_0RWbbHtBn6IbF9DMAEKDVJlnbiZt4LH9LTZqVfmmh3ZG-IFmmxFz6t5ZQzfjtn3CvXnVa-9_5--qRzojPDqn9LISCVehE69RBud_A2C18ZEpJ828ZcHxKISvM0SjUg5yyslo76yXbGD947X4Sc5c8bPjy-F83p1s8y05bh4uRrO_Pl_BlQhFTXzPWGi4cKoDsRzEU2sTAH_rJi4SkIO4ThgrcEMmD8If6pZuJ5-Z4Dhud-04kVGn5iv3mlnMDMu0mSGGrJ9-03xS3VU7iOzEYlmXvhvSAbZw4F8V2ALj2e6zoq6Vbw5swbsa14_5AvypJsieozgoz390BXVNRA4QN7lClHO_LUwCGAhyJVM_qEtUbEsntdv_ZBx7VE7q51vNCfNRtnPxgESmpDAXp8FtVtJg6lQJME0fsKhoDJIG87sFctmuQ0oN3_tNp1wxiQxpIG15PMKql7E0OF7O-1Ke8LtuJ8YNHm4AeNJhxI_SrPsHDPOuf8bnpXX3IdpTVX-2uDvS0E1okts3K8dQ6ZoBsrj8tSfvLEHIiyGAVWY76ZiCVTFUnY9kFU6uX-Y9J8sJN-_TL7tQP3pCvrK6JgmT3jiJEtw4CjG7ldbWrWtIN8FG6USimM5m0IJJCs_1Tz8HE-KP9Uz8FY30PQe0Iv57tzR7EbiPEG3IHJMUc4TdTvcWsPLsbLlqckU9bEV3BebwN8yvjOmg-zTTOsxrqIWSDaxxRkrgcTrcwW-yPy6cTSvPOK3Z8X88xBVetwuRUF__8GF1BriomrS05vKgpvytFENhqAeVqjoaRtOrV6Uumxv_niCFDPW0M7zZXDOHwC3uIILyhYN3s6f3wkypbehqF8YM46at0uRUPAIn0ejUj0GXvqzG-QqnwnvaqWpikyBcDLqHrZaOUeJaeO3qKdIeip36xAokznxiU9tomLCzBgUt-zMGcQy9Hbji_Xo3g-bf3VadSlRvJop1KEQwDmaD1CLXW6m9sHC7FD20NOPvMyvyL0oeJLUmkNfDbfEdi57IG8fHXKXBcr-ybi4aTBwLsqGe9_cBcKEA8ohLoy2a78A1wwF2KvYZ8An6lzmPF_RMxSo-yzGFhKKQHI44TcwCxUOTu27u_vQNppgBmUwik4kx0qIrWs5tqeUSe3-gbucdWpXhpOQ6sUp_vwYhfJFOQoJqsmDzJsav902gB6qv0H76VyWxjzGqlfSjWh34cBmwZyigobEIrnnMIqjcDqmuN4OH71FcDXhl2wn3wwkNWOmHraOPFSgtA8Bpl2IYhG2_63pZ-L3wdIW7iAS7lxkj_vjRxhxkExFTnaHqXj3_1e8zX4hGlJ-lsgKUk4EA1T2D5WyLcnKJ9PerFBhObpnKIPz6wcQFbhcIGOZg9k-4Dpknq3DTDBF5cRMUBpngn28FCYS6pD0WRMMnUGQFpsLaaJl6HdIXblExKgbZtR3KBu_oNZTFldEGyRvqLHcHQrqpRqGrlizF0Ko_kPmD3qLM0U80qpRYFJtcqRGlynz_Bnu-qEQDIrfzTU_Q3iRysM3XXFI4dm9gy-m75DMagbjYr3GaTcdedTvU4bVVzbUe3UKK-GkIoMRQo3JYtqiIlxMEBXZYCLlBsMCuD8zazTjHRLgoIMojWd4F76sek8PWQ56L3pMmVo_gQ-JOIRVZHtuZ4UCKxMvRcFPYvOYCLGGspRIO9RzWhATBO0MjyKM5k_lDeyoAmPueaM71czyMh-WxfUDuifhj9apyubusgNZc2EItWRMyix1LAkgf3p1-0AquK8ym_JAxCLMtwDlCnzZHDy6a813-wp1zUjgvlFHMajMrdTH2ziZSmaN1RJzPIbjHqMcy-CgvnJVzmkUpLYClT8HnYKYIJc_K0UoScBCoUscdEIMov5K5xD1X1BzAq6P6Iflx4WxHKQ6TB3ZH9_SzyI5UIKHT12hVFiUh6TbP_Lc0Ee-emy0O5_q0HqjLI7UScc7C3pjdGOU30kVkbogh_qMGqKX0E7UYeyFsh41E1DdkUPevCtzMYQUu4LM0E_6LqnXXn2wi_XBQ9Hu3v7eADvBq5yrOLSZm2ggMp0OWYHS_QF91pXExEnCR1NDL0Vv4FambUN0FcIZrZR829DVyXESyi20rlbpI9UvdJ6hUzpn8_xd-7dXGDALOau7Ttw7Qze5z6Yk6zrnBPKS15c1Krs1uTLb9pc-pqF_1t6YwoUwg2A4QAuZlSV9GE6PwTcSG3yaosiG-Bt-tv_ExFLhcKi3UlCCKwPv_4EnUa1eTcj7eX7Wzcs31BSCr1BhGWCotqU_dweqcQq-aU_CuBVFc4EymPvGiKYOak7DbhOb9RXOWVl5nmc02mBGBdFu_1SaS1JeIvdJuyuVeQTzzUB1tJbXxE25oT2SDhuDpP3nhPRJ6X5dp47Qtu3VwPCZQVxctJ3JvBWvqeENpJf8L6SCsvkiAlILB1OVuI4YxaoDp7x9AtNp53kNMdtaL48YDWgrFj58oheHtFWRCVwXPoSJ4ODEmp0aPiM-u52Jbk6TlkoZYH7kDM4C46plsv_rfqlzFcxiJZhLBT7gKrNf8PNZQVVAPr4wCkAO5ufi9pog3Q3F5MQb2FolsN8Cj4DxDBeEZJCKAPxctX9VbOsa6vz2ATPVJnR7wJQ1ZkpqCgikad7AqV4LoeNFwA2U8sOc9hnjsB-qBB4ZBBZuWOUODdxIGv5AGBHU8rC6-7ETmewmmf6XmjOjPxaizSuiNtMFu6_kD3-cy9EqoaRYOBa2A47nk0-410T0FjznBAtZh-C3Aonk&cid=CAASEuRoaPxuqj7EEl1kPIb2HmbFQg&rfl=2%2Chttps%253A%252F%252Fsecurityaffairs.co%242%2Chttps%253A%252F%252Fsecurityaffairs.co%252F%240
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=250&slotname=Internal_300x250_0.10&adk=1639670682&adf=1174745095&pi=t.ma~as.Internal_300x250_0._&w=300&lmt=1633777933&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F123136%2Fmalware%2Fcox-media-group-ransomware.html%3Futm_source%3Drss%26utm_medium%3Drss%26utm_campaign%3Dcox-media-group-ransomware&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1633777932130&bpp=8&bdt=56&idt=942&shv=r20211006&mjsv=m202110060101&ptt=5&saldr=sa&cookie=ID%3D196d8e7f801c5845-22092b89e7ca00d9%3AT%3D1633777932%3ART%3D1633777932%3AS%3DALNI_MZ43NaiwjCjOep31Py9jmYXJBET-w&correlator=4075843604342&frm=21&ife=1&pv=1&ga_vid=1026516623.1633777931&ga_sid=1633777933&ga_hid=1671679630&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=320&ady=2414&biw=1600&bih=1200&isw=300&ish=250&ifk=2721514989&scr_x=0&scr_y=0&eid=31063076%2C31062930&oid=2&pvsid=2428993641080329&pem=686&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C250&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.6wt58ugvvb33&btvi=1&fsb=1&xpc=9qlfgNbbVz&p=https%3A//securityaffairs.co&dtd=970
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.23.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
mil04s23-in-f2.1e100.net
Software
cafe /
Resource Hash
d9005951796438b1f05bcb79d8a19047b702775ccd7b3e44b14aeac2eb95be1d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=250&slotname=Internal_300x250_0.10&adk=1639670682&adf=1174745095&pi=t.ma~as.Internal_300x250_0._&w=300&lmt=1633777933&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F123136%2Fmalware%2Fcox-media-group-ransomware.html%3Futm_source%3Drss%26utm_medium%3Drss%26utm_campaign%3Dcox-media-group-ransomware&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1633777932130&bpp=8&bdt=56&idt=942&shv=r20211006&mjsv=m202110060101&ptt=5&saldr=sa&cookie=ID%3D196d8e7f801c5845-22092b89e7ca00d9%3AT%3D1633777932%3ART%3D1633777932%3AS%3DALNI_MZ43NaiwjCjOep31Py9jmYXJBET-w&correlator=4075843604342&frm=21&ife=1&pv=1&ga_vid=1026516623.1633777931&ga_sid=1633777933&ga_hid=1671679630&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=320&ady=2414&biw=1600&bih=1200&isw=300&ish=250&ifk=2721514989&scr_x=0&scr_y=0&eid=31063076%2C31062930&oid=2&pvsid=2428993641080329&pem=686&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C250&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.6wt58ugvvb33&btvi=1&fsb=1&xpc=9qlfgNbbVz&p=https%3A//securityaffairs.co&dtd=970
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 09 Oct 2021 11:12:13 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
24238
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
rum
dsum-sec.casalemedia.com/ Frame 3022
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBX7GKUpnamMXTQ0cFqG2KU&google_cver=1
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBX7GKUpnamMXTQ0cFqG2KU&google_cver=1&C=1
43 B
1014 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBX7GKUpnamMXTQ0cFqG2KU&google_cver=1&C=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CO-t7QIQhsvvAhj5p_-tATAB&v=APEucNWA02vWq6-v7muQghXJRyOCQOGT1XSjwq3VwPE7mxRkL2pr3FlTkiBLj2np5LWi4h7WOBxEGoqkUNcGwa_-2xz-6O3kow
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-234-21.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 09 Oct 2021 11:12:13 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Sat, 09 Oct 2021 11:12:13 GMT

Redirect headers

Pragma
no-cache
Date
Sat, 09 Oct 2021 11:12:13 GMT
Server
Apache
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBX7GKUpnamMXTQ0cFqG2KU&google_cver=1&C=1
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
text/html; charset=iso-8859-1
Content-Length
308
Expires
Sat, 09 Oct 2021 11:12:13 GMT
rum
dsum-sec.casalemedia.com/ Frame 3022
Redirect Chain
  • https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
  • https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YWF5DY.PDzvwxI.lNx-09AAA
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBX7GKUpnamMXTQ0cFqG2KU&google_cver=1&google_hm=2
43 B
894 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBX7GKUpnamMXTQ0cFqG2KU&google_cver=1&google_hm=2
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CO-t7QIQhsvvAhj5p_-tATAB&v=APEucNWA02vWq6-v7muQghXJRyOCQOGT1XSjwq3VwPE7mxRkL2pr3FlTkiBLj2np5LWi4h7WOBxEGoqkUNcGwa_-2xz-6O3kow
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-234-21.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 09 Oct 2021 11:12:13 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Sat, 09 Oct 2021 11:12:13 GMT

