urlscan.io logo urlscan.io
SecurityTrails logo

www.cpomagazine.com Open in urlscan Pro
2606:4700:3033::ac43:be7c  Public Scan

Go To Rescan Add Verdict Report
URL: https://www.cpomagazine.com/cyber-security/suspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-j...
Submission: On April 15 via manual from US — Scanned from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 90 IPs in 7 countries across 87 domains to perform 528 HTTP transactions. The main IP is 2606:4700:3033::ac43:be7c, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.cpomagazine.com. The Cisco Umbrella rank of the primary domain is 562550.
TLS certificate: Issued by GTS CA 1P5 on March 14th 2023. Valid for: 3 months.
This is the only time www.cpomagazine.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 47 2606:4700:303... 13335 (CLOUDFLAR...)
4 2600:3c03:1::... 63949 (AKAMAI-AP...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
3 2607:f8b0:400... 15169 (GOOGLE)
1 2600:9000:20e... 16509 (AMAZON-02)
4 2607:f8b0:400... 15169 (GOOGLE)
2 2606:4700::68... 13335 (CLOUDFLAR...)
1 2001:4860:480... 15169 (GOOGLE)
3 2607:f8b0:400... 15169 (GOOGLE)
2 2620:116:800b... 14618 (AMAZON-AES)
1 2600:9000:24d... 16509 (AMAZON-02)
1 2607:f8b0:400... 15169 (GOOGLE)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2600:9000:21d... 16509 (AMAZON-02)
13 35.186.236.140 15169 (GOOGLE)
1 2607:f8b0:402... 15169 (GOOGLE)
3 107.20.74.88 14618 (AMAZON-AES)
2 2606:4700:440... 13335 (CLOUDFLAR...)
34 2607:f8b0:402... 15169 (GOOGLE)
3 18.161.23.84 16509 (AMAZON-02)
1 13.33.4.31 16509 (AMAZON-02)
1 104.18.11.47 13335 (CLOUDFLAR...)
1 141.95.98.65 16276 (OVH)
34 34.236.83.94 14618 (AMAZON-AES)
9 159.89.246.130 14061 (DIGITALOC...)
9 34.107.148.139 396982 (GOOGLE-CL...)
9 45.77.203.141 20473 (AS-CHOOPA)
9 195.244.31.11 63140 (IGUANA-WO...)
10 104.18.24.185 13335 (CLOUDFLAR...)
8 17 68.67.179.153 29990 (ASN-APPNEX)
2 14 145.40.88.5 54825 (PACKET)
18 18.235.206.17 14618 (AMAZON-AES)
9 104.36.115.111 62713 (AS-PUBMATIC)
9 69.166.1.14 27630 (AS-XFERNET)
9 2602:803:c002... 26667 (RUBICONPR...)
1 16 3.214.100.121 14618 (AMAZON-AES)
1 13 23.92.190.68 10913 (INTERNAP-BLK)
10 12 52.223.40.198 16509 (AMAZON-02)
1 34.120.155.137 396982 (GOOGLE-CL...)
1 18.161.34.99 16509 (AMAZON-02)
1 13.226.39.123 16509 (AMAZON-02)
2 18.161.34.46 16509 (AMAZON-02)
9 18.161.39.198 16509 (AMAZON-02)
2 18.235.185.19 14618 (AMAZON-AES)
1 2606:4700:10:... 13335 (CLOUDFLAR...)
2 162.19.138.82 16276 (OVH)
3 2001:4860:480... 15169 (GOOGLE)
2 23 52.46.151.131 16509 (AMAZON-02)
6 2607:f8b0:402... 15169 (GOOGLE)
2 2607:f8b0:400... 15169 (GOOGLE)
23 2607:f8b0:402... 15169 (GOOGLE)
36 42 162.19.138.118 16276 (OVH)
1 1 35.214.153.92 15169 (GOOGLE)
8 8 199.127.204.142 26120 (RHYTHMONE)
3 3 2620:112:f002... 6336 (TURN-US-ASN)
1 4 96.16.24.29 16625 (AKAMAI-AS)
12 12 52.86.227.251 14618 (AMAZON-AES)
1 1 2600:9000:220... 16509 (AMAZON-02)
1 51.222.39.186 16276 (OVH)
2 2 35.194.66.159 396982 (GOOGLE-CL...)
3 11 192.40.39.223 27381 (CASALE-MEDIA)
3 6 34.98.64.218 396982 (GOOGLE-CL...)
1 1 199.187.193.177 47043 (SMARTADSE...)
5 10 3.220.4.20 14618 (AMAZON-AES)
1 34.205.97.218 14618 (AMAZON-AES)
4 104.107.5.93 16625 (AKAMAI-AS)
2 3 52.223.22.214 16509 (AMAZON-02)
6 2607:f8b0:400... 15169 (GOOGLE)
4 4 207.198.113.88 13768 (COGECO-PEER1)
2 3 44.206.197.88 14618 (AMAZON-AES)
6 7 34.111.113.62 396982 (GOOGLE-CL...)
7 12 63.251.114.136 32475 (SINGLEHOP...)
5 5 198.148.27.140 19189 (PULSEPOINT)
2 2 35.207.24.140 15169 (GOOGLE)
2 2 68.67.160.184 29990 (ASN-APPNEX)
1 20 54.87.127.173 14618 (AMAZON-AES)
12 12 35.211.178.172 15169 (GOOGLE)
1 1 35.190.90.30 15169 (GOOGLE)
3 3 70.42.32.191 13789 (INTERNAP-...)
1 2620:1ec:c11:... 8068 (MICROSOFT...)
1 1 52.2.156.62 14618 (AMAZON-AES)
2 5 2600:1f18:4e9... 14618 (AMAZON-AES)
4 4 54.84.32.213 14618 (AMAZON-AES)
2 2 2603:c020:400... 31898 (ORACLE-BM...)
1 169.197.150.7 398989 (DEEPINTENT)
2 2 70.42.32.159 13789 (INTERNAP-...)
1 1 96.17.64.208 16625 (AKAMAI-AS)
6 6 52.87.143.191 14618 (AMAZON-AES)
2 2 199.187.193.197 47043 (SMARTADSE...)
7 7 74.121.140.14 30419 (MEDIAMATH...)
1 174.137.133.32 27257 (WEBAIR-IN...)
2 3 151.101.194.49 54113 (FASTLY)
13 17 172.217.13.162 15169 (GOOGLE)
2 96.16.25.21 16625 (AKAMAI-AS)
1 1 124.146.215.47 2514 (INFOSPHER...)
1 1 80.77.87.163 46636 (NATCOWEB)
2 2 185.184.8.90 204995 (RTB-HOUSE...)
1 1 72.247.65.83 16625 (AKAMAI-AS)
9 2607:f8b0:400... 15169 (GOOGLE)
11 14 69.173.151.100 26667 (RUBICONPR...)
1 1 192.132.33.46 18568 (BIDTELLECT)
2 2 173.231.184.20 32475 (SINGLEHOP...)
3 3 3.225.218.10 14618 (AMAZON-AES)
1 1 34.96.71.22 396982 (GOOGLE-CL...)
1 2620:1ec:21::14 8068 (MICROSOFT...)
1 52.94.220.185 16509 (AMAZON-02)
1 2 104.36.115.113 62713 (AS-PUBMATIC)
4 162.248.18.37 62713 (AS-PUBMATIC)
1 2 3.229.9.249 14618 (AMAZON-AES)
2 4 8.28.7.83 62713 (AS-PUBMATIC)
2 8.28.7.84 62713 (AS-PUBMATIC)
2 7 69.166.1.12 27630 (AS-XFERNET)
4 4 178.250.7.11 44788 (ASN-CRITE...)
4 4 2606:ae80:147... 25751 (VALUECLICK)
2 2 52.3.16.139 14618 (AMAZON-AES)
2 2 96.46.183.20 7979 (SERVERS-COM)
2 173.223.56.26 16625 (AKAMAI-AS)
2 2 74.119.119.150 19750 (AS-CRITEO)
1 1 199.38.167.130 54312 (ROCKETFUEL)
2 3 162.248.18.32 62713 (AS-PUBMATIC)
2 2 35.210.53.219 ()
4 5 137.184.100.7 14061 (DIGITALOC...)
13 52.55.204.172 ()
4 2607:f8b0:400... ()
1 54.197.171.49 ()
1 75.2.13.80 ()
528 90
47    2606:4700:3033::ac43:be7c (United States)

ASN13335 (CLOUDFLARENET, US)
www.cpomagazine.com
4    2600:3c03:1::2d4f:f6e2 (Cedar Knolls, United States)

ASN63949 (AKAMAI-AP Akamai Technologies, Inc., SG)
monu.delivery
1    2606:4700::6810:3965 (United States)

ASN13335 (CLOUDFLARENET, US)
static.cloudflareinsights.com
3    2607:f8b0:4006:809::2008 (New York, United States)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
1    2600:9000:20ee:2a00:9:46dc:4700:93a1 (United States)

ASN16509 (AMAZON-02, US)
cmp.quantcast.com
4    2607:f8b0:4006:816::200e (New York, United States)

ASN15169 (GOOGLE, US)
www.google-analytics.com
2    2606:4700::6811:586d (United States)

ASN13335 (CLOUDFLARENET, US)
cpomagazine.activehosted.com
1    2001:4860:4802:38::181 (United States)

ASN15169 (GOOGLE, US)
analytics.google.com
3    2607:f8b0:4004:c09::9a (Ashburn, United States)

ASN15169 (GOOGLE, US)
stats.g.doubleclick.net
2    2620:116:800b:21:a021:b886:81cc:55cf (United States)

ASN14618 (AMAZON-AES, US)
secure.quantserve.com
pixel.quantserve.com
1    2600:9000:24d6:f000:9:46dc:4700:93a1 (United States)

ASN16509 (AMAZON-02, US)
quantcast.mgr.consensu.org
1    2607:f8b0:4006:807::200a (New York, United States)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
1    2606:4700::6810:7eaf (United States)

ASN13335 (CLOUDFLARENET, US)
unpkg.com
1    2600:9000:21dd:7000:6:44e3:f8c0:93a1 (United States)

ASN16509 (AMAZON-02, US)
rules.quantcount.com
13    35.186.236.140 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 140.236.186.35.bc.googleusercontent.com
imps.monu.delivery
1    2607:f8b0:4020:806::2003 (Montreal, Canada)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
3    107.20.74.88 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-107-20-74-88.compute-1.amazonaws.com
apis.cmp.quantcast.com
2    2606:4700:4400::ac40:99f6 (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.confiant-integrations.net
34    2607:f8b0:4020:805::2002 (Montreal, Canada)

ASN15169 (GOOGLE, US)
securepubads.g.doubleclick.net
pagead2.googlesyndication.com
3    18.161.23.84 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-161-23-84.bos50.r.cloudfront.net
c.amazon-adsystem.com
1    13.33.4.31 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-33-4-31.atl58.r.cloudfront.net
get.s-onetag.com
1    104.18.11.47 (None, )

ASN13335 (CLOUDFLARENET, US)
js-sec.indexww.com
1    141.95.98.65 (France)

ASN16276 (OVH, FR)
PTR: ns3216659.ip-141-95-98.eu
api.id5-sync.com
34    34.236.83.94 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-236-83-94.compute-1.amazonaws.com
c2shb.pubgw.yahoo.com
9    159.89.246.130 (Clifton, United States)

ASN14061 (DIGITALOCEAN-ASN, US)
e.serverbid.com
9    34.107.148.139 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 139.148.107.34.bc.googleusercontent.com
prebid.media.net
9    45.77.203.141 (Piscataway, United States)

ASN20473 (AS-CHOOPA, US)
PTR: 45.77.203.141.vultrusercontent.com
prebid.cootlogix.com
9    195.244.31.11 (Newark, United States)

ASN63140 (IGUANA-WORLDWIDE, US)
hb-api.omnitagjs.com
10    104.18.24.185 (None, )

ASN13335 (CLOUDFLARENET, US)
htlb.casalemedia.com
as-sec.casalemedia.com
17    68.67.179.153 (North Bergen, United States)

ASN29990 (ASN-APPNEX, US)
PTR: 570.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
ib.adnxs.com
14    145.40.88.5 (Secaucus, United States)

ASN54825 (PACKET, US)
prebid.a-mo.net
18    18.235.206.17 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-18-235-206-17.compute-1.amazonaws.com
g2.gumgum.com
rtb.gumgum.com
9    104.36.115.111 (United States)

ASN62713 (AS-PUBMATIC, US)
hbopenbid.pubmatic.com
9    69.166.1.14 (United States)

ASN27630 (AS-XFERNET, US)
apex.go.sonobi.com
9    2602:803:c002:200::115 (United States)

ASN26667 (RUBICONPROJECT, US)
fastlane.rubiconproject.com
16    3.214.100.121 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-214-100-121.compute-1.amazonaws.com
ads.yieldmo.com
13    23.92.190.68 (Charlotte, United States)

ASN10913 (INTERNAP-BLK, US)
ap.lijit.com
12    52.223.40.198 (United States)

ASN16509 (AMAZON-02, US)
PTR: a6370ebea231e0c9a.awsglobalaccelerator.com
match.adsrvr.org
data.adsrvr.org
1    34.120.155.137 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 137.155.120.34.bc.googleusercontent.com
api.rlcdn.com
1    18.161.34.99 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-161-34-99.bos50.r.cloudfront.net
onetag-geo.s-onetag.com
1    13.226.39.123 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-226-39-123.ewr53.r.cloudfront.net
signal-beacon.s-onetag.com
2    18.161.34.46 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-161-34-46.bos50.r.cloudfront.net
signal-segments.s-onetag.com
9    18.161.39.198 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-161-39-198.bos50.r.cloudfront.net
aax.amazon-adsystem.com
2    18.235.185.19 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-18-235-185-19.compute-1.amazonaws.com
prod.us-east-1.cxm-bcn.publisher-services.amazon.dev
1    2606:4700:10::6816:3456 (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.id5-sync.com
2    162.19.138.82 (France)

ASN16276 (OVH, FR)
PTR: ns31532337.ip-162-19-138.eu
lb.eu-1-id5-sync.com
3    2001:4860:4802:32::3 (United States)

ASN15169 (GOOGLE, US)
csi.gstatic.com
23    52.46.151.131 (Ashburn, United States)

ASN16509 (AMAZON-02, US)
s.amazon-adsystem.com
6    2607:f8b0:4020:806::2002 (Montreal, Canada)

ASN15169 (GOOGLE, US)
adservice.google.com
2    2607:f8b0:4006:81e::2001 (New York, United States)

ASN15169 (GOOGLE, US)
3d42143788880280390f9d4398796108.safeframe.googlesyndication.com
23    2607:f8b0:4020:807::2001 (Montreal, Canada)

ASN15169 (GOOGLE, US)
tpc.googlesyndication.com
42    162.19.138.118 (France)

ASN16276 (OVH, FR)
PTR: ns31533569.ip-162-19-138.eu
id5-sync.com
1    35.214.153.92 (Groningen, Netherlands)

ASN15169 (GOOGLE, US)
PTR: 92.153.214.35.bc.googleusercontent.com
csync.loopme.me
8    199.127.204.142 (United States)

ASN26120 (RHYTHMONE, US)
sync.1rx.io
sync.targeting.unrulymedia.com
3    2620:112:f002:bbbb::21 (United States)

ASN6336 (TURN-US-ASN, US)
ad.turn.com
4    96.16.24.29 (New York, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a96-16-24-29.deploy.static.akamaitechnologies.com
cs.media.net
12    52.86.227.251 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-86-227-251.compute-1.amazonaws.com
match.prod.bidr.io
1    2600:9000:2209:c00:1b:5138:8a40:93a1 (United States)

ASN16509 (AMAZON-02, US)
s.ad.smaato.net
1    51.222.39.186 (Canada)

ASN16276 (OVH, FR)
PTR: ip186.ip-51-222-39.net
onetag-sys.com
2    35.194.66.159 (Washington, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 159.66.194.35.bc.googleusercontent.com
um.simpli.fi
11    192.40.39.223 (Canada)

ASN27381 (CASALE-MEDIA, CA)
ssum-sec.casalemedia.com
dsum-sec.casalemedia.com
6    34.98.64.218 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 218.64.98.34.bc.googleusercontent.com
u.openx.net
us-u.openx.net
1    199.187.193.177 (Canada)

ASN47043 (SMARTADSERVER, CA)
ssbsync-us.smartadserver.com
10    3.220.4.20 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-220-4-20.compute-1.amazonaws.com
match.sharethrough.com
1    34.205.97.218 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-205-97-218.compute-1.amazonaws.com
sync-amz.ads.yieldmo.com
4    104.107.5.93 (Secaucus, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a104-107-5-93.deploy.static.akamaitechnologies.com
eus.rubiconproject.com
3    52.223.22.214 (United States)

ASN16509 (AMAZON-02, US)
PTR: afb83dd09526a6517.awsglobalaccelerator.com
eb2.3lift.com
6    2607:f8b0:4006:81c::2004 (New York, United States)

ASN15169 (GOOGLE, US)
www.google.com
4    207.198.113.88 (Herndon, United States)

ASN13768 (COGECO-PEER1, CA)
pixel-sync.sitescout.com
3    44.206.197.88 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-44-206-197-88.compute-1.amazonaws.com
sync.crwdcntrl.net
7    34.111.113.62 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 62.113.111.34.bc.googleusercontent.com
pixel.tapad.com
12    63.251.114.136 (United States)

ASN32475 (SINGLEHOP-LLC, US)
ce.lijit.com
5    198.148.27.140 (New York, United States)

ASN19189 (PULSEPOINT, US)
bh.contextweb.com
2    35.207.24.140 (North Charleston, United States)

ASN15169 (GOOGLE, US)
PTR: 140.24.207.35.bc.googleusercontent.com
rtb.mfadsrvr.com
2    68.67.160.184 (New York, United States)

ASN29990 (ASN-APPNEX, US)
PTR: 669.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
secure.adnxs.com
20    54.87.127.173 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-87-127-173.compute-1.amazonaws.com
usersync.gumgum.com
12    35.211.178.172 (North Charleston, United States)

ASN15169 (GOOGLE, US)
PTR: 172.178.211.35.bc.googleusercontent.com
x.bidswitch.net
1    35.190.90.30 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 30.90.190.35.bc.googleusercontent.com
odr.mookie1.com
3    70.42.32.191 (United States)

ASN13789 (INTERNAP-BLK3, US)
PTR: ny.outbrain.com
sync.outbrain.com
1    2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
c.bing.com
1    52.2.156.62 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-2-156-62.compute-1.amazonaws.com
sync.srv.stackadapt.com
5    2600:1f18:4e9:5a02:9485:f56c:9e9b:dee5 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
pr-bh.ybp.yahoo.com
4    54.84.32.213 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-84-32-213.compute-1.amazonaws.com
sync.ipredictive.com
2    2603:c020:400d:3000:bf17:cd18:9a23:846c (Ashburn, United States)

ASN31898 (ORACLE-BMC-31898, US)
sync.technoratimedia.com
1    169.197.150.7 (United States)

ASN398989 (DEEPINTENT, US)
PTR: g.deepintent.com
match.deepintent.com
2    70.42.32.159 (United States)

ASN13789 (INTERNAP-BLK3, US)
PTR: ny.outbrain.com
b1sync.zemanta.com
1    96.17.64.208 (New York, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a96-17-64-208.deploy.static.akamaitechnologies.com
stags.bluekai.com
6    52.87.143.191 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-87-143-191.compute-1.amazonaws.com
ad.360yield.com
ice.360yield.com
2    199.187.193.197 (Canada)

ASN47043 (SMARTADSERVER, CA)
ssbsync.smartadserver.com
rtb-csync.smartadserver.com
7    74.121.140.14 (Reston, United States)

ASN30419 (MEDIAMATH-INC, US)
sync.mathtag.com
1    174.137.133.32 (United States)

ASN27257 (WEBAIR-INTERNET, US)
sync.adkernel.com
3    151.101.194.49 (United States)

ASN54113 (FASTLY, US)
sync-tm.everesttech.net
17    172.217.13.162 (United States)

ASN15169 (GOOGLE, US)
PTR: yul03s04-in-f2.1e100.net
cm.g.doubleclick.net
2    96.16.25.21 (New York, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a96-16-25-21.deploy.static.akamaitechnologies.com
ads.pubmatic.com
1    124.146.215.47 (Japan)

ASN2514 (INFOSPHERE NTT PC Communications, Inc., JP)
tg.socdm.com
1    80.77.87.163 (Clifton, United States)

ASN46636 (NATCOWEB, US)
cs.admanmedia.com
2    185.184.8.90 (Amsterdam, Netherlands)

ASN204995 (RTB-HOUSE-AMS, PL)
PTR: ip-185-184-8-90.rtbhouse.net
creativecdn.com
1    72.247.65.83 (New York, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a72-247-65-83.deploy.static.akamaitechnologies.com
secure-assets.rubiconproject.com
9    2607:f8b0:4006:81e::2002 (New York, United States)

ASN15169 (GOOGLE, US)
www.googletagservices.com
partner.googleadservices.com
14    69.173.151.100 (United States)

ASN26667 (RUBICONPROJECT, US)
pixel-us-east.rubiconproject.com
pixel.rubiconproject.com
token.rubiconproject.com
1    192.132.33.46 (United States)

ASN18568 (BIDTELLECT, US)
PTR: NET-33-132-192.46.bidtellect.com
bttrack.com
2    173.231.184.20 (Secaucus, United States)

ASN32475 (SINGLEHOP-LLC, US)
PTR: lga-cassandra-1.sys.adgear.com
cm.adgrx.com
3    3.225.218.10 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-225-218-10.compute-1.amazonaws.com
ups.analytics.yahoo.com
1    34.96.71.22 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 22.71.96.34.bc.googleusercontent.com
s.company-target.com
1    2620:1ec:21::14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
px.ads.linkedin.com
1    52.94.220.185 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
aax-eu.amazon-adsystem.com
2    104.36.115.113 (United States)

ASN62713 (AS-PUBMATIC, US)
image6.pubmatic.com
4    162.248.18.37 (United States)

ASN62713 (AS-PUBMATIC, US)
image2.pubmatic.com
2    3.229.9.249 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-229-9-249.compute-1.amazonaws.com
thrtle.com
4    8.28.7.83 (United States)

ASN62713 (AS-PUBMATIC, US)
simage2.pubmatic.com
2    8.28.7.84 (United States)

ASN62713 (AS-PUBMATIC, US)
image4.pubmatic.com
simage4.pubmatic.com
7    69.166.1.12 (United States)

ASN27630 (AS-XFERNET, US)
sync.go.sonobi.com
4    178.250.7.11 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
dis.eu.criteo.com
4    2606:ae80:1471:16::760 (United States)

ASN25751 (VALUECLICK, US)
medianet-match.dotomi.com
pubmatic-match.dotomi.com
2    52.3.16.139 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-3-16-139.compute-1.amazonaws.com
pm.w55c.net
2    96.46.183.20 (United States)

ASN7979 (SERVERS-COM, US)
ads.betweendigital.com
2    173.223.56.26 (Secaucus, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a173-223-56-26.deploy.static.akamaitechnologies.com
contextual.media.net
2    74.119.119.150 (United States)

ASN19750 (AS-CRITEO, US)
dis.criteo.com
1    199.38.167.130 (United States)

ASN54312 (ROCKETFUEL, US)
p.rfihub.com
3    162.248.18.32 (United States)

ASN62713 (AS-PUBMATIC, US)
image8.pubmatic.com
2    35.210.53.219 (None, )

ASN- ()
pool.admedo.com
5    137.184.100.7 (North Bergen, United States)

ASN14061 (DIGITALOCEAN-ASN, US)
sync.cootlogix.com
13    52.55.204.172 (None, )

ASN- ()
btlr.sharethrough.com
4    2607:f8b0:4006:81f::2002 (None, )

ASN- ()
googleads.g.doubleclick.net
1    54.197.171.49 (None, )

ASN- ()
protected-by.clarium.io
1    75.2.13.80 (None, )

ASN- ()
connect-metrics-collector.s-onetag.com
Apex Domain
Subdomains		 Transfer
47 cpomagazine.com
www.cpomagazine.com — Cisco Umbrella Rank: 562550
598 KB
46 doubleclick.net
stats.g.doubleclick.net — Cisco Umbrella Rank: 80
securepubads.g.doubleclick.net — Cisco Umbrella Rank: 196
cm.g.doubleclick.net — Cisco Umbrella Rank: 220
googleads.g.doubleclick.net
361 KB
44 id5-sync.com
api.id5-sync.com — Cisco Umbrella Rank: 24343
cdn.id5-sync.com — Cisco Umbrella Rank: 892
id5-sync.com — Cisco Umbrella Rank: 443
85 KB
42 yahoo.com
c2shb.pubgw.yahoo.com — Cisco Umbrella Rank: 1092
pr-bh.ybp.yahoo.com — Cisco Umbrella Rank: 449
ups.analytics.yahoo.com — Cisco Umbrella Rank: 296
11 KB
38 gumgum.com
g2.gumgum.com — Cisco Umbrella Rank: 1495
rtb.gumgum.com — Cisco Umbrella Rank: 1683
usersync.gumgum.com — Cisco Umbrella Rank: 1803
20 KB
37 googlesyndication.com
pagead2.googlesyndication.com — Cisco Umbrella Rank: 105
3d42143788880280390f9d4398796108.safeframe.googlesyndication.com
tpc.googlesyndication.com — Cisco Umbrella Rank: 138
1 MB
36 amazon-adsystem.com
c.amazon-adsystem.com — Cisco Umbrella Rank: 310
aax.amazon-adsystem.com — Cisco Umbrella Rank: 408
s.amazon-adsystem.com — Cisco Umbrella Rank: 292
aax-eu.amazon-adsystem.com — Cisco Umbrella Rank: 1043
87 KB
28 rubiconproject.com
fastlane.rubiconproject.com — Cisco Umbrella Rank: 478
eus.rubiconproject.com — Cisco Umbrella Rank: 575
secure-assets.rubiconproject.com — Cisco Umbrella Rank: 1064
pixel-us-east.rubiconproject.com — Cisco Umbrella Rank: 1063
pixel.rubiconproject.com — Cisco Umbrella Rank: 351
token.rubiconproject.com — Cisco Umbrella Rank: 569
36 KB
26 pubmatic.com
hbopenbid.pubmatic.com — Cisco Umbrella Rank: 498
ads.pubmatic.com — Cisco Umbrella Rank: 510
image6.pubmatic.com — Cisco Umbrella Rank: 758
image2.pubmatic.com — Cisco Umbrella Rank: 893
simage2.pubmatic.com — Cisco Umbrella Rank: 692
image4.pubmatic.com — Cisco Umbrella Rank: 956
image8.pubmatic.com — Cisco Umbrella Rank: 648
simage4.pubmatic.com — Cisco Umbrella Rank: 1230
17 KB
25 lijit.com
ap.lijit.com — Cisco Umbrella Rank: 623
ce.lijit.com — Cisco Umbrella Rank: 865
29 KB
23 sharethrough.com
match.sharethrough.com — Cisco Umbrella Rank: 550
btlr.sharethrough.com
17 KB
21 casalemedia.com
htlb.casalemedia.com — Cisco Umbrella Rank: 527
as-sec.casalemedia.com — Cisco Umbrella Rank: 1647
ssum-sec.casalemedia.com — Cisco Umbrella Rank: 458
dsum-sec.casalemedia.com — Cisco Umbrella Rank: 553
dsum.casalemedia.com Failed
14 KB
19 adnxs.com
ib.adnxs.com — Cisco Umbrella Rank: 227
secure.adnxs.com — Cisco Umbrella Rank: 424
19 KB
17 yieldmo.com
ads.yieldmo.com — Cisco Umbrella Rank: 672
sync-amz.ads.yieldmo.com — Cisco Umbrella Rank: 5196
8 KB
17 monu.delivery
monu.delivery — Cisco Umbrella Rank: 24828
imps.monu.delivery — Cisco Umbrella Rank: 30747
166 KB
16 sonobi.com
apex.go.sonobi.com — Cisco Umbrella Rank: 1550
sync.go.sonobi.com — Cisco Umbrella Rank: 882
29 KB
15 media.net
prebid.media.net — Cisco Umbrella Rank: 1346
cs.media.net — Cisco Umbrella Rank: 1377
contextual.media.net — Cisco Umbrella Rank: 612
21 KB
14 a-mo.net
prebid.a-mo.net — Cisco Umbrella Rank: 1024
5 KB
14 cootlogix.com
prebid.cootlogix.com — Cisco Umbrella Rank: 7189
sync.cootlogix.com — Cisco Umbrella Rank: 6122
15 KB
13 google.com
analytics.google.com — Cisco Umbrella Rank: 278
adservice.google.com — Cisco Umbrella Rank: 73
www.google.com — Cisco Umbrella Rank: 2
2 KB
12 bidswitch.net
x.bidswitch.net — Cisco Umbrella Rank: 314
6 KB
12 bidr.io
match.prod.bidr.io — Cisco Umbrella Rank: 543
5 KB
12 adsrvr.org
match.adsrvr.org — Cisco Umbrella Rank: 337
data.adsrvr.org — Cisco Umbrella Rank: 4555
6 KB
9 omnitagjs.com
hb-api.omnitagjs.com — Cisco Umbrella Rank: 3655
5 KB
9 serverbid.com
e.serverbid.com — Cisco Umbrella Rank: 4065
2 KB
8 googletagservices.com
www.googletagservices.com — Cisco Umbrella Rank: 192
323 KB
7 mathtag.com
sync.mathtag.com — Cisco Umbrella Rank: 496
4 KB
7 tapad.com
pixel.tapad.com — Cisco Umbrella Rank: 456
1 KB
6 criteo.com
dis.eu.criteo.com — Cisco Umbrella Rank: 7350
dis.criteo.com — Cisco Umbrella Rank: 731
3 KB
6 360yield.com
ad.360yield.com — Cisco Umbrella Rank: 674
ice.360yield.com — Cisco Umbrella Rank: 2234
3 KB
6 openx.net
u.openx.net — Cisco Umbrella Rank: 656
us-u.openx.net — Cisco Umbrella Rank: 448
2 KB
6 1rx.io
sync.1rx.io — Cisco Umbrella Rank: 567
4 KB
6 s-onetag.com
get.s-onetag.com — Cisco Umbrella Rank: 4025
onetag-geo.s-onetag.com — Cisco Umbrella Rank: 4877
signal-beacon.s-onetag.com — Cisco Umbrella Rank: 4918
signal-segments.s-onetag.com — Cisco Umbrella Rank: 8279
connect-metrics-collector.s-onetag.com
signal-metrics-collector-beta.s-onetag.com Failed
20 KB
5 contextweb.com
bh.contextweb.com — Cisco Umbrella Rank: 598
4 KB
4 dotomi.com
medianet-match.dotomi.com — Cisco Umbrella Rank: 8960
pubmatic-match.dotomi.com — Cisco Umbrella Rank: 3021
1 KB
4 ipredictive.com
sync.ipredictive.com — Cisco Umbrella Rank: 873
2 KB
4 sitescout.com
pixel-sync.sitescout.com — Cisco Umbrella Rank: 635
3 KB
4 gstatic.com
fonts.gstatic.com
csi.gstatic.com
16 KB
4 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 29
20 KB
4 quantcast.com
cmp.quantcast.com — Cisco Umbrella Rank: 2797
apis.cmp.quantcast.com — Cisco Umbrella Rank: 6246
2 KB
3 everesttech.net
sync-tm.everesttech.net — Cisco Umbrella Rank: 627
905 B
3 outbrain.com
sync.outbrain.com — Cisco Umbrella Rank: 774
1023 B
3 crwdcntrl.net
sync.crwdcntrl.net — Cisco Umbrella Rank: 795
2 KB
3 3lift.com
eb2.3lift.com — Cisco Umbrella Rank: 379
1 KB
3 smartadserver.com
ssbsync-us.smartadserver.com — Cisco Umbrella Rank: 5136
ssbsync.smartadserver.com — Cisco Umbrella Rank: 745
rtb-csync.smartadserver.com — Cisco Umbrella Rank: 614
1020 B
3 turn.com
ad.turn.com — Cisco Umbrella Rank: 833
1 KB
3 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 48
168 KB
2 admedo.com
pool.admedo.com
749 B
2 betweendigital.com
ads.betweendigital.com — Cisco Umbrella Rank: 1833
2 KB
2 w55c.net
pm.w55c.net — Cisco Umbrella Rank: 768
1 KB
2 thrtle.com
thrtle.com — Cisco Umbrella Rank: 1227
682 B
2 adgrx.com
cm.adgrx.com — Cisco Umbrella Rank: 1347
960 B
2 creativecdn.com
creativecdn.com — Cisco Umbrella Rank: 558
701 B
2 zemanta.com
b1sync.zemanta.com — Cisco Umbrella Rank: 572
1 KB
2 technoratimedia.com
sync.technoratimedia.com — Cisco Umbrella Rank: 1416
5 KB
2 mfadsrvr.com
rtb.mfadsrvr.com — Cisco Umbrella Rank: 1040
802 B
2 simpli.fi
um.simpli.fi — Cisco Umbrella Rank: 773
1 KB
2 unrulymedia.com
sync.targeting.unrulymedia.com — Cisco Umbrella Rank: 1148
1 KB
2 eu-1-id5-sync.com
lb.eu-1-id5-sync.com — Cisco Umbrella Rank: 1009
812 B
2 amazon.dev
prod.us-east-1.cxm-bcn.publisher-services.amazon.dev — Cisco Umbrella Rank: 698
453 B
2 confiant-integrations.net
cdn.confiant-integrations.net — Cisco Umbrella Rank: 1358
102 KB
2 quantserve.com
secure.quantserve.com — Cisco Umbrella Rank: 1074
pixel.quantserve.com — Cisco Umbrella Rank: 820
9 KB
2 activehosted.com
cpomagazine.activehosted.com Failed
14 KB
1 clarium.io
protected-by.clarium.io
244 B
1 googleadservices.com
partner.googleadservices.com
422 B
1 rfihub.com
p.rfihub.com — Cisco Umbrella Rank: 811
730 B
1 linkedin.com
px.ads.linkedin.com — Cisco Umbrella Rank: 359
515 B
1 company-target.com
s.company-target.com — Cisco Umbrella Rank: 2184
424 B
1 bttrack.com
bttrack.com — Cisco Umbrella Rank: 815
412 B
1 admanmedia.com
cs.admanmedia.com — Cisco Umbrella Rank: 1084
660 B
1 socdm.com
tg.socdm.com — Cisco Umbrella Rank: 1044
827 B
1 adkernel.com
sync.adkernel.com — Cisco Umbrella Rank: 1237
191 B
1 bluekai.com
stags.bluekai.com — Cisco Umbrella Rank: 540
711 B
1 deepintent.com
match.deepintent.com — Cisco Umbrella Rank: 994
223 B
1 stackadapt.com
sync.srv.stackadapt.com — Cisco Umbrella Rank: 673
878 B
1 bing.com
c.bing.com — Cisco Umbrella Rank: 237
666 B
1 mookie1.com
odr.mookie1.com — Cisco Umbrella Rank: 1156
639 B
1 onetag-sys.com
onetag-sys.com — Cisco Umbrella Rank: 778
1 smaato.net
s.ad.smaato.net — Cisco Umbrella Rank: 743
531 B
1 loopme.me
csync.loopme.me — Cisco Umbrella Rank: 890
235 B
1 rlcdn.com
api.rlcdn.com — Cisco Umbrella Rank: 788
282 B
1 indexww.com
js-sec.indexww.com — Cisco Umbrella Rank: 633
13 KB
1 quantcount.com
rules.quantcount.com — Cisco Umbrella Rank: 953
642 B
1 unpkg.com
unpkg.com — Cisco Umbrella Rank: 819
3 KB
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 39
1 KB
1 consensu.org
quantcast.mgr.consensu.org — Cisco Umbrella Rank: 3595
43 KB
1 cloudflareinsights.com
static.cloudflareinsights.com — Cisco Umbrella Rank: 895
6 KB
528 87
Domain Requested by
47 www.cpomagazine.com 1 redirects www.cpomagazine.com
static.cloudflareinsights.com
42 id5-sync.com 36 redirects cdn.id5-sync.com
monu.delivery
34 c2shb.pubgw.yahoo.com monu.delivery
23 tpc.googlesyndication.com securepubads.g.doubleclick.net
tpc.googlesyndication.com
www.cpomagazine.com
3d42143788880280390f9d4398796108.safeframe.googlesyndication.com
23 s.amazon-adsystem.com 2 redirects c.amazon-adsystem.com
s.amazon-adsystem.com
ap.lijit.com
rtb.gumgum.com
u.openx.net
sync-amz.ads.yieldmo.com
match.sharethrough.com
eus.rubiconproject.com
ssum-sec.casalemedia.com
ads.pubmatic.com
22 securepubads.g.doubleclick.net monu.delivery
securepubads.g.doubleclick.net
www.cpomagazine.com
www.googletagservices.com
20 usersync.gumgum.com 1 redirects rtb.gumgum.com
eus.rubiconproject.com
ads.pubmatic.com
17 cm.g.doubleclick.net 13 redirects rtb.gumgum.com
u.openx.net
eus.rubiconproject.com
googleads.g.doubleclick.net
17 g2.gumgum.com monu.delivery
17 ib.adnxs.com 8 redirects monu.delivery
googleads.g.doubleclick.net
16 ads.yieldmo.com 1 redirects monu.delivery
s.amazon-adsystem.com
sync-amz.ads.yieldmo.com
14 prebid.a-mo.net 2 redirects monu.delivery
13 btlr.sharethrough.com monu.delivery
13 ap.lijit.com 1 redirects monu.delivery
signal-beacon.s-onetag.com
s.amazon-adsystem.com
13 imps.monu.delivery
12 x.bidswitch.net 12 redirects
12 ce.lijit.com 7 redirects ap.lijit.com
12 match.prod.bidr.io 12 redirects
12 pagead2.googlesyndication.com securepubads.g.doubleclick.net
tpc.googlesyndication.com
www.cpomagazine.com
pagead2.googlesyndication.com
3d42143788880280390f9d4398796108.safeframe.googlesyndication.com
11 match.adsrvr.org 9 redirects js-sec.indexww.com
monu.delivery
10 match.sharethrough.com 5 redirects s.amazon-adsystem.com
match.sharethrough.com
9 aax.amazon-adsystem.com c.amazon-adsystem.com
9 fastlane.rubiconproject.com monu.delivery
9 apex.go.sonobi.com monu.delivery
9 hbopenbid.pubmatic.com monu.delivery
9 htlb.casalemedia.com monu.delivery
9 hb-api.omnitagjs.com monu.delivery
9 prebid.cootlogix.com monu.delivery
9 prebid.media.net monu.delivery
9 e.serverbid.com monu.delivery
8 pixel.rubiconproject.com 5 redirects eus.rubiconproject.com
8 www.googletagservices.com www.cpomagazine.com
3d42143788880280390f9d4398796108.safeframe.googlesyndication.com
7 sync.go.sonobi.com 2 redirects
7 sync.mathtag.com 7 redirects
7 pixel.tapad.com 6 redirects sync-amz.ads.yieldmo.com
6 dsum-sec.casalemedia.com 1 redirects ssum-sec.casalemedia.com
googleads.g.doubleclick.net
6 www.google.com tpc.googlesyndication.com
www.cpomagazine.com
3d42143788880280390f9d4398796108.safeframe.googlesyndication.com
6 sync.1rx.io 6 redirects
6 adservice.google.com securepubads.g.doubleclick.net
5 sync.cootlogix.com 4 redirects
5 pr-bh.ybp.yahoo.com 2 redirects u.openx.net
ssum-sec.casalemedia.com
rtb.gumgum.com
5 bh.contextweb.com 5 redirects
5 ssum-sec.casalemedia.com 2 redirects s.amazon-adsystem.com
rtb.gumgum.com
ssum-sec.casalemedia.com
4 googleads.g.doubleclick.net pagead2.googlesyndication.com
3d42143788880280390f9d4398796108.safeframe.googlesyndication.com
www.cpomagazine.com
4 dis.eu.criteo.com 4 redirects
4 ice.360yield.com 4 redirects
4 simage2.pubmatic.com 2 redirects rtb.gumgum.com
4 image2.pubmatic.com ads.pubmatic.com
rtb.gumgum.com
4 token.rubiconproject.com 4 redirects
4 sync.ipredictive.com 4 redirects
4 us-u.openx.net 2 redirects u.openx.net
4 pixel-sync.sitescout.com 4 redirects
4 eus.rubiconproject.com s.amazon-adsystem.com
rtb.gumgum.com
eus.rubiconproject.com
4 cs.media.net 1 redirects
4 www.google-analytics.com www.googletagmanager.com
www.cpomagazine.com
4 monu.delivery www.cpomagazine.com
monu.delivery
3 image8.pubmatic.com 2 redirects
3 ups.analytics.yahoo.com 3 redirects
3 sync-tm.everesttech.net 2 redirects ads.pubmatic.com
3 sync.outbrain.com 3 redirects
3 sync.crwdcntrl.net 2 redirects rtb.gumgum.com
3 eb2.3lift.com 2 redirects rtb.gumgum.com
3 ad.turn.com 3 redirects
3 csi.gstatic.com securepubads.g.doubleclick.net
3 c.amazon-adsystem.com monu.delivery
c.amazon-adsystem.com
3 apis.cmp.quantcast.com quantcast.mgr.consensu.org
3 stats.g.doubleclick.net www.googletagmanager.com
www.cpomagazine.com
3 www.googletagmanager.com www.cpomagazine.com
www.googletagmanager.com
2 pool.admedo.com 2 redirects
2 pubmatic-match.dotomi.com 2 redirects
2 dis.criteo.com 2 redirects
2 contextual.media.net
2 ads.betweendigital.com 2 redirects
2 pm.w55c.net 2 redirects
2 medianet-match.dotomi.com 2 redirects
2 thrtle.com 1 redirects rtb.gumgum.com
2 image6.pubmatic.com 1 redirects ads.pubmatic.com
2 cm.adgrx.com 2 redirects
2 pixel-us-east.rubiconproject.com 2 redirects
2 creativecdn.com 2 redirects
2 ads.pubmatic.com rtb.gumgum.com
2 ad.360yield.com 2 redirects
2 b1sync.zemanta.com 2 redirects
2 sync.technoratimedia.com 2 redirects
2 secure.adnxs.com 2 redirects
2 rtb.mfadsrvr.com 2 redirects
2 u.openx.net 1 redirects s.amazon-adsystem.com
2 um.simpli.fi 2 redirects
2 sync.targeting.unrulymedia.com 2 redirects
2 3d42143788880280390f9d4398796108.safeframe.googlesyndication.com securepubads.g.doubleclick.net
cdn.confiant-integrations.net
2 lb.eu-1-id5-sync.com cdn.id5-sync.com
monu.delivery
2 prod.us-east-1.cxm-bcn.publisher-services.amazon.dev c.amazon-adsystem.com
2 signal-segments.s-onetag.com get.s-onetag.com
2 cdn.confiant-integrations.net monu.delivery
cdn.confiant-integrations.net
2 cpomagazine.activehosted.com www.cpomagazine.com
1 connect-metrics-collector.s-onetag.com get.s-onetag.com
1 protected-by.clarium.io 3d42143788880280390f9d4398796108.safeframe.googlesyndication.com
1 partner.googleadservices.com pagead2.googlesyndication.com
1 simage4.pubmatic.com ads.pubmatic.com
1 p.rfihub.com 1 redirects
1 image4.pubmatic.com rtb.gumgum.com
1 rtb-csync.smartadserver.com 1 redirects
1 aax-eu.amazon-adsystem.com eus.rubiconproject.com
1 px.ads.linkedin.com eus.rubiconproject.com
1 s.company-target.com 1 redirects
1 bttrack.com 1 redirects
1 secure-assets.rubiconproject.com 1 redirects
1 cs.admanmedia.com 1 redirects
1 tg.socdm.com 1 redirects
1 sync.adkernel.com rtb.gumgum.com
1 ssbsync.smartadserver.com 1 redirects
1 stags.bluekai.com 1 redirects
1 match.deepintent.com rtb.gumgum.com
1 sync.srv.stackadapt.com 1 redirects
1 c.bing.com rtb.gumgum.com
1 odr.mookie1.com 1 redirects
1 data.adsrvr.org 1 redirects
1 sync-amz.ads.yieldmo.com s.amazon-adsystem.com
1 ssbsync-us.smartadserver.com 1 redirects
1 rtb.gumgum.com s.amazon-adsystem.com
1 onetag-sys.com s.amazon-adsystem.com
1 s.ad.smaato.net 1 redirects
1 csync.loopme.me 1 redirects
1 cdn.id5-sync.com www.cpomagazine.com
1 as-sec.casalemedia.com js-sec.indexww.com
1 signal-beacon.s-onetag.com get.s-onetag.com
1 onetag-geo.s-onetag.com get.s-onetag.com
1 api.rlcdn.com js-sec.indexww.com
1 pixel.quantserve.com
1 api.id5-sync.com monu.delivery
1 js-sec.indexww.com monu.delivery
1 get.s-onetag.com monu.delivery
1 fonts.gstatic.com fonts.googleapis.com
1 rules.quantcount.com secure.quantserve.com
1 unpkg.com cpomagazine.activehosted.com
1 fonts.googleapis.com cpomagazine.activehosted.com
1 quantcast.mgr.consensu.org cmp.quantcast.com
1 secure.quantserve.com cmp.quantcast.com
1 analytics.google.com www.googletagmanager.com
1 cmp.quantcast.com www.cpomagazine.com
1 static.cloudflareinsights.com www.cpomagazine.com
0 signal-metrics-collector-beta.s-onetag.com Failed signal-beacon.s-onetag.com
0 dsum.casalemedia.com Failed
528 143
Subject Issuer Validity Valid
www.cpomagazine.com
GTS CA 1P5		 2023-03-14 -
2023-06-12		 3 months crt.sh
*.monu.delivery
Sectigo RSA Domain Validation Secure Server CA		 2023-02-23 -
2024-03-25		 a year crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2023-04-10 -
2024-04-09		 a year crt.sh
*.google-analytics.com
GTS CA 1C3		 2023-03-28 -
2023-06-20		 3 months crt.sh
cmp.quantcast.com
R3		 2023-02-13 -
2023-05-14		 3 months crt.sh
activehosted.com
Cloudflare Inc ECC CA-3		 2022-12-07 -
2023-12-06		 a year crt.sh
*.google.com
GTS CA 1C3		 2023-03-28 -
2023-06-20		 3 months crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2023-03-28 -
2023-06-20		 3 months crt.sh
*.quantserve.com
DigiCert TLS RSA SHA256 2020 CA1		 2022-08-09 -
2023-09-09		 a year crt.sh
upload.video.google.com
GTS CA 1C3		 2023-03-28 -
2023-06-20		 3 months crt.sh
quantserve.com
R3		 2023-02-13 -
2023-05-14		 3 months crt.sh
imps.monu.delivery
GTS CA 1D4		 2023-04-01 -
2023-06-30		 3 months crt.sh
*.gstatic.com
GTS CA 1C3		 2023-03-28 -
2023-06-20		 3 months crt.sh
*.confiant-integrations.net
GTS CA 1P5		 2023-03-27 -
2023-06-25		 3 months crt.sh
c.amazon-adsystem.com
Amazon RSA 2048 M01		 2023-02-28 -
2024-02-17		 a year crt.sh
*.s-onetag.com
Amazon RSA 2048 M01		 2023-02-23 -
2024-01-02		 10 months crt.sh
*.id5-sync.com
R3		 2023-01-25 -
2023-04-25		 3 months crt.sh
web.ssp.yahoo.com
DigiCert SHA2 High Assurance Server CA		 2022-12-27 -
2023-06-21		 6 months crt.sh
*.consumableaudio.com
R3		 2023-02-14 -
2023-05-15		 3 months crt.sh
*.media.net
Sectigo RSA Domain Validation Secure Server CA		 2022-04-06 -
2023-05-04		 a year crt.sh
*.cootlogix.com
Sectigo RSA Domain Validation Secure Server CA		 2022-11-14 -
2023-11-14		 a year crt.sh
omnitagjs.com
Sectigo RSA Domain Validation Secure Server CA		 2022-06-21 -
2023-07-21		 a year crt.sh
*.adnxs.com
GeoTrust ECC CA 2018		 2023-02-13 -
2024-03-15		 a year crt.sh
*.a-mo.net
R3		 2023-04-03 -
2023-07-02		 3 months crt.sh
gumgum.com
Amazon RSA 2048 M01		 2023-02-17 -
2023-08-05		 6 months crt.sh
*.pubmatic.com
DigiCert Baltimore TLS RSA SHA256 2020 CA1		 2022-06-13 -
2023-07-14		 a year crt.sh
*.go.sonobi.com
Go Daddy Secure Certificate Authority - G2		 2022-12-06 -
2024-01-07		 a year crt.sh
*.rubiconproject.com
DigiCert TLS RSA SHA256 2020 CA1		 2023-03-05 -
2024-04-03		 a year crt.sh
*.yieldmo.com
Amazon RSA 2048 M02		 2023-02-28 -
2023-10-12		 7 months crt.sh
*.lijit.com
Go Daddy Secure Certificate Authority - G2		 2022-06-27 -
2023-06-05		 a year crt.sh
*.adsrvr.org
GlobalSign GCC R3 DV TLS CA 2020		 2022-03-31 -
2023-05-02		 a year crt.sh
*.rlcdn.com
Sectigo RSA Domain Validation Secure Server CA		 2023-02-02 -
2024-03-03		 a year crt.sh
aax-dtb-mobile-cf.amazon-adsystem.com
Amazon		 2022-06-15 -
2023-06-15		 a year crt.sh
prod.us-east-1.cxm-bcn.publisher-services.amazon.dev
Amazon RSA 2048 M02		 2022-12-27 -
2024-01-25		 a year crt.sh
*.eu-1-id5-sync.com
R3		 2023-01-25 -
2023-04-25		 3 months crt.sh
s.amazon-adsystem.com
Amazon RSA 2048 M01		 2023-03-03 -
2024-02-19		 a year crt.sh
tpc.googlesyndication.com
GTS CA 1C3		 2023-03-28 -
2023-06-20		 3 months crt.sh
*.onetag-sys.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2022-12-28 -
2024-01-28		 a year crt.sh
casalemedia.com
Go Daddy Secure Certificate Authority - G2		 2022-12-13 -
2024-01-13		 a year crt.sh
*.openx.net
GeoTrust RSA CA 2018		 2022-07-21 -
2023-08-21		 a year crt.sh
*.sharethrough.com
Amazon RSA 2048 M01		 2023-03-01 -
2023-08-12		 5 months crt.sh
*.ads.yieldmo.com
Amazon RSA 2048 M01		 2023-03-26 -
2024-04-23		 a year crt.sh
www.google.com
GTS CA 1C3		 2023-03-28 -
2023-06-20		 3 months crt.sh
*.deepintent.com
Go Daddy Secure Certificate Authority - G2		 2022-05-02 -
2023-06-03		 a year crt.sh
*.ad-server.k8s.ggops.com
Amazon RSA 2048 M01		 2023-02-28 -
2024-02-09		 a year crt.sh
*.adkernel.com
AlphaSSL CA - SHA256 - G4		 2023-01-03 -
2024-02-04		 a year crt.sh
*.ybp.yahoo.com
DigiCert SHA2 High Assurance Server CA		 2023-04-04 -
2023-09-27		 6 months crt.sh
aax-eu.amazon-adsystem.com
Amazon RSA 2048 M01		 2023-01-27 -
2024-01-27		 a year crt.sh
*.everesttech.net
GlobalSign Atlas R3 DV TLS CA 2022 Q4		 2022-11-07 -
2023-12-09		 a year crt.sh
*.crwdcntrl.net
Go Daddy Secure Certificate Authority - G2		 2022-05-01 -
2023-06-02		 a year crt.sh
*.3lift.com
Amazon RSA 2048 M02		 2023-04-13 -
2024-05-11		 a year crt.sh
protected-by.clarium.io
Amazon RSA 2048 M01		 2022-12-16 -
2024-01-14		 a year crt.sh

This page contains 44 frames:

Primary Page: https://www.cpomagazine.com/cyber-security/suspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware/
Frame ID: BFAA5B1F130693665EE76DA3B038C1DC
Requests: 349 HTTP requests in this frame

Frame: https://monu.delivery/assets/scripts/vendors/xdomain/1.0.8a/xdomain_cookie.html
Frame ID: 3C68C38F6264F079FE7B49613624A0FF
Requests: 1 HTTP requests in this frame

Frame: https://www.cpomagazine.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/5dc70eb9/invisible.js?ts=1681516800
Frame ID: 3E451CE1C19F09D4A278EE39005407A5
Requests: 3 HTTP requests in this frame

Frame: https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&csif=t&gdpr=0&dl=gg_n-index_n-LoopMe_rx_n-MediaNet_n-Beeswax_ox-db5_smrt_n-smaato_n-sharethrough_n-onetag_n-simpli.fi_ym_rbd_an-db5_sovrn_3lift&dcc=t
Frame ID: D83087E0F41D205F014BB54EADEB70FF
Requests: 1 HTTP requests in this frame

Frame: https://3d42143788880280390f9d4398796108.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: AC2F364E5B9753E48337C35484DF418C
Requests: 1 HTTP requests in this frame

Frame: https://s.amazon-adsystem.com/v3/pr?exlist=gg_n-index_n-LoopMe_rx_n-MediaNet_n-Beeswax_ox-db5_smrt_n-smaato_n-sharethrough_n-onetag_n-simpli.fi_ym_rbd_an-db5_sovrn_3lift&fv=1.0&a=cm&cm3ppd=1&dmt=3&gdpr=0
Frame ID: 90C229A47D29AE7ACC4495BE1B0860AB
Requests: 8 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usync/amzns2s?r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dgg.com%26id%3D&gdpr=0
Frame ID: B4CA8E61F48FBF276EC4A41005AFC499
Requests: 15 HTTP requests in this frame

Frame: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&gdpr=0&s=192259&C=1
Frame ID: 592ABDAE71AC8D3ACDB51761277824F2
Requests: 10 HTTP requests in this frame

Frame: https://u.openx.net/w/1.0/cm?cc=1&id=e818ca1e-0c23-caa8-0dd3-096b0ada08b7&ph=2d1251ae-7f3a-47cf-bd2a-2f288854a0ba&plm=5&r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dopenx.com%26id%3D%7BOPENX_ID%7D&gdpr=0
Frame ID: 2AC808183243419199B6AE47DCA06C5C
Requests: 7 HTTP requests in this frame

Frame: https://s.amazon-adsystem.com/ecm3?ex=smart.com&id=8001528019965322294&gdpr=0&gdpr_consent=
Frame ID: 7A805BC9D5CBABA0D8C2FB5640F0FB04
Requests: 1 HTTP requests in this frame

Frame: https://match.sharethrough.com/jwumXNuB/v1/?callback=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dsharethrough.com%26id%3D%24UID&gdpr=0
Frame ID: EF796305ED1F3FE3CB80A858D5E6C1DC
Requests: 6 HTTP requests in this frame

Frame: https://sync-amz.ads.yieldmo.com/tamptsync?callback=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dym.com%26id%3D%24UID&gdpr=0
Frame ID: F4F76B4D7C075CE3829D218DCE538DE1
Requests: 7 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?p=a9us&endpoint=us-east&gdpr=0
Frame ID: FDA5DAEBF3C316968F96308DE6D699D9
Requests: 11 HTTP requests in this frame

Frame: https://s.amazon-adsystem.com/ecm3?id=4326297819836415887&ex=appnexus.com&gdpr=0
Frame ID: C77B8CCFE57CD1BE2247D12C18918787
Requests: 1 HTTP requests in this frame

Frame: https://ap.lijit.com/beacon/amazon?url=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fid%3D%24UID&ex=sovrn.com&gdpr=0
Frame ID: 56398200665B01F3DFC12B715ABBF012
Requests: 7 HTTP requests in this frame

Frame: https://s.amazon-adsystem.com/ecm3?ex=3lift.com&id=987842216595597250627
Frame ID: 63C6BF13F9A9C89C8233A06E815E03FE
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: E3CA09C8DBE150F3A0F1582E63D6758B
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 3ADDC05C24C7C49CAF489C8AD679C0E6
Requests: 2 HTTP requests in this frame

Frame: https://usersync.gumgum.com/usersync?b=mmh&i=585f6439-f17a-4c00-b1f6-f95423933410&gdpr=0&gdpr_consent=
Frame ID: C329C6C1B9E166A1ADA322155D39B036
Requests: 1 HTTP requests in this frame

Frame: https://sync.adkernel.com/user-sync?zone=181093&r=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dmdp%26i%3D%5BUID%5D&gdpr=0&gdpr_consent=&ccpa=
Frame ID: 91C33311C0EFBFC47455663C896F5B3D
Requests: 1 HTTP requests in this frame

Frame: https://usersync.gumgum.com/usersync?b=atm&i=ZDnxeQAC0PB7jABS&gdpr=0&gdpr_consent=&_test=ZDnxeQAC0PB7jABS
Frame ID: 9FF0DABC6A0A90D85774870F1E98D700
Requests: 1 HTTP requests in this frame

Frame: https://cm.g.doubleclick.net/pixel?google_nid=gumgum_dbm&google_hm=dV9iZmFlYzE2Ny01NmJkLTQ4ODQtOTkyYi0yMDgwYWFjZWZjNmE=&gdpr=0&gdpr_consent=&google_redir=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dgdv&google_tc=
Frame ID: 69CE876B4077DA11A9C44D734D6724D3
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=0&gdprConsent=
Frame ID: C7A1AA5789EEF7436B46F2F33A3D8E3B
Requests: 14 HTTP requests in this frame

Frame: https://usersync.gumgum.com/usersync?b=ttd&i=c3db27b5-56e8-4f77-8870-8d51c49d4722
Frame ID: CC580967F6A1F68F79CEC44BE814D3B0
Requests: 1 HTTP requests in this frame

Frame: https://usersync.gumgum.com/usersync?b=sus&i=ZDnxesCo8X0AABoGDVcAAAAA
Frame ID: 34665F982EF10AA0FBC75B8350465D54
Requests: 1 HTTP requests in this frame

Frame: https://usersync.gumgum.com/usersync?b=aad&i=374e3d00-6b0b-4bb3-9db1-a37a64f42882
Frame ID: 68B841459AEA8022F4F3EE3FE995BFFB
Requests: 1 HTTP requests in this frame

Frame: https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Diex%26i%3D&s=189872&C=1
Frame ID: 3C2A5221EE729F80517DCB3D1B793212
Requests: 1 HTTP requests in this frame

Frame: https://usersync.gumgum.com/usersync?b=rth&i=dDdekom0waLgr7nK8NCu&pi=gumgum&tc=1
Frame ID: F9721FFD80C9534B5BE0CED8AC231247
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?p=gumgum
Frame ID: CC41DA9BE0B7CE0F5EA89F0F97B1BDA0
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/pagead/js/r20230412/r20110914/client/error_handler.js
Frame ID: 8D63B289446352ACF4866612F3B8A93D
Requests: 10 HTTP requests in this frame

Frame: https://sync-tm.everesttech.net/upi/pid/b9pj45k4?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=${TM_USER_ID}&gdpr=1&gdpr_consent=
Frame ID: D24B917037A5335AE982DC1D3F204908
Requests: 1 HTTP requests in this frame

Frame: https://s.amazon-adsystem.com/dcm?pid=3b882453-6770-4785-baf8-a598533c054a&id=8F824F89-013C-46A9-87E2-69523480120E&redir=true&gdpr=0&gdpr_consent=
Frame ID: 3B4D1CD82E4BE64AB21EA225DA3C0346
Requests: 1 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyOTcmdGw9MTI5NjAw&piggybackCookie=AAEQok7Ic-MAACA7U7DXIQ&gdpr=0
Frame ID: EDF3911595EF4191B7E00104ECC3C30F
Requests: 1 HTTP requests in this frame

Frame: https://usersync.gumgum.com/usersync?b=pbm&i=8F824F89-013C-46A9-87E2-69523480120E
Frame ID: 1F3E4FAAC4FAF6C4DFE9768780EB3900
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20230412/r20190131/zrt_lookup.html
Frame ID: 05BD8FF3212A67C81D797C61F3EBB701
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?gdpr=0&us_privacy=1---&client=ca-pub-1360089709940309&output=html&adk=1812271804&adf=3025194257&lmt=1681509637&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=164x810_l%7C164x810_r&format=0x0&url=https%3A%2F%2Fwww.cpomagazine.com%2Fcyber-security%2Fsuspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware%2F&ea=0&host=ca-host-pub-2644536267352236&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1681518978141&bpp=7&bdt=11579&idt=385&shv=r20230412&mjsv=m202304100101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Ddbb218a7b09e9ffc%3AT%3D1681518969%3AS%3DALNI_MZ_54gw5Po37YGUasJzBAJR9z_tRQ&gpic=UID%3D00000be2ab1fca0e%3AT%3D1681518969%3ART%3D1681518969%3AS%3DALNI_MaDsYPmWyU5yV_OwRsNx6yGEDPQ8g&nras=1&correlator=2939805918124&rume=1&frm=20&pv=2&ga_vid=557382840.1681518967&ga_sid=1681518969&ga_hid=882669968&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31073585%2C31073762%2C31061691%2C31061692&oid=2&pvsid=4164485387214954&tmod=1829275388&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=2&uci=a!2&fsb=1&dtd=447
Frame ID: 5D0E1A4E98E6650E95D57CD7A3DE78B4
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?gdpr=0&us_privacy=1---&client=ca-pub-1360089709940309&output=html&h=280&slotname=2664408395&adk=2415172762&adf=138841947&pi=t.ma~as.2664408395&w=770&fwrn=1&fwrnh=100&lmt=1681509637&rafmt=1&format=770x280&url=https%3A%2F%2Fwww.cpomagazine.com%2Fcyber-security%2Fsuspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware%2F&host=ca-host-pub-2644536267352236&fwr=0&fwrattr=false&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1681518978169&bpp=5&bdt=11607&idt=452&shv=r20230412&mjsv=m202304100101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Ddbb218a7b09e9ffc%3AT%3D1681518969%3AS%3DALNI_MZ_54gw5Po37YGUasJzBAJR9z_tRQ&gpic=UID%3D00000be2ab1fca0e%3AT%3D1681518969%3ART%3D1681518969%3AS%3DALNI_MaDsYPmWyU5yV_OwRsNx6yGEDPQ8g&prev_fmts=0x0&nras=1&correlator=2939805918124&rume=1&frm=20&pv=1&ga_vid=557382840.1681518967&ga_sid=1681518969&ga_hid=882669968&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=3795&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31073585%2C31073762%2C31061691%2C31061692&oid=2&pvsid=4164485387214954&tmod=1829275388&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=cCaaYUJ5Qp&p=https%3A//www.cpomagazine.com&dtd=465
Frame ID: 6BBC3255903FB9C7A584F91E7D5540E2
Requests: 1 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuDbgmqv5uEE_ZHr7uVjP5Ed79faRGWgvBdZbK6ZJG1BYuocwnDPu6fSDCqujZ0QFYC7tGKCk26xWXg-mdehHM-E-pGZK-sM8npAX0awqhrzJGikTlFJOHaIksC959nJHzVdUUBt5MekFxeio9qXeKVwJOraACaOfaq8_8Dn0CaS7o_eTKtL2pVmlehtbQxYsUJ6s2gtFlRJ5iMGz2Y6uTW6JuxI7tMo9caFyG6uevCkBj_3SzNOkrLa-dXTQ8u31cuzQa0wu2yxUwoSTmU1t_H-fWyiQPl9DDchpOnMOXbSqaDc69XNqNQCOQ82Zq4BYrDnF3ZtqjmDd4&sai=AMfl-YRtuEymyaSqTvHMpdczZMmZEJECy0LznC5GoUPbxil1vDLqCJkzpDdHc4zAdh_YNZfUPIGgxNtAFxjOF5O7MzFABteruCjeS8SRbacd6oCbX8uoxmLvz_oSVDV2Gmo&sig=Cg0ArKJSzC_uQa7eQYbUEAE&uach_m=[UACH]&adurl=
Frame ID: EFF200D6AFC1E18F4A0E409796400998
Requests: 10 HTTP requests in this frame

Frame: https://3d42143788880280390f9d4398796108.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 58EA54F8BD10153828D02A0C50A6C0B1
Requests: 12 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstNb876yOd2g3ZUl5j3Z66Sgp-4q8pxWkOR9Qf36d7_l8fD1vUEE8ZAvxM7-DG0BMlGvpmf0Egm_3PXf6UWVb24oJ6pnIPDA0w65G5m1kk1Wvk_8jA0j3Cu0UxiDUV9a8-u4pOJtGs31qm7xO4baLqocYEH1c8CVf2Vp-c_qf-tP3gZP9eCleRJ7upCtjby_cE7-Eq458Q417qD8h6luivlJ5DFWpUyWKpwqdC9Apg3mAT5K2mFzYhMvs390IybZ0SNOfyQgjn1qcrWt9MSA3i8Ysm6_Y1m97ITW8oGNk8xVJLMZ13CE05z5qFVPk_hbSvpvGHw5_ewbjw&sai=AMfl-YQ6NSeZrm_lH2mlDB-yvpQ4to-rHpUCvdZo-ygw0BMvW3PZAl7yeckN7cHzSYl8LZc4Rwb9eR_YyJDOcaSgRApZjqTpZfbsJuXPgQkp-vl6HdeGdQi6zwUwnoVS-zI&sig=Cg0ArKJSzKhbX3_MomjMEAE&uach_m=[UACH]&adurl=
Frame ID: 396FB061728A43A0EE846CC8F3BB609B
Requests: 9 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstTLzgbDbADjw22KGrN-4eL5fGcd2_BIq_EzV5e0q7YxZKCzXfHZT5ySEU2Xi_48OVNJkZ-pjaJww771T8nnsfVslNhU57yBNbyfHJauGWcUvVR7jtyJutwmCb5glpM94-h_xktVY7N4AW-m7W1NmP56l6tBkYYNtb9FfIRN1Y5Yn-i0R2HSRGx_ooeJlTtUFu8bALEAs_TR_9INXeYzWZp0Zh-h-NG3CXczT8Jr20nsnAaWMNqqe7_i6P76l7fS_sEXN7qqtDrAqUcDK7DxJD_GSuDgP90S4Ba-PbKWCiUZ37wsT0jhlJPcFWF5GoDH1vB_9DFJM8Zicg&sai=AMfl-YTFTLBDLJc7QOLDU6bdgyNONxc-czlHO_TozapVEYZMbhzFcU4xfoj-lUIx2eHW-5Vhdl25R7F_JAagUqa0QxcSpiBE9Wy1t4wgaiKL8dn553H7lgAt_8JVpJpXB5E&sig=Cg0ArKJSzKaORaBxZfiwEAE&uach_m=[UACH]&adurl=
Frame ID: F77D8CC3B85448AAE86FA6E199C9F178
Requests: 9 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CIYBELSz2JsDGL72uuUBMAE&v=APEucNWTts8dzM0KSeEA8R1Qgf4g-p9ItJHK5BY1ZBL1nIvQtjGgL-85Ea0tOEPvylK9F2CMLxPfX2yrCq9SaFGLBBeXh3n3n39S99ubhHngN_LiuORmeg0
Frame ID: C01B64D2AB03F481D9A9FEDF9101EBD1
Requests: 5 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvJ0oCvpUEZm7J5GYd4mvVePNI6WYt3Um8yJ1wA0XcI6ZNQSq6g54I3nUx-er-yuzzjRolp9KDXUspgOga6SKcYDMFxVXcdSxpBYWb_94eAcXisRt7RgEVZN313uo4ARBK24Cebd5O23-PIxGuO0FReBNZRzHFTpbYnwhP2tewU7Nlw4kibfT3HdQIi97zbvCTW0Hlfc7bIZ7F0JHIClCIhJk-_vwxMYJ7VsUNc21l2dKr7Uh3AqBOmbTs4fBxsTqV9PQ961EX-lidRhV7W4RlaUkETRfzLgQ4xeE9AZ5Xct3Ffd1njlRUJ7LP2daEkFFeLccQNerLKxeY&sai=AMfl-YRFIBLN3dVwmR-NQyp_GNakJZxnl2XjezbVX0f9Pf6g5l3O-TNVa8NpLeYKPqodHgz-PeV79lgoOUq5Kvs4bh_QvJ4EMHaAos54jbuV8WASsQ800Qy0kCw8g9af3KA&sig=Cg0ArKJSzA6_N5c0Gpr4EAE&uach_m=[UACH]&adurl=
Frame ID: CD238D2EB8E14DAD88247AC24032E56D
Requests: 8 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuAL5Iwxyh_1xJyAbl33P-ZzKfEp0MfDqDO7t2KArzoUtthCYySlZaJuQg1LtLiLPhKPvrx_GOJcSWbUJMvW51l6I5nS5Ot2K6ULzpNcbJX-N_WKOpw5rgWdoZbYKv2yNYD5qKP4MFjzvy90a5ejVHQ5K8PgC3ibEpjwukuZ5RLsJYLIWyoKpraa3w-Wpjq6oJ9pGbNfQ8sKh485axXOxwsARksPmBRJ6dX3YqJYAjFDFbgoVuAheY3MtTnuSZQC2P7XqMTbG0CTMmxLD56TFqoHR3APbRoMXFY544MJ2iwu_S-lq1WnVCg_E_5tvOYnPFbfKMKdBwJmH0&sai=AMfl-YToij8wPhkQtX1CVGrd9yAYFj3RaWwEEuxrhQTnUIwhdwohbI7lPfzcmlXKL7QnXAC4rwP-_u17CpiYzTik6xmVxuzqJXq2GUV_Ie60qRtXXhn-oI0d-Jbc7Pu-ik0&sig=Cg0ArKJSzPS-Tqfa28CMEAE&uach_m=[UACH]&adurl=
Frame ID: D4C676B2E6C9A06E8426474605BDAA91
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Suspected Chinese Threat Actors Infected IRS Authorized Tax Return Website With JavaScript Malware - CPO Magazine