Redirect headers

pragma
no-cache
date
Sat, 09 Oct 2021 11:12:13 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBX7GKUpnamMXTQ0cFqG2KU&google_cver=1&google_hm=2
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
329
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
setuid
ib.adnxs.com/ Frame 3022
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
  • https://ib.adnxs.com/setuid?entity=101&code=CAESEHz2cWjkpJzuCbuz4Bmw2aw&google_cver=1
43 B
1008 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ib.adnxs.com/setuid?entity=101&code=CAESEHz2cWjkpJzuCbuz4Bmw2aw&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CO-t7QIQhsvvAhj5p_-tATAB&v=APEucNWA02vWq6-v7muQghXJRyOCQOGT1XSjwq3VwPE7mxRkL2pr3FlTkiBLj2np5LWi4h7WOBxEGoqkUNcGwa_-2xz-6O3kow
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.220.243 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
722.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.17.9 /
Resource Hash
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 09 Oct 2021 11:12:13 GMT
X-Proxy-Origin
216.131.114.222; 216.131.114.222; 722.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid
42ec6b1c-9782-4778-acd7-1301de0aaa4c
Server
nginx/1.17.9
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma
no-cache
date
Sat, 09 Oct 2021 11:12:13 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://ib.adnxs.com/setuid?entity=101&code=CAESEHz2cWjkpJzuCbuz4Bmw2aw&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
290
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame 3022
Redirect Chain
  • https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzM3MTcxMjk1NzgwMTE0NDk0OA%3D%3D
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzM3MTcxMjk1NzgwMTE0NDk0OA%3D%3D
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CO-t7QIQhsvvAhj5p_-tATAB&v=APEucNWA02vWq6-v7muQghXJRyOCQOGT1XSjwq3VwPE7mxRkL2pr3FlTkiBLj2np5LWi4h7WOBxEGoqkUNcGwa_-2xz-6O3kow
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
216.58.212.130 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
ams15s21-in-f130.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 09 Oct 2021 11:12:13 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Sat, 09 Oct 2021 11:12:13 GMT
X-Proxy-Origin
216.131.114.222; 216.131.114.222; 722.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid
e2cb3335-af70-4094-8c21-5197571d25cf
Server
nginx/1.17.9
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzM3MTcxMjk1NzgwMTE0NDk0OA%3D%3D
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 3F87 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=224&t=2&li=gda_r20211006&jk=2265266584299941&bg=!0tGl0ZXNAAbGFvHlxhY7ACkAdvg8WpNKZGNSnZg5-MgOBwF0O9vdFkqLYjDWm1psT8IszhadrYz3NwIAAAC9UgAAAA5oAQeZAtsDFxWxrLWhoYUmDB2beUe8qplyewtOblcyJjc02Sd7sUGLY3HWgSOpF603M4fMtw01dRYPzImymz_YXsdkEiIL4onl-VtcdahNUbLXcgPxoRzj7nJzEFr3jd04gDSMPKBVd6dst9CSI7Vqpqa_BDFm0_lkxh80_g8oO8gsjq1U2pQ9g7X1PcsMvbYIG1PS6Nwi5ElejUYTRiYefWvksnffowCOjHwXcFfvfWuQPDYaPvmQjgGmtmumAcx5wSXU0fEPzkcE7tehvJWnqbE0XHj9vRbCuImw4JIu4-2h_xxhZr3q3-jUBEFtTPN2B793wzhuUKDQem15P--JOVbdB_9WMFx7q5JBSprEG1k0QNChXv1l2cMBBdqVC5Me7D8hG1TTwaZcluPkXa9YzEFQq6kpSY6fHesNymTW66XDT2oiJBv2OMXu5gKAJ14Ui1rmgfyugRzI2U3vdOHz1jZ-nRCm_NhU7SsjGF0CQ-fcYlJy2DqvsmglY4-56UinsStLiq7jM2_-9nTXdc46tAkvjgYWgfiblfqQQJk9lkm0tok5fpKJB3Vh-VXZB3L7NOi1vCBP2MaCG3JXSiltUBdjxkte3Bhbcglt7vx23AY0ZYUxZ1-QM4C2ty5CB71TX1QB0MlKjBC6eBS-SjXh2EvXw5uM5dszzX2b_9hfxmPuE2jB39ZO-xIvCFyWTIUGbXa-aclwnkwbTEcdt0q6qbj97ylbA-l7HEtM2DriHGg6uSvQoaWIs1BZO_zTMQv99-hUc9ydX0kJjDJzwycuXoDhJsBJcGGN368YIIfMUMZDFb8wOcm3FpD-u7viIIE9vDJyEFTFuQfCGxEA22D9ZhdoknnM9dG1F4HvhNn09QV_NGnP4LwHUSWy6_0M8in-axAsERHmzp_WMqZ0jo6ldsMdY6rzq91M9jnPFbtZ4FtWHY7NNu8jwK4QxMJWBw7pKZ1j3hic0n26iBtDD3orJQ
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s48-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 09 Oct 2021 11:12:13 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame B487 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=224&t=2&li=gda_r20211006&jk=4265722531479805&bg=!8_Cl8LTNAAbGFvHlxhY7ACkAdvg8WqH0A62lw-1iqEyR-NhpL_7SrFOzpU0JRaoixf8iItqSVTDiUgIAAACuUgAAAA5oAQeZAtw0mC5NVir22We-ATcDmnjzDGqtNNPg5zlstM1E7fCBMMyqvyRwuZxKFb62w-GbGsqwYQlqFjre2emZUIJnyHkcss188_aziPOIqb0IPxEAP-SFy_BNJ0y8bbmrUdYPnKnAWRV18KWqjtw-YSlPR0-uq4wLLvy3tYndpq6S2vAyL9xbVeNIGHjkEwP3ATcwnzEG-P8A32IHjTJDBU5-vEzwfXDKzthYTSQaZL7GbwpsNdyRHcR9jHqJMgVmEMbgxGgLrBXs1TA1kJvY96DOJ2Yiz3ReNruzjowe8soODrpbXO6Ipq4vE5pqMFDPMrBTWY-HtVUhDGsEcGuB7-g_oBgBAiJXr6H_Yxh0rhzxWTbZwP5yLmhDkJ7H9QrH51oeEsn3G8zFdHPeLareG9oczZuv2ACq5L1ewXpK2U--xLlm9khInGUmivjZgepG-WiImRbTi4xBNKRvIEGcT9ynxH5shNZH7TiuWk8dNrwfyVpG7sRrMghbPLvD9yzGsGJUMbFjV6Qki9na-hpODMKwv5ov5jYxsw2YYovcLXa0C-jTg9IiF_eIzY7SCaLon_WiqiIkITpIug7KmxCe3GHTNb20bpopl7pJXy4B93X_QNS6nNna-VYBcBYeBAUIJut67tAr6SXu23oxSv9hZzbPlLb4NdklUTlUChJ5-0QNfcgUJIKn-yFceVJ6uPcP-CdMdQs2nLrpJRGIIn_X0lZt4VWfHWD_Uu7OXqV5O56yjmJRZK28p7TjtyETRsb_ljEiAFNpn0hSx5fEARSmoYPdLQjLyxJ7a8ERDHREp_Ykd5DaG5pU1cRoieoLWCyTw32BJg1xiNplUOBv1ZYhNMeBlOi4PVEJ8jA5LC035T1xolErHy11pa-VSPs5-9XxdbqS2P-1asUqTNqXLXtCUglca7vdpB-JJs2r07GPWp3xu7SDsQ_BaW4xnP0ufvGdUoLv1R90P9vfcDkyywYMcZk
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s48-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 09 Oct 2021 11:12:13 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
abg_lite.js
pagead2.googlesyndication.com/pagead/js/r20211006/r20110914/ Frame 8B35 		23 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20211006/r20110914/abg_lite.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-C0LvVY1_rAkW0m2EGs2jcWr9gUy1Th4dWl9DV6MvfB61zDvt1aWVE4Dcr-EzzSw2C8_oeCTy6Hxv3LgZo5bPgReBW_KoVbcAzdOtDBYWAdQAP5RGZli3zEtFp9zcax53cuy9gY5mU8ECIRXar6GBwrP9rgTw&cry=1&dbm_d=AKAmf-AdFKVTingL5q3tcFQYt1o41rVSslBtA0K8or91uWs3LOABng8SE8rR10EdxW1oheDT6R8iCZ4Eayh-O5LWQNifBtTw6jXbmKtvSX63c6_bnbgQSR_imdHmO-gB2P6SH4UVAEcbzcckxazINUTpLO_YTUMezkjPAA-8jDVngc-XjhwpDaIYzGxm5lcmwRGbfkw3DAO3F1PfhCvEWjufjcDq5sbvPWvLaf0SnQQ4KDMwI3GTvX8N-TDn_TwwhzXDBcvh3-HdN0z1CXJm2Cvu9F1QC1R-Yh8SlwTyBo3X7QRaOhvydN4k6fJqxItLSGiGGLitSMO8r0qVnPzBCwXGEdoPPx8RAauHjrqQ12LhT9sbyiBGSrCIJDtMNKBuWYBt5HIsTn6piGp6wM765qZUwd7kBO6_N-PPJgMKEUkL3X093xhXF62lVjsfxy9Dz9TQSd5TzFrD3JgPbkNgadvKw-rUAYH9jZpc19PgcUZP45wv2YrghFzPoswszMjj4MdF8DIf1ELR_OQqX7jj4tnvgkVpntjvafT-qwj-cvZMP0ijtDK4T6oU9KzEf5iWYW2_I-awoGMgDcFEA6vIgS5DqfiJCflpXA6RkAsl0ahfI312eI4miYs-FlnYHOSQxjEFvJuJkbkZolZyaoFqb3bPaNWMOCn_0RWbbHtBn6IbF9DMAEKDVJlnbiZt4LH9LTZqVfmmh3ZG-IFmmxFz6t5ZQzfjtn3CvXnVa-9_5--qRzojPDqn9LISCVehE69RBud_A2C18ZEpJ828ZcHxKISvM0SjUg5yyslo76yXbGD947X4Sc5c8bPjy-F83p1s8y05bh4uRrO_Pl_BlQhFTXzPWGi4cKoDsRzEU2sTAH_rJi4SkIO4ThgrcEMmD8If6pZuJ5-Z4Dhud-04kVGn5iv3mlnMDMu0mSGGrJ9-03xS3VU7iOzEYlmXvhvSAbZw4F8V2ALj2e6zoq6Vbw5swbsa14_5AvypJsieozgoz390BXVNRA4QN7lClHO_LUwCGAhyJVM_qEtUbEsntdv_ZBx7VE7q51vNCfNRtnPxgESmpDAXp8FtVtJg6lQJME0fsKhoDJIG87sFctmuQ0oN3_tNp1wxiQxpIG15PMKql7E0OF7O-1Ke8LtuJ8YNHm4AeNJhxI_SrPsHDPOuf8bnpXX3IdpTVX-2uDvS0E1okts3K8dQ6ZoBsrj8tSfvLEHIiyGAVWY76ZiCVTFUnY9kFU6uX-Y9J8sJN-_TL7tQP3pCvrK6JgmT3jiJEtw4CjG7ldbWrWtIN8FG6USimM5m0IJJCs_1Tz8HE-KP9Uz8FY30PQe0Iv57tzR7EbiPEG3IHJMUc4TdTvcWsPLsbLlqckU9bEV3BebwN8yvjOmg-zTTOsxrqIWSDaxxRkrgcTrcwW-yPy6cTSvPOK3Z8X88xBVetwuRUF__8GF1BriomrS05vKgpvytFENhqAeVqjoaRtOrV6Uumxv_niCFDPW0M7zZXDOHwC3uIILyhYN3s6f3wkypbehqF8YM46at0uRUPAIn0ejUj0GXvqzG-QqnwnvaqWpikyBcDLqHrZaOUeJaeO3qKdIeip36xAokznxiU9tomLCzBgUt-zMGcQy9Hbji_Xo3g-bf3VadSlRvJop1KEQwDmaD1CLXW6m9sHC7FD20NOPvMyvyL0oeJLUmkNfDbfEdi57IG8fHXKXBcr-ybi4aTBwLsqGe9_cBcKEA8ohLoy2a78A1wwF2KvYZ8An6lzmPF_RMxSo-yzGFhKKQHI44TcwCxUOTu27u_vQNppgBmUwik4kx0qIrWs5tqeUSe3-gbucdWpXhpOQ6sUp_vwYhfJFOQoJqsmDzJsav902gB6qv0H76VyWxjzGqlfSjWh34cBmwZyigobEIrnnMIqjcDqmuN4OH71FcDXhl2wn3wwkNWOmHraOPFSgtA8Bpl2IYhG2_63pZ-L3wdIW7iAS7lxkj_vjRxhxkExFTnaHqXj3_1e8zX4hGlJ-lsgKUk4EA1T2D5WyLcnKJ9PerFBhObpnKIPz6wcQFbhcIGOZg9k-4Dpknq3DTDBF5cRMUBpngn28FCYS6pD0WRMMnUGQFpsLaaJl6HdIXblExKgbZtR3KBu_oNZTFldEGyRvqLHcHQrqpRqGrlizF0Ko_kPmD3qLM0U80qpRYFJtcqRGlynz_Bnu-qEQDIrfzTU_Q3iRysM3XXFI4dm9gy-m75DMagbjYr3GaTcdedTvU4bVVzbUe3UKK-GkIoMRQo3JYtqiIlxMEBXZYCLlBsMCuD8zazTjHRLgoIMojWd4F76sek8PWQ56L3pMmVo_gQ-JOIRVZHtuZ4UCKxMvRcFPYvOYCLGGspRIO9RzWhATBO0MjyKM5k_lDeyoAmPueaM71czyMh-WxfUDuifhj9apyubusgNZc2EItWRMyix1LAkgf3p1-0AquK8ym_JAxCLMtwDlCnzZHDy6a813-wp1zUjgvlFHMajMrdTH2ziZSmaN1RJzPIbjHqMcy-CgvnJVzmkUpLYClT8HnYKYIJc_K0UoScBCoUscdEIMov5K5xD1X1BzAq6P6Iflx4WxHKQ6TB3ZH9_SzyI5UIKHT12hVFiUh6TbP_Lc0Ee-emy0O5_q0HqjLI7UScc7C3pjdGOU30kVkbogh_qMGqKX0E7UYeyFsh41E1DdkUPevCtzMYQUu4LM0E_6LqnXXn2wi_XBQ9Hu3v7eADvBq5yrOLSZm2ggMp0OWYHS_QF91pXExEnCR1NDL0Vv4FambUN0FcIZrZR829DVyXESyi20rlbpI9UvdJ6hUzpn8_xd-7dXGDALOau7Ttw7Qze5z6Yk6zrnBPKS15c1Krs1uTLb9pc-pqF_1t6YwoUwg2A4QAuZlSV9GE6PwTcSG3yaosiG-Bt-tv_ExFLhcKi3UlCCKwPv_4EnUa1eTcj7eX7Wzcs31BSCr1BhGWCotqU_dweqcQq-aU_CuBVFc4EymPvGiKYOak7DbhOb9RXOWVl5nmc02mBGBdFu_1SaS1JeIvdJuyuVeQTzzUB1tJbXxE25oT2SDhuDpP3nhPRJ6X5dp47Qtu3VwPCZQVxctJ3JvBWvqeENpJf8L6SCsvkiAlILB1OVuI4YxaoDp7x9AtNp53kNMdtaL48YDWgrFj58oheHtFWRCVwXPoSJ4ODEmp0aPiM-u52Jbk6TlkoZYH7kDM4C46plsv_rfqlzFcxiJZhLBT7gKrNf8PNZQVVAPr4wCkAO5ufi9pog3Q3F5MQb2FolsN8Cj4DxDBeEZJCKAPxctX9VbOsa6vz2ATPVJnR7wJQ1ZkpqCgikad7AqV4LoeNFwA2U8sOc9hnjsB-qBB4ZBBZuWOUODdxIGv5AGBHU8rC6-7ETmewmmf6XmjOjPxaizSuiNtMFu6_kD3-cy9EqoaRYOBa2A47nk0-410T0FjznBAtZh-C3Aonk&cid=CAASEuRoaPxuqj7EEl1kPIb2HmbFQg&rfl=2%2Chttps%253A%252F%252Fsecurityaffairs.co%242%2Chttps%253A%252F%252Fsecurityaffairs.co%252F%240
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s48-in-f2.1e100.net
Software
cafe /
Resource Hash
0b4cc12ccd09adacbf7695b7ae68d146a6b9bfa7a2058dbd4e58f31c14ec5e7e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Sat, 09 Oct 2021 11:07:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
298
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
9203
x-xss-protection
0
server
cafe
etag
15223966529599630443
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Sat, 23 Oct 2021 11:07:15 GMT
6136666773518378460
s0.2mdn.net/simgad/ Frame 8B35 		59 KB
60 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/simgad/6136666773518378460?sqp=-oaymwEOCKwCEPoBIAFIZFABWAE&rs=AOga4qkOYcB7Ovj8UNgSPG0k3heMILu7Kg
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-C0LvVY1_rAkW0m2EGs2jcWr9gUy1Th4dWl9DV6MvfB61zDvt1aWVE4Dcr-EzzSw2C8_oeCTy6Hxv3LgZo5bPgReBW_KoVbcAzdOtDBYWAdQAP5RGZli3zEtFp9zcax53cuy9gY5mU8ECIRXar6GBwrP9rgTw&cry=1&dbm_d=AKAmf-AdFKVTingL5q3tcFQYt1o41rVSslBtA0K8or91uWs3LOABng8SE8rR10EdxW1oheDT6R8iCZ4Eayh-O5LWQNifBtTw6jXbmKtvSX63c6_bnbgQSR_imdHmO-gB2P6SH4UVAEcbzcckxazINUTpLO_YTUMezkjPAA-8jDVngc-XjhwpDaIYzGxm5lcmwRGbfkw3DAO3F1PfhCvEWjufjcDq5sbvPWvLaf0SnQQ4KDMwI3GTvX8N-TDn_TwwhzXDBcvh3-HdN0z1CXJm2Cvu9F1QC1R-Yh8SlwTyBo3X7QRaOhvydN4k6fJqxItLSGiGGLitSMO8r0qVnPzBCwXGEdoPPx8RAauHjrqQ12LhT9sbyiBGSrCIJDtMNKBuWYBt5HIsTn6piGp6wM765qZUwd7kBO6_N-PPJgMKEUkL3X093xhXF62lVjsfxy9Dz9TQSd5TzFrD3JgPbkNgadvKw-rUAYH9jZpc19PgcUZP45wv2YrghFzPoswszMjj4MdF8DIf1ELR_OQqX7jj4tnvgkVpntjvafT-qwj-cvZMP0ijtDK4T6oU9KzEf5iWYW2_I-awoGMgDcFEA6vIgS5DqfiJCflpXA6RkAsl0ahfI312eI4miYs-FlnYHOSQxjEFvJuJkbkZolZyaoFqb3bPaNWMOCn_0RWbbHtBn6IbF9DMAEKDVJlnbiZt4LH9LTZqVfmmh3ZG-IFmmxFz6t5ZQzfjtn3CvXnVa-9_5--qRzojPDqn9LISCVehE69RBud_A2C18ZEpJ828ZcHxKISvM0SjUg5yyslo76yXbGD947X4Sc5c8bPjy-F83p1s8y05bh4uRrO_Pl_BlQhFTXzPWGi4cKoDsRzEU2sTAH_rJi4SkIO4ThgrcEMmD8If6pZuJ5-Z4Dhud-04kVGn5iv3mlnMDMu0mSGGrJ9-03xS3VU7iOzEYlmXvhvSAbZw4F8V2ALj2e6zoq6Vbw5swbsa14_5AvypJsieozgoz390BXVNRA4QN7lClHO_LUwCGAhyJVM_qEtUbEsntdv_ZBx7VE7q51vNCfNRtnPxgESmpDAXp8FtVtJg6lQJME0fsKhoDJIG87sFctmuQ0oN3_tNp1wxiQxpIG15PMKql7E0OF7O-1Ke8LtuJ8YNHm4AeNJhxI_SrPsHDPOuf8bnpXX3IdpTVX-2uDvS0E1okts3K8dQ6ZoBsrj8tSfvLEHIiyGAVWY76ZiCVTFUnY9kFU6uX-Y9J8sJN-_TL7tQP3pCvrK6JgmT3jiJEtw4CjG7ldbWrWtIN8FG6USimM5m0IJJCs_1Tz8HE-KP9Uz8FY30PQe0Iv57tzR7EbiPEG3IHJMUc4TdTvcWsPLsbLlqckU9bEV3BebwN8yvjOmg-zTTOsxrqIWSDaxxRkrgcTrcwW-yPy6cTSvPOK3Z8X88xBVetwuRUF__8GF1BriomrS05vKgpvytFENhqAeVqjoaRtOrV6Uumxv_niCFDPW0M7zZXDOHwC3uIILyhYN3s6f3wkypbehqF8YM46at0uRUPAIn0ejUj0GXvqzG-QqnwnvaqWpikyBcDLqHrZaOUeJaeO3qKdIeip36xAokznxiU9tomLCzBgUt-zMGcQy9Hbji_Xo3g-bf3VadSlRvJop1KEQwDmaD1CLXW6m9sHC7FD20NOPvMyvyL0oeJLUmkNfDbfEdi57IG8fHXKXBcr-ybi4aTBwLsqGe9_cBcKEA8ohLoy2a78A1wwF2KvYZ8An6lzmPF_RMxSo-yzGFhKKQHI44TcwCxUOTu27u_vQNppgBmUwik4kx0qIrWs5tqeUSe3-gbucdWpXhpOQ6sUp_vwYhfJFOQoJqsmDzJsav902gB6qv0H76VyWxjzGqlfSjWh34cBmwZyigobEIrnnMIqjcDqmuN4OH71FcDXhl2wn3wwkNWOmHraOPFSgtA8Bpl2IYhG2_63pZ-L3wdIW7iAS7lxkj_vjRxhxkExFTnaHqXj3_1e8zX4hGlJ-lsgKUk4EA1T2D5WyLcnKJ9PerFBhObpnKIPz6wcQFbhcIGOZg9k-4Dpknq3DTDBF5cRMUBpngn28FCYS6pD0WRMMnUGQFpsLaaJl6HdIXblExKgbZtR3KBu_oNZTFldEGyRvqLHcHQrqpRqGrlizF0Ko_kPmD3qLM0U80qpRYFJtcqRGlynz_Bnu-qEQDIrfzTU_Q3iRysM3XXFI4dm9gy-m75DMagbjYr3GaTcdedTvU4bVVzbUe3UKK-GkIoMRQo3JYtqiIlxMEBXZYCLlBsMCuD8zazTjHRLgoIMojWd4F76sek8PWQ56L3pMmVo_gQ-JOIRVZHtuZ4UCKxMvRcFPYvOYCLGGspRIO9RzWhATBO0MjyKM5k_lDeyoAmPueaM71czyMh-WxfUDuifhj9apyubusgNZc2EItWRMyix1LAkgf3p1-0AquK8ym_JAxCLMtwDlCnzZHDy6a813-wp1zUjgvlFHMajMrdTH2ziZSmaN1RJzPIbjHqMcy-CgvnJVzmkUpLYClT8HnYKYIJc_K0UoScBCoUscdEIMov5K5xD1X1BzAq6P6Iflx4WxHKQ6TB3ZH9_SzyI5UIKHT12hVFiUh6TbP_Lc0Ee-emy0O5_q0HqjLI7UScc7C3pjdGOU30kVkbogh_qMGqKX0E7UYeyFsh41E1DdkUPevCtzMYQUu4LM0E_6LqnXXn2wi_XBQ9Hu3v7eADvBq5yrOLSZm2ggMp0OWYHS_QF91pXExEnCR1NDL0Vv4FambUN0FcIZrZR829DVyXESyi20rlbpI9UvdJ6hUzpn8_xd-7dXGDALOau7Ttw7Qze5z6Yk6zrnBPKS15c1Krs1uTLb9pc-pqF_1t6YwoUwg2A4QAuZlSV9GE6PwTcSG3yaosiG-Bt-tv_ExFLhcKi3UlCCKwPv_4EnUa1eTcj7eX7Wzcs31BSCr1BhGWCotqU_dweqcQq-aU_CuBVFc4EymPvGiKYOak7DbhOb9RXOWVl5nmc02mBGBdFu_1SaS1JeIvdJuyuVeQTzzUB1tJbXxE25oT2SDhuDpP3nhPRJ6X5dp47Qtu3VwPCZQVxctJ3JvBWvqeENpJf8L6SCsvkiAlILB1OVuI4YxaoDp7x9AtNp53kNMdtaL48YDWgrFj58oheHtFWRCVwXPoSJ4ODEmp0aPiM-u52Jbk6TlkoZYH7kDM4C46plsv_rfqlzFcxiJZhLBT7gKrNf8PNZQVVAPr4wCkAO5ufi9pog3Q3F5MQb2FolsN8Cj4DxDBeEZJCKAPxctX9VbOsa6vz2ATPVJnR7wJQ1ZkpqCgikad7AqV4LoeNFwA2U8sOc9hnjsB-qBB4ZBBZuWOUODdxIGv5AGBHU8rC6-7ETmewmmf6XmjOjPxaizSuiNtMFu6_kD3-cy9EqoaRYOBa2A47nk0-410T0FjznBAtZh-C3Aonk&cid=CAASEuRoaPxuqj7EEl1kPIb2HmbFQg&rfl=2%2Chttps%253A%252F%252Fsecurityaffairs.co%242%2Chttps%253A%252F%252Fsecurityaffairs.co%252F%240
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.102 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s06-in-f6.1e100.net
Software
sffe /
Resource Hash
2fcd0e2603ca36c04daed75f20f5b88c8667ee03864abdfc8d77467a46c9dda2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Sun, 03 Oct 2021 14:47:47 GMT
x-content-type-options
nosniff
last-modified
Fri, 25 Jun 2021 02:39:57 GMT
server
sffe
age
505466
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
60903
x-xss-protection
0
expires
Mon, 03 Oct 2022 14:47:47 GMT
omrhp.js
pagead2.googlesyndication.com/pagead/js/r20211006/r20110914/elements/html/ Frame 8B35 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20211006/r20110914/elements/html/omrhp.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-C0LvVY1_rAkW0m2EGs2jcWr9gUy1Th4dWl9DV6MvfB61zDvt1aWVE4Dcr-EzzSw2C8_oeCTy6Hxv3LgZo5bPgReBW_KoVbcAzdOtDBYWAdQAP5RGZli3zEtFp9zcax53cuy9gY5mU8ECIRXar6GBwrP9rgTw&cry=1&dbm_d=AKAmf-AdFKVTingL5q3tcFQYt1o41rVSslBtA0K8or91uWs3LOABng8SE8rR10EdxW1oheDT6R8iCZ4Eayh-O5LWQNifBtTw6jXbmKtvSX63c6_bnbgQSR_imdHmO-gB2P6SH4UVAEcbzcckxazINUTpLO_YTUMezkjPAA-8jDVngc-XjhwpDaIYzGxm5lcmwRGbfkw3DAO3F1PfhCvEWjufjcDq5sbvPWvLaf0SnQQ4KDMwI3GTvX8N-TDn_TwwhzXDBcvh3-HdN0z1CXJm2Cvu9F1QC1R-Yh8SlwTyBo3X7QRaOhvydN4k6fJqxItLSGiGGLitSMO8r0qVnPzBCwXGEdoPPx8RAauHjrqQ12LhT9sbyiBGSrCIJDtMNKBuWYBt5HIsTn6piGp6wM765qZUwd7kBO6_N-PPJgMKEUkL3X093xhXF62lVjsfxy9Dz9TQSd5TzFrD3JgPbkNgadvKw-rUAYH9jZpc19PgcUZP45wv2YrghFzPoswszMjj4MdF8DIf1ELR_OQqX7jj4tnvgkVpntjvafT-qwj-cvZMP0ijtDK4T6oU9KzEf5iWYW2_I-awoGMgDcFEA6vIgS5DqfiJCflpXA6RkAsl0ahfI312eI4miYs-FlnYHOSQxjEFvJuJkbkZolZyaoFqb3bPaNWMOCn_0RWbbHtBn6IbF9DMAEKDVJlnbiZt4LH9LTZqVfmmh3ZG-IFmmxFz6t5ZQzfjtn3CvXnVa-9_5--qRzojPDqn9LISCVehE69RBud_A2C18ZEpJ828ZcHxKISvM0SjUg5yyslo76yXbGD947X4Sc5c8bPjy-F83p1s8y05bh4uRrO_Pl_BlQhFTXzPWGi4cKoDsRzEU2sTAH_rJi4SkIO4ThgrcEMmD8If6pZuJ5-Z4Dhud-04kVGn5iv3mlnMDMu0mSGGrJ9-03xS3VU7iOzEYlmXvhvSAbZw4F8V2ALj2e6zoq6Vbw5swbsa14_5AvypJsieozgoz390BXVNRA4QN7lClHO_LUwCGAhyJVM_qEtUbEsntdv_ZBx7VE7q51vNCfNRtnPxgESmpDAXp8FtVtJg6lQJME0fsKhoDJIG87sFctmuQ0oN3_tNp1wxiQxpIG15PMKql7E0OF7O-1Ke8LtuJ8YNHm4AeNJhxI_SrPsHDPOuf8bnpXX3IdpTVX-2uDvS0E1okts3K8dQ6ZoBsrj8tSfvLEHIiyGAVWY76ZiCVTFUnY9kFU6uX-Y9J8sJN-_TL7tQP3pCvrK6JgmT3jiJEtw4CjG7ldbWrWtIN8FG6USimM5m0IJJCs_1Tz8HE-KP9Uz8FY30PQe0Iv57tzR7EbiPEG3IHJMUc4TdTvcWsPLsbLlqckU9bEV3BebwN8yvjOmg-zTTOsxrqIWSDaxxRkrgcTrcwW-yPy6cTSvPOK3Z8X88xBVetwuRUF__8GF1BriomrS05vKgpvytFENhqAeVqjoaRtOrV6Uumxv_niCFDPW0M7zZXDOHwC3uIILyhYN3s6f3wkypbehqF8YM46at0uRUPAIn0ejUj0GXvqzG-QqnwnvaqWpikyBcDLqHrZaOUeJaeO3qKdIeip36xAokznxiU9tomLCzBgUt-zMGcQy9Hbji_Xo3g-bf3VadSlRvJop1KEQwDmaD1CLXW6m9sHC7FD20NOPvMyvyL0oeJLUmkNfDbfEdi57IG8fHXKXBcr-ybi4aTBwLsqGe9_cBcKEA8ohLoy2a78A1wwF2KvYZ8An6lzmPF_RMxSo-yzGFhKKQHI44TcwCxUOTu27u_vQNppgBmUwik4kx0qIrWs5tqeUSe3-gbucdWpXhpOQ6sUp_vwYhfJFOQoJqsmDzJsav902gB6qv0H76VyWxjzGqlfSjWh34cBmwZyigobEIrnnMIqjcDqmuN4OH71FcDXhl2wn3wwkNWOmHraOPFSgtA8Bpl2IYhG2_63pZ-L3wdIW7iAS7lxkj_vjRxhxkExFTnaHqXj3_1e8zX4hGlJ-lsgKUk4EA1T2D5WyLcnKJ9PerFBhObpnKIPz6wcQFbhcIGOZg9k-4Dpknq3DTDBF5cRMUBpngn28FCYS6pD0WRMMnUGQFpsLaaJl6HdIXblExKgbZtR3KBu_oNZTFldEGyRvqLHcHQrqpRqGrlizF0Ko_kPmD3qLM0U80qpRYFJtcqRGlynz_Bnu-qEQDIrfzTU_Q3iRysM3XXFI4dm9gy-m75DMagbjYr3GaTcdedTvU4bVVzbUe3UKK-GkIoMRQo3JYtqiIlxMEBXZYCLlBsMCuD8zazTjHRLgoIMojWd4F76sek8PWQ56L3pMmVo_gQ-JOIRVZHtuZ4UCKxMvRcFPYvOYCLGGspRIO9RzWhATBO0MjyKM5k_lDeyoAmPueaM71czyMh-WxfUDuifhj9apyubusgNZc2EItWRMyix1LAkgf3p1-0AquK8ym_JAxCLMtwDlCnzZHDy6a813-wp1zUjgvlFHMajMrdTH2ziZSmaN1RJzPIbjHqMcy-CgvnJVzmkUpLYClT8HnYKYIJc_K0UoScBCoUscdEIMov5K5xD1X1BzAq6P6Iflx4WxHKQ6TB3ZH9_SzyI5UIKHT12hVFiUh6TbP_Lc0Ee-emy0O5_q0HqjLI7UScc7C3pjdGOU30kVkbogh_qMGqKX0E7UYeyFsh41E1DdkUPevCtzMYQUu4LM0E_6LqnXXn2wi_XBQ9Hu3v7eADvBq5yrOLSZm2ggMp0OWYHS_QF91pXExEnCR1NDL0Vv4FambUN0FcIZrZR829DVyXESyi20rlbpI9UvdJ6hUzpn8_xd-7dXGDALOau7Ttw7Qze5z6Yk6zrnBPKS15c1Krs1uTLb9pc-pqF_1t6YwoUwg2A4QAuZlSV9GE6PwTcSG3yaosiG-Bt-tv_ExFLhcKi3UlCCKwPv_4EnUa1eTcj7eX7Wzcs31BSCr1BhGWCotqU_dweqcQq-aU_CuBVFc4EymPvGiKYOak7DbhOb9RXOWVl5nmc02mBGBdFu_1SaS1JeIvdJuyuVeQTzzUB1tJbXxE25oT2SDhuDpP3nhPRJ6X5dp47Qtu3VwPCZQVxctJ3JvBWvqeENpJf8L6SCsvkiAlILB1OVuI4YxaoDp7x9AtNp53kNMdtaL48YDWgrFj58oheHtFWRCVwXPoSJ4ODEmp0aPiM-u52Jbk6TlkoZYH7kDM4C46plsv_rfqlzFcxiJZhLBT7gKrNf8PNZQVVAPr4wCkAO5ufi9pog3Q3F5MQb2FolsN8Cj4DxDBeEZJCKAPxctX9VbOsa6vz2ATPVJnR7wJQ1ZkpqCgikad7AqV4LoeNFwA2U8sOc9hnjsB-qBB4ZBBZuWOUODdxIGv5AGBHU8rC6-7ETmewmmf6XmjOjPxaizSuiNtMFu6_kD3-cy9EqoaRYOBa2A47nk0-410T0FjznBAtZh-C3Aonk&cid=CAASEuRoaPxuqj7EEl1kPIb2HmbFQg&rfl=2%2Chttps%253A%252F%252Fsecurityaffairs.co%242%2Chttps%253A%252F%252Fsecurityaffairs.co%252F%240
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s48-in-f2.1e100.net
Software
cafe /
Resource Hash
67cf5c21bfc71ee46210832792237e4a6ccd99e5c7bc198b046a38c9167fd0ab
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Sat, 09 Oct 2021 11:09:19 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
174
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
3128
x-xss-protection
0
server
cafe
etag
3658073882064373855
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Sat, 23 Oct 2021 11:09:19 GMT
view
googleads4.g.doubleclick.net/pcs/ Frame 8B35 		0
205 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssC8dea-kqMB2Wb79q6XHaq8eXZN59fzZivSUHaF8SE31TX_1noRl_l7DmMvImfxud2dqyURUgMOmBnpve_DIMMFu0h9xl1EJPLjPbzx15biMr4WOjlv2XOyk641NynruLpVl9QkyPChxuksP9jhBy2cXqWYP2YM09STNCHkXp8CHyYhb32zy2uR1uwUMCFC3gicU7bGJzPw2hdlHYybR_7pGtOQ__PPvWOIxywNEFwyC-o8_AaaF3f-RwLyKH4hr16t-3vcLOcQ_mzvGfiWM2am5xlU2m2kiV66iULjKMZkUXoa_WtAKVdMD8QMTJzRLJ2Tc1loKxwlTBuyqyHhlEI2fC0xopsX3gnvA_NRSC2W6-XZ8VZExvs3QraU_Q7L1gRWOgW8UWVfmA7gyT2GG-UwV7qXW1tXW9Mv6dwVmEqr9cBID3moAWhtH7YDRpgKTX1X6fUvlDK0Dz1Q_h5xDDVVLL5wX9oeTOoR63DgChoiw4DlsrwC9mdIQED41WOmjYVqgQUDDR2eefrpUQ-glftSS8ahdL7SzWAn_C6nNOBBo7nW2CQEAoYZLQj9vYv-ONSY_Exv1uAqCjqrVTOrVrjxnWDSemZHsF-PkSLmjOwL8H1xo8t403fXqWD7XkPlQz6QzzvUqC9s8d8RF3YaQxFG7VdIfpxwS78CSGirPaRaH6_I_OMlPt-CtqVnXwlmFHzcb_eaWxI0OsrbFGv_MGB3b1NaLMZ_y7mA2BXnIAoL-G4LmXM1TcwhQeIshGhFoV25Qrrn08Ya1IHvtExH2Qbob5LNxR5gOX-MFpnqiVWw7OE1M6vD7UKimL8OtFl76d8FzO_zrWuXpHOkZ0-WnTzze4pHjLM-RO1kyq7cOeLYq_yzD0CauTKM24wXKVUHGUjmJDjVnlaztv3qCvin-dVMKjW1R1Dm1ZCF1bC1p043Jw2DwnC4D4ckL9N2C1udWt01UREadaWSGWfU7JXTfuJ1eA4J-8TeOg-CvR7p69RoJUi52mGlH8HoIMbxGLdvo_uDEcmCIWFVOX4PlPo52nbp5qJNoBaLHul8en7qOu94YqXK5ddahDoE35Iq6xoIHFocedTRmLI-umaAa52wwtUbGlXblKVS_yNAUuTM4iDuIW88VWlUH1-pX_ql9830m2CD6Dfao2aFRM-3nJsqty1ien3lPHL&sai=AMfl-YSXpGxeCV-xnoHs3xNdyUJec9gcGaIY-_0QcDSYZrihRlQDcihgveSc72pwY89vSeOXCqV3WycyJdJMp99NodRdEgWOtYnWUiW2UYV0Sesu5RiIw5hrPbMGs3p3WF0Y2zF-SHVfwL49igxrEUj35hVLnV7tHQ&sig=Cg0ArKJSzIEXA4tZCGIREAE&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1&cbvp=1&cstd=0&cisv=r20211006.64462&adurl=
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-C0LvVY1_rAkW0m2EGs2jcWr9gUy1Th4dWl9DV6MvfB61zDvt1aWVE4Dcr-EzzSw2C8_oeCTy6Hxv3LgZo5bPgReBW_KoVbcAzdOtDBYWAdQAP5RGZli3zEtFp9zcax53cuy9gY5mU8ECIRXar6GBwrP9rgTw&cry=1&dbm_d=AKAmf-AdFKVTingL5q3tcFQYt1o41rVSslBtA0K8or91uWs3LOABng8SE8rR10EdxW1oheDT6R8iCZ4Eayh-O5LWQNifBtTw6jXbmKtvSX63c6_bnbgQSR_imdHmO-gB2P6SH4UVAEcbzcckxazINUTpLO_YTUMezkjPAA-8jDVngc-XjhwpDaIYzGxm5lcmwRGbfkw3DAO3F1PfhCvEWjufjcDq5sbvPWvLaf0SnQQ4KDMwI3GTvX8N-TDn_TwwhzXDBcvh3-HdN0z1CXJm2Cvu9F1QC1R-Yh8SlwTyBo3X7QRaOhvydN4k6fJqxItLSGiGGLitSMO8r0qVnPzBCwXGEdoPPx8RAauHjrqQ12LhT9sbyiBGSrCIJDtMNKBuWYBt5HIsTn6piGp6wM765qZUwd7kBO6_N-PPJgMKEUkL3X093xhXF62lVjsfxy9Dz9TQSd5TzFrD3JgPbkNgadvKw-rUAYH9jZpc19PgcUZP45wv2YrghFzPoswszMjj4MdF8DIf1ELR_OQqX7jj4tnvgkVpntjvafT-qwj-cvZMP0ijtDK4T6oU9KzEf5iWYW2_I-awoGMgDcFEA6vIgS5DqfiJCflpXA6RkAsl0ahfI312eI4miYs-FlnYHOSQxjEFvJuJkbkZolZyaoFqb3bPaNWMOCn_0RWbbHtBn6IbF9DMAEKDVJlnbiZt4LH9LTZqVfmmh3ZG-IFmmxFz6t5ZQzfjtn3CvXnVa-9_5--qRzojPDqn9LISCVehE69RBud_A2C18ZEpJ828ZcHxKISvM0SjUg5yyslo76yXbGD947X4Sc5c8bPjy-F83p1s8y05bh4uRrO_Pl_BlQhFTXzPWGi4cKoDsRzEU2sTAH_rJi4SkIO4ThgrcEMmD8If6pZuJ5-Z4Dhud-04kVGn5iv3mlnMDMu0mSGGrJ9-03xS3VU7iOzEYlmXvhvSAbZw4F8V2ALj2e6zoq6Vbw5swbsa14_5AvypJsieozgoz390BXVNRA4QN7lClHO_LUwCGAhyJVM_qEtUbEsntdv_ZBx7VE7q51vNCfNRtnPxgESmpDAXp8FtVtJg6lQJME0fsKhoDJIG87sFctmuQ0oN3_tNp1wxiQxpIG15PMKql7E0OF7O-1Ke8LtuJ8YNHm4AeNJhxI_SrPsHDPOuf8bnpXX3IdpTVX-2uDvS0E1okts3K8dQ6ZoBsrj8tSfvLEHIiyGAVWY76ZiCVTFUnY9kFU6uX-Y9J8sJN-_TL7tQP3pCvrK6JgmT3jiJEtw4CjG7ldbWrWtIN8FG6USimM5m0IJJCs_1Tz8HE-KP9Uz8FY30PQe0Iv57tzR7EbiPEG3IHJMUc4TdTvcWsPLsbLlqckU9bEV3BebwN8yvjOmg-zTTOsxrqIWSDaxxRkrgcTrcwW-yPy6cTSvPOK3Z8X88xBVetwuRUF__8GF1BriomrS05vKgpvytFENhqAeVqjoaRtOrV6Uumxv_niCFDPW0M7zZXDOHwC3uIILyhYN3s6f3wkypbehqF8YM46at0uRUPAIn0ejUj0GXvqzG-QqnwnvaqWpikyBcDLqHrZaOUeJaeO3qKdIeip36xAokznxiU9tomLCzBgUt-zMGcQy9Hbji_Xo3g-bf3VadSlRvJop1KEQwDmaD1CLXW6m9sHC7FD20NOPvMyvyL0oeJLUmkNfDbfEdi57IG8fHXKXBcr-ybi4aTBwLsqGe9_cBcKEA8ohLoy2a78A1wwF2KvYZ8An6lzmPF_RMxSo-yzGFhKKQHI44TcwCxUOTu27u_vQNppgBmUwik4kx0qIrWs5tqeUSe3-gbucdWpXhpOQ6sUp_vwYhfJFOQoJqsmDzJsav902gB6qv0H76VyWxjzGqlfSjWh34cBmwZyigobEIrnnMIqjcDqmuN4OH71FcDXhl2wn3wwkNWOmHraOPFSgtA8Bpl2IYhG2_63pZ-L3wdIW7iAS7lxkj_vjRxhxkExFTnaHqXj3_1e8zX4hGlJ-lsgKUk4EA1T2D5WyLcnKJ9PerFBhObpnKIPz6wcQFbhcIGOZg9k-4Dpknq3DTDBF5cRMUBpngn28FCYS6pD0WRMMnUGQFpsLaaJl6HdIXblExKgbZtR3KBu_oNZTFldEGyRvqLHcHQrqpRqGrlizF0Ko_kPmD3qLM0U80qpRYFJtcqRGlynz_Bnu-qEQDIrfzTU_Q3iRysM3XXFI4dm9gy-m75DMagbjYr3GaTcdedTvU4bVVzbUe3UKK-GkIoMRQo3JYtqiIlxMEBXZYCLlBsMCuD8zazTjHRLgoIMojWd4F76sek8PWQ56L3pMmVo_gQ-JOIRVZHtuZ4UCKxMvRcFPYvOYCLGGspRIO9RzWhATBO0MjyKM5k_lDeyoAmPueaM71czyMh-WxfUDuifhj9apyubusgNZc2EItWRMyix1LAkgf3p1-0AquK8ym_JAxCLMtwDlCnzZHDy6a813-wp1zUjgvlFHMajMrdTH2ziZSmaN1RJzPIbjHqMcy-CgvnJVzmkUpLYClT8HnYKYIJc_K0UoScBCoUscdEIMov5K5xD1X1BzAq6P6Iflx4WxHKQ6TB3ZH9_SzyI5UIKHT12hVFiUh6TbP_Lc0Ee-emy0O5_q0HqjLI7UScc7C3pjdGOU30kVkbogh_qMGqKX0E7UYeyFsh41E1DdkUPevCtzMYQUu4LM0E_6LqnXXn2wi_XBQ9Hu3v7eADvBq5yrOLSZm2ggMp0OWYHS_QF91pXExEnCR1NDL0Vv4FambUN0FcIZrZR829DVyXESyi20rlbpI9UvdJ6hUzpn8_xd-7dXGDALOau7Ttw7Qze5z6Yk6zrnBPKS15c1Krs1uTLb9pc-pqF_1t6YwoUwg2A4QAuZlSV9GE6PwTcSG3yaosiG-Bt-tv_ExFLhcKi3UlCCKwPv_4EnUa1eTcj7eX7Wzcs31BSCr1BhGWCotqU_dweqcQq-aU_CuBVFc4EymPvGiKYOak7DbhOb9RXOWVl5nmc02mBGBdFu_1SaS1JeIvdJuyuVeQTzzUB1tJbXxE25oT2SDhuDpP3nhPRJ6X5dp47Qtu3VwPCZQVxctJ3JvBWvqeENpJf8L6SCsvkiAlILB1OVuI4YxaoDp7x9AtNp53kNMdtaL48YDWgrFj58oheHtFWRCVwXPoSJ4ODEmp0aPiM-u52Jbk6TlkoZYH7kDM4C46plsv_rfqlzFcxiJZhLBT7gKrNf8PNZQVVAPr4wCkAO5ufi9pog3Q3F5MQb2FolsN8Cj4DxDBeEZJCKAPxctX9VbOsa6vz2ATPVJnR7wJQ1ZkpqCgikad7AqV4LoeNFwA2U8sOc9hnjsB-qBB4ZBBZuWOUODdxIGv5AGBHU8rC6-7ETmewmmf6XmjOjPxaizSuiNtMFu6_kD3-cy9EqoaRYOBa2A47nk0-410T0FjznBAtZh-C3Aonk&cid=CAASEuRoaPxuqj7EEl1kPIb2HmbFQg&rfl=2%2Chttps%253A%252F%252Fsecurityaffairs.co%242%2Chttps%253A%252F%252Fsecurityaffairs.co%252F%240
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.23.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
mil04s23-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