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
  • /wp-(?:content|includes)/
Overall confidence: 100%
Detected patterns
  • <!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -
Overall confidence: 100%
Detected patterns
  • adnxs\.(?:net|com)
Overall confidence: 100%
Detected patterns
  • static\.cloudflareinsights\.com/beacon(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • googlesyndication\.com/
Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtag/js
Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.openx\.net
Overall confidence: 100%
Detected patterns
  • adnxs\.com/[^"]*(?:prebid|/pb\.js)
Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.pubmatic\.com
Overall confidence: 100%
Detected patterns
  • quantcast\.mgr\.consensu\.org
Overall confidence: 100%
Detected patterns
  • \.quantserve\.com/quant\.js
Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.rubiconproject\.com
Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

528
Requests

81 %
HTTPS

26 %
IPv6

87
Domains

143
Subdomains

90
IPs

7
Countries

3415 kB
Transfer

7803 kB
Size

220
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 67
  • https://www.cpomagazine.com/cdn-cgi/challenge-platform/h/g/scripts/alpha/invisible.js?ts=1681516800 HTTP 302
  • https://www.cpomagazine.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/5dc70eb9/invisible.js?ts=1681516800
Request Chain 129
  • https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&csif=t&gdpr=0&dl=gg_n-index_n-LoopMe_rx_n-MediaNet_n-Beeswax_ox-db5_smrt_n-smaato_n-sharethrough_n-onetag_n-simpli.fi_ym_rbd_an-db5_sovrn_3lift HTTP 302
  • https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&csif=t&gdpr=0&dl=gg_n-index_n-LoopMe_rx_n-MediaNet_n-Beeswax_ox-db5_smrt_n-smaato_n-sharethrough_n-onetag_n-simpli.fi_ym_rbd_an-db5_sovrn_3lift&dcc=t
Request Chain 137
  • https://csync.loopme.me/?pubid=11405&redirect=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dloopme.com%26id%3D%7Bviewer_token%7D&gdpr=0 HTTP 307
  • https://s.amazon-adsystem.com/ecm3?ex=loopme.com&id=cecf59c6-3046-4dd6-9727-2612df210d6e&gdpr=0
Request Chain 138
  • https://sync.1rx.io/usersync2/rmpssp?sub=amazon&redir=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Drhythmone.com%26id%3D%5BRX_UUID%5D&gdpr=0 HTTP 302
  • https://sync.1rx.io/usersync2/rmpssp?sub=amazon&zcc=1&redir=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Drhythmone.com%26id%3D%5BRX_UUID%5D&cb=1681518970265 HTTP 302
  • https://ad.turn.com/r/cs?pid=45&rndcb=8525777729 HTTP 302
  • https://sync.1rx.io/usersync/turn/6990014948470434787?dspret=1&gdpr=&gdpr_consent=&us_privacy= HTTP 302
  • https://sync.targeting.unrulymedia.com/csync/RX-54d3546a-c14b-4ee8-a37f-746800d03826-005?redir=https%3A%2F%2Fads.yieldmo.com%2Fv000%2Fsync%3Fpn_id%3Dunl%26id%3DRX-54d3546a-c14b-4ee8-a37f-746800d03826-005 HTTP 302
  • https://ads.yieldmo.com/v000/sync?pn_id=unl&id=RX-54d3546a-c14b-4ee8-a37f-746800d03826-005
Request Chain 139
  • https://cs.media.net/cksync?cs=31&type=tam&redirect=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dmedia.net%26id%3D%3Cvsid%3E&gdpr=0 HTTP 302
  • https://s.amazon-adsystem.com/ecm3?ex=media.net&id=3245205696419414000V10
Request Chain 140
  • https://match.prod.bidr.io/cookie-sync/amzn?r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dbeeswax.com%26id%3D%24UID&gdpr=0 HTTP 303
  • https://match.prod.bidr.io/cookie-sync/amzn?r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dbeeswax.com%26id%3D%24UID&gdpr=0&_bee_ppp=1 HTTP 303
  • https://s.amazon-adsystem.com/ecm3?id=AAEQok7Ic-MAACA7U7DXIQ&ex=beeswax.com
Request Chain 141
  • https://s.ad.smaato.net/c/?adExInit=aps&redir=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dsmaato.com%26id%3D%24UID HTTP 302
  • https://s.amazon-adsystem.com/ecm3?ex=smaato.com&id=f27be345
Request Chain 143
  • https://um.simpli.fi/amazon/https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dsimpli.fi%26id%3D?gdpr=0 HTTP 302
  • https://s.amazon-adsystem.com/ecm3?id=E413E3FEFADF4A0294187682FE2624B3&ex=simpli.fi&status=ok
Request Chain 145
  • https://ssum-sec.casalemedia.com/usermatch?s=192259&cb=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&gdpr=0 HTTP 302
  • https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&gdpr=0&s=192259&C=1
Request Chain 146
  • https://u.openx.net/w/1.0/cm?id=e818ca1e-0c23-caa8-0dd3-096b0ada08b7&ph=2d1251ae-7f3a-47cf-bd2a-2f288854a0ba&plm=5&r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dopenx.com%26id%3D%7BOPENX_ID%7D&gdpr=0 HTTP 302
  • https://u.openx.net/w/1.0/cm?cc=1&id=e818ca1e-0c23-caa8-0dd3-096b0ada08b7&ph=2d1251ae-7f3a-47cf-bd2a-2f288854a0ba&plm=5&r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dopenx.com%26id%3D%7BOPENX_ID%7D&gdpr=0
Request Chain 147
  • https://ssbsync-us.smartadserver.com/api/sync?callerId=2&gdpr=0 HTTP 302
  • https://s.amazon-adsystem.com/ecm3?ex=smart.com&id=8001528019965322294&gdpr=0&gdpr_consent=
Request Chain 151
  • https://ib.adnxs.com/getuid?https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fid=%24UID&ex=appnexus.com&gdpr=0 HTTP 307
  • https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fs.amazon-adsystem.com%252Fecm3%253Fid%3D%2524UID%26ex%3Dappnexus.com%26gdpr%3D0 HTTP 302
  • https://s.amazon-adsystem.com/ecm3?id=4326297819836415887&ex=appnexus.com&gdpr=0
Request Chain 153
  • https://eb2.3lift.com/getuid?redir=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3D3lift.com%26id%3D%24UID&gdpr=0 HTTP 302
  • https://eb2.3lift.com/getuid?ld=1&gdpr=0&cmp_cs=&us_privacy=&redir=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3D3lift.com%26id%3D%24UID HTTP 302
  • https://s.amazon-adsystem.com/ecm3?ex=3lift.com&id=987842216595597250627
Request Chain 157
  • https://pixel-sync.sitescout.com/dmp/pixelSync?nid=23&gdpr=0&gdpr_consent= HTTP 302
  • https://pixel-sync.sitescout.com/dmp/pixelSync?cookieQ=1&nid=23&gdpr=0&gdpr_consent= HTTP 302
  • https://sync.crwdcntrl.net/qmap?c=1389&tp=STSC&tpid=b3ea3968-d86d-46cc-abe9-65d6c080f422-6439f179-5553&gdpr=0&gdpr_consent=&d=https%3A%2F%2Fpixel.tapad.com%2Fidsync%2Fex%2Fpush%3Fpartner_id%3D2499%26partner_device_id%3Db3ea3968-d86d-46cc-abe9-65d6c080f422-6439f179-5553%26partner_url%3Dhttps%253A%252F%252Fce.lijit.com%252Fmerge%253Fpid%253D16%25263pid%253Db3ea3968-d86d-46cc-abe9-65d6c080f422-6439f179-5553%2526gdpr%253D0%2526gdpr_consent%253D HTTP 302
  • https://sync.crwdcntrl.net/qmap?c=1389&tp=STSC&tpid=b3ea3968-d86d-46cc-abe9-65d6c080f422-6439f179-5553&gdpr=0&gdpr_consent=&d=https%3A%2F%2Fpixel.tapad.com%2Fidsync%2Fex%2Fpush%3Fpartner_id%3D2499%26partner_device_id%3Db3ea3968-d86d-46cc-abe9-65d6c080f422-6439f179-5553%26partner_url%3Dhttps%253A%252F%252Fce.lijit.com%252Fmerge%253Fpid%253D16%25263pid%253Db3ea3968-d86d-46cc-abe9-65d6c080f422-6439f179-5553%2526gdpr%253D0%2526gdpr_consent%253D&ct=y HTTP 302
  • https://pixel.tapad.com/idsync/ex/push?partner_id=2499&partner_device_id=b3ea3968-d86d-46cc-abe9-65d6c080f422-6439f179-5553&partner_url=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D16%263pid%3Db3ea3968-d86d-46cc-abe9-65d6c080f422-6439f179-5553%26gdpr%3D0%26gdpr_consent%3D HTTP 302
  • https://ce.lijit.com/merge?pid=16&3pid=b3ea3968-d86d-46cc-abe9-65d6c080f422-6439f179-5553&gdpr=0&gdpr_consent=
Request Chain 158
  • https://data.adsrvr.org/track/cmf/generic?ttd_pid=federatedmedia&gdpr=0&gdpr_consent= HTTP 302
  • https://ce.lijit.com/merge?pid=27&3pid=c3db27b5-56e8-4f77-8870-8d51c49d4722&gdpr=0&gdpr_consent=
Request Chain 159
  • https://bh.contextweb.com/bh/rtset?pid=558511&ev=1&rurl=https%3A%2F%2Fce.lijit.com/merge?pid=49&3pid=%%VGUID%%&gdpr=0&gdpr_consent= HTTP 302
  • https://ce.lijit.com/merge?pid=49&3pid=rtQ4O1zP1BMH&ev=1&pid=558511&gdpr_consent=&gdpr=0
Request Chain 160
  • https://rtb.mfadsrvr.com/sync?ssp=sovrn&gdpr=0&gdpr_consent= HTTP 302
  • https://rtb.mfadsrvr.com/ul_cb/sync?ssp=sovrn&gdpr=0&gdpr_consent= HTTP 302
  • https://ce.lijit.com/merge?pid=87&3pid=b38ec8d5-57ed-4167-ad9e-77185aca6071
Request Chain 161
  • https://match.prod.bidr.io/cookie-sync/svr?gdpr=0&gdpr_consent= HTTP 303
  • https://match.prod.bidr.io/cookie-sync/svr?gdpr=0&gdpr_consent=&_bee_ppp=1 HTTP 303
  • https://ce.lijit.com/merge?pid=85&3pid=AAEQok7Ic-MAACA7U7DXIQ&gdpr=0
Request Chain 162
  • https://secure.adnxs.com/getuid?https://usersync.gumgum.com/usersync?b=apn&i=$UID HTTP 302
  • https://usersync.gumgum.com/usersync?b=apn&i=4326297819836415887
Request Chain 163
  • https://x.bidswitch.net/sync?ssp=gumgum2&user_id=u_bfaec167-56bd-4884-992b-2080aacefc6a&gdpr=0&gdpr_consent=&us_privacy= HTTP 302
  • https://x.bidswitch.net/ul_cb/sync?ssp=gumgum2&user_id=u_bfaec167-56bd-4884-992b-2080aacefc6a&gdpr=0&gdpr_consent=&us_privacy= HTTP 302
  • https://odr.mookie1.com/t/v2/sync?tagid=V2_790378&src.visitorId=20b4ae6c-e39e-4a8a-ba76-53d1e9e8db78&ssp=gumgum2&gdpr=0&gdpr_consent= HTTP 302
  • https://x.bidswitch.net/sync?dsp_id=419&user_id=10595069973710774983&ssp=gumgum2&gdpr=0&gdpr_consent= HTTP 302
  • https://usersync.gumgum.com/usersync?b=bsw&i=20b4ae6c-e39e-4a8a-ba76-53d1e9e8db78&gdpr=0&gdpr_consent=&us_privacy=
Request Chain 164
  • https://sync.outbrain.com/redirectObuid?platformId=GUMGU18H7EL9NI653I7DPEH51&gdpr=0&gdprConsent=&platformRdUrl=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dobn%26i%3D%7BOB_UID%7D%26r%3D%7BobRdUrl%7D HTTP 302
  • https://usersync.gumgum.com/usersync?b=obn&i=ENC%28x_Zt0elqisbeTODfYEAs7SiOCv3yBza9TosrOEkp9RJ2WBYhyFuua57DUE8ooD3e%29&r=https%3A%2F%2Fsync.outbrain.com%2FsyncUser%3FplatformId%3D%7Bplatform_id%7D%26platformUid%3D%7Bplatform_uid%7D%26obuid%3DENC%28x_Zt0elqisbeTODfYEAs7SiOCv3yBza9TosrOEkp9RJ2WBYhyFuua57DUE8ooD3e%29 HTTP 302
  • https://sync.outbrain.com/syncUser?platformId=GUMGU18H7EL9NI653I7DPEH51&platformUid=u_bfaec167-56bd-4884-992b-2080aacefc6a&obuid=ENC(x_Zt0elqisbeTODfYEAs7SiOCv3yBza9TosrOEkp9RJ2WBYhyFuua57DUE8ooD3e) HTTP 302
  • https://sync.outbrain.com/syncPlatform?platformId=GUMGU18H7EL9NI653I7DPEH51 HTTP 302
  • https://c.bing.com/c.gif?red3=MSOB_pd&uid=%24D
Request Chain 165
  • https://us-u.openx.net/w/1.0/cm?_={CACHEBUSTER}&id=47f31213-389c-4904-aaa6-9b11aab9c211&gdpr=0&gdpr_consent=&us_privacy=&r=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dopx%26i%3D HTTP 302
  • https://us-u.openx.net/w/1.0/cm?cc=1&_={CACHEBUSTER}&id=47f31213-389c-4904-aaa6-9b11aab9c211&gdpr=0&gdpr_consent=&us_privacy=&r=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dopx%26i%3D HTTP 302
  • https://usersync.gumgum.com/usersync?b=opx&i=a7668d9c-e267-0178-176c-e0a3936620e2
Request Chain 166
  • https://sync.srv.stackadapt.com/sync?nid=1&gdpr=0&gdpr_consent= HTTP 302
  • https://usersync.gumgum.com/usersync?b=sta&i=0-896497ea-5dde-5276-67db-4d15c2d6ed0f$ip$167.88.7.162
Request Chain 167
  • https://pr-bh.ybp.yahoo.com/sync/gumgum?gdpr=0&gdpr_consent= HTTP 302
  • https://usersync.gumgum.com/usersync?b=oth&i=y-.marmDFE2pdUQoBLRaydYTQMGT6BGsqAfgx4~A
Request Chain 168
  • https://sync.ipredictive.com/d/sync/cookie/generic?partner=gumgum&cspid=9&append=1&cb=${ADELPHIC_CACHE_BUSTER}&gdpr=0&gdpr_consent=&us_privacy=&redirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dvnt%26i%3D HTTP 302
  • https://usersync.gumgum.com/usersync?b=vnt&i=3394644c-f63c-4f49-a881-64a342a59cec
Request Chain 169
  • https://sync.technoratimedia.com/services?srv=cs&pid=65&us_privacy=&cb=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dsnc%26i%3D%5BUSER_ID%5D HTTP 307
  • https://usersync.gumgum.com/usersync?b=snc&i=7B5D3D1F33554FFE86F29FD5649C94B3
Request Chain 171
  • https://b1sync.zemanta.com/usersync/gumgum/?puid=u_bfaec167-56bd-4884-992b-2080aacefc6a&gdpr=0&gdpr_consent=&us_privacy=&cb=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dzem%26i%3D__ZUID__ HTTP 302
  • https://stags.bluekai.com/site/23178?id=Y7fu5ag9inDiww0hVf_G&redir=https%3A%2F%2Fb1sync.zemanta.com%2Fusersync%2Fbluekai%2Fcallback%2F%3Fd%3DNB2HI4DTHIXS65LTMVZHG6LOMMXGO5LNM52W2LTDN5WS65LTMVZHG6LOMM7WEPL2MVWSMZLYMNUGC3THMU6WO5LNM52W2JTHMRYHEPJQEZUT2WJXMZ2TKYLHHFUW4RDJO53TA2CWMZPUO&gdpr=0 HTTP 302
  • https://b1sync.zemanta.com/usersync/bluekai/callback/?d=NB2HI4DTHIXS65LTMVZHG6LOMMXGO5LNM52W2LTDN5WS65LTMVZHG6LOMM7WEPL2MVWSMZLYMNUGC3THMU6WO5LNM52W2JTHMRYHEPJQEZUT2WJXMZ2TKYLHHFUW4RDJO53TA2CWMZPUO HTTP 302
  • https://usersync.gumgum.com/usersync?b=zem&gdpr=0&i=Y7fu5ag9inDiww0hVf_G
Request Chain 172
  • https://ad.360yield.com/server_match?partner_id=N&r=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Didi%26i%3D%7BPUB_USER_ID%7D HTTP 302
  • https://ad.360yield.com/ul_cb/server_match?partner_id=N&r=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Didi%26i%3D%7BPUB_USER_ID%7D HTTP 302
  • https://usersync.gumgum.com/usersync?b=idi&i=3bc9e70f-627e-432f-955b-98181c181322
Request Chain 173
  • https://bh.contextweb.com/bh/rtset?pid=558355&ev=1&rurl=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dpln%26i%3D%25%25VGUID%25%25 HTTP 302
  • https://usersync.gumgum.com/usersync?b=pln&i=rtQ4O1zP1BMH&ev=1&pid=558355
Request Chain 174
  • https://ssbsync.smartadserver.com/api/sync?callerId=15&redirectUri=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dsad%26i%3D%5Bssb_sync_pid%5D&gdpr=0&gdpr_consent= HTTP 302
  • https://usersync.gumgum.com/usersync?b=sad&i=8001528019965322294
Request Chain 176
  • https://sync.mathtag.com/sync/img?mt_exid=71&gdpr=0&gdpr_consent=&redir=https%3a%2f%2fusersync.gumgum.com%2fusersync%3fb%3dmmh%26i%3d%5bMM_UUID%5d HTTP 302
  • https://usersync.gumgum.com/usersync?b=mmh&i=585f6439-f17a-4c00-b1f6-f95423933410&gdpr=0&gdpr_consent=
Request Chain 178
  • https://sync-tm.everesttech.net/upi/pid/URnmbSKM?redir=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Datm%26i%3D%24%7BTM_USER_ID%7D&gdpr=0&gdpr_consent= HTTP 302
  • https://sync-tm.everesttech.net/ct/upi/pid/URnmbSKM?redir=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Datm%26i%3D%24%7BTM_USER_ID%7D&gdpr=0&gdpr_consent=&_test=ZDnxeQAC0PB7jABS HTTP 302
  • https://usersync.gumgum.com/usersync?b=atm&i=ZDnxeQAC0PB7jABS&gdpr=0&gdpr_consent=&_test=ZDnxeQAC0PB7jABS
Request Chain 179
  • https://cm.g.doubleclick.net/pixel?google_nid=gumgum_dbm&google_hm=dV9iZmFlYzE2Ny01NmJkLTQ4ODQtOTkyYi0yMDgwYWFjZWZjNmE=&gdpr=0&gdpr_consent=&google_redir=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dgdv HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=gumgum_dbm&google_hm=dV9iZmFlYzE2Ny01NmJkLTQ4ODQtOTkyYi0yMDgwYWFjZWZjNmE=&gdpr=0&gdpr_consent=&google_redir=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dgdv&google_tc=
Request Chain 181
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=gumgum&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
  • https://usersync.gumgum.com/usersync?b=ttd&i=c3db27b5-56e8-4f77-8870-8d51c49d4722
Request Chain 182
  • https://tg.socdm.com/aux/idsync?proto=gumgum HTTP 302
  • https://usersync.gumgum.com/usersync?b=sus&i=ZDnxesCo8X0AABoGDVcAAAAA
Request Chain 183
  • https://cs.admanmedia.com/sync/gumgum?puid=u_bfaec167-56bd-4884-992b-2080aacefc6a&redir=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Daad%26i%3D%5BDSP_USER_ID%5D&gdpr=0&gdpr_consent=&ccpa= HTTP 302
  • https://usersync.gumgum.com/usersync?b=aad&i=374e3d00-6b0b-4bb3-9db1-a37a64f42882
Request Chain 184
  • https://ssum-sec.casalemedia.com/usermatchredir?s=189872&cb=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Diex%26i%3D HTTP 302
  • https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Diex%26i%3D&s=189872&C=1
Request Chain 185
  • https://creativecdn.com/cm-notify?pi=gumgum HTTP 302
  • https://creativecdn.com/cm-notify?pi=gumgum&tc=1 HTTP 302
  • https://usersync.gumgum.com/usersync?b=rth&i=dDdekom0waLgr7nK8NCu&pi=gumgum&tc=1
Request Chain 186
  • https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=gumgum HTTP 301
  • https://eus.rubiconproject.com/usync.html?p=gumgum
Request Chain 197
  • https://match.adsrvr.org/track/cmf/openx?oxid=505b29ec-ca72-392e-7017-f04e5b3621a4&gdpr=0 HTTP 302
  • https://us-u.openx.net/w/1.0/sd?id=537072971&val=c3db27b5-56e8-4f77-8870-8d51c49d4722&ttd_puid=505b29ec-ca72-392e-7017-f04e5b3621a4&gdpr=0&gdpr_consent=
Request Chain 199
  • https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc HTTP 302
  • https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEH69VLZPatk48Gvtl_gB0dg&google_cver=1
Request Chain 201
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=yieldmo&ttd_tpi=1&ttd_puid=g33bb732c9e314e02683 HTTP 302
  • https://ads.yieldmo.com/v000/sync?tdid=c3db27b5-56e8-4f77-8870-8d51c49d4722
Request Chain 202
  • https://sync.1rx.io/usersync2/rmpssp?sub=yieldmo&redir%3Dhttps%3A%2F%2Fads.yieldmo.com%2Fv000%2Fsync%3Fpn_id%3Dunl%26id%3D%5BRX_UUID%5D HTTP 302
  • https://sync.1rx.io/usersync2/rmpssp?sub=yieldmo&zcc=1&cb=1681518970427 HTTP 302
  • https://ad.turn.com/r/cs?pid=45&rndcb=2175156561 HTTP 302
  • https://sync.1rx.io/usersync/turn/3965003373761014755?dspret=1&gdpr=&gdpr_consent=&us_privacy= HTTP 302
  • https://sync.targeting.unrulymedia.com/csync/RX-54d3546a-c14b-4ee8-a37f-746800d03826-005?redir=https%3A%2F%2Fads.yieldmo.com%2Fv000%2Fsync%3Fpn_id%3Dunl%26id%3DRX-54d3546a-c14b-4ee8-a37f-746800d03826-005 HTTP 302
  • https://ads.yieldmo.com/v000/sync?pn_id=unl&id=RX-54d3546a-c14b-4ee8-a37f-746800d03826-005
Request Chain 203
  • https://ib.adnxs.com/getuid?https://ads.yieldmo.com/v000/sync?userid=$UID&pn_id=an HTTP 302
  • https://ads.yieldmo.com/v000/sync?userid=4326297819836415887&pn_id=an
Request Chain 204
  • https://pixel-us-east.rubiconproject.com/exchange/sync.php?p=yieldmo HTTP 302
  • https://ads.yieldmo.com/sync?pn_id=rc&id=LGH8Z875-S-H54N
Request Chain 205
  • https://pixel.tapad.com/idsync/ex/receive?partner_id=3107&partner_device_id=g33bb732c9e314e02683 HTTP 302
  • https://pixel.tapad.com/idsync/ex/receive/check?partner_id=3107&partner_device_id=g33bb732c9e314e02683 HTTP 302
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=tapad&ttd_tpi=1&ttd_puid=f85c13a3-d03c-4262-bbee-6b71616ec533%252C%252C&gdpr=0&gdpr_consent= HTTP 302
  • https://pixel.tapad.com/idsync/ex/receive?partner_id=1830&partner_device_id=c3db27b5-56e8-4f77-8870-8d51c49d4722&ttd_puid=f85c13a3-d03c-4262-bbee-6b71616ec533%2C%2C
Request Chain 207
  • https://match.sharethrough.com/jwumXNuB_CMA/v1/?q=1 HTTP 302
  • https://pixel-sync.sitescout.com/dmp/pixelSync?nid=97&redir=https%3A%2F%2Fmatch.sharethrough.com%2Fsync%2Fv1%3Fsource_id%3DgBgkxrVErPj9wqivTDd2AmVY%26source_user_id%3D%7BuserId%7D&gdpr=0&gdpr_consent= HTTP 302
  • https://match.sharethrough.com/sync/v1?source_id=gBgkxrVErPj9wqivTDd2AmVY&source_user_id=b3ea3968-d86d-46cc-abe9-65d6c080f422-6439f179-5553&gdpr=0&gdpr_consent=
Request Chain 208
  • https://match.sharethrough.com/jwumXNuB_CMA/v1/?q=2 HTTP 302
  • https://pixel-sync.sitescout.com/dmp/pixelSync?nid=97&redir=https%3A%2F%2Fmatch.sharethrough.com%2Fsync%2Fv1%3Fsource_id%3DgBgkxrVErPj9wqivTDd2AmVY%26source_user_id%3D%7BuserId%7D&gdpr=0&gdpr_consent= HTTP 302
  • https://match.sharethrough.com/sync/v1?source_id=gBgkxrVErPj9wqivTDd2AmVY&source_user_id=b3ea3968-d86d-46cc-abe9-65d6c080f422-6439f179-5553&gdpr=0&gdpr_consent=
Request Chain 209
  • https://match.sharethrough.com/jwumXNuB_CMA/v1/?q=3 HTTP 302
  • https://bttrack.com/pixel/cookiesync?source=d0afdff5-c51e-4a8d-b07b-b52a29015170&secure=1 HTTP 302
  • https://match.sharethrough.com/sync/v1?source_id=FGhqNjC2WnFmmvNpTL32LMME&source_user_id=95e1087f-85a0-4d80-a673-06b7dea75153&gdpr=${GDPR}&gdpr_consent=${GDPR_CONSENT}
Request Chain 210
  • https://match.sharethrough.com/jwumXNuB_CMA/v1/?q=4 HTTP 302
  • https://pixel.rubiconproject.com/exchange/sync.php?p=18694&gdpr=0&gdpr_consent= HTTP 302
  • https://match.sharethrough.com/sync/v1?source_id=UiRtTsXAfjmfSDAKnR1FjWsu&source_user_id=LGH8Z875-S-H54N&gdpr=0
Request Chain 211
  • https://pixel-us-east.rubiconproject.com/exchange/sync.php?p=a9us&gdpr=0&gdpr=0&khaos=LGH8Z875-S-H54N HTTP 302
  • https://s.amazon-adsystem.com/ecm3?id=LGH8Z875-S-H54N&ex=d-rubiconproject.com&status=ok&gdpr=0
Request Chain 214
  • https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=ZDnxevXW-NcseN8s76eLBgAA HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEH-ZCwmV3JZhCjyQkRleEQo&google_cver=1
Request Chain 215
  • https://match.adsrvr.org/track/cmf/casale HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=39&external_user_id=c3db27b5-56e8-4f77-8870-8d51c49d4722&expiration=1684110970&gdpr=0&gdpr_consent=
Request Chain 216
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=ZDnxevXW_NcseN8s76eLBgAAAB8AAAIB&gdpr_consent=&us_privacy=&gdpr=&gpp=&gpp_sid= HTTP 302
  • https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&gpp=&gpp_sid=&google_gid=CAESEA50xXYMHMgKAGTjPgJVDrI&google_cver=1
Request Chain 217
  • https://cm.adgrx.com/bridge?AG_PID=casale&AG_SETCOOKIE HTTP 302
  • https://cm.adgrx.com/bridge.gif?AG_PID=casale HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=41&external_user_id=84a85772-db25-11ed-8315-2ee2ecd483e8
Request Chain 218
  • https://secure.adnxs.com/getuid?https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=$UID HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=4326297819836415887
Request Chain 219
  • https://ups.analytics.yahoo.com/ups/55940/sync?_origin=1&redir2=true&uid=ZDnxevXW_NcseN8s76eLBgAAAB8AAAIB&gdpr_consent=&us_privacy=&gdpr=&gpp=&gpp_sid= HTTP 302
  • https://pr-bh.ybp.yahoo.com/sync/casale/ZDnxevXW_NcseN8s76eLBgAAAB8AAAIB?us_privacy=
Request Chain 220
  • https://s.company-target.com/s/ix?cm_dsp_id=18&us_privacy=&gdpr=&gdpr_consent=&gpp=&gpp_sid= HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=18&expiration=1697330170&external_user_id=c7f3354c-f78d-491a-95dc-e3e12716e038
Request Chain 224
  • https://token.rubiconproject.com/token?pid=2249&pt=n&gdpr=0 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=NjIwYzdhNzJlMTNlOTI1Y2E0YTEyNmQ0MzgzZDMzODM2NjI5ZmIyYQ&gdpr=0
Request Chain 225
  • https://token.rubiconproject.com/token?pid=25470&gdpr=0 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=rp&google_cm&google_hm=TEdIOFo4NzUtUy1INTRO&gdpr=0 HTTP 302
  • https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&gdpr=0&google_gid=CAESELCPKi4I-JlPxKxkEURluWc&google_cver=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEdIOFo4NzUtUy1INTRO&google_push=&gdpr=0
Request Chain 226
  • https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=&gdpr=0 HTTP 302
  • https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=VTXaWPVoTK6_LZil9ohYtw&rk=usync-na&gdpr=0 HTTP 302
  • https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=VTXaWPVoTK6_LZil9ohYtw&gdpr=0
Request Chain 227
  • https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc&gdpr=0 HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&gdpr=0&put=CAESEAF0Nrs--9yYDnmI4v4USPE&google_cver=1
Request Chain 228
  • https://match.adsrvr.org/track/cmf/rubicon?gdpr=0 HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=8981&nid=2307&put=c3db27b5-56e8-4f77-8870-8d51c49d4722&gdpr=0&gdpr_consent=&expires=30
Request Chain 229
  • https://token.rubiconproject.com/token?pid=36584&gdpr=0 HTTP 302
  • https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=LGH8Z875-S-H54N&gdpr=0
Request Chain 231
  • https://token.rubiconproject.com/token?pid=2974&pt=n&a=1&gdpr=0 HTTP 302
  • https://pr-bh.ybp.yahoo.com/sync/rubicon/WnRS3bz-64Mav0cfwGMBOQ?csrc=&gdpr=0 HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=y-XyqTsFpE2oK7pj2f_Y95FyFWeDQso3roUa0Nxg--~A
Request Chain 235
  • https://pixel.rubiconproject.com/exchange/sync.php?p=gumgum&gdpr_consent=undefined&gdpr=0&khaos=LGH8Z875-S-H54N HTTP 302
  • https://usersync.gumgum.com/usersync?b=mag&i=LGH8Z875-S-H54N&gdpr=0&gdpr_consent=undefined
Request Chain 239
  • https://match.prod.bidr.io/cookie-sync/pm?gdpr=0&gdpr_consent= HTTP 303
  • https://cm.g.doubleclick.net/pixel?google_nid=beeswaxio&google_sc=&google_hm=QUFFUW9rN0ljLU1BQUNBN1U3RFhJUQ&gdpr=0&gdpr_consent=&bee_sync_partners=sas%2Csyn%2Cpp%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sync_hop_count=1 HTTP 302
  • https://match.prod.bidr.io/cookie-sync/adx?gdpr=0&gdpr_consent=&bee_sync_partners=sas%2Csyn%2Cpp%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sync_hop_count=1 HTTP 303
  • https://rtb-csync.smartadserver.com/redir?partnerid=127&partneruserid=AAEQok7Ic-MAACA7U7DXIQ&redirurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fgdpr%3D0%26bee_sync_partners%3Dsyn%252Cpp%252Cpm%26bee_sync_current_partner%3Dsas%26bee_sync_initiator%3Dadx%26bee_sync_hop_count%3D2%26userid%3DSMART_USER_ID&gdpr=0 HTTP 302
  • https://match.prod.bidr.io/cookie-sync?gdpr=0&bee_sync_partners=syn%2Cpp%2Cpm&bee_sync_current_partner=sas&bee_sync_initiator=adx&bee_sync_hop_count=2&userid=8001528019965322294&gdpr=0&gdpr_consent= HTTP 303
  • https://sync.technoratimedia.com/services?srv=cs&pid=73&uid=AAEQok7Ic-MAACA7U7DXIQ&cb=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fgdpr%3D0%26userid%3D8001528019965322294%26gdpr%3D0%26gdpr_consent%3D%26bee_sync_partners%3Dpp%252Cpm%26bee_sync_current_partner%3Dsyn%26bee_sync_initiator%3Dadx%26bee_sync_hop_count%3D3&gdpr=0 HTTP 307
  • https://match.prod.bidr.io/cookie-sync?gdpr=0&userid=8001528019965322294&gdpr=0&gdpr_consent=&bee_sync_partners=pp%2Cpm&bee_sync_current_partner=syn&bee_sync_initiator=adx&bee_sync_hop_count=3 HTTP 303
  • https://bh.contextweb.com/bh/rtset?do=add&pid=558502&ev=AAEQok7Ic-MAACA7U7DXIQ&rurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fgdpr%3D0%26userid%3D8001528019965322294%26gdpr%3D0%26bee_sync_partners%3Dpm%26bee_sync_current_partner%3Dpp%26bee_sync_initiator%3Dadx%26bee_sync_hop_count%3D4&gdpr=0 HTTP 302
  • https://match.prod.bidr.io/cookie-sync?gdpr=0&userid=8001528019965322294&gdpr=0&bee_sync_partners=pm&bee_sync_current_partner=pp&bee_sync_initiator=adx&bee_sync_hop_count=4&ev=AAEQok7Ic-MAACA7U7DXIQ&pid=558502&do=add&gdpr=0 HTTP 303
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyOTcmdGw9MTI5NjAw&piggybackCookie=AAEQok7Ic-MAACA7U7DXIQ&gdpr=0
Request Chain 241
  • https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=j4JPiQE8RqmH4mlSNIASDg%3D%3D&gdpr=0&gdpr_consent= HTTP 302
  • https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=&gdpr=0&gdpr_consent=
Request Chain 244
  • https://thrtle.com/insync?vxii_pid=10067&vxii_pdid=8F824F89-013C-46A9-87E2-69523480120E&gdpr=0&gdpr_consent= HTTP 302
  • https://thrtle.com/insync?gdpr=0&gdpr_consent=&vxii_pdid=8F824F89-013C-46A9-87E2-69523480120E&vxii_pid=12&vxii_pid1=10067&vxii_rcid=79a878e0-1f8a-447f-bc90-0ded5b1389f8
Request Chain 245
  • https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=OEY4MjRGODktMDEzQy00NkE5LTg3RTItNjk1MjM0ODAxMjBF&gdpr=0&gdpr_consent= HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
Request Chain 246
  • https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent= HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEPT30VTqeIxYobAh8GyettA&google_cver=1
Request Chain 247
  • https://um.simpli.fi/pubmatic?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODA2JnRsPTUxODQwMA==&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent= HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTgwNiZ0bD01MTg0MDA=&piggybackCookie=uid:E413E3FEFADF4A0294187682FE2624B3
Request Chain 248
  • https://ad.turn.com/r/cs?pid=1&gdpr=0&gdpr_consent= HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=3892945779723086819&gdpr=0&gdpr_consent=&us_privacy=
Request Chain 249
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=c3db27b5-56e8-4f77-8870-8d51c49d4722&gdpr=0&gdpr_consent=
Request Chain 250
  • https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=8F824F89-013C-46A9-87E2-69523480120E&redir=true&gdpr=0&gdpr_consent= HTTP 302
  • https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-MFedkXZE2uWeas7r2vy0qmwBo7bypSQ-~A&gdpr=0
Request Chain 257
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=sonobi&ttd_tpi=1&ttd_puid=4ba74d4dae&gdpr=0&gdpr_consent= HTTP 302
  • https://sync.go.sonobi.com/us.gif?nw=td&nuid=c3db27b5-56e8-4f77-8870-8d51c49d4722&pubid=4ba74d4dae HTTP 302
  • https://id5-sync.com/s/434/9.gif?puid=c29ca13d-d74d-4d59-acbc-c85b804834fd&gdpr=0&gdpr_consent= HTTP 302
  • https://pixel.tapad.com/idsync/ex/push?partner_id=2922&partner_url=https%3A%2F%2Fid5-sync.com%2Fc%2F434%2F108%2F8%2F2.gif%3Fpuid%3D%24%7BTA_DEVICE_ID%7D%26gdpr%3D0%26gdpr_consent%3D&gdpr=0&gdpr_consent= HTTP 302
  • https://id5-sync.com/c/434/108/8/2.gif?puid=f85c13a3-d03c-4262-bbee-6b71616ec533&gdpr=0&gdpr_consent= HTTP 302
  • https://match.prod.bidr.io/cookie-sync/id5?us_privacy= HTTP 303
  • https://id5-sync.com/k/155.gif?id5AccountNum=155&numCascadesAllowed=9&puid=AAEQok7Ic-MAACA7U7DXIQ HTTP 302
  • https://ib.adnxs.com/getuid?https://id5-sync.com/c/434/2/6/4.gif?puid=$UID&gdpr=0&gdpr_consent= HTTP 302
  • https://id5-sync.com/c/434/2/6/4.gif?puid=4326297819836415887&gdpr=0&gdpr_consent= HTTP 302
  • https://sync.mathtag.com/sync/img?mt_exid=10089&mt_exuid=ID5-8358SNJXZPHlvUxz42td50BOah3u7pgJN_GA3YCUKg&redir=https%3A%2F%2Fid5-sync.com%2Fc%2F434%2F3%2F5%2F5.gif%3Fpuid%3D%5BUUID%5D%26gdpr%3D0%26gdpr_consent%3D&gdpr=0&gdpr_consent= HTTP 302
  • https://id5-sync.com/c/434/3/5/5.gif?puid=585f6439-f17a-4c00-b1f6-f95423933410&gdpr=0&gdpr_consent= HTTP 302
  • https://ice.360yield.com/match?publisher_dsp_id=79&dsp_callback=1&external_user_id=ID5-8358SNJXZPHlvUxz42td50BOah3u7pgJN_GA3YCUKg&r=https%3A%2F%2Fid5-sync.com%2Fcq%2F434%2F124%2F4%2F6.gif%3Fpuid%3D%7BPUB_USER_ID%7D%26gdpr%3D0%26gdpr_consent%3D&gdpr=0&gdpr_consent= HTTP 302
  • https://id5-sync.com/cq/434/124/4/6.gif?puid=3bc9e70f-627e-432f-955b-98181c181322&gdpr=0&gdpr_consent=&gdpr=0&gdpr_consent= HTTP 302
  • https://sync.ipredictive.com/d/sync/cookie/generic?partner=id5&cspid=18&cb=&redirect=https%3A%2F%2Fid5-sync.com%2Fc%2F434%2F796%2F3%2F7.gif%3Fpuid%3D%24%7BADELPHIC_CUID%7D%26gdpr%3D0%26gdpr_consent%3D&gdpr=0&gdpr_consent= HTTP 302
  • https://id5-sync.com/c/434/796/3/7.gif?puid=3394644c-f63c-4f49-a881-64a342a59cec&gdpr=0&gdpr_consent= HTTP 302
  • https://sync.mathtag.com/sync/img?mt_exid=10089&mt_exuid=ID5-8358SNJXZPHlvUxz42td50BOah3u7pgJN_GA3YCUKg&redir=https%3A%2F%2Fid5-sync.com%2Fc%2F434%2F3%2F2%2F8.gif%3Fpuid%3D%5BUUID%5D%26gdpr%3D0%26gdpr_consent%3D&gdpr=0&gdpr_consent= HTTP 302
  • https://id5-sync.com/c/434/3/2/8.gif?puid=585f6439-f17a-4c00-b1f6-f95423933410&gdpr=0&gdpr_consent= HTTP 302
  • https://dis.eu.criteo.com/dis/usersync.aspx?r=30&p=59&cp=id5&cu=1&url=https%3A%2F%2Fid5-sync.com%2Fc%2F434%2F203%2F1%2F9.gif%3Fpuid%3D%40%40CRITEO_USERID%40%40%26gdpr%3D0%26gdpr_consent%3D HTTP 302
  • https://id5-sync.com/c/434/203/1/9.gif?puid=fc762fa7-e685-4638-884d-0d61ea481235&gdpr=0&gdpr_consent= HTTP 302
  • https://ib.adnxs.com/getuid?https://id5-sync.com/c/434/2/0/10.gif?puid=$UID&gdpr=0&gdpr_consent= HTTP 302
  • https://id5-sync.com/c/434/2/0/10.gif?puid=4326297819836415887&gdpr=0&gdpr_consent=
Request Chain 258
  • https://id5-sync.com/s/441/9.gif?puid=u_bfaec167-56bd-4884-992b-2080aacefc6a&gdpr=0&gdpr_consent= HTTP 302
  • https://pixel.tapad.com/idsync/ex/push?partner_id=2922&partner_url=https%3A%2F%2Fid5-sync.com%2Fc%2F441%2F108%2F8%2F2.gif%3Fpuid%3D%24%7BTA_DEVICE_ID%7D%26gdpr%3D0%26gdpr_consent%3D&gdpr=0&gdpr_consent= HTTP 302
  • https://id5-sync.com/c/441/108/8/2.gif?puid=f85c13a3-d03c-4262-bbee-6b71616ec533&gdpr=0&gdpr_consent= HTTP 302
  • https://image6.pubmatic.com/AdServer/UCookieSetPug?rd=https%3A%2F%2Fid5-sync.com%2Fc%2F441%2F429%2F7%2F3.gif%3Fpuid%3D%23PM_USER_ID%26gdpr%3D0%26gdpr_consent%3D&gdpr_consent=&gdpr=0 HTTP 302
  • https://id5-sync.com/c/441/429/7/3.gif?puid=8F824F89-013C-46A9-87E2-69523480120E&gdpr=0&gdpr_consent= HTTP 302
  • https://dis.eu.criteo.com/dis/usersync.aspx?r=30&p=59&cp=id5&cu=1&url=https%3A%2F%2Fid5-sync.com%2Fc%2F441%2F203%2F6%2F4.gif%3Fpuid%3D%40%40CRITEO_USERID%40%40%26gdpr%3D0%26gdpr_consent%3D HTTP 302
  • https://id5-sync.com/c/441/203/6/4.gif?puid=fc762fa7-e685-4638-884d-0d61ea481235&gdpr=0&gdpr_consent= HTTP 302
  • https://ice.360yield.com/match?publisher_dsp_id=79&dsp_callback=1&external_user_id=ID5-8358SNJXZPHlvUxz42td50BOah3u7pgJN_GA3YCUKg&r=https%3A%2F%2Fid5-sync.com%2Fcq%2F441%2F124%2F5%2F5.gif%3Fpuid%3D%7BPUB_USER_ID%7D%26gdpr%3D0%26gdpr_consent%3D&gdpr=0&gdpr_consent= HTTP 302
  • https://id5-sync.com/cq/441/124/5/5.gif?puid=3bc9e70f-627e-432f-955b-98181c181322&gdpr=0&gdpr_consent=&gdpr=0&gdpr_consent= HTTP 302
  • https://ce.lijit.com/merge?pid=27&3pid=c3db27b5-56e8-4f77-8870-8d51c49d4722&us_privacy=&gdpr=0&gdpr_consent=&location=https%3A%2F%2Fid5-sync.com%2Fc%2F441%2F1245%2F4%2F6.gif%3Fpuid%3D%5BSOVRNID%5D%26gdpr%3D0%26gdpr_consent%3D&s=id5 HTTP 302
  • https://id5-sync.com/c/441/1245/4/6.gif?puid=Ge2kaBZHe8r7r3dFQnWEe86B&gdpr=0&gdpr_consent= HTTP 302
  • https://sync.mathtag.com/sync/img?mt_exid=10089&mt_exuid=ID5-8358SNJXZPHlvUxz42td50BOah3u7pgJN_GA3YCUKg&redir=https%3A%2F%2Fid5-sync.com%2Fc%2F441%2F3%2F3%2F7.gif%3Fpuid%3D%5BUUID%5D%26gdpr%3D0%26gdpr_consent%3D&gdpr=0&gdpr_consent= HTTP 302
  • https://id5-sync.com/c/441/3/3/7.gif?puid=585f6439-f17a-4c00-b1f6-f95423933410&gdpr=0&gdpr_consent= HTTP 302
  • https://ice.360yield.com/match?publisher_dsp_id=79&dsp_callback=1&external_user_id=ID5-8358SNJXZPHlvUxz42td50BOah3u7pgJN_GA3YCUKg&r=https%3A%2F%2Fid5-sync.com%2Fcq%2F441%2F124%2F2%2F8.gif%3Fpuid%3D%7BPUB_USER_ID%7D%26gdpr%3D0%26gdpr_consent%3D&gdpr=0&gdpr_consent= HTTP 302
  • https://id5-sync.com/cq/441/124/2/8.gif?puid=3bc9e70f-627e-432f-955b-98181c181322&gdpr=0&gdpr_consent=&gdpr=0&gdpr_consent= HTTP 302
  • https://ce.lijit.com/merge?pid=92&3pid=4326297819836415887&us_privacy=&gdpr=0&gdpr_consent=&location=https%3A%2F%2Fid5-sync.com%2Fc%2F441%2F1246%2F1%2F9.gif%3Fpuid%3D%5BSOVRNID%5D%26gdpr%3D0%26gdpr_consent%3D&s=id5 HTTP 302
  • https://id5-sync.com/c/441/1246/1/9.gif?puid=Ge2kaBZHe8r7r3dFQnWEe86B&gdpr=0&gdpr_consent= HTTP 302
  • https://sync.go.sonobi.com/us.gif?nw=i5mm&nuid=585f6439-f17a-4c00-b1f6-f95423933410&gdpr=0&consent=&id5id=ID5-8358SNJXZPHlvUxz42td50BOah3u7pgJN_GA3YCUKg
Request Chain 260
  • https://id5-sync.com/s/441/9.gif?puid=u_31e42b89-13e1-47e8-9b7e-a077b1bf5178&gdpr=0&gdpr_consent= HTTP 302
  • https://match.prod.bidr.io/cookie-sync/id5?us_privacy= HTTP 303
  • https://id5-sync.com/k/155.gif?id5AccountNum=155&numCascadesAllowed=9&puid=AAEQok7Ic-MAACA7U7DXIQ HTTP 302
  • https://pixel.tapad.com/idsync/ex/push?partner_id=2922&partner_url=https%3A%2F%2Fid5-sync.com%2Fc%2F441%2F108%2F7%2F3.gif%3Fpuid%3D%24%7BTA_DEVICE_ID%7D%26gdpr%3D0%26gdpr_consent%3D&gdpr=0&gdpr_consent= HTTP 302
  • https://id5-sync.com/c/441/108/7/3.gif?puid=f85c13a3-d03c-4262-bbee-6b71616ec533&gdpr=0&gdpr_consent= HTTP 302
  • https://match.prod.bidr.io/cookie-sync/id5?us_privacy= HTTP 303
  • https://id5-sync.com/k/155.gif?id5AccountNum=155&numCascadesAllowed=9&puid=AAEQok7Ic-MAACA7U7DXIQ HTTP 302
  • https://ce.lijit.com/merge?pid=85&3pid=AAEQok7Ic-MAACA7U7DXIQ&us_privacy=&gdpr=0&gdpr_consent=&location=https%3A%2F%2Fid5-sync.com%2Fc%2F441%2F1241%2F5%2F5.gif%3Fpuid%3D%5BSOVRNID%5D%26gdpr%3D0%26gdpr_consent%3D&s=id5 HTTP 302
  • https://id5-sync.com/c/441/1241/5/5.gif?puid=Ge2kaBZHe8r7r3dFQnWEe86B&gdpr=0&gdpr_consent= HTTP 302
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=8h9u11h&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
  • https://id5-sync.com/k/264.gif?puid=c3db27b5-56e8-4f77-8870-8d51c49d4722&ttl=%%TTL%% HTTP 302
  • https://ce.lijit.com/merge?pid=58&3pid=8F824F89-013C-46A9-87E2-69523480120E&us_privacy=&gdpr=0&gdpr_consent=&location=https%3A%2F%2Fid5-sync.com%2Fc%2F441%2F1242%2F3%2F7.gif%3Fpuid%3D%5BSOVRNID%5D%26gdpr%3D0%26gdpr_consent%3D&s=id5 HTTP 302
  • https://id5-sync.com/c/441/1242/3/7.gif?puid=Ge2kaBZHe8r7r3dFQnWEe86B&gdpr=0&gdpr_consent= HTTP 302
  • https://sync.ipredictive.com/d/sync/cookie/generic?partner=id5&cspid=18&cb=&redirect=https%3A%2F%2Fid5-sync.com%2Fc%2F441%2F796%2F2%2F8.gif%3Fpuid%3D%24%7BADELPHIC_CUID%7D%26gdpr%3D0%26gdpr_consent%3D&gdpr=0&gdpr_consent= HTTP 302
  • https://id5-sync.com/c/441/796/2/8.gif?puid=3394644c-f63c-4f49-a881-64a342a59cec&gdpr=0&gdpr_consent= HTTP 302
  • https://ce.lijit.com/merge?pid=27&3pid=c3db27b5-56e8-4f77-8870-8d51c49d4722&us_privacy=&gdpr=0&gdpr_consent=&location=https%3A%2F%2Fid5-sync.com%2Fc%2F441%2F1245%2F1%2F9.gif%3Fpuid%3D%5BSOVRNID%5D%26gdpr%3D0%26gdpr_consent%3D&s=id5 HTTP 302
  • https://id5-sync.com/c/441/1245/1/9.gif?puid=Ge2kaBZHe8r7r3dFQnWEe86B&gdpr=0&gdpr_consent= HTTP 302
  • https://dis.eu.criteo.com/dis/usersync.aspx?r=30&p=59&cp=id5&cu=1&url=https%3A%2F%2Fid5-sync.com%2Fc%2F441%2F203%2F0%2F10.gif%3Fpuid%3D%40%40CRITEO_USERID%40%40%26gdpr%3D0%26gdpr_consent%3D HTTP 302
  • https://id5-sync.com/c/441/203/0/10.gif?puid=fc762fa7-e685-4638-884d-0d61ea481235&gdpr=0&gdpr_consent=
Request Chain 261
  • https://medianet-match.dotomi.com/match/bounce/current?version=1&networkId=57734&redir=https%3A%2F%2Fcs.media.net%2Fcksync.php%3Fcs%3D8%26type%3Dcon%26ovsid%3D%24UID HTTP 302
  • https://medianet-match.dotomi.com/match/bounce/current?DotomiTest=598ec4fe622115c1&is_secure=true&version=1&networkId=57734&redir=https%3A%2F%2Fcs.media.net%2Fcksync.php%3Fcs%3D8%26type%3Dcon%26ovsid%3D%24UID HTTP 302
  • https://cs.media.net/cksync.php?cs=8&type=con&ovsid=AAABsuCE2nN6eANo4SSKAAAAAAA&expiration=1681605372&is_secure=true
Request Chain 262
  • https://pixel.rubiconproject.com/exchange/sync.php?p=pbs-adaptmx&gdpr=0&gdpr_consent=&us_privacy=1--- HTTP 302
  • https://prebid.a-mo.net/setuid/magnite?uid=LGH8Z875-S-H54N&gdpr=0&us_privacy=1---
Request Chain 263
  • https://pm.w55c.net/ping_match.gif?ei=MEDIANET&rurl=https%3A%2F%2Fcs.media.net%2Fcksync.php%3Fcs%3D8%26type%3Ddxu%26ovsid%3D_wfivefivec_ HTTP 302
  • https://pm.w55c.net/ping_match.gif?scc=1&ei=MEDIANET&rurl=https%3A%2F%2Fcs.media.net%2Fcksync.php%3Fcs%3D8%26type%3Ddxu%26ovsid%3D_wfivefivec_ HTTP 302
  • https://cs.media.net/cksync.php?cs=8&type=dxu&ovsid=A4LNeo8n1PNtTK5
Request Chain 264
  • https://x.bidswitch.net/sync?ssp=medianet&gdpr=${GDPR}&gdpr_consent=${GDPR_CONSENT}&gdpr_pd=1 HTTP 302
  • https://ads.betweendigital.com/match?bidder_id=43092&gdpr=&consent=${GDPR_CONSENT}&callback_url=https%3A%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D429%26user_id%3D%24%7BUSER_ID%7D%26ssp%3Dmedianet%26expires%3D30%26user_group%3D%24%7BUSER_GROUP%7D%26gdpr%3D%26gdpr_consent%3D${GDPR_CONSENT} HTTP 302
  • https://ads.betweendigital.com/match?bidder_id=43092&gdpr=&consent=${GDPR_CONSENT}&callback_url=https%3A%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D429%26user_id%3D%24%7BUSER_ID%7D%26ssp%3Dmedianet%26expires%3D30%26user_group%3D%24%7BUSER_GROUP%7D%26gdpr%3D%26gdpr_consent%3D${GDPR_CONSENT}&crf=1 HTTP 302
  • https://x.bidswitch.net/sync?dsp_id=429&user_id=a0cabee8-d195-5369-9359-3892f760c9ef&ssp=medianet&expires=30&user_group=1&gdpr=&gdpr_consent= HTTP 302
  • https://contextual.media.net/cksync.php?cs=1&type=bs&ovsid=20b4ae6c-e39e-4a8a-ba76-53d1e9e8db78&gdpr=&gdpr_consent=&gdpr_pd=
Request Chain 265
  • https://x.bidswitch.net/sync?ssp=adaptmx&user_id=bd85c437-a6f4-40c1-8b27-035d9bfe8556&gdpr=0&gdpr_consent=&us_privacy=1--- HTTP 302
  • https://dis.criteo.com/dis/usersync.aspx?r=25&p=52&dis=0&gdpr=0&gdpr_consent=&url=https%3A%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D462%26ssp%3Dadaptmx%26user_id%3D%40%40CRITEO_USERID%40%40 HTTP 302
  • https://x.bidswitch.net/sync?dsp_id=462&ssp=adaptmx&user_id=k-qkcHUnyak9dRy9mq47GWLlRcOAXgiH-TMmSung&gdpr=0&gdpr_consent= HTTP 302
  • https://prebid.a-mo.net/setuid?bidder=bid_switch&uid=20b4ae6c-e39e-4a8a-ba76-53d1e9e8db78&gdpr=0&gdpr_consent=&us_privacy=
Request Chain 266
  • https://dis.criteo.com/dis/usersync.aspx?r=115&p=226&cp=medianet&cu=1&url=https%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D1%26type%3Dcrt%26ovsid%3D%40%40CRITEO_USERID%40%40 HTTP 302
  • https://contextual.media.net/cksync.php?cs=1&type=crt&ovsid=fc762fa7-e685-4638-884d-0d61ea481235
Request Chain 267
  • https://sync.mathtag.com/sync/img?cs_wd_sy=1&dp=43&redir=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dmediamath%26nuid%3D[MM_UUID] HTTP 302
  • https://sync.go.sonobi.com/us.gif?nw=mediamath&nuid=585f6439-f17a-4c00-b1f6-f95423933410
Request Chain 268
  • https://bh.contextweb.com/bh/rtset?do=add&pid=560606&ev=c29ca13d-d74d-4d59-acbc-c85b804834fd&daaqp=1&rurl=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dpp%26nuid%3D%25%25VGUID%25%25 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=contextweb&google_cm&google_sc&google_hm=dWFUT3puOGJucGNKdVI2OUFibldiZw&gdpr=&gdpr_consent= HTTP 302
  • https://bh.contextweb.com/bh/rtset?do=add&pid=547259&gdpr=&gdpr_consent=&ev=CAESECWwuiuILUdaNLQDZq3MPQ4&google_cver=1 HTTP 302
  • https://sync.go.sonobi.com/us.gif?nw=pp&nuid=rtQ4O1zP1BMH
Request Chain 269
  • https://p.rfihub.com/cm?pub=35683&in=1 HTTP 302
  • https://sync.go.sonobi.com/us.gif?nw=zt&nuid=1783777320848376423
Request Chain 270
  • https://image8.pubmatic.com/AdServer/ImgSync?p=156972 HTTP 302
  • https://pubmatic-match.dotomi.com/match/bounce/current?networkId=17100&version=1&nuid=8F824F89-013C-46A9-87E2-69523480120E&gdpr=-1&gdpr_consent= HTTP 302
  • https://pubmatic-match.dotomi.com/match/bounce/current?DotomiTest=4b2ed882f25b04bf&is_secure=true&networkId=17100&version=1&nuid=8F824F89-013C-46A9-87E2-69523480120E&gdpr=-1&gdpr_consent= HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTQ2MSZ0bD0xMDA4MA==&piggybackCookie=AAABr635SA3EYwN-0pnZAAAAAAA&expiration=1681605373&nuid=8F824F89-013C-46A9-87E2-69523480120E&is_secure=true&gdpr_consent=&gdpr=-1 HTTP 302
  • https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent= HTTP 302
  • https://x.bidswitch.net/sync?ssp=pubmatic&gdpr=0&gdpr_consent= HTTP 302
  • https://pool.admedo.com/sync?ssp=bidswitch&bidswitch_ssp_id=pubmatic&bsw_custom_parameter=20b4ae6c-e39e-4a8a-ba76-53d1e9e8db78 HTTP 302
  • https://pool.admedo.com/ul_cb/sync?ssp=bidswitch&bidswitch_ssp_id=pubmatic&bsw_custom_parameter=20b4ae6c-e39e-4a8a-ba76-53d1e9e8db78 HTTP 302
  • https://x.bidswitch.net/sync?dsp_id=23&expires=14&user_id=7b99a14f-d3e9-4b21-bd4c-cbb2e5d60bda&user_group=1&ssp=pubmatic&bsw_param=20b4ae6c-e39e-4a8a-ba76-53d1e9e8db78 HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=20b4ae6c-e39e-4a8a-ba76-53d1e9e8db78&gdpr=&gdpr_consent=&gdpr_pd= HTTP 302
  • https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=
Request Chain 271
  • https://ads.yieldmo.com/pbcas?us_privacy=&gdpr=0&gdpr_consent=&type=image HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=yieldmo_dbm&google_cm&pn_id=c HTTP 302
  • https://ads.yieldmo.com/v000/sync?pn_id=c&google_gid=CAESELkFt03g8bcCrOTbN2XTowI&google_cver=1
Request Chain 272
  • https://ups.analytics.yahoo.com/ups/58570/occ?gdpr=0&gdpr_consent=&uid=bd85c437-a6f4-40c1-8b27-035d9bfe8556 HTTP 302
  • https://prebid.a-mo.net/setuid/yahoo?uid=y-To9e04pE2uGETFg5vGdWd10FX4TUefmuKEbEnkA-~A&gdpr=0
Request Chain 273
  • https://prebid.a-mo.net/cchain?cb=https%3A%2F%2Fib.adnxs.com%2Fprebid%2Fsetuid%3Fbidder%3Damx%26uid%3Dbd85c437-a6f4-40c1-8b27-035d9bfe8556&gdpr=0&gdpr_consent=&us_privacy=1--- HTTP 302
  • https://ib.adnxs.com/getuid?https%3A%2F%2Fprebid.a-mo.net%2Fcchain%2F1%2F485%3Fgdpr%3D0%26gdpr_consent%3D%26us_privacy%3D1---%26A%3Dbd85c437-a6f4-40c1-8b27-035d9bfe8556%26bidder%3Dappnexus%26cbx%3DaHR0cHM6Ly9pYi5hZG54cy5jb20vcHJlYmlkL3NldHVpZD9iaWRkZXI9YW14JnVpZD1iZDg1YzQzNy1hNmY0LTQwYzEtOGIyNy0wMzVkOWJmZTg1NTY%253D%26uid%3D%24UID HTTP 302
  • https://prebid.a-mo.net/cchain/1/485?gdpr=0&gdpr_consent=&us_privacy=1---&A=bd85c437-a6f4-40c1-8b27-035d9bfe8556&bidder=appnexus&cbx=aHR0cHM6Ly9pYi5hZG54cy5jb20vcHJlYmlkL3NldHVpZD9iaWRkZXI9YW14JnVpZD1iZDg1YzQzNy1hNmY0LTQwYzEtOGIyNy0wMzVkOWJmZTg1NTY%3D&uid=4326297819836415887 HTTP 302
  • https://ap.lijit.com/pixel?gdpr=1&gdpr_consent=&us_privacy=1---&redir=https%3A%2F%2Fprebid.a-mo.net%2Fcchain%2F2%2F485%3Fgdpr%3D0%26gdpr_consent%3D%26us_privacy%3D1---%26A%3Dbd85c437-a6f4-40c1-8b27-035d9bfe8556%26bidder%3Dsovrn%26cbx%3DaHR0cHM6Ly9pYi5hZG54cy5jb20vcHJlYmlkL3NldHVpZD9iaWRkZXI9YW14JnVpZD1iZDg1YzQzNy1hNmY0LTQwYzEtOGIyNy0wMzVkOWJmZTg1NTY%253D%26uid%3D%24UID
Request Chain 275
  • https://x.bidswitch.net/sync?ssp=sonobi&gdpr=0&gdpr_consent= HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=bidswitch_dbm&google_cm&google_sc&ssp=sonobi&bsw_param=20b4ae6c-e39e-4a8a-ba76-53d1e9e8db78&google_hm=MjBiNGFlNmMtZTM5ZS00YThhLWJhNzYtNTNkMWU5ZThkYjc4 HTTP 302
  • https://x.bidswitch.net/sync?dsp_id=16&user_id=CAESECXb37sp-0AVmYy2Vo_0OLk&google_cver=1&ssp=sonobi&bsw_param=20b4ae6c-e39e-4a8a-ba76-53d1e9e8db78 HTTP 302
  • https://sync.go.sonobi.com/us.gif?nw=bidswitch&nuid=20b4ae6c-e39e-4a8a-ba76-53d1e9e8db78
Request Chain 276
  • https://sync.cootlogix.com/api/sync/image/?cid=&gdpr=0&gdpr_consent=&us_privacy= HTTP 302
  • https://match.sharethrough.com/universal/v1?supply_id=TAEWcTBw&gdpr=0&gdpr_consent= HTTP 302
  • https://sync.cootlogix.com/api/cookie?partnerId=sharthrough&userId=4d469659-77ed-4500-87c8-97853d0c70f4&gdpr=0 HTTP 302
  • https://sync.go.sonobi.com/us?loc=https%3A%2F%2Fsync.cootlogix.com%2Fapi%2Fcookie%3FpartnerId%3Dsonobi%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3D%26userId%3D%5BUID%5D HTTP 302
  • https://sync.cootlogix.com/api/cookie?partnerId=sonobi&gdpr=0&gdpr_consent=&us_privacy=&userId=c29ca13d-d74d-4d59-acbc-c85b804834fd HTTP 302
  • https://ap.lijit.com/pixel?gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fsync.cootlogix.com%2Fapi%2Fcookie%3FpartnerId%3Dsovrn%26userId%3D%24UID%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3D HTTP 307
  • https://sync.cootlogix.com/api/cookie?partnerId=sovrn&userId=Ge2kaBZHe8r7r3dFQnWEe86B&gdpr=0&gdpr_consent=&us_privacy= HTTP 302
  • https://x.bidswitch.net/check_uuid/https%3A%2F%2Fsync.cootlogix.com%2Fapi%2Fcookie%3FpartnerId%3Dgrid%26userId%3D%24%7BBSW_UUID%7D%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3D?gdpr=0&gdpr_consent=&us_privacy=&uid=${BSW_UUID}&cookie_age=${COOKIE_AGE} HTTP 302
  • https://sync.cootlogix.com/api/cookie?partnerId=grid&userId=20b4ae6c-e39e-4a8a-ba76-53d1e9e8db78&gdpr=0&gdpr_consent=&us_privacy=
Request Chain 277
  • https://id5-sync.com/s/441/9.gif?puid=u_d571e078-5c5d-44c7-96c4-ccac2d6849b7&gdpr=0&gdpr_consent= HTTP 302
  • https://ib.adnxs.com/getuid?https://id5-sync.com/c/441/2/8/2.gif?puid=$UID&gdpr=0&gdpr_consent= HTTP 302
  • https://id5-sync.com/c/441/2/8/2.gif?puid=4326297819836415887&gdpr=0&gdpr_consent= HTTP 302
  • https://sync.mathtag.com/sync/img?mt_exid=10089&mt_exuid=ID5-8358SNJXZPHlvUxz42td50BOah3u7pgJN_GA3YCUKg&redir=https%3A%2F%2Fid5-sync.com%2Fc%2F441%2F3%2F7%2F3.gif%3Fpuid%3D%5BUUID%5D%26gdpr%3D0%26gdpr_consent%3D&gdpr=0&gdpr_consent= HTTP 302
  • https://id5-sync.com/c/441/3/7/3.gif?puid=585f6439-f17a-4c00-b1f6-f95423933410&gdpr=0&gdpr_consent= HTTP 302
  • https://sync.ipredictive.com/d/sync/cookie/generic?partner=id5&cspid=18&cb=&redirect=https%3A%2F%2Fid5-sync.com%2Fc%2F441%2F796%2F6%2F4.gif%3Fpuid%3D%24%7BADELPHIC_CUID%7D%26gdpr%3D0%26gdpr_consent%3D&gdpr=0&gdpr_consent= HTTP 302
  • https://id5-sync.com/c/441/796/6/4.gif?puid=3394644c-f63c-4f49-a881-64a342a59cec&gdpr=0&gdpr_consent= HTTP 302
  • https://ce.lijit.com/merge?pid=85&3pid=AAEQok7Ic-MAACA7U7DXIQ&us_privacy=&gdpr=0&gdpr_consent=&location=https%3A%2F%2Fid5-sync.com%2Fc%2F441%2F1241%2F5%2F5.gif%3Fpuid%3D%5BSOVRNID%5D%26gdpr%3D0%26gdpr_consent%3D&s=id5 HTTP 302
  • https://id5-sync.com/c/441/1241/5/5.gif?puid=Ge2kaBZHe8r7r3dFQnWEe86B&gdpr=0&gdpr_consent= HTTP 302
  • https://ice.360yield.com/match?publisher_dsp_id=79&dsp_callback=1&external_user_id=ID5-8358SNJXZPHlvUxz42td50BOah3u7pgJN_GA3YCUKg&r=https%3A%2F%2Fid5-sync.com%2Fcq%2F441%2F124%2F4%2F6.gif%3Fpuid%3D%7BPUB_USER_ID%7D%26gdpr%3D0%26gdpr_consent%3D&gdpr=0&gdpr_consent= HTTP 302
  • https://id5-sync.com/cq/441/124/4/6.gif?puid=3bc9e70f-627e-432f-955b-98181c181322&gdpr=0&gdpr_consent=&gdpr=0&gdpr_consent= HTTP 302
  • https://ce.lijit.com/merge?pid=27&3pid=c3db27b5-56e8-4f77-8870-8d51c49d4722&us_privacy=&gdpr=0&gdpr_consent=&location=https%3A%2F%2Fid5-sync.com%2Fc%2F441%2F1245%2F3%2F7.gif%3Fpuid%3D%5BSOVRNID%5D%26gdpr%3D0%26gdpr_consent%3D&s=id5 HTTP 302
  • https://id5-sync.com/c/441/1245/3/7.gif?puid=Ge2kaBZHe8r7r3dFQnWEe86B&gdpr=0&gdpr_consent= HTTP 302
  • https://dis.eu.criteo.com/dis/usersync.aspx?r=30&p=59&cp=id5&cu=1&url=https%3A%2F%2Fid5-sync.com%2Fc%2F441%2F203%2F2%2F8.gif%3Fpuid%3D%40%40CRITEO_USERID%40%40%26gdpr%3D0%26gdpr_consent%3D HTTP 302
  • https://id5-sync.com/c/441/203/2/8.gif?puid=fc762fa7-e685-4638-884d-0d61ea481235&gdpr=0&gdpr_consent= HTTP 302
  • https://ib.adnxs.com/getuid?https://id5-sync.com/c/441/2/1/9.gif?puid=$UID&gdpr=0&gdpr_consent= HTTP 302
  • https://id5-sync.com/c/441/2/1/9.gif?puid=4326297819836415887&gdpr=0&gdpr_consent= HTTP 302
  • https://sync.mathtag.com/sync/img?mt_exid=10089&mt_exuid=ID5-8358SNJXZPHlvUxz42td50BOah3u7pgJN_GA3YCUKg&redir=https%3A%2F%2Fid5-sync.com%2Fc%2F441%2F3%2F0%2F10.gif%3Fpuid%3D%5BUUID%5D%26gdpr%3D0%26gdpr_consent%3D&gdpr=0&gdpr_consent= HTTP 302
  • https://id5-sync.com/c/441/3/0/10.gif?puid=585f6439-f17a-4c00-b1f6-f95423933410&gdpr=0&gdpr_consent=
Request Chain 530
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm&gdpr=0 HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEH-ZCwmV3JZhCjyQkRleEQo&google_cver=1&gdpr=0
Request Chain 531
  • https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&gdpr=0&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZDnxevXW-NcseN8s76eLBgAA
Request Chain 532
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm&gdpr=0 HTTP 302
  • https://ib.adnxs.com/setuid?entity=101&gdpr=0&code=CAESEIisuX1QQJ90-1PlEnyKnR8&google_cver=1
Request Chain 533
  • https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDMyNjI5NzgxOTgzNjQxNTg4Nw%3D%3D

528 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
www.cpomagazine.com/cyber-security/suspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware/ 		199 KB
43 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.cpomagazine.com/cyber-security/suspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::ac43:be7c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6dd93964f7b7956561507fd6f0e8e741d254d4dbbea086e4a3fcfade8eb23f5f
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://pagead2.googlesyndication.com
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

cache-control
max-age=0
cf-cache-status
DYNAMIC
cf-ray
7b801cc44d21011d-ORD
content-encoding
br
content-security-policy
frame-ancestors 'self' https://pagead2.googlesyndication.com
content-type
text/html; charset=UTF-8
date
Sat, 15 Apr 2023 00:36:06 GMT
expires
Sat, 15 Apr 2023 00:36:06 GMT
host-header
6b7412fb82ca5edfd0917e3957f05d89
last-modified
Fri, 14 Apr 2023 22:00:37 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
same-origin
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hWKH%2BShzJXcNQ3x6jto4Cq%2B2eJQHU5PdoqzDDXdnHnfcqVk1hxDl9Ala%2B01DxbxGSd%2F8K1FQS5eETA5w4hToFjSK3HhFrHQ3dFC76LZF7zYCpXW53KwTCdRVrcmX0KwtWYaAmH1qQELVWL9BalhcbCw%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
strict-transport-security
max-age=15552000; includeSubDomains
vary
Accept-Encoding Accept-Encoding
x-content-type-options
nosniff
x-httpd-modphp
1
x-proxy-cache
MISS
x-proxy-cache-info
0 NC:000000 UP:SKIP_CACHE_MAX_AGE_ZERO
x-xss-protection
1; mode=block
a694f3143409.google-fonts.css
www.cpomagazine.com/wp-content/cache/perfmatters/www.cpomagazine.com/fonts/ 		11 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.cpomagazine.com/wp-content/cache/perfmatters/www.cpomagazine.com/fonts/a694f3143409.google-fonts.css
Requested by
Host: www.cpomagazine.com
URL: https://www.cpomagazine.com/cyber-security/suspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::ac43:be7c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cc0055c95a9b40e9b1f1c6032df5a89701772e2546f677e7a599b1bd93a41ef6
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.cpomagazine.com/cyber-security/suspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Sat, 15 Apr 2023 00:36:06 GMT
strict-transport-security
max-age=15552000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
3073269
content-encoding
br
x-proxy-cache-info
DT:1
host-header
8441280b0c35cbc1147f8ba998a563a7
last-modified
Wed, 04 Aug 2021 09:22:59 GMT
server
cloudflare
etag
W/"610a5c73-2bee"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vs3N4OZQySzeI7ZSmagV0dfmsHTbREaLQiB%2B4kb8gdGHQrHpvklIT0AzaenLbYXrTUIHDhc1ky3ieDAa9E7Bbmxvvi7DiyT0xpmOwfWUgxnBCe0Ci1IiYfbw0HyUCW%2BGCPHBhnUS5%2BUp4TuTPr2oVqQ%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=31536000
cf-ray
7b801cc52e45011d-ORD
expires
Sat, 09 Mar 2024 10:40:59 GMT
rocket-loader.min.js
www.cpomagazine.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/ 		12 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.cpomagazine.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Requested by
Host: www.cpomagazine.com
URL: https://www.cpomagazine.com/cyber-security/suspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::ac43:be7c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.cpomagazine.com/cyber-security/suspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Sat, 15 Apr 2023 00:36:06 GMT
strict-transport-security
max-age=15552000; includeSubDomains
x-content-type-options
nosniff
last-modified
Thu, 06 Apr 2023 15:48:48 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
content-encoding
gzip
etag
W/"642ee9e0-302c"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=atNdLkR9wnOr3wY%2FuoEvMGtx1AacD%2B5leUAVLxw4b%2FnbCOTMBAgMb%2Bd%2Ftxd0XAUqJ26Ra9Jeh15Bqu5wNJkavCllwHuyVUZ%2Buc%2FO%2BgXlYpxIbKiSEMmKxWbuxljYtbQTHNI5OjEPFlKgkfi%2F7hUEGnE%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
x-frame-options
DENY
cache-control
max-age=172800, public
cf-ray
7b801cc52e49011d-ORD
expires
Mon, 17 Apr 2023 00:36:06 GMT
cc97d035a8a11b3d786eb40fd8e4b681.css
www.cpomagazine.com/wp-content/cache/min/1/ 		464 KB
83 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.cpomagazine.com/wp-content/cache/min/1/cc97d035a8a11b3d786eb40fd8e4b681.css
Requested by
Host: www.cpomagazine.com
URL: https://www.cpomagazine.com/cyber-security/suspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::ac43:be7c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2a667d55b63b9a010e1d0039007470df84803725d422709d1fe851a3c858faec
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.cpomagazine.com/cyber-security/suspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Sat, 15 Apr 2023 00:36:06 GMT
strict-transport-security
max-age=15552000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
40679
content-encoding
br
x-proxy-cache-info
DT:1
host-header
8441280b0c35cbc1147f8ba998a563a7
last-modified
Fri, 14 Apr 2023 10:03:27 GMT
server
cloudflare
etag
W/"643924ef-73fc2"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=buI9ZgRtMDaATEfFI2CEM2kW%2F%2FnNsqX3m61LX05bbsQYuIHK5O8deBN1pdhgNNaNT5qEPGC5Y3CbPSIPhKxnAae%2BecPqhH1c2une9f47AlsiiNc%2BVvMm7Soxzt0CUzsIROOTlYlRLRmQV%2BtELQY5XhY%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=31536000
cf-ray
7b801cc52e46011d-ORD
expires
Sat, 13 Apr 2024 10:03:36 GMT
tipi.woff2
www.cpomagazine.com/wp-content/themes/zeen/assets/css/tipi/ 		16 KB
17 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.cpomagazine.com/wp-content/themes/zeen/assets/css/tipi/tipi.woff2?9oa0lg
Requested by
Host: www.cpomagazine.com
URL: https://www.cpomagazine.com/cyber-security/suspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::ac43:be7c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
59ca72acaa7d5ef558ef3fa5da394fee9c98484b36497cb6a9fe857db8c648e9
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
https://www.cpomagazine.com/cyber-security/suspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware/
Origin
https://www.cpomagazine.com
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Sat, 15 Apr 2023 00:36:06 GMT
strict-transport-security
max-age=15552000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
2080165
x-proxy-cache-info
DT:1
host-header
8441280b0c35cbc1147f8ba998a563a7
content-length
16684
last-modified
Thu, 31 Mar 2022 03:00:55 GMT
server
cloudflare
etag
"62451967-412c"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oPs9agWivxbxx8o9EITgoJubBSodB2Uc%2Btk0n4JCzWmSST84YLtCB4V4rFiKyLPvAT3q422FT5OSh4UEX4CMVzP4B4q%2BEEUY4EqGKlrbI2E35gjAgbby%2FGOgSi1n7xmBUJDaQ34g0DtlhsXrEVkq1v8%3D"}],"group":"cf-nel","max_age":604800}
content-type
font/woff2
cache-control
max-age=31536000
accept-ranges
bytes
cf-ray
7b801cc52e4a011d-ORD
expires
Sat, 09 Mar 2024 10:40:59 GMT
suspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware_1500-1024x587.jpg
www.cpomagazine.com/wp-content/uploads/2023/04/ 		72 KB
72 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.cpomagazine.com/wp-content/uploads/2023/04/suspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware_1500-1024x587.jpg
Requested by
Host: www.cpomagazine.com
URL: https://www.cpomagazine.com/cyber-security/suspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::ac43:be7c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
792a5dff1eec6a0e4db2168bab33f4f46b2208de5f9a5b9ebbd631ccd1ff3674
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.cpomagazine.com/cyber-security/suspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Sat, 15 Apr 2023 00:36:06 GMT
strict-transport-security
max-age=15552000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-proxy-cache-info
DT:1
host-header
8441280b0c35cbc1147f8ba998a563a7
content-length
73702
last-modified
Fri, 14 Apr 2023 07:47:53 GMT
server
cloudflare
etag
"64390529-11fe6"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=k0GAvAw16Xu0A72cpA5xdmKFenvP3Hm223EawWXyx3UnI4sP7cpB8h7V2SV8EhYObNBcVzD5Er%2BVavY2ouCt%2FYXyqhrviGsk35bqvRpO7eFAOk0t8gC3zH6T9rMt5VSM8WcnPhU4f1f%2B6%2BUh5L98z9Y%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/webp
cache-control
max-age=31536000
accept-ranges
bytes
cf-ray
7b801cc57e9a011d-ORD
expires
Sat, 13 Apr 2024 07:50:21 GMT
064762-e29f-4335-ac37-b358a1f27bc2.js
monu.delivery/site/5/1/ 		65 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://monu.delivery/site/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Requested by
Host: www.cpomagazine.com
URL: https://www.cpomagazine.com/cyber-security/suspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2600:3c03:1::2d4f:f6e2 Cedar Knolls, United States, ASN63949 (AKAMAI-AP Akamai Technologies, Inc., SG),
Reverse DNS
Software
nginx /
Resource Hash
f9ffac5a8fa3d50c6bd5c0e6635e2a42489d5fe955bc6e7baba8a3277d8f7a27

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Sat, 15 Apr 2023 00:36:07 GMT
content-encoding
gzip
age
0
x-guploader-uploadid
ADPycdu9sB3U5gFPbfjI1nH2e9q1xV1No_m4S43ltIM0Ya-0VF659fYe2aUOPge9JwzPvNCf_Vx0BRDIAxWeaPT8dbqE
transfer-encoding
chunked
x-cache
MISS
x-goog-storage-class
STANDARD
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
connection
close
server
nginx
vary
Accept-Encoding
x-goog-generation
1680629569123368
content-type
application/javascript
x-goog-hash
crc32c=7C5/4w==, md5=ga9RBhxKrAmBKublol3nYg==
cache-control
max-age=7200
x-goog-stored-content-length
66046
expires
Sat, 15 Apr 2023 02:36:07 GMT
v2b4487d741ca48dcbadcaf954e159fc61680799950996
static.cloudflareinsights.com/beacon.min.js/ 		16 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.cloudflareinsights.com/beacon.min.js/v2b4487d741ca48dcbadcaf954e159fc61680799950996
Requested by
Host: www.cpomagazine.com
URL: https://www.cpomagazine.com/cyber-security/suspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:3965 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4860695983e79ae4c596701d7203945837da206d3fdba56684661a5cd60b16c2

Request headers

Referer
Origin
https://www.cpomagazine.com
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Sat, 15 Apr 2023 00:36:06 GMT
content-encoding
gzip
last-modified
Thu, 06 Apr 2023 16:52:30 GMT
server
cloudflare
etag
W/2023.4.1
vary
Accept-Encoding
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
cf-ray
7b801cc5ee19810e-ORD
truncated
/ 		66 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
b07bbe527fba6a3d53984a182715e4a8efa34740901152fb201e569da99e32b5

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		66 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
267624d6585f5af3734a9cb080b139d9856688e4ef149fa091b9358cb931cfaa

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		68 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
f4cf779d6f3c89fe7444351ffa29e8310c723bfef646a29148e2203d82c1e81c

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		66 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
483784ecdf80ccaffd50869e23e2efdbeed9343b1b4c7dae837667e4984a68a7

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		66 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
2b85175c21358b9c4e67033cef7ea98ed3f508ded187fd5a627bf9c77c0f74fb

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		68 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
3a48ba6d11055a2a6f840befa14e603650d8ca3d752e16daccd828d3869fb791

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		67 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
b575b0ad75b0fd71c005f97c8f383bb4067448ef1b8f72063b2962daf23f07ba

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		67 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
4c9cdaec4970cf14d52899f21e0a6297e2f33bf461c78d39eafe0711f65a4809

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

Content-Type
image/svg+xml
KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ.woff2
www.cpomagazine.com/wp-content/cache/perfmatters/www.cpomagazine.com/fonts/ 		11 KB
11 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.cpomagazine.com/wp-content/cache/perfmatters/www.cpomagazine.com/fonts/KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ.woff2
Requested by
Host: www.cpomagazine.com
URL: https://www.cpomagazine.com/wp-content/cache/perfmatters/www.cpomagazine.com/fonts/a694f3143409.google-fonts.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::ac43:be7c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d6621200328c67a58e7f049fc077058611d49a8b0462acecdd1f25ef0b20a831
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
https://www.cpomagazine.com/wp-content/cache/perfmatters/www.cpomagazine.com/fonts/a694f3143409.google-fonts.css
Origin
https://www.cpomagazine.com
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Sat, 15 Apr 2023 00:36:06 GMT
strict-transport-security
max-age=15552000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
3073269
x-proxy-cache-info
DT:1
host-header
8441280b0c35cbc1147f8ba998a563a7
content-length
11048
last-modified
Wed, 04 Aug 2021 09:22:59 GMT
server
cloudflare
etag
"610a5c73-2b28"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vM5C8lRg1Od%2BfpSOpTp4S0Z6kvr3iglV2w5yvxV9VAhn1wQj0UHAxCvHEO23EPzUji6SiO3RRS0KnUb0KHNWi8EfDDXsu2LmWUi%2Fw6i1Z7v9Nb1yXENZ4mx5lTIK7bjyF9CsJ3Q2dmOlH9SUfBzC27o%3D"}],"group":"cf-nel","max_age":604800}
content-type
font/woff2
cache-control
max-age=31536000
accept-ranges
bytes
cf-ray
7b801cc7393c011d-ORD
expires
Sat, 09 Mar 2024 10:41:00 GMT
KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
www.cpomagazine.com/wp-content/cache/perfmatters/www.cpomagazine.com/fonts/ 		11 KB
11 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.cpomagazine.com/wp-content/cache/perfmatters/www.cpomagazine.com/fonts/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
Requested by
Host: www.cpomagazine.com
URL: https://www.cpomagazine.com/wp-content/cache/perfmatters/www.cpomagazine.com/fonts/a694f3143409.google-fonts.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::ac43:be7c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a986c26c40febdfac5074b57a925fe2d7b901e75b7bcad4a19a5cbe3987b51bf
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
https://www.cpomagazine.com/wp-content/cache/perfmatters/www.cpomagazine.com/fonts/a694f3143409.google-fonts.css
Origin
https://www.cpomagazine.com
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Sat, 15 Apr 2023 00:36:06 GMT
strict-transport-security
max-age=15552000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
3073269
x-proxy-cache-info
DT:1
host-header
8441280b0c35cbc1147f8ba998a563a7
content-length
11032
last-modified
Wed, 04 Aug 2021 09:22:59 GMT
server
cloudflare
etag
"610a5c73-2b18"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3bQMVSE5y9lYhiGe2DrXgTDqXnmIw4o5DhRSrj9QOLL%2BIXSGaTmdmsMV8YXgBAnHSoBfoMQ5JMHxi4yyLCbmp3JRji1GOT7GHYsZSyArAoQ%2BqcAsb1cCCwunUl41OgpeWubGLqxZ59Ue%2FKkNBDyl5G4%3D"}],"group":"cf-nel","max_age":604800}
content-type
font/woff2
cache-control
max-age=31536000
accept-ranges
bytes
cf-ray
7b801cc7393f011d-ORD
expires
Sat, 09 Mar 2024 10:41:00 GMT
0QIvMX1D_JOuMwr7I_FMl_E.woff2
www.cpomagazine.com/wp-content/cache/perfmatters/www.cpomagazine.com/fonts/ 		35 KB
35 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.cpomagazine.com/wp-content/cache/perfmatters/www.cpomagazine.com/fonts/0QIvMX1D_JOuMwr7I_FMl_E.woff2
Requested by
Host: www.cpomagazine.com
URL: https://www.cpomagazine.com/wp-content/cache/perfmatters/www.cpomagazine.com/fonts/a694f3143409.google-fonts.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::ac43:be7c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d70cd722981668fc5cc2087c373af7a3784c29f9bf39d21aadacf3589c93ec49
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
https://www.cpomagazine.com/wp-content/cache/perfmatters/www.cpomagazine.com/fonts/a694f3143409.google-fonts.css
Origin
https://www.cpomagazine.com
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Sat, 15 Apr 2023 00:36:06 GMT
strict-transport-security
max-age=15552000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
717266
x-proxy-cache-info
DT:1
host-header
8441280b0c35cbc1147f8ba998a563a7
content-length
35364
last-modified
Wed, 04 Aug 2021 09:22:59 GMT
server
cloudflare
etag
"610a5c73-8a24"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0EymyUM26NWBcj9PAV0HU3N4Yfp%2F3f3GMqX2eSGrUBQmLrgARjKDYT1KJDB6t7vA0M805cKFxqlOWjOXniyDWwCmnhzpZbgBkhS1%2F6BKWCIlJ3E%2Fw2WOHd5QM5fAjy5GlXVb6vor82kE4nE%2FaYstt04%3D"}],"group":"cf-nel","max_age":604800}
content-type
font/woff2
cache-control
max-age=31536000
accept-ranges
bytes
cf-ray
7b801cc74958011d-ORD
expires
Sat, 09 Mar 2024 10:41:00 GMT
KFOkCnqEu92Fr1Mu51xIIzIXKMny.woff2
www.cpomagazine.com/wp-content/cache/perfmatters/www.cpomagazine.com/fonts/ 		12 KB
13 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.cpomagazine.com/wp-content/cache/perfmatters/www.cpomagazine.com/fonts/KFOkCnqEu92Fr1Mu51xIIzIXKMny.woff2
Requested by
Host: www.cpomagazine.com
URL: https://www.cpomagazine.com/wp-content/cache/perfmatters/www.cpomagazine.com/fonts/a694f3143409.google-fonts.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::ac43:be7c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d4ad6488b98dc54a19fafd8a6e462938d13787e6b3b0f21516013c41bb7a8017
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
https://www.cpomagazine.com/wp-content/cache/perfmatters/www.cpomagazine.com/fonts/a694f3143409.google-fonts.css
Origin
https://www.cpomagazine.com
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Sat, 15 Apr 2023 00:36:06 GMT
strict-transport-security
max-age=15552000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
3073269
x-proxy-cache-info
DT:1
host-header
8441280b0c35cbc1147f8ba998a563a7
content-length
12676
last-modified
Wed, 04 Aug 2021 09:22:59 GMT
server
cloudflare
etag
"610a5c73-3184"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aGhnwYeOJplb1LZNZzdrlu2lOkB%2BhlmYjiXxvImZgeMdR1oK9dzENJLvjSEvXtcUIcHPsnKN2kgKBQ%2FYeG28B0LCtUw4GBxQ8YEBAw19SQvLg%2BD6LjCsv461AhEq5GxJzAUOLcXN2oAxK4pMKTPdqJk%3D"}],"group":"cf-nel","max_age":604800}
content-type
font/woff2
cache-control
max-age=31536000
accept-ranges
bytes
cf-ray
7b801cc75969011d-ORD
expires
Sat, 09 Mar 2024 10:41:00 GMT
xdomain_cookie.min.js
monu.delivery/assets/scripts/vendors/xdomain/1.0.8a/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://monu.delivery/assets/scripts/vendors/xdomain/1.0.8a/xdomain_cookie.min.js
Requested by
Host: monu.delivery
URL: https://monu.delivery/site/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2600:3c03:1::2d4f:f6e2 Cedar Knolls, United States, ASN63949 (AKAMAI-AP Akamai Technologies, Inc., SG),
Reverse DNS
Software
nginx /
Resource Hash
7b0fb27181aa8c2244ab51f28e8b544248585a334184445b1da9b04f89a794ac

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Sat, 15 Apr 2023 00:36:07 GMT
content-encoding
gzip
age
0
x-guploader-uploadid
ADPycdvZmfyKjrIKwLyGsxT-LSofDGrlDt_bHAhIn6Ec89QmtSkgWd2Na8QXy7uHyqMS64eBt_IA6tcvq4v4Qba9zO3qfw
transfer-encoding
chunked
x-cache
HIT
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
connection
close
last-modified
Tue, 25 Aug 2020 07:36:03 GMT
server
nginx
vary
Accept-Encoding
x-goog-generation
1598340963244234
content-type
application/javascript
x-goog-hash
crc32c=PYpHKQ==, md5=thaqbm5dIRiPqROaEv/m/g==
cache-control
max-age=31104000, public
x-goog-stored-content-length
4733
expires
Tue, 09 Apr 2024 00:36:07 GMT
lazyload.min.js
www.cpomagazine.com/wp-content/plugins/wp-rocket/assets/js/lazyload/17.5/ 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.cpomagazine.com/wp-content/plugins/wp-rocket/assets/js/lazyload/17.5/lazyload.min.js
Requested by
Host: www.cpomagazine.com
URL: https://www.cpomagazine.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::ac43:be7c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8ceb3992861ed1fda25855c2e500e76842ae0d788405e50e3a9f45df36499cf6
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.cpomagazine.com/cyber-security/suspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Sat, 15 Apr 2023 00:36:07 GMT
strict-transport-security
max-age=15552000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
3073270
content-encoding
br
x-proxy-cache-info
DT:1
host-header
8441280b0c35cbc1147f8ba998a563a7
last-modified
Fri, 03 Feb 2023 02:48:11 GMT
server
cloudflare
etag
W/"63dc75eb-2063"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zXpK5thw5QnEnPWyd%2BH6UE2G%2FI02%2FmvbvsNGCVwSFtIbIc4ZAhv0kDTDAhBaAQeY4fr0KhJ2uMNomCyUNaAPDSg98FYJuFldGTH0HxYEGOuqSvko8GKqvHMwEXEcUTFOIP2pdGg%2Fwu0Qk4axnhSpL9k%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=31536000
cf-ray
7b801cc8dbd5011d-ORD
expires
Sat, 09 Mar 2024 10:41:00 GMT
instantpage.js
www.cpomagazine.com/wp-content/cache/min/1/wp-content/plugins/perfmatters/vendor/instant-page/ 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.cpomagazine.com/wp-content/cache/min/1/wp-content/plugins/perfmatters/vendor/instant-page/instantpage.js?ver=1681466606
Requested by
Host: www.cpomagazine.com
URL: https://www.cpomagazine.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::ac43:be7c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7abe0db529694cf16771d54ba8381d1387872b9302ee49e8b5f68c6b788612c0
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.cpomagazine.com/cyber-security/suspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Sat, 15 Apr 2023 00:36:07 GMT
strict-transport-security
max-age=15552000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
45545
content-encoding
br
x-proxy-cache-info
DT:1
host-header
8441280b0c35cbc1147f8ba998a563a7
last-modified
Fri, 14 Apr 2023 10:03:26 GMT
server
cloudflare
etag
W/"643924ee-b4b"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rJ%2FxI2YgnKAvh%2BV4CmxWq9pamI89ywUFNj67bc3XU5QZXqjcZe%2Fbc7AkH%2F5bM81ziCpaRhkJE2B5sZAuCakT3akqCPmgLrNLk78fXFSJ9NmWGliAB164yYUYUY%2BpZig57OYCpYVLNky3DW4J1XG%2BeYM%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=31536000
cf-ray
7b801cc8dbe4011d-ORD
expires
Sat, 13 Apr 2024 10:03:42 GMT
333.js
www.cpomagazine.com/wp-content/cache/min/1/wp-content/uploads/383/14/assets/js/ 		72 KB
24 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.cpomagazine.com/wp-content/cache/min/1/wp-content/uploads/383/14/assets/js/333.js?ver=1681466606
Requested by
Host: www.cpomagazine.com
URL: https://www.cpomagazine.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::ac43:be7c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4e1c60d000ba3349afb1eb1283044a42f2f6bc03b39761e98d7e1f07ca3b899b
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.cpomagazine.com/cyber-security/suspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Sat, 15 Apr 2023 00:36:07 GMT
strict-transport-security
max-age=15552000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
45545
content-encoding
br
x-proxy-cache-info
DT:1
host-header
8441280b0c35cbc1147f8ba998a563a7
last-modified
Fri, 14 Apr 2023 10:03:26 GMT
server
cloudflare
etag
W/"643924ee-120ed"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HlpUS6Zk66n9YfCOgm451%2BTSwOK50bfNQ4%2BeE77jfJcIdUbVRiQsnFswcvCBRmf9y56c40XzqmUEfjG5K%2Byvxkj%2BqnBELl99cFJdPg2WaK8XDQRylLjfOm2fJmafVxm%2FtTyBN%2BnwbekzbzBuq0XCXQw%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=31536000
cf-ray
7b801cc8dbe6011d-ORD
expires
Sat, 13 Apr 2024 10:03:42 GMT
functions.js
www.cpomagazine.com/wp-content/cache/min/1/wp-content/themes/zeen/assets/js/ 		95 KB
25 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.cpomagazine.com/wp-content/cache/min/1/wp-content/themes/zeen/assets/js/functions.js?ver=1681466606
Requested by
Host: www.cpomagazine.com
URL: https://www.cpomagazine.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::ac43:be7c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
70076b643a5de980682189950613ae3e0ac77c394b2d8bb82bd10354d461094b
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.cpomagazine.com/cyber-security/suspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Sat, 15 Apr 2023 00:36:07 GMT
strict-transport-security
max-age=15552000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
45545
content-encoding
br
x-proxy-cache-info
DT:1
host-header
8441280b0c35cbc1147f8ba998a563a7
last-modified
Fri, 14 Apr 2023 10:03:26 GMT
server
cloudflare
etag
W/"643924ee-17a63"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ai8l%2FEjkZAZwWx1a6Z1qoI0N%2Ffa4nw0PptPJTMzA9Ea3VmKXgJVb9NvqKlNhzu%2FCr9fyfq1YsW1F4FiqUjO6t%2FJFaXBsXKlWco0jKYTldzYduN%2BLRXU%2BuqLtOLSIynBY7GrvTk30jKJ9fNyK00p9IwQ%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=31536000
cf-ray
7b801cc8dbe8011d-ORD
expires
Sat, 13 Apr 2024 10:03:41 GMT
menu-aim.min.js
www.cpomagazine.com/wp-content/themes/zeen/assets/js/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.cpomagazine.com/wp-content/themes/zeen/assets/js/menu-aim.min.js
Requested by
Host: www.cpomagazine.com
URL: https://www.cpomagazine.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::ac43:be7c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
077f77c9c36b6609c8aee82deb6ca41f0d4e20dbd30eecd0e77771fd09a87655
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.cpomagazine.com/cyber-security/suspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Sat, 15 Apr 2023 00:36:07 GMT
strict-transport-security
max-age=15552000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
3073270
content-encoding
br
x-proxy-cache-info
DT:1
host-header
8441280b0c35cbc1147f8ba998a563a7
last-modified
Thu, 31 Mar 2022 03:00:55 GMT
server
cloudflare
etag
W/"62451967-119f"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6Jdf2mHGUsgQCyLsVMixk0VeWxSZp1EAosnljaMAKAC54eObZtuBEOLwT5G7fsUDthEn6M0%2B4ArkiY5ZXe2n8s7kuc%2BADNyaSZmI%2FGZGCoI0jhzoXZgH2Bp6UA1hG3Pqf%2FM3vksxV4B4deH8PmnrBE0%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=31536000
cf-ray
7b801cc8dbea011d-ORD
expires
Sat, 09 Mar 2024 10:41:00 GMT
imagesloaded.pkgd.min.js
www.cpomagazine.com/wp-content/themes/zeen/assets/js/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.cpomagazine.com/wp-content/themes/zeen/assets/js/imagesloaded.pkgd.min.js
Requested by
Host: www.cpomagazine.com
URL: https://www.cpomagazine.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::ac43:be7c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
21d86ec39200e69c8758314c29df763ef2f7d362df0a85cb0b104c9647b4ed94
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.cpomagazine.com/cyber-security/suspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Sat, 15 Apr 2023 00:36:07 GMT
strict-transport-security
max-age=15552000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
3073270
content-encoding
br
x-proxy-cache-info
DT:1
host-header
8441280b0c35cbc1147f8ba998a563a7
last-modified
Thu, 31 Mar 2022 03:00:55 GMT
server
cloudflare
etag
W/"62451967-15ca"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TsuwKpCN2gmshSXfbgUlBik4TBBLyBKeuxJbdksFwaJmlIjmrntXg%2BvT%2B9vSBiq19HiKTGd9wHkIvRluCp%2BLl7FL9k88WbBIS027vDLGOGC0xFg7jZMh517GFhOB11ComsKPoGhM5uxYGaD7XLybzl8%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=31536000
cf-ray
7b801cc8dbec011d-ORD
expires
Sat, 09 Mar 2024 10:41:00 GMT
js.cookie.min.js
www.cpomagazine.com/wp-content/themes/zeen/assets/js/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.cpomagazine.com/wp-content/themes/zeen/assets/js/js.cookie.min.js
Requested by
Host: www.cpomagazine.com
URL: https://www.cpomagazine.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::ac43:be7c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e94d9d4dc2b917019e391f381898fb6a4b74937d274f17001cbaf63ffefcf5df
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.cpomagazine.com/cyber-security/suspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Sat, 15 Apr 2023 00:36:07 GMT
strict-transport-security
max-age=15552000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
2080166
content-encoding
br
x-proxy-cache-info
DT:1
host-header
8441280b0c35cbc1147f8ba998a563a7
last-modified
Thu, 31 Mar 2022 03:00:55 GMT
server
cloudflare
etag
W/"62451967-65f"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AXSAq%2BMXib%2FpbmcF94stfhUk5z8AULtxB3b3N42mDxVUtP9THgu9HU1BBMKor7kU%2BmXei8J%2FGRxjsx7gJ3HKoFOA0cxr3f74exBRQXUdF2IJ59GW2Jtsz6JNgq9Z1j34W1iTg%2BcmkKoEhWoEvkl3gXI%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=31536000
cf-ray
7b801cc8dbee011d-ORD
expires
Sat, 09 Mar 2024 10:41:00 GMT
ScrollTrigger.min.js
www.cpomagazine.com/wp-content/themes/zeen/assets/js/gsap/ 		20 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.cpomagazine.com/wp-content/themes/zeen/assets/js/gsap/ScrollTrigger.min.js
Requested by
Host: www.cpomagazine.com
URL: https://www.cpomagazine.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::ac43:be7c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a0ed648b3788cb18d61d64d9ba4e0ca4f9deb73fa45c5d421dddec79c710f091
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.cpomagazine.com/cyber-security/suspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Sat, 15 Apr 2023 00:36:07 GMT
strict-transport-security
max-age=15552000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
3073270
content-encoding
br
x-proxy-cache-info
DT:1
host-header
8441280b0c35cbc1147f8ba998a563a7
last-modified
Thu, 31 Mar 2022 03:00:55 GMT
server
cloudflare
etag
W/"62451967-502c"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KBiXGBGDnOT4am1I06w1BIPG14jkIQoQUUuYZiG8r814%2B00sruPQyO5EDC5Qft6JvUs5C6etzwalPdGEMXvMH2VSWO70B4izZJF8uHwQ5AFYE91ouwgiwNBJn4msKwejz3lrNMMMcp6M9vpxCeU7ido%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=31536000
cf-ray
7b801cc8dbef011d-ORD
expires
Sat, 09 Mar 2024 10:41:00 GMT
gsap.min.js
www.cpomagazine.com/wp-content/themes/zeen/assets/js/gsap/ 		61 KB
25 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.cpomagazine.com/wp-content/themes/zeen/assets/js/gsap/gsap.min.js
Requested by
Host: www.cpomagazine.com
URL: https://www.cpomagazine.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::ac43:be7c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d7d3820cac85b4f074f0801e3c87c8c3b37b28730bfadefe6ea9a921bfce34bc
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.cpomagazine.com/cyber-security/suspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Sat, 15 Apr 2023 00:36:07 GMT
strict-transport-security
max-age=15552000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
3073270
content-encoding
br
x-proxy-cache-info
DT:1
host-header
8441280b0c35cbc1147f8ba998a563a7
last-modified
Thu, 31 Mar 2022 03:00:55 GMT
server
cloudflare
etag
W/"62451967-f396"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UFxCSTl7YUJgYjz858pXjdwEg3B2jarSUicLY598jWlyKnd5dHM8h32rw8CBX8z9oRCdU5boa8EAxrJNlREmA%2F67PS60NYZLAVbZf9erWIGSmrqdooM0LatfLO9P8%2FVpBmozXs5VfwlR6lNwjtk%2FHoA%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=31536000
cf-ray
7b801cc8dbf2011d-ORD
expires
Sat, 09 Mar 2024 10:41:00 GMT
760.js
www.cpomagazine.com/wp-content/cache/min/1/wp-content/uploads/383/14/assets/js/ 		6 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.cpomagazine.com/wp-content/cache/min/1/wp-content/uploads/383/14/assets/js/760.js?ver=1681466606
Requested by
Host: www.cpomagazine.com
URL: https://www.cpomagazine.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::ac43:be7c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
67aac621e3c31ae0cf6866a00c2e2267256f7a3692f6f770ea046daed9efd66a
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.cpomagazine.com/cyber-security/suspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Sat, 15 Apr 2023 00:36:07 GMT
strict-transport-security
max-age=15552000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
45545
content-encoding
br
x-proxy-cache-info
DT:1
host-header
8441280b0c35cbc1147f8ba998a563a7
last-modified
Fri, 14 Apr 2023 10:03:26 GMT
server
cloudflare
etag
W/"643924ee-1833"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UkKUY5ryemEUG%2BsLfQh%2BT9qsXU1LIDfJYdaiy0vCL8qkFacYSY7qKLejlcvb0fLQJacpBLNiWLFghkVkEzafSit1y3KBc8CuAe0vFOMvA7gZu64Nw94RLaDwOqb1gy50Z0XZZjE8KQD1WsG9NvFDv%2Bw%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=31536000
cf-ray
7b801cc8dbf8011d-ORD
expires
Sat, 13 Apr 2024 10:03:40 GMT
dlm-xhr.min.js
www.cpomagazine.com/wp-content/plugins/download-monitor/assets/js/ 		9 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.cpomagazine.com/wp-content/plugins/download-monitor/assets/js/dlm-xhr.min.js
Requested by
Host: www.cpomagazine.com
URL: https://www.cpomagazine.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::ac43:be7c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
839339c99427edaff464c1f8ba1f1db3eb2521556ee946efae0912eed183fe9b
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.cpomagazine.com/cyber-security/suspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Sat, 15 Apr 2023 00:36:07 GMT
strict-transport-security
max-age=15552000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
3073270
content-encoding
br
x-proxy-cache-info
DT:1
host-header
8441280b0c35cbc1147f8ba998a563a7
last-modified
Tue, 07 Mar 2023 04:46:29 GMT
server
cloudflare
etag
W/"6406c1a5-2502"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wSl4XAM6AQhz2r0RNnD7JndxiYuNMFgW8ykOI6tciRZdZUHHit%2BFxv5%2FAPaE8j1gm96PIIih4m%2FZ89Vumdl%2BT1Y%2Ft%2B7%2BDEfI95pfQndrKG4gie9d4dpiaqw98IJq4W2XzcQqvhNSDpkuz3Cmub6p49c%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=31536000
cf-ray
7b801cc90c35011d-ORD
expires
Sat, 09 Mar 2024 10:41:00 GMT
741.js
www.cpomagazine.com/wp-content/cache/min/1/wp-content/uploads/383/96/public/assets/js/ 		2 KB
932 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.cpomagazine.com/wp-content/cache/min/1/wp-content/uploads/383/96/public/assets/js/741.js?ver=1681466606
Requested by
Host: www.cpomagazine.com
URL: https://www.cpomagazine.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::ac43:be7c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
68a84433a9939762eaac536834e7e8c2470d867a6108cf1022831b8509d55caf
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.cpomagazine.com/cyber-security/suspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Sat, 15 Apr 2023 00:36:07 GMT
strict-transport-security
max-age=15552000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
45545
content-encoding
br
x-proxy-cache-info
DT:1
host-header
8441280b0c35cbc1147f8ba998a563a7
last-modified
Fri, 14 Apr 2023 10:03:26 GMT
server
cloudflare
etag
W/"643924ee-6cb"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=A1HyXfbca%2BSb11urMMDhJhiGmRj2D3Cxxe1sSWeUDJuT5ucHqO9Ca77HdUpMkEddoPQfw4rtCiQ27Vf1KLeoI9%2BjUaiZWzjFf4%2Bkvw9yf0EnsmCbRkP8WBGz%2BZ7%2Bvbqpr1Wth9febGhxy5%2F9%2B2E2%2BJU%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=31536000
cf-ray
7b801cc90c37011d-ORD
expires
Sat, 13 Apr 2024 10:03:39 GMT
site_tracking.js
www.cpomagazine.com/wp-content/cache/min/1/wp-content/plugins/activecampaign-subscription-forms/ 		1 KB
911 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.cpomagazine.com/wp-content/cache/min/1/wp-content/plugins/activecampaign-subscription-forms/site_tracking.js?ver=1681466606
Requested by
Host: www.cpomagazine.com
URL: https://www.cpomagazine.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::ac43:be7c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b0f8d4dd8c611e6091bbffa6bd39c444683fc1238bb08c3845ab4bdeab39045b
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.cpomagazine.com/cyber-security/suspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Sat, 15 Apr 2023 00:36:07 GMT
strict-transport-security
max-age=15552000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
45545
content-encoding
br
x-proxy-cache-info
DT:1
host-header
8441280b0c35cbc1147f8ba998a563a7
last-modified
Fri, 14 Apr 2023 10:03:26 GMT
server
cloudflare
etag
W/"643924ee-501"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RFef%2FIJAV2CaZ73ZMQZT%2F9QKQrZQq6Z1Bn8ta70rtcwfL9GjAnOIjaRlboUAhM78aP%2BS92sZD5tAXxOKTdbrom%2BCeHJ%2BHQNnZ1dRvNZJK9VNhqt0ir8nuCptXZglCesJYExocS0QteMEywRHfvbdsuE%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=31536000
cf-ray
7b801cc90c39011d-ORD
expires
Sat, 13 Apr 2024 10:03:39 GMT
embed.php
cpomagazine.activehosted.com/f/ 		0
0
embed.php
cpomagazine.activehosted.com/f/ 		0
0
js
www.googletagmanager.com/gtag/ 		112 KB
44 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=UA-97159346-1
Requested by
Host: www.cpomagazine.com
URL: https://www.cpomagazine.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:809::2008 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
4d5f17b22ca098e09b7fb3b05f39d37fcddc663221163957a637568c33877c40
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Sat, 15 Apr 2023 00:36:07 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
44619
x-xss-protection
0
last-modified
Sat, 15 Apr 2023 00:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Sat, 15 Apr 2023 00:36:07 GMT
250.js
www.cpomagazine.com/wp-content/cache/min/1/wp-content/uploads/383/14/214/664/901/ 		1 KB
880 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.cpomagazine.com/wp-content/cache/min/1/wp-content/uploads/383/14/214/664/901/250.js?ver=1681466606
Requested by
Host: www.cpomagazine.com
URL: https://www.cpomagazine.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::ac43:be7c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
174efc6b44234bcde6f9d45112517b9dd7fb66ba4e0f66bc4511986dd4fa1cfd
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.cpomagazine.com/cyber-security/suspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Sat, 15 Apr 2023 00:36:07 GMT
strict-transport-security
max-age=15552000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
40679
content-encoding
br
x-proxy-cache-info
DT:1
host-header
8441280b0c35cbc1147f8ba998a563a7
last-modified
Fri, 14 Apr 2023 10:03:26 GMT
server
cloudflare
etag
W/"643924ee-474"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WitmAvURMJGSEBzi2QCNyWBwAEbKXEHn4tnuazJACiDUvFUoy4FFAyNNd12TgB6%2FrjE1hmbGmMGbmhXX%2F%2Fn40cHCBplDVMdR%2FYtSrgXUtsZuqydpFV1WiajotHbs55wtz8sktWWPDF6XlFjAOJhIaOw%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=31536000
cf-ray
7b801cc90c3b011d-ORD
expires
Sat, 13 Apr 2024 10:03:38 GMT
787.js
www.cpomagazine.com/wp-content/cache/min/1/wp-content/uploads/383/696/public/assets/js/ 		7 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.cpomagazine.com/wp-content/cache/min/1/wp-content/uploads/383/696/public/assets/js/787.js?ver=1681466606
Requested by
Host: www.cpomagazine.com
URL: https://www.cpomagazine.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::ac43:be7c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8d69652a1a136d57fe58fbbbd117f3c0fbc30bd7ec763edc1e3fa19281b719a7
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.cpomagazine.com/cyber-security/suspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Sat, 15 Apr 2023 00:36:07 GMT
strict-transport-security
max-age=15552000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
40679
content-encoding
br
x-proxy-cache-info
DT:1
host-header
8441280b0c35cbc1147f8ba998a563a7
last-modified
Fri, 14 Apr 2023 10:03:26 GMT
server
cloudflare
etag
W/"643924ee-1c66"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KbDDEUr8G%2F6ueioScccbZaVoiwnhmiIfix2J6cxD9Di5Z3015L69k9x0PU9%2FGwOnpuCN%2BCt6IglA3CYCcyHbfNYnvqTs7aS8sz8lSjDvOtIxnv2JMrfiGniE9NRfJ1ll3oPBG5LmocmHCRc9KXJhE7s%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=31536000
cf-ray
7b801cc90c3c011d-ORD
expires
Sat, 13 Apr 2024 10:03:37 GMT
picturefill.min.js
www.cpomagazine.com/wp-content/plugins/wp-retina-2x/app/ 		12 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.cpomagazine.com/wp-content/plugins/wp-retina-2x/app/picturefill.min.js
Requested by
Host: www.cpomagazine.com
URL: https://www.cpomagazine.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::ac43:be7c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
22c29473716ed14198adc9db4ea074c19b2bce1caba9d7075b5a35777f902dcd
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.cpomagazine.com/cyber-security/suspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Sat, 15 Apr 2023 00:36:07 GMT
strict-transport-security
max-age=15552000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
3073270
content-encoding
br
x-proxy-cache-info
DT:1
host-header
8441280b0c35cbc1147f8ba998a563a7
last-modified
Sat, 18 Feb 2023 08:04:02 GMT
server
cloudflare
etag
W/"63f08672-2e37"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XptJ1z8dzpwsw6vGJ5aw2dRDNrtJf8dH70OCk%2F8MNje2DjcasNbdFMBb0Bg4ge%2BNXn6BnsTtbdF6SVI61kx6xM4EPl25VEfkptWZnyJ1KgU3NwImxkezL5Xe%2F4YSha9f5Wi0Fgd3PaYiWO3yIpJVE1o%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=31536000
cf-ray
7b801cc90c3e011d-ORD
expires
Sat, 09 Mar 2024 10:41:00 GMT
novashare.min.js
www.cpomagazine.com/wp-content/plugins/novashare/js/ 		1 KB
895 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.cpomagazine.com/wp-content/plugins/novashare/js/novashare.min.js
Requested by
Host: www.cpomagazine.com
URL: https://www.cpomagazine.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::ac43:be7c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
caf2af138de3512090bf47c5309525803cc96404eeddf175539df19c6bca305b
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.cpomagazine.com/cyber-security/suspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Sat, 15 Apr 2023 00:36:07 GMT
strict-transport-security
max-age=15552000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
2077498
content-encoding
br
x-proxy-cache-info
DT:1
host-header
8441280b0c35cbc1147f8ba998a563a7
last-modified
Sat, 18 Feb 2023 08:04:01 GMT
server
cloudflare
etag
W/"63f08671-47f"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WN%2B1o8WggVr7vLa8lfrzMgPBVKSipiDBgaKTKSQOn44V53Ou34khCMwhZA2Fe9N8cf%2BPnObi%2BedCYFLWJiFXBF%2BXK7m81OMO%2B7mk%2BbNclVp7mDia3dCKoJ7wN8Tkes4w6K4h1FlHnqJS5Y1StNICEpE%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=31536000
cf-ray
7b801cc90c3f011d-ORD
expires
Sat, 09 Mar 2024 10:41:01 GMT
cyberpress-public.js
www.cpomagazine.com/wp-content/cache/min/1/wp-content/plugins/cyberpress-integration/public/js/ 		35 B
367 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.cpomagazine.com/wp-content/cache/min/1/wp-content/plugins/cyberpress-integration/public/js/cyberpress-public.js?ver=1681466606
Requested by
Host: www.cpomagazine.com
URL: https://www.cpomagazine.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::ac43:be7c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b64069e2e14b684ebb6b7a678932d155c9c7627f8638a89bc8e144224d1145ee
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.cpomagazine.com/cyber-security/suspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Sat, 15 Apr 2023 00:36:07 GMT
strict-transport-security
max-age=15552000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
40679
content-encoding
br
x-proxy-cache-info
DT:1
host-header
8441280b0c35cbc1147f8ba998a563a7
last-modified
Fri, 14 Apr 2023 10:03:26 GMT
server
cloudflare
etag
W/"643924ee-23"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GYkE9yf%2FumO1ND04H%2FWGaE5G5ryG%2Bkf4g9bQi1AT5Cy5dX%2BstBF0QQObXBItfsjGt5OhLjsVr6EI57zE0oogN%2FP0V7c9yG4p2UMSgN4IMwmmEtMNox7ILD%2Fc6wFn9Xzs3vpPWKlCndsQg0mQYs706Kg%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=31536000
cf-ray
7b801cc90c40011d-ORD
expires
Sat, 13 Apr 2024 10:03:37 GMT
jquery.min.js
www.cpomagazine.com/wp-includes/js/jquery/ 		88 KB
32 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.cpomagazine.com/wp-includes/js/jquery/jquery.min.js
Requested by
Host: www.cpomagazine.com
URL: https://www.cpomagazine.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::ac43:be7c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cc7403bab52ed166e24ea9324241045af370be482f5b594468f4a6ac6e7e7981
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.cpomagazine.com/cyber-security/suspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Sat, 15 Apr 2023 00:36:07 GMT
strict-transport-security
max-age=15552000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
3073269
content-encoding
br
x-proxy-cache-info
DT:1
host-header
8441280b0c35cbc1147f8ba998a563a7
last-modified
Sat, 05 Nov 2022 08:23:59 GMT
server
cloudflare
etag
W/"63661d9f-15e54"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VPBn35%2BoAWZA5skM4xi6JGlxRoaaqfH5cc8zJa6N4%2FcXYUk2ejOR6DBu44RQinxMwyx8%2FmzZLaUmJK%2B9TDfJmWYiZca1XH0qzjVWREXu3NDVm0rzTSCC%2BRL%2BtOTfEhTGfMYzkwsEI%2F7bDt5Hj2RoEX4%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=31536000
cf-ray
7b801cc90c42011d-ORD
expires
Sat, 09 Mar 2024 10:41:00 GMT
analytics.js
www.cpomagazine.com/wp-content/plugins/perfmatters/js/ 		49 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.cpomagazine.com/wp-content/plugins/perfmatters/js/analytics.js
Requested by
Host: www.cpomagazine.com
URL: https://www.cpomagazine.com/cyber-security/suspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::ac43:be7c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5971b095cff574a66d35ada016d4c077c86e2dea62e9c0f14cf7c94b258619de
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.cpomagazine.com/cyber-security/suspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Sat, 15 Apr 2023 00:36:07 GMT
strict-transport-security
max-age=15552000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
3073269
content-encoding
br
x-proxy-cache-info
DT:1
host-header
8441280b0c35cbc1147f8ba998a563a7
last-modified
Fri, 10 Mar 2023 02:30:03 GMT
server
cloudflare
etag
W/"640a962b-c43a"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eDMmm1A%2BojGNUZPnyEaHpSytKX%2BC%2F%2FXzKDf%2BeuboGA8Zy1nX29d7UHkQ9159eRBIDx4REYFjziiFdtVB01bZD0VqmX4fI%2Bgd2FsLIbV4sGjdgaxAgajeeRu3GpEAwphUvfMl09Qm6uPAs1EUCB2WzAs%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=31536000
cf-ray
7b801cca0e0b011d-ORD
expires
Sat, 09 Mar 2024 10:41:00 GMT
choice.js
cmp.quantcast.com/choice/Cq2edGTW7tcfR/www.cpomagazine.com/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cmp.quantcast.com/choice/Cq2edGTW7tcfR/www.cpomagazine.com/choice.js
Requested by
Host: www.cpomagazine.com
URL: https://www.cpomagazine.com/cyber-security/suspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:20ee:2a00:9:46dc:4700:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
f38633352e23b2f65f1e39604fd478b07df48171bec9ddaf3c7485ff3f265a6b

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Sat, 15 Apr 2023 00:36:08 GMT
content-encoding
br
via
1.1 685fd458a839bc725280d7e9380648c6.cloudfront.net (CloudFront)
last-modified
Sun, 08 Jan 2023 14:42:36 GMT
server
AmazonS3
x-amz-cf-pop
BOS50-C2
x-amz-server-side-encryption
AES256
etag
W/"c4adb4a6461e4ed2a3418156fe0c9bc6"
vary
Access-Control-Request-Headers,Access-Control-Request-Method,Origin,Accept-Encoding
x-cache
RefreshHit from cloudfront
content-type
application/javascript
cache-control
max-age=3600
cross-origin-resource-policy
cross-origin
x-amz-cf-id
E2gh8AyrOAo1AUziYnf2xEb8jSGlrORAUW81-ayrJ2ydMu5ro1FxsQ==
xdomain_cookie.html
monu.delivery/assets/scripts/vendors/xdomain/1.0.8a/ Frame 3C68 		3 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://monu.delivery/assets/scripts/vendors/xdomain/1.0.8a/xdomain_cookie.html
Requested by
Host: monu.delivery
URL: https://monu.delivery/assets/scripts/vendors/xdomain/1.0.8a/xdomain_cookie.min.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2600:3c03:1::2d4f:f6e2 Cedar Knolls, United States, ASN63949 (AKAMAI-AP Akamai Technologies, Inc., SG),
Reverse DNS
Software
nginx /
Resource Hash
2164ccda35ef9f1994988c3854e7941905fffa2b6edf0a2f32826ada9b4c3ed0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

age
0
cache-control
max-age=31104000 public
connection
close
content-encoding
gzip
content-type
text/html
date
Sat, 15 Apr 2023 00:36:07 GMT
expires
Tue, 09 Apr 2024 00:36:07 GMT
last-modified
Tue, 25 Aug 2020 07:36:09 GMT
server
nginx
transfer-encoding
chunked
vary
Accept-Encoding
x-cache
HIT
x-goog-generation
1598340969597109
x-goog-hash
crc32c=84qDrg== md5=UK93eCDb5GkYdLDTqpa2gw==
x-goog-metageneration
1
x-goog-storage-class
STANDARD
x-goog-stored-content-encoding
identity
x-goog-stored-content-length
3440
x-guploader-uploadid
ADPycdu4MMvXoxwrKodgLsTT6OSlOD5lq_Thnhc915geV7N-2kTK2PethdoP4PR0b5em0MzFdlLvEzfFiFK62fPjlRI-ToxR6UTV
analytics.js
www.google-analytics.com/ 		49 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-97159346-1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:816::200e New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
5971b095cff574a66d35ada016d4c077c86e2dea62e9c0f14cf7c94b258619de
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Sat, 15 Apr 2023 00:05:12 GMT
last-modified
Tue, 10 Jan 2023 21:29:14 GMT
server
Golfe2
age
1855
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
20085
expires
Sat, 15 Apr 2023 02:05:12 GMT
js
www.googletagmanager.com/gtag/ 		234 KB
80 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-2VBFSSXERW&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-97159346-1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:809::2008 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
b06c733c6e6308df88efac97ab776bdaa9a03553752d78ad897acb04a048f3f8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Sat, 15 Apr 2023 00:36:07 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
81997
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Sat, 15 Apr 2023 00:36:07 GMT
collect
www.google-analytics.com/j/ 		4 B
212 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j99&a=882669968&t=pageview&_s=1&dl=https%3A%2F%2Fwww.cpomagazine.com%2Fcyber-security%2Fsuspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware%2F&ul=en-us&de=UTF-8&dt=Suspected%20Chinese%20Threat%20Actors%20Infected%20IRS%20Authorized%20Tax%20Return%20Website%20With%20JavaScript%20Malware%20-%20CPO%20Magazine&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAACAAI~&jid=1588717413&gjid=1960610877&cid=557382840.1681518967&tid=UA-97159346-1&_gid=1576265047.1681518967&_r=1&_slc=1&z=1696556762
Requested by
Host: www.cpomagazine.com
URL: https://www.cpomagazine.com/wp-content/plugins/perfmatters/js/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:816::200e New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sat, 15 Apr 2023 00:36:07 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.cpomagazine.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/j/ 		2 B
69 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j99&aip=1&a=882669968&t=pageview&_s=1&dl=https%3A%2F%2Fwww.cpomagazine.com%2Fcyber-security%2Fsuspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware%2F&ul=en-us&de=UTF-8&dt=Suspected%20Chinese%20Threat%20Actors%20Infected%20IRS%20Authorized%20Tax%20Return%20Website%20With%20JavaScript%20Malware%20-%20CPO%20Magazine&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YGDACUABBAAAACAAI~&jid=1024644126&gjid=769885161&cid=557382840.1681518967&tid=UA-97159346-1&_gid=1576265047.1681518967&_r=1&gtm=457e34c0&did=dZTNiMT&gdid=dZTNiMT&jsscut=1&z=1244105072
Requested by
Host: www.cpomagazine.com
URL: https://www.cpomagazine.com/wp-content/plugins/perfmatters/js/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:816::200e New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sat, 15 Apr 2023 00:36:07 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.cpomagazine.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2
expires
Fri, 01 Jan 1990 00:00:00 GMT
embed.php
cpomagazine.activehosted.com/f/ 		28 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cpomagazine.activehosted.com/f/embed.php?static=0&id=1&6439CD050DC5A&nostyles=0&preview=0
Requested by
Host: www.cpomagazine.com
URL: https://www.cpomagazine.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:586d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
385abfd40861f4219e6f965f9ebafe0f1323ed7ed2a5fd00c95215999f7b7f8c
Security Headers
Name Value
Strict-Transport-Security max-age=2592000

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 15 Apr 2023 00:36:07 GMT
strict-transport-security
max-age=2592000
content-encoding
gzip
cf-cache-status
MISS
last-modified
Sat, 15 Apr 2023 00:36:07 GMT
server
cloudflare
vary
Accept-Encoding
content-type
text/javascript;charset=UTF-8
cache-control
public, max-age=14400
cf-ray
7b801ccacf7c29fa-ORD
x-request-id
ada00b62fbcc5775fe0aa9b4e2a0f449
expires
Sat, 15 Apr 2023 04:36:07 GMT
collect
analytics.google.com/g/ 		0
257 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.google.com/g/collect?v=2&tid=G-2VBFSSXERW&gtm=45je34c0&_p=882669968&_gaz=1&gdid=dZTNiMT&cid=557382840.1681518967&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1681518967&sct=1&seg=0&dl=https%3A%2F%2Fwww.cpomagazine.com%2Fcyber-security%2Fsuspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware%2F&dt=Suspected%20Chinese%20Threat%20Actors%20Infected%20IRS%20Authorized%20Tax%20Return%20Website%20With%20JavaScript%20Malware%20-%20CPO%20Magazine&en=page_view&_fv=1&_ss=1&_ee=1
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-2VBFSSXERW&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:38::181 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 15 Apr 2023 00:36:07 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.cpomagazine.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/g/ 		0
248 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/g/collect?v=2&tid=G-2VBFSSXERW&cid=557382840.1681518967&gtm=45je34c0&aip=1
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-2VBFSSXERW&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c09::9a Ashburn, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 15 Apr 2023 00:36:07 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.cpomagazine.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/j/ 		1 B
148 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-97159346-1&cid=557382840.1681518967&jid=1588717413&gjid=1960610877&_gid=1576265047.1681518967&_u=IEBAAEAAAAAAACAAI~&z=1445104888
Requested by
Host: www.cpomagazine.com
URL: https://www.cpomagazine.com/wp-content/plugins/perfmatters/js/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c09::9a Ashburn, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
date
Sat, 15 Apr 2023 00:36:07 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.cpomagazine.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/j/ 		1 B
67 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-97159346-1&cid=557382840.1681518967&jid=1024644126&gjid=769885161&_gid=1576265047.1681518967&_u=YGDACUABBAAAACAAI~&z=691672179
Requested by
Host: www.cpomagazine.com
URL: https://www.cpomagazine.com/wp-content/plugins/perfmatters/js/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c09::9a Ashburn, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
date
Sat, 15 Apr 2023 00:36:07 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.cpomagazine.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1
expires
Fri, 01 Jan 1990 00:00:00 GMT
suspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware_1500-1024x587.jpg
www.cpomagazine.com/wp-content/uploads/2023/04/ 		72 KB
72 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.cpomagazine.com/wp-content/uploads/2023/04/suspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware_1500-1024x587.jpg
Requested by
Host: www.cpomagazine.com
URL: https://www.cpomagazine.com/wp-content/plugins/wp-rocket/assets/js/lazyload/17.5/lazyload.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::ac43:be7c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
792a5dff1eec6a0e4db2168bab33f4f46b2208de5f9a5b9ebbd631ccd1ff3674
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.cpomagazine.com/cyber-security/suspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Sat, 15 Apr 2023 00:36:07 GMT
strict-transport-security
max-age=15552000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
1
x-proxy-cache-info
DT:1
host-header
8441280b0c35cbc1147f8ba998a563a7
content-length
73702
last-modified
Fri, 14 Apr 2023 07:47:53 GMT
server
cloudflare
etag
"64390529-11fe6"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nvrgefe8GrItK6AezW8%2Bpk8RPfXLog3d8172%2BJU69U8qPUdTckBwqxZm2nOOmbyMego0fl3df6CygtWhp3yS0gNWs%2BUVagRVs7YErLgNvv4JJQ9yBg4UeKOR9oLI9eTdogNb6abLtYIWNacl6ikrAbE%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/webp
cache-control
max-age=31536000
accept-ranges
bytes
cf-ray
7b801ccbe89a011d-ORD
expires
Sat, 13 Apr 2024 07:50:21 GMT
logo_black_90.svg
www.cpomagazine.com/wp-content/uploads/2020/07/ 		2 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.cpomagazine.com/wp-content/uploads/2020/07/logo_black_90.svg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::ac43:be7c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a829d1fe9d7d1ba15c67371e60bbb7a139229c27458d007244c2a3c7d02c731c
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.cpomagazine.com/cyber-security/suspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Sat, 15 Apr 2023 00:36:07 GMT
strict-transport-security
max-age=15552000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
2080165
content-encoding
br
x-proxy-cache-info
DT:1
host-header
8441280b0c35cbc1147f8ba998a563a7
last-modified
Thu, 16 Jul 2020 07:48:29 GMT
server
cloudflare
etag
W/"5f10064d-737"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fO8dt37dLVY2GVNYLkLolivEIEfvpTEQyr1uX5PRfY8VNyDzJ2LMx3L8%2BfaJ924tVyiiqP1aGIUp%2FQXgAmNFpv%2FGTp1DZhlDJsLxR%2F2ccs0TjxpC1nXW8fLTvvytUIVO0Mk8%2FO9tAZctz7wKzMk5noA%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/svg+xml
cache-control
max-age=31536000
cf-ray
7b801ccbe8a1011d-ORD
expires
Sat, 09 Mar 2024 10:41:00 GMT
g78-50x50.jpg
www.cpomagazine.com/wp-content/uploads/2020/01/ 		976 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.cpomagazine.com/wp-content/uploads/2020/01/g78-50x50.jpg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::ac43:be7c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
370b78312c0815efac0ec918d5522611c57d23b7f839fdd4fa8a1c6996f47e4f
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.cpomagazine.com/cyber-security/suspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Sat, 15 Apr 2023 00:36:07 GMT
strict-transport-security
max-age=15552000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
274907
cf-polished
qual=85, origFmt=jpeg, origSize=1645
x-proxy-cache-info
DT:1
content-disposition
inline; filename="g78-50x50.webp"
host-header
8441280b0c35cbc1147f8ba998a563a7
content-length
976
cf-bgj
imgq:85,h2pri
last-modified
Sun, 05 Jan 2020 13:16:05 GMT
server
cloudflare
etag
"5e11e195-66d"
vary
Accept
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DDAA7grriFCqHiKHCjIW4jCS1sYJptNNTGpSEGZa0jU41GbINIz7wwJDxlb3ZY3AhwlNY3qZbmfLB5%2FVP6YAMex3yYA2Qc25oX7ls87iFVh9DfeJd%2F%2BhoymH6FcanNinYZuE1h6b5w%2BX9F7Eefn5KpY%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/webp
cache-control
max-age=31536000
accept-ranges
bytes
cf-ray
7b801ccbe8a3011d-ORD
expires
Fri, 05 Apr 2024 16:56:28 GMT
suspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware_1500-100x100.jpg
www.cpomagazine.com/wp-content/uploads/2023/04/ 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.cpomagazine.com/wp-content/uploads/2023/04/suspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware_1500-100x100.jpg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::ac43:be7c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5f8ab520893c3b3ff5e8e9dc11b14a37f5472ba9ca56a4f9784757bdc1ed6c5e
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.cpomagazine.com/cyber-security/suspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Sat, 15 Apr 2023 00:36:07 GMT
strict-transport-security
max-age=15552000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-polished
qual=85, origFmt=jpeg, origSize=2902
x-proxy-cache-info
DT:1
content-disposition
inline; filename="suspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware_1500-100x100.webp"
host-header
8441280b0c35cbc1147f8ba998a563a7
content-length
2558
cf-bgj
imgq:85,h2pri
last-modified
Fri, 14 Apr 2023 07:49:02 GMT
server
cloudflare
etag
"6439056e-b56"
vary
Accept
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8GXwgIXzPmNoJH44hfl%2BT8Ux8OfJoBFkZ45J8OxiQxdlsbbdMLFmc6ECkKDNOolNf3JVB2NoMF8jPaLUKwWdqHwY3GXIR2AyENFr8BgmMElMHWO7l%2BA%2FvVPe3wCcGY0g21cvaCx9DKu%2FiGlk8UIfiJs%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/webp
cache-control
max-age=31536000
accept-ranges
bytes
cf-ray
7b801ccbe8a4011d-ORD
expires
Sat, 13 Apr 2024 22:02:15 GMT
quadream-spyware-on-the-rise-used-to-track-political-opposition-and-journalists_1500-100x100.jpg
www.cpomagazine.com/wp-content/uploads/2023/04/ 		916 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.cpomagazine.com/wp-content/uploads/2023/04/quadream-spyware-on-the-rise-used-to-track-political-opposition-and-journalists_1500-100x100.jpg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::ac43:be7c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5349a1cb507f89c1e88f41b3790db900668bf5c375ac44165242cee5060e86dd
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.cpomagazine.com/cyber-security/suspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Sat, 15 Apr 2023 00:36:07 GMT
strict-transport-security
max-age=15552000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
9265
cf-polished
qual=85, origFmt=jpeg, origSize=1460
x-proxy-cache-info
DT:1
content-disposition
inline; filename="quadream-spyware-on-the-rise-used-to-track-political-opposition-and-journalists_1500-100x100.webp"
host-header
8441280b0c35cbc1147f8ba998a563a7
content-length
916
cf-bgj
imgq:85,h2pri
last-modified
Fri, 14 Apr 2023 07:27:56 GMT
server
cloudflare
etag
"6439007c-5b4"
vary
Accept
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nCxm1A0k1KsTMuodVuHQUziSv7SE%2F4TO1Lrnwq8Q5NbS5hjIcUX1SRMuMB3B4MvS8KKAST6VPbDE%2FjEerB68hMFui7UeCNk5y470wGMyL%2B3P%2B4xKExbxjxhY9HMa6Ibka%2BFSv4KsQmDktwtPcsKh7BU%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/webp
cache-control
max-age=31536000
accept-ranges
bytes
cf-ray
7b801ccbe8a5011d-ORD
expires
Sat, 13 Apr 2024 16:01:21 GMT
revolutionize-board-engagement-with-cyber-risk-quantification_1500-100x100.jpg
www.cpomagazine.com/wp-content/uploads/2023/04/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.cpomagazine.com/wp-content/uploads/2023/04/revolutionize-board-engagement-with-cyber-risk-quantification_1500-100x100.jpg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::ac43:be7c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a19c50bfe787f159e850f6ca6f289295e5f314f755c0714ab75db6903e9f546c
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.cpomagazine.com/cyber-security/suspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Sat, 15 Apr 2023 00:36:07 GMT
strict-transport-security
max-age=15552000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
39024
cf-polished
qual=85, origFmt=jpeg, origSize=3982
x-proxy-cache-info
DT:1
content-disposition
inline; filename="revolutionize-board-engagement-with-cyber-risk-quantification_1500-100x100.webp"
host-header
8441280b0c35cbc1147f8ba998a563a7
content-length
3746
cf-bgj
imgq:85,h2pri
last-modified
Sun, 09 Apr 2023 01:53:02 GMT
server
cloudflare
etag
"64321a7e-f8e"
vary
Accept
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=02MblDe2hOIVULIrjCjYITcUes08TMqD8nuv%2BZFYJWuNtfffntYA%2BTsdKR4v28IU%2BIP9wu%2FWi9ajxkCyeB8qqt9mFLa0%2FR1eQ7%2BlbBLjigPBQ5MzFA7TzB3OwAG2e0TyvyxJerLaZ5e%2B8BE%2Fj%2FsViec%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/webp
cache-control
max-age=31536000
accept-ranges
bytes
cf-ray
7b801ccbe8a7011d-ORD
expires
Sat, 13 Apr 2024 11:00:49 GMT
samsung-employees-fed-sensitive-data-to-chatgpt-while-using-it-to-check-code-create-presentations_1500-100x100.jpg
www.cpomagazine.com/wp-content/uploads/2023/04/ 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.cpomagazine.com/wp-content/uploads/2023/04/samsung-employees-fed-sensitive-data-to-chatgpt-while-using-it-to-check-code-create-presentations_1500-100x100.jpg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::ac43:be7c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8b8bd527d2f3767ea3f61834cefe64ab3c7898407d6f6aa35f1339bcceebe5f4
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.cpomagazine.com/cyber-security/suspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Sat, 15 Apr 2023 00:36:07 GMT
strict-transport-security
max-age=15552000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
39960
x-proxy-cache-info
DT:1
host-header
8441280b0c35cbc1147f8ba998a563a7
content-length
1200
last-modified
Thu, 13 Apr 2023 09:31:17 GMT
server
cloudflare
etag
"6437cbe5-4b0"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oJ75rqQcotlYTkxmiFoZnSzNWaLL18YE%2BUV3cVIV1t7tCx6AM28z4RZ7s5%2FOzVkV5DiicPXn4akpUhiSfi2%2Bo2w%2F63wIB9Jp3X2UKW6piomWZLFS2Ef%2Fv%2B0qcKr2OXtmBUnrMhVd0K8frIICXHcJvZo%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/webp
cache-control
max-age=31536000
accept-ranges
bytes
cf-ray
7b801ccbe8a8011d-ORD
expires
Fri, 12 Apr 2024 22:00:31 GMT
quant.js
secure.quantserve.com/ 		22 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://secure.quantserve.com/quant.js
Requested by
Host: cmp.quantcast.com
URL: https://cmp.quantcast.com/choice/Cq2edGTW7tcfR/www.cpomagazine.com/choice.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:116:800b:21:a021:b886:81cc:55cf , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/
Resource Hash
f3f47d6a938ede7a828ca47022eee50835e4c9375f7ca41581fa94e25c8e950e

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Sat, 15 Apr 2023 00:36:07 GMT
content-encoding
gzip
etag
"DUHyBE1e2vdA+NAhXV6BXg=="
vary
Accept-Encoding
content-type
application/javascript
cache-control
private, max-age=604800
accept-ranges
bytes
expires
Sat, 22 Apr 2023 00:36:07 GMT
cmp2.js
quantcast.mgr.consensu.org/tcfv2/ 		178 KB
43 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://quantcast.mgr.consensu.org/tcfv2/cmp2.js?referer=www.cpomagazine.com
Requested by
Host: cmp.quantcast.com
URL: https://cmp.quantcast.com/choice/Cq2edGTW7tcfR/www.cpomagazine.com/choice.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:24d6:f000:9:46dc:4700:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
253dbb7cdf8b323dd7701b955a3557228e07163d34c34a09844928005b2107dd

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Fri, 14 Apr 2023 23:38:10 GMT
content-encoding
br
via
1.1 7d38f3897cdb444e56484e816dfbc442.cloudfront.net (CloudFront)
x-amz-cf-pop
ATL58-P2
age
3478
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-storage-class
INTELLIGENT_TIERING
last-modified
Wed, 05 Apr 2023 15:47:13 GMT
server
AmazonS3
etag
W/"44b9dae010477f4d1d41d5d25cbbc7af"
access-control-max-age
86400
access-control-allow-methods
GET
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
*
cache-control
max-age=3600
vary
Accept-Encoding
x-amz-cf-id
epruojxEfLzcK4ipmlon2IFuzJdFZuiRybvWSJpX9JuIeQ7oAIr7xw==
css2
fonts.googleapis.com/ 		9 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Lato&family=Montserrat&family=Roboto&family=IBM+Plex+Sans:wght@400;600&display=swap
Requested by
Host: cpomagazine.activehosted.com
URL: https://cpomagazine.activehosted.com/f/embed.php?static=0&id=1&6439CD050DC5A&nostyles=0&preview=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:807::200a New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
40b8859bec2da6a6edb67e47760cab3cd1391af35a0039a5d720a17388dfc2af
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Sat, 15 Apr 2023 00:36:07 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Fri, 14 Apr 2023 22:48:53 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Sat, 15 Apr 2023 00:36:07 GMT
intlTelInput.min.css
unpkg.com/intl-tel-input@17.0.18/build/css/ 		19 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://unpkg.com/intl-tel-input@17.0.18/build/css/intlTelInput.min.css
Requested by
Host: cpomagazine.activehosted.com
URL: https://cpomagazine.activehosted.com/f/embed.php?static=0&id=1&6439CD050DC5A&nostyles=0&preview=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:7eaf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c6956e8710cf477f7014440385ae16ee4b8cc7ecfd02fddd4d2f0c6c7fd15845
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Sat, 15 Apr 2023 00:36:07 GMT
via
1.1 fly.io
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains; preload
age
20845279
last-modified
Sat, 26 Oct 1985 08:15:00 GMT
fly-request-id
01GAKXV0SAB3PHPSC0WPDMFJPQ-chi
server
cloudflare
etag
W/"4ad5-/7iiVjPE3eq4HRsXQqwv0LRCpMY"
vary
Accept-Encoding
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
cf-ray
7b801cccae80024e-ORD
embed.php
cpomagazine.activehosted.com/f/ 		28 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cpomagazine.activehosted.com/f/embed.php?static=0&id=1&6439CD050E048&nostyles=0&preview=0
Requested by
Host: www.cpomagazine.com
URL: https://www.cpomagazine.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:586d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
12389cbf93a4648b9def8381af8406865ccc4795de543bb3fc6433e334a75ac6
Security Headers
Name Value
Strict-Transport-Security max-age=2592000

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 15 Apr 2023 00:36:07 GMT
strict-transport-security
max-age=2592000
content-encoding
gzip
cf-cache-status
HIT
last-modified
Sat, 15 Apr 2023 00:36:07 GMT
server
cloudflare
age
0
vary
Accept-Encoding
content-type
text/javascript;charset=UTF-8
cache-control
public, max-age=14400
cf-ray
7b801ccc495d29fa-ORD
x-request-id
f8f0aa1d8f7e2624273859e24cdef69f
expires
Sat, 15 Apr 2023 04:36:07 GMT
rules-p-Cq2edGTW7tcfR.js
rules.quantcount.com/ 		160 B
642 B 		Script
General
Check archive.org
Download Go to
Full URL
https://rules.quantcount.com/rules-p-Cq2edGTW7tcfR.js
Requested by
Host: secure.quantserve.com
URL: https://secure.quantserve.com/quant.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:21dd:7000:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
cbc38667cc862f0f6d5062d0e070ffb73d4d0fd35b04f9f51809fce0ec6b3dbf