timing-allow-origin
*
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date
Sat, 09 Oct 2021 11:12:13 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
UFYwWwmt.js
tpc.googlesyndication.com/sodar/ Frame 8B35 		41 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-C0LvVY1_rAkW0m2EGs2jcWr9gUy1Th4dWl9DV6MvfB61zDvt1aWVE4Dcr-EzzSw2C8_oeCTy6Hxv3LgZo5bPgReBW_KoVbcAzdOtDBYWAdQAP5RGZli3zEtFp9zcax53cuy9gY5mU8ECIRXar6GBwrP9rgTw&cry=1&dbm_d=AKAmf-AdFKVTingL5q3tcFQYt1o41rVSslBtA0K8or91uWs3LOABng8SE8rR10EdxW1oheDT6R8iCZ4Eayh-O5LWQNifBtTw6jXbmKtvSX63c6_bnbgQSR_imdHmO-gB2P6SH4UVAEcbzcckxazINUTpLO_YTUMezkjPAA-8jDVngc-XjhwpDaIYzGxm5lcmwRGbfkw3DAO3F1PfhCvEWjufjcDq5sbvPWvLaf0SnQQ4KDMwI3GTvX8N-TDn_TwwhzXDBcvh3-HdN0z1CXJm2Cvu9F1QC1R-Yh8SlwTyBo3X7QRaOhvydN4k6fJqxItLSGiGGLitSMO8r0qVnPzBCwXGEdoPPx8RAauHjrqQ12LhT9sbyiBGSrCIJDtMNKBuWYBt5HIsTn6piGp6wM765qZUwd7kBO6_N-PPJgMKEUkL3X093xhXF62lVjsfxy9Dz9TQSd5TzFrD3JgPbkNgadvKw-rUAYH9jZpc19PgcUZP45wv2YrghFzPoswszMjj4MdF8DIf1ELR_OQqX7jj4tnvgkVpntjvafT-qwj-cvZMP0ijtDK4T6oU9KzEf5iWYW2_I-awoGMgDcFEA6vIgS5DqfiJCflpXA6RkAsl0ahfI312eI4miYs-FlnYHOSQxjEFvJuJkbkZolZyaoFqb3bPaNWMOCn_0RWbbHtBn6IbF9DMAEKDVJlnbiZt4LH9LTZqVfmmh3ZG-IFmmxFz6t5ZQzfjtn3CvXnVa-9_5--qRzojPDqn9LISCVehE69RBud_A2C18ZEpJ828ZcHxKISvM0SjUg5yyslo76yXbGD947X4Sc5c8bPjy-F83p1s8y05bh4uRrO_Pl_BlQhFTXzPWGi4cKoDsRzEU2sTAH_rJi4SkIO4ThgrcEMmD8If6pZuJ5-Z4Dhud-04kVGn5iv3mlnMDMu0mSGGrJ9-03xS3VU7iOzEYlmXvhvSAbZw4F8V2ALj2e6zoq6Vbw5swbsa14_5AvypJsieozgoz390BXVNRA4QN7lClHO_LUwCGAhyJVM_qEtUbEsntdv_ZBx7VE7q51vNCfNRtnPxgESmpDAXp8FtVtJg6lQJME0fsKhoDJIG87sFctmuQ0oN3_tNp1wxiQxpIG15PMKql7E0OF7O-1Ke8LtuJ8YNHm4AeNJhxI_SrPsHDPOuf8bnpXX3IdpTVX-2uDvS0E1okts3K8dQ6ZoBsrj8tSfvLEHIiyGAVWY76ZiCVTFUnY9kFU6uX-Y9J8sJN-_TL7tQP3pCvrK6JgmT3jiJEtw4CjG7ldbWrWtIN8FG6USimM5m0IJJCs_1Tz8HE-KP9Uz8FY30PQe0Iv57tzR7EbiPEG3IHJMUc4TdTvcWsPLsbLlqckU9bEV3BebwN8yvjOmg-zTTOsxrqIWSDaxxRkrgcTrcwW-yPy6cTSvPOK3Z8X88xBVetwuRUF__8GF1BriomrS05vKgpvytFENhqAeVqjoaRtOrV6Uumxv_niCFDPW0M7zZXDOHwC3uIILyhYN3s6f3wkypbehqF8YM46at0uRUPAIn0ejUj0GXvqzG-QqnwnvaqWpikyBcDLqHrZaOUeJaeO3qKdIeip36xAokznxiU9tomLCzBgUt-zMGcQy9Hbji_Xo3g-bf3VadSlRvJop1KEQwDmaD1CLXW6m9sHC7FD20NOPvMyvyL0oeJLUmkNfDbfEdi57IG8fHXKXBcr-ybi4aTBwLsqGe9_cBcKEA8ohLoy2a78A1wwF2KvYZ8An6lzmPF_RMxSo-yzGFhKKQHI44TcwCxUOTu27u_vQNppgBmUwik4kx0qIrWs5tqeUSe3-gbucdWpXhpOQ6sUp_vwYhfJFOQoJqsmDzJsav902gB6qv0H76VyWxjzGqlfSjWh34cBmwZyigobEIrnnMIqjcDqmuN4OH71FcDXhl2wn3wwkNWOmHraOPFSgtA8Bpl2IYhG2_63pZ-L3wdIW7iAS7lxkj_vjRxhxkExFTnaHqXj3_1e8zX4hGlJ-lsgKUk4EA1T2D5WyLcnKJ9PerFBhObpnKIPz6wcQFbhcIGOZg9k-4Dpknq3DTDBF5cRMUBpngn28FCYS6pD0WRMMnUGQFpsLaaJl6HdIXblExKgbZtR3KBu_oNZTFldEGyRvqLHcHQrqpRqGrlizF0Ko_kPmD3qLM0U80qpRYFJtcqRGlynz_Bnu-qEQDIrfzTU_Q3iRysM3XXFI4dm9gy-m75DMagbjYr3GaTcdedTvU4bVVzbUe3UKK-GkIoMRQo3JYtqiIlxMEBXZYCLlBsMCuD8zazTjHRLgoIMojWd4F76sek8PWQ56L3pMmVo_gQ-JOIRVZHtuZ4UCKxMvRcFPYvOYCLGGspRIO9RzWhATBO0MjyKM5k_lDeyoAmPueaM71czyMh-WxfUDuifhj9apyubusgNZc2EItWRMyix1LAkgf3p1-0AquK8ym_JAxCLMtwDlCnzZHDy6a813-wp1zUjgvlFHMajMrdTH2ziZSmaN1RJzPIbjHqMcy-CgvnJVzmkUpLYClT8HnYKYIJc_K0UoScBCoUscdEIMov5K5xD1X1BzAq6P6Iflx4WxHKQ6TB3ZH9_SzyI5UIKHT12hVFiUh6TbP_Lc0Ee-emy0O5_q0HqjLI7UScc7C3pjdGOU30kVkbogh_qMGqKX0E7UYeyFsh41E1DdkUPevCtzMYQUu4LM0E_6LqnXXn2wi_XBQ9Hu3v7eADvBq5yrOLSZm2ggMp0OWYHS_QF91pXExEnCR1NDL0Vv4FambUN0FcIZrZR829DVyXESyi20rlbpI9UvdJ6hUzpn8_xd-7dXGDALOau7Ttw7Qze5z6Yk6zrnBPKS15c1Krs1uTLb9pc-pqF_1t6YwoUwg2A4QAuZlSV9GE6PwTcSG3yaosiG-Bt-tv_ExFLhcKi3UlCCKwPv_4EnUa1eTcj7eX7Wzcs31BSCr1BhGWCotqU_dweqcQq-aU_CuBVFc4EymPvGiKYOak7DbhOb9RXOWVl5nmc02mBGBdFu_1SaS1JeIvdJuyuVeQTzzUB1tJbXxE25oT2SDhuDpP3nhPRJ6X5dp47Qtu3VwPCZQVxctJ3JvBWvqeENpJf8L6SCsvkiAlILB1OVuI4YxaoDp7x9AtNp53kNMdtaL48YDWgrFj58oheHtFWRCVwXPoSJ4ODEmp0aPiM-u52Jbk6TlkoZYH7kDM4C46plsv_rfqlzFcxiJZhLBT7gKrNf8PNZQVVAPr4wCkAO5ufi9pog3Q3F5MQb2FolsN8Cj4DxDBeEZJCKAPxctX9VbOsa6vz2ATPVJnR7wJQ1ZkpqCgikad7AqV4LoeNFwA2U8sOc9hnjsB-qBB4ZBBZuWOUODdxIGv5AGBHU8rC6-7ETmewmmf6XmjOjPxaizSuiNtMFu6_kD3-cy9EqoaRYOBa2A47nk0-410T0FjznBAtZh-C3Aonk&cid=CAASEuRoaPxuqj7EEl1kPIb2HmbFQg&rfl=2%2Chttps%253A%252F%252Fsecurityaffairs.co%242%2Chttps%253A%252F%252Fsecurityaffairs.co%252F%240
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.225 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f1.1e100.net
Software
sffe /
Resource Hash
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Thu, 07 Oct 2021 14:33:17 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
160736
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15207
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="adspam-signals-scs"
expires
Fri, 07 Oct 2022 14:33:17 GMT
cookie_push_onload.html
pagead2.googlesyndication.com/pagead/s/ Frame EAAD 		1 KB
749 B 		Document
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=250&slotname=Internal_300x250_0.10&adk=1639670682&adf=1174745095&pi=t.ma~as.Internal_300x250_0._&w=300&lmt=1633777933&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F123136%2Fmalware%2Fcox-media-group-ransomware.html%3Futm_source%3Drss%26utm_medium%3Drss%26utm_campaign%3Dcox-media-group-ransomware&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1633777932130&bpp=8&bdt=56&idt=942&shv=r20211006&mjsv=m202110060101&ptt=5&saldr=sa&cookie=ID%3D196d8e7f801c5845-22092b89e7ca00d9%3AT%3D1633777932%3ART%3D1633777932%3AS%3DALNI_MZ43NaiwjCjOep31Py9jmYXJBET-w&correlator=4075843604342&frm=21&ife=1&pv=1&ga_vid=1026516623.1633777931&ga_sid=1633777933&ga_hid=1671679630&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=320&ady=2414&biw=1600&bih=1200&isw=300&ish=250&ifk=2721514989&scr_x=0&scr_y=0&eid=31063076%2C31062930&oid=2&pvsid=2428993641080329&pem=686&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C250&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.6wt58ugvvb33&btvi=1&fsb=1&xpc=9qlfgNbbVz&p=https%3A//securityaffairs.co&dtd=970
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s48-in-f2.1e100.net
Software
cafe /
Resource Hash
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
pagead2.googlesyndication.com
:scheme
https
:path
/pagead/s/cookie_push_onload.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://googleads.g.doubleclick.net/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/

Response headers

p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
vary
Accept-Encoding
date
Fri, 08 Oct 2021 21:06:15 GMT
expires
Sat, 09 Oct 2021 21:06:15 GMT
content-type
text/html; charset=UTF-8
etag
48472445140208031
x-content-type-options
nosniff
content-encoding
gzip
server
cafe
content-length
724
x-xss-protection
0
age
50758
cache-control
public, max-age=86400
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
truncated
/ Frame 8B35 		214 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ffbad83a7c56f557db072973401a9cc5380b314ca3b9abd42287a7b0d08d7959

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type
image/png
Enqz_20U.html
tpc.googlesyndication.com/sodar/ Frame 45BD 		22 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.225 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f1.1e100.net
Software
sffe /
Resource Hash
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
tpc.googlesyndication.com
:scheme
https
:path
/sodar/Enqz_20U.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://googleads.g.doubleclick.net/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
cross-origin-resource-policy
cross-origin
cross-origin-opener-policy-report-only
same-origin; report-to="adspam-signals-scs"
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin
*
content-length
8395
date
Thu, 07 Oct 2021 14:33:17 GMT
expires
Fri, 07 Oct 2022 14:33:17 GMT
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
cache-control
public, max-age=31536000
age
160736
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
current
dclk-match.dotomi.com/match/bounce/ Frame EAAD 		0
103 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dclk-match.dotomi.com/match/bounce/current?networkId=14000&version=1&google_gid=CAESEHGTmx65F53-05LHzUiVxVE&google_cver=1&google_push=AYg5qPLbjEP2RxE0uBh3DDX7FZQqvavbkn3_EVpwO-mrJxIeedIy_QmudIfJ3AAQbSwnP12GWEoglZD80oyiZ-lqad7Ipq6TsQx_
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=250&slotname=Internal_300x250_0.10&adk=1639670682&adf=1174745095&pi=t.ma~as.Internal_300x250_0._&w=300&lmt=1633777933&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F123136%2Fmalware%2Fcox-media-group-ransomware.html%3Futm_source%3Drss%26utm_medium%3Drss%26utm_campaign%3Dcox-media-group-ransomware&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1633777932130&bpp=8&bdt=56&idt=942&shv=r20211006&mjsv=m202110060101&ptt=5&saldr=sa&cookie=ID%3D196d8e7f801c5845-22092b89e7ca00d9%3AT%3D1633777932%3ART%3D1633777932%3AS%3DALNI_MZ43NaiwjCjOep31Py9jmYXJBET-w&correlator=4075843604342&frm=21&ife=1&pv=1&ga_vid=1026516623.1633777931&ga_sid=1633777933&ga_hid=1671679630&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=320&ady=2414&biw=1600&bih=1200&isw=300&ish=250&ifk=2721514989&scr_x=0&scr_y=0&eid=31063076%2C31062930&oid=2&pvsid=2428993641080329&pem=686&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C250&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.6wt58ugvvb33&btvi=1&fsb=1&xpc=9qlfgNbbVz&p=https%3A//securityaffairs.co&dtd=970
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
89.207.16.137 Roydon, United Kingdom, ASN41041 (VCLK-EU-SE, US),
Reverse DNS
ams03-usadmm.dotomi.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 09 Oct 2021 11:12:13 GMT
cache-control
no-cache, private, max-age=0, no-store
server
nginx
expires
0
pixel
cm.g.doubleclick.net/ Frame EAAD
Redirect Chain
  • https://um.simpli.fi/gp_match?google_gid=CAESEBgZidHqO8X34CXXHlZOoNk&google_cver=1&google_push=AYg5qPIt1qjv5WhKmi66zj4y8fUQVySh8JtfNhamCwz7E86A5x2bvDx9Kk_vr435n98lh3sFJwJYQUn43cZ9_HiahcKhHWG3nC4Y
  • https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=7C6872371FE240FEA532E713FA4DCE7A&google_push=AYg5qPIt1qjv5WhKmi66zj4y8fUQVySh8JtfNhamCwz7E86A5x2bvDx9Kk_vr435n98lh3sFJwJYQUn43cZ9_Hi...
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=7C6872371FE240FEA532E713FA4DCE7A&google_push=AYg5qPIt1qjv5WhKmi66zj4y8fUQVySh8JtfNhamCwz7E86A5x2bvDx9Kk_vr435n98lh3sFJwJYQUn43cZ9_HiahcKhHWG3nC4Y
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=250&slotname=Internal_300x250_0.10&adk=1639670682&adf=1174745095&pi=t.ma~as.Internal_300x250_0._&w=300&lmt=1633777933&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F123136%2Fmalware%2Fcox-media-group-ransomware.html%3Futm_source%3Drss%26utm_medium%3Drss%26utm_campaign%3Dcox-media-group-ransomware&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1633777932130&bpp=8&bdt=56&idt=942&shv=r20211006&mjsv=m202110060101&ptt=5&saldr=sa&cookie=ID%3D196d8e7f801c5845-22092b89e7ca00d9%3AT%3D1633777932%3ART%3D1633777932%3AS%3DALNI_MZ43NaiwjCjOep31Py9jmYXJBET-w&correlator=4075843604342&frm=21&ife=1&pv=1&ga_vid=1026516623.1633777931&ga_sid=1633777933&ga_hid=1671679630&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=320&ady=2414&biw=1600&bih=1200&isw=300&ish=250&ifk=2721514989&scr_x=0&scr_y=0&eid=31063076%2C31062930&oid=2&pvsid=2428993641080329&pem=686&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C250&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.6wt58ugvvb33&btvi=1&fsb=1&xpc=9qlfgNbbVz&p=https%3A//securityaffairs.co&dtd=970
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
216.58.212.130 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
ams15s21-in-f130.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 09 Oct 2021 11:12:13 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date
Sat, 09 Oct 2021 11:12:13 GMT
x-content-type-options
nosniff
server
openresty
location
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=7C6872371FE240FEA532E713FA4DCE7A&google_push=AYg5qPIt1qjv5WhKmi66zj4y8fUQVySh8JtfNhamCwz7E86A5x2bvDx9Kk_vr435n98lh3sFJwJYQUn43cZ9_HiahcKhHWG3nC4Y
strict-transport-security
max-age=63072000; includeSubdomains; preload
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/html
access-control-allow-origin
*
cache-control
no-cache
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length
142
expires
Fri, 08 Oct 2021 11:12:13 GMT
gg_pixel
sync.adaptv.advertising.com/ Frame EAAD 		14 B
14 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.adaptv.advertising.com/gg_pixel?google_gid=CAESEMLIJQTTyhgfLWSxJ-Ph4gU&google_cver=1&google_push=AYg5qPIVMvb-OW0e0HKvSRaB2G3I46zqIh0iJymhdDg8p9jeZpunjwtW18CW9TrAExYDXuGa-xW_ifCqkjI1kLWyWu6oMcfHm2tr
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=250&slotname=Internal_300x250_0.10&adk=1639670682&adf=1174745095&pi=t.ma~as.Internal_300x250_0._&w=300&lmt=1633777933&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F123136%2Fmalware%2Fcox-media-group-ransomware.html%3Futm_source%3Drss%26utm_medium%3Drss%26utm_campaign%3Dcox-media-group-ransomware&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1633777932130&bpp=8&bdt=56&idt=942&shv=r20211006&mjsv=m202110060101&ptt=5&saldr=sa&cookie=ID%3D196d8e7f801c5845-22092b89e7ca00d9%3AT%3D1633777932%3ART%3D1633777932%3AS%3DALNI_MZ43NaiwjCjOep31Py9jmYXJBET-w&correlator=4075843604342&frm=21&ife=1&pv=1&ga_vid=1026516623.1633777931&ga_sid=1633777933&ga_hid=1671679630&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=320&ady=2414&biw=1600&bih=1200&isw=300&ish=250&ifk=2721514989&scr_x=0&scr_y=0&eid=31063076%2C31062930&oid=2&pvsid=2428993641080329&pem=686&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C250&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.6wt58ugvvb33&btvi=1&fsb=1&xpc=9qlfgNbbVz&p=https%3A//securityaffairs.co&dtd=970
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.200.159.188 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-200-159-188.compute-1.amazonaws.com
Software
ribs2.0 /
Resource Hash
0db80e4ae35fcf307507f9ced66fe9ccb3147c1ea12a60ea034092e6aa3ebf40