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Sat, 15 Apr 2023 00:36:07 GMT
via
1.1 02f97f00ddc8019c5a1aecbfc33dfaf2.cloudfront.net (CloudFront)
x-amz-cf-pop
EWR53-C2
age
457
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
160
last-modified
Thu, 13 Oct 2022 16:25:04 GMT
server
AmazonS3
etag
"1e794aec18d8d0489aef8865d8ed8957"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=3600
accept-ranges
bytes
x-amz-cf-id
LIKt7xWT_f_KZTK4o5k5RmYPf5Baqfac2szK6czj-bE4kNBeMNBn4A==
invisible.js
www.cpomagazine.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/5dc70eb9/ Frame 3E45
Redirect Chain
  • https://www.cpomagazine.com/cdn-cgi/challenge-platform/h/g/scripts/alpha/invisible.js?ts=1681516800
  • https://www.cpomagazine.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/5dc70eb9/invisible.js?ts=1681516800
28 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.cpomagazine.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/5dc70eb9/invisible.js?ts=1681516800
Protocol
H2
Server
2606:4700:3033::ac43:be7c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f2e76f96c1aea767f75c924a169b75cff1990b57e0fd5d78c9146e0a798c7407
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Sat, 15 Apr 2023 00:36:07 GMT
strict-transport-security
max-age=15552000; includeSubDomains
x-content-type-options
nosniff
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
content-encoding
br
vary
accept-encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fCYg%2FeWO5xk3oRP3FXXTN4ZSZ3J1OajK0wI6rH9ima5TDCM9s1thTBQycSQF5aql5vYgEv%2FyncFhREIehqM%2BgQybM9GaWAXPHdYsHJmI29ViVlQwr%2FAexAW0QR2U5FL6bjiwbTIsa8wQIfMBkmrWQvE%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=UTF-8
cache-control
max-age=14400, public
cf-ray
7b801ccdeba5011d-ORD

Redirect headers

date
Sat, 15 Apr 2023 00:36:07 GMT
strict-transport-security
max-age=15552000; includeSubDomains
x-content-type-options
nosniff
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
accept-encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Nj4qdTqYIMcRc1htWRFgKdS2cr1hIcEUwr88kKu0cdHEchSwGlNtuuMhwuFAlPZOOqBa3uoQUuZeQJKbH37rp5p%2Fh8mIbMdcfJ45nBG2CZGWTv1OAXZ6EsApXc0NIYBx7MLijaVNQBPyulAsTMUzLgk%3D"}],"group":"cf-nel","max_age":604800}
location
/cdn-cgi/challenge-platform/h/g/scripts/jsd/5dc70eb9/invisible.js?ts=1681516800
access-control-allow-origin
*
cache-control
max-age=300, public
cf-ray
7b801ccd5a8f011d-ORD
064762-e29f-4335-ac37-b358a1f27bc2.js
monu.delivery/sitesplit/d3/0.4.5/5/1/ 		597 KB
147 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://monu.delivery/sitesplit/d3/0.4.5/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Requested by
Host: monu.delivery
URL: https://monu.delivery/site/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2600:3c03:1::2d4f:f6e2 Cedar Knolls, United States, ASN63949 (AKAMAI-AP Akamai Technologies, Inc., SG),
Reverse DNS
Software
nginx /
Resource Hash
cf465519d2bf8affe1ddc2a19603047d26b817f73588c11e05f930c3f8ae540e

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Sat, 15 Apr 2023 00:36:08 GMT
content-encoding
gzip
age
0
x-guploader-uploadid
ADPycduvBlXOAa5jriiftAGQ0aGIs0BdyykNJswLuoj5P6FeOuIIsBGev-OE8-vBkT3ZPU5jP2gLDe5muj0MaEFqmXK0mA
transfer-encoding
chunked
x-cache
MISS
x-goog-storage-class
STANDARD
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
connection
close
server
nginx
vary
Accept-Encoding
x-goog-generation
1680629571959291
content-type
application/javascript
x-goog-hash
crc32c=0NwA8g==, md5=I0WSFfD/74KXjyGCb103Vg==
cache-control
max-age=7200
x-goog-stored-content-length
610945
expires
Sat, 15 Apr 2023 02:36:08 GMT
tipi.woff2
www.cpomagazine.com/wp-content/themes/zeen/assets/css/tipi/ 		16 KB
17 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.cpomagazine.com/wp-content/themes/zeen/assets/css/tipi/tipi.woff2?9oa0lg
Requested by
Host: www.cpomagazine.com
URL: https://www.cpomagazine.com/wp-content/cache/min/1/cc97d035a8a11b3d786eb40fd8e4b681.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::ac43:be7c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
59ca72acaa7d5ef558ef3fa5da394fee9c98484b36497cb6a9fe857db8c648e9
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
https://www.cpomagazine.com/wp-content/cache/min/1/cc97d035a8a11b3d786eb40fd8e4b681.css
Origin
https://www.cpomagazine.com
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Sat, 15 Apr 2023 00:36:07 GMT
strict-transport-security
max-age=15552000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
2080166
x-proxy-cache-info
DT:1
host-header
8441280b0c35cbc1147f8ba998a563a7
content-length
16684
last-modified
Thu, 31 Mar 2022 03:00:55 GMT
server
cloudflare
etag
"62451967-412c"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TE3KzhE3uOAxniVsip5p3BS6Ei321OnN5XeSqDLaUNZSgDtQj0xP0%2FgR03nEPpZuB4ab6cAEjdhzGBGP%2FMboQus9K%2FZsFgf%2ByfBXfI93y9umRqfDv4k9tesD6tTtOgwaSNBVsxinCGF425QvxXo4RMc%3D"}],"group":"cf-nel","max_age":604800}
content-type
font/woff2
cache-control
max-age=31536000
accept-ranges
bytes
cf-ray
7b801ccd7afb011d-ORD
expires
Sat, 09 Mar 2024 10:40:59 GMT
mmt.gif
imps.monu.delivery/ 		37 B
533 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://imps.monu.delivery/mmt.gif?s=378656d2-f9de-4c85-8a3e-09b46c005318&a=p.l&u=51064762-e29f-4335-ac37-b358a1f27bc2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.186.236.140 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
140.236.186.35.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
b2e4d08754839510a3d77ddf8205a515e51e4277c323932b10441196744ce757

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Sat, 18 Mar 2023 21:52:05 GMT
age
2342642
x-guploader-uploadid
ADPycdtubwQalT_2g6m8-2YqpQC5joU8a_RZ5sxsFUo1pHnc37qCC9oqG_o2AybqFk-jd0o7cE-3QmrGzhwX10dciOr7k2m_BeqN
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
5
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
37
last-modified
Wed, 12 Jul 2017 09:13:19 GMT
server
UploadServer
etag
"455005e2f4b8ecc484500fab08619f70"
x-goog-generation
1499850799559224
x-goog-hash
crc32c=1zd0wQ==, md5=RVAF4vS47MSEUA+rCGGfcA==
content-type
image/gif
cache-control
public, max-age=31536000
x-goog-stored-content-length
37
accept-ranges
bytes
expires
Sun, 17 Mar 2024 21:52:05 GMT
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ 		15 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Lato&family=Montserrat&family=Roboto&family=IBM+Plex+Sans:wght@400;600&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4020:806::2003 Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://www.cpomagazine.com
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Tue, 11 Apr 2023 10:31:37 GMT
x-content-type-options
nosniff
age
309871
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15744
x-xss-protection
0
last-modified
Wed, 11 May 2022 19:24:48 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 10 Apr 2024 10:31:37 GMT
rum
www.cpomagazine.com/cdn-cgi/ 		0
162 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.cpomagazine.com/cdn-cgi/rum?
Requested by
Host: static.cloudflareinsights.com
URL: https://static.cloudflareinsights.com/beacon.min.js/v2b4487d741ca48dcbadcaf954e159fc61680799950996
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::ac43:be7c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://www.cpomagazine.com/cyber-security/suspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
content-type
application/json

Response headers

date
Sat, 15 Apr 2023 00:36:07 GMT
x-content-type-options
nosniff
server
cloudflare
vary
Origin
access-control-max-age
86400
access-control-allow-methods
POST,OPTIONS
access-control-allow-origin
https://www.cpomagazine.com
x-frame-options
DENY
access-control-allow-credentials
true
cf-ray
7b801ccdbb56011d-ORD
pica.js
www.cpomagazine.com/cdn-cgi/challenge-platform/h/g/scripts/ Frame 3E45 		6 KB
3 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://www.cpomagazine.com/cdn-cgi/challenge-platform/h/g/scripts/pica.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::ac43:be7c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
48e75093a4b39cba4cef328e0909d8c2e02d6a72b246b47132a4329ad0986dfe
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Sat, 15 Apr 2023 00:36:08 GMT
strict-transport-security
max-age=15552000; includeSubDomains
x-content-type-options
nosniff
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
content-encoding
br
vary
accept-encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RO2m33UMVV3antq9Ho0EzKSL2eTrKc3Gg6ArB9enMhF50fpFfDEKCoTzVpBDy7PSexqgxI2gmBcEbQ1cbtahXDx7Kn7ivoQfBmxfQV6ceB3nJkg%2FyyhLhcVgRdOyt4%2BAwxcWRC7Y4Bau3p64kEN14Ps%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=UTF-8
cache-control
max-age=14400, public
cf-ray
7b801cce3c1d011d-ORD
7b801cc44d21011d
www.cpomagazine.com/cdn-cgi/challenge-platform/h/g/cv/result/ Frame 3E45 		2 B
544 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.cpomagazine.com/cdn-cgi/challenge-platform/h/g/cv/result/7b801cc44d21011d
Requested by
Host: www.cpomagazine.com
URL: https://www.cpomagazine.com/cdn-cgi/challenge-platform/h/g/scripts/alpha/invisible.js?ts=1681516800
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::ac43:be7c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
application/json

Response headers

date
Sat, 15 Apr 2023 00:36:08 GMT
strict-transport-security
max-age=15552000; includeSubDomains
x-content-type-options
nosniff
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
content-encoding
br
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2F9sDN2VCWoY%2BTD%2F4mxJY33BokLznQq5lsXx9aboDs54rFFBpHDDDPfmdlR87vyVg2XG22PrYbRbfZHcSryx8iTRE29zOyzzsVmNvNh9sSPL08PqC3m6DlGhSiTHBUL9nXvv1fPbdwGdoHgO0XqcNecw%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/plain; charset=UTF-8
cf-ray
7b801cd1a99d011d-ORD
geoip
apis.cmp.quantcast.com/ 		53 B
174 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://apis.cmp.quantcast.com/geoip
Requested by
Host: quantcast.mgr.consensu.org
URL: https://quantcast.mgr.consensu.org/tcfv2/cmp2.js?referer=www.cpomagazine.com
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
107.20.74.88 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-107-20-74-88.compute-1.amazonaws.com
Software
/
Resource Hash
4269abba537698a6c9c5b33eb352ec4e64a3d5e5895fbd396729e0fec3056479

Request headers

Accept
application/json, text/plain, */*
Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

access-control-allow-origin
*
date
Sat, 15 Apr 2023 00:36:08 GMT
content-type
application/json; charset=utf-8
content-length
53
x-geo-ip-version
1.2
config.js
cdn.confiant-integrations.net/OOh3bTrtb2nHyOwGk2LTO5SWo54/gpt_and_prebid/ 		131 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.confiant-integrations.net/OOh3bTrtb2nHyOwGk2LTO5SWo54/gpt_and_prebid/config.js
Requested by
Host: monu.delivery
URL: https://monu.delivery/site/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:99f6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a34c66357c23203a8f6fef28b03e31086f44e93e94a673eb593168a84db41159

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Sat, 15 Apr 2023 00:36:08 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Sat, 15 Apr 2023 00:33:03 GMT
server
cloudflare
x-amz-request-id
3N09KQEDTCFEX2NG
age
15
etag
W/"d29394e28bbc3c9cf2f2bd26d284fb7e"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=900, stale-while-revalidate=3600
cf-ray
7b801cd24ac92316-ORD
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2
8pP2a6M44WDNrCksc4zK8A6mwaVACkBS0HTKVv+BaagK4C4NRl505Ohm7wyISilYtAv5OiGY+cg=
gpt.js
securepubads.g.doubleclick.net/tag/js/ 		77 KB
26 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/tag/js/gpt.js
Requested by
Host: monu.delivery
URL: https://monu.delivery/site/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4020:805::2002 Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
55aec25b8532f1669f97fe08f3729ee008a23d30c183a4336191ef7b6f8c3f75
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Sat, 15 Apr 2023 00:36:08 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
25666
x-xss-protection
0
server
cafe
etag
135 / 19462 / 31073843 / config-hash: 11787412583201714567
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
expires
Sat, 15 Apr 2023 00:36:08 GMT
apstag.js
c.amazon-adsystem.com/aax2/ 		225 KB
55 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://c.amazon-adsystem.com/aax2/apstag.js
Requested by
Host: monu.delivery
URL: https://monu.delivery/site/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.161.23.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-161-23-84.bos50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
2160bf35e174c6e88e61594fa3faf5a0e22b7e5a0ee48626e5d19ffff5eedd10

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Sat, 15 Apr 2023 00:20:26 GMT
content-encoding
gzip
via
1.1 534fd2eebbd6707fdf4614c97949ccac.cloudfront.net (CloudFront), 1.1 68794724cce9f2f9839810e506581c8c.cloudfront.net (CloudFront)
last-modified
Thu, 13 Apr 2023 17:39:08 GMT
server
AmazonS3
x-amz-cf-pop
PHL50-C1, BOS50-P1
age
943
x-amz-server-side-encryption
AES256
etag
W/"54663e0c2b9d1aaa11742b20e2e6970b"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
public, max-age=3600
x-amz-cf-id
Qvh7r5pSZbZP8hewdtzNIwa2MnD8T02V_v-foTonmlpCirmi8sqj_A==
tag.min.js
get.s-onetag.com/e599ac32-ea3f-46fa-a00b-60b8e4861a70/ 		34 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://get.s-onetag.com/e599ac32-ea3f-46fa-a00b-60b8e4861a70/tag.min.js
Requested by
Host: monu.delivery
URL: https://monu.delivery/site/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.33.4.31 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-33-4-31.atl58.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
e2cd2838d9537e8b405992bfa4ef5ddd9ab98461eec351ff661d7b9d475839dd

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

x-amz-version-id
1jhMJLDfRS0M5xXrIqyfpVToZqqa5Wvn
content-encoding
gzip
via
1.1 fdf00b190a061de7e2517d80e4d54e0e.cloudfront.net (CloudFront)
date
Fri, 14 Apr 2023 14:22:17 GMT
last-modified
Thu, 23 Mar 2023 13:59:06 GMT
server
AmazonS3
x-amz-cf-pop
ATL58-P1
age
36832
x-amz-server-side-encryption
AES256
etag
W/"01e9bcb0a0243d190a7c07184514abea"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/javascript
cache-control
max-age=86400
x-amz-cf-id
VYKuBXVNWxhLg_RxxQUnMN9xa9xcoKYz9-jAT2f_VHtGVyFF4cZxPA==
182762-63174106385307.js
js-sec.indexww.com/ht/p/ 		37 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js-sec.indexww.com/ht/p/182762-63174106385307.js
Requested by
Host: monu.delivery
URL: https://monu.delivery/site/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.11.47 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
802a3b18272fce86b7ae5e349963873801db2a682c542ba2a78b673f295ff5e2

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Sat, 15 Apr 2023 00:36:08 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Sat, 15 Apr 2023 00:20:14 GMT
server
cloudflare
age
810
etag
W/"9022bd-930a-5f954ebf37397"
vary
Accept-Encoding
content-type
text/javascript
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
edge-control
cache-maxage=1h
cache-control
public, max-age=14400
cf-ray
7b801cd2bb1d1145-ORD
expires
Sat, 15 Apr 2023 04:36:08 GMT
geoip
apis.cmp.quantcast.com/ 		53 B
173 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://apis.cmp.quantcast.com/geoip
Requested by
Host: quantcast.mgr.consensu.org
URL: https://quantcast.mgr.consensu.org/tcfv2/cmp2.js?referer=www.cpomagazine.com
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
107.20.74.88 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-107-20-74-88.compute-1.amazonaws.com
Software
/
Resource Hash
4269abba537698a6c9c5b33eb352ec4e64a3d5e5895fbd396729e0fec3056479

Request headers

Accept
application/json, text/plain, */*
Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

access-control-allow-origin
*
date
Sat, 15 Apr 2023 00:36:08 GMT
content-type
application/json; charset=utf-8
content-length
53
x-geo-ip-version
1.2
geoip
apis.cmp.quantcast.com/ 		53 B
173 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://apis.cmp.quantcast.com/geoip
Requested by
Host: quantcast.mgr.consensu.org
URL: https://quantcast.mgr.consensu.org/tcfv2/cmp2.js?referer=www.cpomagazine.com
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
107.20.74.88 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-107-20-74-88.compute-1.amazonaws.com
Software
/
Resource Hash
4269abba537698a6c9c5b33eb352ec4e64a3d5e5895fbd396729e0fec3056479

Request headers

Accept
application/json, text/plain, */*
Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

access-control-allow-origin
*
date
Sat, 15 Apr 2023 00:36:08 GMT
content-type
application/json; charset=utf-8
content-length
53
x-geo-ip-version
1.2
pbjs
api.id5-sync.com/analytics/1013/ 		70 B
439 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.id5-sync.com/analytics/1013/pbjs
Requested by
Host: monu.delivery
URL: https://monu.delivery/sitesplit/d3/0.4.5/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
141.95.98.65 , France, ASN16276 (OVH, FR),
Reverse DNS
ns3216659.ip-141-95-98.eu
Software
/
Resource Hash
ba8451f39b0887dfff955335e5bf9007d350bf5c2d9f5ef697e07275ecbc331a
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
*
date
Sat, 15 Apr 2023 00:36:08 GMT
cache-control
max-age=300, public
strict-transport-security
max-age=63072000; includeSubDomains; preload
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
transfer-encoding
chunked
content-type
application/json;charset=UTF-8
bidRequest
c2shb.pubgw.yahoo.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://c2shb.pubgw.yahoo.com/bidRequest
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.236.83.94 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-236-83-94.compute-1.amazonaws.com
Software
ATS/9.1.10.25 /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-openrtb-version
Access-Control-Request-Method
POST
Origin
https://www.cpomagazine.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
X-Requested-With,Content-Type,X-Openrtb-Version
access-control-allow-methods
GET,POST,OPTIONS
access-control-allow-origin
https://www.cpomagazine.com
access-control-max-age
600
age
0
content-length
0
date
Sat, 15 Apr 2023 00:36:08 GMT
server
ATS/9.1.10.25
bidRequest
c2shb.pubgw.yahoo.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://c2shb.pubgw.yahoo.com/bidRequest
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.236.83.94 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-236-83-94.compute-1.amazonaws.com
Software
ATS/9.1.10.25 /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-openrtb-version
Access-Control-Request-Method
POST
Origin
https://www.cpomagazine.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
X-Requested-With,Content-Type,X-Openrtb-Version
access-control-allow-methods
GET,POST,OPTIONS
access-control-allow-origin
https://www.cpomagazine.com
access-control-max-age
600
age
0
content-length
0
date
Sat, 15 Apr 2023 00:36:08 GMT
server
ATS/9.1.10.25
bidRequest
c2shb.pubgw.yahoo.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://c2shb.pubgw.yahoo.com/bidRequest
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.236.83.94 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-236-83-94.compute-1.amazonaws.com
Software
ATS/9.1.10.25 /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-openrtb-version
Access-Control-Request-Method
POST
Origin
https://www.cpomagazine.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
X-Requested-With,Content-Type,X-Openrtb-Version
access-control-allow-methods
GET,POST,OPTIONS
access-control-allow-origin
https://www.cpomagazine.com
access-control-max-age
600
age
0
content-length
0
date
Sat, 15 Apr 2023 00:36:08 GMT
server
ATS/9.1.10.25
v2
e.serverbid.com/api/ 		16 B
393 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://e.serverbid.com/api/v2
Requested by
Host: monu.delivery
URL: https://monu.delivery/sitesplit/d3/0.4.5/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
159.89.246.130 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
/
Resource Hash
903eb8f1cc364e01930ba03579f049a72794aa91d1a5842a2edb6365e436bb7c

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
text/plain

Response headers

date
Sat, 15 Apr 2023 00:36:08 GMT
content-encoding
gzip
access-control-max-age
10080
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/json
access-control-allow-origin
https://www.cpomagazine.com
access-control-allow-credentials
true
access-control-allow-headers
origin, content-type, accept
content-length
42
bidRequest
c2shb.pubgw.yahoo.com/ 		66 B
285 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c2shb.pubgw.yahoo.com/bidRequest
Requested by
Host: monu.delivery
URL: https://monu.delivery/sitesplit/d3/0.4.5/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.236.83.94 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-236-83-94.compute-1.amazonaws.com
Software
ATS/9.1.10.25 /
Resource Hash
c5a303f5ac4be05981e37d301ed8f080805d2f2529bc7c38fbd2f7f45aca51a8

Request headers

Referer
x-openrtb-version
2.5
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
application/json

Response headers

date
Sat, 15 Apr 2023 00:36:09 GMT
content-encoding
gzip
server
ATS/9.1.10.25
age
0
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Accept-Encoding, User-Agent
access-control-allow-methods
POST,GET,HEAD,OPTIONS
content-type
application/json;charset=utf-8
access-control-allow-origin
https://www.cpomagazine.com
access-control-allow-credentials
true
content-length
84
bidRequest
c2shb.pubgw.yahoo.com/ 		66 B
514 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c2shb.pubgw.yahoo.com/bidRequest
Requested by
Host: monu.delivery
URL: https://monu.delivery/sitesplit/d3/0.4.5/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.236.83.94 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-236-83-94.compute-1.amazonaws.com
Software
ATS/9.1.10.25 /
Resource Hash
d6d47737737a16bde4063bae0ebfac9f8f99ed096cb22f031e6f1f2cb4946e3a

Request headers

Referer
x-openrtb-version
2.5
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
application/json

Response headers

date
Sat, 15 Apr 2023 00:36:09 GMT
content-encoding
gzip
server
ATS/9.1.10.25
age
0
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Accept-Encoding, User-Agent
access-control-allow-methods
POST,GET,HEAD,OPTIONS
content-type
application/json;charset=utf-8
access-control-allow-origin
https://www.cpomagazine.com
access-control-allow-credentials
true
content-length
84
bidRequest
c2shb.pubgw.yahoo.com/ 		66 B
285 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c2shb.pubgw.yahoo.com/bidRequest
Requested by
Host: monu.delivery
URL: https://monu.delivery/sitesplit/d3/0.4.5/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.236.83.94 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-236-83-94.compute-1.amazonaws.com
Software
ATS/9.1.10.25 /
Resource Hash
2661bf324476669dbaf675b5345a83d9b3fe63d1dbdac68a15e9fec61190e829

Request headers

Referer
x-openrtb-version
2.5
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
application/json

Response headers

date
Sat, 15 Apr 2023 00:36:09 GMT
content-encoding
gzip
server
ATS/9.1.10.25
age
0
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Accept-Encoding, User-Agent
access-control-allow-methods
POST,GET,HEAD,OPTIONS
content-type
application/json;charset=utf-8
access-control-allow-origin
https://www.cpomagazine.com
access-control-allow-credentials
true
content-length
84
prebid
prebid.media.net/rtb/ 		16 KB
8 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebid.media.net/rtb/prebid?cid=8CUWWG7OK
Requested by
Host: monu.delivery
URL: https://monu.delivery/sitesplit/d3/0.4.5/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.107.148.139 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
139.148.107.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
eafac78ab498f8af409e9d214c00ebc9e46fc5f5e06a7beb428e3297522954cd

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sat, 15 Apr 2023 00:36:08 GMT
content-encoding
gzip
via
1.1 google
server
nginx
accept-ch
Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://www.cpomagazine.com
cache-control
max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
alt-svc
clear
expires
Sat, 15 Apr 2023 00:36:08 GMT
637e6546decb82d45236f0f8
prebid.cootlogix.com/prebid/multi/ 		0
977 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebid.cootlogix.com/prebid/multi/637e6546decb82d45236f0f8
Requested by
Host: monu.delivery
URL: https://monu.delivery/sitesplit/d3/0.4.5/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
45.77.203.141 Piscataway, United States, ASN20473 (AS-CHOOPA, US),
Reverse DNS
45.77.203.141.vultrusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://www.cpomagazine.com
date
Sat, 15 Apr 2023 00:36:09 GMT
cache-control
max-age=0, no-cache, must-revalidate, proxy-revalidate
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, Content-Range, Cache-Control
content-length
0
v1
hb-api.omnitagjs.com/hb-api/prebid/ 		535 B
995 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://hb-api.omnitagjs.com/hb-api/prebid/v1?RefererUrl=https%3A%2F%2Fwww.cpomagazine.com%2Fcyber-security%2Fsuspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware%2F&PageUrl=https%3A%2F%2Fwww.cpomagazine.com%2Fcyber-security%2Fsuspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware%2F&PageReferrer=https%3A%2F%2Fwww.cpomagazine.com%2Fcyber-security%2Fsuspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware%2F&CanonicalUrl=https%3A%2F%2Fwww.cpomagazine.com%2Fcyber-security%2Fsuspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware%2F
Requested by
Host: monu.delivery
URL: https://monu.delivery/sitesplit/d3/0.4.5/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
195.244.31.11 Newark, United States, ASN63140 (IGUANA-WORLDWIDE, US),
Reverse DNS
Software
ayl-lb-usa02 /
Resource Hash
f6dc5d8da13b8d2cb94dbedc5ab67a55c7b0f02c989eb323839fab4c4c8ce912
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
text/plain

Response headers

date
Sat, 15 Apr 2023 00:36:08 GMT
x-content-type-options
nosniff
p3p
CP="CAO PSA OUR"
x-envoy-upstream-service-time
179
content-length
535
pragma
no-cache
server
ayl-lb-usa02
access-control-max-age
3600
access-control-allow-methods
OPTIONS, POST
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.cpomagazine.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
vary
Accept-Encoding
access-control-allow-headers
Accept-Encoding, Content-Type
expires
0
pbjs
htlb.casalemedia.com/openrtb/ 		37 B
570 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://htlb.casalemedia.com/openrtb/pbjs?s=242369
Requested by
Host: monu.delivery
URL: https://monu.delivery/sitesplit/d3/0.4.5/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.24.185 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d49b7449aa58f66cee9a17e172cec2a0118bfaa380db2290d1aff39c450343d5

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sat, 15 Apr 2023 00:36:08 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=m1Lk%2BgG2wMDL5LwycoFif9ikjcda8kGvrQFYw3h66UYPtvBblGKysadwIyA%2BER9XHIwfiY6WeXMc2qnAqDGwbUpLyB1den%2BldrKmlOWzExo4RGc%2FtmINPbjkyGeHqA8cXQ3PYXhp"}],"group":"cf-nel","max_age":604800}
content-type
application/json
access-control-allow-origin
https://www.cpomagazine.com
cache-control
no-cache
access-control-allow-credentials
true
cf-ray
7b801cd31d01232d-ORD
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
37
expires
0
prebid
ib.adnxs.com/ut/v3/ 		19 B
827 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: monu.delivery
URL: https://monu.delivery/sitesplit/d3/0.4.5/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
68.67.179.153 North Bergen, United States, ASN29990 (ASN-APPNEX, US),
Reverse DNS
570.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
0c09c070833c786cb25be38bc30992b30bad578f817dbc9e34beacd8b8ea44c5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Sat, 15 Apr 2023 00:36:08 GMT
AN-X-Request-Uuid
d3a0172a-232d-4238-9b50-0512dbf8bc5a
Server
nginx/1.21.3
Accept-CH
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type
application/json; charset=utf-8
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
https://www.cpomagazine.com
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
X-Proxy-Origin
167.88.7.162; 167.88.7.162; 570.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
Content-Length
19
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
c
prebid.a-mo.net/a/ 		584 B
867 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebid.a-mo.net/a/c
Requested by
Host: monu.delivery
URL: https://monu.delivery/sitesplit/d3/0.4.5/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
145.40.88.5 Secaucus, United States, ASN54825 (PACKET, US),
Reverse DNS
Software
envoy /
Resource Hash
b19d9fa78774aa8220f33e0679de11de57cfd936c2ea076e6812957016011007

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
text/plain

Response headers

date
Sat, 15 Apr 2023 00:36:07 GMT
content-encoding
gzip
server
envoy
vary
origin, accept-encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.cpomagazine.com
cache-control
max-age=0, private, must-revalidate
access-control-allow-credentials
true
x-envoy-upstream-service-time
1
content-length
301
imp
g2.gumgum.com/hbid/ 		565 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://g2.gumgum.com/hbid/imp?lt=1681518968725&to=0&aun=mmt-1a3df35b-0d42-4f90-ba6f-b29cbf8c41c9-ad&pubcid=f6a3602b-20d0-453b-ab39-49dbb75d7ee8&gpid=%2F20842576%2C22558570530%2FGSU0BM%2FGSU0BM-DDT.D%23sticky-sidebar-4&maxw=300&maxh=600&si=222944&pi=3&bf=300x250%2C160x600%2C300x600&schain=1.0%2C1!monumetric.com%2C51064762-e29f-4335-ac37-b358a1f27bc2%2C1%2C6dfc5195-44c0-48b7-9786-74e7f1c222b9%2C%2C&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fwww.cpomagazine.com%2Fcyber-security%2Fsuspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware%2F&ce=false&dpr=1&jcsi=%7B%22t%22%3A0%2C%22rq%22%3A8%2C%22pbv%22%3A%227.34.0%22%7D&ogu=https%3A%2F%2Fwww.cpomagazine.com%2Fcyber-security%2Fsuspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware%2F&ns=10240
Requested by
Host: monu.delivery
URL: https://monu.delivery/sitesplit/d3/0.4.5/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.235.206.17 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-18-235-206-17.compute-1.amazonaws.com
Software
nginx /
Resource Hash
3296d5f37229e0c0085a608e930bdac6353b9546c49a47781a77d539ca132d2e

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sat, 15 Apr 2023 00:36:08 GMT
content-encoding
gzip
server
nginx
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://www.cpomagazine.com
cache-control
private, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
timing-allow-origin
*
expires
0
imp
g2.gumgum.com/hbid/ 		565 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://g2.gumgum.com/hbid/imp?lt=1681518968725&to=0&aun=mmt-1a3df35b-0d42-4f90-ba6f-b29cbf8c41c9-ad&pubcid=f6a3602b-20d0-453b-ab39-49dbb75d7ee8&gpid=%2F20842576%2C22558570530%2FGSU0BM%2FGSU0BM-DDT.D%23sticky-sidebar-4&maxw=300&maxh=600&si=222946&pi=3&bf=300x250%2C160x600%2C300x600&schain=1.0%2C1!monumetric.com%2C51064762-e29f-4335-ac37-b358a1f27bc2%2C1%2C6dfc5195-44c0-48b7-9786-74e7f1c222b9%2C%2C&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fwww.cpomagazine.com%2Fcyber-security%2Fsuspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware%2F&ce=false&dpr=1&jcsi=%7B%22t%22%3A0%2C%22rq%22%3A8%2C%22pbv%22%3A%227.34.0%22%7D&ogu=https%3A%2F%2Fwww.cpomagazine.com%2Fcyber-security%2Fsuspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware%2F&ns=10240
Requested by
Host: monu.delivery
URL: https://monu.delivery/sitesplit/d3/0.4.5/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.235.206.17 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-18-235-206-17.compute-1.amazonaws.com
Software
nginx /
Resource Hash
c6f945153fee8bc5ec7f1190559f4176b17be67625bfad61ea1408da5fff7eb8

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sat, 15 Apr 2023 00:36:08 GMT
content-encoding
gzip
server
nginx
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://www.cpomagazine.com
cache-control
private, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
timing-allow-origin
*
expires
0
imp
g2.gumgum.com/hbid/ 		565 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://g2.gumgum.com/hbid/imp?lt=1681518968725&to=0&aun=mmt-1a3df35b-0d42-4f90-ba6f-b29cbf8c41c9-ad&pubcid=f6a3602b-20d0-453b-ab39-49dbb75d7ee8&gpid=%2F20842576%2C22558570530%2FGSU0BM%2FGSU0BM-DDT.D%23sticky-sidebar-4&maxw=300&maxh=600&si=222947&pi=3&bf=300x250%2C160x600%2C300x600&schain=1.0%2C1!monumetric.com%2C51064762-e29f-4335-ac37-b358a1f27bc2%2C1%2C6dfc5195-44c0-48b7-9786-74e7f1c222b9%2C%2C&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fwww.cpomagazine.com%2Fcyber-security%2Fsuspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware%2F&ce=false&dpr=1&jcsi=%7B%22t%22%3A0%2C%22rq%22%3A8%2C%22pbv%22%3A%227.34.0%22%7D&ogu=https%3A%2F%2Fwww.cpomagazine.com%2Fcyber-security%2Fsuspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware%2F&ns=10240
Requested by
Host: monu.delivery
URL: https://monu.delivery/sitesplit/d3/0.4.5/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.235.206.17 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-18-235-206-17.compute-1.amazonaws.com
Software
nginx /
Resource Hash
e88a629625029f3654952ce4f62b2dce0e23699728a5ac9d4e847956cbba57b8

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sat, 15 Apr 2023 00:36:08 GMT
content-encoding
gzip
server
nginx
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://www.cpomagazine.com
cache-control
private, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
timing-allow-origin
*
expires
0
translator
hbopenbid.pubmatic.com/ 		0
119 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by
Host: monu.delivery
URL: https://monu.delivery/sitesplit/d3/0.4.5/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.36.115.111 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://www.cpomagazine.com
date
Sat, 15 Apr 2023 00:36:07 GMT
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
trinity.json
apex.go.sonobi.com/ 		862 B
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://apex.go.sonobi.com/trinity.json?key_maker=%7B%223589e6271a68709%22%3A%22177369c437c672237248%7C300x250%2C160x600%2C300x600%7Cgpid%3D%2F20842576%2C22558570530%2FGSU0BM%2FGSU0BM-DDT.D%23sticky-sidebar-4%2Cc%3Dd%2C%22%2C%2236b3f3bc4c1d6ed%22%3A%22dcc4cd9596e80d497120%7C300x250%2C160x600%2C300x600%7Cgpid%3D%2F20842576%2C22558570530%2FGSU0BM%2FGSU0BM-DDT.D%23sticky-sidebar-4%2Cc%3Dd%2C%22%2C%22375fff22cbd5497%22%3A%22d23fc2fbe929165f22f9%7C300x250%2C160x600%2C300x600%7Cgpid%3D%2F20842576%2C22558570530%2FGSU0BM%2FGSU0BM-DDT.D%23sticky-sidebar-4%2Cc%3Dd%2C%22%7D&ref=https%3A%2F%2Fwww.cpomagazine.com%2Fcyber-security%2Fsuspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware%2F&s=41305537-68d8-4f8a-b3a6-6282449d6481&pv=a8d57ca9-d890-4c53-9b91-7829f485246f&vp=desktop&lib_name=prebid&lib_v=7.34.0&us=5&fpd=%7B%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fwww.cpomagazine.com%2Fcyber-security%2Fsuspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware%2F%22%2C%22domain%22%3A%22cpomagazine.com%22%2C%22publisher%22%3A%7B%22domain%22%3A%22cpomagazine.com%22%7D%7D%2C%22device%22%3A%7B%22w%22%3A1600%2C%22h%22%3A1200%2C%22dnt%22%3A0%2C%22ua%22%3A%22Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F112.0.5615.49%20Safari%2F537.36%22%2C%22language%22%3A%22en%22%2C%22sua%22%3A%7B%22source%22%3A2%2C%22browsers%22%3A%5B%5D%2C%22mobile%22%3A0%2C%22model%22%3A%22%22%2C%22bitness%22%3A%22%22%2C%22architecture%22%3A%22%22%7D%7D%7D&ius=0&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22monumetric.com%22%2C%22sid%22%3A%2251064762-e29f-4335-ac37-b358a1f27bc2%22%2C%22hp%22%3A1%2C%22rid%22%3A%226dfc5195-44c0-48b7-9786-74e7f1c222b9%22%7D%5D%7D&userid=%7B%22pubcid%22%3A%22f6a3602b-20d0-453b-ab39-49dbb75d7ee8%22%7D&eids=%5B%7B%22source%22%3A%22pubcid.org%22%2C%22uids%22%3A%5B%7B%22id%22%3A%22f6a3602b-20d0-453b-ab39-49dbb75d7ee8%22%2C%22atype%22%3A1%7D%5D%7D%5D&coppa=0
Requested by
Host: monu.delivery
URL: https://monu.delivery/sitesplit/d3/0.4.5/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
69.166.1.14 , United States, ASN27630 (AS-XFERNET, US),
Reverse DNS
Software
sonobi-go /
Resource Hash
6c87b40001d1d1ee933c62308fd150bf3c1b7c38801f82ee9aa15e3b06892245
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Sat, 15 Apr 2023 00:36:08 GMT
Content-Encoding
gzip
Server
sonobi-go
Vary
negotiate,Accept-Encoding
X-Go-Server
go-iad-2-5-33
Content-Type
application/json
P3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin
https://www.cpomagazine.com
Cache-Control
no-cache, no-store, private
Access-Control-Allow-Credentials
true
Tcn
Choice
Content-Length
502
X-Xss-Protection
0
Expires
Sat, 26 Jul 1997 05:00:00 GMT
fastlane.json
fastlane.rubiconproject.com/a/api/ 		528 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=23852&site_id=389792&zone_id=2276222&size_id=15&alt_size_ids=9%2C10&rp_schain=1.0,1!monumetric.com,51064762-e29f-4335-ac37-b358a1f27bc2,1,6dfc5195-44c0-48b7-9786-74e7f1c222b9,,&eid_pubcid.org=f6a3602b-20d0-453b-ab39-49dbb75d7ee8%5E1&rf=https%3A%2F%2Fwww.cpomagazine.com%2Fcyber-security%2Fsuspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware%2F&tg_i.page=https%3A%2F%2Fwww.cpomagazine.com%2Fcyber-security%2Fsuspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware%2F&tg_i.domain=cpomagazine.com&tg_i.pbadslot=%2F20842576%2C22558570530%2FGSU0BM%2FGSU0BM-DDT.D%23sticky-sidebar-4&tk_flint=pbjs_lite_v7.34.0&x_source.tid=502c516f-a347-455d-9b76-f8b88e00b5b7&l_pb_bid_id=3947cc8b63afd&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&p_gpid=%2F20842576%2C22558570530%2FGSU0BM%2FGSU0BM-DDT.D%23sticky-sidebar-4&slots=1&rand=0.9161349483675088
Requested by
Host: monu.delivery
URL: https://monu.delivery/sitesplit/d3/0.4.5/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2602:803:c002:200::115 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.21.4 /
Resource Hash
b1c076f876b94e2023d470bdccf607aaf563fa33f890fce6d78905a4478d4a49

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sat, 15 Apr 2023 00:36:09 GMT
server
nginx/1.21.4
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
https://www.cpomagazine.com
p3p
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
content-length
528
expires
Wed, 17 Sep 1975 21:32:10 GMT
prebid
ads.yieldmo.com/exchange/ 		0
228 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ads.yieldmo.com/exchange/prebid?pbav=7.34.0&p=%5B%7B%22placement_id%22%3A%22mmt-1a3df35b-0d42-4f90-ba6f-b29cbf8c41c9-ad%22%2C%22callback_id%22%3A%2241c1e71833e4533%22%2C%22sizes%22%3A%5B%5B300%2C250%5D%2C%5B160%2C600%5D%2C%5B300%2C600%5D%5D%2C%22ym_placement_id%22%3A%222668194220820340961%22%2C%22gpid%22%3A%22%2F20842576%2C22558570530%2FGSU0BM%2FGSU0BM-DDT.D%23sticky-sidebar-4%22%2C%22tid%22%3A%22502c516f-a347-455d-9b76-f8b88e00b5b7%22%2C%22auctionId%22%3A%22f5531a99-b17a-466d-af02-07343fd97cf2%22%7D%5D&page_url=https%3A%2F%2Fwww.cpomagazine.com%2Fcyber-security%2Fsuspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware%2F&bust=1681518968735&dnt=false&description=Suspected%20Chinese%20threat%20actors%20compromised%20an%20IRS-authorized%20online%20tax%20return%20website%20eFile.com%20using%20JavaScript%20malware%20to%20create%20backdoors%20on%20users%E2%80%99%20devices.&userConsent=%7B%22gdprApplies%22%3A%22%22%2C%22cmp%22%3A%22%22%7D&us_privacy=&pr=&scrd=1&title=Suspected%20Chinese%20Threat%20Actors%20Infected%20IRS%20Authorized%20Tax%20Return%20Website%20With%20JavaScript%20Malware%20-%20CPO%20Magazine&w=1600&h=1200&pubcid=f6a3602b-20d0-453b-ab39-49dbb75d7ee8&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22monumetric.com%22%2C%22sid%22%3A%2251064762-e29f-4335-ac37-b358a1f27bc2%22%2C%22hp%22%3A1%2C%22rid%22%3A%226dfc5195-44c0-48b7-9786-74e7f1c222b9%22%7D%5D%7D&eids=%5B%7B%22source%22%3A%22pubcid.org%22%2C%22uids%22%3A%5B%7B%22id%22%3A%22f6a3602b-20d0-453b-ab39-49dbb75d7ee8%22%2C%22atype%22%3A1%7D%5D%7D%5D
Requested by
Host: monu.delivery
URL: https://monu.delivery/sitesplit/d3/0.4.5/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.214.100.121 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-214-100-121.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://www.cpomagazine.com
pragma
no-cache
date
Sat, 15 Apr 2023 00:36:09 GMT
access-control-allow-credentials
true
x-robots-tag
none,NOINDEX,NOFOLLOW
access-control-allow-methods
POST, GET, OPTIONS
access-control-request-headers
Cache-Control, Pragma
bid
ap.lijit.com/rtb/ 		24 B
530 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ap.lijit.com/rtb/bid?src=prebid_prebid_7.34.0
Requested by
Host: monu.delivery
URL: https://monu.delivery/sitesplit/d3/0.4.5/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.92.190.68 Charlotte, United States, ASN10913 (INTERNAP-BLK, US),
Reverse DNS
Software
/
Resource Hash
429bb4d4c0e60ac7db93ab6fb20a9417658b9a43f61e52f02d1f6dcb7307784e

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
text/plain

Response headers

Date
Sat, 15 Apr 2023 00:36:08 GMT
Vary
Accept-Encoding, User-Agent
Access-Control-Allow-Methods
GET, POST, DELETE, PUT
Content-Type
application/json
Access-Control-Allow-Origin
https://www.cpomagazine.com
Access-Control-Allow-Credentials
true
X-Sovrn-Pod
ad_ap2ewr1
Access-Control-Allow-Headers
X-Requested-With, Content-Type
Content-Length
24
wrap.js
cdn.confiant-integrations.net/gptprebidnative/202302281347/ 		231 KB
71 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.confiant-integrations.net/gptprebidnative/202302281347/wrap.js
Requested by
Host: cdn.confiant-integrations.net
URL: https://cdn.confiant-integrations.net/OOh3bTrtb2nHyOwGk2LTO5SWo54/gpt_and_prebid/config.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:99f6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c9ac13bac7ab829224e6232b3ce729cdee42f28576b7482780e954ba99bd9092

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Sat, 15 Apr 2023 00:36:08 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Tue, 28 Feb 2023 18:48:58 GMT
server
cloudflare
x-amz-request-id
RMKENYCVGE3NT2XW
age
3830885
etag
W/"c7c5fc8c5f2964e83a60d38bc1d58640"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
cache-control
public, max-age=31536000
cf-ray
7b801cd2db702316-ORD
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2
H8jSKhJuGwzhZ6blSFAYJyTaZod3GB9u+Pz4poH0D0YnOWyBEiJSJaG5IcpVW87yUm3pdpZWxGQ=
pixel;r=1404415967;source=choice;rf=0;a=p-Cq2edGTW7tcfR;url=https%3A%2F%2Fwww.cpomagazine.com%2Fcyber-security%2Fsuspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-java...
pixel.quantserve.com/ 		35 B
372 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.quantserve.com/pixel;r=1404415967;source=choice;rf=0;a=p-Cq2edGTW7tcfR;url=https%3A%2F%2Fwww.cpomagazine.com%2Fcyber-security%2Fsuspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware%2F;uht=2;fpan=1;fpa=P0-1568752817-1681518967824;pbc=;ns=0;ce=1;qjs=1;qv=93f4cf8b-20230329153214;cm=;gdpr=0;us_privacy=1---;ref=;d=cpomagazine.com;dst=0;et=1681518967978;tzo=0;ogl=locale.en_US%2Ctype.article%2Ctitle.Suspected%20Chinese%20Threat%20Actors%20Infected%20IRS%20Authorized%20Tax%20Return%20Website%20With%20%2Cdescription.Suspected%20Chinese%20threat%20actors%20compromised%20an%20IRS-authorized%20online%20tax%20return%20%2Curl.https%3A%2F%2Fwww%252Ecpomagazine%252Ecom%2Fcyber-security%2Fsuspected-chinese-threat-actors-infec%2Csite_name.CPO%20Magazine%2Cimage.https%3A%2F%2Fwww%252Ecpomagazine%252Ecom%2Fwp-content%2Fuploads%2F2023%2F04%2Fsuspected-chinese-threat-%2Cimage%3Awidth.1500%2Cimage%3Aheight.860%2Cimage%3Atype.image%2Fjpeg;ses=4e7d0d00-eaed-4b29-a40b-40a87e58e4ff
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:116:800b:21:a021:b886:81cc:55cf , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/
Resource Hash
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
Security Headers
Name Value
Strict-Transport-Security max-age=86400

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 15 Apr 2023 00:36:08 GMT
strict-transport-security
max-age=86400
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
content-type
image/gif
cache-control
private, no-cache, no-store, proxy-revalidate
content-length
35
expires
Fri, 04 Aug 1978 12:00:00 GMT
rid
match.adsrvr.org/track/ 		109 B
547 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://match.adsrvr.org/track/rid?ttd_pid=casale&fmt=json&p=182762
Requested by
Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/p/182762-63174106385307.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.223.40.198 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a6370ebea231e0c9a.awsglobalaccelerator.com
Software
/
Resource Hash
7880baffe2ae82053e2779e29e71c2070392d531d9b56b5ea5d74de367d2ae42

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

date
Sat, 15 Apr 2023 00:36:08 GMT
x-aspnet-version
4.0.30319
vary
Origin
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.cpomagazine.com
cache-control
private
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Content-Length, Content-Encoding, Vary, Cache-Control, Accept
content-length
109
expires
Mon, 15 May 2023 00:36:08 GMT
identity
api.rlcdn.com/api/ 		0
282 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.rlcdn.com/api/identity?pid=2&rt=envelope
Requested by
Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/p/182762-63174106385307.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.155.137 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
137.155.120.34.bc.googleusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

date
Sat, 15 Apr 2023 00:36:08 GMT
via
1.1 google
access-control-allow-methods
GET, OPTIONS
access-control-allow-origin
https://www.cpomagazine.com
cache-control
no-cache, no-store
access-control-allow-credentials
true
timing-allow-origin
*
access-control-allow-headers
Accept, Authorization, Content-Type, Cookie, Origin, X-Requested-With
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
/
onetag-geo.s-onetag.com/ 		50 B
462 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://onetag-geo.s-onetag.com/
Requested by
Host: get.s-onetag.com
URL: https://get.s-onetag.com/e599ac32-ea3f-46fa-a00b-60b8e4861a70/tag.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.161.34.99 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-161-34-99.bos50.r.cloudfront.net
Software
/
Resource Hash
851a1aace07f995f5075846e18098478b6fe7c7e921e84747504ceb39f6a94b6

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Fri, 14 Apr 2023 22:08:32 GMT
via
1.1 bd5ab138e49a090fd3089313c9c8105c.cloudfront.net (CloudFront), 1.1 6a44a538dfe322d4ba8f26b7c3a708c0.cloudfront.net (CloudFront)
x-amz-cf-pop
IAD12-P4, BOS50-P2
age
8856
x-amzn-requestid
f7719c69-4974-4384-a5e8-07b0a3800faa
x-cache
Hit from cloudfront
content-type
application/json
access-control-allow-origin
*
cache-control
max-age=86400
x-amz-apigw-id
DY1DDGbliYcF-8w=
content-length
50
x-amz-cf-id
8LaPbz__FzO4hA33H81GLHisQPpKCwpNtrelTibKoLVrnwhEn1CbtQ==
beacon.min.js
signal-beacon.s-onetag.com/ 		22 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://signal-beacon.s-onetag.com/beacon.min.js
Requested by
Host: get.s-onetag.com
URL: https://get.s-onetag.com/e599ac32-ea3f-46fa-a00b-60b8e4861a70/tag.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.226.39.123 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-39-123.ewr53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
c37a134e735f9a3dc9916bbed8f5e576f89b9f26537a59544d74004962b1a8ef

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

x-amz-version-id
h0jfx2_ld0LSppgdK5454e6x8dlC_h3s
content-encoding
gzip
via
1.1 78cc4d359edf91a401bf5898aa1dacc6.cloudfront.net (CloudFront)
date
Fri, 14 Apr 2023 09:24:58 GMT
last-modified
Wed, 01 Mar 2023 12:13:37 GMT
server
AmazonS3
x-amz-cf-pop
EWR53-C2
age
54672
x-amz-server-side-encryption
AES256
etag
W/"fd89ceeda84b55780ed4e8f97b752a7a"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
max-age=86400
x-amz-cf-id
ZFljh6TZlb6b0wWU94-AwPyiNXNJrhc0ye2iJXFR-XNUjwBtaD7ENQ==
%2Fcyber-security%2Fsuspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-java
signal-segments.s-onetag.com/desktop/www.cpomagazine.com/ 		5 KB
641 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://signal-segments.s-onetag.com/desktop/www.cpomagazine.com/%2Fcyber-security%2Fsuspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-java
Requested by
Host: get.s-onetag.com
URL: https://get.s-onetag.com/e599ac32-ea3f-46fa-a00b-60b8e4861a70/tag.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.161.34.46 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-161-34-46.bos50.r.cloudfront.net
Software
/
Resource Hash
f31b91a059513fe96baae333fba5e643a41716bc4ad42d6085267eea82aca3ac

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Fri, 14 Apr 2023 23:10:17 GMT
content-encoding
gzip
via
1.1 6a44a538dfe322d4ba8f26b7c3a708c0.cloudfront.net (CloudFront)
x-amz-cf-pop
BOS50-P2
age
5152
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/json
access-control-allow-origin
*
cache-control
max-age=86400, public
x-amz-cf-id
QqjEqJuiBVNvSeVg39JjNnTRTdvifhW3MbreCwWVVHfSuyMN1KtTMg==
apigw-requestid
DY-GBg2niYcEM8w=
www.cpomagazine.com
signal-segments.s-onetag.com/desktop/ 		5 KB
642 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://signal-segments.s-onetag.com/desktop/www.cpomagazine.com
Requested by
Host: get.s-onetag.com
URL: https://get.s-onetag.com/e599ac32-ea3f-46fa-a00b-60b8e4861a70/tag.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.161.34.46 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-161-34-46.bos50.r.cloudfront.net
Software
/
Resource Hash
f31b91a059513fe96baae333fba5e643a41716bc4ad42d6085267eea82aca3ac

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Fri, 14 Apr 2023 14:08:19 GMT
content-encoding
gzip
via
1.1 6a44a538dfe322d4ba8f26b7c3a708c0.cloudfront.net (CloudFront)
x-amz-cf-pop
BOS50-P2
age
37670
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/json
access-control-allow-origin
*
cache-control
max-age=86400, public
x-amz-cf-id
H9zb7tXJfR3KbPIOmIryVjcaAuipVbUFKMKlDSriaz09Oceas3aeyw==
apigw-requestid
DXutGiQCCYcEJvQ=
config
c.amazon-adsystem.com/cdn/prod/ 		742 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.amazon-adsystem.com/cdn/prod/config?src=600&u=https%3A%2F%2Fwww.cpomagazine.com&pubid=76b6d1d8-9f58-4ac7-a92e-f3232afccc8a
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.161.23.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-161-23-84.bos50.r.cloudfront.net
Software
Server /
Resource Hash
f514543170b7d33d558d367a0047faf7d003acddeb3857f2cb929d6bfb5af190

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Fri, 14 Apr 2023 21:12:20 GMT
via
1.1 68794724cce9f2f9839810e506581c8c.cloudfront.net (CloudFront)
server
Server
x-amz-cf-pop
BOS50-P1
age
12228
x-cache
Hit from cloudfront
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://www.cpomagazine.com
cache-control
max-age=21550, s-maxage=21600
access-control-allow-credentials
true
content-length
742
x-amz-cf-id
yHZdh8ZlrqTL-VzZk23FZlxPFpwvH8aan0CBaMiwNpDvgFYtuZe_Kw==
bid
aax.amazon-adsystem.com/e/dtb/ 		756 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://aax.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fwww.cpomagazine.com%2Fcyber-security%2Fsuspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware%2F&pid=ZJEMQMLEPt2O3&cb=0&ws=1600x1200&v=23.407.232&t=1100&slots=%5B%7B%22sd%22%3A%22mmt-1a3df35b-0d42-4f90-ba6f-b29cbf8c41c9-ad%22%2C%22s%22%3A%5B%22300x250%22%2C%22160x600%22%2C%22300x600%22%5D%2C%22sn%22%3A%22%2F20842576%2C22558570530%2FGSU0BM%2FGSU0BM-DDT.D%22%7D%5D&schain=1.0%2C1!monumetric.com%2C51064762-e29f-4335-ac37-b358a1f27bc2%2C1%2C%2C%2C&pubid=76b6d1d8-9f58-4ac7-a92e-f3232afccc8a&gdpre=0&gdprl=%7B%22status%22%3A%22tcfv2-success%22%7D
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.161.39.198 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-161-39-198.bos50.r.cloudfront.net
Software
Server /
Resource Hash
b5980b9754e06c4b349a458cdfe27af99d20d6e5da905cf87635f8b6b6659762
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Sat, 15 Apr 2023 00:36:09 GMT
strict-transport-security
max-age=47474747; includeSubDomains; preload
via
1.1 f04a2b77fe825698462093be23699756.cloudfront.net (CloudFront)
server
Server
x-amz-cf-pop
BOS50-P2
x-amz-rid
N9C97JF873451SNP7DZK
vary
Accept-Encoding,User-Agent
x-cache
Miss from cloudfront
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
https://www.cpomagazine.com
access-control-allow-credentials
true
timing-allow-origin
*
content-length
756
x-amz-cf-id
6IuhZAawrzfkwnvs1Wkgrxe4IA5gj69O1OqYXpgEQzvl-P4X5nRyFw==
aps_csm.js
c.amazon-adsystem.com/bao-csm/aps-comm/ 		6 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.161.23.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-161-23-84.bos50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

x-amz-version-id
BeoItWAXLH_Ztd131J1ILFBRpuOxsQkH
content-encoding
gzip
via
1.1 06a5ad95830bfb5005cea8e571236848.cloudfront.net (CloudFront)
date
Sat, 15 Apr 2023 00:36:10 GMT
x-amz-cf-pop
BOS50-P1
x-amz-server-side-encryption
AES256
x-cache
RefreshHit from cloudfront
last-modified
Thu, 13 Apr 2023 22:29:11 GMT
server
AmazonS3
etag
W/"a4d296427fc806b21335359e398c025c"
access-control-max-age
3000
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=86400
vary
Accept-Encoding,Origin
x-amz-cf-id
0HCMjHKv-vFcXENw6Fs5s-vPU22CA1S6G8n2MeKqHjo0Cl_iOUudvg==
pubads_impl.js
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304130101/ 		398 KB
124 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304130101/pubads_impl.js?cb=31073843
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4020:805::2002 Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
11e4342c37d88d69519e3d4be0ed9da7c51f1febe2abc7944745fc583b29c3a3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Fri, 14 Apr 2023 18:38:34 GMT
content-encoding
br
x-content-type-options
nosniff
age
21454
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
126317
x-xss-protection
0
server
cafe
etag
18140124545370589291
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
public, immutable, max-age=31536000
timing-allow-origin
*
expires
Sat, 13 Apr 2024 18:38:34 GMT
ppub_config
securepubads.g.doubleclick.net/pagead/ 		91 B
86 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=www.cpomagazine.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4020:805::2002 Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
c16b1459e064c5549b59ce8037572a115bb7e0dd683c84d98a78cba89923ae4c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Sat, 15 Apr 2023 00:36:09 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
application/json; charset=UTF-8
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
62
x-xss-protection
0
expires
Sat, 15 Apr 2023 00:36:09 GMT
headerstats
as-sec.casalemedia.com/ 		0
505 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://as-sec.casalemedia.com/headerstats?s=504384&u=https%3A%2F%2Fwww.cpomagazine.com%2Fcyber-security%2Fsuspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware%2F&v=3
Requested by
Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/p/182762-63174106385307.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.24.185 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

pragma
no-cache
date
Sat, 15 Apr 2023 00:36:09 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xcDOCNMZzD7P2d8KQHQfD8vm4ZQihU17Ff72Jz%2BOpd8Bj1VpPg4J6%2FQzq%2BAsWOpYEoZe71UsvaoF%2BUu2ftfihao2hOy4DdQXowjCy15oupaUGc3tMXzumR%2BdfqRFozWAyuvEouav9Co%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin
https://www.cpomagazine.com
cache-control
no-cache
access-control-allow-credentials
true
cf-ray
7b801cd4b92062fd-ORD
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
0
expires
0
recordVendorsLoaded
prod.us-east-1.cxm-bcn.publisher-services.amazon.dev/v1/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://prod.us-east-1.cxm-bcn.publisher-services.amazon.dev/v1/recordVendorsLoaded
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.235.185.19 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-18-235-185-19.compute-1.amazonaws.com
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://www.cpomagazine.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

access-control-allow-headers
content-type
access-control-allow-methods
POST
access-control-allow-origin
*
access-control-max-age
1800
allow
GET, HEAD, POST, PUT, DELETE, OPTIONS, PATCH
content-length
0
date
Sat, 15 Apr 2023 00:36:09 GMT
vary
Origin Access-Control-Request-Method Access-Control-Request-Headers
id5-api.js
cdn.id5-sync.com/api/1.0/ 		58 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.id5-sync.com/api/1.0/id5-api.js
Requested by
Host: www.cpomagazine.com
URL: https://www.cpomagazine.com/cyber-security/suspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:3456 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0325b6c9e68ae3f6ec25f6817b4daef364bd99c2ff5f04588fd6f956bf983b97
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Sat, 15 Apr 2023 00:36:09 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
content-encoding
gzip
cf-cache-status
HIT
last-modified
Thu, 06 Apr 2023 12:00:04 GMT
server
cloudflare
x-amz-request-id
CJ6MYFTZV5HFSTWM
age
1853
etag
W/"b58faeda0c1d193bc50dd25a7640d8ba"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
content-type
text/javascript;charset=utf-8
cache-control
public, max-age=3600
cf-ray
7b801cd4aed310af-ORD
x-amz-id-2
z24f7p6W2rY+ujKKY4shDp8fEtDZN9Ua4SbACPle8MKvhTYs6yv82KBD7evi4aqlZFkZ62BDCoQ=
recordVendorsLoaded
prod.us-east-1.cxm-bcn.publisher-services.amazon.dev/v1/ 		0
453 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prod.us-east-1.cxm-bcn.publisher-services.amazon.dev/v1/recordVendorsLoaded
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.235.185.19 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-18-235-185-19.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
application/json

Response headers

access-control-allow-origin
*
date
Sat, 15 Apr 2023 00:36:09 GMT
content-length
0
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
mmt.gif
imps.monu.delivery/ 		37 B
105 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://imps.monu.delivery/mmt.gif?s=378656d2-f9de-4c85-8a3e-09b46c005318&a=b.r&u=1a3df35b-0d42-4f90-ba6f-b29cbf8c41c9&d=%7B%22utm%22%3A%7B%7D%7D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.186.236.140 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
140.236.186.35.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
b2e4d08754839510a3d77ddf8205a515e51e4277c323932b10441196744ce757

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Sat, 18 Mar 2023 21:52:05 GMT
age
2342644
x-guploader-uploadid
ADPycdtubwQalT_2g6m8-2YqpQC5joU8a_RZ5sxsFUo1pHnc37qCC9oqG_o2AybqFk-jd0o7cE-3QmrGzhwX10dciOr7k2m_BeqN
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
5
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
37
last-modified
Wed, 12 Jul 2017 09:13:19 GMT
server
UploadServer
etag
"455005e2f4b8ecc484500fab08619f70"
x-goog-generation
1499850799559224
x-goog-hash
crc32c=1zd0wQ==, md5=RVAF4vS47MSEUA+rCGGfcA==
content-type
image/gif
cache-control
public, max-age=31536000
x-goog-stored-content-length
37
accept-ranges
bytes
expires
Sun, 17 Mar 2024 21:52:05 GMT
v2
ap.lijit.com/readerinfo/ 		41 B
467 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ap.lijit.com/readerinfo/v2
Requested by
Host: signal-beacon.s-onetag.com
URL: https://signal-beacon.s-onetag.com/beacon.min.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.92.190.68 Charlotte, United States, ASN10913 (INTERNAP-BLK, US),
Reverse DNS
Software
/
Resource Hash
2195e791cd25259c4a568ee1036b6e20a700a636db54fbb03fa76df03cd8feaf

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

Date
Sat, 15 Apr 2023 00:36:09 GMT
Content-Encoding
gzip
Vary
Accept-Encoding, User-Agent
Access-Control-Allow-Methods
GET, POST, DELETE, PUT
Content-Type
application/json
Access-Control-Allow-Origin
https://www.cpomagazine.com
Access-Control-Allow-Credentials
true
X-Sovrn-Pod
ad_ap2ewr1
Access-Control-Allow-Headers
X-Requested-With, Content-Type
Content-Length
61
rum.js
securepubads.g.doubleclick.net/pagead/js/ 		63 KB
23 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pagead/js/rum.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304130101/pubads_impl.js?cb=31073843
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4020:805::2002 Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
fea6ea9b6b0765ec97bb7d710da40a4416285fbe81016e64ff38adf03b11493b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Fri, 14 Apr 2023 23:59:03 GMT
content-encoding
br
x-content-type-options
nosniff
age
2226
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
23897
x-xss-protection
0
server
cafe
etag
4499765138105498878
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=3600
timing-allow-origin
*
expires
Sat, 15 Apr 2023 00:59:03 GMT
mmt.gif
imps.monu.delivery/ 		37 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://imps.monu.delivery/mmt.gif?s=378656d2-f9de-4c85-8a3e-09b46c005318&a=s.d&u=1a3df35b-0d42-4f90-ba6f-b29cbf8c41c9
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.186.236.140 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
140.236.186.35.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
b2e4d08754839510a3d77ddf8205a515e51e4277c323932b10441196744ce757

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Sat, 18 Mar 2023 21:52:05 GMT
age
2342644
x-guploader-uploadid
ADPycdtubwQalT_2g6m8-2YqpQC5joU8a_RZ5sxsFUo1pHnc37qCC9oqG_o2AybqFk-jd0o7cE-3QmrGzhwX10dciOr7k2m_BeqN
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
5
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
37
last-modified
Wed, 12 Jul 2017 09:13:19 GMT
server
UploadServer
etag
"455005e2f4b8ecc484500fab08619f70"
x-goog-generation
1499850799559224
x-goog-hash
crc32c=1zd0wQ==, md5=RVAF4vS47MSEUA+rCGGfcA==
content-type
image/gif
cache-control
public, max-age=31536000
x-goog-stored-content-length
37
accept-ranges
bytes
expires
Sun, 17 Mar 2024 21:52:05 GMT
v1
lb.eu-1-id5-sync.com/lb/ 		33 B
406 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://lb.eu-1-id5-sync.com/lb/v1
Requested by
Host: cdn.id5-sync.com
URL: https://cdn.id5-sync.com/api/1.0/id5-api.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
162.19.138.82 , France, ASN16276 (OVH, FR),
Reverse DNS
ns31532337.ip-162-19-138.eu
Software
/
Resource Hash
bfb7fc3c20e7ba72ae5e015cd2fb4f5026b5896e34e102ca81371459bae9f519
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://www.cpomagazine.com
date
Sat, 15 Apr 2023 00:36:09 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
transfer-encoding
chunked
content-type
application/json;charset=UTF-8
gen_204
pagead2.googlesyndication.com/pagead/ 		0
210 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=ama_stats&su=www.cpomagazine.com&doc=complete&pg_h=5030&pg_w=1600&pg_hs=5030&c=0&aa_c=0&d=0&all_d=0&ard=0&all_ard=0&dt=d
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4020:805::2002 Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 15 Apr 2023 00:36:09 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
csi
csi.gstatic.com/ 		0
225 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://csi.gstatic.com/csi?v=2&s=pagead&action=csi_pagead&dmc=8&top=1&puid=1~lgh8z8gi&c=4164485387214954&e=31072020%2C31073828%2C31073843%2C31061691%2C31061692&ctx=1&met.9=1.21w~2.26l~13.27s&met.10=1_1.ILYWEAAIABiAmHUoAA&met.1=1.lgh8z66j~6.0~7.1~8.14~9.14~10.47~11.2t~12.47~13.7k~14.8i~15.7r~16.cj~17.oj~18.oj~19.t5~20.t5~21.t6~22.sy~23.sy&met.3=113.2a1_g~112.2a0_i
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/js/rum.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:32::3 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 15 Apr 2023 00:36:09 GMT
last-modified
Wed, 21 Jan 2004 19:51:30 GMT
server
Golfe2
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
iu3
s.amazon-adsystem.com/ Frame D830
Redirect Chain
  • https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&csif=t&gdpr=0&dl=gg_n-index_n-LoopMe_rx_n-MediaNet_n-Beeswax_ox-db5_smrt_n-smaato_n-sharethrough_n-onetag_n-simpli.fi_ym_rbd_an-db5_sovrn_3lift
  • https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&csif=t&gdpr=0&dl=gg_n-index_n-LoopMe_rx_n-MediaNet_n-Beeswax_ox-db5_smrt_n-smaato_n-sharethrough_n-onetag_n-simpli.fi_ym_rbd_an-db5_sovrn_3lift&...
398 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&csif=t&gdpr=0&dl=gg_n-index_n-LoopMe_rx_n-MediaNet_n-Beeswax_ox-db5_smrt_n-smaato_n-sharethrough_n-onetag_n-simpli.fi_ym_rbd_an-db5_sovrn_3lift&dcc=t
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.46.151.131 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
d65a105d3742a487b55df9d4ec44d00f660594fef5d1d0bbb9db004c8ff24d70
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
398
Content-Type
text/html;charset=ISO-8859-1
Date
Sat, 15 Apr 2023 00:36:09 GMT
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Pragma
no-cache
Server
Server
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Vary
Content-Type,Accept-Encoding,User-Agent
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
x-amz-rid
SHV7474WT728WNMRWDGJ

Redirect headers

Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
0
Date
Sat, 15 Apr 2023 00:36:09 GMT
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Location
https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&csif=t&gdpr=0&dl=gg_n-index_n-LoopMe_rx_n-MediaNet_n-Beeswax_ox-db5_smrt_n-smaato_n-sharethrough_n-onetag_n-simpli.fi_ym_rbd_an-db5_sovrn_3lift&dcc=t
Pragma
no-cache
Server
Server
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Vary
Content-Type,Accept-Encoding,User-Agent
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
x-amz-rid
FQ0K1JPHW75VFE82XDSZ
integrator.js
adservice.google.com/adsid/ 		107 B
456 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=www.cpomagazine.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304130101/pubads_impl.js?cb=31073843
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4020:806::2002 Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Sat, 15 Apr 2023 00:36:09 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
content-type
application/javascript; charset=UTF-8
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
100
x-xss-protection
0
ads
securepubads.g.doubleclick.net/gampad/ 		54 KB
22 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?pvsid=4164485387214954&correlator=2216447293300490&eid=31072020%2C31073828%2C31073843%2C31061691%2C31061692&output=ldjh&gdfp_req=1&vrg=202304130101&ptt=17&impl=fif&gdpr=0&us_privacy=1---&iu_parts=20842576%3A22558570530%2CGSU0BM%2CGSU0BM-DDT.D&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=300x250%7C160x600%7C300x600&ifi=1&adks=3103065399&sfv=1-0-40&prev_scp=pos%3D4%26monu%3D300x250-160x600-300x600_B4%26directDeals%3Dsticky_sidebar%26amznbid%3Dtjjmkg%26amznp%3D1v2ipkw%26amzniid%3DJExpjn8K-FrswTnIMYwt224AAAGHgldBgwEAAAJYAQBhcHNfdHhuX2JpZDEgICBhcHNfdHhuX2ltcDEgICBKx3Hr%26amznsz%3D160x600%26bidder_responseTime%3Dmedianet_300%26auction_id%3Df5531a99-b17a-466d-af02-07343fd97cf2%26monu_df%3D0.02%26safeframe%3Dtrue%26bid_source%3Dclient%26hb_size%3D160x600%26hb_adid%3D47cdb4683a93d93%26hb_bidder%3Dmedianet%26target_adx_floor%3D0.00%26refresh_count%3D0%26tabVisibilityState%3Dvisible%26max_bid%3Dtam%26context%3D0__chrome&eri=1&cust_params=page_num%3Dundefined%26big4%3Dtrue%26referrer%3Ddirect%26infolinks%3Dtrue%26hem_included%3Dfalse%26tcf_gdprApplies%3Dfalse%26tcfBehavior%3DnotApplicable&sc=1&cookie_enabled=1&abxe=1&dt=1681518969399&lmt=1681509637&dlt=1681518966562&idt=2549&adxs=1050&adys=1313&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=1&ucis=1&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fwww.cpomagazine.com%2Fcyber-security%2Fsuspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware%2F&rumc=4164485387214954&rume=1&frm=20&vis=1&psz=310x600&msz=300x0&fws=0&ohw=0&ga_vid=557382840.1681518967&ga_sid=1681518969&ga_hid=882669968&ga_fc=true
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304130101/pubads_impl.js?cb=31073843
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4020:805::2002 Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9fb6304e031891f354e6a896a80127cbaf5d997864cf59a32b4157e679df45ec
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Sat, 15 Apr 2023 00:36:09 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
22285
x-xss-protection
0
google-lineitem-id
6249261992
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
138425907911
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://www.cpomagazine.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
sodar
pagead2.googlesyndication.com/getconfig/ 		15 KB
11 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=m202304130101&st=env
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304130101/pubads_impl.js?cb=31073843
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4020:805::2002 Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ea9d7f12b79a5a8f143a9e4a6d53fe0c5617544afcc08e0c94eefaef8d7b5468
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Sat, 15 Apr 2023 00:36:09 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
application/json; charset=UTF-8
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
11250
x-xss-protection
0
container.html
3d42143788880280390f9d4398796108.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame AC2F 		6 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://3d42143788880280390f9d4398796108.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304130101/pubads_impl.js?cb=31073843
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81e::2001 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, immutable, max-age=31536000
content-encoding
br
content-length
2653
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Sat, 15 Apr 2023 00:36:09 GMT
expires
Sun, 14 Apr 2024 00:36:09 GMT
last-modified
Thu, 03 Nov 2022 19:10:08 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
sodar2.js
tpc.googlesyndication.com/sodar/ 		17 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304130101/pubads_impl.js?cb=31073843
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4020:807::2001 Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Sat, 15 Apr 2023 00:36:09 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
6386
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
etag
"1637097310169751"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Sat, 15 Apr 2023 00:36:09 GMT
pr
s.amazon-adsystem.com/v3/ Frame 90C2 		4 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://s.amazon-adsystem.com/v3/pr?exlist=gg_n-index_n-LoopMe_rx_n-MediaNet_n-Beeswax_ox-db5_smrt_n-smaato_n-sharethrough_n-onetag_n-simpli.fi_ym_rbd_an-db5_sovrn_3lift&fv=1.0&a=cm&cm3ppd=1&dmt=3&gdpr=0
Requested by
Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&csif=t&gdpr=0&dl=gg_n-index_n-LoopMe_rx_n-MediaNet_n-Beeswax_ox-db5_smrt_n-smaato_n-sharethrough_n-onetag_n-simpli.fi_ym_rbd_an-db5_sovrn_3lift&dcc=t
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.46.151.131 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
f5a1d79fd76ca1981dd17971d977374539665108c77705412e0709671dc8b610
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