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Server
ribs2.0
Connection
keep-alive
Content-Length
14
Content-Type
text/plain
sync
dsp.adkernel.com/ Frame EAAD 		42 B
233 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsp.adkernel.com/sync?exchange=11&google_gid=CAESENtzgj1KAfJbCwZP593E3C0&google_cver=1&google_push=AYg5qPIsk63wLqmXd27NIgVODdglxJPjysghs3v1owAaH4b-1f6RSDky1mNGcr2KYi4K4dj8u8UZSCrekkS3_Jdk2uUMcFOXAaq7
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=250&slotname=Internal_300x250_0.10&adk=1639670682&adf=1174745095&pi=t.ma~as.Internal_300x250_0._&w=300&lmt=1633777933&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F123136%2Fmalware%2Fcox-media-group-ransomware.html%3Futm_source%3Drss%26utm_medium%3Drss%26utm_campaign%3Dcox-media-group-ransomware&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1633777932130&bpp=8&bdt=56&idt=942&shv=r20211006&mjsv=m202110060101&ptt=5&saldr=sa&cookie=ID%3D196d8e7f801c5845-22092b89e7ca00d9%3AT%3D1633777932%3ART%3D1633777932%3AS%3DALNI_MZ43NaiwjCjOep31Py9jmYXJBET-w&correlator=4075843604342&frm=21&ife=1&pv=1&ga_vid=1026516623.1633777931&ga_sid=1633777933&ga_hid=1671679630&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=320&ady=2414&biw=1600&bih=1200&isw=300&ish=250&ifk=2721514989&scr_x=0&scr_y=0&eid=31063076%2C31062930&oid=2&pvsid=2428993641080329&pem=686&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C250&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.6wt58ugvvb33&btvi=1&fsb=1&xpc=9qlfgNbbVz&p=https%3A//securityaffairs.co&dtd=970
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
174.137.133.49 , United States, ASN27257 (WEBAIR-INTERNET, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 09 Oct 2021 11:12:13 GMT
Server
nginx
Age
0
Content-Type
image/gif
Cache-Control
no-store
Connection
keep-alive
Content-Length
42
pixel
cm.g.doubleclick.net/ Frame EAAD
Redirect Chain
  • https://google.ops.beeline.ru/p?ssp=gl&google_gid=CAESECMt4eS_nE8QAOxhnQrvTDQ&google_cver=1&google_push=AYg5qPKEsJzeeUql3Ywp9KO199Xgz_KRHHq_1qoY0lfOwpG0xI8Rk1V3xbrRuJvPwj0W-IrkcUn1Br-4_-VB5tlzqFR8H...
  • https://cm.g.doubleclick.net/pixel?google_nid=vimpelcom_pjsc&google_hm=MDgyMzY5ZTQtYjcxMS00MTU0LWI1MzMtYmE0NjNhZTY1Yzdi&google_push=AYg5qPKEsJzeeUql3Ywp9KO199Xgz_KRHHq_1qoY0lfOwpG0xI8Rk1V3xbrRuJvPw...
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=vimpelcom_pjsc&google_hm=MDgyMzY5ZTQtYjcxMS00MTU0LWI1MzMtYmE0NjNhZTY1Yzdi&google_push=AYg5qPKEsJzeeUql3Ywp9KO199Xgz_KRHHq_1qoY0lfOwpG0xI8Rk1V3xbrRuJvPwj0W-IrkcUn1Br-4_-VB5tlzqFR8HqjwiRHplw
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
216.58.212.130 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
ams15s21-in-f130.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 09 Oct 2021 11:12:13 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date
Sat, 09 Oct 2021 11:12:13 GMT
x-route
http://upstream_cookiesync
server
nginx
location
https://cm.g.doubleclick.net/pixel?google_nid=vimpelcom_pjsc&google_hm=MDgyMzY5ZTQtYjcxMS00MTU0LWI1MzMtYmE0NjNhZTY1Yzdi&google_push=AYg5qPKEsJzeeUql3Ywp9KO199Xgz_KRHHq_1qoY0lfOwpG0xI8Rk1V3xbrRuJvPwj0W-IrkcUn1Br-4_-VB5tlzqFR8HqjwiRHplw
access-control-allow-methods
HEAD,GET,POST,PUT,DELETE,OPTIONS, GET, HEAD, POST, OPTIONS, PUT, DELETE
access-control-allow-origin
*
cache-control
no-store, no-cache, must-revalidate
access-control-allow-credentials
true, true
x-host
192.168.152.32
access-control-allow-headers
authorization, Content-Type, Authorization, Origin, X-Requested-With, Accept, Key, Accept-Encoding, DNT
content-length
0
expires
Thu, 01 Jan 1970 00:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame EAAD
Redirect Chain
  • https://sm.rtb.mts.ru/p?ssp=googlevid&pm=1&google_gid=CAESEJczlfRcaBJnzTzitL1I2x4&google_cver=1&google_push=AYg5qPKKhhVdrQzf1lH_nh7Do6DoFbDJuRUmOGxmbohm5zlUi69z7E_-Yog0hWoRqxEKoZLGN8pJr07V6QEEsSasj...
  • https://sm.rtb.mts.ru/match/second?r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dstream_llc_2%26id%3Dedea10d5-3ca0-4399-ac93-425306be5fef%26google_push%3DAYg5qPKKhhVdrQzf1lH_nh7Do6DoF...
  • https://tech.rtb.mts.ru/?dsp_uid=edea10d5-3ca0-4399-ac93-425306be5fef&return_url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dstream_llc_2%26id%3Dedea10d5-3ca0-4399-ac93-425306be5fef%2...
  • https://cm.g.doubleclick.net/pixel?google_nid=stream_llc_2&id=edea10d5-3ca0-4399-ac93-425306be5fef&google_push=AYg5qPKKhhVdrQzf1lH_nh7Do6DoFbDJuRUmOGxmbohm5zlUi69z7E_-Yog0hWoRqxEKoZLGN8pJr07V6QEEsS...
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=stream_llc_2&id=edea10d5-3ca0-4399-ac93-425306be5fef&google_push=AYg5qPKKhhVdrQzf1lH_nh7Do6DoFbDJuRUmOGxmbohm5zlUi69z7E_-Yog0hWoRqxEKoZLGN8pJr07V6QEEsSasjJm3dyG_z617YA
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
216.58.212.130 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
ams15s21-in-f130.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 09 Oct 2021 11:12:14 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date
Sat, 09 Oct 2021 11:12:14 GMT
Server
nginx/1.13.12
Transfer-Encoding
chunked
Access-Control-Allow-Methods
GET, POST, PUT, DELETE, OPTIONS
Content-Type
text/html; charset=utf-8
Location
https://cm.g.doubleclick.net/pixel?google_nid=stream_llc_2&id=edea10d5-3ca0-4399-ac93-425306be5fef&google_push=AYg5qPKKhhVdrQzf1lH_nh7Do6DoFbDJuRUmOGxmbohm5zlUi69z7E_-Yog0hWoRqxEKoZLGN8pJr07V6QEEsSasjJm3dyG_z617YA
Access-Control-Allow-Credentials
true
Connection
keep-alive
Access-Control-Allow-Headers
Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With
pixel
cm.g.doubleclick.net/ Frame EAAD
Redirect Chain
  • https://ads.avads.net/sync/ggl?google_gid=CAESEIJ-liGgV4wg2luE_3qfMGI&google_cver=1&google_push=AYg5qPLaOF-DiJFywz2Hk1CFGamsI7IsBdzzcgse92lD81rIs3BtvkOxrw7dxmpt7DY1bUmXRNoh4r8UbllLKbziWEyyV_an26flMQ
  • https://ads.avads.net/sync/ggl?google_gid=CAESEIJ-liGgV4wg2luE_3qfMGI&google_cver=1&google_push=AYg5qPLaOF-DiJFywz2Hk1CFGamsI7IsBdzzcgse92lD81rIs3BtvkOxrw7dxmpt7DY1bUmXRNoh4r8UbllLKbziWEyyV_an26flM...
  • https://ads.avads.net/sync/ggl?google_gid=CAESEIJ-liGgV4wg2luE_3qfMGI&google_cver=1&google_push=AYg5qPLaOF-DiJFywz2Hk1CFGamsI7IsBdzzcgse92lD81rIs3BtvkOxrw7dxmpt7DY1bUmXRNoh4r8UbllLKbziWEyyV_an26flMQ
  • https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=MGVjYTVmNzMtYTc1MS00Nzg3LWI2M2ItYWU1NGNkMGIyMjBj&google_push=AYg5qPLaOF-DiJFywz2Hk1CFGamsI7IsBdzzcgse92lD81rIs3BtvkOxrw7dxmpt7DY1bUm...
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=MGVjYTVmNzMtYTc1MS00Nzg3LWI2M2ItYWU1NGNkMGIyMjBj&google_push=AYg5qPLaOF-DiJFywz2Hk1CFGamsI7IsBdzzcgse92lD81rIs3BtvkOxrw7dxmpt7DY1bUmXRNoh4r8UbllLKbziWEyyV_an26flMQ
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
216.58.212.130 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
ams15s21-in-f130.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 09 Oct 2021 11:12:13 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location
https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=MGVjYTVmNzMtYTc1MS00Nzg3LWI2M2ItYWU1NGNkMGIyMjBj&google_push=AYg5qPLaOF-DiJFywz2Hk1CFGamsI7IsBdzzcgse92lD81rIs3BtvkOxrw7dxmpt7DY1bUmXRNoh4r8UbllLKbziWEyyV_an26flMQ
date
Sat, 09 Oct 2021 11:12:13 GMT
x-envoy-upstream-service-time
3
server
istio-envoy
content-length
0
attr
cm.g.doubleclick.net/pixel/ Frame EAAD 		0
12 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel/attr?d=AHNF13Leu0na_58PtnFNokpY05H6uYOCLR9W7a4594qM1tqbz33bnSOhzq3kSiUjzsz9-fnVpJYl4Fl-
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=250&slotname=Internal_300x250_0.10&adk=1639670682&adf=1174745095&pi=t.ma~as.Internal_300x250_0._&w=300&lmt=1633777933&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F123136%2Fmalware%2Fcox-media-group-ransomware.html%3Futm_source%3Drss%26utm_medium%3Drss%26utm_campaign%3Dcox-media-group-ransomware&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1633777932130&bpp=8&bdt=56&idt=942&shv=r20211006&mjsv=m202110060101&ptt=5&saldr=sa&cookie=ID%3D196d8e7f801c5845-22092b89e7ca00d9%3AT%3D1633777932%3ART%3D1633777932%3AS%3DALNI_MZ43NaiwjCjOep31Py9jmYXJBET-w&correlator=4075843604342&frm=21&ife=1&pv=1&ga_vid=1026516623.1633777931&ga_sid=1633777933&ga_hid=1671679630&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=320&ady=2414&biw=1600&bih=1200&isw=300&ish=250&ifk=2721514989&scr_x=0&scr_y=0&eid=31063076%2C31062930&oid=2&pvsid=2428993641080329&pem=686&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C250&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.6wt58ugvvb33&btvi=1&fsb=1&xpc=9qlfgNbbVz&p=https%3A//securityaffairs.co&dtd=970
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
216.58.212.130 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
ams15s21-in-f130.1e100.net
Software
HTTP server (unknown) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Sat, 09 Oct 2021 11:12:13 GMT
server
HTTP server (unknown)
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
content-type
text/html
Op0h1o4bLATv4Gekw87wLIhuIhk3mUgQ1PXLVSVUXpk.js
pagead2.googlesyndication.com/bg/ Frame 45BD 		35 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/Op0h1o4bLATv4Gekw87wLIhuIhk3mUgQ1PXLVSVUXpk.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s48-in-f2.1e100.net
Software
sffe /
Resource Hash
3a9d21d68e1b2c04efe067a4c3cef02c886e221937994810d4f5cb5525545e99
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Tue, 05 Oct 2021 20:38:05 GMT
content-encoding
br
x-content-type-options
nosniff
age
311648
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13306
x-xss-protection
0
last-modified
Tue, 05 Oct 2021 11:38:00 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="botguard-scs"
expires
Wed, 05 Oct 2022 20:38:05 GMT
view
googleads4.g.doubleclick.net/pcs/ Frame 8B35 		0
23 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssC8dea-kqMB2Wb79q6XHaq8eXZN59fzZivSUHaF8SE31TX_1noRl_l7DmMvImfxud2dqyURUgMOmBnpve_DIMMFu0h9xl1EJPLjPbzx15biMr4WOjlv2XOyk641NynruLpVl9QkyPChxuksP9jhBy2cXqWYP2YM09STNCHkXp8CHyYhb32zy2uR1uwUMCFC3gicU7bGJzPw2hdlHYybR_7pGtOQ__PPvWOIxywNEFwyC-o8_AaaF3f-RwLyKH4hr16t-3vcLOcQ_mzvGfiWM2am5xlU2m2kiV66iULjKMZkUXoa_WtAKVdMD8QMTJzRLJ2Tc1loKxwlTBuyqyHhlEI2fC0xopsX3gnvA_NRSC2W6-XZ8VZExvs3QraU_Q7L1gRWOgW8UWVfmA7gyT2GG-UwV7qXW1tXW9Mv6dwVmEqr9cBID3moAWhtH7YDRpgKTX1X6fUvlDK0Dz1Q_h5xDDVVLL5wX9oeTOoR63DgChoiw4DlsrwC9mdIQED41WOmjYVqgQUDDR2eefrpUQ-glftSS8ahdL7SzWAn_C6nNOBBo7nW2CQEAoYZLQj9vYv-ONSY_Exv1uAqCjqrVTOrVrjxnWDSemZHsF-PkSLmjOwL8H1xo8t403fXqWD7XkPlQz6QzzvUqC9s8d8RF3YaQxFG7VdIfpxwS78CSGirPaRaH6_I_OMlPt-CtqVnXwlmFHzcb_eaWxI0OsrbFGv_MGB3b1NaLMZ_y7mA2BXnIAoL-G4LmXM1TcwhQeIshGhFoV25Qrrn08Ya1IHvtExH2Qbob5LNxR5gOX-MFpnqiVWw7OE1M6vD7UKimL8OtFl76d8FzO_zrWuXpHOkZ0-WnTzze4pHjLM-RO1kyq7cOeLYq_yzD0CauTKM24wXKVUHGUjmJDjVnlaztv3qCvin-dVMKjW1R1Dm1ZCF1bC1p043Jw2DwnC4D4ckL9N2C1udWt01UREadaWSGWfU7JXTfuJ1eA4J-8TeOg-CvR7p69RoJUi52mGlH8HoIMbxGLdvo_uDEcmCIWFVOX4PlPo52nbp5qJNoBaLHul8en7qOu94YqXK5ddahDoE35Iq6xoIHFocedTRmLI-umaAa52wwtUbGlXblKVS_yNAUuTM4iDuIW88VWlUH1-pX_ql9830m2CD6Dfao2aFRM-3nJsqty1ien3lPHL&sai=AMfl-YSXpGxeCV-xnoHs3xNdyUJec9gcGaIY-_0QcDSYZrihRlQDcihgveSc72pwY89vSeOXCqV3WycyJdJMp99NodRdEgWOtYnWUiW2UYV0Sesu5RiIw5hrPbMGs3p3WF0Y2zF-SHVfwL49igxrEUj35hVLnV7tHQ&sig=Cg0ArKJSzIEXA4tZCGIREAE&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=105&vt=11&dtpt=104&dett=2&cstd=0&cisv=r20211006.64462&adurl=
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-C0LvVY1_rAkW0m2EGs2jcWr9gUy1Th4dWl9DV6MvfB61zDvt1aWVE4Dcr-EzzSw2C8_oeCTy6Hxv3LgZo5bPgReBW_KoVbcAzdOtDBYWAdQAP5RGZli3zEtFp9zcax53cuy9gY5mU8ECIRXar6GBwrP9rgTw&cry=1&dbm_d=AKAmf-AdFKVTingL5q3tcFQYt1o41rVSslBtA0K8or91uWs3LOABng8SE8rR10EdxW1oheDT6R8iCZ4Eayh-O5LWQNifBtTw6jXbmKtvSX63c6_bnbgQSR_imdHmO-gB2P6SH4UVAEcbzcckxazINUTpLO_YTUMezkjPAA-8jDVngc-XjhwpDaIYzGxm5lcmwRGbfkw3DAO3F1PfhCvEWjufjcDq5sbvPWvLaf0SnQQ4KDMwI3GTvX8N-TDn_TwwhzXDBcvh3-HdN0z1CXJm2Cvu9F1QC1R-Yh8SlwTyBo3X7QRaOhvydN4k6fJqxItLSGiGGLitSMO8r0qVnPzBCwXGEdoPPx8RAauHjrqQ12LhT9sbyiBGSrCIJDtMNKBuWYBt5HIsTn6piGp6wM765qZUwd7kBO6_N-PPJgMKEUkL3X093xhXF62lVjsfxy9Dz9TQSd5TzFrD3JgPbkNgadvKw-rUAYH9jZpc19PgcUZP45wv2YrghFzPoswszMjj4MdF8DIf1ELR_OQqX7jj4tnvgkVpntjvafT-qwj-cvZMP0ijtDK4T6oU9KzEf5iWYW2_I-awoGMgDcFEA6vIgS5DqfiJCflpXA6RkAsl0ahfI312eI4miYs-FlnYHOSQxjEFvJuJkbkZolZyaoFqb3bPaNWMOCn_0RWbbHtBn6IbF9DMAEKDVJlnbiZt4LH9LTZqVfmmh3ZG-IFmmxFz6t5ZQzfjtn3CvXnVa-9_5--qRzojPDqn9LISCVehE69RBud_A2C18ZEpJ828ZcHxKISvM0SjUg5yyslo76yXbGD947X4Sc5c8bPjy-F83p1s8y05bh4uRrO_Pl_BlQhFTXzPWGi4cKoDsRzEU2sTAH_rJi4SkIO4ThgrcEMmD8If6pZuJ5-Z4Dhud-04kVGn5iv3mlnMDMu0mSGGrJ9-03xS3VU7iOzEYlmXvhvSAbZw4F8V2ALj2e6zoq6Vbw5swbsa14_5AvypJsieozgoz390BXVNRA4QN7lClHO_LUwCGAhyJVM_qEtUbEsntdv_ZBx7VE7q51vNCfNRtnPxgESmpDAXp8FtVtJg6lQJME0fsKhoDJIG87sFctmuQ0oN3_tNp1wxiQxpIG15PMKql7E0OF7O-1Ke8LtuJ8YNHm4AeNJhxI_SrPsHDPOuf8bnpXX3IdpTVX-2uDvS0E1okts3K8dQ6ZoBsrj8tSfvLEHIiyGAVWY76ZiCVTFUnY9kFU6uX-Y9J8sJN-_TL7tQP3pCvrK6JgmT3jiJEtw4CjG7ldbWrWtIN8FG6USimM5m0IJJCs_1Tz8HE-KP9Uz8FY30PQe0Iv57tzR7EbiPEG3IHJMUc4TdTvcWsPLsbLlqckU9bEV3BebwN8yvjOmg-zTTOsxrqIWSDaxxRkrgcTrcwW-yPy6cTSvPOK3Z8X88xBVetwuRUF__8GF1BriomrS05vKgpvytFENhqAeVqjoaRtOrV6Uumxv_niCFDPW0M7zZXDOHwC3uIILyhYN3s6f3wkypbehqF8YM46at0uRUPAIn0ejUj0GXvqzG-QqnwnvaqWpikyBcDLqHrZaOUeJaeO3qKdIeip36xAokznxiU9tomLCzBgUt-zMGcQy9Hbji_Xo3g-bf3VadSlRvJop1KEQwDmaD1CLXW6m9sHC7FD20NOPvMyvyL0oeJLUmkNfDbfEdi57IG8fHXKXBcr-ybi4aTBwLsqGe9_cBcKEA8ohLoy2a78A1wwF2KvYZ8An6lzmPF_RMxSo-yzGFhKKQHI44TcwCxUOTu27u_vQNppgBmUwik4kx0qIrWs5tqeUSe3-gbucdWpXhpOQ6sUp_vwYhfJFOQoJqsmDzJsav902gB6qv0H76VyWxjzGqlfSjWh34cBmwZyigobEIrnnMIqjcDqmuN4OH71FcDXhl2wn3wwkNWOmHraOPFSgtA8Bpl2IYhG2_63pZ-L3wdIW7iAS7lxkj_vjRxhxkExFTnaHqXj3_1e8zX4hGlJ-lsgKUk4EA1T2D5WyLcnKJ9PerFBhObpnKIPz6wcQFbhcIGOZg9k-4Dpknq3DTDBF5cRMUBpngn28FCYS6pD0WRMMnUGQFpsLaaJl6HdIXblExKgbZtR3KBu_oNZTFldEGyRvqLHcHQrqpRqGrlizF0Ko_kPmD3qLM0U80qpRYFJtcqRGlynz_Bnu-qEQDIrfzTU_Q3iRysM3XXFI4dm9gy-m75DMagbjYr3GaTcdedTvU4bVVzbUe3UKK-GkIoMRQo3JYtqiIlxMEBXZYCLlBsMCuD8zazTjHRLgoIMojWd4F76sek8PWQ56L3pMmVo_gQ-JOIRVZHtuZ4UCKxMvRcFPYvOYCLGGspRIO9RzWhATBO0MjyKM5k_lDeyoAmPueaM71czyMh-WxfUDuifhj9apyubusgNZc2EItWRMyix1LAkgf3p1-0AquK8ym_JAxCLMtwDlCnzZHDy6a813-wp1zUjgvlFHMajMrdTH2ziZSmaN1RJzPIbjHqMcy-CgvnJVzmkUpLYClT8HnYKYIJc_K0UoScBCoUscdEIMov5K5xD1X1BzAq6P6Iflx4WxHKQ6TB3ZH9_SzyI5UIKHT12hVFiUh6TbP_Lc0Ee-emy0O5_q0HqjLI7UScc7C3pjdGOU30kVkbogh_qMGqKX0E7UYeyFsh41E1DdkUPevCtzMYQUu4LM0E_6LqnXXn2wi_XBQ9Hu3v7eADvBq5yrOLSZm2ggMp0OWYHS_QF91pXExEnCR1NDL0Vv4FambUN0FcIZrZR829DVyXESyi20rlbpI9UvdJ6hUzpn8_xd-7dXGDALOau7Ttw7Qze5z6Yk6zrnBPKS15c1Krs1uTLb9pc-pqF_1t6YwoUwg2A4QAuZlSV9GE6PwTcSG3yaosiG-Bt-tv_ExFLhcKi3UlCCKwPv_4EnUa1eTcj7eX7Wzcs31BSCr1BhGWCotqU_dweqcQq-aU_CuBVFc4EymPvGiKYOak7DbhOb9RXOWVl5nmc02mBGBdFu_1SaS1JeIvdJuyuVeQTzzUB1tJbXxE25oT2SDhuDpP3nhPRJ6X5dp47Qtu3VwPCZQVxctJ3JvBWvqeENpJf8L6SCsvkiAlILB1OVuI4YxaoDp7x9AtNp53kNMdtaL48YDWgrFj58oheHtFWRCVwXPoSJ4ODEmp0aPiM-u52Jbk6TlkoZYH7kDM4C46plsv_rfqlzFcxiJZhLBT7gKrNf8PNZQVVAPr4wCkAO5ufi9pog3Q3F5MQb2FolsN8Cj4DxDBeEZJCKAPxctX9VbOsa6vz2ATPVJnR7wJQ1ZkpqCgikad7AqV4LoeNFwA2U8sOc9hnjsB-qBB4ZBBZuWOUODdxIGv5AGBHU8rC6-7ETmewmmf6XmjOjPxaizSuiNtMFu6_kD3-cy9EqoaRYOBa2A47nk0-410T0FjznBAtZh-C3Aonk&cid=CAASEuRoaPxuqj7EEl1kPIb2HmbFQg&rfl=2%2Chttps%253A%252F%252Fsecurityaffairs.co%242%2Chttps%253A%252F%252Fsecurityaffairs.co%252F%240
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.23.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
mil04s23-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