Referer
https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&csif=t&gdpr=0&dl=gg_n-index_n-LoopMe_rx_n-MediaNet_n-Beeswax_ox-db5_smrt_n-smaato_n-sharethrough_n-onetag_n-simpli.fi_ym_rbd_an-db5_sovrn_3lift&dcc=t
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
3908
Content-Type
text/html;charset=ISO-8859-1
Date
Sat, 15 Apr 2023 00:36:09 GMT
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Pragma
no-cache
Server
Server
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Vary
Content-Type,Accept-Encoding,User-Agent
x-amz-rid
WGPBXQXFXXH3YXRATA41
1013.json
id5-sync.com/g/v2/ 		574 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://id5-sync.com/g/v2/1013.json
Requested by
Host: cdn.id5-sync.com
URL: https://cdn.id5-sync.com/api/1.0/id5-api.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
162.19.138.118 , France, ASN16276 (OVH, FR),
Reverse DNS
ns31533569.ip-162-19-138.eu
Software
/
Resource Hash
40eaaf79ceb31c42372a460291a77950a61f9e6beb80d259475998aa2fa83e89
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
text/plain

Response headers

date
Sat, 15 Apr 2023 00:36:09 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
transfer-encoding
chunked
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://www.cpomagazine.com
p3p
CP="CAO PSA OUR"
access-control-allow-credentials
true
ecm3
s.amazon-adsystem.com/ Frame 90C2
Redirect Chain
  • https://csync.loopme.me/?pubid=11405&redirect=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dloopme.com%26id%3D%7Bviewer_token%7D&gdpr=0
  • https://s.amazon-adsystem.com/ecm3?ex=loopme.com&id=cecf59c6-3046-4dd6-9727-2612df210d6e&gdpr=0
43 B
479 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.amazon-adsystem.com/ecm3?ex=loopme.com&id=cecf59c6-3046-4dd6-9727-2612df210d6e&gdpr=0
Requested by
Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=gg_n-index_n-LoopMe_rx_n-MediaNet_n-Beeswax_ox-db5_smrt_n-smaato_n-sharethrough_n-onetag_n-simpli.fi_ym_rbd_an-db5_sovrn_3lift&fv=1.0&a=cm&cm3ppd=1&dmt=3&gdpr=0
Protocol
HTTP/1.1
Server
52.46.151.131 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 15 Apr 2023 00:36:10 GMT
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Server
Server
x-amz-rid
APFVNK9WAMV3MEPFRJZ9
Vary
Content-Type,Accept-Encoding,User-Agent
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

location
https://s.amazon-adsystem.com/ecm3?ex=loopme.com&id=cecf59c6-3046-4dd6-9727-2612df210d6e&gdpr=0
date
Sat, 15 Apr 2023 00:36:10 GMT
server
_
content-length
0
sync
ads.yieldmo.com/v000/ Frame 90C2
Redirect Chain
  • https://sync.1rx.io/usersync2/rmpssp?sub=amazon&redir=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Drhythmone.com%26id%3D%5BRX_UUID%5D&gdpr=0
  • https://sync.1rx.io/usersync2/rmpssp?sub=amazon&zcc=1&redir=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Drhythmone.com%26id%3D%5BRX_UUID%5D&cb=1681518970265
  • https://ad.turn.com/r/cs?pid=45&rndcb=8525777729
  • https://sync.1rx.io/usersync/turn/6990014948470434787?dspret=1&gdpr=&gdpr_consent=&us_privacy=
  • https://sync.targeting.unrulymedia.com/csync/RX-54d3546a-c14b-4ee8-a37f-746800d03826-005?redir=https%3A%2F%2Fads.yieldmo.com%2Fv000%2Fsync%3Fpn_id%3Dunl%26id%3DRX-54d3546a-c14b-4ee8-a37f-746800d038...
  • https://ads.yieldmo.com/v000/sync?pn_id=unl&id=RX-54d3546a-c14b-4ee8-a37f-746800d03826-005
43 B
804 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ads.yieldmo.com/v000/sync?pn_id=unl&id=RX-54d3546a-c14b-4ee8-a37f-746800d03826-005
Requested by
Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=gg_n-index_n-LoopMe_rx_n-MediaNet_n-Beeswax_ox-db5_smrt_n-smaato_n-sharethrough_n-onetag_n-simpli.fi_ym_rbd_an-db5_sovrn_3lift&fv=1.0&a=cm&cm3ppd=1&dmt=3&gdpr=0
Protocol
H2
Server
3.214.100.121 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-214-100-121.compute-1.amazonaws.com
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 15 Apr 2023 00:36:11 GMT
accept-ch
Sec-CH-UA,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-Model,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Mobile
access-control-allow-methods
POST, GET, OPTIONS
content-type
image/gif;charset=utf-8
access-control-allow-origin
*
access-control-allow-headers
Cache-Control, Pragma, *
content-length
43

Redirect headers

Location
https://ads.yieldmo.com/v000/sync?pn_id=unl&id=RX-54d3546a-c14b-4ee8-a37f-746800d03826-005
Date
Sat, 15 Apr 2023 00:36:11 GMT
Content-Type
text/html
Connection
keep-alive
ETag
RX54d3546ac14b4ee8a37f746800d03826005
Transfer-Encoding
chunked
P3P
CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
ecm3
s.amazon-adsystem.com/ Frame 90C2
Redirect Chain
  • https://cs.media.net/cksync?cs=31&type=tam&redirect=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dmedia.net%26id%3D%3Cvsid%3E&gdpr=0
  • https://s.amazon-adsystem.com/ecm3?ex=media.net&id=3245205696419414000V10
43 B
479 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.amazon-adsystem.com/ecm3?ex=media.net&id=3245205696419414000V10
Requested by
Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=gg_n-index_n-LoopMe_rx_n-MediaNet_n-Beeswax_ox-db5_smrt_n-smaato_n-sharethrough_n-onetag_n-simpli.fi_ym_rbd_an-db5_sovrn_3lift&fv=1.0&a=cm&cm3ppd=1&dmt=3&gdpr=0
Protocol
HTTP/1.1
Server
52.46.151.131 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 15 Apr 2023 00:36:10 GMT
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Server
Server
x-amz-rid
P5QPSWX2RXW62XJK82X1
Vary
Content-Type,Accept-Encoding,User-Agent
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Sat, 15 Apr 2023 00:36:09 GMT
Server
Apache
p3p
CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
Location
https://s.amazon-adsystem.com/ecm3?ex=media.net&id=3245205696419414000V10
Content-Type
text/html
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Length
154
x-mnet-hl2
E
Expires
Sat, 15 Apr 2023 00:36:09 GMT
ecm3
s.amazon-adsystem.com/ Frame 90C2
Redirect Chain
  • https://match.prod.bidr.io/cookie-sync/amzn?r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dbeeswax.com%26id%3D%24UID&gdpr=0
  • https://match.prod.bidr.io/cookie-sync/amzn?r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dbeeswax.com%26id%3D%24UID&gdpr=0&_bee_ppp=1
  • https://s.amazon-adsystem.com/ecm3?id=AAEQok7Ic-MAACA7U7DXIQ&ex=beeswax.com
43 B
479 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.amazon-adsystem.com/ecm3?id=AAEQok7Ic-MAACA7U7DXIQ&ex=beeswax.com
Requested by
Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=gg_n-index_n-LoopMe_rx_n-MediaNet_n-Beeswax_ox-db5_smrt_n-smaato_n-sharethrough_n-onetag_n-simpli.fi_ym_rbd_an-db5_sovrn_3lift&fv=1.0&a=cm&cm3ppd=1&dmt=3&gdpr=0
Protocol
HTTP/1.1
Server
52.46.151.131 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 15 Apr 2023 00:36:10 GMT
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Server
Server
x-amz-rid
04X167H0NPKVBTYKKQG6
Vary
Content-Type,Accept-Encoding,User-Agent
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

location
https://s.amazon-adsystem.com/ecm3?id=AAEQok7Ic-MAACA7U7DXIQ&ex=beeswax.com
Date
Sat, 15 Apr 2023 00:36:10 GMT
strict-transport-security
max-age=2592000; includeSubDomains
Server
gunicorn
Connection
keep-alive
Content-Length
0
ecm3
s.amazon-adsystem.com/ Frame 90C2
Redirect Chain
  • https://s.ad.smaato.net/c/?adExInit=aps&redir=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dsmaato.com%26id%3D%24UID
  • https://s.amazon-adsystem.com/ecm3?ex=smaato.com&id=f27be345
43 B
479 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.amazon-adsystem.com/ecm3?ex=smaato.com&id=f27be345
Requested by
Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=gg_n-index_n-LoopMe_rx_n-MediaNet_n-Beeswax_ox-db5_smrt_n-smaato_n-sharethrough_n-onetag_n-simpli.fi_ym_rbd_an-db5_sovrn_3lift&fv=1.0&a=cm&cm3ppd=1&dmt=3&gdpr=0
Protocol
HTTP/1.1
Server
52.46.151.131 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 15 Apr 2023 00:36:09 GMT
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Server
Server
x-amz-rid
MYJ55W6QHSDRNCC0VM5V
Vary
Content-Type,Accept-Encoding,User-Agent
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

date
Sat, 15 Apr 2023 00:36:09 GMT
via
1.1 79455aeea26d3c071fd96c3c1432669a.cloudfront.net (CloudFront)
server
CloudFront
x-amz-cf-pop
EWR53-P1
x-cache
FunctionGeneratedResponse from cloudfront
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location
https://s.amazon-adsystem.com/ecm3?ex=smaato.com&id=f27be345
cache-control
no-cache, must-revalidate
content-length
0
x-amz-cf-id
Qhlf1tP4sqWACOylAUtE6btyYijL3hMupKxPmdNF_SA3Mu-MlCH8NQ==
/
onetag-sys.com/match/ Frame 90C2 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://onetag-sys.com/match/?int_id=113&callback=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Donetag.com%26id%3D%24%7BUSER_TOKEN%7D&gdpr=0
Requested by
Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=gg_n-index_n-LoopMe_rx_n-MediaNet_n-Beeswax_ox-db5_smrt_n-smaato_n-sharethrough_n-onetag_n-simpli.fi_ym_rbd_an-db5_sovrn_3lift&fv=1.0&a=cm&cm3ppd=1&dmt=3&gdpr=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
51.222.39.186 , Canada, ASN16276 (OVH, FR),
Reverse DNS
ip186.ip-51-222-39.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers
ecm3
s.amazon-adsystem.com/ Frame 90C2
Redirect Chain
  • https://um.simpli.fi/amazon/https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dsimpli.fi%26id%3D?gdpr=0
  • https://s.amazon-adsystem.com/ecm3?id=E413E3FEFADF4A0294187682FE2624B3&ex=simpli.fi&status=ok
43 B
479 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.amazon-adsystem.com/ecm3?id=E413E3FEFADF4A0294187682FE2624B3&ex=simpli.fi&status=ok
Requested by
Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=gg_n-index_n-LoopMe_rx_n-MediaNet_n-Beeswax_ox-db5_smrt_n-smaato_n-sharethrough_n-onetag_n-simpli.fi_ym_rbd_an-db5_sovrn_3lift&fv=1.0&a=cm&cm3ppd=1&dmt=3&gdpr=0
Protocol
HTTP/1.1
Server
52.46.151.131 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 15 Apr 2023 00:36:09 GMT
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Server
Server
x-amz-rid
6VCCAEFH4X0SS9NZC9NV
Vary
Content-Type,Accept-Encoding,User-Agent
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

date
Sat, 15 Apr 2023 00:36:09 GMT
strict-transport-security
max-age=63072000; includeSubdomains; preload
x-content-type-options
nosniff
server
openresty
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/html
location
https://s.amazon-adsystem.com/ecm3?id=E413E3FEFADF4A0294187682FE2624B3&ex=simpli.fi&status=ok
access-control-allow-origin
*
cache-control
no-cache
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length
142
expires
Fri, 14 Apr 2023 00:36:09 GMT
amzns2s
rtb.gumgum.com/usync/ Frame B4CA 		4 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://rtb.gumgum.com/usync/amzns2s?r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dgg.com%26id%3D&gdpr=0
Requested by
Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=gg_n-index_n-LoopMe_rx_n-MediaNet_n-Beeswax_ox-db5_smrt_n-smaato_n-sharethrough_n-onetag_n-simpli.fi_ym_rbd_an-db5_sovrn_3lift&fv=1.0&a=cm&cm3ppd=1&dmt=3&gdpr=0
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.235.206.17 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-18-235-206-17.compute-1.amazonaws.com
Software
nginx /
Resource Hash
36b745958adb1a0ad5b84075890a5898547e527ae23110f7360723b3ed7fa4ae

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

content-encoding
gzip
content-type
text/html;charset=UTF-8
date
Sat, 15 Apr 2023 00:36:09 GMT
etag
W/"09eedfc1ae4b71faa4a72c1c652c906b2"
server
nginx
timing-allow-origin
*
usermatch
ssum-sec.casalemedia.com/ Frame 592A
Redirect Chain
  • https://ssum-sec.casalemedia.com/usermatch?s=192259&cb=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&gdpr=0
  • https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&gdpr=0&s=192259&C=1
2 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&gdpr=0&s=192259&C=1
Requested by
Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=gg_n-index_n-LoopMe_rx_n-MediaNet_n-Beeswax_ox-db5_smrt_n-smaato_n-sharethrough_n-onetag_n-simpli.fi_ym_rbd_an-db5_sovrn_3lift&fv=1.0&a=cm&cm3ppd=1&dmt=3&gdpr=0
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
192.40.39.223 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software
Apache /
Resource Hash
b5f7f68737e6ac4a12d1e743a7724cee2a0e14b968ebb3da1813de2998cd2ac2

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

Cache-Control
no-cache
Connection
Keep-Alive
Content-Length
1845
Content-Type
text/html
Date
Sat, 15 Apr 2023 00:36:10 GMT
Expires
0
Keep-Alive
timeout=1, max=499
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Pragma
no-cache
Server
Apache

Redirect headers

Cache-Control
no-cache
Connection
Keep-Alive
Content-Length
0
Date
Sat, 15 Apr 2023 00:36:10 GMT
Expires
0
Keep-Alive
timeout=1, max=500
Location
/usermatch?cb=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&gdpr=0&s=192259&C=1
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Pragma
no-cache
Server
Apache
cm
u.openx.net/w/1.0/ Frame 2AC8
Redirect Chain
  • https://u.openx.net/w/1.0/cm?id=e818ca1e-0c23-caa8-0dd3-096b0ada08b7&ph=2d1251ae-7f3a-47cf-bd2a-2f288854a0ba&plm=5&r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dopenx.com%26id%3D%7BOPENX_ID%7...
  • https://u.openx.net/w/1.0/cm?cc=1&id=e818ca1e-0c23-caa8-0dd3-096b0ada08b7&ph=2d1251ae-7f3a-47cf-bd2a-2f288854a0ba&plm=5&r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dopenx.com%26id%3D%7BOPENX...
693 B
731 B 		Document
General
Check archive.org
Download Go to
Full URL
https://u.openx.net/w/1.0/cm?cc=1&id=e818ca1e-0c23-caa8-0dd3-096b0ada08b7&ph=2d1251ae-7f3a-47cf-bd2a-2f288854a0ba&plm=5&r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dopenx.com%26id%3D%7BOPENX_ID%7D&gdpr=0
Requested by
Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=gg_n-index_n-LoopMe_rx_n-MediaNet_n-Beeswax_ox-db5_smrt_n-smaato_n-sharethrough_n-onetag_n-simpli.fi_ym_rbd_an-db5_sovrn_3lift&fv=1.0&a=cm&cm3ppd=1&dmt=3&gdpr=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/0.0.0 /
Resource Hash
453b94549eec4e46e867763d3b7a83bcc63b207ce706321ede5e640910a932de

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding
gzip
content-length
397
content-type
text/html
date
Sat, 15 Apr 2023 00:36:09 GMT
p3p
CP="CUR ADM OUR NOR STA NID"
server
OXGW/0.0.0
vary
Accept, Accept-Encoding
via
1.1 google

Redirect headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
date
Sat, 15 Apr 2023 00:36:09 GMT
location
https://u.openx.net/w/1.0/cm?cc=1&id=e818ca1e-0c23-caa8-0dd3-096b0ada08b7&ph=2d1251ae-7f3a-47cf-bd2a-2f288854a0ba&plm=5&r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dopenx.com%26id%3D%7BOPENX_ID%7D&gdpr=0
p3p
CP="CUR ADM OUR NOR STA NID"
server
OXGW/0.0.0
via
1.1 google
ecm3
s.amazon-adsystem.com/ Frame 7A80
Redirect Chain
  • https://ssbsync-us.smartadserver.com/api/sync?callerId=2&gdpr=0
  • https://s.amazon-adsystem.com/ecm3?ex=smart.com&id=8001528019965322294&gdpr=0&gdpr_consent=
43 B
479 B 		Document
General
Check archive.org
Download Go to
Full URL
https://s.amazon-adsystem.com/ecm3?ex=smart.com&id=8001528019965322294&gdpr=0&gdpr_consent=
Requested by
Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=gg_n-index_n-LoopMe_rx_n-MediaNet_n-Beeswax_ox-db5_smrt_n-smaato_n-sharethrough_n-onetag_n-simpli.fi_ym_rbd_an-db5_sovrn_3lift&fv=1.0&a=cm&cm3ppd=1&dmt=3&gdpr=0
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.46.151.131 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
43
Content-Type
image/gif
Date
Sat, 15 Apr 2023 00:36:09 GMT
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Pragma
no-cache
Server
Server
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Vary
Content-Type,Accept-Encoding,User-Agent
x-amz-rid
B7FN5B6JXPEH7ETAP9C5

Redirect headers

content-length
0
date
Sat, 15 Apr 2023 00:36:09 GMT
location
https://s.amazon-adsystem.com/ecm3?ex=smart.com&id=8001528019965322294&gdpr=0&gdpr_consent=
/
match.sharethrough.com/jwumXNuB/v1/ Frame EF79 		427 B
940 B 		Document
General
Check archive.org
Download Go to
Full URL
https://match.sharethrough.com/jwumXNuB/v1/?callback=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dsharethrough.com%26id%3D%24UID&gdpr=0
Requested by
Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=gg_n-index_n-LoopMe_rx_n-MediaNet_n-Beeswax_ox-db5_smrt_n-smaato_n-sharethrough_n-onetag_n-simpli.fi_ym_rbd_an-db5_sovrn_3lift&fv=1.0&a=cm&cm3ppd=1&dmt=3&gdpr=0
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.220.4.20 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-220-4-20.compute-1.amazonaws.com
Software
/
Resource Hash
480728a9f6122f34c3c84a4af8987bdfd95a6f2d9f3a52caf4559a0270d1d37e

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

content-length
427
date
Sat, 15 Apr 2023 00:36:09 GMT
tamptsync
sync-amz.ads.yieldmo.com/ Frame F4F7 		1 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://sync-amz.ads.yieldmo.com/tamptsync?callback=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dym.com%26id%3D%24UID&gdpr=0
Requested by
Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=gg_n-index_n-LoopMe_rx_n-MediaNet_n-Beeswax_ox-db5_smrt_n-smaato_n-sharethrough_n-onetag_n-simpli.fi_ym_rbd_an-db5_sovrn_3lift&fv=1.0&a=cm&cm3ppd=1&dmt=3&gdpr=0
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.205.97.218 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-205-97-218.compute-1.amazonaws.com
Software
/
Resource Hash
e33ba42f852ce067eb17fbd01903a7549c4e3f7abab563292000b002349d63b3

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

accept-ch
Sec-CH-UA,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-Model,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Mobile
access-control-allow-headers
Cache-Control, Pragma, *
access-control-allow-methods
POST, GET, OPTIONS
access-control-allow-origin
*
content-encoding
gzip
content-type
text/html;charset=utf-8
date
Sat, 15 Apr 2023 00:36:09 GMT
pragma
no-cache
vary
accept-encoding
usync.html
eus.rubiconproject.com/ Frame FDA5 		281 B
554 B 		Document
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.html?p=a9us&endpoint=us-east&gdpr=0
Requested by
Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=gg_n-index_n-LoopMe_rx_n-MediaNet_n-Beeswax_ox-db5_smrt_n-smaato_n-sharethrough_n-onetag_n-simpli.fi_ym_rbd_an-db5_sovrn_3lift&fv=1.0&a=cm&cm3ppd=1&dmt=3&gdpr=0
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.107.5.93 Secaucus, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-107-5-93.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

Accept-Ranges
bytes
Connection
keep-alive
Content-Encoding
gzip
Content-Length
233
Content-Type
text/html; charset=UTF-8
Date
Sat, 15 Apr 2023 00:36:09 GMT
ETag
"403b9-119-5ec73a0a33d00"
Last-Modified
Wed, 02 Nov 2022 02:30:44 GMT
Server
Apache/2.2.15 (CentOS)
Vary
Accept-Encoding
ecm3
s.amazon-adsystem.com/ Frame C77B
Redirect Chain
  • https://ib.adnxs.com/getuid?https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fid=%24UID&ex=appnexus.com&gdpr=0
  • https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fs.amazon-adsystem.com%252Fecm3%253Fid%3D%2524UID%26ex%3Dappnexus.com%26gdpr%3D0
  • https://s.amazon-adsystem.com/ecm3?id=4326297819836415887&ex=appnexus.com&gdpr=0
43 B
479 B 		Document
General
Check archive.org
Download Go to
Full URL
https://s.amazon-adsystem.com/ecm3?id=4326297819836415887&ex=appnexus.com&gdpr=0
Requested by
Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=gg_n-index_n-LoopMe_rx_n-MediaNet_n-Beeswax_ox-db5_smrt_n-smaato_n-sharethrough_n-onetag_n-simpli.fi_ym_rbd_an-db5_sovrn_3lift&fv=1.0&a=cm&cm3ppd=1&dmt=3&gdpr=0
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.46.151.131 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
43
Content-Type
image/gif
Date
Sat, 15 Apr 2023 00:36:09 GMT
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Pragma
no-cache
Server
Server
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Vary
Content-Type,Accept-Encoding,User-Agent
x-amz-rid
6962ZMQ3MDN3V6D8N9CE

Redirect headers

AN-X-Request-Uuid
5d585947-831b-46ee-b85b-3c82ada9065a
Accept-CH
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Access-Control-Allow-Credentials
true
Access-Control-Allow-Origin
*
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Length
0
Content-Type
text/html; charset=utf-8
Date
Sat, 15 Apr 2023 00:36:09 GMT
Expires
Sat, 15 Nov 2008 16:00:00 GMT
Location
https://s.amazon-adsystem.com/ecm3?id=4326297819836415887&ex=appnexus.com&gdpr=0
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Pragma
no-cache
Server
nginx/1.21.3
X-Proxy-Origin
167.88.7.162; 167.88.7.162; 570.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
X-XSS-Protection
0
amazon
ap.lijit.com/beacon/ Frame 5639 		1 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ap.lijit.com/beacon/amazon?url=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fid%3D%24UID&ex=sovrn.com&gdpr=0
Requested by
Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=gg_n-index_n-LoopMe_rx_n-MediaNet_n-Beeswax_ox-db5_smrt_n-smaato_n-sharethrough_n-onetag_n-simpli.fi_ym_rbd_an-db5_sovrn_3lift&fv=1.0&a=cm&cm3ppd=1&dmt=3&gdpr=0
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.92.190.68 Charlotte, United States, ASN10913 (INTERNAP-BLK, US),
Reverse DNS
Software
/
Resource Hash
d6f86afdd338fc6f3765d02a1317cbe5844c5a1b1bf3e8b5a51fb57ba5c2ce28

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
Content-Encoding
gzip
Content-Length
490
Content-Type
text/html
Date
Sat, 15 Apr 2023 00:36:09 GMT
Expires
Fri, 20 Mar 2009 00:00:00 GMT
P3P
CP="CUR ADM OUR NOR STA NID"
Pragma
no-cache
Vary
Accept-Encoding, User-Agent
X-Sovrn-Pod
ad_ap2ewr1
ecm3
s.amazon-adsystem.com/ Frame 63C6
Redirect Chain
  • https://eb2.3lift.com/getuid?redir=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3D3lift.com%26id%3D%24UID&gdpr=0
  • https://eb2.3lift.com/getuid?ld=1&gdpr=0&cmp_cs=&us_privacy=&redir=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3D3lift.com%26id%3D%24UID
  • https://s.amazon-adsystem.com/ecm3?ex=3lift.com&id=987842216595597250627
43 B
479 B 		Document
General
Check archive.org
Download Go to
Full URL
https://s.amazon-adsystem.com/ecm3?ex=3lift.com&id=987842216595597250627
Requested by
Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=gg_n-index_n-LoopMe_rx_n-MediaNet_n-Beeswax_ox-db5_smrt_n-smaato_n-sharethrough_n-onetag_n-simpli.fi_ym_rbd_an-db5_sovrn_3lift&fv=1.0&a=cm&cm3ppd=1&dmt=3&gdpr=0
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.46.151.131 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
43
Content-Type
image/gif
Date
Sat, 15 Apr 2023 00:36:09 GMT
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Pragma
no-cache
Server
Server
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Vary
Content-Type,Accept-Encoding,User-Agent
x-amz-rid
WSBJTER6V6Y9JXNV260R

Redirect headers

cache-control
no-cache, no-store, must-revalidate
content-length
0
date
Sat, 15 Apr 2023 00:36:09 GMT
location
https://s.amazon-adsystem.com/ecm3?ex=3lift.com&id=987842216595597250627
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
runner.html
tpc.googlesyndication.com/sodar/sodar2/225/ Frame E3CA 		13 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4020:807::2001 Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

accept-ranges
bytes
age
204983
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
5046
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Wed, 12 Apr 2023 15:39:46 GMT
expires
Thu, 11 Apr 2024 15:39:46 GMT
last-modified
Mon, 21 Jun 2021 20:47:05 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
aframe
www.google.com/recaptcha/api2/ Frame 3ADD 		783 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/aframe
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81c::2004 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
5f6a398c7a4aaee0a4a4a87fd12bd0a39287fcc57825d8e0c3945ef399203f09
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-ULtyGJGqfWaKhcYVuqP8HA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=300
content-encoding
gzip
content-length
512
content-security-policy
script-src 'report-sample' 'nonce-ULtyGJGqfWaKhcYVuqP8HA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Sat, 15 Apr 2023 00:36:09 GMT
expires
Sat, 15 Apr 2023 00:36:09 GMT
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server
GSE
x-content-type-options
nosniff
x-xss-protection
1; mode=block
ecm3
s.amazon-adsystem.com/ Frame 5639 		43 B
479 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.amazon-adsystem.com/ecm3?id=Ge2kaBZHe8r7r3dFQnWEe86B&ex=sovrn.com&gdpr=0&gdpr=0&gdpr_consent=
Requested by
Host: ap.lijit.com
URL: https://ap.lijit.com/beacon/amazon?url=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fid%3D%24UID&ex=sovrn.com&gdpr=0
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.46.151.131 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
en-US,en;q=0.9
Referer
https://ap.lijit.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 15 Apr 2023 00:36:09 GMT
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Server
Server
x-amz-rid
85XF2GRQ0YHKTQ9Z8MNZ
Vary
Content-Type,Accept-Encoding,User-Agent
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT
merge
ce.lijit.com/ Frame 5639
Redirect Chain
  • https://pixel-sync.sitescout.com/dmp/pixelSync?nid=23&gdpr=0&gdpr_consent=
  • https://pixel-sync.sitescout.com/dmp/pixelSync?cookieQ=1&nid=23&gdpr=0&gdpr_consent=
  • https://sync.crwdcntrl.net/qmap?c=1389&tp=STSC&tpid=b3ea3968-d86d-46cc-abe9-65d6c080f422-6439f179-5553&gdpr=0&gdpr_consent=&d=https%3A%2F%2Fpixel.tapad.com%2Fidsync%2Fex%2Fpush%3Fpartner_id%3D2499%...
  • https://sync.crwdcntrl.net/qmap?c=1389&tp=STSC&tpid=b3ea3968-d86d-46cc-abe9-65d6c080f422-6439f179-5553&gdpr=0&gdpr_consent=&d=https%3A%2F%2Fpixel.tapad.com%2Fidsync%2Fex%2Fpush%3Fpartner_id%3D2499%...
  • https://pixel.tapad.com/idsync/ex/push?partner_id=2499&partner_device_id=b3ea3968-d86d-46cc-abe9-65d6c080f422-6439f179-5553&partner_url=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D16%263pid%3Db3ea39...
  • https://ce.lijit.com/merge?pid=16&3pid=b3ea3968-d86d-46cc-abe9-65d6c080f422-6439f179-5553&gdpr=0&gdpr_consent=
43 B
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ce.lijit.com/merge?pid=16&3pid=b3ea3968-d86d-46cc-abe9-65d6c080f422-6439f179-5553&gdpr=0&gdpr_consent=
Requested by
Host: ap.lijit.com
URL: https://ap.lijit.com/beacon/amazon?url=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fid%3D%24UID&ex=sovrn.com&gdpr=0
Protocol
HTTP/1.1
Server
63.251.114.136 , United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
Software
/
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
en-US,en;q=0.9
Referer
https://ap.lijit.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 15 Apr 2023 00:36:10 GMT
P3P
CP="CUR ADM OUR NOR STA NID"
Content-Type
image/gif
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod
ad_ap5ewr1
Content-Length
43
Expires
Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

date
Sat, 15 Apr 2023 00:36:10 GMT
strict-transport-security
max-age=31536000
via
1.1 google
accept-ch
Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p
policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
access-control-allow-origin
*
location
https://ce.lijit.com/merge?pid=16&3pid=b3ea3968-d86d-46cc-abe9-65d6c080f422-6439f179-5553&gdpr=0&gdpr_consent=
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
merge
ce.lijit.com/ Frame 5639
Redirect Chain
  • https://data.adsrvr.org/track/cmf/generic?ttd_pid=federatedmedia&gdpr=0&gdpr_consent=
  • https://ce.lijit.com/merge?pid=27&3pid=c3db27b5-56e8-4f77-8870-8d51c49d4722&gdpr=0&gdpr_consent=
43 B
883 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ce.lijit.com/merge?pid=27&3pid=c3db27b5-56e8-4f77-8870-8d51c49d4722&gdpr=0&gdpr_consent=
Requested by
Host: ap.lijit.com
URL: https://ap.lijit.com/beacon/amazon?url=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fid%3D%24UID&ex=sovrn.com&gdpr=0
Protocol
HTTP/1.1
Server
63.251.114.136 , United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
Software
/
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
en-US,en;q=0.9
Referer
https://ap.lijit.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 15 Apr 2023 00:36:09 GMT
P3P
CP="CUR ADM OUR NOR STA NID"
Content-Type
image/gif
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod
ad_ap5ewr1
Content-Length
43
Expires
Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Sat, 15 Apr 2023 00:36:09 GMT
x-aspnet-version
4.0.30319
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location
https://ce.lijit.com/merge?pid=27&3pid=c3db27b5-56e8-4f77-8870-8d51c49d4722&gdpr=0&gdpr_consent=
content-type
text/html
cache-control
private,no-cache, must-revalidate
content-length
223
merge
ce.lijit.com/ Frame 5639
Redirect Chain
  • https://bh.contextweb.com/bh/rtset?pid=558511&ev=1&rurl=https%3A%2F%2Fce.lijit.com/merge?pid=49&3pid=%%VGUID%%&gdpr=0&gdpr_consent=
  • https://ce.lijit.com/merge?pid=49&3pid=rtQ4O1zP1BMH&ev=1&pid=558511&gdpr_consent=&gdpr=0
43 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ce.lijit.com/merge?pid=49&3pid=rtQ4O1zP1BMH&ev=1&pid=558511&gdpr_consent=&gdpr=0
Requested by
Host: ap.lijit.com
URL: https://ap.lijit.com/beacon/amazon?url=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fid%3D%24UID&ex=sovrn.com&gdpr=0
Protocol
HTTP/1.1
Server
63.251.114.136 , United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
Software
/
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
en-US,en;q=0.9
Referer
https://ap.lijit.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 15 Apr 2023 00:36:10 GMT
P3P
CP="CUR ADM OUR NOR STA NID"
Content-Type
image/gif
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod
ad_ap5ewr1
Content-Length
43
Expires
Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

strict-transport-security
max-age=15768000
accept-ch
Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Platform-Version
server
Jetty(10.0.14)
content-language
en-US
location
https://ce.lijit.com/merge?pid=49&3pid=rtQ4O1zP1BMH&ev=1&pid=558511&gdpr_consent=&gdpr=0
p3p
policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
cache-control
private, max-age=0, no-cache, no-store
cw-server
bh-deployment-6995c68ccb-mlbl5
expires
-1
merge
ce.lijit.com/ Frame 5639
Redirect Chain
  • https://rtb.mfadsrvr.com/sync?ssp=sovrn&gdpr=0&gdpr_consent=
  • https://rtb.mfadsrvr.com/ul_cb/sync?ssp=sovrn&gdpr=0&gdpr_consent=
  • https://ce.lijit.com/merge?pid=87&3pid=b38ec8d5-57ed-4167-ad9e-77185aca6071
43 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ce.lijit.com/merge?pid=87&3pid=b38ec8d5-57ed-4167-ad9e-77185aca6071
Requested by
Host: ap.lijit.com
URL: https://ap.lijit.com/beacon/amazon?url=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fid%3D%24UID&ex=sovrn.com&gdpr=0
Protocol
HTTP/1.1
Server
63.251.114.136 , United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
Software
/
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
en-US,en;q=0.9
Referer
https://ap.lijit.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 15 Apr 2023 00:36:10 GMT
P3P
CP="CUR ADM OUR NOR STA NID"
Content-Type
image/gif
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod
ad_ap5ewr1
Content-Length
43
Expires
Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

location
//ce.lijit.com/merge?pid=87&3pid=b38ec8d5-57ed-4167-ad9e-77185aca6071
date
Sat, 15 Apr 2023 00:36:10 GMT
cache-control
no-cache, no-store, must-revalidate
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
merge
ce.lijit.com/ Frame 5639
Redirect Chain
  • https://match.prod.bidr.io/cookie-sync/svr?gdpr=0&gdpr_consent=
  • https://match.prod.bidr.io/cookie-sync/svr?gdpr=0&gdpr_consent=&_bee_ppp=1
  • https://ce.lijit.com/merge?pid=85&3pid=AAEQok7Ic-MAACA7U7DXIQ&gdpr=0
43 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ce.lijit.com/merge?pid=85&3pid=AAEQok7Ic-MAACA7U7DXIQ&gdpr=0
Requested by
Host: ap.lijit.com
URL: https://ap.lijit.com/beacon/amazon?url=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fid%3D%24UID&ex=sovrn.com&gdpr=0
Protocol
HTTP/1.1
Server
63.251.114.136 , United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
Software
/
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
en-US,en;q=0.9
Referer
https://ap.lijit.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 15 Apr 2023 00:36:10 GMT
P3P
CP="CUR ADM OUR NOR STA NID"
Content-Type
image/gif
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod
ad_ap5ewr1
Content-Length
43
Expires
Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

location
https://ce.lijit.com/merge?pid=85&3pid=AAEQok7Ic-MAACA7U7DXIQ&gdpr=0
Date
Sat, 15 Apr 2023 00:36:10 GMT
strict-transport-security
max-age=2592000; includeSubDomains
Server
gunicorn
Connection
keep-alive
Content-Length
0
usersync
usersync.gumgum.com/ Frame B4CA
Redirect Chain
  • https://secure.adnxs.com/getuid?https://usersync.gumgum.com/usersync?b=apn&i=$UID
  • https://usersync.gumgum.com/usersync?b=apn&i=4326297819836415887
35 B
250 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://usersync.gumgum.com/usersync?b=apn&i=4326297819836415887
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/amzns2s?r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dgg.com%26id%3D&gdpr=0
Protocol
HTTP/1.1
Server
54.87.127.173 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-87-127-173.compute-1.amazonaws.com
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
en-US,en;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

Content-Type
image/gif
Pragma
no-cache
Date
Sat, 15 Apr 2023 00:36:10 GMT
Cache-Control
private, no-store, must-revalidate, max-age=0
Connection
keep-alive
Content-Length
35
Expires
0

Redirect headers

Date
Sat, 15 Apr 2023 00:36:09 GMT
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection
keep-alive
X-Proxy-Origin
167.88.7.162; 167.88.7.162; 669.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
Content-Length
0
X-XSS-Protection
0
Pragma
no-cache
AN-X-Request-Uuid
739f5f1c-3385-48cd-8199-5b39d72a0b77
Server
nginx/1.23.2
Accept-CH
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type
text/html; charset=utf-8
Access-Control-Allow-Origin
*
Location
https://usersync.gumgum.com/usersync?b=apn&i=4326297819836415887
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Expires
Sat, 15 Nov 2008 16:00:00 GMT
usersync
usersync.gumgum.com/ Frame B4CA
Redirect Chain
  • https://x.bidswitch.net/sync?ssp=gumgum2&user_id=u_bfaec167-56bd-4884-992b-2080aacefc6a&gdpr=0&gdpr_consent=&us_privacy=
  • https://x.bidswitch.net/ul_cb/sync?ssp=gumgum2&user_id=u_bfaec167-56bd-4884-992b-2080aacefc6a&gdpr=0&gdpr_consent=&us_privacy=
  • https://odr.mookie1.com/t/v2/sync?tagid=V2_790378&src.visitorId=20b4ae6c-e39e-4a8a-ba76-53d1e9e8db78&ssp=gumgum2&gdpr=0&gdpr_consent=
  • https://x.bidswitch.net/sync?dsp_id=419&user_id=10595069973710774983&ssp=gumgum2&gdpr=0&gdpr_consent=
  • https://usersync.gumgum.com/usersync?b=bsw&i=20b4ae6c-e39e-4a8a-ba76-53d1e9e8db78&gdpr=0&gdpr_consent=&us_privacy=
35 B
250 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://usersync.gumgum.com/usersync?b=bsw&i=20b4ae6c-e39e-4a8a-ba76-53d1e9e8db78&gdpr=0&gdpr_consent=&us_privacy=
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/amzns2s?r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dgg.com%26id%3D&gdpr=0
Protocol
HTTP/1.1
Server
54.87.127.173 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-87-127-173.compute-1.amazonaws.com
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
en-US,en;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

Content-Type
image/gif
Pragma
no-cache
Date
Sat, 15 Apr 2023 00:36:10 GMT
Cache-Control
private, no-store, must-revalidate, max-age=0
Connection
keep-alive
Content-Length
35
Expires
0

Redirect headers

Location
//usersync.gumgum.com/usersync?b=bsw&i=20b4ae6c-e39e-4a8a-ba76-53d1e9e8db78&gdpr=0&gdpr_consent=&us_privacy=
Date
Sat, 15 Apr 2023 00:36:10 GMT
Cache-Control
no-cache, no-store, must-revalidate
Server
nginx
Connection
keep-alive
Content-Length
0
c.gif
c.bing.com/ Frame B4CA
Redirect Chain
  • https://sync.outbrain.com/redirectObuid?platformId=GUMGU18H7EL9NI653I7DPEH51&gdpr=0&gdprConsent=&platformRdUrl=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dobn%26i%3D%7BOB_UID%7D%26r%3D%7BobR...
  • https://usersync.gumgum.com/usersync?b=obn&i=ENC%28x_Zt0elqisbeTODfYEAs7SiOCv3yBza9TosrOEkp9RJ2WBYhyFuua57DUE8ooD3e%29&r=https%3A%2F%2Fsync.outbrain.com%2FsyncUser%3FplatformId%3D%7Bplatform_id%7D%...
  • https://sync.outbrain.com/syncUser?platformId=GUMGU18H7EL9NI653I7DPEH51&platformUid=u_bfaec167-56bd-4884-992b-2080aacefc6a&obuid=ENC(x_Zt0elqisbeTODfYEAs7SiOCv3yBza9TosrOEkp9RJ2WBYhyFuua57DUE8ooD3e)
  • https://sync.outbrain.com/syncPlatform?platformId=GUMGU18H7EL9NI653I7DPEH51
  • https://c.bing.com/c.gif?red3=MSOB_pd&uid=%24D
42 B
666 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://c.bing.com/c.gif?red3=MSOB_pd&uid=%24D
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/amzns2s?r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dgg.com%26id%3D&gdpr=0
Protocol
H2
Server
2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/ ASP.NET
Resource Hash
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

accept-language
en-US,en;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 15 Apr 2023 00:36:10 GMT
last-modified
Thu, 16 Mar 2023 17:15:26 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: 8940C52E35294F86A227B09C8DD7E20E Ref B: CHGEDGE1311 Ref C: 2023-04-15T00:36:10Z
etag
"daa25ce62a58d91:0"
x-powered-by
ASP.NET
x-cache
CONFIG_NOCACHE
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
content-type
image/gif
cache-control
private, no-cache, proxy-revalidate, no-store
accept-ranges
bytes
content-length
42

Redirect headers

Location
https://c.bing.com/c.gif?red3=MSOB_pd&uid=%24D
Date
Sat, 15 Apr 2023 00:36:10 GMT
X-TraceId
62c96087748d2a4dfc6e2f2aec219c25
Content-Length
0
usersync
usersync.gumgum.com/ Frame B4CA
Redirect Chain
  • https://us-u.openx.net/w/1.0/cm?_={CACHEBUSTER}&id=47f31213-389c-4904-aaa6-9b11aab9c211&gdpr=0&gdpr_consent=&us_privacy=&r=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dopx%26i%3D
  • https://us-u.openx.net/w/1.0/cm?cc=1&_={CACHEBUSTER}&id=47f31213-389c-4904-aaa6-9b11aab9c211&gdpr=0&gdpr_consent=&us_privacy=&r=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dopx%26i%3D
  • https://usersync.gumgum.com/usersync?b=opx&i=a7668d9c-e267-0178-176c-e0a3936620e2
35 B
250 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://usersync.gumgum.com/usersync?b=opx&i=a7668d9c-e267-0178-176c-e0a3936620e2
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/amzns2s?r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dgg.com%26id%3D&gdpr=0
Protocol
HTTP/1.1
Server
54.87.127.173 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-87-127-173.compute-1.amazonaws.com
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
en-US,en;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

Content-Type
image/gif
Pragma
no-cache
Date
Sat, 15 Apr 2023 00:36:10 GMT
Cache-Control
private, no-store, must-revalidate, max-age=0
Connection
keep-alive
Content-Length
35
Expires
0

Redirect headers

date
Sat, 15 Apr 2023 00:36:09 GMT
content-encoding
gzip
via
1.1 google
server
OXGW/0.0.0
vary
Accept, Accept-Encoding
content-type
image/gif
location
https://usersync.gumgum.com/usersync?b=opx&i=a7668d9c-e267-0178-176c-e0a3936620e2
p3p
CP="CUR ADM OUR NOR STA NID"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
usersync
usersync.gumgum.com/ Frame B4CA
Redirect Chain
  • https://sync.srv.stackadapt.com/sync?nid=1&gdpr=0&gdpr_consent=
  • https://usersync.gumgum.com/usersync?b=sta&i=0-896497ea-5dde-5276-67db-4d15c2d6ed0f$ip$167.88.7.162
35 B
250 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://usersync.gumgum.com/usersync?b=sta&i=0-896497ea-5dde-5276-67db-4d15c2d6ed0f$ip$167.88.7.162
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/amzns2s?r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dgg.com%26id%3D&gdpr=0
Protocol
HTTP/1.1
Server
54.87.127.173 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-87-127-173.compute-1.amazonaws.com
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
en-US,en;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

Content-Type
image/gif
Pragma
no-cache
Date
Sat, 15 Apr 2023 00:36:10 GMT
Cache-Control
private, no-store, must-revalidate, max-age=0
Connection
keep-alive
Content-Length
35
Expires
0

Redirect headers

Location
https://usersync.gumgum.com/usersync?b=sta&i=0-896497ea-5dde-5276-67db-4d15c2d6ed0f$ip$167.88.7.162
Date
Sat, 15 Apr 2023 00:36:09 GMT
Connection
keep-alive
Content-Length
126
Content-Type
text/html; charset=utf-8
usersync
usersync.gumgum.com/ Frame B4CA
Redirect Chain
  • https://pr-bh.ybp.yahoo.com/sync/gumgum?gdpr=0&gdpr_consent=
  • https://usersync.gumgum.com/usersync?b=oth&i=y-.marmDFE2pdUQoBLRaydYTQMGT6BGsqAfgx4~A
35 B
250 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://usersync.gumgum.com/usersync?b=oth&i=y-.marmDFE2pdUQoBLRaydYTQMGT6BGsqAfgx4~A
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/amzns2s?r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dgg.com%26id%3D&gdpr=0
Protocol
HTTP/1.1
Server
54.87.127.173 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-87-127-173.compute-1.amazonaws.com
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
en-US,en;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

Content-Type
image/gif
Pragma
no-cache
Date
Sat, 15 Apr 2023 00:36:10 GMT
Cache-Control
private, no-store, must-revalidate, max-age=0
Connection
keep-alive
Content-Length
35
Expires
0

Redirect headers

date
Sat, 15 Apr 2023 00:36:09 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
referrer-policy
strict-origin-when-cross-origin
server
ATS
content-security-policy
sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options
DENY
location
https://usersync.gumgum.com/usersync?b=oth&i=y-.marmDFE2pdUQoBLRaydYTQMGT6BGsqAfgx4~A
content-length
0
usersync
usersync.gumgum.com/ Frame B4CA
Redirect Chain
  • https://sync.ipredictive.com/d/sync/cookie/generic?partner=gumgum&cspid=9&append=1&cb=${ADELPHIC_CACHE_BUSTER}&gdpr=0&gdpr_consent=&us_privacy=&redirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync...
  • https://usersync.gumgum.com/usersync?b=vnt&i=3394644c-f63c-4f49-a881-64a342a59cec
35 B
250 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://usersync.gumgum.com/usersync?b=vnt&i=3394644c-f63c-4f49-a881-64a342a59cec
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/amzns2s?r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dgg.com%26id%3D&gdpr=0
Protocol
HTTP/1.1
Server
54.87.127.173 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-87-127-173.compute-1.amazonaws.com
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
en-US,en;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

Content-Type
image/gif
Pragma
no-cache
Date
Sat, 15 Apr 2023 00:36:10 GMT
Cache-Control
private, no-store, must-revalidate, max-age=0
Connection
keep-alive
Content-Length
35
Expires
0

Redirect headers

Location
https://usersync.gumgum.com/usersync?b=vnt&i=3394644c-f63c-4f49-a881-64a342a59cec
Date
Sat, 15 Apr 2023 00:36:09 GMT
Connection
keep-alive
X-CI-RTID
fe829a6b-c814-400d-b006-1232bbcef985
Content-Length
108
Content-Type
text/html; charset=utf-8
usersync
usersync.gumgum.com/ Frame B4CA
Redirect Chain
  • https://sync.technoratimedia.com/services?srv=cs&pid=65&us_privacy=&cb=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dsnc%26i%3D%5BUSER_ID%5D
  • https://usersync.gumgum.com/usersync?b=snc&i=7B5D3D1F33554FFE86F29FD5649C94B3
35 B
250 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://usersync.gumgum.com/usersync?b=snc&i=7B5D3D1F33554FFE86F29FD5649C94B3
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/amzns2s?r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dgg.com%26id%3D&gdpr=0
Protocol
HTTP/1.1
Server
54.87.127.173 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-87-127-173.compute-1.amazonaws.com
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
en-US,en;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

Content-Type
image/gif
Pragma
no-cache
Date
Sat, 15 Apr 2023 00:36:10 GMT
Cache-Control
private, no-store, must-revalidate, max-age=0
Connection
keep-alive
Content-Length
35
Expires
0

Redirect headers

date
Sat, 15 Apr 2023 00:36:09 GMT
via
1.1 varnish
server
nginx
age
0
access-control-allow-methods
POST,GET,HEAD,OPTIONS
x-varnish
807913046
location
https://usersync.gumgum.com/usersync?b=snc&i=7B5D3D1F33554FFE86F29FD5649C94B3
access-control-allow-origin
https://rtb.gumgum.com/
access-control-allow-credentials
true
content-length
0
142
match.deepintent.com/usersync/ Frame B4CA 		0
223 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.deepintent.com/usersync/142?redir=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Ddit%26i%3D%24%7BDI_USER_ID%7D
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/amzns2s?r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dgg.com%26id%3D&gdpr=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
169.197.150.7 , United States, ASN398989 (DEEPINTENT, US),
Reverse DNS
g.deepintent.com
Software
c /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-US,en;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

content-type
image/gif
date
Sat, 15 Apr 2023 00:36:09 GMT
server
c
content-length
0
p3p
policyref='http://cdn.deepintent.com/p3p.xml', CP='NON CUR DEV TAI'
usersync
usersync.gumgum.com/ Frame B4CA
Redirect Chain
  • https://b1sync.zemanta.com/usersync/gumgum/?puid=u_bfaec167-56bd-4884-992b-2080aacefc6a&gdpr=0&gdpr_consent=&us_privacy=&cb=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dzem%26i%3D__ZUID__
  • https://stags.bluekai.com/site/23178?id=Y7fu5ag9inDiww0hVf_G&redir=https%3A%2F%2Fb1sync.zemanta.com%2Fusersync%2Fbluekai%2Fcallback%2F%3Fd%3DNB2HI4DTHIXS65LTMVZHG6LOMMXGO5LNM52W2LTDN5WS65LTMVZHG6LO...
  • https://b1sync.zemanta.com/usersync/bluekai/callback/?d=NB2HI4DTHIXS65LTMVZHG6LOMMXGO5LNM52W2LTDN5WS65LTMVZHG6LOMM7WEPL2MVWSMZLYMNUGC3THMU6WO5LNM52W2JTHMRYHEPJQEZUT2WJXMZ2TKYLHHFUW4RDJO53TA2CWMZPUO
  • https://usersync.gumgum.com/usersync?b=zem&gdpr=0&i=Y7fu5ag9inDiww0hVf_G
35 B
250 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://usersync.gumgum.com/usersync?b=zem&gdpr=0&i=Y7fu5ag9inDiww0hVf_G
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/amzns2s?r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dgg.com%26id%3D&gdpr=0
Protocol
HTTP/1.1
Server
54.87.127.173 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-87-127-173.compute-1.amazonaws.com
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
en-US,en;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

Content-Type
image/gif
Pragma
no-cache
Date
Sat, 15 Apr 2023 00:36:10 GMT
Cache-Control
private, no-store, must-revalidate, max-age=0
Connection
keep-alive
Content-Length
35
Expires
0

Redirect headers

Pragma
no-cache
Date
Sat, 15 Apr 2023 00:36:10 GMT
Content-Type
text/html; charset=utf-8
Location
https://usersync.gumgum.com/usersync?b=zem&gdpr=0&i=Y7fu5ag9inDiww0hVf_G
P3p
CP="We do not support P3P header."
Cache-Control
no-cache, no-store, must-revalidate
Content-Length
103
Expires
Thu, 01 Dec 1994 16:00:00 GMT
usersync
usersync.gumgum.com/ Frame B4CA
Redirect Chain
  • https://ad.360yield.com/server_match?partner_id=N&r=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Didi%26i%3D%7BPUB_USER_ID%7D
  • https://ad.360yield.com/ul_cb/server_match?partner_id=N&r=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Didi%26i%3D%7BPUB_USER_ID%7D
  • https://usersync.gumgum.com/usersync?b=idi&i=3bc9e70f-627e-432f-955b-98181c181322
35 B
250 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://usersync.gumgum.com/usersync?b=idi&i=3bc9e70f-627e-432f-955b-98181c181322
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/amzns2s?r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dgg.com%26id%3D&gdpr=0
Protocol
HTTP/1.1
Server
54.87.127.173 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-87-127-173.compute-1.amazonaws.com
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
en-US,en;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

Content-Type
image/gif
Pragma
no-cache
Date
Sat, 15 Apr 2023 00:36:10 GMT
Cache-Control
private, no-store, must-revalidate, max-age=0
Connection
keep-alive
Content-Length
35
Expires
0

Redirect headers

location
https://usersync.gumgum.com/usersync?b=idi&i=3bc9e70f-627e-432f-955b-98181c181322
access-control-allow-origin
*
date
Sat, 15 Apr 2023 00:36:10 GMT
content-type
text/plain
content-length
0
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
usersync
usersync.gumgum.com/ Frame B4CA
Redirect Chain
  • https://bh.contextweb.com/bh/rtset?pid=558355&ev=1&rurl=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dpln%26i%3D%25%25VGUID%25%25
  • https://usersync.gumgum.com/usersync?b=pln&i=rtQ4O1zP1BMH&ev=1&pid=558355
35 B
250 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://usersync.gumgum.com/usersync?b=pln&i=rtQ4O1zP1BMH&ev=1&pid=558355
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/amzns2s?r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dgg.com%26id%3D&gdpr=0
Protocol
HTTP/1.1
Server
54.87.127.173 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-87-127-173.compute-1.amazonaws.com
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
en-US,en;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

Content-Type
image/gif
Pragma
no-cache
Date
Sat, 15 Apr 2023 00:36:10 GMT
Cache-Control
private, no-store, must-revalidate, max-age=0
Connection
keep-alive
Content-Length
35
Expires
0

Redirect headers

strict-transport-security
max-age=15768000
accept-ch
Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Platform-Version
server
Jetty(10.0.14)
content-language
en-US
location
https://usersync.gumgum.com/usersync?b=pln&i=rtQ4O1zP1BMH&ev=1&pid=558355
p3p
policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
cache-control
private, max-age=0, no-cache, no-store
cw-server
bh-deployment-6995c68ccb-mlbl5
expires
-1
usersync
usersync.gumgum.com/ Frame B4CA
Redirect Chain
  • https://ssbsync.smartadserver.com/api/sync?callerId=15&redirectUri=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dsad%26i%3D%5Bssb_sync_pid%5D&gdpr=0&gdpr_consent=
  • https://usersync.gumgum.com/usersync?b=sad&i=8001528019965322294
35 B
250 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://usersync.gumgum.com/usersync?b=sad&i=8001528019965322294
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/amzns2s?r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dgg.com%26id%3D&gdpr=0
Protocol
HTTP/1.1
Server
54.87.127.173 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-87-127-173.compute-1.amazonaws.com
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
en-US,en;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

Content-Type
image/gif
Pragma
no-cache
Date
Sat, 15 Apr 2023 00:36:10 GMT
Cache-Control
private, no-store, must-revalidate, max-age=0
Connection
keep-alive
Content-Length
35
Expires
0

Redirect headers

location
https://usersync.gumgum.com/usersync?b=sad&i=8001528019965322294
date
Sat, 15 Apr 2023 00:36:10 GMT
content-length
0
ecm3
s.amazon-adsystem.com/ Frame B4CA 		43 B
479 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.amazon-adsystem.com/ecm3?ex=gg.com&id=u_bfaec167-56bd-4884-992b-2080aacefc6a
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/amzns2s?r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dgg.com%26id%3D&gdpr=0
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.46.151.131 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
en-US,en;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 15 Apr 2023 00:36:10 GMT
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Server
Server
x-amz-rid
PJS6TK7BRVD4N7N75Q0J
Vary
Content-Type,Accept-Encoding,User-Agent
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT
usersync
usersync.gumgum.com/ Frame C329
Redirect Chain
  • https://sync.mathtag.com/sync/img?mt_exid=71&gdpr=0&gdpr_consent=&redir=https%3a%2f%2fusersync.gumgum.com%2fusersync%3fb%3dmmh%26i%3d%5bMM_UUID%5d
  • https://usersync.gumgum.com/usersync?b=mmh&i=585f6439-f17a-4c00-b1f6-f95423933410&gdpr=0&gdpr_consent=
35 B
250 B 		Document
General
Check archive.org
Download Go to
Full URL
https://usersync.gumgum.com/usersync?b=mmh&i=585f6439-f17a-4c00-b1f6-f95423933410&gdpr=0&gdpr_consent=
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/amzns2s?r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dgg.com%26id%3D&gdpr=0
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
54.87.127.173 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-87-127-173.compute-1.amazonaws.com
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer
https://rtb.gumgum.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

Cache-Control
private, no-store, must-revalidate, max-age=0
Connection
keep-alive
Content-Length
35
Content-Type
image/gif
Date
Sat, 15 Apr 2023 00:36:10 GMT
Expires
0
Pragma
no-cache

Redirect headers

Access-Control-Allow-Origin
*
Cache-Control
no-cache
Connection
keep-alive
Content-Length
0
Content-Type
image/gif
Date
Sat, 15 Apr 2023 00:36:09 GMT
Expires
Sat, 15 Apr 2023 00:36:08 GMT
Keep-Alive
timeout=360
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Server
MT3 796 58fb543 master iad-pixel-x16 config_version:"unknown"
location
https://usersync.gumgum.com/usersync?b=mmh&i=585f6439-f17a-4c00-b1f6-f95423933410&gdpr=0&gdpr_consent=
user-sync
sync.adkernel.com/ Frame 91C3 		21 B
191 B 		Document
General
Check archive.org
Download Go to
Full URL
https://sync.adkernel.com/user-sync?zone=181093&r=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dmdp%26i%3D%5BUID%5D&gdpr=0&gdpr_consent=&ccpa=
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/amzns2s?r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dgg.com%26id%3D&gdpr=0
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
174.137.133.32 , United States, ASN27257 (WEBAIR-INTERNET, US),
Reverse DNS
Software
nginx /
Resource Hash
43e96d451b13a80f769c106908376c94b31beb9aac6566498c5c60f0059ca4f1

Request headers

Referer
https://rtb.gumgum.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

Age
0
Cache-Control
no-store
Connection
close
Content-Length
21
Date
Sat, 15 Apr 2023 00:36:09 GMT
Pragma
no-cache
Server
nginx
usersync
usersync.gumgum.com/ Frame 9FF0
Redirect Chain
  • https://sync-tm.everesttech.net/upi/pid/URnmbSKM?redir=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Datm%26i%3D%24%7BTM_USER_ID%7D&gdpr=0&gdpr_consent=
  • https://sync-tm.everesttech.net/ct/upi/pid/URnmbSKM?redir=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Datm%26i%3D%24%7BTM_USER_ID%7D&gdpr=0&gdpr_consent=&_test=ZDnxeQAC0PB7jABS
  • https://usersync.gumgum.com/usersync?b=atm&i=ZDnxeQAC0PB7jABS&gdpr=0&gdpr_consent=&_test=ZDnxeQAC0PB7jABS
35 B
250 B 		Document
General
Check archive.org
Download Go to
Full URL
https://usersync.gumgum.com/usersync?b=atm&i=ZDnxeQAC0PB7jABS&gdpr=0&gdpr_consent=&_test=ZDnxeQAC0PB7jABS
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/amzns2s?r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dgg.com%26id%3D&gdpr=0
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
54.87.127.173 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-87-127-173.compute-1.amazonaws.com
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer
https://rtb.gumgum.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

Cache-Control
private, no-store, must-revalidate, max-age=0
Connection
keep-alive
Content-Length
35
Content-Type
image/gif
Date
Sat, 15 Apr 2023 00:36:10 GMT
Expires
0
Pragma
no-cache

Redirect headers

accept-ranges
bytes
cache-control
no-cache
content-length
0
date
Sat, 15 Apr 2023 00:36:09 GMT
location
https://usersync.gumgum.com/usersync?b=atm&i=ZDnxeQAC0PB7jABS&gdpr=0&gdpr_consent=&_test=ZDnxeQAC0PB7jABS
pragma
no-cache
retry-after
0
server
Varnish
via
1.1 varnish
x-cache
HIT
x-cache-hits
0
x-served-by
cache-chi-kigq8000029-CHI
x-timer
S1681518970.959942,VS0,VE0
pixel
cm.g.doubleclick.net/ Frame 69CE
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=gumgum_dbm&google_hm=dV9iZmFlYzE2Ny01NmJkLTQ4ODQtOTkyYi0yMDgwYWFjZWZjNmE=&gdpr=0&gdpr_consent=&google_redir=https%3A%2F%2Fusersync.gumgum.com%2Fusersyn...
  • https://cm.g.doubleclick.net/pixel?google_nid=gumgum_dbm&google_hm=dV9iZmFlYzE2Ny01NmJkLTQ4ODQtOTkyYi0yMDgwYWFjZWZjNmE=&gdpr=0&gdpr_consent=&google_redir=https%3A%2F%2Fusersync.gumgum.com%2Fusersyn...
170 B
243 B 		Document
General
Check archive.org
Download Go to
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=gumgum_dbm&google_hm=dV9iZmFlYzE2Ny01NmJkLTQ4ODQtOTkyYi0yMDgwYWFjZWZjNmE=&gdpr=0&gdpr_consent=&google_redir=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dgdv&google_tc=
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/amzns2s?r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dgg.com%26id%3D&gdpr=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.13.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
yul03s04-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://rtb.gumgum.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, must-revalidate
content-length
170
content-type
image/png
cross-origin-resource-policy
cross-origin
date
Sat, 15 Apr 2023 00:36:10 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
pragma
no-cache
server
HTTP server (unknown)
x-xss-protection
0

Redirect headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, must-revalidate
content-length
436
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Sat, 15 Apr 2023 00:36:09 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
location
https://cm.g.doubleclick.net/pixel?google_nid=gumgum_dbm&google_hm=dV9iZmFlYzE2Ny01NmJkLTQ4ODQtOTkyYi0yMDgwYWFjZWZjNmE=&gdpr=0&gdpr_consent=&google_redir=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dgdv&google_tc=
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma
no-cache
server
HTTP server (unknown)
x-xss-protection
0
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame C7A1 		16 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=0&gdprConsent=
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/amzns2s?r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dgg.com%26id%3D&gdpr=0
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
96.16.25.21 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a96-16-25-21.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
72a64af6c85d8ab9bb2b508571c6a70080750c4891634dcbe36cb95737ca0f48

Request headers

Referer
https://rtb.gumgum.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

accept-ranges
bytes
cache-control
max-age=26752
content-encoding
gzip
content-length
5554
content-type
text/html
date
Sat, 15 Apr 2023 00:36:09 GMT
expires
Sat, 15 Apr 2023 08:02:01 GMT
last-modified
Fri, 16 Dec 2022 06:36:49 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
Apache
vary
Accept-Encoding
usersync
usersync.gumgum.com/ Frame CC58
Redirect Chain
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=gumgum&ttd_tpi=1&gdpr=0&gdpr_consent=
  • https://usersync.gumgum.com/usersync?b=ttd&i=c3db27b5-56e8-4f77-8870-8d51c49d4722
35 B
250 B 		Document
General
Check archive.org
Download Go to
Full URL
https://usersync.gumgum.com/usersync?b=ttd&i=c3db27b5-56e8-4f77-8870-8d51c49d4722
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/amzns2s?r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dgg.com%26id%3D&gdpr=0
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
54.87.127.173 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-87-127-173.compute-1.amazonaws.com
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer
https://rtb.gumgum.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

Cache-Control
private, no-store, must-revalidate, max-age=0
Connection
keep-alive
Content-Length
35
Content-Type
image/gif
Date
Sat, 15 Apr 2023 00:36:10 GMT
Expires
0
Pragma
no-cache

Redirect headers

cache-control
private,no-cache, must-revalidate
content-length
193
content-type
text/html
date
Sat, 15 Apr 2023 00:36:09 GMT
location
https://usersync.gumgum.com/usersync?b=ttd&i=c3db27b5-56e8-4f77-8870-8d51c49d4722
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
pragma
no-cache
x-aspnet-version
4.0.30319
usersync
usersync.gumgum.com/ Frame 3466
Redirect Chain
  • https://tg.socdm.com/aux/idsync?proto=gumgum
  • https://usersync.gumgum.com/usersync?b=sus&i=ZDnxesCo8X0AABoGDVcAAAAA
35 B
250 B 		Document
General
Check archive.org
Download Go to
Full URL
https://usersync.gumgum.com/usersync?b=sus&i=ZDnxesCo8X0AABoGDVcAAAAA
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/amzns2s?r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dgg.com%26id%3D&gdpr=0
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
54.87.127.173 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-87-127-173.compute-1.amazonaws.com
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer
https://rtb.gumgum.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

Cache-Control
private, no-store, must-revalidate, max-age=0
Connection
keep-alive
Content-Length
35
Content-Type
image/gif
Date
Sat, 15 Apr 2023 00:36:10 GMT
Expires
0
Pragma
no-cache

Redirect headers

Cache-Control
private
Connection
keep-alive
Content-Length
0
Date
Sat, 15 Apr 2023 00:36:10 GMT
Location
https://usersync.gumgum.com/usersync?b=sus&i=ZDnxesCo8X0AABoGDVcAAAAA
P3P
CP="See also http://www.scaleout.jp/privacy/"
Server
nginx
X-SO-Ads-Time
10
X-SO-Cluster-ID
0
X-SO-HostName
m-ad271.dc4p.scaleout.jp
X-SO-IP
167.88.7.162
X-SO-Key
ZDnxesCo8X0AABoGDVcAAAAA
X-SO-LB-Data
{"ban":false,"clean_query":"\/aux\/idsync?proto=gumgum","cluster_id":0,"gdpr":false,"ipv4":"167.88.7.162","key":"ZDnxesCo8X0AABoGDVcAAAAA","privacy_sensitive":false,"uid":"","upstream_id":"m-ad271"}
X-SO-LB-Hostname
m-tgng25.dc4p.scaleout.jp
X-SO-Upstream-ID
m-ad271
usersync
usersync.gumgum.com/ Frame 68B8
Redirect Chain
  • https://cs.admanmedia.com/sync/gumgum?puid=u_bfaec167-56bd-4884-992b-2080aacefc6a&redir=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Daad%26i%3D%5BDSP_USER_ID%5D&gdpr=0&gdpr_consent=&ccpa=
  • https://usersync.gumgum.com/usersync?b=aad&i=374e3d00-6b0b-4bb3-9db1-a37a64f42882
35 B
250 B 		Document
General
Check archive.org
Download Go to
Full URL
https://usersync.gumgum.com/usersync?b=aad&i=374e3d00-6b0b-4bb3-9db1-a37a64f42882
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/amzns2s?r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dgg.com%26id%3D&gdpr=0
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
54.87.127.173 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-87-127-173.compute-1.amazonaws.com
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer
https://rtb.gumgum.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

Cache-Control
private, no-store, must-revalidate, max-age=0
Connection
keep-alive
Content-Length
35
Content-Type
image/gif
Date
Sat, 15 Apr 2023 00:36:10 GMT
Expires
0
Pragma
no-cache

Redirect headers

Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Date
Sat, 15 Apr 2023 00:36:09 GMT
Expires
0
Location
https://usersync.gumgum.com/usersync?b=aad&i=374e3d00-6b0b-4bb3-9db1-a37a64f42882
Pragma
no-cache
Server
nginx
Strict-Transport-Security
max-age=63072000; includeSubdomains; preload
Transfer-Encoding
chunked
X-Frame-Options
DENY
usermatchredir
ssum-sec.casalemedia.com/ Frame 3C2A
Redirect Chain
  • https://ssum-sec.casalemedia.com/usermatchredir?s=189872&cb=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Diex%26i%3D
  • https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Diex%26i%3D&s=189872&C=1
43 B
764 B 		Document
General
Check archive.org
Download Go to
Full URL
https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Diex%26i%3D&s=189872&C=1
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/amzns2s?r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dgg.com%26id%3D&gdpr=0
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
192.40.39.223 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer
https://rtb.gumgum.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

Cache-Control
no-cache
Connection
Keep-Alive
Content-Length
43
Content-Type
image/gif
Date
Sat, 15 Apr 2023 00:36:10 GMT
Expires
0
Keep-Alive
timeout=1, max=499
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Pragma
no-cache
Server
Apache