timing-allow-origin
*
date
Sat, 09 Oct 2021 11:12:13 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
sodar
pagead2.googlesyndication.com/getconfig/ Frame D313 		11 KB
8 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20211006&st=env
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202110060101/show_ads_impl_fy2019.js?bust=31063076
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s48-in-f2.1e100.net
Software
cafe /
Resource Hash
3be20fd654a2b6610d02720ce62a5bb1ebe2d502ae17050c60101bcca5924ef7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

timing-allow-origin
*
date
Sat, 09 Oct 2021 11:12:13 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
8608
x-xss-protection
0
adview
googleads.g.doubleclick.net/pagead/ Frame B2A2 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/adview?ai=CmJioDHlhYYGjEML5-gav4JCQBrf2i6Zl1ZCytqwOyK2VmEMQASCjh5YeYMkGoAHzoc-3AcgBAqgDAaoElAJP0LgtjWoax8ZSJjZsGluqdeajk4v3IrtvEbKVZA_EHXWcI0gpKSZ2RFCnEb-D6onwXoxTb0WU-zgDGVs4L3IdPRhE0MO-daZ-ENJTg52m6vM_womlWclgj8vK8vEGeBWNbNPd991g-B9sW-ZXHmp8Nea5rbOzmJ7SU4ikpBfzjWP71aBlWNWgd0ITatbPnTpi569vMT8ODBmeJ7WtL_oBWZFmmtAXHqbH3n-H80_tIiVjMKBnoyrin4YGbs9ihIDtz0E_SDGJ6Z3vuELaj_w1Sfn5ZHsupaM71px7strq6tTyD8lLw-mHF14e_e5JQ-4i9zUXUJ26MNMlOWKLRSN713jg0K3P8OZuxA6za136N3DKUxHABJG12o7lA6AGAoAH9d2wyAKoB_DZG6gH8tkbqAeOzhuoB5PYG6gHugaoB-6WsQKoB9XJG6gHpr4bqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHAdIIBwiAYRABGF2xCdSFU5i87Mz5gAoDmAsByAsBuAwB2BMD0BUBgBcB&sigh=4yQmaqhe6Mo&vt=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0%3D
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.23.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
mil04s23-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=50&slotname=Internal_320x50_0.10&adk=468307373&adf=1480696190&pi=t.ma~as.Internal_320x50_0.10&w=320&lmt=1633777932&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F123136%2Fmalware%2Fcox-media-group-ransomware.html%3Futm_source%3Drss%26utm_medium%3Drss%26utm_campaign%3Dcox-media-group-ransomware&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1633777932085&bpp=13&bdt=69&idt=101&shv=r20211006&mjsv=m202110070201&ptt=5&saldr=sa&correlator=4075843604342&frm=21&ife=1&pv=2&ga_vid=1026516623.1633777931&ga_sid=1633777932&ga_hid=448423975&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=320&ady=844&biw=1600&bih=1200&isw=320&ish=50&ifk=1965715624&scr_x=0&scr_y=0&eid=31062938%2C31062944%2C31063089%2C31063103&oid=2&pvsid=2265266584299941&pem=686&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.13muzde6ulen&fsb=1&xpc=z3kiqxzK3Y&p=https%3A//securityaffairs.co&dtd=117
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

timing-allow-origin
*
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
date
Sat, 09 Oct 2021 11:12:13 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
activeview
pagead2.googlesyndication.com/pcs/ Frame B2A2 		42 B
64 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsui-MTn3aFKlI0l6AD1ECzhO32vuh0LBTb1n2hAWiLNxkiYCaGmkA9lm0Dr73ZroNwvlMZHSttY1QjLj_mq4NFaHZLQSjMONlsRnovyKhOalfKAiRc&sai=AMfl-YR2nqA_K_qxlP6QIfn6mkwgQTZHSFwgR0DdP3T0ajIxqAomHyx_TabAijPmrleSYtCAO_6IwAXys9za&sig=Cg0ArKJSzKlnX5fvRQayEAE&id=lidar2&mcvt=1012&p=0,0,41,320&mtos=1012,1012,1012,1012,1012&tos=1012,0,0,0,0&v=20211006&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=4&adk=468307373&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0%3D&vs=4&r=v&rst=1633777932204&rpt=582&met=mue&wmsd=0
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s48-in-f2.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 09 Oct 2021 11:12:13 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
sodar2.js
tpc.googlesyndication.com/sodar/ Frame D313 		17 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202110060101/show_ads_impl_fy2019.js?bust=31063076
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.225 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f1.1e100.net
Software
sffe /
Resource Hash
a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Sat, 09 Oct 2021 11:12:13 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1624308425655142"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6467
x-xss-protection
0
cross-origin-opener-policy-report-only
same-origin; report-to="adspam-signals-scs"
expires
Sat, 09 Oct 2021 11:12:13 GMT
runner.html
tpc.googlesyndication.com/sodar/sodar2/224/ Frame DCAE 		12 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.225 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f1.1e100.net
Software
sffe /
Resource Hash
4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
tpc.googlesyndication.com
:scheme
https
:path
/sodar/sodar2/224/runner.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://securityaffairs.co/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
cross-origin-resource-policy
cross-origin
cross-origin-opener-policy-report-only
same-origin; report-to="adspam-signals-scs"
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length
5029
date
Fri, 08 Oct 2021 20:51:41 GMT
expires
Sat, 08 Oct 2022 20:51:41 GMT
last-modified
Wed, 02 Jun 2021 17:09:45 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
cache-control
public, max-age=31536000
age
51632
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
aframe
www.google.com/recaptcha/api2/ Frame 8F7A 		783 B
536 B 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/aframe
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.228 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f4.1e100.net
Software
GSE /
Resource Hash
9b32cdf86e12b083f607d3034c381660c9df5ee7a1d00ff1e520a23f45f52d4e
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-3U9QUfxNr17ScqNg3LmJ2g' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
www.google.com
:scheme
https
:path
/recaptcha/api2/aframe
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://securityaffairs.co/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/

Response headers

cross-origin-resource-policy
cross-origin
cross-origin-embedder-policy
require-corp
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires
Sat, 09 Oct 2021 11:12:13 GMT
date
Sat, 09 Oct 2021 11:12:13 GMT
cache-control
private, max-age=300
content-type
text/html; charset=utf-8
content-security-policy
script-src 'report-sample' 'nonce-3U9QUfxNr17ScqNg3LmJ2g' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding
gzip
x-content-type-options
nosniff
x-xss-protection
1; mode=block
content-length
514
server
GSE
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
sodar
pagead2.googlesyndication.com/pagead/ Frame 8F7A 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=224&li=gda_r20211006&jk=2428993641080329&rc=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s48-in-f2.1e100.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers
Op0h1o4bLATv4Gekw87wLIhuIhk3mUgQ1PXLVSVUXpk.js
pagead2.googlesyndication.com/bg/ Frame DCAE 		35 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/Op0h1o4bLATv4Gekw87wLIhuIhk3mUgQ1PXLVSVUXpk.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s48-in-f2.1e100.net
Software
sffe /
Resource Hash
3a9d21d68e1b2c04efe067a4c3cef02c886e221937994810d4f5cb5525545e99
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Tue, 05 Oct 2021 20:38:05 GMT
content-encoding
br
x-content-type-options
nosniff
age
311648
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13306
x-xss-protection
0
last-modified
Tue, 05 Oct 2021 11:38:00 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="botguard-scs"
expires
Wed, 05 Oct 2022 20:38:05 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 45BD 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=Bn2n5DXlhYeCZJuuM3gOJ9JyQBQAAAAA4AeAEAg&bg=!xsWlxYHNAAbGFvHlxhY7ACkAdvg8WtPd7Axi_wlQbw2szGYBBfIQrsNjkPTzUeQjwjgo4qi96OtwXgIAAABgUgAAAAloAQeZAyWVIdzO8gBHAJ03vy9QUE3-6CSDQJs7Hi5o5AtfqLppCEbzyB8wGaMEzVG7XWBbveDg0_EO7TGPl57kl0HsrjMREBfH2O87IGPUfExS2ebxa57QOImUZ0bFQJ8Z5-zkWS6zHlf9iVSGe6hvF1DcvB3MiNbc6KQduYcG8-unPx3k5maaRvDW3UgJs2uRj9cQRo9jyz8IipYXTN_LOG3ebtpxlLaCTMdMZanzw0NlE6HPcNH1sYAloQ6XYa0Fir5z8rRFQz1717q3WDp1kJ-YEh-GlBVifCVxUicgN0gYkujmKmTH5V8QobJYT0g6AaGmzNcknNlIx0y45WXODfZY-60hsPbl2RLwTBw6bWHd_b5VGG0cUcqCTUnYryyCatOUPU2fP8-rl5ioaKR3phK3aDfqM56nEAS1vsg6HQHHQRv4uyPgddO-9lm6-Fvbos639YdrisSQaQblypJiPm47cUY8TVzdCSh1-ghgQdD76lwFWQcb567Kx6kTypdVeqvm7MW4SokOoJGT0p6Ykc6NggpMWtV8QcrgUq02CpYooXvwVjxLRRAcr6-vQn__LnOS_YHvwIVeL24TeN4r2BLRKUQVBaCTlU3thYHrIWt9FZrOb12vugao1cWlGcBEJqdaIUHSyRLtylIo_MLdlnuhS59y2toHGcatykU3IpgJBDpGrMSc0WAbnwS7yUJa2eJXCBpiGXCVYQmr_G4miFuyl9KvXOWh7nCcLbFElb8VQ9G3OUvAD93VtWdkvRx9keQTxQZATzoPnPbFu_k-roj8tsNBJweB4V28bOQTSPdsgJizeYw0UIXa4-v4LOko8jz3DLib5ZJJhBlH4z0oYLjD41n2MVDV6QR2EWcRI52VowitgAPZQpAOz5XxBA120z-T2-8oOnPz3yJ_ler4UXt7CMf2Gtr6YlZa4oOvteGcHF-ySrtVlpTvuAH6UnwUjfMi5bnzYufICW9zCf2gfQie7SWcqtyw1wfblYEwCjZAVM_KE2K2GybdWKFN5awDitgh4L8pOX_YhdxYMhyEGcbkwwQO0v9wtkPGAgVIFcyjxqCQycETdeY5
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s48-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 09 Oct 2021 11:12:13 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
async_usersync
ib.adnxs.com/ Frame FE7E 		0
735 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/async_usersync?cbfn=queuePixels
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.220.243 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
722.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.17.9 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://acdn.adnxs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 09 Oct 2021 11:12:13 GMT
X-Proxy-Origin
216.131.114.222; 216.131.114.222; 722.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid
32d910d4-9c77-4cc6-b575-b27b32a895a6
Server
nginx/1.17.9
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
async_usersync
ib.adnxs.com/ Frame E3E8 		0
735 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/async_usersync?cbfn=queuePixels
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.220.243 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
722.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.17.9 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://acdn.adnxs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 09 Oct 2021 11:12:13 GMT
X-Proxy-Origin
216.131.114.222; 216.131.114.222; 722.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid
ad18ad9c-5751-43e2-aa9b-e9d125088346
Server
nginx/1.17.9
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
async_usersync
ib.adnxs.com/ Frame 506B 		0
735 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/async_usersync?cbfn=queuePixels
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.220.243 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
722.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.17.9 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://acdn.adnxs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 09 Oct 2021 11:12:14 GMT
X-Proxy-Origin
216.131.114.222; 216.131.114.222; 722.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid
f96fd4a4-a839-4a80-a61b-bc89ccbd9605
Server
nginx/1.17.9
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
async_usersync
ib.adnxs.com/ Frame 544A 		0
735 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/async_usersync?cbfn=queuePixels
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.220.243 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
722.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.17.9 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://acdn.adnxs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 09 Oct 2021 11:12:14 GMT
X-Proxy-Origin
216.131.114.222; 216.131.114.222; 722.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid
445ed906-d1fe-4bf6-b9ef-d6825bb61cb0
Server
nginx/1.17.9
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame D313 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=224&t=2&li=gda_r20211006&jk=2428993641080329&bg=!oKOlo-fNAAbGFvHlxhY7ACkAdvg8WnKt2aNO1dRayd5nBbEx2f9MQqAHfqa7uXkBHW2qTCae6BuW_gIAAABTUgAAAApoAQeZAsw9eKJhcnazVgMHGzBVIfbE6LsCZvq6NClASY6_gGsEV4l01Y6oes480AV5rUcG4M-LDwN6I3QpaPaqvAKg8k5Ug1kspXXM2skkt8Z0Kkw_NsG413CwQX5AH0Ol6kV0deOVHmPu-eLeYMnifAZYQzg1FEvZbXWmHhDGUd-7ryECtNxQ174GmSfPgbPQ2L17_W6kb313mXEO83hKeO4igELx_uW4byca8t2Oh5fvSea3XOZortw6aWqy0noEpndCQSf2VjOwFVOckNk6q9CFwtVQogcCUsQE4ka1NCEgVfQ7zjukumwG7rzIJqDAZ-9hSV4JH7ZKZy_Qs5Qxd5Ei9Fk_AfEWFIw6k2LqpoY_yDcsC85pTSdig3-Jf14Ygs9_Zr7srqKELh23Jac7v1fonc5gRBfNFeAP-nHIGzxFVMGhAnPljf8P3W2X1fFB468d4e_hRNMiwBKZ2ykQJZVe2dQlho6k6T01LEL7cgZrMpEM9JuXrhiqFG1nvEL9Fv5GkrpywPyezeD9-tsDKKhRVWnv7Obs3FeRebRKi-3TpAI7gfdpx7ywd_Sxo_ZzSKQdtEXfDZ2P8kDFpRoKBeB7m9uox9Ig0wjAJpPyem0B_J01s2Uh9meip4gXWZQ4MOwPl6itxZPSNZonvfX8APf6c7YDTa0H3PB9xCrKCmMbVU1P-sPJf_Y6LqWMa_5W1rGeXGbHG8WKPtJO9tMQM5KXi12SLoFC6tiXFNeUG7kt2HzMIt1Z5CDnGjQ-vHH3aFGn9fC1PdQE3i_CAjyQOPC10iv8_gvlBatXr5jReIsirn5I40CAmxYHqX68ho3JZOMzc73-t2ZUU0IJsMnxw2Wo9JCUfiQTy03iEg5i-TlL8qVDVIYGrb7OZ_FIUMA_-P0Qk_iWw0CWmmg2yN8Ak1Ws38If5tyJvE97Ahp7fQ1TcDAAmMzHm5EL6dY_2_0mHw
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s48-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 09 Oct 2021 11:12:14 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
tracking.php
served-by.pixfuture.com/www/headerbid/library/tracking/ 		0
309 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://served-by.pixfuture.com/www/headerbid/library/tracking/tracking.php
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://securityaffairs.co/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

pragma
no-cache
date
Sat, 09 Oct 2021 11:12:14 GMT
server
nginx/1.10.3 (Ubuntu)
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
cache-control
max-age=172800
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
expires
Mon, 11 Oct 2021 11:12:14 GMT
728x90.png
cdn.pixfuture.com/banners/ Frame 6F1B 		25 KB
25 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.pixfuture.com/banners/728x90.png
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.10.156 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
59068deda373c6a739af2691cf79f8085aa80bc17e6e1169754b7b825e0e6c85

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Sat, 09 Oct 2021 11:12:14 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
57657
content-length
25711
last-modified
Wed, 03 Feb 2021 20:44:44 GMT
server
cloudflare
etag
"601b0b3c-646f"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yLs849wkyL%2F79vsi7vdwCUXmbBGpKqyfyl95dbYwMyGxr8Yx%2Bu5ULNHzhiyy41Bttw8wXnLNhev0SoITerrsdUratvCcs5oryskSGhIUit2nmH8k0mFO8fENUW9zkXiFEfPV"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
public, max-age=2678400, no-transform
accept-ranges
bytes
cf-ray
69b72c385a26410e-PRG
expires
Sun, 10 Oct 2021 18:32:43 GMT
SPug
simage4.pubmatic.com/AdServer/ Frame 5191 		0
128 B 		Script
General
Check archive.org
Download Go to
Full URL
https://simage4.pubmatic.com/AdServer/SPug?partnerID=158127&gdpr=0&gdpr_consent=&us_privacy=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.114 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Sat, 09 Oct 2021 11:12:14 GMT
cache-control
no-store, no-cache, private
server
nginx
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
fonts.googleapis.com
URL
http://fonts.googleapis.com/css?family=Roboto+Condensed%3A400italic%2C700italic%2C400%2C700&subset=latin%2Ccyrillic-ext%2Cgreek-ext%2Cgreek%2Ccyrillic%2Clatin-ext%2Cvietnamese&ver=4e9fb397a60a1f94ccb51524dee6bbf2
Domain
fonts.googleapis.com
URL
http://fonts.googleapis.com/css?family=Lato%3A400%2C700%2C400italic%2C700italic&ver=4e9fb397a60a1f94ccb51524dee6bbf2
Domain
fonts.googleapis.com
URL
http://fonts.googleapis.com/css?family=Playfair+Display%3A400%2C700%2C400italic&subset=latin%2Ccyrillic-ext%2Cgreek-ext%2Ccyrillic&ver=4e9fb397a60a1f94ccb51524dee6bbf2
Domain
fonts.googleapis.com
URL
http://fonts.googleapis.com/css?family=Oswald%3A400%2C700%2C400italic&subset=latin%2Ccyrillic-ext%2Cgreek-ext%2Ccyrillic&ver=4e9fb397a60a1f94ccb51524dee6bbf2
Domain
api.rlcdn.com
URL
https://api.rlcdn.com/api/identity/envelope?pid=c2d18b01-4905-4aba-a83e-e41eac932694
Domain
pagead2.googlesyndication.com
URL
https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202110060101/show_ads_impl_fy2019.js?bust=31063076

Verdicts & Comments Add Verdict or Comment

140 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| 6 object| 7 object| 8 object| 9 object| 10 object| 11 object| 12 object| 13 object| 14 object| 15 object| 16 object| 17 object| 18 object| 19 object| 20 object| 21 object| 22 object| 23 object| 24 object| 25 object| 26 object| 27 object| 28 object| 29 object| onbeforexrselect boolean| originAgentCluster string| em_version boolean| em_track_user string| em_no_track_reason object| disableStrs function| __gtagTrackerIsOptedOut undefined| index function| __gtagTrackerOptout function| gaOptout function| __gtagDataLayer function| __gtagTracker object| dataLayer object| ExactMetricsDualTracker function| gtag function| __gaTracker object| _wpemojiSettings object| google_tag_manager object| google_tag_data string| GoogleAnalyticsObject function| ga object| exactmetrics_frontend function| ExactMetrics object| ExactMetricsObject undefined| $ function| jQuery object| Cli_Data object| cli_cookiebar_settings object| log_object object| CLI_Cookie object| CLI object| cliBlocker string| CLI_ACCEPT_COOKIE_NAME string| CLI_PREFERNCE_COOKIE number| CLI_ACCEPT_COOKIE_EXPIRE boolean| CLI_COOKIEBAR_AS_POPUP object| mnetCustomerData function| injectMnetScript object| _mNHandle string| medianet_versionId object| stlib boolean| tpcCookiesEnableCheckingDone boolean| tpcCookiesEnabledStatus boolean| sop_pview_logged string| stWidgetVersion string| refQuery object| stLight boolean| st_showing object| st object| __stdos__ function| __sharethis__docReady object| __sharethis__ boolean| cli_flush_cache object| WPCOM_sharing_counts object| click_object object| Main object| BrowserDetect object| mejs function| onYouTubePlayerAPIReady function| onYouTubePlayerReady function| MediaElement function| MediaElementPlayer function| $j function| imagePreview object| wp object| sharing_js_options object| WPCOMSharing undefined| windowOpen object| _stq function| st_go function| linktracker_init object| wpcom object| FB string| currentText string| categoryCookie object| categoryCookieValue object| cli_chkbox_elm string| cli_chkbox_data_id string| cli_chkbox_data_id_trimmed object| twemoji object| gaplugins object| gaGlobal object| gaData object| _mN object| _mNSrv function| setup string| _mN_Idf number| _mN_ctr string| _mN_ctrM object| mnjs object| _mNDetails function| _cmL1Require function| _cmL1Define undefined| _mNE object| _mNadPrvLog object| displayPlacement_PF_script boolean| pixfuture_environment_started function| init_____display____pixfuture boolean| isPending string| prebid_file function| findCMP_PixFuture function| pbjs_pixChunk object| pbjs_pix object| _pbjsGlobals object| mnet object| google_reactive_ads_global_state object| google_ad_modifications number| google_global_correlator object| google_prev_clients object| googletag

104 Cookies

Domain/Path Name / Value
.t.co/ Name: muc
Value: ddeec802-5d81-4506-9f73-c22b67134720
.ift.tt/ Name: _bit
Value: l99bc8-ee15bb660c9a23ab87-00c
.media.net/ Name: gdpr_status
Value: 1
securityaffairs.co/ Name: cookielawinfo-checkbox-necessary
Value: yes
securityaffairs.co/ Name: cookielawinfo-checkbox-non-necessary
Value: yes
.securityaffairs.co/ Name: _ga
Value: GA1.2.1026516623.1633777931
.securityaffairs.co/ Name: _gid
Value: GA1.2.1374328988.1633777931
.securityaffairs.co/ Name: _gat_gtag_UA_59069958_1
Value: 1
.securityaffairs.co/ Name: _gat
Value: 1
securityaffairs.co/ Name: session_depth
Value: securityaffairs.co%3D1%7C816788371%3D2%7C184323154%3D1%7C647633027%3D1
securityaffairs.co/ Name: _pbjs_userid_consent_data
Value: 3524755945110770
securityaffairs.co/ Name: _lr_retry_request
Value: true
securityaffairs.co/ Name: _lr_env_src_ats
Value: false
.openx.net/ Name: i
Value: 289cb6b8-1c54-4932-9ad9-665438eaf9c1|1633777931
securityaffairs.co/ Name: cto_bidid
Value: L_nMe19qMlNVZ0hmSXBKZW5HMEhHd0N3MEJHYSUyQnhTNW9WbnpCZzJZemtCVWRyTUczUSUyQkRjM0daYXJKMXdTaWt0dGhRSmE5a1pzRzBwelV3YmttcHV6cmc1d1ElM0QlM0Q
securityaffairs.co/ Name: cto_bundle
Value: JO46h19yTG9odHJyR0lpN3lhbjVOZ2RhOTNpcjJEU0FZTjQ1bEtyNSUyQnJpcXltMU9qbCUyRnpQM3BBd2tBc3JwblhFbENOQUpnJTJCVm4lMkJUciUyQkdCSGtTSWozdWFNSVZzWlN1VldiMWNQMVE3eVJFQ2YzY1QlMkZPeElrcHVlc2JlTGloR044YXNXRg
.rubiconproject.com/ Name: rsid
Value: 1|HsGqLFsFr/vVSy6g0MQzNQWiuYBcZJvAvCF6IsCkVVAywYaQOmrhQ6qYZL+Njo/JRR6vvVOnYX6qF0anVSaRRFrEpFc6uQw19gMkasvdREJwzG6qEKUxNbX7S8/cWQrERdSf+hE=
.adsrvr.org/ Name: TDID
Value: 1dd5785e-2f3a-4d49-9043-ead9d52c2c52
securityaffairs.co/ Name: pbjs-unifiedid
Value: %7B%22TDID%22%3A%221dd5785e-2f3a-4d49-9043-ead9d52c2c52%22%2C%22TDID_LOOKUP%22%3A%22FALSE%22%2C%22TDID_CREATED_AT%22%3A%222021-10-09T11%3A12%3A11%22%7D
.go.sonobi.com/ Name: HAPLB5A
Value: s56128|YWF5D
.adnxs.com/ Name: icu
Value: ChgI3sJXEAoYASABKAEwi_KFiwY4AUABSAEQi_KFiwYYAA..
.rubiconproject.com/ Name: khaos
Value: KUJP73V7-15-4H48
.rubiconproject.com/ Name: audit
Value: 1|hLZGFuTafB2nNSJ8F4DpCvMldI1BXCZDBkZriXr0d3mHb75gq7CdaQqbF9i1EU5J751PgjmsPd3gcRgjl6EitQhJSJ8nY+hF3OlDu/ORdD8=
.adnxs.com/ Name: uuid2
Value: 3371712957801144948
.securityaffairs.co/ Name: __gads
Value: ID=196d8e7f801c5845-22092b89e7ca00d9:T=1633777932:RT=1633777932:S=ALNI_MZ43NaiwjCjOep31Py9jmYXJBET-w
.openx.net/ Name: pd
Value: v2|1633777932|gekin0vNiygu
.doubleclick.net/ Name: DSID
Value: NO_DATA
.doubleclick.net/ Name: IDE
Value: AHWqTUmj5QHxlXmgPPPGFpesAxSJs_lGTo6UIGbcus-WIBLio2VKogXuQg2RwshdlN0
.quantserve.com/ Name: mc
Value: 6161790c-f0230-067fc-3bd91
.adform.net/ Name: C
Value: 1
.mathtag.com/ Name: uuid
Value: ecc46161-790c-4100-bfdc-fc35f01e5f4d
.pubmatic.com/ Name: KADUSERCOOKIE
Value: E929A88B-44D7-460C-87B2-D524F9C2DD83
.pubmatic.com/ Name: chkChromeAb67Sec
Value: 1
.pubmatic.com/ Name: DPSync3
Value: 1634947200%3A201_197_219%7C1633824000%3A174
.pubmatic.com/ Name: SyncRTB3
Value: 1634947200%3A21_204_8_88_222_161_3_99_176_71_55_165_7_230_231_22_166_220_13_54_56_81_234_189%7C1635033600%3A35%7C1634342400%3A223_15_2%7C1634601600%3A63%7C1636329600%3A203
.adform.net/ Name: uid
Value: 1413885060248384874
eus.rubiconproject.com/ Name: pux
Value: 1512%3D103187%262249%3D103187%263778%3D103187%26a9us%3D103187%26idl%3D103187%26brx%3D103187%26goog%3D103187%262249-DV360-Hosted%3D103187%26
.quantserve.com/ Name: d
Value: EMUBEQG4JPijCJiTAA
.adfarm1.adition.com/ Name: UserID1
Value: 7017022791164819604
.taboola.com/ Name: t_gid
Value: 09c1189c-7a7a-4bdc-8efd-5f1655100870-tuct85afe8d
.bidswitch.net/ Name: tuuid
Value: b4ea6427-c713-454e-a4ee-8d2f87debcb3
.bidswitch.net/ Name: c
Value: 1633777933
.bidswitch.net/ Name: tuuid_lu
Value: 1633777933
.simpli.fi/ Name: suid
Value: 7C6872371FE240FEA532E713FA4DCE7A
.erne.co/ Name: u
Value: QA5ll3H8VoBvV8BxZudeXniA
.onaudience.com/ Name: cookie
Value: 15c0fcec72235e22
.onaudience.com/ Name: done_redirects104
Value: 1
.de17a.com/ Name: guid2
Value: 1.403435026075199129
.pubmatic.com/ Name: KRTBCOOKIE_1101
Value: 23040-7017022791164819604
.pubmatic.com/ Name: PUBMDCID
Value: 3
.analytics.yahoo.com/ Name: IDSYNC
Value: 18z8~20uz
.pubmatic.com/ Name: KRTBCOOKIE_409
Value: 22966-QA5ll3H8VoBvV8BxZudeXniA
.pubmatic.com/ Name: KRTBCOOKIE_391
Value: 22924-1413885060248384874&KRTB&23263-1413885060248384874
.pubmatic.com/ Name: KRTBCOOKIE_27
Value: 16735-uid:ecc46161-790c-4100-bfdc-fc35f01e5f4d&KRTB&16736-uid:ecc46161-790c-4100-bfdc-fc35f01e5f4d&KRTB&23019-uid:ecc46161-790c-4100-bfdc-fc35f01e5f4d&KRTB&23114-uid:ecc46161-790c-4100-bfdc-fc35f01e5f4d
.pubmatic.com/ Name: KRTBCOOKIE_57
Value: 22776-3371712957801144948
.pubmatic.com/ Name: KRTBCOOKIE_377
Value: 6810-1dd5785e-2f3a-4d49-9043-ead9d52c2c52&KRTB&22918-1dd5785e-2f3a-4d49-9043-ead9d52c2c52&KRTB&23031-1dd5785e-2f3a-4d49-9043-ead9d52c2c52
.pubmatic.com/ Name: KRTBCOOKIE_153
Value: 19420-UZV6KVCdfHtKwnwqVJRhKFGTKntKly58XpURs-7c&KRTB&22979-UZV6KVCdfHtKwnwqVJRhKFGTKntKly58XpURs-7c
.pubmatic.com/ Name: KRTBCOOKIE_80
Value: 22987-CAESEAuWxXhW7mQ2EU4MExmDtjo&KRTB&16514-CAESEAuWxXhW7mQ2EU4MExmDtjo&KRTB&23025-CAESEAuWxXhW7mQ2EU4MExmDtjo
.1rx.io/ Name: _rxuuid
Value: %7B%22rx_uuid%22%3A%22RX-fad4045b-1ae9-4d30-86bf-df47bd4b7bff-003%22%7D
.turn.com/ Name: uid
Value: 8162890501504201051
.pubmatic.com/ Name: KRTBCOOKIE_336
Value: 5844-403435026075199129
.mathtag.com/ Name: mt_mop
Value: 9:1633777932
.sitescout.com/ Name: ssi
Value: f17d52dc-50a9-47da-b18e-76980ef19679#1633777933279
.taptapnetworks.com/ Name: SONATA_ID
Value: csonata_6d4e5bd3-e558-496b-9f1d-ef914d5722be
ads.playground.xyz/ Name: connect.sid
Value: s%3AKEDiXrUBQS-d6JX5kcbheufr-LPrv6yu.HMyYJYLXEMtAuv7CQazm5cP57CBwGyTL7EcguZ9Tawg
.targeting.unrulymedia.com/ Name: _rxuuid
Value: %7B%22rx_uuid%22%3A%22RX-fad4045b-1ae9-4d30-86bf-df47bd4b7bff-003%22%7D
.bidr.io/ Name: bito
Value: AAEfUU7CwvIAABfVqaEewA
.bidr.io/ Name: bitoIsSecure
Value: ok
.pubmatic.com/ Name: KRTBCOOKIE_22
Value: 14911-8162890501504201051
.pubmatic.com/ Name: KRTBCOOKIE_594
Value: 17105-RX-fad4045b-1ae9-4d30-86bf-df47bd4b7bff-003&KRTB&17107-RX-fad4045b-1ae9-4d30-86bf-df47bd4b7bff-003
.everesttech.net/ Name: everest_g_v2
Value: g_surferid~YWF5DQAHxqVkmwA6
.sitescout.com/ Name: _ssuma
Value: eyI0NSI6MTYzMzc3NzkzMzM0NX0
.pubmatic.com/ Name: KRTBCOOKIE_218
Value: 22978-YWF5DQAHurgAYAAR&KRTB&23194-YWF5DQAHurgAYAAR&KRTB&23209-YWF5DQAHurgAYAAR&KRTB&23244-YWF5DQAHurgAYAAR
.yahoo.com/ Name: A3
Value: d=AQABBA15YWECELh_29gWFaScTF2OwEbj0iQFEgEBAQHKYmFrYQAAAAAA_eMAAA&S=AQAAAvua_lNw6vJQf_erEkTK4Ns
.pubmatic.com/ Name: KRTBCOOKIE_466
Value: 16530-b4ea6427-c713-454e-a4ee-8d2f87debcb3
.pubmatic.com/ Name: KRTBCOOKIE_188
Value: 3189-f17d52dc-50a9-47da-b18e-76980ef19679-6161790d-5553
.crwdcntrl.net/ Name: _cc_dc
Value: 1
.crwdcntrl.net/ Name: _cc_id
Value: afa9bf8a85af729ac5acc326bbea9c0e
.crwdcntrl.net/ Name: _cc_cc
Value: "ACZ4XmNQSExLtExKs0i0ME1MMzeyTEw2TUxONjYyS0pKTbRMNkhlAILExEpeEA0FAH7KC3c%3D"
.crwdcntrl.net/ Name: _cc_aud
Value: "ABR4XmNgYGBITKzkBVJQAAAQiAFJ"
.onaudience.com/ Name: done_redirects147
Value: 1
.adsrvr.org/ Name: TDCPM
Value: CAESFwoIcHVibWF0aWMSCwj4osHX9ceFOhAFGAEgASgCMgsI1N6th4zIhToQBTgBWgd4a3N3OWxhYAI.
.tribalfusion.com/ Name: ANON_ID
Value: aWnseFujieFo7YxU36xXK1fQrPR48mQ6l0JT3FUGh0JcRA15BZdRpP6IvdfQH6UgdSmgY3T18vxSIqAOL4gkj
.onaudience.com/ Name: done_redirects109
Value: 1
.casalemedia.com/ Name: CMPS
Value: 3193
.casalemedia.com/ Name: CMID
Value: YWF5DY.PDzvwxI.lNx-09AAA
bh.contextweb.com/ Name: INGRESSCOOKIE
Value: 4c471179aec2000b
.adnxs.com/ Name: anj
Value: dTM7k!M41.D>6NRF']wIg2C''<g^'d!A#Fe.TOKKnyW<U1`VROYQM-:<!UvqK_O!AA(q8D?NHHU?k=0GDd#grZv/eH%(2K:$doS]%6lN_4+>8y
.casalemedia.com/ Name: CMPRO
Value: 1150
.casalemedia.com/ Name: CMST
Value: YWF5DWFheQ0A
.casalemedia.com/ Name: CMRUM3
Value: 2d6161790d2760CAESEBX7GKUpnamMXTQ0cFqG2KU
.ads.avads.net/ Name: av-mid
Value: 0eca5f73-a751-4787-b63b-ae54cd0b220c
.ads.avads.net/ Name: av-tp-gadx
Value: 1
.smartadserver.com/ Name: pid
Value: 6600803794281955515
.smartadserver.com/ Name: TestIfCookieP
Value: ok
.smartadserver.com/ Name: csync
Value: 127:AAEfUU7CwvIAABfVqaEewA
.mts.ru/ Name: dspid
Value: edea10d5-3ca0-4399-ac93-425306be5fef
.pubmatic.com/ Name: KRTBCOOKIE_699
Value: 22727-AAEfUU7CwvIAABfVqaEewA
.pubmatic.com/ Name: PugT
Value: 1633777933
.ops.beeline.ru/ Name: BeeAID
Value: 082369e4-b711-4154-b533-ba463ae65c7b
.mts.ru/ Name: mts_id
Value: dee40bb8-9e9d-4c0d-907e-49a420b89f48
.mts.ru/ Name: mts_id_last_sync
Value: 1633777934
.adsby.bidtheatre.com/ Name: __kuid
Value: 36f95fec-cb93-46f1-87a5-38038b55a625.402991934
.pubmatic.com/ Name: SPugT
Value: 1633777934

10 Console Messages

Source Level URL
Text
security error URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware(Line 511)
Message:
Mixed Content: The page at 'https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware' was loaded over HTTPS, but requested an insecure stylesheet 'http://fonts.googleapis.com/css?family=Roboto+Condensed%3A400italic%2C700italic%2C400%2C700&subset=latin%2Ccyrillic-ext%2Cgreek-ext%2Cgreek%2Ccyrillic%2Clatin-ext%2Cvietnamese&ver=4e9fb397a60a1f94ccb51524dee6bbf2'. This request has been blocked; the content must be served over HTTPS.
security error URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware(Line 512)
Message:
Mixed Content: The page at 'https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware' was loaded over HTTPS, but requested an insecure stylesheet 'http://fonts.googleapis.com/css?family=Lato%3A400%2C700%2C400italic%2C700italic&ver=4e9fb397a60a1f94ccb51524dee6bbf2'. This request has been blocked; the content must be served over HTTPS.
security error URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware(Line 513)
Message:
Mixed Content: The page at 'https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware' was loaded over HTTPS, but requested an insecure stylesheet 'http://fonts.googleapis.com/css?family=Playfair+Display%3A400%2C700%2C400italic&subset=latin%2Ccyrillic-ext%2Cgreek-ext%2Ccyrillic&ver=4e9fb397a60a1f94ccb51524dee6bbf2'. This request has been blocked; the content must be served over HTTPS.
security error URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware(Line 514)
Message:
Mixed Content: The page at 'https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware' was loaded over HTTPS, but requested an insecure stylesheet 'http://fonts.googleapis.com/css?family=Oswald%3A400%2C700%2C400italic&subset=latin%2Ccyrillic-ext%2Cgreek-ext%2Ccyrillic&ver=4e9fb397a60a1f94ccb51524dee6bbf2'. This request has been blocked; the content must be served over HTTPS.
network error URL: https://aa.agkn.com/adscores/r.js?sid=9112309848
Message:
Failed to load resource: the server responded with a status of 400 ()
javascript error URL: https://securityaffairs.co/wordpress/123136/malware/cox-media-group-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=cox-media-group-ransomware
Message:
Access to XMLHttpRequest at 'https://api.rlcdn.com/api/identity/envelope?pid=c2d18b01-4905-4aba-a83e-e41eac932694' from origin 'https://securityaffairs.co' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network error URL: https://api.rlcdn.com/api/identity/envelope?pid=c2d18b01-4905-4aba-a83e-e41eac932694
Message:
Failed to load resource: net::ERR_FAILED
network error URL: https://id.rlcdn.com/709414.gif
Message:
Failed to load resource: the server responded with a status of 451 ()
deprecation warning
Message:
'window.webkitStorageInfo' is deprecated. Please use 'navigator.webkitTemporaryStorage' or 'navigator.webkitPersistentStorage' instead.
network error URL: https://sync.adaptv.advertising.com/gg_pixel?google_gid=CAESEMLIJQTTyhgfLWSxJ-Ph4gU&google_cver=1&google_push=AYg5qPIVMvb-OW0e0HKvSRaB2G3I46zqIh0iJymhdDg8p9jeZpunjwtW18CW9TrAExYDXuGa-xW_ifCqkjI1kLWyWu6oMcfHm2tr
Message:
Failed to load resource: the server responded with a status of 403 (Forbidden)