Redirect headers

Cache-Control
no-cache
Connection
Keep-Alive
Content-Length
0
Date
Sat, 15 Apr 2023 00:36:10 GMT
Expires
0
Keep-Alive
timeout=1, max=500
Location
/usermatchredir?cb=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Diex%26i%3D&s=189872&C=1
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Pragma
no-cache
Server
Apache
usersync
usersync.gumgum.com/ Frame F972
Redirect Chain
  • https://creativecdn.com/cm-notify?pi=gumgum
  • https://creativecdn.com/cm-notify?pi=gumgum&tc=1
  • https://usersync.gumgum.com/usersync?b=rth&i=dDdekom0waLgr7nK8NCu&pi=gumgum&tc=1
35 B
250 B 		Document
General
Check archive.org
Download Go to
Full URL
https://usersync.gumgum.com/usersync?b=rth&i=dDdekom0waLgr7nK8NCu&pi=gumgum&tc=1
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/amzns2s?r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dgg.com%26id%3D&gdpr=0
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
54.87.127.173 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-87-127-173.compute-1.amazonaws.com
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer
https://rtb.gumgum.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

Cache-Control
private, no-store, must-revalidate, max-age=0
Connection
keep-alive
Content-Length
35
Content-Type
image/gif
Date
Sat, 15 Apr 2023 00:36:10 GMT
Expires
0
Pragma
no-cache

Redirect headers

cache-control
no-cache, no-store, must-revalidate, private, max-age=0
content-length
0
date
Sat, 15 Apr 2023 00:36:10 GMT Sat, 15 Apr 2023 00:36:10 GMT
expires
Thu, 01 Jan 1970 00:00:00 GMT
location
https://usersync.gumgum.com/usersync?b=rth&i=dDdekom0waLgr7nK8NCu&pi=gumgum&tc=1
pragma
no-cache
usync.html
eus.rubiconproject.com/ Frame CC41
Redirect Chain
  • https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=gumgum
  • https://eus.rubiconproject.com/usync.html?p=gumgum
281 B
554 B 		Document
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.html?p=gumgum
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/amzns2s?r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dgg.com%26id%3D&gdpr=0
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.107.5.93 Secaucus, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-107-5-93.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer
https://rtb.gumgum.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

Accept-Ranges
bytes
Connection
keep-alive
Content-Encoding
gzip
Content-Length
233
Content-Type
text/html; charset=UTF-8
Date
Sat, 15 Apr 2023 00:36:09 GMT
ETag
"403b9-119-5ec73a0a33d00"
Last-Modified
Wed, 02 Nov 2022 02:30:44 GMT
Server
Apache/2.2.15 (CentOS)
Vary
Accept-Encoding

Redirect headers

access-control-allow-credentials
true
access-control-allow-origin
*
content-length
0
date
Sat, 15 Apr 2023 00:36:09 GMT
location
https://eus.rubiconproject.com/usync.html?p=gumgum
server
AkamaiGHost
MezC-G1ZF-1GZ9yqq0o7IScgI3uEZvBcP5CgXoWKMDE.js
pagead2.googlesyndication.com/bg/ Frame E3CA 		36 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/MezC-G1ZF-1GZ9yqq0o7IScgI3uEZvBcP5CgXoWKMDE.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4020:805::2002 Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
31ecc2f86d5917ed4667dcaaab4a3b212720237b8466f05c3f90a05e858a3031
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Wed, 12 Apr 2023 19:32:06 GMT
content-encoding
br
x-content-type-options
nosniff
age
191043
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
14288
x-xss-protection
0
last-modified
Tue, 11 Apr 2023 10:38:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Thu, 11 Apr 2024 19:32:06 GMT
usync.js
eus.rubiconproject.com/ Frame FDA5 		34 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.js
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=a9us&endpoint=us-east&gdpr=0
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.107.5.93 Secaucus, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-107-5-93.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash
5d357e59e464329ea174ee6add3631078f821d8190ff89db5546999578310d88

Request headers

accept-language
en-US,en;q=0.9
Referer
https://eus.rubiconproject.com/usync.html?p=a9us&endpoint=us-east&gdpr=0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

Date
Sat, 15 Apr 2023 00:36:09 GMT
Content-Encoding
gzip
Last-Modified
Fri, 14 Apr 2023 19:05:03 GMT
Server
Apache/2.2.15 (CentOS)
X-Powered-By
PHP/5.3.3
Vary
Accept-Encoding
Content-Type
text/html; charset=UTF-8
p3p
CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control
max-age=66511
Connection
keep-alive
Content-Length
10019
Expires
Sat, 15 Apr 2023 19:04:40 GMT
error_handler.js
tpc.googlesyndication.com/pagead/js/r20230412/r20110914/client/ Frame 8D63 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20230412/r20110914/client/error_handler.js
Requested by
Host: www.cpomagazine.com
URL: https://www.cpomagazine.com/cyber-security/suspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4020:807::2001 Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
78cad1fb95d1e9bbe4a7b1f90fa38ef699314ee65bf914e65ffae62005103a8e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Sat, 15 Apr 2023 00:36:10 GMT
content-encoding
br
x-content-type-options
nosniff
age
0
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
3465
x-xss-protection
0
server
cafe
etag
6788195977828770272
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Sat, 29 Apr 2023 00:36:10 GMT
12087143813763626130
tpc.googlesyndication.com/simgad/ Frame 8D63 		101 KB
101 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/simgad/12087143813763626130
Requested by
Host: www.cpomagazine.com
URL: https://www.cpomagazine.com/cyber-security/suspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4020:807::2001 Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
b918719a877970044821d50f582d79273e055607529039c335f3e60e0cfc5303
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Fri, 14 Apr 2023 10:34:30 GMT
x-content-type-options
nosniff
age
50499
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
103159
x-xss-protection
0
last-modified
Fri, 26 Aug 2022 22:30:50 GMT
server
sffe
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Sat, 13 Apr 2024 10:34:30 GMT
abg_lite_fy2021.js
tpc.googlesyndication.com/pagead/js/r20230412/r20110914/ Frame 8D63 		22 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20230412/r20110914/abg_lite_fy2021.js
Requested by
Host: www.cpomagazine.com
URL: https://www.cpomagazine.com/cyber-security/suspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4020:807::2001 Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
26f2c1abc7720059c2f88aac37f0b15cd551c1b69b522eef0bf782cefcc98dc5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Sat, 15 Apr 2023 00:36:10 GMT
content-encoding
br
x-content-type-options
nosniff
age
0
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
8756
x-xss-protection
0
server
cafe
etag
5179999606349116156
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Sat, 29 Apr 2023 00:36:10 GMT
window_focus_fy2021.js
tpc.googlesyndication.com/pagead/js/r20230412/r20110914/client/ Frame 8D63 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20230412/r20110914/client/window_focus_fy2021.js
Requested by
Host: www.cpomagazine.com
URL: https://www.cpomagazine.com/cyber-security/suspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4020:807::2001 Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Fri, 14 Apr 2023 19:24:36 GMT
content-encoding
br
x-content-type-options
nosniff
age
18693
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1236
x-xss-protection
0
server
cafe
etag
15004572836499977866
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Fri, 28 Apr 2023 19:24:36 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 8D63 		159 KB
49 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: www.cpomagazine.com
URL: https://www.cpomagazine.com/cyber-security/suspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81e::2002 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
cbeee230de9adc4b4765d4387c54fa936a5c26f8306fe0e6f5f8415284f56c33
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Sat, 15 Apr 2023 00:36:10 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
49801
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1681299295334834"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 15 Apr 2023 00:36:10 GMT
ecm3
s.amazon-adsystem.com/ Frame 2AC8 		43 B
479 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.amazon-adsystem.com/ecm3?ex=openx.com&id=088d5591-d6d8-82d4-b019-72d93305ea44
Requested by
Host: u.openx.net
URL: https://u.openx.net/w/1.0/cm?cc=1&id=e818ca1e-0c23-caa8-0dd3-096b0ada08b7&ph=2d1251ae-7f3a-47cf-bd2a-2f288854a0ba&plm=5&r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dopenx.com%26id%3D%7BOPENX_ID%7D&gdpr=0
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.46.151.131 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
en-US,en;q=0.9
Referer
https://u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 15 Apr 2023 00:36:10 GMT
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Server
Server
x-amz-rid
3M185EHMP3WPWK47J118
Vary
Content-Type,Accept-Encoding,User-Agent
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT
c49c4fa8-5ade-ab67-41c0-e6bba461eced
pr-bh.ybp.yahoo.com/sync/openx/ Frame 2AC8 		43 B
602 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pr-bh.ybp.yahoo.com/sync/openx/c49c4fa8-5ade-ab67-41c0-e6bba461eced?gdpr=0
Requested by
Host: u.openx.net
URL: https://u.openx.net/w/1.0/cm?cc=1&id=e818ca1e-0c23-caa8-0dd3-096b0ada08b7&ph=2d1251ae-7f3a-47cf-bd2a-2f288854a0ba&plm=5&r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dopenx.com%26id%3D%7BOPENX_ID%7D&gdpr=0
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f18:4e9:5a02:9485:f56c:9e9b:dee5 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
ATS /
Resource Hash
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
Security Headers
Name Value
Content-Security-Policy sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
en-US,en;q=0.9
Referer
https://u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Sat, 15 Apr 2023 00:36:09 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
referrer-policy
strict-origin-when-cross-origin
server
ATS
content-security-policy
sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options
DENY
content-type
image/gif
content-length
43
dcm
s.amazon-adsystem.com/ Frame 2AC8 		43 B
855 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.amazon-adsystem.com/dcm?pid=6e1b1225-4dd8-4d7d-b277-465574a27014&id=088d5591-d6d8-82d4-b019-72d93305ea44
Requested by
Host: u.openx.net
URL: https://u.openx.net/w/1.0/cm?cc=1&id=e818ca1e-0c23-caa8-0dd3-096b0ada08b7&ph=2d1251ae-7f3a-47cf-bd2a-2f288854a0ba&plm=5&r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dopenx.com%26id%3D%7BOPENX_ID%7D&gdpr=0
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.46.151.131 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
en-US,en;q=0.9
Referer
https://u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 15 Apr 2023 00:36:10 GMT
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Server
Server
x-amz-rid
5JC0DJEAX5XYVYRM7BD1
Vary
Content-Type,Accept-Encoding,User-Agent
Content-Type
image/gif
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT
sd
us-u.openx.net/w/1.0/ Frame 2AC8
Redirect Chain
  • https://match.adsrvr.org/track/cmf/openx?oxid=505b29ec-ca72-392e-7017-f04e5b3621a4&gdpr=0
  • https://us-u.openx.net/w/1.0/sd?id=537072971&val=c3db27b5-56e8-4f77-8870-8d51c49d4722&ttd_puid=505b29ec-ca72-392e-7017-f04e5b3621a4&gdpr=0&gdpr_consent=
43 B
62 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://us-u.openx.net/w/1.0/sd?id=537072971&val=c3db27b5-56e8-4f77-8870-8d51c49d4722&ttd_puid=505b29ec-ca72-392e-7017-f04e5b3621a4&gdpr=0&gdpr_consent=
Requested by
Host: u.openx.net
URL: https://u.openx.net/w/1.0/cm?cc=1&id=e818ca1e-0c23-caa8-0dd3-096b0ada08b7&ph=2d1251ae-7f3a-47cf-bd2a-2f288854a0ba&plm=5&r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dopenx.com%26id%3D%7BOPENX_ID%7D&gdpr=0
Protocol
H3
Server
34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/0.0.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language
en-US,en;q=0.9
Referer
https://u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 15 Apr 2023 00:36:10 GMT
via
1.1 google
server
OXGW/0.0.0
vary
Accept
content-type
image/gif
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma
no-cache
date
Sat, 15 Apr 2023 00:36:10 GMT
x-aspnet-version
4.0.30319
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location
https://us-u.openx.net/w/1.0/sd?id=537072971&val=c3db27b5-56e8-4f77-8870-8d51c49d4722&ttd_puid=505b29ec-ca72-392e-7017-f04e5b3621a4&gdpr=0&gdpr_consent=
content-type
text/html
cache-control
private,no-cache, must-revalidate
content-length
335
pixel
cm.g.doubleclick.net/ Frame 2AC8 		170 B
232 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=N2MzNGZhMjYtMDMwNS02NzhhLTY1ZjctYWFmNzkxZDRlZmM0
Requested by
Host: u.openx.net
URL: https://u.openx.net/w/1.0/cm?cc=1&id=e818ca1e-0c23-caa8-0dd3-096b0ada08b7&ph=2d1251ae-7f3a-47cf-bd2a-2f288854a0ba&plm=5&r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dopenx.com%26id%3D%7BOPENX_ID%7D&gdpr=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.13.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
yul03s04-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 15 Apr 2023 00:36:10 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
sd
us-u.openx.net/w/1.0/ Frame 2AC8
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc
  • https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEH69VLZPatk48Gvtl_gB0dg&google_cver=1
43 B
61 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEH69VLZPatk48Gvtl_gB0dg&google_cver=1
Requested by
Host: u.openx.net
URL: https://u.openx.net/w/1.0/cm?cc=1&id=e818ca1e-0c23-caa8-0dd3-096b0ada08b7&ph=2d1251ae-7f3a-47cf-bd2a-2f288854a0ba&plm=5&r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dopenx.com%26id%3D%7BOPENX_ID%7D&gdpr=0
Protocol
H3
Server
34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/0.0.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language
en-US,en;q=0.9
Referer
https://u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 15 Apr 2023 00:36:10 GMT
via
1.1 google
server
OXGW/0.0.0
vary
Accept
content-type
image/gif
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma
no-cache
date
Sat, 15 Apr 2023 00:36:10 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEH69VLZPatk48Gvtl_gB0dg&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
295
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ecm3
s.amazon-adsystem.com/ Frame F4F7 		43 B
479 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.amazon-adsystem.com/ecm3?ex=ym.com&id=g33bb732c9e314e02683&gdpr=0
Requested by
Host: sync-amz.ads.yieldmo.com
URL: https://sync-amz.ads.yieldmo.com/tamptsync?callback=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dym.com%26id%3D%24UID&gdpr=0
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.46.151.131 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
en-US,en;q=0.9
Referer
https://sync-amz.ads.yieldmo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 15 Apr 2023 00:36:10 GMT
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Server
Server
x-amz-rid
81TYZSTVDA0VRX7EQ5P3
Vary
Content-Type,Accept-Encoding,User-Agent
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT
sync
ads.yieldmo.com/v000/ Frame F4F7
Redirect Chain
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=yieldmo&ttd_tpi=1&ttd_puid=g33bb732c9e314e02683
  • https://ads.yieldmo.com/v000/sync?tdid=c3db27b5-56e8-4f77-8870-8d51c49d4722
43 B
475 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ads.yieldmo.com/v000/sync?tdid=c3db27b5-56e8-4f77-8870-8d51c49d4722
Requested by
Host: sync-amz.ads.yieldmo.com
URL: https://sync-amz.ads.yieldmo.com/tamptsync?callback=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dym.com%26id%3D%24UID&gdpr=0
Protocol
H2
Server
3.214.100.121 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-214-100-121.compute-1.amazonaws.com
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language
en-US,en;q=0.9
Referer
https://sync-amz.ads.yieldmo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 15 Apr 2023 00:36:10 GMT
accept-ch
Sec-CH-UA,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-Model,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Mobile
access-control-allow-methods
POST, GET, OPTIONS
content-type
image/gif;charset=utf-8
access-control-allow-origin
*
access-control-allow-headers
Cache-Control, Pragma, *
content-length
43

Redirect headers

pragma
no-cache
date
Sat, 15 Apr 2023 00:36:10 GMT
x-aspnet-version
4.0.30319
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location
https://ads.yieldmo.com/v000/sync?tdid=c3db27b5-56e8-4f77-8870-8d51c49d4722
content-type
text/html
cache-control
private,no-cache, must-revalidate
content-length
181
sync
ads.yieldmo.com/v000/ Frame F4F7
Redirect Chain
  • https://sync.1rx.io/usersync2/rmpssp?sub=yieldmo&redir%3Dhttps%3A%2F%2Fads.yieldmo.com%2Fv000%2Fsync%3Fpn_id%3Dunl%26id%3D%5BRX_UUID%5D
  • https://sync.1rx.io/usersync2/rmpssp?sub=yieldmo&zcc=1&cb=1681518970427
  • https://ad.turn.com/r/cs?pid=45&rndcb=2175156561
  • https://sync.1rx.io/usersync/turn/3965003373761014755?dspret=1&gdpr=&gdpr_consent=&us_privacy=
  • https://sync.targeting.unrulymedia.com/csync/RX-54d3546a-c14b-4ee8-a37f-746800d03826-005?redir=https%3A%2F%2Fads.yieldmo.com%2Fv000%2Fsync%3Fpn_id%3Dunl%26id%3DRX-54d3546a-c14b-4ee8-a37f-746800d038...
  • https://ads.yieldmo.com/v000/sync?pn_id=unl&id=RX-54d3546a-c14b-4ee8-a37f-746800d03826-005
43 B
804 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ads.yieldmo.com/v000/sync?pn_id=unl&id=RX-54d3546a-c14b-4ee8-a37f-746800d03826-005
Requested by
Host: sync-amz.ads.yieldmo.com
URL: https://sync-amz.ads.yieldmo.com/tamptsync?callback=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dym.com%26id%3D%24UID&gdpr=0
Protocol
H2
Server
3.214.100.121 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-214-100-121.compute-1.amazonaws.com
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language
en-US,en;q=0.9
Referer
https://sync-amz.ads.yieldmo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 15 Apr 2023 00:36:11 GMT
accept-ch
Sec-CH-UA,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-Model,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Mobile
access-control-allow-methods
POST, GET, OPTIONS
content-type
image/gif;charset=utf-8
access-control-allow-origin
*
access-control-allow-headers
Cache-Control, Pragma, *
content-length
43

Redirect headers

Location
https://ads.yieldmo.com/v000/sync?pn_id=unl&id=RX-54d3546a-c14b-4ee8-a37f-746800d03826-005
Date
Sat, 15 Apr 2023 00:36:11 GMT
Content-Type
text/html
Connection
keep-alive
ETag
RX54d3546ac14b4ee8a37f746800d03826005
Transfer-Encoding
chunked
P3P
CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
sync
ads.yieldmo.com/v000/ Frame F4F7
Redirect Chain
  • https://ib.adnxs.com/getuid?https://ads.yieldmo.com/v000/sync?userid=$UID&pn_id=an
  • https://ads.yieldmo.com/v000/sync?userid=4326297819836415887&pn_id=an
43 B
579 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ads.yieldmo.com/v000/sync?userid=4326297819836415887&pn_id=an
Requested by
Host: sync-amz.ads.yieldmo.com
URL: https://sync-amz.ads.yieldmo.com/tamptsync?callback=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dym.com%26id%3D%24UID&gdpr=0
Protocol
H2
Server
3.214.100.121 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-214-100-121.compute-1.amazonaws.com
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language
en-US,en;q=0.9
Referer
https://sync-amz.ads.yieldmo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 15 Apr 2023 00:36:10 GMT
accept-ch
Sec-CH-UA,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-Model,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Mobile
access-control-allow-methods
POST, GET, OPTIONS
content-type
image/gif;charset=utf-8
access-control-allow-origin
*
access-control-allow-headers
Cache-Control, Pragma, *
content-length
43

Redirect headers

Date
Sat, 15 Apr 2023 00:36:10 GMT
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection
keep-alive
X-Proxy-Origin
167.88.7.162; 167.88.7.162; 570.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
Content-Length
0
X-XSS-Protection
0
Pragma
no-cache
AN-X-Request-Uuid
bf335a4d-8969-466a-b851-9d53a27f1e2e
Server
nginx/1.21.3
Accept-CH
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type
text/html; charset=utf-8
Access-Control-Allow-Origin
*
Location
https://ads.yieldmo.com/v000/sync?userid=4326297819836415887&pn_id=an
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Expires
Sat, 15 Nov 2008 16:00:00 GMT
sync
ads.yieldmo.com/ Frame F4F7
Redirect Chain
  • https://pixel-us-east.rubiconproject.com/exchange/sync.php?p=yieldmo
  • https://ads.yieldmo.com/sync?pn_id=rc&id=LGH8Z875-S-H54N
43 B
682 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ads.yieldmo.com/sync?pn_id=rc&id=LGH8Z875-S-H54N
Requested by
Host: sync-amz.ads.yieldmo.com
URL: https://sync-amz.ads.yieldmo.com/tamptsync?callback=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dym.com%26id%3D%24UID&gdpr=0
Protocol
H2
Server
3.214.100.121 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-214-100-121.compute-1.amazonaws.com
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language
en-US,en;q=0.9
Referer
https://sync-amz.ads.yieldmo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 15 Apr 2023 00:36:10 GMT
accept-ch
Sec-CH-UA,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-Model,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Mobile
access-control-allow-methods
POST, GET, OPTIONS
content-type
image/gif;charset=utf-8
access-control-allow-origin
*
access-control-allow-headers
Cache-Control, Pragma, *
content-length
43

Redirect headers

Pragma
no-cache
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type
text/html
Location
https://ads.yieldmo.com/sync?pn_id=rc&id=LGH8Z875-S-H54N
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
ffef7c53154b04a892ce1f9531c32cb1
Expires
0
receive
pixel.tapad.com/idsync/ex/ Frame F4F7
Redirect Chain
  • https://pixel.tapad.com/idsync/ex/receive?partner_id=3107&partner_device_id=g33bb732c9e314e02683
  • https://pixel.tapad.com/idsync/ex/receive/check?partner_id=3107&partner_device_id=g33bb732c9e314e02683
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=tapad&ttd_tpi=1&ttd_puid=f85c13a3-d03c-4262-bbee-6b71616ec533%252C%252C&gdpr=0&gdpr_consent=
  • https://pixel.tapad.com/idsync/ex/receive?partner_id=1830&partner_device_id=c3db27b5-56e8-4f77-8870-8d51c49d4722&ttd_puid=f85c13a3-d03c-4262-bbee-6b71616ec533%2C%2C
95 B
123 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.tapad.com/idsync/ex/receive?partner_id=1830&partner_device_id=c3db27b5-56e8-4f77-8870-8d51c49d4722&ttd_puid=f85c13a3-d03c-4262-bbee-6b71616ec533%2C%2C
Requested by
Host: sync-amz.ads.yieldmo.com
URL: https://sync-amz.ads.yieldmo.com/tamptsync?callback=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dym.com%26id%3D%24UID&gdpr=0
Protocol
H3
Server
34.111.113.62 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
62.113.111.34.bc.googleusercontent.com
Software
/
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
en-US,en;q=0.9
Referer
https://sync-amz.ads.yieldmo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Sat, 15 Apr 2023 00:36:10 GMT
strict-transport-security
max-age=31536000
via
1.1 google
accept-ch
Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
content-type
image/png
access-control-allow-origin
*
p3p
policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
95

Redirect headers

pragma
no-cache
date
Sat, 15 Apr 2023 00:36:10 GMT
x-aspnet-version
4.0.30319
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location
https://pixel.tapad.com/idsync/ex/receive?partner_id=1830&partner_device_id=c3db27b5-56e8-4f77-8870-8d51c49d4722&ttd_puid=f85c13a3-d03c-4262-bbee-6b71616ec533%2C%2C
content-type
text/html
cache-control
private,no-cache, must-revalidate
content-length
359
ecm3
s.amazon-adsystem.com/ Frame EF79 		43 B
479 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.amazon-adsystem.com/ecm3?ex=sharethrough.com&id=4d469659-77ed-4500-87c8-97853d0c70f4
Requested by
Host: match.sharethrough.com
URL: https://match.sharethrough.com/jwumXNuB/v1/?callback=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dsharethrough.com%26id%3D%24UID&gdpr=0
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.46.151.131 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
en-US,en;q=0.9
Referer
https://match.sharethrough.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 15 Apr 2023 00:36:10 GMT
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Server
Server
x-amz-rid
BAW1H88CJJTSWFN82TSS
Vary
Content-Type,Accept-Encoding,User-Agent
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT
v1
match.sharethrough.com/sync/ Frame EF79
Redirect Chain
  • https://match.sharethrough.com/jwumXNuB_CMA/v1/?q=1
  • https://pixel-sync.sitescout.com/dmp/pixelSync?nid=97&redir=https%3A%2F%2Fmatch.sharethrough.com%2Fsync%2Fv1%3Fsource_id%3DgBgkxrVErPj9wqivTDd2AmVY%26source_user_id%3D%7BuserId%7D&gdpr=0&gdpr_consent=
  • https://match.sharethrough.com/sync/v1?source_id=gBgkxrVErPj9wqivTDd2AmVY&source_user_id=b3ea3968-d86d-46cc-abe9-65d6c080f422-6439f179-5553&gdpr=0&gdpr_consent=
68 B
602 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.sharethrough.com/sync/v1?source_id=gBgkxrVErPj9wqivTDd2AmVY&source_user_id=b3ea3968-d86d-46cc-abe9-65d6c080f422-6439f179-5553&gdpr=0&gdpr_consent=
Requested by
Host: match.sharethrough.com
URL: https://match.sharethrough.com/jwumXNuB/v1/?callback=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dsharethrough.com%26id%3D%24UID&gdpr=0
Protocol
H2
Server
3.220.4.20 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-220-4-20.compute-1.amazonaws.com
Software
/
Resource Hash
6019c3c9e47dc991f8d9937deafbb0740c2e61e321324798cb508773b0814824

Request headers

accept-language
en-US,en;q=0.9
Referer
https://match.sharethrough.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Sat, 15 Apr 2023 00:36:10 GMT
cache-control
no-cache
content-length
68
content-type
image/png

Redirect headers

pragma
no-cache
date
Sat, 15 Apr 2023 00:36:10 GMT
server
AC1.1
p3p
CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
location
https://match.sharethrough.com/sync/v1?source_id=gBgkxrVErPj9wqivTDd2AmVY&source_user_id=b3ea3968-d86d-46cc-abe9-65d6c080f422-6439f179-5553&gdpr=0&gdpr_consent=
cache-control
max-age=0,no-cache,no-store
content-length
0
expires
Tue, 11 Oct 1977 12:34:56 GMT
v1
match.sharethrough.com/sync/ Frame EF79
Redirect Chain
  • https://match.sharethrough.com/jwumXNuB_CMA/v1/?q=2
  • https://pixel-sync.sitescout.com/dmp/pixelSync?nid=97&redir=https%3A%2F%2Fmatch.sharethrough.com%2Fsync%2Fv1%3Fsource_id%3DgBgkxrVErPj9wqivTDd2AmVY%26source_user_id%3D%7BuserId%7D&gdpr=0&gdpr_consent=
  • https://match.sharethrough.com/sync/v1?source_id=gBgkxrVErPj9wqivTDd2AmVY&source_user_id=b3ea3968-d86d-46cc-abe9-65d6c080f422-6439f179-5553&gdpr=0&gdpr_consent=
68 B
604 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.sharethrough.com/sync/v1?source_id=gBgkxrVErPj9wqivTDd2AmVY&source_user_id=b3ea3968-d86d-46cc-abe9-65d6c080f422-6439f179-5553&gdpr=0&gdpr_consent=
Requested by
Host: match.sharethrough.com
URL: https://match.sharethrough.com/jwumXNuB/v1/?callback=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dsharethrough.com%26id%3D%24UID&gdpr=0
Protocol
H2
Server
3.220.4.20 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-220-4-20.compute-1.amazonaws.com
Software
/
Resource Hash
6019c3c9e47dc991f8d9937deafbb0740c2e61e321324798cb508773b0814824

Request headers

accept-language
en-US,en;q=0.9
Referer
https://match.sharethrough.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Sat, 15 Apr 2023 00:36:10 GMT
cache-control
no-cache
content-length
68
content-type
image/png

Redirect headers

pragma
no-cache
date
Sat, 15 Apr 2023 00:36:09 GMT
server
AC1.1
p3p
CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
location
https://match.sharethrough.com/sync/v1?source_id=gBgkxrVErPj9wqivTDd2AmVY&source_user_id=b3ea3968-d86d-46cc-abe9-65d6c080f422-6439f179-5553&gdpr=0&gdpr_consent=
cache-control
max-age=0,no-cache,no-store
content-length
0
expires
Tue, 11 Oct 1977 12:34:56 GMT
v1
match.sharethrough.com/sync/ Frame EF79
Redirect Chain
  • https://match.sharethrough.com/jwumXNuB_CMA/v1/?q=3
  • https://bttrack.com/pixel/cookiesync?source=d0afdff5-c51e-4a8d-b07b-b52a29015170&secure=1
  • https://match.sharethrough.com/sync/v1?source_id=FGhqNjC2WnFmmvNpTL32LMME&source_user_id=95e1087f-85a0-4d80-a673-06b7dea75153&gdpr=${GDPR}&gdpr_consent=${GDPR_CONSENT}
68 B
610 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.sharethrough.com/sync/v1?source_id=FGhqNjC2WnFmmvNpTL32LMME&source_user_id=95e1087f-85a0-4d80-a673-06b7dea75153&gdpr=${GDPR}&gdpr_consent=${GDPR_CONSENT}
Requested by
Host: match.sharethrough.com
URL: https://match.sharethrough.com/jwumXNuB/v1/?callback=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dsharethrough.com%26id%3D%24UID&gdpr=0
Protocol
H2
Server
3.220.4.20 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-220-4-20.compute-1.amazonaws.com
Software
/
Resource Hash
6019c3c9e47dc991f8d9937deafbb0740c2e61e321324798cb508773b0814824

Request headers

accept-language
en-US,en;q=0.9
Referer
https://match.sharethrough.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Sat, 15 Apr 2023 00:36:10 GMT
cache-control
no-cache
content-length
68
content-type
image/png

Redirect headers

x-servername
Track001-iad
pragma
no-cache
date
Sat, 15 Apr 2023 00:36:05 GMT
strict-transport-security
max-age=31536000;
content-type
text/html; charset=utf-8
location
https://match.sharethrough.com/sync/v1?source_id=FGhqNjC2WnFmmvNpTL32LMME&source_user_id=95e1087f-85a0-4d80-a673-06b7dea75153&gdpr=${GDPR}&gdpr_consent=${GDPR_CONSENT}
cache-control
private,no-cache
content-length
296
expires
-1
v1
match.sharethrough.com/sync/ Frame EF79
Redirect Chain
  • https://match.sharethrough.com/jwumXNuB_CMA/v1/?q=4
  • https://pixel.rubiconproject.com/exchange/sync.php?p=18694&gdpr=0&gdpr_consent=
  • https://match.sharethrough.com/sync/v1?source_id=UiRtTsXAfjmfSDAKnR1FjWsu&source_user_id=LGH8Z875-S-H54N&gdpr=0
68 B
609 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.sharethrough.com/sync/v1?source_id=UiRtTsXAfjmfSDAKnR1FjWsu&source_user_id=LGH8Z875-S-H54N&gdpr=0
Requested by
Host: match.sharethrough.com
URL: https://match.sharethrough.com/jwumXNuB/v1/?callback=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dsharethrough.com%26id%3D%24UID&gdpr=0
Protocol
H2
Server
3.220.4.20 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-220-4-20.compute-1.amazonaws.com
Software
/
Resource Hash
6019c3c9e47dc991f8d9937deafbb0740c2e61e321324798cb508773b0814824

Request headers

accept-language
en-US,en;q=0.9
Referer
https://match.sharethrough.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Sat, 15 Apr 2023 00:36:10 GMT
cache-control
no-cache
content-length
68
content-type
image/png

Redirect headers

Pragma
no-cache
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type
text/html
Location
https://match.sharethrough.com/sync/v1?source_id=UiRtTsXAfjmfSDAKnR1FjWsu&source_user_id=LGH8Z875-S-H54N&gdpr=0
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
ffef7c53154b04a892ce1f9531c32cb1
Expires
0
ecm3
s.amazon-adsystem.com/ Frame FDA5
Redirect Chain
  • https://pixel-us-east.rubiconproject.com/exchange/sync.php?p=a9us&gdpr=0&gdpr=0&khaos=LGH8Z875-S-H54N
  • https://s.amazon-adsystem.com/ecm3?id=LGH8Z875-S-H54N&ex=d-rubiconproject.com&status=ok&gdpr=0
43 B
479 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.amazon-adsystem.com/ecm3?id=LGH8Z875-S-H54N&ex=d-rubiconproject.com&status=ok&gdpr=0
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=a9us&endpoint=us-east&gdpr=0
Protocol
HTTP/1.1
Server
52.46.151.131 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
en-US,en;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 15 Apr 2023 00:36:10 GMT
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Server
Server
x-amz-rid
XFV7Z88624Y9G27K075V
Vary
Content-Type,Accept-Encoding,User-Agent
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma
no-cache
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type
text/html
Location
https://s.amazon-adsystem.com/ecm3?id=LGH8Z875-S-H54N&ex=d-rubiconproject.com&status=ok&gdpr=0
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
d67ad46d58ddbab9fb03c088eabaaff8
Expires
0
usync.js
eus.rubiconproject.com/ Frame CC41 		34 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.js
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=gumgum
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.107.5.93 Secaucus, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-107-5-93.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash
5d357e59e464329ea174ee6add3631078f821d8190ff89db5546999578310d88

Request headers

accept-language
en-US,en;q=0.9
Referer
https://eus.rubiconproject.com/usync.html?p=gumgum
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

Date
Sat, 15 Apr 2023 00:36:10 GMT
Content-Encoding
gzip
Last-Modified
Fri, 14 Apr 2023 19:05:03 GMT
Server
Apache/2.2.15 (CentOS)
X-Powered-By
PHP/5.3.3
Vary
Accept-Encoding
Content-Type
text/html; charset=UTF-8
p3p
CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control
max-age=66510
Connection
keep-alive
Content-Length
10019
Expires
Sat, 15 Apr 2023 19:04:40 GMT
dcm
s.amazon-adsystem.com/ Frame 592A 		43 B
855 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=ZDnxevXW_NcseN8s76eLBgAAAB8AAAIB&gpp=&gpp_sid=
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&gdpr=0&s=192259&C=1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.46.151.131 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
en-US,en;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 15 Apr 2023 00:36:10 GMT
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Server
Server
x-amz-rid
42PK7H2V3BHK8VRQ7GZ7
Vary
Content-Type,Accept-Encoding,User-Agent
Content-Type
image/gif
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT
crum
dsum-sec.casalemedia.com/ Frame 592A
Redirect Chain
  • https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=ZDnxevXW-NcseN8s76eLBgAA
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEH-ZCwmV3JZhCjyQkRleEQo&google_cver=1
43 B
631 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEH-ZCwmV3JZhCjyQkRleEQo&google_cver=1
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&gdpr=0&s=192259&C=1
Protocol
HTTP/1.1
Server
192.40.39.223 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
en-US,en;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 15 Apr 2023 00:36:10 GMT
Server
Apache
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type
image/gif
Cache-Control
no-cache
Connection
Keep-Alive
Keep-Alive
timeout=1, max=497
Content-Length
43
Expires
0

Redirect headers

pragma
no-cache
date
Sat, 15 Apr 2023 00:36:10 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEH-ZCwmV3JZhCjyQkRleEQo&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
314
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
rum
dsum-sec.casalemedia.com/ Frame 592A
Redirect Chain
  • https://match.adsrvr.org/track/cmf/casale
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=39&external_user_id=c3db27b5-56e8-4f77-8870-8d51c49d4722&expiration=1684110970&gdpr=0&gdpr_consent=
43 B
631 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=39&external_user_id=c3db27b5-56e8-4f77-8870-8d51c49d4722&expiration=1684110970&gdpr=0&gdpr_consent=
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&gdpr=0&s=192259&C=1
Protocol
HTTP/1.1
Server
192.40.39.223 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
en-US,en;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 15 Apr 2023 00:36:10 GMT
Server
Apache
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type
image/gif
Cache-Control
no-cache
Connection
Keep-Alive
Keep-Alive
timeout=1, max=499
Content-Length
43
Expires
0

Redirect headers

pragma
no-cache
date
Sat, 15 Apr 2023 00:36:10 GMT
x-aspnet-version
4.0.30319
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=39&external_user_id=c3db27b5-56e8-4f77-8870-8d51c49d4722&expiration=1684110970&gdpr=0&gdpr_consent=
content-type
text/html
cache-control
private,no-cache, must-revalidate
content-length
323
usermatchredir
ssum-sec.casalemedia.com/ Frame 592A
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=ZDnxevXW_NcseN8s76eLBgAAAB8AAAIB&gdpr_consent=&us_privacy=&gdpr=&gpp=&gpp_sid=
  • https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&gpp=&gpp_sid=&google_gid=CAESEA50xXYMHMgKAGTjPgJVDrI&google_cver=1
43 B
631 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&gpp=&gpp_sid=&google_gid=CAESEA50xXYMHMgKAGTjPgJVDrI&google_cver=1
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&gdpr=0&s=192259&C=1
Protocol
HTTP/1.1
Server
192.40.39.223 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
en-US,en;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 15 Apr 2023 00:36:10 GMT
Server
Apache
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type
image/gif
Cache-Control
no-cache
Connection
Keep-Alive
Keep-Alive
timeout=1, max=498
Content-Length
43
Expires
0

Redirect headers

pragma
no-cache
date
Sat, 15 Apr 2023 00:36:10 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&gpp=&gpp_sid=&google_gid=CAESEA50xXYMHMgKAGTjPgJVDrI&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
364
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
crum
dsum-sec.casalemedia.com/ Frame 592A
Redirect Chain
  • https://cm.adgrx.com/bridge?AG_PID=casale&AG_SETCOOKIE
  • https://cm.adgrx.com/bridge.gif?AG_PID=casale
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=41&external_user_id=84a85772-db25-11ed-8315-2ee2ecd483e8
43 B
631 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=41&external_user_id=84a85772-db25-11ed-8315-2ee2ecd483e8
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&gdpr=0&s=192259&C=1
Protocol
HTTP/1.1
Server
192.40.39.223 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
en-US,en;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 15 Apr 2023 00:36:10 GMT
Server
Apache
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type
image/gif
Cache-Control
no-cache
Connection
Keep-Alive
Keep-Alive
timeout=1, max=500
Content-Length
43
Expires
0

Redirect headers

pragma
no-cache
date
Sat, 15 Apr 2023 00:36:10 GMT
server
Cowboy
content-type
image/gif
location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=41&external_user_id=84a85772-db25-11ed-8315-2ee2ecd483e8
access-control-allow-origin
*
p3p
CP="NOI OTC OTP OUR NOR"
cache-control
no-cache, no-store, must-revalidate, proxy-revalidate
x-realserver-nx
lga-delivery-1
content-length
0
expires
Thu, 23 Sep 2004 17:42:04 GMT
crum
dsum-sec.casalemedia.com/ Frame 592A
Redirect Chain
  • https://secure.adnxs.com/getuid?https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=$UID
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=4326297819836415887
43 B
631 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=4326297819836415887
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&gdpr=0&s=192259&C=1
Protocol
HTTP/1.1
Server
192.40.39.223 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
en-US,en;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 15 Apr 2023 00:36:10 GMT
Server
Apache
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type
image/gif
Cache-Control
no-cache
Connection
Keep-Alive
Keep-Alive
timeout=1, max=498
Content-Length
43
Expires
0

Redirect headers

Date
Sat, 15 Apr 2023 00:36:10 GMT
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection
keep-alive
X-Proxy-Origin
167.88.7.162; 167.88.7.162; 669.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
Content-Length
0
X-XSS-Protection
0
Pragma
no-cache
AN-X-Request-Uuid
613c128f-4ad8-4503-824f-d705b9aca49b
Server
nginx/1.23.2
Accept-CH
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type
text/html; charset=utf-8
Access-Control-Allow-Origin
*
Location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=4326297819836415887
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Expires
Sat, 15 Nov 2008 16:00:00 GMT
ZDnxevXW_NcseN8s76eLBgAAAB8AAAIB
pr-bh.ybp.yahoo.com/sync/casale/ Frame 592A
Redirect Chain
  • https://ups.analytics.yahoo.com/ups/55940/sync?_origin=1&redir2=true&uid=ZDnxevXW_NcseN8s76eLBgAAAB8AAAIB&gdpr_consent=&us_privacy=&gdpr=&gpp=&gpp_sid=
  • https://pr-bh.ybp.yahoo.com/sync/casale/ZDnxevXW_NcseN8s76eLBgAAAB8AAAIB?us_privacy=
43 B
602 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pr-bh.ybp.yahoo.com/sync/casale/ZDnxevXW_NcseN8s76eLBgAAAB8AAAIB?us_privacy=
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&gdpr=0&s=192259&C=1
Protocol
H2
Server
2600:1f18:4e9:5a02:9485:f56c:9e9b:dee5 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
ATS /
Resource Hash
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
Security Headers
Name Value
Content-Security-Policy sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
en-US,en;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Sat, 15 Apr 2023 00:36:10 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
referrer-policy
strict-origin-when-cross-origin
server
ATS
content-security-policy
sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options
DENY
content-type
image/gif
content-length
43

Redirect headers

location
https://pr-bh.ybp.yahoo.com/sync/casale/ZDnxevXW_NcseN8s76eLBgAAAB8AAAIB?us_privacy=
date
Sat, 15 Apr 2023 00:36:10 GMT
strict-transport-security
max-age=31536000
server
ATS/9.1.10.25
age
0
content-length
0
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
crum
dsum-sec.casalemedia.com/ Frame 592A
Redirect Chain
  • https://s.company-target.com/s/ix?cm_dsp_id=18&us_privacy=&gdpr=&gdpr_consent=&gpp=&gpp_sid=
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=18&expiration=1697330170&external_user_id=c7f3354c-f78d-491a-95dc-e3e12716e038
43 B
631 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=18&expiration=1697330170&external_user_id=c7f3354c-f78d-491a-95dc-e3e12716e038
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&gdpr=0&s=192259&C=1
Protocol
HTTP/1.1
Server
192.40.39.223 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
en-US,en;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 15 Apr 2023 00:36:10 GMT
Server
Apache
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type
image/gif
Cache-Control
no-cache
Connection
Keep-Alive
Keep-Alive
timeout=1, max=496
Content-Length
43
Expires
0

Redirect headers

date
Sat, 15 Apr 2023 00:36:10 GMT
via
1.1 google
access-control-allow-methods
GET,OPTIONS
content-type
text/html; charset=utf-8
access-control-allow-origin
*.casalemedia.com
location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=18&expiration=1697330170&external_user_id=c7f3354c-f78d-491a-95dc-e3e12716e038
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
157
ecm3
s.amazon-adsystem.com/ Frame 592A 		43 B
479 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.amazon-adsystem.com/ecm3?ex=index.com&id=ZDnxevXW_NcseN8s76eLBgAAAB8AAAIB
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&gdpr=0&s=192259&C=1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.46.151.131 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
en-US,en;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 15 Apr 2023 00:36:10 GMT
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Server
Server
x-amz-rid
0P3R0CK32E7373KBK15E
Vary
Content-Type,Accept-Encoding,User-Agent
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT
view
securepubads.g.doubleclick.net/pcs/ Frame 8D63 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsu9fKCNdjJUUWmApNRHh8INNOF3rDUvXtPEi-dbWUcv56AYCR8ILQT13oeI0QJZNf5DtHHav5pHlsphR-C2vFYl2uhlkm2w3BS8wi6rKicPUHslsKlyBw_6WKevqnG4U_QpK6m7f4LiSuy-khFY4uRyxLs_OiMy_bjAE-WktTjgf5y7M9KEHHiZhkzahDeSvDe9BtzmPWcbw3I3kFPgbNjG9yc8khZ2QJp-J3jkIHX15-Btrtd26eLCiwg7d-bWDIjwYpoG6AV-hl1z-zN51Bexq4qUzjh7MfxTCXb0qVBdI9FbzDCYf6B8LXs9YYfhRISX8RCIjUkz83k&sai=AMfl-YST_SBYa3qDJz4HxuqG-hDDCerCpDwqYIn5A35KgtXIFNEmZIZOb2Sy7EJy6G5Od1Kg6tDxDyDmNpSDDCyVSdnfT_GgaSurAtg5gwlToh0QeiiUpQnf5mi_lEIaH9MTOf_hsXLWtoMIA7fVpulx&sig=Cg0ArKJSzFnog7-p2atKEAE&uach_m=[UACH]&adurl=
Requested by
Host: www.cpomagazine.com
URL: https://www.cpomagazine.com/cyber-security/suspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4020:805::2002 Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Sat, 15 Apr 2023 00:36:10 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
sodar
pagead2.googlesyndication.com/pagead/ Frame 3ADD 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_m202304130101&jk=4164485387214954&rc=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4020:805::2002 Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers
pixel
cm.g.doubleclick.net/ Frame FDA5
Redirect Chain
  • https://token.rubiconproject.com/token?pid=2249&pt=n&gdpr=0
  • https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=NjIwYzdhNzJlMTNlOTI1Y2E0YTEyNmQ0MzgzZDMzODM2NjI5ZmIyYQ&gdpr=0
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=NjIwYzdhNzJlMTNlOTI1Y2E0YTEyNmQ0MzgzZDMzODM2NjI5ZmIyYQ&gdpr=0
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=a9us&endpoint=us-east&gdpr=0
Protocol
H3
Server
172.217.13.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
yul03s04-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 15 Apr 2023 00:36:10 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=NjIwYzdhNzJlMTNlOTI1Y2E0YTEyNmQ0MzgzZDMzODM2NjI5ZmIyYQ&gdpr=0
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
af308bb17a856a105b8c87aaae7d7f8c
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
pixel
cm.g.doubleclick.net/ Frame FDA5
Redirect Chain
  • https://token.rubiconproject.com/token?pid=25470&gdpr=0
  • https://cm.g.doubleclick.net/pixel?google_nid=rp&google_cm&google_hm=TEdIOFo4NzUtUy1INTRO&gdpr=0
  • https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&gdpr=0&google_gid=CAESELCPKi4I-JlPxKxkEURluWc&google_cver=1
  • https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEdIOFo4NzUtUy1INTRO&google_push=&gdpr=0
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEdIOFo4NzUtUy1INTRO&google_push=&gdpr=0
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=a9us&endpoint=us-east&gdpr=0
Protocol
H3
Server
172.217.13.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
yul03s04-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 15 Apr 2023 00:36:10 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma
no-cache
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type
text/html
Location
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEdIOFo4NzUtUy1INTRO&google_push=&gdpr=0
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
966e54b6201ecd300c4db0efc0f5781a
Expires
0
ecm3
s.amazon-adsystem.com/ Frame FDA5
Redirect Chain
  • https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=&gdpr=0
  • https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=VTXaWPVoTK6_LZil9ohYtw&rk=usync-na&gdpr=0
  • https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=VTXaWPVoTK6_LZil9ohYtw&gdpr=0
43 B
479 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=VTXaWPVoTK6_LZil9ohYtw&gdpr=0
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=a9us&endpoint=us-east&gdpr=0
Protocol
HTTP/1.1
Server
52.46.151.131 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
en-US,en;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 15 Apr 2023 00:36:10 GMT
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Server
Server
x-amz-rid
YQ84MV3C8N5C41F31JE1
Vary
Content-Type,Accept-Encoding,User-Agent
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Location
https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=VTXaWPVoTK6_LZil9ohYtw&gdpr=0
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
19ea072139d67f7022c6e463249c998e
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
tap.php
pixel.rubiconproject.com/ Frame FDA5
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc&gdpr=0
  • https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&gdpr=0&put=CAESEAF0Nrs--9yYDnmI4v4USPE&google_cver=1
42 B
702 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&gdpr=0&put=CAESEAF0Nrs--9yYDnmI4v4USPE&google_cver=1
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=a9us&endpoint=us-east&gdpr=0
Protocol
HTTP/1.1
Server
69.173.151.100 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
en-US,en;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

Content-Type
image/gif
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
42
X-RPHost
a0d1cefc91c6f8b22fd2adf3abe06a61
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

pragma
no-cache
date
Sat, 15 Apr 2023 00:36:10 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&gdpr=0&put=CAESEAF0Nrs--9yYDnmI4v4USPE&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
337
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
tap.php
pixel.rubiconproject.com/ Frame FDA5
Redirect Chain
  • https://match.adsrvr.org/track/cmf/rubicon?gdpr=0
  • https://pixel.rubiconproject.com/tap.php?v=8981&nid=2307&put=c3db27b5-56e8-4f77-8870-8d51c49d4722&gdpr=0&gdpr_consent=&expires=30
42 B
702 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.rubiconproject.com/tap.php?v=8981&nid=2307&put=c3db27b5-56e8-4f77-8870-8d51c49d4722&gdpr=0&gdpr_consent=&expires=30
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=a9us&endpoint=us-east&gdpr=0
Protocol
HTTP/1.1
Server
69.173.151.100 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
en-US,en;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

Content-Type
image/gif
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
42
X-RPHost
382e2818ca015d35b02cd449aa60881d
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

pragma
no-cache
date
Sat, 15 Apr 2023 00:36:10 GMT
x-aspnet-version
4.0.30319
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location
https://pixel.rubiconproject.com/tap.php?v=8981&nid=2307&put=c3db27b5-56e8-4f77-8870-8d51c49d4722&gdpr=0&gdpr_consent=&expires=30
content-type
text/html
cache-control
private,no-cache, must-revalidate
content-length
289
setuid
px.ads.linkedin.com/ Frame FDA5
Redirect Chain
  • https://token.rubiconproject.com/token?pid=36584&gdpr=0
  • https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=LGH8Z875-S-H54N&gdpr=0
0
515 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=LGH8Z875-S-H54N&gdpr=0
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=a9us&endpoint=us-east&gdpr=0
Protocol
H2
Server
2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-US,en;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Sat, 15 Apr 2023 00:36:10 GMT
x-li-pop
afd-prod-lva1-x
x-msedge-ref
Ref A: 29B1740058AF4A5FA1C51483ED8FC8DC Ref B: CHGEDGE1010 Ref C: 2023-04-15T00:36:10Z
linkedin-action
1
x-cache
CONFIG_NOCACHE
x-li-fabric
prod-lva1
x-li-proto
http/2
content-length
0
x-li-uuid
AAX5VSTuHATgZuDM7Z8Nzw==

Redirect headers

Location
https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=LGH8Z875-S-H54N&gdpr=0
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
19c1ac3b9706c83a73951eba4d239689
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
dcm
aax-eu.amazon-adsystem.com/s/ Frame FDA5 		43 B
855 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=&gdpr=0
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=a9us&endpoint=us-east&gdpr=0
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.94.220.185 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
en-US,en;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 15 Apr 2023 00:36:10 GMT
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Server
Server
x-amz-rid
R60GBC2SM938AB7543MX
Vary
Content-Type,Accept-Encoding,User-Agent
Content-Type
image/gif
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT
tap.php
pixel.rubiconproject.com/ Frame FDA5
Redirect Chain
  • https://token.rubiconproject.com/token?pid=2974&pt=n&a=1&gdpr=0
  • https://pr-bh.ybp.yahoo.com/sync/rubicon/WnRS3bz-64Mav0cfwGMBOQ?csrc=&gdpr=0
  • https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=y-XyqTsFpE2oK7pj2f_Y95FyFWeDQso3roUa0Nxg--~A
42 B
722 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=y-XyqTsFpE2oK7pj2f_Y95FyFWeDQso3roUa0Nxg--~A
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=a9us&endpoint=us-east&gdpr=0
Protocol
HTTP/1.1
Server
69.173.151.100 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
en-US,en;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

Content-Type
image/gif
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
42
X-RPHost
c1df09169f58a071f2a391dff1b3307b
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

date
Sat, 15 Apr 2023 00:36:10 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
referrer-policy
strict-origin-when-cross-origin
server
ATS
content-security-policy
sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options
DENY
location
https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=y-XyqTsFpE2oK7pj2f_Y95FyFWeDQso3roUa0Nxg--~A
content-length
0
PugMaster
image6.pubmatic.com/AdServer/ Frame C7A1 		2 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=2014844&p=0&s=0&a=0&ptask=ALL&np=0&fp=0&rp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=0&gdprConsent=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.36.115.113 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
fdb425159f23a230e2ec11386d373f11e59ab8d539a52f0babbb66676e5d9e72

Request headers

accept-language
en-US,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

content-type
text/html; charset=UTF-8
date
Sat, 15 Apr 2023 00:36:09 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
truncated
/ Frame 8D63 		214 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
692c2fc940c7b6c310531bceab088550a70f7ce6b391e6f766e3184595337862

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

Content-Type
image/png
view
securepubads.g.doubleclick.net/pcs/ Frame 8D63 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuykwqXRnKg5Je1P4JSzw554p146zfJU8aHyu41YUabt1sAYRjj4hg49FGXGRRgZZJBSWzFZVg72i3FbSnVRmMVxlMpLm9MqrlBBBe7ORyAlL8Oh437KDh8tud9Sx2nXwp0DQbKAWOaSspr-COY2XL1c3ENzhszcAzUSSvu2gRFy2xBhVGKe_LKt7an0SY7ldxVOMeXx-nMBvGYpibofZYwAMBArmiV5Qa9fuZ7DkKp5d9sj7Z2eXwFLdZBRXlC63J5gyYyKgCUudcVUxjXeblCwEqziU2-quvAdc0oBeiTr4J9JliXDivjL3pc1oiF8kIwWidjm-zZTVBYtg&sai=AMfl-YREeoPWF0Aa6iUs3njNCe2Dhk2VkbNLBF2qWn-D86zFWTT-Aq26uN2l0aGXzTzOxvbI8v2FP0wm1h_xwqF06hynjyv8BtFeEjzHhyYhkgtnj5MzO8fKEBTk4x7ALq6tHrrHmS3IXcLftW3_DKIM&sig=Cg0ArKJSzO89eSb_5T5eEAE&uach_m=[UACH]&adurl=
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4020:805::2002 Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Sat, 15 Apr 2023 00:36:10 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Sat, 15 Apr 2023 00:36:10 GMT
usersync
usersync.gumgum.com/ Frame CC41
Redirect Chain
  • https://pixel.rubiconproject.com/exchange/sync.php?p=gumgum&gdpr_consent=undefined&gdpr=0&khaos=LGH8Z875-S-H54N
  • https://usersync.gumgum.com/usersync?b=mag&i=LGH8Z875-S-H54N&gdpr=0&gdpr_consent=undefined
35 B
250 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://usersync.gumgum.com/usersync?b=mag&i=LGH8Z875-S-H54N&gdpr=0&gdpr_consent=undefined
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=gumgum
Protocol
HTTP/1.1
Server
54.87.127.173 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-87-127-173.compute-1.amazonaws.com
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
en-US,en;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

Content-Type
image/gif
Pragma
no-cache
Date
Sat, 15 Apr 2023 00:36:10 GMT
Cache-Control
private, no-store, must-revalidate, max-age=0
Connection
keep-alive
Content-Length
35
Expires
0

Redirect headers

Pragma
no-cache
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type
text/html
Location
https://usersync.gumgum.com/usersync?b=mag&i=LGH8Z875-S-H54N&gdpr=0&gdpr_consent=undefined
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
b5ba23d75d0dcd35432b720d73e3149b
Expires
0
rum.js
securepubads.g.doubleclick.net/pagead/js/ Frame 8D63 		63 KB
23 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pagead/js/rum.js
Requested by
Host: www.cpomagazine.com
URL: https://www.cpomagazine.com/cyber-security/suspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4020:805::2002 Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
fea6ea9b6b0765ec97bb7d710da40a4416285fbe81016e64ff38adf03b11493b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Fri, 14 Apr 2023 23:59:03 GMT
content-encoding
br
x-content-type-options
nosniff
age
2227
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
23897
x-xss-protection
0
server
cafe
etag
4499765138105498878
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=3600
timing-allow-origin
*
expires
Sat, 15 Apr 2023 00:59:03 GMT
b9pj45k4
sync-tm.everesttech.net/upi/pid/ Frame D24B 		85 B
259 B 		Document
General
Check archive.org
Download Go to
Full URL
https://sync-tm.everesttech.net/upi/pid/b9pj45k4?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=${TM_USER_ID}&gdpr=1&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=0&gdprConsent=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.49 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Jetty(9.4.35.v20201120) /
Resource Hash
acccc501aa6afa3cfac15e8ddccf1561deed2ed08c2f7d652abbdbe9aa71609a

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

accept-ranges
bytes
access-control-allow-origin
*
cache-control
no-cache
content-length
85
content-type
image/png
date
Sat, 15 Apr 2023 00:36:10 GMT
p3p
CP="NOI DSP COR LAW PSAo PSDo IVAo IVDo OUR BUS UNI DEM"
pragma
no-cache
server
Jetty(9.4.35.v20201120)
via
1.1 varnish
x-cache
MISS
x-cache-hits
0
x-served-by
cache-chi-kigq8000029-CHI
x-timer
S1681518971.668409,VS0,VE20
dcm
s.amazon-adsystem.com/ Frame 3B4D 		43 B
855 B 		Document
General
Check archive.org
Download Go to
Full URL
https://s.amazon-adsystem.com/dcm?pid=3b882453-6770-4785-baf8-a598533c054a&id=8F824F89-013C-46A9-87E2-69523480120E&redir=true&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=0&gdprConsent=
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.46.151.131 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
43
Content-Type
image/gif
Date
Sat, 15 Apr 2023 00:36:10 GMT
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Pragma
no-cache
Server
Server
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Vary
Content-Type,Accept-Encoding,User-Agent
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
x-amz-rid
TYEWB76871JFTWTZY0F6
Pug
image2.pubmatic.com/AdServer/ Frame EDF3
Redirect Chain
  • https://match.prod.bidr.io/cookie-sync/pm?gdpr=0&gdpr_consent=
  • https://cm.g.doubleclick.net/pixel?google_nid=beeswaxio&google_sc=&google_hm=QUFFUW9rN0ljLU1BQUNBN1U3RFhJUQ&gdpr=0&gdpr_consent=&bee_sync_partners=sas%2Csyn%2Cpp%2Cpm&bee_sync_current_partner=adx&b...
  • https://match.prod.bidr.io/cookie-sync/adx?gdpr=0&gdpr_consent=&bee_sync_partners=sas%2Csyn%2Cpp%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sync_hop_count=1
  • https://rtb-csync.smartadserver.com/redir?partnerid=127&partneruserid=AAEQok7Ic-MAACA7U7DXIQ&redirurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fgdpr%3D0%26bee_sync_partners%3Dsyn%252Cpp%252C...
  • https://match.prod.bidr.io/cookie-sync?gdpr=0&bee_sync_partners=syn%2Cpp%2Cpm&bee_sync_current_partner=sas&bee_sync_initiator=adx&bee_sync_hop_count=2&userid=8001528019965322294&gdpr=0&gdpr_consent=
  • https://sync.technoratimedia.com/services?srv=cs&pid=73&uid=AAEQok7Ic-MAACA7U7DXIQ&cb=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fgdpr%3D0%26userid%3D8001528019965322294%26gdpr%3D0%26gdpr_cons...
  • https://match.prod.bidr.io/cookie-sync?gdpr=0&userid=8001528019965322294&gdpr=0&gdpr_consent=&bee_sync_partners=pp%2Cpm&bee_sync_current_partner=syn&bee_sync_initiator=adx&bee_sync_hop_count=3
  • https://bh.contextweb.com/bh/rtset?do=add&pid=558502&ev=AAEQok7Ic-MAACA7U7DXIQ&rurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fgdpr%3D0%26userid%3D8001528019965322294%26gdpr%3D0%26bee_sync_pa...
  • https://match.prod.bidr.io/cookie-sync?gdpr=0&userid=8001528019965322294&gdpr=0&bee_sync_partners=pm&bee_sync_current_partner=pp&bee_sync_initiator=adx&bee_sync_hop_count=4&ev=AAEQok7Ic-MAACA7U7DXI...
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyOTcmdGw9MTI5NjAw&piggybackCookie=AAEQok7Ic-MAACA7U7DXIQ&gdpr=0
42 B
279 B 		Document
General
Check archive.org
Download Go to
Full URL
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyOTcmdGw9MTI5NjAw&piggybackCookie=AAEQok7Ic-MAACA7U7DXIQ&gdpr=0
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=0&gdprConsent=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
162.248.18.37 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

cache-control
no-store, no-cache, private
content-length
42
content-type
image/gif; charset=utf-8
date
Sat, 15 Apr 2023 00:36:11 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
nginx

Redirect headers

Connection
keep-alive
Content-Length
0
Date
Sat, 15 Apr 2023 00:36:11 GMT
Server
gunicorn
location
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyOTcmdGw9MTI5NjAw&piggybackCookie=AAEQok7Ic-MAACA7U7DXIQ&gdpr=0
strict-transport-security
max-age=2592000; includeSubDomains
usersync
usersync.gumgum.com/ Frame 1F3E 		35 B
250 B 		Document
General
Check archive.org
Download Go to
Full URL
https://usersync.gumgum.com/usersync?b=pbm&i=8F824F89-013C-46A9-87E2-69523480120E
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=0&gdprConsent=
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
54.87.127.173 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-87-127-173.compute-1.amazonaws.com
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

Cache-Control
private, no-store, must-revalidate, max-age=0
Connection
keep-alive
Content-Length
35
Content-Type
image/gif
Date
Sat, 15 Apr 2023 00:36:10 GMT
Expires
0
Pragma
no-cache
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame C7A1
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=j4JPiQE8RqmH4mlSNIASDg%3D%3D&gdpr=0&gdpr_consent=
  • https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=&gdpr=0&gdpr_consent=
4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=&gdpr=0&gdpr_consent=
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/amzns2s?r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dgg.com%26id%3D&gdpr=0
Protocol
H2
Server
96.16.25.21 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a96-16-25-21.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-US,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Sat, 15 Apr 2023 00:36:10 GMT
content-encoding
gzip
last-modified
Fri, 16 Dec 2022 06:36:49 GMT
server
Apache
vary
Accept-Encoding
content-type
text/html
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control
max-age=26751
accept-ranges
bytes
content-length
5554
expires
Sat, 15 Apr 2023 08:02:01 GMT

Redirect headers

pragma
no-cache
date
Sat, 15 Apr 2023 00:36:10 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=&gdpr=0&gdpr_consent=
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
301
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
qmap
sync.crwdcntrl.net/ Frame C7A1 		49 B
264 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.crwdcntrl.net/qmap?c=240&tp=PUBM&tpid=8F824F89-013C-46A9-87E2-69523480120E&gdpr=0&gdpr_consent=
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/amzns2s?r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dgg.com%26id%3D&gdpr=0
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
44.206.197.88 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-44-206-197-88.compute-1.amazonaws.com
Software
Jetty(9.4.38.v20210224) /
Resource Hash
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

accept-language
en-US,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 15 Apr 2023 00:36:10 GMT
server
Jetty(9.4.38.v20210224)
content-type
image/gif
p3p
CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin
*
cache-control
no-cache
x-server
10.40.32.71
content-length
49
expires
0
xuid
eb2.3lift.com/ Frame C7A1 		37 B
354 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://eb2.3lift.com/xuid?mid=7976&xuid=8F824F89-013C-46A9-87E2-69523480120E&dongle=u6nf&gdpr=0&gdpr_consent=
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/amzns2s?r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dgg.com%26id%3D&gdpr=0
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.223.22.214 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
afb83dd09526a6517.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language
en-US,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

content-type
image/gif
date
Sat, 15 Apr 2023 00:36:10 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
37
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
insync
thrtle.com/ Frame C7A1
Redirect Chain
  • https://thrtle.com/insync?vxii_pid=10067&vxii_pdid=8F824F89-013C-46A9-87E2-69523480120E&gdpr=0&gdpr_consent=
  • https://thrtle.com/insync?gdpr=0&gdpr_consent=&vxii_pdid=8F824F89-013C-46A9-87E2-69523480120E&vxii_pid=12&vxii_pid1=10067&vxii_rcid=79a878e0-1f8a-447f-bc90-0ded5b1389f8
43 B
294 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://thrtle.com/insync?gdpr=0&gdpr_consent=&vxii_pdid=8F824F89-013C-46A9-87E2-69523480120E&vxii_pid=12&vxii_pid1=10067&vxii_rcid=79a878e0-1f8a-447f-bc90-0ded5b1389f8
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/amzns2s?r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dgg.com%26id%3D&gdpr=0
Protocol
H2
Server
3.229.9.249 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-229-9-249.compute-1.amazonaws.com
Software
/
Resource Hash
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language
en-US,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

p3p
CP="NOI OUR BUS UNI COM NAV"
date
Sat, 15 Apr 2023 00:36:10 GMT
content-length
43
content-type
image/gif

Redirect headers

location
https://thrtle.com/insync?gdpr=0&gdpr_consent=&vxii_pdid=8F824F89-013C-46A9-87E2-69523480120E&vxii_pid=12&vxii_pid1=10067&vxii_rcid=79a878e0-1f8a-447f-bc90-0ded5b1389f8
date
Sat, 15 Apr 2023 00:36:10 GMT
content-type
text/html; charset=utf-8
content-length
211
p3p
CP="NOI OUR BUS UNI COM NAV"
Pug
image2.pubmatic.com/AdServer/ Frame C7A1
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=OEY4MjRGODktMDEzQy00NkE5LTg3RTItNjk1MjM0ODAxMjBF&gdpr=0&gdpr_consent=
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
42 B
95 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/amzns2s?r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dgg.com%26id%3D&gdpr=0
Protocol
H2
Server
162.248.18.37 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
en-US,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

content-type
image/gif; charset=utf-8
date
Sat, 15 Apr 2023 00:36:10 GMT
cache-control
no-store, no-cache, private
server
nginx
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma
no-cache
date
Sat, 15 Apr 2023 00:36:10 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
313
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
Pug
image2.pubmatic.com/AdServer/ Frame C7A1
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent=
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEPT30VTqeIxYobAh8GyettA&google_cver=1
42 B
296 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEPT30VTqeIxYobAh8GyettA&google_cver=1
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/amzns2s?r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dgg.com%26id%3D&gdpr=0
Protocol
H2
Server
162.248.18.37 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
en-US,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

content-type
image/gif; charset=utf-8
date
Sat, 15 Apr 2023 00:36:10 GMT
cache-control
no-store, no-cache, private
server
nginx
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma
no-cache
date
Sat, 15 Apr 2023 00:36:10 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEPT30VTqeIxYobAh8GyettA&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
379
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
Pug
image2.pubmatic.com/AdServer/ Frame C7A1
Redirect Chain
  • https://um.simpli.fi/pubmatic?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODA2JnRsPTUxODQwMA==&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent=
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTgwNiZ0bD01MTg0MDA=&piggybackCookie=uid:E413E3FEFADF4A0294187682FE2624B3
42 B
438 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTgwNiZ0bD01MTg0MDA=&piggybackCookie=uid:E413E3FEFADF4A0294187682FE2624B3
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/amzns2s?r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dgg.com%26id%3D&gdpr=0
Protocol
H2
Server
162.248.18.37 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
en-US,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

content-type
image/gif; charset=utf-8
date
Sat, 15 Apr 2023 00:36:10 GMT
cache-control
no-store, no-cache, private
server
nginx
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

date
Sat, 15 Apr 2023 00:36:10 GMT
strict-transport-security
max-age=63072000; includeSubdomains; preload
x-content-type-options
nosniff
server
openresty
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/html
location
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTgwNiZ0bD01MTg0MDA=&piggybackCookie=uid:E413E3FEFADF4A0294187682FE2624B3
access-control-allow-origin
*
cache-control
no-cache
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length
142
expires
Fri, 14 Apr 2023 00:36:10 GMT
Pug
simage2.pubmatic.com/AdServer/ Frame C7A1
Redirect Chain
  • https://ad.turn.com/r/cs?pid=1&gdpr=0&gdpr_consent=
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=3892945779723086819&gdpr=0&gdpr_consent=&us_privacy=
1 B
275 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=3892945779723086819&gdpr=0&gdpr_consent=&us_privacy=
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/amzns2s?r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dgg.com%26id%3D&gdpr=0
Protocol
H2
Server
8.28.7.83 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-US,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

content-type
text/html; charset=utf-8
date
Sat, 15 Apr 2023 00:36:10 GMT
cache-control
no-store, no-cache, private
server
nginx
content-length
1
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=3892945779723086819&gdpr=0&gdpr_consent=&us_privacy=
pragma
no-cache
date
Sat, 15 Apr 2023 00:36:10 GMT
cache-control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length
0
p3p
policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Pug
simage2.pubmatic.com/AdServer/ Frame C7A1
Redirect Chain
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent=
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=c3db27b5-56e8-4f77-8870-8d51c49d4722&gdpr=0&gdpr_consent=
42 B
509 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=c3db27b5-56e8-4f77-8870-8d51c49d4722&gdpr=0&gdpr_consent=
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/amzns2s?r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dgg.com%26id%3D&gdpr=0
Protocol
H2
Server
8.28.7.83 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
en-US,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

content-type
image/gif; charset=utf-8
date
Sat, 15 Apr 2023 00:36:10 GMT
cache-control
no-store, no-cache, private
server
nginx
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma
no-cache
date
Sat, 15 Apr 2023 00:36:10 GMT
x-aspnet-version
4.0.30319
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=c3db27b5-56e8-4f77-8870-8d51c49d4722&gdpr=0&gdpr_consent=
content-type
text/html
cache-control
private,no-cache, must-revalidate
content-length
355
SPug
image4.pubmatic.com/AdServer/ Frame C7A1
Redirect Chain
  • https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=8F824F89-013C-46A9-87E2-69523480120E&redir=true&gdpr=0&gdpr_consent=
  • https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-MFedkXZE2uWeas7r2vy0qmwBo7bypSQ-~A&gdpr=0
0
260 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-MFedkXZE2uWeas7r2vy0qmwBo7bypSQ-~A&gdpr=0
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/amzns2s?r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dgg.com%26id%3D&gdpr=0
Protocol
H2
Server
8.28.7.84 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-US,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Sat, 15 Apr 2023 00:36:10 GMT
cache-control
no-store, no-cache, private
server
nginx
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

location
https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-MFedkXZE2uWeas7r2vy0qmwBo7bypSQ-~A&gdpr=0
date
Sat, 15 Apr 2023 00:36:10 GMT
strict-transport-security
max-age=31536000
server
ATS/9.1.10.25
age
0
content-length
0
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
8F824F89-013C-46A9-87E2-69523480120E
pr-bh.ybp.yahoo.com/sync/pubmatic/ Frame C7A1 		43 B
602 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pr-bh.ybp.yahoo.com/sync/pubmatic/8F824F89-013C-46A9-87E2-69523480120E?gdpr=0&gdpr_consent=
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/amzns2s?r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dgg.com%26id%3D&gdpr=0
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f18:4e9:5a02:9485:f56c:9e9b:dee5 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
ATS /
Resource Hash
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
Security Headers
Name Value
Content-Security-Policy sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
en-US,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Sat, 15 Apr 2023 00:36:10 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
referrer-policy
strict-origin-when-cross-origin
server
ATS
content-security-policy
sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options
DENY
content-type
image/gif
content-length
43
csi
csi.gstatic.com/ Frame 8D63 		0
54 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://csi.gstatic.com/csi?v=2&s=pagead&action=csi_pagead&dmc=8&puid=1~lgh8z9k1&chm=1&c=4164485387214954&ctx=2&qqid=CKmn7qbSqv4CFcL8swodZzUMfA&met.4=fb.9q~lb.bn~ol.fh~idt.1ko~dt.-e5&met.3=733.c0~748.d1~749.d3~742.bz_1c~739.db~736.dr~735.f3_2~738.ff~740.fm_1~113.ku_b~112.kt_c&met.1=1.lgh8z8z8~14.7~15.0~16.7~17.7~18.7~19.7~20.7~21.7~22.as~23.as&met.7=CBwQChgBICgoKDCNAThlaClwjAF4tR2AAYkbiAGRPbABAbgBAw~CBcQBhgBICooKjCxATiIAWgscFl4o6gGgAH3pQaIAfelBrABAbgBAw~CAkQChgBICooKjCZAThwaCxwiwF44EaAAbREiAGSrwGwAQG4AQM~CB4QChgBICooKjBYOC5oLHBXeIAMgAHUCYgBgRWwAQG4AQM~CE0QChgBICooKjCiAjj4AUArSDhQOFiaAWBjaJsBcOcBeLWHA4ABiYUDiAGZ9wmwAQG4AQM~CCIQBBgBIOQCKOQCMK4DOEto5AJwrQN4rAKwAQG4AQM~CCIQBBgBINoDKNoDMKcEOE1o2wNwpgR4rAKwAQG4AQM~CCgQChgBILsEKLsEMIIFOEdovwRw_wR4hb0BgAHZugGIAYv1A7ABAbgBAw
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/js/rum.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:32::3 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 15 Apr 2023 00:36:10 GMT
last-modified
Wed, 21 Jan 2004 19:51:30 GMT
server
Golfe2
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
generate_204
tpc.googlesyndication.com/ Frame E3CA 		0
10 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/generate_204?AZweMw
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4020:807::2001 Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-US,en;q=0.9
Referer
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Sat, 15 Apr 2023 00:36:10 GMT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
sodar
pagead2.googlesyndication.com/pagead/ 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_m202304130101&jk=4164485387214954&bg=!QkGlQRXNAAZA7GLoYOw7ADkAdvg8WpLrOnoATEICFx-6dy74YZHOtMVXaUu1oGwKaLYycNGZEASVb3TIc8KcmcB62u9rC34EmEwCAAACqlIAAAADaAEHCgAoySDnMJkg9AtYW2JQzWuRxMgSfo2by0grMTUuCF5Cz3U7PuGVcF0nL5kCzJFsSyq_y6ZVGD8Bm2wrJVUYjOT2Ji9avAxXaefmdRzQCkqJCJluxUluRbD2O60kF13RAL6ACs3vK7FKTczrmiu3aHYaRNVYk6L6FkxRyEJIj6juKpOTNSL5_VnfulvqadfQgCAyX-clB-0fbIXPKCtg1cxX95jnXQMG46LQjuci-aYHwkOlK58kV1ai9LHHgIbQPhshOJAQNybkG9hdoyff6gE1ah1drVhgJHaW8HlSeyPWEEOBqIfVoFW1B1tIXzGm7U2iWFrzcF_JCA-EZK4i3LNYO78tjRjrsKfvyAH1bYfof2G0WKG9h53az3leOBMd2miwjSna6Rt6htsj-InyqevH8dZKMFPSZx8cTSvV4c42PEganoAkf_bhg_RtCZhJwO7r6qQa0i_OEFpCbrJmSZAyaib2IrFa2FsBf0XjzE1vF9sGw_iQFc07RqKiCQBWwUskpR2hyXQxhzaYCCfUe9P5cYCrOIFVR0KY6H_HU-Eew_FmtVO_gNj1bkG3zfZ4mmXubXIK28PqYSG3vCVHpWtwDepp9ka-t5Ndk_U_pmUtyb9NBQavfbGNOoAf6pCNkrqSQ4JZ6PgLvj5QGEPp1E0z4B0DwPVY_twoBOftMrd2L7_15BQwsgyhO_YCODVrRLhRtR6cNV4sfX-wUGOAZPik3JkMhfPo6R3Ylrou3vfGOLtYCsM0Oo58RdGbIMz7P_J0-u7Jt06N2001Q3FThmO_EMVxDG9egJDlSS0to3ssvbS38issu9b1DbWA3wrgnw_aF_uKFpIuiHJwZ7xKMQ6ICSkExPyfHPijsOTxb8-ynimVr1MS0HoeErQxel0Ez_P4b93k0hZEhO6zJyQr8a7K0bAIc832TfDWMLPnQInI39PfawmDTXcvM-CeqP4NFnhOLwKqBRh1aNpLPQmUiU7U-nnNxyfX9-v38eVTTZCE4xZO2cFj-fYV
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4020:805::2002 Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers
prebid
id5-sync.com/api/config/ 		136 B
549 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://id5-sync.com/api/config/prebid
Requested by
Host: monu.delivery
URL: https://monu.delivery/sitesplit/d3/0.4.5/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
162.19.138.118 , France, ASN16276 (OVH, FR),
Reverse DNS
ns31533569.ip-162-19-138.eu
Software
/
Resource Hash
2aa25a19729df7b573f42c20a108d4ec213403df5ac193414f02f35887e7017c
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://www.cpomagazine.com
date
Sat, 15 Apr 2023 00:36:12 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
access-control-allow-credentials
true
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
transfer-encoding
chunked
content-type
application/json;charset=UTF-8
rid
match.adsrvr.org/track/ 		108 B
743 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://match.adsrvr.org/track/rid?ttd_pid=2jqw284&fmt=json
Requested by
Host: monu.delivery
URL: https://monu.delivery/sitesplit/d3/0.4.5/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.223.40.198 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a6370ebea231e0c9a.awsglobalaccelerator.com
Software
/
Resource Hash
5f9b744d2dc9a18a04ea686ea8f8b63f5b121393c65e4a75f724b77ec571c9d7

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
text/plain

Response headers

date
Sat, 15 Apr 2023 00:36:12 GMT
x-aspnet-version
4.0.30319
vary
Origin
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.cpomagazine.com
cache-control
private
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Content-Length, Content-Encoding, Vary, Cache-Control, Accept
content-length
108
expires
Mon, 15 May 2023 00:36:12 GMT
10.gif
id5-sync.com/c/434/2/0/
Redirect Chain
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=sonobi&ttd_tpi=1&ttd_puid=4ba74d4dae&gdpr=0&gdpr_consent=
  • https://sync.go.sonobi.com/us.gif?nw=td&nuid=c3db27b5-56e8-4f77-8870-8d51c49d4722&pubid=4ba74d4dae
  • https://id5-sync.com/s/434/9.gif?puid=c29ca13d-d74d-4d59-acbc-c85b804834fd&gdpr=0&gdpr_consent=
  • https://pixel.tapad.com/idsync/ex/push?partner_id=2922&partner_url=https%3A%2F%2Fid5-sync.com%2Fc%2F434%2F108%2F8%2F2.gif%3Fpuid%3D%24%7BTA_DEVICE_ID%7D%26gdpr%3D0%26gdpr_consent%3D&gdpr=0&gdpr_con...
  • https://id5-sync.com/c/434/108/8/2.gif?puid=f85c13a3-d03c-4262-bbee-6b71616ec533&gdpr=0&gdpr_consent=
  • https://match.prod.bidr.io/cookie-sync/id5?us_privacy=
  • https://id5-sync.com/k/155.gif?id5AccountNum=155&numCascadesAllowed=9&puid=AAEQok7Ic-MAACA7U7DXIQ
  • https://ib.adnxs.com/getuid?https://id5-sync.com/c/434/2/6/4.gif?puid=$UID&gdpr=0&gdpr_consent=
  • https://id5-sync.com/c/434/2/6/4.gif?puid=4326297819836415887&gdpr=0&gdpr_consent=
  • https://sync.mathtag.com/sync/img?mt_exid=10089&mt_exuid=ID5-8358SNJXZPHlvUxz42td50BOah3u7pgJN_GA3YCUKg&redir=https%3A%2F%2Fid5-sync.com%2Fc%2F434%2F3%2F5%2F5.gif%3Fpuid%3D%5BUUID%5D%26gdpr%3D0%26g...
  • https://id5-sync.com/c/434/3/5/5.gif?puid=585f6439-f17a-4c00-b1f6-f95423933410&gdpr=0&gdpr_consent=
  • https://ice.360yield.com/match?publisher_dsp_id=79&dsp_callback=1&external_user_id=ID5-8358SNJXZPHlvUxz42td50BOah3u7pgJN_GA3YCUKg&r=https%3A%2F%2Fid5-sync.com%2Fcq%2F434%2F124%2F4%2F6.gif%3Fpuid%3D...
  • https://id5-sync.com/cq/434/124/4/6.gif?puid=3bc9e70f-627e-432f-955b-98181c181322&gdpr=0&gdpr_consent=&gdpr=0&gdpr_consent=
  • https://sync.ipredictive.com/d/sync/cookie/generic?partner=id5&cspid=18&cb=&redirect=https%3A%2F%2Fid5-sync.com%2Fc%2F434%2F796%2F3%2F7.gif%3Fpuid%3D%24%7BADELPHIC_CUID%7D%26gdpr%3D0%26gdpr_consent...
  • https://id5-sync.com/c/434/796/3/7.gif?puid=3394644c-f63c-4f49-a881-64a342a59cec&gdpr=0&gdpr_consent=
  • https://sync.mathtag.com/sync/img?mt_exid=10089&mt_exuid=ID5-8358SNJXZPHlvUxz42td50BOah3u7pgJN_GA3YCUKg&redir=https%3A%2F%2Fid5-sync.com%2Fc%2F434%2F3%2F2%2F8.gif%3Fpuid%3D%5BUUID%5D%26gdpr%3D0%26g...
  • https://id5-sync.com/c/434/3/2/8.gif?puid=585f6439-f17a-4c00-b1f6-f95423933410&gdpr=0&gdpr_consent=
  • https://dis.eu.criteo.com/dis/usersync.aspx?r=30&p=59&cp=id5&cu=1&url=https%3A%2F%2Fid5-sync.com%2Fc%2F434%2F203%2F1%2F9.gif%3Fpuid%3D%40%40CRITEO_USERID%40%40%26gdpr%3D0%26gdpr_consent%3D
  • https://id5-sync.com/c/434/203/1/9.gif?puid=fc762fa7-e685-4638-884d-0d61ea481235&gdpr=0&gdpr_consent=
  • https://ib.adnxs.com/getuid?https://id5-sync.com/c/434/2/0/10.gif?puid=$UID&gdpr=0&gdpr_consent=
  • https://id5-sync.com/c/434/2/0/10.gif?puid=4326297819836415887&gdpr=0&gdpr_consent=
43 B
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://id5-sync.com/c/434/2/0/10.gif?puid=4326297819836415887&gdpr=0&gdpr_consent=
Protocol
HTTP/1.1
Server
162.19.138.118 , France, ASN16276 (OVH, FR),
Reverse DNS
ns31533569.ip-162-19-138.eu
Software
/
Resource Hash
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

content-type
image/gif;charset=UTF-8
date
Sat, 15 Apr 2023 00:36:14 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
transfer-encoding
chunked
p3p
CP="CAO PSA OUR"

Redirect headers

Date
Sat, 15 Apr 2023 00:36:14 GMT
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection
keep-alive
X-Proxy-Origin
167.88.7.162; 167.88.7.162; 570.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
Content-Length
0
X-XSS-Protection
0
Pragma
no-cache
AN-X-Request-Uuid
54189011-5ccb-4d10-b062-a430869bff70
Server
nginx/1.21.3
Accept-CH
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type
text/html; charset=utf-8
Access-Control-Allow-Origin
*
Location
https://id5-sync.com/c/434/2/0/10.gif?puid=4326297819836415887&gdpr=0&gdpr_consent=
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Expires
Sat, 15 Nov 2008 16:00:00 GMT
us.gif
sync.go.sonobi.com/
Redirect Chain
  • https://id5-sync.com/s/441/9.gif?puid=u_bfaec167-56bd-4884-992b-2080aacefc6a&gdpr=0&gdpr_consent=
  • https://pixel.tapad.com/idsync/ex/push?partner_id=2922&partner_url=https%3A%2F%2Fid5-sync.com%2Fc%2F441%2F108%2F8%2F2.gif%3Fpuid%3D%24%7BTA_DEVICE_ID%7D%26gdpr%3D0%26gdpr_consent%3D&gdpr=0&gdpr_con...
  • https://id5-sync.com/c/441/108/8/2.gif?puid=f85c13a3-d03c-4262-bbee-6b71616ec533&gdpr=0&gdpr_consent=
  • https://image6.pubmatic.com/AdServer/UCookieSetPug?rd=https%3A%2F%2Fid5-sync.com%2Fc%2F441%2F429%2F7%2F3.gif%3Fpuid%3D%23PM_USER_ID%26gdpr%3D0%26gdpr_consent%3D&gdpr_consent=&gdpr=0
  • https://id5-sync.com/c/441/429/7/3.gif?puid=8F824F89-013C-46A9-87E2-69523480120E&gdpr=0&gdpr_consent=
  • https://dis.eu.criteo.com/dis/usersync.aspx?r=30&p=59&cp=id5&cu=1&url=https%3A%2F%2Fid5-sync.com%2Fc%2F441%2F203%2F6%2F4.gif%3Fpuid%3D%40%40CRITEO_USERID%40%40%26gdpr%3D0%26gdpr_consent%3D
  • https://id5-sync.com/c/441/203/6/4.gif?puid=fc762fa7-e685-4638-884d-0d61ea481235&gdpr=0&gdpr_consent=
  • https://ice.360yield.com/match?publisher_dsp_id=79&dsp_callback=1&external_user_id=ID5-8358SNJXZPHlvUxz42td50BOah3u7pgJN_GA3YCUKg&r=https%3A%2F%2Fid5-sync.com%2Fcq%2F441%2F124%2F5%2F5.gif%3Fpuid%3D...
  • https://id5-sync.com/cq/441/124/5/5.gif?puid=3bc9e70f-627e-432f-955b-98181c181322&gdpr=0&gdpr_consent=&gdpr=0&gdpr_consent=
  • https://ce.lijit.com/merge?pid=27&3pid=c3db27b5-56e8-4f77-8870-8d51c49d4722&us_privacy=&gdpr=0&gdpr_consent=&location=https%3A%2F%2Fid5-sync.com%2Fc%2F441%2F1245%2F4%2F6.gif%3Fpuid%3D%5BSOVRNID%5D%...
  • https://id5-sync.com/c/441/1245/4/6.gif?puid=Ge2kaBZHe8r7r3dFQnWEe86B&gdpr=0&gdpr_consent=
  • https://sync.mathtag.com/sync/img?mt_exid=10089&mt_exuid=ID5-8358SNJXZPHlvUxz42td50BOah3u7pgJN_GA3YCUKg&redir=https%3A%2F%2Fid5-sync.com%2Fc%2F441%2F3%2F3%2F7.gif%3Fpuid%3D%5BUUID%5D%26gdpr%3D0%26g...
  • https://id5-sync.com/c/441/3/3/7.gif?puid=585f6439-f17a-4c00-b1f6-f95423933410&gdpr=0&gdpr_consent=
  • https://ice.360yield.com/match?publisher_dsp_id=79&dsp_callback=1&external_user_id=ID5-8358SNJXZPHlvUxz42td50BOah3u7pgJN_GA3YCUKg&r=https%3A%2F%2Fid5-sync.com%2Fcq%2F441%2F124%2F2%2F8.gif%3Fpuid%3D...
  • https://id5-sync.com/cq/441/124/2/8.gif?puid=3bc9e70f-627e-432f-955b-98181c181322&gdpr=0&gdpr_consent=&gdpr=0&gdpr_consent=
  • https://ce.lijit.com/merge?pid=92&3pid=4326297819836415887&us_privacy=&gdpr=0&gdpr_consent=&location=https%3A%2F%2Fid5-sync.com%2Fc%2F441%2F1246%2F1%2F9.gif%3Fpuid%3D%5BSOVRNID%5D%26gdpr%3D0%26gdpr...
  • https://id5-sync.com/c/441/1246/1/9.gif?puid=Ge2kaBZHe8r7r3dFQnWEe86B&gdpr=0&gdpr_consent=
  • https://sync.go.sonobi.com/us.gif?nw=i5mm&nuid=585f6439-f17a-4c00-b1f6-f95423933410&gdpr=0&consent=&id5id=ID5-8358SNJXZPHlvUxz42td50BOah3u7pgJN_GA3YCUKg
49 B
869 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.go.sonobi.com/us.gif?nw=i5mm&nuid=585f6439-f17a-4c00-b1f6-f95423933410&gdpr=0&consent=&id5id=ID5-8358SNJXZPHlvUxz42td50BOah3u7pgJN_GA3YCUKg
Protocol
HTTP/1.1
Server
69.166.1.12 , United States, ASN27630 (AS-XFERNET, US),
Reverse DNS
Software
sonobi-go /
Resource Hash
8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 15 Apr 2023 00:36:14 GMT
Server
sonobi-go
Vary
negotiate,Accept-Encoding
X-Go-Server
go-iad-2-5-123
Content-Type
image/gif
P3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control
no-cache, no-store, private
Tcn
Choice
Content-Length
49
X-Xss-Protection
0
Expires
Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

location
https://sync.go.sonobi.com/us.gif?nw=i5mm&nuid=585f6439-f17a-4c00-b1f6-f95423933410&gdpr=0&consent=&id5id=ID5-8358SNJXZPHlvUxz42td50BOah3u7pgJN_GA3YCUKg
date
Sat, 15 Apr 2023 00:36:14 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
transfer-encoding
chunked
p3p
CP="CAO PSA OUR"
cksync.php
cs.media.net/ 		60 B
426 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cs.media.net/cksync.php?cs=8
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
96.16.24.29 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a96-16-24-29.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
0c34dc4de2a524e93b1315788f03ba101b99e22ff50082945e84a00368d73e16

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 15 Apr 2023 00:36:12 GMT
Server
Apache
p3p
CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA"
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Timing-Allow-Origin
*
Content-Length
60
x-mnet-hl2
E
Expires
Sat, 15 Apr 2023 00:36:12 GMT
10.gif
id5-sync.com/c/441/203/0/
Redirect Chain
  • https://id5-sync.com/s/441/9.gif?puid=u_31e42b89-13e1-47e8-9b7e-a077b1bf5178&gdpr=0&gdpr_consent=
  • https://match.prod.bidr.io/cookie-sync/id5?us_privacy=
  • https://id5-sync.com/k/155.gif?id5AccountNum=155&numCascadesAllowed=9&puid=AAEQok7Ic-MAACA7U7DXIQ
  • https://pixel.tapad.com/idsync/ex/push?partner_id=2922&partner_url=https%3A%2F%2Fid5-sync.com%2Fc%2F441%2F108%2F7%2F3.gif%3Fpuid%3D%24%7BTA_DEVICE_ID%7D%26gdpr%3D0%26gdpr_consent%3D&gdpr=0&gdpr_con...
  • https://id5-sync.com/c/441/108/7/3.gif?puid=f85c13a3-d03c-4262-bbee-6b71616ec533&gdpr=0&gdpr_consent=
  • https://match.prod.bidr.io/cookie-sync/id5?us_privacy=
  • https://id5-sync.com/k/155.gif?id5AccountNum=155&numCascadesAllowed=9&puid=AAEQok7Ic-MAACA7U7DXIQ
  • https://ce.lijit.com/merge?pid=85&3pid=AAEQok7Ic-MAACA7U7DXIQ&us_privacy=&gdpr=0&gdpr_consent=&location=https%3A%2F%2Fid5-sync.com%2Fc%2F441%2F1241%2F5%2F5.gif%3Fpuid%3D%5BSOVRNID%5D%26gdpr%3D0%26g...
  • https://id5-sync.com/c/441/1241/5/5.gif?puid=Ge2kaBZHe8r7r3dFQnWEe86B&gdpr=0&gdpr_consent=
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=8h9u11h&ttd_tpi=1&gdpr=0&gdpr_consent=
  • https://id5-sync.com/k/264.gif?puid=c3db27b5-56e8-4f77-8870-8d51c49d4722&ttl=%%TTL%%
  • https://ce.lijit.com/merge?pid=58&3pid=8F824F89-013C-46A9-87E2-69523480120E&us_privacy=&gdpr=0&gdpr_consent=&location=https%3A%2F%2Fid5-sync.com%2Fc%2F441%2F1242%2F3%2F7.gif%3Fpuid%3D%5BSOVRNID%5D%...
  • https://id5-sync.com/c/441/1242/3/7.gif?puid=Ge2kaBZHe8r7r3dFQnWEe86B&gdpr=0&gdpr_consent=
  • https://sync.ipredictive.com/d/sync/cookie/generic?partner=id5&cspid=18&cb=&redirect=https%3A%2F%2Fid5-sync.com%2Fc%2F441%2F796%2F2%2F8.gif%3Fpuid%3D%24%7BADELPHIC_CUID%7D%26gdpr%3D0%26gdpr_consent...
  • https://id5-sync.com/c/441/796/2/8.gif?puid=3394644c-f63c-4f49-a881-64a342a59cec&gdpr=0&gdpr_consent=
  • https://ce.lijit.com/merge?pid=27&3pid=c3db27b5-56e8-4f77-8870-8d51c49d4722&us_privacy=&gdpr=0&gdpr_consent=&location=https%3A%2F%2Fid5-sync.com%2Fc%2F441%2F1245%2F1%2F9.gif%3Fpuid%3D%5BSOVRNID%5D%...
  • https://id5-sync.com/c/441/1245/1/9.gif?puid=Ge2kaBZHe8r7r3dFQnWEe86B&gdpr=0&gdpr_consent=
  • https://dis.eu.criteo.com/dis/usersync.aspx?r=30&p=59&cp=id5&cu=1&url=https%3A%2F%2Fid5-sync.com%2Fc%2F441%2F203%2F0%2F10.gif%3Fpuid%3D%40%40CRITEO_USERID%40%40%26gdpr%3D0%26gdpr_consent%3D
  • https://id5-sync.com/c/441/203/0/10.gif?puid=fc762fa7-e685-4638-884d-0d61ea481235&gdpr=0&gdpr_consent=
43 B
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://id5-sync.com/c/441/203/0/10.gif?puid=fc762fa7-e685-4638-884d-0d61ea481235&gdpr=0&gdpr_consent=
Protocol
HTTP/1.1
Server
162.19.138.118 , France, ASN16276 (OVH, FR),
Reverse DNS
ns31533569.ip-162-19-138.eu
Software
/
Resource Hash
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

content-type
image/gif;charset=UTF-8
date
Sat, 15 Apr 2023 00:36:14 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
transfer-encoding
chunked
p3p
CP="CAO PSA OUR"

Redirect headers

pragma
no-cache
date
Sat, 15 Apr 2023 00:36:13 GMT
x-errorlevel
0
strict-transport-security
max-age=31536000; preload;
server
Kestrel
p3p
CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
location
https://id5-sync.com/c/441/203/0/10.gif?puid=fc762fa7-e685-4638-884d-0d61ea481235&gdpr=0&gdpr_consent=
cache-control
no-cache
cross-origin-resource-policy
cross-origin
server-processing-duration-in-ticks
679174
content-length
0
expires
Sat, 15 Apr 2023 00:00:00 GMT
cksync.php
cs.media.net/
Redirect Chain
  • https://medianet-match.dotomi.com/match/bounce/current?version=1&networkId=57734&redir=https%3A%2F%2Fcs.media.net%2Fcksync.php%3Fcs%3D8%26type%3Dcon%26ovsid%3D%24UID
  • https://medianet-match.dotomi.com/match/bounce/current?DotomiTest=598ec4fe622115c1&is_secure=true&version=1&networkId=57734&redir=https%3A%2F%2Fcs.media.net%2Fcksync.php%3Fcs%3D8%26type%3Dcon%26ovs...
  • https://cs.media.net/cksync.php?cs=8&type=con&ovsid=AAABsuCE2nN6eANo4SSKAAAAAAA&expiration=1681605372&is_secure=true
61 B
651 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cs.media.net/cksync.php?cs=8&type=con&ovsid=AAABsuCE2nN6eANo4SSKAAAAAAA&expiration=1681605372&is_secure=true
Protocol
HTTP/1.1
Server
96.16.24.29 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a96-16-24-29.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
cc0e716595a20cd577f4cba25c11b4b54d92311f5f4bf22b992af281cabbc0c7

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 15 Apr 2023 00:36:12 GMT
Server
Apache
p3p
CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Timing-Allow-Origin
*
Content-Length
61
x-mnet-hl2
E
Expires
Sat, 15 Apr 2023 00:36:12 GMT

Redirect headers

pragma
no-cache
date
Sat, 15 Apr 2023 00:36:12 GMT
server
nginx
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP NID OUR STP"
location
https://cs.media.net/cksync.php?cs=8&type=con&ovsid=AAABsuCE2nN6eANo4SSKAAAAAAA&expiration=1681605372&is_secure=true
cache-control
no-cache, private, max-age=0, no-store
content-length
0
expires
0
magnite
prebid.a-mo.net/setuid/
Redirect Chain
  • https://pixel.rubiconproject.com/exchange/sync.php?p=pbs-adaptmx&gdpr=0&gdpr_consent=&us_privacy=1---
  • https://prebid.a-mo.net/setuid/magnite?uid=LGH8Z875-S-H54N&gdpr=0&us_privacy=1---
0
127 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://prebid.a-mo.net/setuid/magnite?uid=LGH8Z875-S-H54N&gdpr=0&us_privacy=1---
Protocol
H2
Server
145.40.88.5 Secaucus, United States, ASN54825 (PACKET, US),
Reverse DNS
Software
envoy /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Sat, 15 Apr 2023 00:36:12 GMT
cache-control
max-age=0, private, must-revalidate
x-envoy-upstream-service-time
2
server
envoy
vary
Accept-Encoding

Redirect headers

Pragma
no-cache
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type
text/html
Location
https://prebid.a-mo.net/setuid/magnite?uid=LGH8Z875-S-H54N&gdpr=0&us_privacy=1---
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
314e432eb2d967cf733b82bdbbe35231
Expires
0
cksync.php
cs.media.net/
Redirect Chain
  • https://pm.w55c.net/ping_match.gif?ei=MEDIANET&rurl=https%3A%2F%2Fcs.media.net%2Fcksync.php%3Fcs%3D8%26type%3Ddxu%26ovsid%3D_wfivefivec_
  • https://pm.w55c.net/ping_match.gif?scc=1&ei=MEDIANET&rurl=https%3A%2F%2Fcs.media.net%2Fcksync.php%3Fcs%3D8%26type%3Ddxu%26ovsid%3D_wfivefivec_
  • https://cs.media.net/cksync.php?cs=8&type=dxu&ovsid=A4LNeo8n1PNtTK5
61 B
639 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cs.media.net/cksync.php?cs=8&type=dxu&ovsid=A4LNeo8n1PNtTK5
Protocol
HTTP/1.1
Server
96.16.24.29 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a96-16-24-29.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
cc0e716595a20cd577f4cba25c11b4b54d92311f5f4bf22b992af281cabbc0c7

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 15 Apr 2023 00:36:12 GMT
Server
Apache
p3p
CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Timing-Allow-Origin
*
Content-Length
61
x-mnet-hl2
E
Expires
Sat, 15 Apr 2023 00:36:12 GMT

Redirect headers

Pragma
no-cache
Date
Sat, 15 Apr 2023 00:36:12 GMT
Strict-Transport-Security
max-age=2592000; includeSubDomains
Server
PingMatch/v2.0.30-771-ga8baae6#rel-ec2-master i-0a7402e4d3ecb2a52@us-east-1d@dxedge-app-us-east-1-prod-asg
Location
https://cs.media.net/cksync.php?cs=8&type=dxu&ovsid=A4LNeo8n1PNtTK5
Cache-Control
no-cache, must-revalidate
Connection
keep-alive
Content-Length
0
Expires
Fri, 01 Jan 1990 00:00:00 GMT
cksync.php
contextual.media.net/
Redirect Chain
  • https://x.bidswitch.net/sync?ssp=medianet&gdpr=${GDPR}&gdpr_consent=${GDPR_CONSENT}&gdpr_pd=1
  • https://ads.betweendigital.com/match?bidder_id=43092&gdpr=&consent=${GDPR_CONSENT}&callback_url=https%3A%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D429%26user_id%3D%24%7BUSER_ID%7D%26ssp%3Dmedianet%26e...
  • https://ads.betweendigital.com/match?bidder_id=43092&gdpr=&consent=${GDPR_CONSENT}&callback_url=https%3A%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D429%26user_id%3D%24%7BUSER_ID%7D%26ssp%3Dmedianet%26e...
  • https://x.bidswitch.net/sync?dsp_id=429&user_id=a0cabee8-d195-5369-9359-3892f760c9ef&ssp=medianet&expires=30&user_group=1&gdpr=&gdpr_consent=
  • https://contextual.media.net/cksync.php?cs=1&type=bs&ovsid=20b4ae6c-e39e-4a8a-ba76-53d1e9e8db78&gdpr=&gdpr_consent=&gdpr_pd=
61 B
481 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://contextual.media.net/cksync.php?cs=1&type=bs&ovsid=20b4ae6c-e39e-4a8a-ba76-53d1e9e8db78&gdpr=&gdpr_consent=&gdpr_pd=
Protocol
H2
Server
173.223.56.26 Secaucus, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a173-223-56-26.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
cc0e716595a20cd577f4cba25c11b4b54d92311f5f4bf22b992af281cabbc0c7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=31536000
date
Sat, 15 Apr 2023 00:36:14 GMT
server
Apache
p3p
CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
content-length
61
x-mnet-hl2
E
expires
Sat, 15 Apr 2023 00:36:14 GMT

Redirect headers

Location
//contextual.media.net/cksync.php?cs=1&type=bs&ovsid=20b4ae6c-e39e-4a8a-ba76-53d1e9e8db78&gdpr=&gdpr_consent=&gdpr_pd=
Date
Sat, 15 Apr 2023 00:36:13 GMT
Cache-Control
no-cache, no-store, must-revalidate
Server
nginx
Connection
keep-alive
Content-Length
0
setuid
prebid.a-mo.net/
Redirect Chain
  • https://x.bidswitch.net/sync?ssp=adaptmx&user_id=bd85c437-a6f4-40c1-8b27-035d9bfe8556&gdpr=0&gdpr_consent=&us_privacy=1---
  • https://dis.criteo.com/dis/usersync.aspx?r=25&p=52&dis=0&gdpr=0&gdpr_consent=&url=https%3A%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D462%26ssp%3Dadaptmx%26user_id%3D%40%40CRITEO_USERID%40%40
  • https://x.bidswitch.net/sync?dsp_id=462&ssp=adaptmx&user_id=k-qkcHUnyak9dRy9mq47GWLlRcOAXgiH-TMmSung&gdpr=0&gdpr_consent=
  • https://prebid.a-mo.net/setuid?bidder=bid_switch&uid=20b4ae6c-e39e-4a8a-ba76-53d1e9e8db78&gdpr=0&gdpr_consent=&us_privacy=
0
113 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://prebid.a-mo.net/setuid?bidder=bid_switch&uid=20b4ae6c-e39e-4a8a-ba76-53d1e9e8db78&gdpr=0&gdpr_consent=&us_privacy=
Protocol
H2
Server
145.40.88.5 Secaucus, United States, ASN54825 (PACKET, US),
Reverse DNS
Software
envoy /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Sat, 15 Apr 2023 00:36:12 GMT
cache-control
max-age=0, private, must-revalidate
x-envoy-upstream-service-time
1
server
envoy
vary
Accept-Encoding

Redirect headers

Location
//prebid.a-mo.net/setuid?bidder=bid_switch&uid=20b4ae6c-e39e-4a8a-ba76-53d1e9e8db78&gdpr=0&gdpr_consent=&us_privacy=
Date
Sat, 15 Apr 2023 00:36:12 GMT
Cache-Control
no-cache, no-store, must-revalidate
Server
nginx
Connection
keep-alive
Content-Length
0
cksync.php
contextual.media.net/
Redirect Chain
  • https://dis.criteo.com/dis/usersync.aspx?r=115&p=226&cp=medianet&cu=1&url=https%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D1%26type%3Dcrt%26ovsid%3D%40%40CRITEO_USERID%40%40
  • https://contextual.media.net/cksync.php?cs=1&type=crt&ovsid=fc762fa7-e685-4638-884d-0d61ea481235
61 B
632 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://contextual.media.net/cksync.php?cs=1&type=crt&ovsid=fc762fa7-e685-4638-884d-0d61ea481235
Protocol
H2
Server
173.223.56.26 Secaucus, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a173-223-56-26.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
cc0e716595a20cd577f4cba25c11b4b54d92311f5f4bf22b992af281cabbc0c7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=31536000
date
Sat, 15 Apr 2023 00:36:13 GMT
server
Apache
p3p
CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA, CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
content-length
61
x-mnet-hl2
E
expires
Sat, 15 Apr 2023 00:36:13 GMT

Redirect headers

pragma
no-cache
date
Sat, 15 Apr 2023 00:36:11 GMT
x-errorlevel
0
strict-transport-security
max-age=31536000; preload;
server
Kestrel
p3p
CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
location
https://contextual.media.net/cksync.php?cs=1&type=crt&ovsid=fc762fa7-e685-4638-884d-0d61ea481235
cache-control
no-cache
cross-origin-resource-policy
cross-origin
server-processing-duration-in-ticks
1930885
content-length
0
expires
Sat, 15 Apr 2023 00:00:00 GMT
us.gif
sync.go.sonobi.com/
Redirect Chain
  • https://sync.mathtag.com/sync/img?cs_wd_sy=1&dp=43&redir=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dmediamath%26nuid%3D[MM_UUID]
  • https://sync.go.sonobi.com/us.gif?nw=mediamath&nuid=585f6439-f17a-4c00-b1f6-f95423933410
49 B
953 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.go.sonobi.com/us.gif?nw=mediamath&nuid=585f6439-f17a-4c00-b1f6-f95423933410
Protocol
HTTP/1.1
Server
69.166.1.12 , United States, ASN27630 (AS-XFERNET, US),
Reverse DNS
Software
sonobi-go /
Resource Hash
8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 15 Apr 2023 00:36:12 GMT
Server
sonobi-go
Vary
negotiate,Accept-Encoding
X-Go-Server
go-iad-2-5-181
Content-Type
image/gif
P3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control
no-cache, no-store, private
Tcn
Choice
Content-Length
49
X-Xss-Protection
0
Expires
Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

Date
Sat, 15 Apr 2023 00:36:12 GMT
Server
MT3 796 58fb543 master iad-pixel-x9 config_version:"unknown"
Content-Type
image/gif
Access-Control-Allow-Origin
*
location
https://sync.go.sonobi.com/us.gif?nw=mediamath&nuid=585f6439-f17a-4c00-b1f6-f95423933410
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control
no-cache
Connection
keep-alive
Keep-Alive
timeout=360
Content-Length
0
Expires
Sat, 15 Apr 2023 00:36:11 GMT
us.gif
sync.go.sonobi.com/
Redirect Chain
  • https://bh.contextweb.com/bh/rtset?do=add&pid=560606&ev=c29ca13d-d74d-4d59-acbc-c85b804834fd&daaqp=1&rurl=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dpp%26nuid%3D%25%25VGUID%25%25
  • https://cm.g.doubleclick.net/pixel?google_nid=contextweb&google_cm&google_sc&google_hm=dWFUT3puOGJucGNKdVI2OUFibldiZw&gdpr=&gdpr_consent=
  • https://bh.contextweb.com/bh/rtset?do=add&pid=547259&gdpr=&gdpr_consent=&ev=CAESECWwuiuILUdaNLQDZq3MPQ4&google_cver=1
  • https://sync.go.sonobi.com/us.gif?nw=pp&nuid=rtQ4O1zP1BMH
49 B
929 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.go.sonobi.com/us.gif?nw=pp&nuid=rtQ4O1zP1BMH
Protocol
HTTP/1.1
Server
69.166.1.12 , United States, ASN27630 (AS-XFERNET, US),
Reverse DNS
Software
sonobi-go /
Resource Hash
8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 15 Apr 2023 00:36:12 GMT
Server
sonobi-go
Vary
negotiate,Accept-Encoding
X-Go-Server
go-iad-2-5-123
Content-Type
image/gif
P3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control
no-cache, no-store, private
Tcn
Choice
Content-Length
49
X-Xss-Protection
0
Expires
Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

strict-transport-security
max-age=15768000
accept-ch
Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Platform-Version
server
Jetty(10.0.14)
content-language
en-US
location
https://sync.go.sonobi.com/us.gif?nw=pp&nuid=rtQ4O1zP1BMH
p3p
policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
cache-control
private, max-age=0, no-cache, no-store
cw-server
bh-deployment-6995c68ccb-mlbl5
expires
-1
us.gif
sync.go.sonobi.com/
Redirect Chain
  • https://p.rfihub.com/cm?pub=35683&in=1
  • https://sync.go.sonobi.com/us.gif?nw=zt&nuid=1783777320848376423
49 B
936 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.go.sonobi.com/us.gif?nw=zt&nuid=1783777320848376423
Protocol
HTTP/1.1
Server
69.166.1.12 , United States, ASN27630 (AS-XFERNET, US),
Reverse DNS
Software
sonobi-go /
Resource Hash
8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 15 Apr 2023 00:36:13 GMT
Server
sonobi-go
Vary
negotiate,Accept-Encoding
X-Go-Server
go-iad-2-5-123
Content-Type
image/gif
P3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control
no-cache, no-store, private
Tcn
Choice
Content-Length
49
X-Xss-Protection
0
Expires
Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

Location
https://sync.go.sonobi.com/us.gif?nw=zt&nuid=1783777320848376423
Date
Sat, 15 Apr 2023 00:36:13 GMT
Server
Jetty(9.3.29.v20201019)
Content-Length
0
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
ImgSync
image8.pubmatic.com/AdServer/
Redirect Chain
  • https://image8.pubmatic.com/AdServer/ImgSync?p=156972
  • https://pubmatic-match.dotomi.com/match/bounce/current?networkId=17100&version=1&nuid=8F824F89-013C-46A9-87E2-69523480120E&gdpr=-1&gdpr_consent=
  • https://pubmatic-match.dotomi.com/match/bounce/current?DotomiTest=4b2ed882f25b04bf&is_secure=true&networkId=17100&version=1&nuid=8F824F89-013C-46A9-87E2-69523480120E&gdpr=-1&gdpr_consent=
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTQ2MSZ0bD0xMDA4MA==&piggybackCookie=AAABr635SA3EYwN-0pnZAAAAAAA&expiration=1681605373&nuid=8F824F89-013C-46A9-87E2-69523480120E&...
  • https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=
  • https://x.bidswitch.net/sync?ssp=pubmatic&gdpr=0&gdpr_consent=
  • https://pool.admedo.com/sync?ssp=bidswitch&bidswitch_ssp_id=pubmatic&bsw_custom_parameter=20b4ae6c-e39e-4a8a-ba76-53d1e9e8db78
  • https://pool.admedo.com/ul_cb/sync?ssp=bidswitch&bidswitch_ssp_id=pubmatic&bsw_custom_parameter=20b4ae6c-e39e-4a8a-ba76-53d1e9e8db78
  • https://x.bidswitch.net/sync?dsp_id=23&expires=14&user_id=7b99a14f-d3e9-4b21-bd4c-cbb2e5d60bda&user_group=1&ssp=pubmatic&bsw_param=20b4ae6c-e39e-4a8a-ba76-53d1e9e8db78
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=20b4ae6c-e39e-4a8a-ba76-53d1e9e8db78&gdpr=&gdpr_consent=&gdpr_pd=
  • https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=
0
157 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=
Protocol
H2
Server
162.248.18.32 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Sat, 15 Apr 2023 00:36:13 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

location
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=
date
Sat, 15 Apr 2023 00:36:14 GMT
cache-control
no-store, no-cache, private
server
nginx
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
sync
ads.yieldmo.com/v000/
Redirect Chain
  • https://ads.yieldmo.com/pbcas?us_privacy=&gdpr=0&gdpr_consent=&type=image
  • https://cm.g.doubleclick.net/pixel?google_nid=yieldmo_dbm&google_cm&pn_id=c
  • https://ads.yieldmo.com/v000/sync?pn_id=c&google_gid=CAESELkFt03g8bcCrOTbN2XTowI&google_cver=1
43 B
915 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ads.yieldmo.com/v000/sync?pn_id=c&google_gid=CAESELkFt03g8bcCrOTbN2XTowI&google_cver=1
Protocol
H2
Server
3.214.100.121 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-214-100-121.compute-1.amazonaws.com
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 15 Apr 2023 00:36:12 GMT
accept-ch
Sec-CH-UA,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-Model,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Mobile
access-control-allow-methods
POST, GET, OPTIONS
content-type
image/gif;charset=utf-8
access-control-allow-origin
*
access-control-allow-headers
Cache-Control, Pragma, *
content-length
43

Redirect headers

pragma
no-cache
date
Sat, 15 Apr 2023 00:36:12 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://ads.yieldmo.com/v000/sync?pn_id=c&google_gid=CAESELkFt03g8bcCrOTbN2XTowI&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
299
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
yahoo
prebid.a-mo.net/setuid/
Redirect Chain
  • https://ups.analytics.yahoo.com/ups/58570/occ?gdpr=0&gdpr_consent=&uid=bd85c437-a6f4-40c1-8b27-035d9bfe8556
  • https://prebid.a-mo.net/setuid/yahoo?uid=y-To9e04pE2uGETFg5vGdWd10FX4TUefmuKEbEnkA-~A&gdpr=0
0
135 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://prebid.a-mo.net/setuid/yahoo?uid=y-To9e04pE2uGETFg5vGdWd10FX4TUefmuKEbEnkA-~A&gdpr=0
Protocol
H2
Server
145.40.88.5 Secaucus, United States, ASN54825 (PACKET, US),
Reverse DNS
Software
envoy /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Sat, 15 Apr 2023 00:36:11 GMT
cache-control
max-age=0, private, must-revalidate
x-envoy-upstream-service-time
1
server
envoy
vary
Accept-Encoding

Redirect headers

location
https://prebid.a-mo.net/setuid/yahoo?uid=y-To9e04pE2uGETFg5vGdWd10FX4TUefmuKEbEnkA-~A&gdpr=0
date
Sat, 15 Apr 2023 00:36:12 GMT
strict-transport-security
max-age=31536000
server
ATS/9.1.10.25
age
0
content-length
0
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
pixel
ap.lijit.com/
Redirect Chain
  • https://prebid.a-mo.net/cchain?cb=https%3A%2F%2Fib.adnxs.com%2Fprebid%2Fsetuid%3Fbidder%3Damx%26uid%3Dbd85c437-a6f4-40c1-8b27-035d9bfe8556&gdpr=0&gdpr_consent=&us_privacy=1---
  • https://ib.adnxs.com/getuid?https%3A%2F%2Fprebid.a-mo.net%2Fcchain%2F1%2F485%3Fgdpr%3D0%26gdpr_consent%3D%26us_privacy%3D1---%26A%3Dbd85c437-a6f4-40c1-8b27-035d9bfe8556%26bidder%3Dappnexus%26cbx%3D...
  • https://prebid.a-mo.net/cchain/1/485?gdpr=0&gdpr_consent=&us_privacy=1---&A=bd85c437-a6f4-40c1-8b27-035d9bfe8556&bidder=appnexus&cbx=aHR0cHM6Ly9pYi5hZG54cy5jb20vcHJlYmlkL3NldHVpZD9iaWRkZXI9YW14JnVp...
  • https://ap.lijit.com/pixel?gdpr=1&gdpr_consent=&us_privacy=1---&redir=https%3A%2F%2Fprebid.a-mo.net%2Fcchain%2F2%2F485%3Fgdpr%3D0%26gdpr_consent%3D%26us_privacy%3D1---%26A%3Dbd85c437-a6f4-40c1-8b27...
0
277 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ap.lijit.com/pixel?gdpr=1&gdpr_consent=&us_privacy=1---&redir=https%3A%2F%2Fprebid.a-mo.net%2Fcchain%2F2%2F485%3Fgdpr%3D0%26gdpr_consent%3D%26us_privacy%3D1---%26A%3Dbd85c437-a6f4-40c1-8b27-035d9bfe8556%26bidder%3Dsovrn%26cbx%3DaHR0cHM6Ly9pYi5hZG54cy5jb20vcHJlYmlkL3NldHVpZD9iaWRkZXI9YW14JnVpZD1iZDg1YzQzNy1hNmY0LTQwYzEtOGIyNy0wMzVkOWJmZTg1NTY%253D%26uid%3D%24UID
Protocol
HTTP/1.1
Server
23.92.190.68 Charlotte, United States, ASN10913 (INTERNAP-BLK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

Access-Control-Allow-Origin
*
Date
Sat, 15 Apr 2023 00:36:12 GMT
Access-Control-Allow-Credentials
true
X-Sovrn-Pod
ad_ap2ewr1
Access-Control-Allow-Headers
X-Requested-With, Content-Type
Access-Control-Allow-Methods
GET, POST, DELETE, PUT

Redirect headers

location
https://ap.lijit.com/pixel?gdpr=1&gdpr_consent=&us_privacy=1---&redir=https%3A%2F%2Fprebid.a-mo.net%2Fcchain%2F2%2F485%3Fgdpr%3D0%26gdpr_consent%3D%26us_privacy%3D1---%26A%3Dbd85c437-a6f4-40c1-8b27-035d9bfe8556%26bidder%3Dsovrn%26cbx%3DaHR0cHM6Ly9pYi5hZG54cy5jb20vcHJlYmlkL3NldHVpZD9iaWRkZXI9YW14JnVpZD1iZDg1YzQzNy1hNmY0LTQwYzEtOGIyNy0wMzVkOWJmZTg1NTY%253D%26uid%3D%24UID
date
Sat, 15 Apr 2023 00:36:12 GMT
cache-control
max-age=0, private, must-revalidate
x-envoy-upstream-service-time
3
server
envoy
content-length
0
pbusermatch
dsum.casalemedia.com/ 		0
0
us.gif
sync.go.sonobi.com/
Redirect Chain
  • https://x.bidswitch.net/sync?ssp=sonobi&gdpr=0&gdpr_consent=
  • https://cm.g.doubleclick.net/pixel?google_nid=bidswitch_dbm&google_cm&google_sc&ssp=sonobi&bsw_param=20b4ae6c-e39e-4a8a-ba76-53d1e9e8db78&google_hm=MjBiNGFlNmMtZTM5ZS00YThhLWJhNzYtNTNkMWU5ZThkYjc4
  • https://x.bidswitch.net/sync?dsp_id=16&user_id=CAESECXb37sp-0AVmYy2Vo_0OLk&google_cver=1&ssp=sonobi&bsw_param=20b4ae6c-e39e-4a8a-ba76-53d1e9e8db78
  • https://sync.go.sonobi.com/us.gif?nw=bidswitch&nuid=20b4ae6c-e39e-4a8a-ba76-53d1e9e8db78
49 B
865 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.go.sonobi.com/us.gif?nw=bidswitch&nuid=20b4ae6c-e39e-4a8a-ba76-53d1e9e8db78
Protocol
HTTP/1.1
Server
69.166.1.12 , United States, ASN27630 (AS-XFERNET, US),
Reverse DNS
Software
sonobi-go /
Resource Hash
8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 15 Apr 2023 00:36:12 GMT
Server
sonobi-go
Vary
negotiate,Accept-Encoding
X-Go-Server
go-iad-2-5-123
Content-Type
image/gif
P3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control
no-cache, no-store, private
Tcn
Choice
Content-Length
49
X-Xss-Protection
0
Expires
Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

Location
//sync.go.sonobi.com/us.gif?nw=bidswitch&nuid=20b4ae6c-e39e-4a8a-ba76-53d1e9e8db78
Date
Sat, 15 Apr 2023 00:36:12 GMT
Cache-Control
no-cache, no-store, must-revalidate
Server
nginx
Connection
keep-alive
Content-Length
0
cookie
sync.cootlogix.com/api/
Redirect Chain
  • https://sync.cootlogix.com/api/sync/image/?cid=&gdpr=0&gdpr_consent=&us_privacy=
  • https://match.sharethrough.com/universal/v1?supply_id=TAEWcTBw&gdpr=0&gdpr_consent=
  • https://sync.cootlogix.com/api/cookie?partnerId=sharthrough&userId=4d469659-77ed-4500-87c8-97853d0c70f4&gdpr=0
  • https://sync.go.sonobi.com/us?loc=https%3A%2F%2Fsync.cootlogix.com%2Fapi%2Fcookie%3FpartnerId%3Dsonobi%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3D%26userId%3D%5BUID%5D
  • https://sync.cootlogix.com/api/cookie?partnerId=sonobi&gdpr=0&gdpr_consent=&us_privacy=&userId=c29ca13d-d74d-4d59-acbc-c85b804834fd
  • https://ap.lijit.com/pixel?gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fsync.cootlogix.com%2Fapi%2Fcookie%3FpartnerId%3Dsovrn%26userId%3D%24UID%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3D
  • https://sync.cootlogix.com/api/cookie?partnerId=sovrn&userId=Ge2kaBZHe8r7r3dFQnWEe86B&gdpr=0&gdpr_consent=&us_privacy=
  • https://x.bidswitch.net/check_uuid/https%3A%2F%2Fsync.cootlogix.com%2Fapi%2Fcookie%3FpartnerId%3Dgrid%26userId%3D%24%7BBSW_UUID%7D%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3D?gdpr=0&gdpr_consent=&...
  • https://sync.cootlogix.com/api/cookie?partnerId=grid&userId=20b4ae6c-e39e-4a8a-ba76-53d1e9e8db78&gdpr=0&gdpr_consent=&us_privacy=
43 B
755 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.cootlogix.com/api/cookie?partnerId=grid&userId=20b4ae6c-e39e-4a8a-ba76-53d1e9e8db78&gdpr=0&gdpr_consent=&us_privacy=
Protocol
H2
Server
137.184.100.7 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
/
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Sat, 15 Apr 2023 00:36:14 GMT
access-control-allow-methods
GET, HEAD, OPTIONS, POST
content-type
image/avif
access-control-allow-origin
*
p3p
CP="NOI DSP COR PSAo PSDo OUR IND UNI COM NAV ADMa"
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization
content-length
43

Redirect headers

Location
https://sync.cootlogix.com/api/cookie?partnerId=grid&userId=20b4ae6c-e39e-4a8a-ba76-53d1e9e8db78&gdpr=0&gdpr_consent=&us_privacy=
Date
Sat, 15 Apr 2023 00:36:14 GMT
Cache-Control
no-cache, no-store, must-revalidate
Server
nginx
Connection
keep-alive
Content-Length
0
10.gif
id5-sync.com/c/441/3/0/
Redirect Chain
  • https://id5-sync.com/s/441/9.gif?puid=u_d571e078-5c5d-44c7-96c4-ccac2d6849b7&gdpr=0&gdpr_consent=
  • https://ib.adnxs.com/getuid?https://id5-sync.com/c/441/2/8/2.gif?puid=$UID&gdpr=0&gdpr_consent=
  • https://id5-sync.com/c/441/2/8/2.gif?puid=4326297819836415887&gdpr=0&gdpr_consent=
  • https://sync.mathtag.com/sync/img?mt_exid=10089&mt_exuid=ID5-8358SNJXZPHlvUxz42td50BOah3u7pgJN_GA3YCUKg&redir=https%3A%2F%2Fid5-sync.com%2Fc%2F441%2F3%2F7%2F3.gif%3Fpuid%3D%5BUUID%5D%26gdpr%3D0%26g...
  • https://id5-sync.com/c/441/3/7/3.gif?puid=585f6439-f17a-4c00-b1f6-f95423933410&gdpr=0&gdpr_consent=
  • https://sync.ipredictive.com/d/sync/cookie/generic?partner=id5&cspid=18&cb=&redirect=https%3A%2F%2Fid5-sync.com%2Fc%2F441%2F796%2F6%2F4.gif%3Fpuid%3D%24%7BADELPHIC_CUID%7D%26gdpr%3D0%26gdpr_consent...
  • https://id5-sync.com/c/441/796/6/4.gif?puid=3394644c-f63c-4f49-a881-64a342a59cec&gdpr=0&gdpr_consent=
  • https://ce.lijit.com/merge?pid=85&3pid=AAEQok7Ic-MAACA7U7DXIQ&us_privacy=&gdpr=0&gdpr_consent=&location=https%3A%2F%2Fid5-sync.com%2Fc%2F441%2F1241%2F5%2F5.gif%3Fpuid%3D%5BSOVRNID%5D%26gdpr%3D0%26g...
  • https://id5-sync.com/c/441/1241/5/5.gif?puid=Ge2kaBZHe8r7r3dFQnWEe86B&gdpr=0&gdpr_consent=
  • https://ice.360yield.com/match?publisher_dsp_id=79&dsp_callback=1&external_user_id=ID5-8358SNJXZPHlvUxz42td50BOah3u7pgJN_GA3YCUKg&r=https%3A%2F%2Fid5-sync.com%2Fcq%2F441%2F124%2F4%2F6.gif%3Fpuid%3D...
  • https://id5-sync.com/cq/441/124/4/6.gif?puid=3bc9e70f-627e-432f-955b-98181c181322&gdpr=0&gdpr_consent=&gdpr=0&gdpr_consent=
  • https://ce.lijit.com/merge?pid=27&3pid=c3db27b5-56e8-4f77-8870-8d51c49d4722&us_privacy=&gdpr=0&gdpr_consent=&location=https%3A%2F%2Fid5-sync.com%2Fc%2F441%2F1245%2F3%2F7.gif%3Fpuid%3D%5BSOVRNID%5D%...
  • https://id5-sync.com/c/441/1245/3/7.gif?puid=Ge2kaBZHe8r7r3dFQnWEe86B&gdpr=0&gdpr_consent=
  • https://dis.eu.criteo.com/dis/usersync.aspx?r=30&p=59&cp=id5&cu=1&url=https%3A%2F%2Fid5-sync.com%2Fc%2F441%2F203%2F2%2F8.gif%3Fpuid%3D%40%40CRITEO_USERID%40%40%26gdpr%3D0%26gdpr_consent%3D
  • https://id5-sync.com/c/441/203/2/8.gif?puid=fc762fa7-e685-4638-884d-0d61ea481235&gdpr=0&gdpr_consent=
  • https://ib.adnxs.com/getuid?https://id5-sync.com/c/441/2/1/9.gif?puid=$UID&gdpr=0&gdpr_consent=
  • https://id5-sync.com/c/441/2/1/9.gif?puid=4326297819836415887&gdpr=0&gdpr_consent=
  • https://sync.mathtag.com/sync/img?mt_exid=10089&mt_exuid=ID5-8358SNJXZPHlvUxz42td50BOah3u7pgJN_GA3YCUKg&redir=https%3A%2F%2Fid5-sync.com%2Fc%2F441%2F3%2F0%2F10.gif%3Fpuid%3D%5BUUID%5D%26gdpr%3D0%26...
  • https://id5-sync.com/c/441/3/0/10.gif?puid=585f6439-f17a-4c00-b1f6-f95423933410&gdpr=0&gdpr_consent=
43 B
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://id5-sync.com/c/441/3/0/10.gif?puid=585f6439-f17a-4c00-b1f6-f95423933410&gdpr=0&gdpr_consent=
Protocol
HTTP/1.1
Server
162.19.138.118 , France, ASN16276 (OVH, FR),
Reverse DNS
ns31533569.ip-162-19-138.eu
Software
/
Resource Hash
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

content-type
image/gif;charset=UTF-8
date
Sat, 15 Apr 2023 00:36:14 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
transfer-encoding
chunked
p3p
CP="CAO PSA OUR"

Redirect headers

Date
Sat, 15 Apr 2023 00:36:14 GMT
Server
MT3 796 58fb543 master iad-pixel-x28 config_version:"unknown"
Content-Type
image/gif
Access-Control-Allow-Origin
*
location
https://id5-sync.com/c/441/3/0/10.gif?puid=585f6439-f17a-4c00-b1f6-f95423933410&gdpr=0&gdpr_consent=
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control
no-cache
Connection
keep-alive
Keep-Alive
timeout=360
Content-Length
0
Expires
Sat, 15 Apr 2023 00:36:13 GMT
SPug
simage4.pubmatic.com/AdServer/ Frame C7A1 		0
128 B 		Script
General
Check archive.org
Download Go to
Full URL
https://simage4.pubmatic.com/AdServer/SPug?partnerID=0&gdpr=0&gdpr_consent=&us_privacy=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=0&gdprConsent=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
8.28.7.84 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-US,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Sat, 15 Apr 2023 00:36:11 GMT
cache-control
no-store, no-cache, private
server
nginx
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
v1
lb.eu-1-id5-sync.com/lb/ 		33 B
406 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://lb.eu-1-id5-sync.com/lb/v1
Requested by
Host: monu.delivery
URL: https://monu.delivery/sitesplit/d3/0.4.5/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
162.19.138.82 , France, ASN16276 (OVH, FR),
Reverse DNS
ns31532337.ip-162-19-138.eu
Software
/
Resource Hash
fb498b3a71cd40739119ca50ed11128fdb9390c25b2f3dad681d0346eb30cdb5
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://www.cpomagazine.com
date
Sat, 15 Apr 2023 00:36:12 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
transfer-encoding
chunked
content-type
application/json;charset=UTF-8
1013.json
id5-sync.com/g/v2/ 		569 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://id5-sync.com/g/v2/1013.json
Requested by
Host: monu.delivery
URL: https://monu.delivery/sitesplit/d3/0.4.5/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
162.19.138.118 , France, ASN16276 (OVH, FR),
Reverse DNS
ns31533569.ip-162-19-138.eu
Software
/
Resource Hash
226c2cd36a96900bd6ee442b6630ec391f2faf86f2b3955e4ea5e11e5e89cc93
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
text/plain

Response headers

date
Sat, 15 Apr 2023 00:36:13 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
transfer-encoding
chunked
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://www.cpomagazine.com
p3p
CP="CAO PSA OUR"
access-control-allow-credentials
true
truncated
/ 		344 B
0 		Script
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
3f0e896a7089d518e75c207fb23eb3af295005b900d2ad7ee86e898afa6b3739

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

Content-Type
text/javascript
truncated
/ 		193 B
0 		Script
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
f8c134b6c96ca6883691740e36707f618f023c0ca7db994d86ecd3be5c2e0521

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

Content-Type
text/javascript
truncated
/ 		191 B
0 		Script
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
97db276c5f25880d98b97bbdf7cb8aa565a17fd09613843cb694b7936b121e82

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

Content-Type
text/javascript
truncated
/ 		140 B
0 		Script
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
19d82aec54ab06c4893a34f98b72e2ab01babae1056a9bc5b103eb7303613f33

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

Content-Type
text/javascript
truncated
/ 		26 B
0 		Script
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
d860723b3ff6030d220876c230d0ee578d31c80ca03a90c78c44126c422c42d7

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

Content-Type
text/javascript
truncated
/ 		26 B
0 		Script
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
dbc2930cb35eff36dc7f7b28bb33eedb59fcb304bcf621f86592b5ecaa4268f4

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

Content-Type
text/javascript
truncated
/ 		148 B
0 		Script
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
5caceb91a5c3157b7ce6b8efd3681c2985217520f475dcd5b029145664b0d4df

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

Content-Type
text/javascript
truncated
/ 		194 B
0 		Script
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
c60ae505bc4742036b9e219b6d878d7e50cf4754ea56346e39f19f3f413b4889

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

Content-Type
text/javascript
54.js
www.cpomagazine.com/wp-content/cache/min/1/wp-content/uploads/383/465/public/assets/js/567/ 		10 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.cpomagazine.com/wp-content/cache/min/1/wp-content/uploads/383/465/public/assets/js/567/54.js?ver=1681466606
Requested by
Host: www.cpomagazine.com
URL: https://www.cpomagazine.com/cyber-security/suspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::ac43:be7c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b931ebe83dfbafe0461c6f41e3b0812baf1072238bc22d5ff8a88c3ac6c76f7a
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.cpomagazine.com/cyber-security/suspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Sat, 15 Apr 2023 00:36:17 GMT
strict-transport-security
max-age=15552000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
39970
content-encoding
br
x-proxy-cache-info
DT:1
host-header
8441280b0c35cbc1147f8ba998a563a7
last-modified
Fri, 14 Apr 2023 10:03:26 GMT
server
cloudflare
etag
W/"643924ee-27ce"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FFxx6sFwHPCBC8MriW6PoIwZxcLUvNkV9JLlMte40qulQrZ3uB6aPxcKK8nDMPwvg0pVwyU7nbT1tlGDvigUiF835k%2FD6nwMEEJ8boy6ef8aY1SHjIjx8ZopSKUopyBWiMOP2UIYgkeN4rd0GprRgQc%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=31536000
cf-ray
7b801d08cf71011d-ORD
expires
Sat, 13 Apr 2024 10:03:51 GMT
truncated
/ 		97 B
0 		Script
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
54049ed31cddfc0fe34e9b14306d73a17100f2307fe88272ba2ec3f98be345cf

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

Content-Type
text/javascript
554.js
www.cpomagazine.com/wp-content/cache/min/1/wp-content/uploads/383/465/public/assets/js/567/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.cpomagazine.com/wp-content/cache/min/1/wp-content/uploads/383/465/public/assets/js/567/554.js?ver=1681466606
Requested by
Host: www.cpomagazine.com
URL: https://www.cpomagazine.com/cyber-security/suspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::ac43:be7c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dceb0e6e7212e955a13b2a5b830dcf64211c819e4ef0dab36fdfc097081865d5
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.cpomagazine.com/cyber-security/suspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Sat, 15 Apr 2023 00:36:17 GMT
strict-transport-security
max-age=15552000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
39970
content-encoding
br
x-proxy-cache-info
DT:1
host-header
8441280b0c35cbc1147f8ba998a563a7
last-modified
Fri, 14 Apr 2023 10:03:26 GMT
server
cloudflare
etag
W/"643924ee-102a"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pFR67AkvEJmeiFoBl0tk8CBxxHpv7oHYmyLdHWwn1vPiv%2FJYMD8TlbFwxHaxKec9Flw9livk1W6dd07pXRS5MJE%2FHDKFtkaeI1zJ2VbXGxtCUknf8vc8P95fEIMMgVCQqhICbuSGA2WdoCbGVo0XXTg%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=31536000
cf-ray
7b801d08cf76011d-ORD
expires
Sat, 13 Apr 2024 10:03:51 GMT
truncated
/ 		242 B
0 		Script
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
9e82a31a228f0f3e6b81e21297599c4bf47afa197a373e6da88a441d2067e8a0

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

Content-Type
text/javascript
truncated
/ 		241 B
0 		Script
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
2af478968cfdba350d71cea6da37a73a0105a5b34eefb670d31b68e76233e051

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

Content-Type
text/javascript
truncated
/ 		16 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
b9300c55f12e7f8def6ef28002f820dce1579b90b4e7ec5b9b7582ea7f13371e

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

Content-Type
text/javascript
truncated
/ 		307 B
0 		Script
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
c917dcfe706640daf3c2d180418829991cf8392a0ddcb996e1114703f2b04654

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

Content-Type
text/javascript
js
www.googletagmanager.com/gtag/ 		112 KB
44 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=UA-97159346-1
Requested by
Host: www.cpomagazine.com
URL: https://www.cpomagazine.com/wp-content/cache/min/1/wp-content/uploads/383/14/assets/js/333.js?ver=1681466606
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:809::2008 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
a855a4ac0a2a8d534cb34ff2bed5314d9a72bed53c97b18099820af1fc5323f8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Sat, 15 Apr 2023 00:36:17 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
44619
x-xss-protection
0
last-modified
Sat, 15 Apr 2023 00:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Sat, 15 Apr 2023 00:36:17 GMT
ajax-handler.php
www.cpomagazine.com/wp-content/ 		2 B
614 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.cpomagazine.com/wp-content/ajax-handler.php
Requested by
Host: www.cpomagazine.com
URL: https://www.cpomagazine.com/wp-content/cache/min/1/wp-content/uploads/383/465/public/assets/js/567/54.js?ver=1681466606
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::ac43:be7c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://pagead2.googlesyndication.com
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.cpomagazine.com/cyber-security/suspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

date
Sat, 15 Apr 2023 00:36:17 GMT
content-security-policy
frame-ancestors 'self' https://pagead2.googlesyndication.com
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15552000; includeSubDomains
content-encoding
br
x-proxy-cache-info
DT:1
x-httpd-modphp
1
host-header
8441280b0c35cbc1147f8ba998a563a7
x-xss-protection
1; mode=block
referrer-policy
same-origin
server
cloudflare
vary
Accept-Encoding, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=26X22aAU%2BqDEMlT0kGR%2BvUws7dZFvEEMShZ6n7w7EMiiJulmq0Q%2B1fte6omn4cPn3JspM45eYxgftgiRvDDr6%2BuBXQ2E%2Bhw8%2BZW2QqJigZLzj3bevksCyxwEgqMPZZmaGI9MGn%2B51sfHlYEftMBjByg%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/html; charset=UTF-8
cache-control
no-cache, must-revalidate, max-age=0, smax-age=0
x-robots-tag
noindex
cf-ray
7b801d098879011d-ORD
expires
Sat, 26 Jul 1997 05:00:00 GMT
bidRequest
c2shb.pubgw.yahoo.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://c2shb.pubgw.yahoo.com/bidRequest
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.236.83.94 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-236-83-94.compute-1.amazonaws.com
Software
ATS/9.1.10.25 /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-openrtb-version
Access-Control-Request-Method
POST
Origin
https://www.cpomagazine.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
X-Requested-With,Content-Type,X-Openrtb-Version
access-control-allow-methods
GET,POST,OPTIONS
access-control-allow-origin
https://www.cpomagazine.com
access-control-max-age
600
age
0
content-length
0
date
Sat, 15 Apr 2023 00:36:17 GMT
server
ATS/9.1.10.25
bid
aax.amazon-adsystem.com/e/dtb/ 		641 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://aax.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fwww.cpomagazine.com%2Fcyber-security%2Fsuspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware%2F&pid=ZJEMQMLEPt2O3&cb=1&ws=1600x1200&v=23.407.232&t=1100&slots=%5B%7B%22sd%22%3A%22mmt-65806505-47e9-4bd2-bf30-5646a94827d9-ad%22%2C%22s%22%3A%5B%22300x250%22%5D%2C%22sn%22%3A%22%2F20842576%2C22558570530%2FGSU0BM%2FGSU0BM-DDI.A%22%7D%5D&schain=1.0%2C1!monumetric.com%2C51064762-e29f-4335-ac37-b358a1f27bc2%2C1%2C%2C%2C&pubid=76b6d1d8-9f58-4ac7-a92e-f3232afccc8a&gdpre=0&gdprl=%7B%22status%22%3A%22tcfv2-success%22%7D&vm=%7B%22ids%22%3A%7B%22id5%22%3A%22ID5*8QJMToHjLhI41MQ6utISKy5xNxzU35fuwAaI9hSx7VxEBQ6ZwsW32VhQCy_jUR7dRAagl9kWlwgB0bfFbatM1g%22%2C%22pubcommon%22%3A%22f6a3602b-20d0-453b-ab39-49dbb75d7ee8%22%7D%7D
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.161.39.198 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-161-39-198.bos50.r.cloudfront.net
Software
Server /
Resource Hash
cf1f8319ca782b440884e208138f7ead21a63f78e5fed43638f3e0104a8e1685
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Sat, 15 Apr 2023 00:36:18 GMT
strict-transport-security
max-age=47474747; includeSubDomains; preload
via
1.1 f04a2b77fe825698462093be23699756.cloudfront.net (CloudFront)
server
Server
x-amz-cf-pop
BOS50-P2
x-amz-rid
W9R05JBB13SRFQM097CE
vary
Accept-Encoding,User-Agent
x-cache
Miss from cloudfront
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
https://www.cpomagazine.com
access-control-allow-credentials
true
timing-allow-origin
*
content-length
641
x-amz-cf-id
IQXLKhYM_KGY9Q-4qS2dZ1xvbqow4r4000dcWGgK4RckrH22ansSTQ==
dcmads.js
www.googletagservices.com/dcm/ 		16 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/dcm/dcmads.js
Requested by
Host: www.cpomagazine.com
URL: https://www.cpomagazine.com/wp-content/cache/min/1/wp-content/uploads/383/14/assets/js/333.js?ver=1681466606
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81e::2002 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
7bc0c4519150a490750c0f9f77857d5af952bca0bad56e3db6d24bd79f18b4e7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Sat, 15 Apr 2023 00:10:42 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
1535
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-dcm-tag
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
6883
x-xss-protection
0
last-modified
Wed, 15 Feb 2023 19:52:36 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="ads-dcm-tag"
vary
Accept-Encoding
report-to
{"group":"ads-dcm-tag","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-dcm-tag"}]}
content-type
text/javascript
cache-control
public, max-age=3600
accept-ranges
bytes
expires
Sat, 15 Apr 2023 01:10:42 GMT
collect
www.google-analytics.com/ 		35 B
132 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google-analytics.com/collect?v=1&_v=j99&aip=1&a=882669968&t=pageview&_s=2&dl=https%3A%2F%2Fwww.cpomagazine.com%2Fcyber-security%2Fsuspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware%2F&ul=en-us&de=UTF-8&dt=Suspected%20Chinese%20Threat%20Actors%20Infected%20IRS%20Authorized%20Tax%20Return%20Website%20With%20JavaScript%20Malware%20-%20CPO%20Magazine&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aGDACUABBAAAACAAI~&jid=&gjid=&cid=557382840.1681518967&tid=UA-97159346-1&_gid=1576265047.1681518967&gtm=457e34c0&did=dZTNiMT&gdid=dZTNiMT&jsscut=1&z=1425237074
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:816::200e New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 14 Apr 2023 20:31:13 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
14704
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
Frame-40017_728x90.png
www.cpomagazine.com/wp-content/uploads/2023/01/ 		21 KB
21 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.cpomagazine.com/wp-content/uploads/2023/01/Frame-40017_728x90.png
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::ac43:be7c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9d82902c9ad1d86f5119662f0e507926c6a12ef1c4ba4eb83b886ce8cd0460d4
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.cpomagazine.com/cyber-security/suspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Sat, 15 Apr 2023 00:36:17 GMT
strict-transport-security
max-age=15552000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
453545
x-proxy-cache-info
DT:1
host-header
8441280b0c35cbc1147f8ba998a563a7
content-length
21542
last-modified
Mon, 27 Mar 2023 04:29:12 GMT
server
cloudflare
etag
"64211b98-5426"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0bSwJ1JtMDzusHrmGiOt2YrHoRU7mp5GaU3i0YtH9ucMMOaJAwxjgxQE0EldnMafdm90mW%2BEn1FC%2FGzS5vAP8i37H7NKf%2BMKEop%2FIBgniZLsInch4e1f0UggaFLUQfFz02GtdJ%2BK967FJ1F6Sy8ZUVo%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/webp
cache-control
max-age=31536000
accept-ranges
bytes
cf-ray
7b801d0bcbaa011d-ORD
expires
Tue, 26 Mar 2024 05:02:15 GMT
mmt.gif
imps.monu.delivery/ 		37 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://imps.monu.delivery/mmt.gif?s=378656d2-f9de-4c85-8a3e-09b46c005318&a=s.d&u=65806505-47e9-4bd2-bf30-5646a94827d9
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.186.236.140 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
140.236.186.35.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
b2e4d08754839510a3d77ddf8205a515e51e4277c323932b10441196744ce757