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=0
X-Xss-Protection 0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a.tribalfusion.com
aa.agkn.com
acdn.adnxs.com
ad.turn.com
ad4m.at
ads.avads.net
ads.playground.xyz
ads.pubmatic.com
ads.us.e-planning.net
ads.yahoo.com
adservice.google.com
ap.lijit.com
apex.go.sonobi.com
api.rlcdn.com
bh.contextweb.com
btlr.sharethrough.com
buttons-config.sharethis.com
c1.adform.net
c2shb.ssp.yahoo.com
cdn.pixfuture.com
cm.adgrx.com
cm.g.doubleclick.net
connect.facebook.net
contextual.media.net
csync.loopme.me
d5p.de17a.com
dclk-match.dotomi.com
dis.criteo.com
dsp.adfarm1.adition.com
dsp.adkernel.com
dsum-sec.casalemedia.com
eu-u.openx.net
eus.rubiconproject.com
fastlane.rubiconproject.com
fonts.googleapis.com
google-analytics.com
google.ops.beeline.ru
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
graph.facebook.com
green.erne.co
gum.criteo.com
hbopenbid.pubmatic.com
i0.wp.com
i1.wp.com
i2.wp.com
ib.adnxs.com
id.rlcdn.com
id5-sync.com
ift.tt
image2.pubmatic.com
image4.pubmatic.com
image6.pubmatic.com
l.sharethis.com
lg3.media.net
match.adsby.bidtheatre.com
match.adsrvr.org
match.deepintent.com
match.prod.bidr.io
match.taboola.com
maxcdn.bootstrapcdn.com
navvy.media.net
pagead2.googlesyndication.com
partner.googleadservices.com
pixel-sync.sitescout.com
pixel.onaudience.com
pixel.quantserve.com
pixel.rubiconproject.com
pixel.wp.com
pixfuture2-d.openx.net
platform-api.sharethis.com
pr-bh.ybp.yahoo.com
prebid.media.net
prebidserver.pixfuture.com
pubmatic-match.dotomi.com
rtb-csync.smartadserver.com
rtb.gumgum.com
s.tribalfusion.com
s0.2mdn.net
secure.adnxs.com
secure.gravatar.com
securityaffairs.co
served-by.pixfuture.com
simage2.pubmatic.com
simage4.pubmatic.com
sm.rtb.mts.ru
sonata-notifications.taptapnetworks.com
ssc-cms.33across.com
ssc.33across.com
stats.wp.com
sync-tm.everesttech.net
sync.1rx.io
sync.adaptv.advertising.com
sync.crwdcntrl.net
sync.mathtag.com
sync.targeting.unrulymedia.com
t.co
tags.bluekai.com
tech.rtb.mts.ru
token.rubiconproject.com
tpc.googlesyndication.com
trc.taboola.com
um.simpli.fi
ups.analytics.yahoo.com
us-u.openx.net
ws.sharethis.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
x.bidswitch.net
api.rlcdn.com
fonts.googleapis.com
pagead2.googlesyndication.com
104.109.78.125
104.111.215.191
104.18.10.207
104.18.12.5
104.244.42.5
104.26.10.156
104.26.10.209
13.32.29.9
13.35.253.67
142.250.181.226
142.250.184.226
142.250.185.130
142.250.185.225
142.250.185.228
142.250.185.66
142.250.186.102
142.250.74.206
151.101.129.108
151.101.194.49
151.101.65.44
157.240.20.15
157.240.20.19
157.245.94.128
159.65.197.210
162.55.6.210
169.197.150.7
169.50.137.190
172.217.16.136
172.217.23.100
172.217.23.98
174.137.133.49
178.162.133.150
178.250.2.146
178.250.2.151
18.158.15.79
18.184.212.65
185.29.132.241
185.33.220.243
185.33.223.178
185.64.189.110
185.64.189.112
185.64.189.114
185.64.190.78
185.86.138.144
192.0.73.2
192.0.76.3
192.0.77.2
198.148.27.140
2.18.233.180
2.18.234.21
2.18.235.93
208.100.17.172
212.82.100.176
213.155.156.166
213.19.147.44
213.87.44.187
216.58.212.130
217.160.0.146
217.66.147.162
3.124.181.115
3.126.38.41
3.126.56.137
34.102.149.62
34.107.148.139
34.149.20.76
34.98.107.212
34.98.64.218
35.205.207.25
35.244.174.68
37.157.4.39
37.9.245.57
46.228.164.11
46.249.52.249
51.195.5.234
51.210.112.236
52.18.52.16
52.200.159.188
52.209.129.133
52.215.68.151
52.28.203.152
52.28.96.148
63.251.14.14
65.9.66.81
66.155.71.149
67.199.248.12
68.183.31.14
69.173.144.139
69.173.144.140
69.173.144.165
72.251.241.196
76.223.111.131
85.114.159.118
87.248.118.23
87.98.242.60
89.207.16.137
91.228.74.134
00d534b6d1d7adf2faa7861ce9557403c3c08304e2791fd4301029b0e142c286
00f28fdb987ce0f9edc935ffe381123a2e1f79fcc0f55759a7bb4a83b4a88584
03a83e5f1f875e3d5b5456d3d631d8587dfdc1a8208a7c9d90baf46feb736a78
0757f7ff6e5f6a581922a5e2d42c5e0cf7475d880885a9802e8bdd5e4188dd34
07e9ed75312f8e8b07d6895214908e9fe814b28f29e539cc9383e1e6bebe9a24
0894b04acc46592994ed1d4c24269d12c7aaef0c634f8b5e9de2cdeae78143fb
08a16581503f4c0e6957275413c1efdcf509902d4c98cb659ab17cf5ac992fc6
0915fad60bc9b61b6dcd82d05da7ec4bc0232a647e75b8507c3cba6d4d6602f9
0af3aae90b7de9fdceee2ab421378ea2f54c74be81ef43fc6c1790a032755d80
0b4cc12ccd09adacbf7695b7ae68d146a6b9bfa7a2058dbd4e58f31c14ec5e7e
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0bece55a15ec2615a8625e70fa5f139626b654c1a9aaeb8c2e30a0de48deef5a
0c27a9c1aee9eacb73655f930a6bbf9ec721006695e5c38405296081cdbcb878
0db80e4ae35fcf307507f9ced66fe9ccb3147c1ea12a60ea034092e6aa3ebf40
0de95a04e26a71572528a1f70c39db43a3656197a28643aee11694c32a3c861f
0e53466218d7ff174e0a083ecce89b1c090c67ccbe55775eddca03e930ff9e35
0ebbc7fba9a50d36ef5422345f624431710db4528f25749d1d438c2c10bb69f2
0fd28fece9ebd606b8b071460ebd3fc2ed7bc7a66ef91c8834f11dfacab4a849
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
13b61826fde5b78966364a0bfe1f2309da1f0ccd75923528a5014978b7276742
13d0e1dd4f7c5edd26e3ff420ef4ea62954a33c88db4371829d91ceb76958ac4
1466daf68a53edf18f5bff340913257fbb76c0f84c84827e767182b72ec5ad0e
1523ddaa632d195a1240668fb5c6870519e3cdfeabd5a346141bcbb03222e2e7
175437ab2d5703d39c01d0f479b19f9b1569bfb2cf43dca8cbf30ff962f0f48b
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
1832a6ee34745b08b1fcae42c24468086358b43071d7679a738951aa7dc243ea
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002
18d61b5ee68a57bd7a4733f776f9f8aa5c353e7f35a420881523b6edbf7c6b19
19f362b8270f24033bb3822bc08eeee3f431c8e2ad0c2e33cbf83bfbc8f70dc6
1aaab3c3d6f974416ae34893cebe3a544aea17931439b2449ec392061d11ec82
1bc16a142b3a073b127a3bf7ba0a570c5714b39335370ff22e4f36f7494c920c
1c427129aad521c6b115b48fd0679df6e09affa78f7e163a8bb95837559dbb7f
1cc4f4c92b087dcaf73fae7b25faeb55c5b3399e5ccf1d8ac5dbc01231fdb61a
1ec3529d04b3a13b0ee1679c517edc48ca180123213148c2447504431af6478c
216754a5122c17b37dee7df406ed85a2d614f3974d3124ddb812368eddb40979
2199990352edbb7ec586e01d26e2f6a7010a2fce1517711019b614dcec353ba3
21baf3a385791252be8a2d62a32e3b8124a972d0df48e5eff133e1236fca290c
2295c7a89c8ac4a19e2641283109be472d8f58bd78e42a38a0d16e34203e4bba
2333802e4a0c86b4cc4c71b376fc0aedc3b03039bfc777d96105f82231215732
25f82e367169cac25434d78d4122c9291a7df2e0da52386fcde75c845811e5be
2777e3fde8dfe70c838c3c48ca35e9bbd60de2a6cc213c520d9a0a8ca6bdd93b
2c29defe29114d0e8b948e78d50ebb281035df53a9167089deb1e77e801bbd2f
2df1e67459f1d7eda2c4c5af7e07c73f911f6c898f3d061d8f3e9a32ad63fe31
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
2f463337669a76ba14b6b42f545cd44faeb9cd0f85c4cc9a7f0705643af6f047
2fcd0e2603ca36c04daed75f20f5b88c8667ee03864abdfc8d77467a46c9dda2
30913ad6947d623fe2ffb126516eee0bc0e181b51238f292caf37b6a6ea463b5
326c32d7ffbd04762a10cf5bb37441d418397959381d3893c9e9a48217aa5347
32d6bf2fb9aa075733140baf986a5e8dbfb28e4a6eee429777e35e6b550528ca
336eec6d760504f102216e9d89a11be24f825d1d0b57069ec6acda75466a4f4a
34009480c0169d19093d8f0c005598da01d4f2bfa1dc57a6820566e15bc238a9
35b68a4a6b135e744e7eb4808a90da92cefff01e96c9e78b83b1268fd578e40a
37d925559381e9d5388c4a096fe1383570546b7b11548d7d6a7e560adcc24e5d
3a9d21d68e1b2c04efe067a4c3cef02c886e221937994810d4f5cb5525545e99
3be20fd654a2b6610d02720ce62a5bb1ebe2d502ae17050c60101bcca5924ef7
3c08635177b7c63dd3c975dc9c02525b72f45dd933d5638afe9380514d50a582
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390
40a53de23291c133169e25cfa28f667be48b906b91ea60ae25d3da29476c8942
40bc46248d8f8d5fbea7678bd0c0031327e206daaf99f3bf6723b9a70f665f7f
41fcae5996e565973710c6bcc948cccba5b22d79ac6c8aa0b31eea59c0c60e3c
42f85e6ad4509f4e953a813a68bb04b3eb562b7d917a290b61355b51d0e620eb
45185c8f6cd2f9b42e3a02b78af40edc7d61328fac3167a0490c9c69bbecaaa6
45df10c585e01c07a3602ed16c1c6842d2572d6b15bceff9cb1f58256d330e31
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
4a7fc41d3a93b893035ad7c9fde8beefd1ba77a7cd79de000d1555e86e2272dc
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4c6b4ef22f4c5dd8fd6e17ab6706d8c55d236824c20b3d8dcd310f7de744def6
4cb65af490eea0fb6f1f32f6d01836305f3869ae612f3e9a59f65bbf27f92c0f
4cdecc62f5b2c8e9f7cf7b14b9fd42e0c4787d912c1b71426cdfbe0144cede46
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4f49e616d278a16d9cd55a6d5fe19c99ebd37d7d3848d14422190618b67011e0
4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
5120f35e394e169ac0839405dbd6e680163a4e02f060f5a6a833ebfacf35d966
51896cb4e932803b983cf59d85b20c705f42a891fa0c9c408e3cb267b5bb949c
536386f4e5a08dcde004ad0d24c4ea816a2054ba53f5da25ebb12fa4493f693f
541ac58217a8ade1a5e292a65a0661dc9db7a49ae13654943817a4fbc6761afd
5525d57ced576560de8777ea78e4bc0c9d55396c0b668a7563b354de9c165aee
579001a3e4ebdcb435375500f093293a4cdebde77534de9b389b766c9245fff0
59068deda373c6a739af2691cf79f8085aa80bc17e6e1169754b7b825e0e6c85
5978a4bc1dc3d8f1c681398d53ba953a6aec693b4029df103b73ae90cf705079
5c8bd0c2f891239145b9a187e6490a89c8af9f6b5224cea83884f6c5662d1b48
5cbf31f01d7d1ce4853bcd6cc64dbfd103d412ec14d8bcc4ebca3b35dc3f3b74
5d0074cbdb9785fbf7a269393a3466e1f2764ebf191469851f1dcee6b4eb0885
6139b4d0af528ec1d0e26ae865c1ca04ac061d844ffa6ccc9e4adaa3af93a2f7
64c41a6752147d6209ab9377bd28d1970be83a0a8d8617dfa4ea8dddf0516194
650868ebc4c00b2ea4ea72747f655f8a0552ba53c9b5b55defd9457be75f1aa9
65cfa6801a0886fab249b224e8a6982b4740fe7879fce99ff13ddaac9aaca01a
67cf5c21bfc71ee46210832792237e4a6ccd99e5c7bc198b046a38c9167fd0ab
69a8bcf21ec4a8d29e1e52f2a810bc6d54d0fa8ff15153e188f200c23c9363a6
6a3efc5b3e8d2fc30f967a2dd94212f1301b97427b2dfabe9eb1033b46890b17
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6d9f061cba81145d9bab0964192d66cb2e13a71591482cdfaf5b718341171da1
6eac4f1bf5bf8976cc74f9d784adc40029ac907cf2ba54cc3c5a50c8e38cd122
73cadf4725483d9a9290b8ea3ad87fe2afc746de5f70e89f088a3df9996bd8dd
7478123ab457a28ecf9df78f2832fbdbefc205eaef0930b4f6666903e756be46
759949fb0ffaa47eb3755d704adfee7be3ab4fd3d3fa2f37381ca6ea8b9506b1
76a18f5f0637e0d73ce1afece898ce8b0fa75bb6b1c1990ae4a7ac6b083045ce
7739eefcdee8afcb00fbe9a35cc795fff0cff7092b10d56c4190484d42892433
7843dea28dca52e10a15edd76553dbc3604f8aaa3ebeed31d775fd2ce87b5cde
796c46ec10bc9105545f6f90d51593921b69956bd9087eb72bee83f40ad86f90
7d5e37695ca822303dfb0da777e8962be813fe9dab34db4cc06fa5705d057c98
7e158cb3833d2797c78acf8b6182846ff1c5971ede11ae0910b7a08178c1da2a
832b5e3927e50906234e44a009836556e67cff96e6efcc1cc51e6f856ca5fb20
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
8375383069ddf04a2f833cedbf929693077af09b1d3ba60bb01c54c508d70961
843f77ef599ca3177f3b2750a31e08e3d2e3eddfcc535756cfde8f6016724d90
8a98ea1ee04c0678362e15338269029c9b8d6e0f53c61f58bcd5e76579bc3ace
8c3010509fc7480b59413a90d69e9fafcb3d5aa202faf7862466f6bb8be1a335
8d3399f1e2a2ddb7d3eb397afd4aed218ade10f45bbac659bd85ed25611057f4
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8d732b3483eb44546a848a82cc9d6a584c81860aae7255f7ac589dcb3f130535
8e6479cd4913a87170eb62978960f57a2966a67fe1ce10ece3cbf9ee4097aa70
9557145aba2e67816ea2f5076529aca9c7bfd829eaaf5af93a8be091647a043e
96e6e10694fe4331640d1d82803b91c779f54997e6f901b32ebd7935a84c04be
9897dca16863ff1e2b67e2c56f71d74477a73050bb9d077f42d12e5f025b730a
9a47abcc220084cd32dd51bd76f84ff7839e2dbf1a132fb970e8a1437f03726b
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9b32cdf86e12b083f607d3034c381660c9df5ee7a1d00ff1e520a23f45f52d4e
9bc0743dc0b10efbf06c1ce901f27ba6b649a3cc3294abf6f2ffbaf92287de4f
9c062d10663416484b5a59bb47a0308526bec56cc69e9f3499fa087d8eae5c7a
9c7cf7b96a4c63b4b0620295424e1b6136a02626cdb7c7c02d5053a80d6b7f5e
9fbe10b652f90029d4980425bffe57ccd3b157bc682d8996fbfec22546bbc7c7
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
a0fded691aed767f851011cd3185b928619298a21a0fbdad4808a9e88b490833
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db
a6241e51f3dba55ebe0abf7599c60a624e0b8c917950fd3691fc9ce7f5505bee
a741a8edd1174dc1585e82df21186c8fc990d1799c9c4fd536c9298b1be80b14
ac244053a1b6574a990d3bfa0536eb9c64e1c9736fb7384b4c367de64891d43b
b00af338864761a37a208806e2e8815b46327a5e7e47bf141f4fbdf6d1fd3bcc
b0534210815c3c9ee7e1df828e0916d2997bf39db55466c2cb7353e423db4499
b12c1cd811f54d11bfdcb5e235e73934a8b8a7a85eafb8529117f9a5bb64ccf8
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b1a690e4eb56d285c6050385d8690a59dff3c22ed8256a0745c16ca38a7dfd51
b3dca6992b4f8770bc3dba5f82f6325a82d2adabf685da88d950f6fe87b16716
b4fa3f78fd5de15328ba71f880dc61f00fb0b26013deeb115cf2865347be1851
b633a587c652d02386c4f16f8c6f6aab7352d97f16367c3c40576214372dd628
b7908a015a567ec2363011df2475368dbff34360e9da3fdff50604d6395fb646
b84ddaf19d3b0119177885ed3dc6b4437d400dd0255aa9d76288070beb3a9041
b8fa20af264fcdd99621fc4e3a770927452b0fe382599e0d890a3bfa31152f80
b97d80b9eedfeb29936f0d7f89afbdd425ef8d930d09fa1f98030ceb8b26cabd
ba716187f8cc8c54806f5b9de46d1d94bec574ddf31c82f68532cd181e242b7f
bb21755bd14ce34bcb9ef440e59e48aed5d442ff889787e8061be82b1122ac90
bc29c34d0738c5cb3f96585219667566799d9e142699e982f9406d5b04fa9794
bf56975db4525ee38aff8811a52e6d781fc0775dc4d8630ae228ca437f98268e
c1f91573e1d33e0d1ca2f815b2abd793fd7bb2413aa196b36563dc99166b212b
c23e514f1516f1bc826157d5dfa2ceca6d447de5d8fbf2622fe6bbba1f907166
c300b6a2877bb5b77918987020634e2c4981146589638e918bc4de730d19df90
c787e9dd6dc8ea3c935f5f0f30e3b9e4a3e066b4619bb244f569883f8e318a24
c96bdc8e52fd7fed4899a9d07c0db2d07d9198cb686632a7f464501e43b3bff1
cb3898539f295f6bfabd91ce75396ef053214987ec3724f9412f2069bce77179
cc08fba6cebc2050e5dfa05b7f56b15533b5edbb1b5add4c2f3657b5faf49259
cd5a495df796181926b443bb4de67f231f3c05f1ebea6cf8e921a47e57177115
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
cfe365d084fe9e5bc9ad57f8c42f748721d83bc315e31bf8572b977e3f4dff09
d3e2a8298f1fcad8a4b387a0571c901e18789ca8ad7b01589331a64ea9ef37b7
d490f2efc64637640a21c5282a89dd22344e58974641bc7bbbfa4c7e4dc8648e
d626b266b304ecb23a43909e22f8320b30db9b3fdc552eccba155f725ea37fa3
d9005951796438b1f05bcb79d8a19047b702775ccd7b3e44b14aeac2eb95be1d
d931ba2089021a1357761939c18bcc09aa856d39be2a707ea450333f5b3443c4
d99ea9db1da8549489666d36c9e3fb717842550eed1554e96860af8d30c3b008
daa795332e5dbcf893adf2d5f3349f02b8c1cb957ff3b5f4c11b742e33c3376f
dbd3586d412945dc310695757488e0a69ee0435183f46db38481d96b72f1f593
e213ceaa6b7063b10b8b805208d0de8cc2e1d7993023f228ce2de15040617c7c
e2ba90b4bfc83e3a44ff0c83f65daf900439cf88933e88b3d08a447adf1eaa8b
e2dc35b0dbaa16b45d96eb3691927df48e091f4983ed2cc079568b789f9559da
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e503c59c36fc19803b2e9572b10e7c06236bda692aebd97f29e2a5a96f9aa5b6
e89bbc7723c5114f9cf138c6019bbca4e4f5e13f6b9febaa38c92c4c3584a964
e8caad51a19c5667e4fc7ae6a3b9bf8a23559bb64b09b0c6e90cad6d24083ea6
e96cb07afdac92a8c77fbd5b9bb721e548070f4657f4f1e71329d2fd9032be47
edf97b73a5f2f3a2435d87ad92fc1d30a12422614a8efa1e36a7d763135d708f
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f0c6d2d27de284102b03e30cd74be808801ec53ca49f30b4d15620ee84ea39f5
f1f626589d51def15353d1c48c6877db92d5360b93fd9cfb450118fa4c4db2da
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1
f60f5344d7e96de6c0687d6dec06a542a74840af306ca243b1d864333ee814d4
f7a761c71e69933698cdf0bbe387fbeebeb3de97c36e692f1f924cdeadce993b
f8c3768115647733e83b8ba617baf5c82d6d8d1c069e1b366cc2be117ffb6f98
f9e853f6b024d14bd6d887e11a37838c3545e558e3e4079b008b7698edac71ac
f9fae20d30474c95bf8745df26cfa5c62803462a9ee57dd710c8266d7ece3f3e
fa30f6e2f8912254f3f741361a1a3da23f1a9a458224cd6576188c5aaad09644
fc019fee7795b856bb151449a388c95a7139e614a4428b623d927365d634927f
fd222137f245c06ddb4c4d44db41f12138dad6cf8ef5d4d4a5e500f38f0c8c62
fed71834f03efc309867c597cecba1bd091c325068f7ca59a5229dc8019a4f7d
ffbad83a7c56f557db072973401a9cc5380b314ca3b9abd42287a7b0d08d7959