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Sat, 18 Mar 2023 21:52:05 GMT
age
2342652
x-guploader-uploadid
ADPycdtubwQalT_2g6m8-2YqpQC5joU8a_RZ5sxsFUo1pHnc37qCC9oqG_o2AybqFk-jd0o7cE-3QmrGzhwX10dciOr7k2m_BeqN
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
5
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
37
last-modified
Wed, 12 Jul 2017 09:13:19 GMT
server
UploadServer
etag
"455005e2f4b8ecc484500fab08619f70"
x-goog-generation
1499850799559224
x-goog-hash
crc32c=1zd0wQ==, md5=RVAF4vS47MSEUA+rCGGfcA==
content-type
image/gif
cache-control
public, max-age=31536000
x-goog-stored-content-length
37
accept-ranges
bytes
expires
Sun, 17 Mar 2024 21:52:05 GMT
imp
g2.gumgum.com/hbid/ 		675 B
778 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://g2.gumgum.com/hbid/imp?lt=1681518977880&to=0&aun=mmt-65806505-47e9-4bd2-bf30-5646a94827d9-ad&pubcid=f6a3602b-20d0-453b-ab39-49dbb75d7ee8&id5id=ID5*8QJMToHjLhI41MQ6utISKy5xNxzU35fuwAaI9hSx7VxEBQ6ZwsW32VhQCy_jUR7dRAagl9kWlwgB0bfFbatM1g&tdid=c3db27b5-56e8-4f77-8870-8d51c49d4722&gpid=%2F20842576%2C22558570530%2FGSU0BM%2FGSU0BM-DDI.A%23repeatable-1&pv=ae44de31-6f1b-4579-ac0e-29ae61b79816&maxw=300&maxh=250&si=222946&pi=3&bf=300x250&uspConsent=1---&schain=1.0%2C1!monumetric.com%2C51064762-e29f-4335-ac37-b358a1f27bc2%2C1%2C6dfc5195-44c0-48b7-9786-74e7f1c222b9%2C%2C&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fwww.cpomagazine.com%2Fcyber-security%2Fsuspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware%2F&ce=false&dpr=1&jcsi=%7B%22t%22%3A0%2C%22rq%22%3A8%2C%22pbv%22%3A%227.34.0%22%7D&ogu=https%3A%2F%2Fwww.cpomagazine.com%2Fcyber-security%2Fsuspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware%2F&ns=10240
Requested by
Host: monu.delivery
URL: https://monu.delivery/sitesplit/d3/0.4.5/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.235.206.17 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-18-235-206-17.compute-1.amazonaws.com
Software
nginx /
Resource Hash
94ab74a6aa8a5a9884c210c3b27563475238da4f46cc3132368222e0dd33a46b

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sat, 15 Apr 2023 00:36:17 GMT
content-encoding
gzip
server
nginx
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://www.cpomagazine.com
cache-control
private, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
timing-allow-origin
*
expires
0
bidRequest
c2shb.pubgw.yahoo.com/ 		66 B
310 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c2shb.pubgw.yahoo.com/bidRequest
Requested by
Host: monu.delivery
URL: https://monu.delivery/sitesplit/d3/0.4.5/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.236.83.94 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-236-83-94.compute-1.amazonaws.com
Software
ATS/9.1.10.25 /
Resource Hash
2bade56a7ffba357a889833a2ee130dba8ed6f3ac07ccb69306a7f0713902e75

Request headers

Referer
x-openrtb-version
2.5
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
application/json

Response headers

date
Sat, 15 Apr 2023 00:36:18 GMT
content-encoding
gzip
server
ATS/9.1.10.25
age
1
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Accept-Encoding, User-Agent
access-control-allow-methods
POST,GET,HEAD,OPTIONS
content-type
application/json;charset=utf-8
access-control-allow-origin
https://www.cpomagazine.com
access-control-allow-credentials
true
content-length
84
prebid
ib.adnxs.com/ut/v3/ 		19 B
982 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: monu.delivery
URL: https://monu.delivery/sitesplit/d3/0.4.5/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
68.67.179.153 North Bergen, United States, ASN29990 (ASN-APPNEX, US),
Reverse DNS
570.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
0c09c070833c786cb25be38bc30992b30bad578f817dbc9e34beacd8b8ea44c5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Sat, 15 Apr 2023 00:36:17 GMT
AN-X-Request-Uuid
bfcc8d47-8a6e-4c3f-9d6c-970ac78cda61
Server
nginx/1.21.3
Accept-CH
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type
application/json; charset=utf-8
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
https://www.cpomagazine.com
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
X-Proxy-Origin
167.88.7.162; 167.88.7.162; 570.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
Content-Length
19
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
v2
e.serverbid.com/api/ 		16 B
225 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://e.serverbid.com/api/v2
Requested by
Host: monu.delivery
URL: https://monu.delivery/sitesplit/d3/0.4.5/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
159.89.246.130 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
/
Resource Hash
903eb8f1cc364e01930ba03579f049a72794aa91d1a5842a2edb6365e436bb7c

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
text/plain

Response headers

date
Sat, 15 Apr 2023 00:36:17 GMT
content-encoding
gzip
access-control-max-age
10080
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/json
access-control-allow-origin
https://www.cpomagazine.com
access-control-allow-credentials
true
access-control-allow-headers
origin, content-type, accept
content-length
42
trinity.json
apex.go.sonobi.com/ 		861 B
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://apex.go.sonobi.com/trinity.json?key_maker=%7B%2257b2fcc07f7bc2b%22%3A%22dcc4cd9596e80d497120%7C300x250%7Cgpid%3D%2F20842576%2C22558570530%2FGSU0BM%2FGSU0BM-DDI.A%23repeatable-1%2Cc%3Dd%2C%22%7D&ref=https%3A%2F%2Fwww.cpomagazine.com%2Fcyber-security%2Fsuspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware%2F&s=edf818c5-4f70-499c-ab30-1b04e280c855&pv=a8d57ca9-d890-4c53-9b91-7829f485246f&vp=desktop&lib_name=prebid&lib_v=7.34.0&us=5&fpd=%7B%22regs%22%3A%7B%22ext%22%3A%7B%22us_privacy%22%3A%221---%22%7D%7D%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fwww.cpomagazine.com%2Fcyber-security%2Fsuspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware%2F%22%2C%22domain%22%3A%22cpomagazine.com%22%2C%22publisher%22%3A%7B%22domain%22%3A%22cpomagazine.com%22%7D%7D%2C%22device%22%3A%7B%22w%22%3A1600%2C%22h%22%3A1200%2C%22dnt%22%3A0%2C%22ua%22%3A%22Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F112.0.5615.49%20Safari%2F537.36%22%2C%22language%22%3A%22en%22%2C%22sua%22%3A%7B%22source%22%3A2%2C%22browsers%22%3A%5B%5D%2C%22mobile%22%3A0%2C%22model%22%3A%22%22%2C%22bitness%22%3A%22%22%2C%22architecture%22%3A%22%22%7D%7D%7D&ius=0&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22monumetric.com%22%2C%22sid%22%3A%2251064762-e29f-4335-ac37-b358a1f27bc2%22%2C%22hp%22%3A1%2C%22rid%22%3A%22e2c657d8-6cd4-49b2-858f-a90b4ba37720%22%7D%5D%7D&userid=%7B%22pubcid%22%3A%22f6a3602b-20d0-453b-ab39-49dbb75d7ee8%22%2C%22id5id%22%3A%22ID5*8QJMToHjLhI41MQ6utISKy5xNxzU35fuwAaI9hSx7VxEBQ6ZwsW32VhQCy_jUR7dRAagl9kWlwgB0bfFbatM1g%22%2C%22tdid%22%3A%22c3db27b5-56e8-4f77-8870-8d51c49d4722%22%7D&eids=%5B%7B%22source%22%3A%22pubcid.org%22%2C%22uids%22%3A%5B%7B%22id%22%3A%22f6a3602b-20d0-453b-ab39-49dbb75d7ee8%22%2C%22atype%22%3A1%7D%5D%7D%2C%7B%22source%22%3A%22id5-sync.com%22%2C%22uids%22%3A%5B%7B%22id%22%3A%22ID5*8QJMToHjLhI41MQ6utISKy5xNxzU35fuwAaI9hSx7VxEBQ6ZwsW32VhQCy_jUR7dRAagl9kWlwgB0bfFbatM1g%22%2C%22atype%22%3A1%2C%22ext%22%3A%7B%22linkType%22%3A2%7D%7D%5D%7D%2C%7B%22source%22%3A%22adserver.org%22%2C%22uids%22%3A%5B%7B%22id%22%3A%22c3db27b5-56e8-4f77-8870-8d51c49d4722%22%2C%22atype%22%3A1%2C%22ext%22%3A%7B%22rtiPartner%22%3A%22TDID%22%7D%7D%5D%7D%5D&us_privacy=1---&coppa=0
Requested by
Host: monu.delivery
URL: https://monu.delivery/sitesplit/d3/0.4.5/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
69.166.1.14 , United States, ASN27630 (AS-XFERNET, US),
Reverse DNS
Software
sonobi-go /
Resource Hash
7d10f96baf70d96b77e853a5c843c6e010f6f51a13d5cbcb5531f37ee6e11033
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Sat, 15 Apr 2023 00:36:18 GMT
Content-Encoding
gzip
Server
sonobi-go
Vary
negotiate,Accept-Encoding
X-Go-Server
go-iad-2-5-33
Content-Type
application/json
P3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin
https://www.cpomagazine.com
Cache-Control
no-cache, no-store, private
Access-Control-Allow-Credentials
true
Tcn
Choice
Content-Length
479
X-Xss-Protection
0
Expires
Sat, 26 Jul 1997 05:00:00 GMT
bid
ap.lijit.com/rtb/ 		24 B
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://ap.lijit.com/rtb/bid?src=prebid_prebid_7.34.0
Requested by
Host: monu.delivery
URL: https://monu.delivery/sitesplit/d3/0.4.5/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.92.190.68 Charlotte, United States, ASN10913 (INTERNAP-BLK, US),
Reverse DNS
Software
/
Resource Hash
4a8ed15fc730af0dc9bfa83e01c77cb09b690ddba25bb5dc5617e871196a7573

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
text/plain

Response headers

Date
Sat, 15 Apr 2023 00:36:17 GMT
Vary
Accept-Encoding, User-Agent
Access-Control-Allow-Methods
GET, POST, DELETE, PUT
Content-Type
application/json
Access-Control-Allow-Origin
https://www.cpomagazine.com
Access-Control-Allow-Credentials
true
X-Sovrn-Pod
ad_ap2ewr1
Access-Control-Allow-Headers
X-Requested-With, Content-Type
Content-Length
24
v1
hb-api.omnitagjs.com/hb-api/prebid/ 		180 B
340 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://hb-api.omnitagjs.com/hb-api/prebid/v1?RefererUrl=https%3A%2F%2Fwww.cpomagazine.com%2Fcyber-security%2Fsuspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware%2F&PageUrl=https%3A%2F%2Fwww.cpomagazine.com%2Fcyber-security%2Fsuspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware%2F&PageReferrer=https%3A%2F%2Fwww.cpomagazine.com%2Fcyber-security%2Fsuspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware%2F&CanonicalUrl=https%3A%2F%2Fwww.cpomagazine.com%2Fcyber-security%2Fsuspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware%2F
Requested by
Host: monu.delivery
URL: https://monu.delivery/sitesplit/d3/0.4.5/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
195.244.31.11 Newark, United States, ASN63140 (IGUANA-WORLDWIDE, US),
Reverse DNS
Software
ayl-lb-usa02 /
Resource Hash
5d80c98fb61975af43d63cdd0fa46018b43d1280a5a6d346009a4753aecc2483
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
text/plain

Response headers

date
Sat, 15 Apr 2023 00:36:17 GMT
x-content-type-options
nosniff
p3p
CP="CAO PSA OUR"
x-envoy-upstream-service-time
16
content-length
180
pragma
no-cache
server
ayl-lb-usa02
access-control-max-age
3600
access-control-allow-methods
OPTIONS, POST
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.cpomagazine.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
vary
Accept-Encoding
access-control-allow-headers
Accept-Encoding, Content-Type
expires
0
fastlane.json
fastlane.rubiconproject.com/a/api/ 		502 B
559 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=23852&site_id=389792&zone_id=2276222&size_id=15&p_pos=btf&us_privacy=1---&rp_schain=1.0,1!monumetric.com,51064762-e29f-4335-ac37-b358a1f27bc2,1,e2c657d8-6cd4-49b2-858f-a90b4ba37720,,&eid_pubcid.org=f6a3602b-20d0-453b-ab39-49dbb75d7ee8%5E1&eid_id5-sync.com=ID5*8QJMToHjLhI41MQ6utISKy5xNxzU35fuwAaI9hSx7VxEBQ6ZwsW32VhQCy_jUR7dRAagl9kWlwgB0bfFbatM1g%5E1%5E2&tpid_tdid=c3db27b5-56e8-4f77-8870-8d51c49d4722&eid_adserver.org=c3db27b5-56e8-4f77-8870-8d51c49d4722&rf=https%3A%2F%2Fwww.cpomagazine.com%2Fcyber-security%2Fsuspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware%2F&tg_i.page=https%3A%2F%2Fwww.cpomagazine.com%2Fcyber-security%2Fsuspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware%2F&tg_i.domain=cpomagazine.com&tg_i.pbadslot=%2F20842576%2C22558570530%2FGSU0BM%2FGSU0BM-DDI.A%23repeatable-1&tk_flint=pbjs_lite_v7.34.0&x_source.tid=99972627-dcc6-43ba-bef7-7a0a15a939a5&l_pb_bid_id=63679ab30382ffa&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&p_gpid=%2F20842576%2C22558570530%2FGSU0BM%2FGSU0BM-DDI.A%23repeatable-1&slots=1&rand=0.3145657473830614
Requested by
Host: monu.delivery
URL: https://monu.delivery/sitesplit/d3/0.4.5/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2602:803:c002:200::115 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.21.4 /
Resource Hash
fb3988b6fa5f64ea8de4cb6b8309d5b826685f81690a8c1f5a51366fe754dfb0

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sat, 15 Apr 2023 00:36:18 GMT
server
nginx/1.21.4
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
https://www.cpomagazine.com
p3p
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
content-length
502
expires
Wed, 17 Sep 1975 21:32:10 GMT
v1
btlr.sharethrough.com/universal/ 		795 B
957 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by
Host: monu.delivery
URL: https://monu.delivery/sitesplit/d3/0.4.5/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
52.55.204.172 -, , ASN (),
Reverse DNS
Software
/
Resource Hash
2ff89ded434e81949bb71cbfe7f2e1a1f479ce0ca499858ebfb43b4cf4e4f0ac

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
text/plain

Response headers

date
Sat, 15 Apr 2023 00:36:18 GMT
content-encoding
gzip
x-openrtb-version
2.5
vary
Origin
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.cpomagazine.com
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-length
437
prebid
ads.yieldmo.com/exchange/ 		0
227 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ads.yieldmo.com/exchange/prebid?pbav=7.34.0&p=%5B%7B%22placement_id%22%3A%22mmt-65806505-47e9-4bd2-bf30-5646a94827d9-ad%22%2C%22callback_id%22%3A%22670154a10c97bb5%22%2C%22sizes%22%3A%5B%5B300%2C250%5D%5D%2C%22ym_placement_id%22%3A%222668194220820340961%22%2C%22gpid%22%3A%22%2F20842576%2C22558570530%2FGSU0BM%2FGSU0BM-DDI.A%23repeatable-1%22%2C%22tid%22%3A%2299972627-dcc6-43ba-bef7-7a0a15a939a5%22%2C%22auctionId%22%3A%225155f40a-e50e-4c1d-a634-36a96d38942e%22%7D%5D&page_url=https%3A%2F%2Fwww.cpomagazine.com%2Fcyber-security%2Fsuspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware%2F&bust=1681518977892&dnt=false&description=Suspected%20Chinese%20threat%20actors%20compromised%20an%20IRS-authorized%20online%20tax%20return%20website%20eFile.com%20using%20JavaScript%20malware%20to%20create%20backdoors%20on%20users%E2%80%99%20devices.&userConsent=%7B%22gdprApplies%22%3A%22%22%2C%22cmp%22%3A%22%22%7D&us_privacy=1---&pr=&scrd=1&title=Suspected%20Chinese%20Threat%20Actors%20Infected%20IRS%20Authorized%20Tax%20Return%20Website%20With%20JavaScript%20Malware%20-%20CPO%20Magazine&w=1600&h=1200&pubcid=f6a3602b-20d0-453b-ab39-49dbb75d7ee8&tdid=c3db27b5-56e8-4f77-8870-8d51c49d4722&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22monumetric.com%22%2C%22sid%22%3A%2251064762-e29f-4335-ac37-b358a1f27bc2%22%2C%22hp%22%3A1%2C%22rid%22%3A%22e2c657d8-6cd4-49b2-858f-a90b4ba37720%22%7D%5D%7D&eids=%5B%7B%22source%22%3A%22pubcid.org%22%2C%22uids%22%3A%5B%7B%22id%22%3A%22f6a3602b-20d0-453b-ab39-49dbb75d7ee8%22%2C%22atype%22%3A1%7D%5D%7D%2C%7B%22source%22%3A%22id5-sync.com%22%2C%22uids%22%3A%5B%7B%22id%22%3A%22ID5*8QJMToHjLhI41MQ6utISKy5xNxzU35fuwAaI9hSx7VxEBQ6ZwsW32VhQCy_jUR7dRAagl9kWlwgB0bfFbatM1g%22%2C%22atype%22%3A1%2C%22ext%22%3A%7B%22linkType%22%3A2%7D%7D%5D%7D%2C%7B%22source%22%3A%22adserver.org%22%2C%22uids%22%3A%5B%7B%22id%22%3A%22c3db27b5-56e8-4f77-8870-8d51c49d4722%22%2C%22atype%22%3A1%2C%22ext%22%3A%7B%22rtiPartner%22%3A%22TDID%22%7D%7D%5D%7D%5D
Requested by
Host: monu.delivery
URL: https://monu.delivery/sitesplit/d3/0.4.5/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.214.100.121 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-214-100-121.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://www.cpomagazine.com
pragma
no-cache
date
Sat, 15 Apr 2023 00:36:18 GMT
access-control-allow-credentials
true
x-robots-tag
none,NOINDEX,NOFOLLOW
access-control-allow-methods
POST, GET, OPTIONS
access-control-request-headers
Cache-Control, Pragma
pbjs
htlb.casalemedia.com/openrtb/ 		37 B
332 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://htlb.casalemedia.com/openrtb/pbjs?s=201337
Requested by
Host: monu.delivery
URL: https://monu.delivery/sitesplit/d3/0.4.5/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.24.185 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ee88d7fe4fec2ac82a04b20b5b0d2ae70b6184b0a588e3cf2c2bcf661b3378fb

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sat, 15 Apr 2023 00:36:17 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5HfbL1p6HVqoymPIl%2FdmZ3omZFZ0Ou9jQou6F9vnXzrQiQ2v3cNPjB%2BakR5kcwoQr1PwRQ61T5YTx%2F5ea6jzo4ChiiKLvVgyJCPm%2Bq8FrEbNlg0wL5sia7A6thnhPpGLUrTvdmTp"}],"group":"cf-nel","max_age":604800}
content-type
application/json
access-control-allow-origin
https://www.cpomagazine.com
cache-control
no-cache
access-control-allow-credentials
true
cf-ray
7b801d0c0ce7232d-ORD
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
37
expires
0
translator
hbopenbid.pubmatic.com/ 		0
63 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by
Host: monu.delivery
URL: https://monu.delivery/sitesplit/d3/0.4.5/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.36.115.111 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://www.cpomagazine.com
date
Sat, 15 Apr 2023 00:36:17 GMT
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
c
prebid.a-mo.net/a/ 		245 B
381 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebid.a-mo.net/a/c
Requested by
Host: monu.delivery
URL: https://monu.delivery/sitesplit/d3/0.4.5/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
145.40.88.5 Secaucus, United States, ASN54825 (PACKET, US),
Reverse DNS
Software
envoy /
Resource Hash
acce299f5a2d2f91fab07ad234ddecd80ec3fa800bd207720c44102f4e0f379e

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
text/plain

Response headers

date
Sat, 15 Apr 2023 00:36:17 GMT
content-encoding
gzip
server
envoy
vary
origin, Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.cpomagazine.com
cache-control
max-age=0, private, must-revalidate
access-control-allow-credentials
true
x-envoy-upstream-service-time
5
637e6546decb82d45236f0f8
prebid.cootlogix.com/prebid/multi/ 		0
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebid.cootlogix.com/prebid/multi/637e6546decb82d45236f0f8
Requested by
Host: monu.delivery
URL: https://monu.delivery/sitesplit/d3/0.4.5/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
45.77.203.141 Piscataway, United States, ASN20473 (AS-CHOOPA, US),
Reverse DNS
45.77.203.141.vultrusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://www.cpomagazine.com
date
Sat, 15 Apr 2023 00:36:18 GMT
cache-control
max-age=0, no-cache, must-revalidate, proxy-revalidate
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, Content-Range, Cache-Control
content-length
0
prebid
prebid.media.net/rtb/ 		651 B
501 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebid.media.net/rtb/prebid?cid=8CUWWG7OK
Requested by
Host: monu.delivery
URL: https://monu.delivery/sitesplit/d3/0.4.5/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.107.148.139 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
139.148.107.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
5edf87d91ac7f84f7107140caf7c3c3d2441106fe490bcdb81d60c16be69f88a

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sat, 15 Apr 2023 00:36:18 GMT
content-encoding
gzip
via
1.1 google
server
nginx
accept-ch
Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://www.cpomagazine.com
cache-control
max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
alt-svc
clear
expires
Sat, 15 Apr 2023 00:36:17 GMT
impl_v95.js
www.googletagservices.com/dcm/ 		60 KB
23 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/dcm/impl_v95.js
Requested by
Host: www.cpomagazine.com
URL: https://www.cpomagazine.com/wp-content/cache/min/1/wp-content/uploads/383/14/assets/js/333.js?ver=1681466606
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81e::2002 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
83a818561b7f93e0f7664504ef5993250ab3f2e6420b5d73cf708fba0f5665e4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Mon, 10 Apr 2023 21:12:53 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
357804
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-dcm-tag
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
23368
x-xss-protection
0
last-modified
Mon, 13 Feb 2023 18:47:20 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="ads-dcm-tag"
vary
Accept-Encoding
report-to
{"group":"ads-dcm-tag","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-dcm-tag"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Tue, 09 Apr 2024 21:12:53 GMT
adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/ 		137 KB
47 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-1360089709940309
Requested by
Host: www.cpomagazine.com
URL: https://www.cpomagazine.com/wp-content/cache/min/1/wp-content/uploads/383/14/assets/js/333.js?ver=1681466606
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4020:805::2002 Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
0d7e992398c5583785f67d5d8c6fc73e5db747036eaca729d2fb790e2d98de2a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
Origin
https://www.cpomagazine.com
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Sat, 15 Apr 2023 00:36:18 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
47833
x-xss-protection
0
server
cafe
etag
7918059250690622291
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Sat, 15 Apr 2023 00:36:18 GMT
show_ads_impl_fy2021.js
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202304100101/ 		345 KB
115 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202304100101/show_ads_impl_fy2021.js?bust=31073762
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-1360089709940309
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4020:805::2002 Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
4392c1b8a6c7c523e0d7d31b05e805b2e5540c266d87933179337f3d9d74fae4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Sat, 15 Apr 2023 00:36:18 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
118211
x-xss-protection
0
server
cafe
etag
6093561205005857777
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=1209600
timing-allow-origin
*
expires
Sat, 15 Apr 2023 00:36:18 GMT
zrt_lookup.html
googleads.g.doubleclick.net/pagead/html/r20230412/r20190131/ Frame 05BD 		10 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/html/r20230412/r20190131/zrt_lookup.html
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-1360089709940309
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81f::2002 -, , ASN (),
Reverse DNS
Software
cafe /
Resource Hash
ca070dfc7785775cbf5cce16064029ee534259de42c6d9de10e476e710000e93
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

age
20700
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=1209600
content-encoding
br
content-length
4549
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Fri, 14 Apr 2023 18:51:18 GMT
etag
2378337311435320485
expires
Fri, 28 Apr 2023 18:51:18 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/ 		137 KB
47 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-1360089709940309
Requested by
Host: www.cpomagazine.com
URL: https://www.cpomagazine.com/wp-content/cache/min/1/wp-content/uploads/383/14/assets/js/333.js?ver=1681466606
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4020:805::2002 Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
301600537083f6a2fe757fd25d475ca1e6ea804bf7fa0e488b6243e838841f4b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
Origin
https://www.cpomagazine.com
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Sat, 15 Apr 2023 00:36:18 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
47803
x-xss-protection
0
server
cafe
etag
7693137078126267358
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Sat, 15 Apr 2023 00:36:18 GMT
integrator.js
adservice.google.com/adsid/ 		107 B
165 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=www.cpomagazine.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304130101/pubads_impl.js?cb=31073843
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4020:806::2002 Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Sat, 15 Apr 2023 00:36:18 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
content-type
application/javascript; charset=UTF-8
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
100
x-xss-protection
0
ads
securepubads.g.doubleclick.net/gampad/ 		53 KB
20 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?pvsid=4164485387214954&correlator=1272395062155654&eid=31072020%2C31073828%2C31073843%2C676982961%2C31061691%2C31061692&output=ldjh&gdfp_req=1&vrg=202304130101&ptt=17&impl=fif&gdpr=0&us_privacy=1---&iu_parts=20842576%3A22558570530%2CGSU0BM%2CGSU0BM-DDI.A&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=300x250&ifi=4&adks=2136502717&sfv=1-0-40&prev_scp=pos%3D1%26monu%3D300x250_B1%26amznbid%3Dtjjmkg%26amznp%3D1v2ipkw%26amzniid%3DJI0tw0Zg4ekWp4TEeEAa664AAAGHgldkPAEAAAJYAQBhcHNfdHhuX2JpZDEgICBhcHNfdHhuX2ltcDEgICDPLb7C%26amznsz%3D300x250%26target_adx_floor%3D0.00%26refresh_count%3D0%26tabVisibilityState%3Dvisible%26max_bid%3Dnone%26context%3D0__chrome&eri=1&cust_params=page_num%3Dundefined%26big4%3Dtrue%26referrer%3Ddirect%26infolinks%3Dtrue%26hem_included%3Dfalse%26tcf_gdprApplies%3Dfalse%26tcfBehavior%3DnotApplicable&sc=1&cookie=ID%3Ddbb218a7b09e9ffc%3AT%3D1681518969%3AS%3DALNI_MZ_54gw5Po37YGUasJzBAJR9z_tRQ&gpic=UID%3D00000be2ab1fca0e%3AT%3D1681518969%3ART%3D1681518969%3AS%3DALNI_MaDsYPmWyU5yV_OwRsNx6yGEDPQ8g&abxe=1&dt=1681518978292&lmt=1681509637&dlt=1681518966562&idt=2549&adxs=685&adys=1040&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=2&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fwww.cpomagazine.com%2Fcyber-security%2Fsuspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware%2F&rumc=4164485387214954&rume=1&frm=20&vis=1&psz=300x-1&msz=300x-1&fws=0&ohw=0&psts=AHQMDFetgnz5xssIcXevtINAuxsYIgg2uF-5qbKgHuxZegwZh7MvO-PtuiTEnN9v5aaK9j8Hq9Z_4KzZASbfpiOvWrb0yQ&ga_vid=557382840.1681518967&ga_sid=1681518969&ga_hid=882669968&ga_fc=true
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304130101/pubads_impl.js?cb=31073843
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4020:805::2002 Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Sat, 15 Apr 2023 00:36:18 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
20871
x-xss-protection
0
google-lineitem-id
6249261992
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
138425997588
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://www.cpomagazine.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
bid
aax.amazon-adsystem.com/e/dtb/ 		641 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://aax.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fwww.cpomagazine.com%2Fcyber-security%2Fsuspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware%2F&pid=ZJEMQMLEPt2O3&cb=2&ws=1600x1200&v=23.407.232&t=1100&slots=%5B%7B%22sd%22%3A%22mmt-7c484d7b-0e27-4bec-ab1d-5681e5c25576-ad%22%2C%22s%22%3A%5B%22300x250%22%2C%22300x600%22%5D%2C%22sn%22%3A%22%2F20842576%2C22558570530%2FGSU0BM%2FGSU0BM-DDS.B%22%7D%5D&schain=1.0%2C1!monumetric.com%2C51064762-e29f-4335-ac37-b358a1f27bc2%2C1%2C%2C%2C&pubid=76b6d1d8-9f58-4ac7-a92e-f3232afccc8a&gdpre=0&gdprl=%7B%22status%22%3A%22tcfv2-success%22%7D&vm=%7B%22ids%22%3A%7B%22id5%22%3A%22ID5*8QJMToHjLhI41MQ6utISKy5xNxzU35fuwAaI9hSx7VxEBQ6ZwsW32VhQCy_jUR7dRAagl9kWlwgB0bfFbatM1g%22%2C%22pubcommon%22%3A%22f6a3602b-20d0-453b-ab39-49dbb75d7ee8%22%7D%7D
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.161.39.198 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-161-39-198.bos50.r.cloudfront.net
Software
Server /
Resource Hash
0c5ba36d17dbb2d161ba94d7a42ddb19d35e24655843780991d300a54ff3747b
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Sat, 15 Apr 2023 00:36:18 GMT
strict-transport-security
max-age=47474747; includeSubDomains; preload
via
1.1 f04a2b77fe825698462093be23699756.cloudfront.net (CloudFront)
server
Server
x-amz-cf-pop
BOS50-P2
x-amz-rid
C3CBHPRPDWT5ASS5VK1N
vary
Accept-Encoding,User-Agent
x-cache
Miss from cloudfront
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
https://www.cpomagazine.com
access-control-allow-credentials
true
timing-allow-origin
*
content-length
641
x-amz-cf-id
1bANm-o5vcqpMSs6HNjjwJghj31MhFBcsdEqqVL4DX2-UbgsHYDGcg==
bid
aax.amazon-adsystem.com/e/dtb/ 		656 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://aax.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fwww.cpomagazine.com%2Fcyber-security%2Fsuspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware%2F&pid=ZJEMQMLEPt2O3&cb=3&ws=1600x1200&v=23.407.232&t=1100&slots=%5B%7B%22sd%22%3A%22mmt-a3351054-7e69-4664-86d7-41f1c0f3fe7e-ad%22%2C%22s%22%3A%5B%22300x250%22%2C%22300x600%22%5D%2C%22sn%22%3A%22%2F20842576%2C22558570530%2FGSU0BM%2FGSU0BM-DDS.A%22%7D%5D&schain=1.0%2C1!monumetric.com%2C51064762-e29f-4335-ac37-b358a1f27bc2%2C1%2C%2C%2C&pubid=76b6d1d8-9f58-4ac7-a92e-f3232afccc8a&gdpre=0&gdprl=%7B%22status%22%3A%22tcfv2-success%22%7D&vm=%7B%22ids%22%3A%7B%22id5%22%3A%22ID5*8QJMToHjLhI41MQ6utISKy5xNxzU35fuwAaI9hSx7VxEBQ6ZwsW32VhQCy_jUR7dRAagl9kWlwgB0bfFbatM1g%22%2C%22pubcommon%22%3A%22f6a3602b-20d0-453b-ab39-49dbb75d7ee8%22%7D%7D
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.161.39.198 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-161-39-198.bos50.r.cloudfront.net
Software
Server /
Resource Hash
bce9806f44de9d2a512a3719e0c9a106152572b0f0279c18012e7a892cd9dd2e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Sat, 15 Apr 2023 00:36:18 GMT
strict-transport-security
max-age=47474747; includeSubDomains; preload
via
1.1 f04a2b77fe825698462093be23699756.cloudfront.net (CloudFront)
server
Server
x-amz-cf-pop
BOS50-P2
x-amz-rid
XWRJ3SKDA5Z6AQ24TDFC
vary
Accept-Encoding,User-Agent
x-cache
Miss from cloudfront
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
https://www.cpomagazine.com
access-control-allow-credentials
true
timing-allow-origin
*
content-length
656
x-amz-cf-id
XGVav4yyfD0tcfzBjB5SKOlzojdofls8dIqIeVuDBcnKY-ROzGqNww==
bid
aax.amazon-adsystem.com/e/dtb/ 		641 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://aax.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fwww.cpomagazine.com%2Fcyber-security%2Fsuspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware%2F&pid=ZJEMQMLEPt2O3&cb=4&ws=1600x1200&v=23.407.232&t=1100&slots=%5B%7B%22sd%22%3A%22mmt-67263a0a-e2a0-4b54-bd61-25366a6be707-ad%22%2C%22s%22%3A%5B%22300x250%22%2C%22300x600%22%5D%2C%22sn%22%3A%22%2F20842576%2C22558570530%2FGSU0BM%2FGSU0BM-DDS.C%22%7D%5D&schain=1.0%2C1!monumetric.com%2C51064762-e29f-4335-ac37-b358a1f27bc2%2C1%2C%2C%2C&pubid=76b6d1d8-9f58-4ac7-a92e-f3232afccc8a&gdpre=0&gdprl=%7B%22status%22%3A%22tcfv2-success%22%7D&vm=%7B%22ids%22%3A%7B%22id5%22%3A%22ID5*8QJMToHjLhI41MQ6utISKy5xNxzU35fuwAaI9hSx7VxEBQ6ZwsW32VhQCy_jUR7dRAagl9kWlwgB0bfFbatM1g%22%2C%22pubcommon%22%3A%22f6a3602b-20d0-453b-ab39-49dbb75d7ee8%22%7D%7D
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.161.39.198 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-161-39-198.bos50.r.cloudfront.net
Software
Server /
Resource Hash
c08054f7a3393693e60258290e3e05d4de664645aeba9f244b00d481e7226b64
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Sat, 15 Apr 2023 00:36:18 GMT
strict-transport-security
max-age=47474747; includeSubDomains; preload
via
1.1 f04a2b77fe825698462093be23699756.cloudfront.net (CloudFront)
server
Server
x-amz-cf-pop
BOS50-P2
x-amz-rid
K1C0AGZZDZNQKCMRK860
vary
Accept-Encoding,User-Agent
x-cache
Miss from cloudfront
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
https://www.cpomagazine.com
access-control-allow-credentials
true
timing-allow-origin
*
content-length
641
x-amz-cf-id
VWFL_RfuBRR0-I7D1MDU3CZ-33U2N7WvIscLarm1MZ3_pKdou9HkQw==
bid
aax.amazon-adsystem.com/e/dtb/ 		641 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://aax.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fwww.cpomagazine.com%2Fcyber-security%2Fsuspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware%2F&pid=ZJEMQMLEPt2O3&cb=5&ws=1600x1200&v=23.407.232&t=1100&slots=%5B%7B%22sd%22%3A%22mmt-b215f622-e4af-4875-9585-d49470e16318-ad%22%2C%22s%22%3A%5B%22300x250%22%2C%22300x600%22%5D%2C%22sn%22%3A%22%2F20842576%2C22558570530%2FGSU0BM%2FGSU0BM-DDS.D%22%7D%5D&schain=1.0%2C1!monumetric.com%2C51064762-e29f-4335-ac37-b358a1f27bc2%2C1%2C%2C%2C&pubid=76b6d1d8-9f58-4ac7-a92e-f3232afccc8a&gdpre=0&gdprl=%7B%22status%22%3A%22tcfv2-success%22%7D&vm=%7B%22ids%22%3A%7B%22id5%22%3A%22ID5*8QJMToHjLhI41MQ6utISKy5xNxzU35fuwAaI9hSx7VxEBQ6ZwsW32VhQCy_jUR7dRAagl9kWlwgB0bfFbatM1g%22%2C%22pubcommon%22%3A%22f6a3602b-20d0-453b-ab39-49dbb75d7ee8%22%7D%7D
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.161.39.198 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-161-39-198.bos50.r.cloudfront.net
Software
Server /
Resource Hash
b5d339cba7b482551ccc788baf8ce101cfca018747f89bfd4483c110cd1f038e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Sat, 15 Apr 2023 00:36:18 GMT
strict-transport-security
max-age=47474747; includeSubDomains; preload
via
1.1 f04a2b77fe825698462093be23699756.cloudfront.net (CloudFront)
server
Server
x-amz-cf-pop
BOS50-P2
x-amz-rid
4WAGXKF3F2SMETSKZK9B
vary
Accept-Encoding,User-Agent
x-cache
Miss from cloudfront
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
https://www.cpomagazine.com
access-control-allow-credentials
true
timing-allow-origin
*
content-length
641
x-amz-cf-id
8NjPc3qEwIWXzCjhRKmZoeJ5V6yXdv7HZVgGRRYRD-Nw1LtkxvKIjw==
bid
aax.amazon-adsystem.com/e/dtb/ 		113 B
554 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://aax.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fwww.cpomagazine.com%2Fcyber-security%2Fsuspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware%2F&pid=ZJEMQMLEPt2O3&cb=6&ws=1600x1200&v=23.407.232&t=1100&slots=%5B%7B%22sd%22%3A%22mmt-d0536803-0534-4a8b-b6c5-c2b163d909f8-ad%22%2C%22s%22%3A%5B%22300x250%22%2C%22300x600%22%5D%2C%22sn%22%3A%22%2F20842576%2C22558570530%2FGSU0BM%2FGSU0BM-DDS.E%22%7D%5D&schain=1.0%2C1!monumetric.com%2C51064762-e29f-4335-ac37-b358a1f27bc2%2C1%2C%2C%2C&pubid=76b6d1d8-9f58-4ac7-a92e-f3232afccc8a&gdpre=0&gdprl=%7B%22status%22%3A%22tcfv2-success%22%7D&vm=%7B%22ids%22%3A%7B%22id5%22%3A%22ID5*8QJMToHjLhI41MQ6utISKy5xNxzU35fuwAaI9hSx7VxEBQ6ZwsW32VhQCy_jUR7dRAagl9kWlwgB0bfFbatM1g%22%2C%22pubcommon%22%3A%22f6a3602b-20d0-453b-ab39-49dbb75d7ee8%22%7D%7D
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.161.39.198 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-161-39-198.bos50.r.cloudfront.net
Software
Server /
Resource Hash
48ac2030a4b163ee12689a8ab83beae6caff8d4246285f7febd68127c3f3db23
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Sat, 15 Apr 2023 00:36:18 GMT
strict-transport-security
max-age=47474747; includeSubDomains; preload
via
1.1 f04a2b77fe825698462093be23699756.cloudfront.net (CloudFront)
server
Server
x-amz-cf-pop
BOS50-P2
x-amz-rid
QB8EAZPS923FF41B313B
vary
Accept-Encoding,User-Agent
x-cache
Miss from cloudfront
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
https://www.cpomagazine.com
access-control-allow-credentials
true
timing-allow-origin
*
content-length
113
x-amz-cf-id
IsNE7lyWB1DRsra_Cjaq9So1_4muJ5MHwQem5VCnKevhXmfHaVJ-7g==
bid
aax.amazon-adsystem.com/e/dtb/ 		642 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://aax.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fwww.cpomagazine.com%2Fcyber-security%2Fsuspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware%2F&pid=ZJEMQMLEPt2O3&cb=7&ws=1600x1200&v=23.407.232&t=1100&slots=%5B%7B%22sd%22%3A%22mmt-ec5738eb-0829-450d-9398-be0ecd722893-ad%22%2C%22s%22%3A%5B%22300x250%22%2C%22300x600%22%5D%2C%22sn%22%3A%22%2F20842576%2C22558570530%2FGSU0BM%2FGSU0BM-DDS.F%22%7D%5D&schain=1.0%2C1!monumetric.com%2C51064762-e29f-4335-ac37-b358a1f27bc2%2C1%2C%2C%2C&pubid=76b6d1d8-9f58-4ac7-a92e-f3232afccc8a&gdpre=0&gdprl=%7B%22status%22%3A%22tcfv2-success%22%7D&vm=%7B%22ids%22%3A%7B%22id5%22%3A%22ID5*8QJMToHjLhI41MQ6utISKy5xNxzU35fuwAaI9hSx7VxEBQ6ZwsW32VhQCy_jUR7dRAagl9kWlwgB0bfFbatM1g%22%2C%22pubcommon%22%3A%22f6a3602b-20d0-453b-ab39-49dbb75d7ee8%22%7D%7D
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.161.39.198 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-161-39-198.bos50.r.cloudfront.net
Software
Server /
Resource Hash
5aca6d2e838b5ac05cb57c5e18836a89ce6d58d19f40a1bb6bf05bab8d9b7fc2
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Sat, 15 Apr 2023 00:36:18 GMT
strict-transport-security
max-age=47474747; includeSubDomains; preload
via
1.1 f04a2b77fe825698462093be23699756.cloudfront.net (CloudFront)
server
Server
x-amz-cf-pop
BOS50-P2
x-amz-rid
9RP81T000RATQHH4Z8MQ
vary
Accept-Encoding,User-Agent
x-cache
Miss from cloudfront
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
https://www.cpomagazine.com
access-control-allow-credentials
true
timing-allow-origin
*
content-length
642
x-amz-cf-id
LKh2-0zx9Nley8jsSYABN0JgmKjrt29Ok2j-NXTbXtbWGcB9bW1TkQ==
bid
aax.amazon-adsystem.com/e/dtb/ 		639 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://aax.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fwww.cpomagazine.com%2Fcyber-security%2Fsuspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware%2F&pid=ZJEMQMLEPt2O3&cb=8&ws=1600x1200&v=23.407.232&t=1100&slots=%5B%7B%22sd%22%3A%22mmt-575ee5ff-9f35-4cd7-9baf-39c6b507353a-ad%22%2C%22s%22%3A%5B%22728x90%22%5D%2C%22sn%22%3A%22%2F20842576%2C22558570530%2FGSU0BM%2FGSU0BM-DDA.C%22%7D%5D&schain=1.0%2C1!monumetric.com%2C51064762-e29f-4335-ac37-b358a1f27bc2%2C1%2C%2C%2C&pubid=76b6d1d8-9f58-4ac7-a92e-f3232afccc8a&gdpre=0&gdprl=%7B%22status%22%3A%22tcfv2-success%22%7D&vm=%7B%22ids%22%3A%7B%22id5%22%3A%22ID5*8QJMToHjLhI41MQ6utISKy5xNxzU35fuwAaI9hSx7VxEBQ6ZwsW32VhQCy_jUR7dRAagl9kWlwgB0bfFbatM1g%22%2C%22pubcommon%22%3A%22f6a3602b-20d0-453b-ab39-49dbb75d7ee8%22%7D%7D
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.161.39.198 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-161-39-198.bos50.r.cloudfront.net
Software
Server /
Resource Hash
b887a3f7aafc491fe1529e008ce3126197bca21d62ae1183be7b3abf8dfc6618
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Sat, 15 Apr 2023 00:36:18 GMT
strict-transport-security
max-age=47474747; includeSubDomains; preload
via
1.1 f04a2b77fe825698462093be23699756.cloudfront.net (CloudFront)
server
Server
x-amz-cf-pop
BOS50-P2
x-amz-rid
CW4XY1K74B2CBETR5E06
vary
Accept-Encoding,User-Agent
x-cache
Miss from cloudfront
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
https://www.cpomagazine.com
access-control-allow-credentials
true
timing-allow-origin
*
content-length
639
x-amz-cf-id
5gl5asSwXRM0nxN8aYZsQlpBvfjj8BR2KqX1gfCuA8bDbon_FyanXw==
mmt.gif
imps.monu.delivery/ 		37 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://imps.monu.delivery/mmt.gif?s=378656d2-f9de-4c85-8a3e-09b46c005318&a=s.d&u=7c484d7b-0e27-4bec-ab1d-5681e5c25576
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.186.236.140 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
140.236.186.35.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
b2e4d08754839510a3d77ddf8205a515e51e4277c323932b10441196744ce757

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Sat, 18 Mar 2023 21:52:05 GMT
age
2342653
x-guploader-uploadid
ADPycdtubwQalT_2g6m8-2YqpQC5joU8a_RZ5sxsFUo1pHnc37qCC9oqG_o2AybqFk-jd0o7cE-3QmrGzhwX10dciOr7k2m_BeqN
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
5
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
37
last-modified
Wed, 12 Jul 2017 09:13:19 GMT
server
UploadServer
etag
"455005e2f4b8ecc484500fab08619f70"
x-goog-generation
1499850799559224
x-goog-hash
crc32c=1zd0wQ==, md5=RVAF4vS47MSEUA+rCGGfcA==
content-type
image/gif
cache-control
public, max-age=31536000
x-goog-stored-content-length
37
accept-ranges
bytes
expires
Sun, 17 Mar 2024 21:52:05 GMT
mmt.gif
imps.monu.delivery/ 		37 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://imps.monu.delivery/mmt.gif?s=378656d2-f9de-4c85-8a3e-09b46c005318&a=s.d&u=a3351054-7e69-4664-86d7-41f1c0f3fe7e
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.186.236.140 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
140.236.186.35.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
b2e4d08754839510a3d77ddf8205a515e51e4277c323932b10441196744ce757

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Sat, 18 Mar 2023 21:52:05 GMT
age
2342653
x-guploader-uploadid
ADPycdtubwQalT_2g6m8-2YqpQC5joU8a_RZ5sxsFUo1pHnc37qCC9oqG_o2AybqFk-jd0o7cE-3QmrGzhwX10dciOr7k2m_BeqN
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
5
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
37
last-modified
Wed, 12 Jul 2017 09:13:19 GMT
server
UploadServer
etag
"455005e2f4b8ecc484500fab08619f70"
x-goog-generation
1499850799559224
x-goog-hash
crc32c=1zd0wQ==, md5=RVAF4vS47MSEUA+rCGGfcA==
content-type
image/gif
cache-control
public, max-age=31536000
x-goog-stored-content-length
37
accept-ranges
bytes
expires
Sun, 17 Mar 2024 21:52:05 GMT
mmt.gif
imps.monu.delivery/ 		37 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://imps.monu.delivery/mmt.gif?s=378656d2-f9de-4c85-8a3e-09b46c005318&a=s.d&u=67263a0a-e2a0-4b54-bd61-25366a6be707
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.186.236.140 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
140.236.186.35.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
b2e4d08754839510a3d77ddf8205a515e51e4277c323932b10441196744ce757

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Sat, 18 Mar 2023 21:52:05 GMT
age
2342653
x-guploader-uploadid
ADPycdtubwQalT_2g6m8-2YqpQC5joU8a_RZ5sxsFUo1pHnc37qCC9oqG_o2AybqFk-jd0o7cE-3QmrGzhwX10dciOr7k2m_BeqN
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
5
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
37
last-modified
Wed, 12 Jul 2017 09:13:19 GMT
server
UploadServer
etag
"455005e2f4b8ecc484500fab08619f70"
x-goog-generation
1499850799559224
x-goog-hash
crc32c=1zd0wQ==, md5=RVAF4vS47MSEUA+rCGGfcA==
content-type
image/gif
cache-control
public, max-age=31536000
x-goog-stored-content-length
37
accept-ranges
bytes
expires
Sun, 17 Mar 2024 21:52:05 GMT
mmt.gif
imps.monu.delivery/ 		37 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://imps.monu.delivery/mmt.gif?s=378656d2-f9de-4c85-8a3e-09b46c005318&a=s.d&u=b215f622-e4af-4875-9585-d49470e16318
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.186.236.140 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
140.236.186.35.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
b2e4d08754839510a3d77ddf8205a515e51e4277c323932b10441196744ce757

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Sat, 18 Mar 2023 21:52:05 GMT
age
2342653
x-guploader-uploadid
ADPycdtubwQalT_2g6m8-2YqpQC5joU8a_RZ5sxsFUo1pHnc37qCC9oqG_o2AybqFk-jd0o7cE-3QmrGzhwX10dciOr7k2m_BeqN
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
5
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
37
last-modified
Wed, 12 Jul 2017 09:13:19 GMT
server
UploadServer
etag
"455005e2f4b8ecc484500fab08619f70"
x-goog-generation
1499850799559224
x-goog-hash
crc32c=1zd0wQ==, md5=RVAF4vS47MSEUA+rCGGfcA==
content-type
image/gif
cache-control
public, max-age=31536000
x-goog-stored-content-length
37
accept-ranges
bytes
expires
Sun, 17 Mar 2024 21:52:05 GMT
mmt.gif
imps.monu.delivery/ 		37 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://imps.monu.delivery/mmt.gif?s=378656d2-f9de-4c85-8a3e-09b46c005318&a=s.d&u=d0536803-0534-4a8b-b6c5-c2b163d909f8
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.186.236.140 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
140.236.186.35.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
b2e4d08754839510a3d77ddf8205a515e51e4277c323932b10441196744ce757

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Sat, 18 Mar 2023 21:52:05 GMT
age
2342653
x-guploader-uploadid
ADPycdtubwQalT_2g6m8-2YqpQC5joU8a_RZ5sxsFUo1pHnc37qCC9oqG_o2AybqFk-jd0o7cE-3QmrGzhwX10dciOr7k2m_BeqN
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
5
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
37
last-modified
Wed, 12 Jul 2017 09:13:19 GMT
server
UploadServer
etag
"455005e2f4b8ecc484500fab08619f70"
x-goog-generation
1499850799559224
x-goog-hash
crc32c=1zd0wQ==, md5=RVAF4vS47MSEUA+rCGGfcA==
content-type
image/gif
cache-control
public, max-age=31536000
x-goog-stored-content-length
37
accept-ranges
bytes
expires
Sun, 17 Mar 2024 21:52:05 GMT
mmt.gif
imps.monu.delivery/ 		37 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://imps.monu.delivery/mmt.gif?s=378656d2-f9de-4c85-8a3e-09b46c005318&a=s.d&u=ec5738eb-0829-450d-9398-be0ecd722893
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.186.236.140 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
140.236.186.35.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
b2e4d08754839510a3d77ddf8205a515e51e4277c323932b10441196744ce757

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Sat, 18 Mar 2023 21:52:05 GMT
age
2342653
x-guploader-uploadid
ADPycdtubwQalT_2g6m8-2YqpQC5joU8a_RZ5sxsFUo1pHnc37qCC9oqG_o2AybqFk-jd0o7cE-3QmrGzhwX10dciOr7k2m_BeqN
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
5
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
37
last-modified
Wed, 12 Jul 2017 09:13:19 GMT
server
UploadServer
etag
"455005e2f4b8ecc484500fab08619f70"
x-goog-generation
1499850799559224
x-goog-hash
crc32c=1zd0wQ==, md5=RVAF4vS47MSEUA+rCGGfcA==
content-type
image/gif
cache-control
public, max-age=31536000
x-goog-stored-content-length
37
accept-ranges
bytes
expires
Sun, 17 Mar 2024 21:52:05 GMT
mmt.gif
imps.monu.delivery/ 		37 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://imps.monu.delivery/mmt.gif?s=378656d2-f9de-4c85-8a3e-09b46c005318&a=s.d&u=575ee5ff-9f35-4cd7-9baf-39c6b507353a
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.186.236.140 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
140.236.186.35.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
b2e4d08754839510a3d77ddf8205a515e51e4277c323932b10441196744ce757

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Sat, 18 Mar 2023 21:52:05 GMT
age
2342653
x-guploader-uploadid
ADPycdtubwQalT_2g6m8-2YqpQC5joU8a_RZ5sxsFUo1pHnc37qCC9oqG_o2AybqFk-jd0o7cE-3QmrGzhwX10dciOr7k2m_BeqN
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
5
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
37
last-modified
Wed, 12 Jul 2017 09:13:19 GMT
server
UploadServer
etag
"455005e2f4b8ecc484500fab08619f70"
x-goog-generation
1499850799559224
x-goog-hash
crc32c=1zd0wQ==, md5=RVAF4vS47MSEUA+rCGGfcA==
content-type
image/gif
cache-control
public, max-age=31536000
x-goog-stored-content-length
37
accept-ranges
bytes
expires
Sun, 17 Mar 2024 21:52:05 GMT
trinity.json
apex.go.sonobi.com/ 		498 B
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://apex.go.sonobi.com/trinity.json?key_maker=%7B%228037f0f22a37d2f%22%3A%22dcc4cd9596e80d497120%7C300x250%2C300x600%7Cgpid%3D%2F20842576%2C22558570530%2FGSU0BM%2FGSU0BM-DDS.B%23sidebar-2%2Cc%3Dd%2C%22%2C%2281eb70e8f661a64%22%3A%22d23fc2fbe929165f22f9%7C300x250%2C300x600%7Cgpid%3D%2F20842576%2C22558570530%2FGSU0BM%2FGSU0BM-DDS.B%23sidebar-2%2Cc%3Dd%2C%22%7D&ref=https%3A%2F%2Fwww.cpomagazine.com%2Fcyber-security%2Fsuspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware%2F&s=eba07d4a-2560-4327-9f95-969adc801b3f&pv=a8d57ca9-d890-4c53-9b91-7829f485246f&vp=desktop&lib_name=prebid&lib_v=7.34.0&us=5&fpd=%7B%22regs%22%3A%7B%22ext%22%3A%7B%22us_privacy%22%3A%221---%22%7D%7D%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fwww.cpomagazine.com%2Fcyber-security%2Fsuspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware%2F%22%2C%22domain%22%3A%22cpomagazine.com%22%2C%22publisher%22%3A%7B%22domain%22%3A%22cpomagazine.com%22%7D%7D%2C%22device%22%3A%7B%22w%22%3A1600%2C%22h%22%3A1200%2C%22dnt%22%3A0%2C%22ua%22%3A%22Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F112.0.5615.49%20Safari%2F537.36%22%2C%22language%22%3A%22en%22%2C%22sua%22%3A%7B%22source%22%3A2%2C%22browsers%22%3A%5B%5D%2C%22mobile%22%3A0%2C%22model%22%3A%22%22%2C%22bitness%22%3A%22%22%2C%22architecture%22%3A%22%22%7D%7D%7D&ius=0&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22monumetric.com%22%2C%22sid%22%3A%2251064762-e29f-4335-ac37-b358a1f27bc2%22%2C%22hp%22%3A1%2C%22rid%22%3A%22e2c657d8-6cd4-49b2-858f-a90b4ba37720%22%7D%5D%7D&userid=%7B%22pubcid%22%3A%22f6a3602b-20d0-453b-ab39-49dbb75d7ee8%22%2C%22id5id%22%3A%22ID5*8QJMToHjLhI41MQ6utISKy5xNxzU35fuwAaI9hSx7VxEBQ6ZwsW32VhQCy_jUR7dRAagl9kWlwgB0bfFbatM1g%22%2C%22tdid%22%3A%22c3db27b5-56e8-4f77-8870-8d51c49d4722%22%7D&eids=%5B%7B%22source%22%3A%22pubcid.org%22%2C%22uids%22%3A%5B%7B%22id%22%3A%22f6a3602b-20d0-453b-ab39-49dbb75d7ee8%22%2C%22atype%22%3A1%7D%5D%7D%2C%7B%22source%22%3A%22id5-sync.com%22%2C%22uids%22%3A%5B%7B%22id%22%3A%22ID5*8QJMToHjLhI41MQ6utISKy5xNxzU35fuwAaI9hSx7VxEBQ6ZwsW32VhQCy_jUR7dRAagl9kWlwgB0bfFbatM1g%22%2C%22atype%22%3A1%2C%22ext%22%3A%7B%22linkType%22%3A2%7D%7D%5D%7D%2C%7B%22source%22%3A%22adserver.org%22%2C%22uids%22%3A%5B%7B%22id%22%3A%22c3db27b5-56e8-4f77-8870-8d51c49d4722%22%2C%22atype%22%3A1%2C%22ext%22%3A%7B%22rtiPartner%22%3A%22TDID%22%7D%7D%5D%7D%5D&us_privacy=1---&coppa=0
Requested by
Host: monu.delivery
URL: https://monu.delivery/sitesplit/d3/0.4.5/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
69.166.1.14 , United States, ASN27630 (AS-XFERNET, US),
Reverse DNS
Software
sonobi-go /
Resource Hash
158ee1de1ada8484c7c8a541c919c2ff56e15bccf0b9630b0d8890fc620aff4c
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Sat, 15 Apr 2023 00:36:18 GMT
Content-Encoding
gzip
Server
sonobi-go
Vary
negotiate,Accept-Encoding
X-Go-Server
go-iad-2-5-33
Content-Type
application/json
P3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin
https://www.cpomagazine.com
Cache-Control
no-cache, no-store, private
Access-Control-Allow-Credentials
true
Tcn
Choice
Content-Length
379
X-Xss-Protection
0
Expires
Sat, 26 Jul 1997 05:00:00 GMT
prebid
ib.adnxs.com/ut/v3/ 		19 B
982 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: monu.delivery
URL: https://monu.delivery/sitesplit/d3/0.4.5/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
68.67.179.153 North Bergen, United States, ASN29990 (ASN-APPNEX, US),
Reverse DNS
570.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
0c09c070833c786cb25be38bc30992b30bad578f817dbc9e34beacd8b8ea44c5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Sat, 15 Apr 2023 00:36:18 GMT
AN-X-Request-Uuid
170a08cb-e455-4839-8b43-3a420ca38e5b
Server
nginx/1.21.3
Accept-CH
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type
application/json; charset=utf-8
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
https://www.cpomagazine.com
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
X-Proxy-Origin
167.88.7.162; 167.88.7.162; 570.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
Content-Length
19
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
imp
g2.gumgum.com/hbid/ 		675 B
778 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://g2.gumgum.com/hbid/imp?lt=1681518978441&to=0&aun=mmt-7c484d7b-0e27-4bec-ab1d-5681e5c25576-ad&pubcid=f6a3602b-20d0-453b-ab39-49dbb75d7ee8&id5id=ID5*8QJMToHjLhI41MQ6utISKy5xNxzU35fuwAaI9hSx7VxEBQ6ZwsW32VhQCy_jUR7dRAagl9kWlwgB0bfFbatM1g&tdid=c3db27b5-56e8-4f77-8870-8d51c49d4722&gpid=%2F20842576%2C22558570530%2FGSU0BM%2FGSU0BM-DDS.B%23sidebar-2&pv=ae44de31-6f1b-4579-ac0e-29ae61b79816&maxw=300&maxh=600&si=222946&pi=3&bf=300x250%2C300x600&uspConsent=1---&schain=1.0%2C1!monumetric.com%2C51064762-e29f-4335-ac37-b358a1f27bc2%2C1%2Ce2c657d8-6cd4-49b2-858f-a90b4ba37720%2C%2C&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fwww.cpomagazine.com%2Fcyber-security%2Fsuspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware%2F&ce=false&dpr=1&jcsi=%7B%22t%22%3A0%2C%22rq%22%3A8%2C%22pbv%22%3A%227.34.0%22%7D&ogu=https%3A%2F%2Fwww.cpomagazine.com%2Fcyber-security%2Fsuspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware%2F&ns=10240
Requested by
Host: monu.delivery
URL: https://monu.delivery/sitesplit/d3/0.4.5/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.235.206.17 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-18-235-206-17.compute-1.amazonaws.com
Software
nginx /
Resource Hash
94ab74a6aa8a5a9884c210c3b27563475238da4f46cc3132368222e0dd33a46b

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sat, 15 Apr 2023 00:36:18 GMT
content-encoding
gzip
server
nginx
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://www.cpomagazine.com
cache-control
private, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
timing-allow-origin
*
expires
0
imp
g2.gumgum.com/hbid/ 		675 B
778 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://g2.gumgum.com/hbid/imp?lt=1681518978442&to=0&aun=mmt-7c484d7b-0e27-4bec-ab1d-5681e5c25576-ad&pubcid=f6a3602b-20d0-453b-ab39-49dbb75d7ee8&id5id=ID5*8QJMToHjLhI41MQ6utISKy5xNxzU35fuwAaI9hSx7VxEBQ6ZwsW32VhQCy_jUR7dRAagl9kWlwgB0bfFbatM1g&tdid=c3db27b5-56e8-4f77-8870-8d51c49d4722&gpid=%2F20842576%2C22558570530%2FGSU0BM%2FGSU0BM-DDS.B%23sidebar-2&pv=ae44de31-6f1b-4579-ac0e-29ae61b79816&maxw=300&maxh=600&si=222947&pi=3&bf=300x250%2C300x600&uspConsent=1---&schain=1.0%2C1!monumetric.com%2C51064762-e29f-4335-ac37-b358a1f27bc2%2C1%2Ce2c657d8-6cd4-49b2-858f-a90b4ba37720%2C%2C&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fwww.cpomagazine.com%2Fcyber-security%2Fsuspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware%2F&ce=false&dpr=1&jcsi=%7B%22t%22%3A0%2C%22rq%22%3A8%2C%22pbv%22%3A%227.34.0%22%7D&ogu=https%3A%2F%2Fwww.cpomagazine.com%2Fcyber-security%2Fsuspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware%2F&ns=10240
Requested by
Host: monu.delivery
URL: https://monu.delivery/sitesplit/d3/0.4.5/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.235.206.17 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-18-235-206-17.compute-1.amazonaws.com
Software
nginx /
Resource Hash
94ab74a6aa8a5a9884c210c3b27563475238da4f46cc3132368222e0dd33a46b

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sat, 15 Apr 2023 00:36:18 GMT
content-encoding
gzip
server
nginx
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://www.cpomagazine.com
cache-control
private, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
timing-allow-origin
*
expires
0
c
prebid.a-mo.net/a/ 		147 B
295 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebid.a-mo.net/a/c
Requested by
Host: monu.delivery
URL: https://monu.delivery/sitesplit/d3/0.4.5/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
145.40.88.5 Secaucus, United States, ASN54825 (PACKET, US),
Reverse DNS
Software
envoy /
Resource Hash
8f49a3ec64610a2a49cf3378ee9d1ea2f0d1b8a292ffbc4b58aecc12293fb771

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
text/plain

Response headers

date
Sat, 15 Apr 2023 00:36:18 GMT
content-encoding
gzip
server
envoy
vary
origin, Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.cpomagazine.com
cache-control
max-age=0, private, must-revalidate
access-control-allow-credentials
true
x-envoy-upstream-service-time
7
bidRequest
c2shb.pubgw.yahoo.com/ 		7 KB
4 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://c2shb.pubgw.yahoo.com/bidRequest
Requested by
Host: monu.delivery
URL: https://monu.delivery/sitesplit/d3/0.4.5/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.236.83.94 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-236-83-94.compute-1.amazonaws.com
Software
ATS/9.1.10.25 /
Resource Hash
1d9cd8fc4b53b62c920da11f3234b245e13ed06699dec1cd1181550458728f7e

Request headers

Referer
x-openrtb-version
2.5
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
application/json

Response headers

date
Sat, 15 Apr 2023 00:36:18 GMT
content-encoding
gzip
server
ATS/9.1.10.25
age
0
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Accept-Encoding, User-Agent
access-control-allow-methods
POST,GET,HEAD,OPTIONS
content-type
application/json;charset=utf-8
access-control-allow-origin
https://www.cpomagazine.com
access-control-allow-credentials
true
content-length
3701
bidRequest
c2shb.pubgw.yahoo.com/ 		66 B
117 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c2shb.pubgw.yahoo.com/bidRequest
Requested by
Host: monu.delivery
URL: https://monu.delivery/sitesplit/d3/0.4.5/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.236.83.94 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-236-83-94.compute-1.amazonaws.com
Software
ATS/9.1.10.25 /
Resource Hash
feaed7c174eb22a5f9e4af065a391a5d9cabe28b47da9ee6f2144559f4419a41

Request headers

Referer
x-openrtb-version
2.5
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
application/json

Response headers

date
Sat, 15 Apr 2023 00:36:18 GMT
content-encoding
gzip
server
ATS/9.1.10.25
age
0
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Accept-Encoding, User-Agent
access-control-allow-methods
POST,GET,HEAD,OPTIONS
content-type
application/json;charset=utf-8
access-control-allow-origin
https://www.cpomagazine.com
access-control-allow-credentials
true
content-length
84
v1
hb-api.omnitagjs.com/hb-api/prebid/ 		358 B
519 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://hb-api.omnitagjs.com/hb-api/prebid/v1?RefererUrl=https%3A%2F%2Fwww.cpomagazine.com%2Fcyber-security%2Fsuspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware%2F&PageUrl=https%3A%2F%2Fwww.cpomagazine.com%2Fcyber-security%2Fsuspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware%2F&PageReferrer=https%3A%2F%2Fwww.cpomagazine.com%2Fcyber-security%2Fsuspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware%2F&CanonicalUrl=https%3A%2F%2Fwww.cpomagazine.com%2Fcyber-security%2Fsuspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware%2F
Requested by
Host: monu.delivery
URL: https://monu.delivery/sitesplit/d3/0.4.5/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
195.244.31.11 Newark, United States, ASN63140 (IGUANA-WORLDWIDE, US),
Reverse DNS
Software
ayl-lb-usa02 /
Resource Hash
15f9dda80ef6f6c9f463667434bdcf2b87d6aa5b5d4f73dc1dc3e188a0a089b9
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
text/plain

Response headers

date
Sat, 15 Apr 2023 00:36:18 GMT
x-content-type-options
nosniff
p3p
CP="CAO PSA OUR"
x-envoy-upstream-service-time
13
content-length
358
pragma
no-cache
server
ayl-lb-usa02
access-control-max-age
3600
access-control-allow-methods
OPTIONS, POST
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.cpomagazine.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
vary
Accept-Encoding
access-control-allow-headers
Accept-Encoding, Content-Type
expires
0
fastlane.json
fastlane.rubiconproject.com/a/api/ 		519 B
554 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=23852&site_id=389792&zone_id=2276222&size_id=15&alt_size_ids=10&us_privacy=1---&rp_schain=1.0,1!monumetric.com,51064762-e29f-4335-ac37-b358a1f27bc2,1,8a155ae6-9f7a-4c03-acb2-afa9521022fc,,&eid_pubcid.org=f6a3602b-20d0-453b-ab39-49dbb75d7ee8%5E1&eid_id5-sync.com=ID5*8QJMToHjLhI41MQ6utISKy5xNxzU35fuwAaI9hSx7VxEBQ6ZwsW32VhQCy_jUR7dRAagl9kWlwgB0bfFbatM1g%5E1%5E2&tpid_tdid=c3db27b5-56e8-4f77-8870-8d51c49d4722&eid_adserver.org=c3db27b5-56e8-4f77-8870-8d51c49d4722&rf=https%3A%2F%2Fwww.cpomagazine.com%2Fcyber-security%2Fsuspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware%2F&tg_i.page=https%3A%2F%2Fwww.cpomagazine.com%2Fcyber-security%2Fsuspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware%2F&tg_i.domain=cpomagazine.com&tg_i.pbadslot=%2F20842576%2C22558570530%2FGSU0BM%2FGSU0BM-DDS.B%23sidebar-2&tk_flint=pbjs_lite_v7.34.0&x_source.tid=b4e6a77d-4401-4029-8592-ed7b539da54c&l_pb_bid_id=96bc34562bded9&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&p_gpid=%2F20842576%2C22558570530%2FGSU0BM%2FGSU0BM-DDS.B%23sidebar-2&slots=1&rand=0.5045517652419274
Requested by
Host: monu.delivery
URL: https://monu.delivery/sitesplit/d3/0.4.5/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2602:803:c002:200::115 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.21.4 /
Resource Hash
790a3e9cdecd8dd095e540c85d5666cd0b9b37168ff279901595a041f6b43849

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sat, 15 Apr 2023 00:36:18 GMT
server
nginx/1.21.4
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
https://www.cpomagazine.com
p3p
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
content-length
519
expires
Wed, 17 Sep 1975 21:32:10 GMT
translator
hbopenbid.pubmatic.com/ 		0
63 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by
Host: monu.delivery
URL: https://monu.delivery/sitesplit/d3/0.4.5/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.36.115.111 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://www.cpomagazine.com
date
Sat, 15 Apr 2023 00:36:18 GMT
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
637e6546decb82d45236f0f8
prebid.cootlogix.com/prebid/multi/ 		0
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebid.cootlogix.com/prebid/multi/637e6546decb82d45236f0f8
Requested by
Host: monu.delivery
URL: https://monu.delivery/sitesplit/d3/0.4.5/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
45.77.203.141 Piscataway, United States, ASN20473 (AS-CHOOPA, US),
Reverse DNS
45.77.203.141.vultrusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://www.cpomagazine.com
date
Sat, 15 Apr 2023 00:36:18 GMT
cache-control
max-age=0, no-cache, must-revalidate, proxy-revalidate
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, Content-Range, Cache-Control
content-length
0
pbjs
htlb.casalemedia.com/openrtb/ 		38 B
549 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://htlb.casalemedia.com/openrtb/pbjs?s=201337
Requested by
Host: monu.delivery
URL: https://monu.delivery/sitesplit/d3/0.4.5/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.24.185 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c58912e88ab5604fe9331bdceb4c4592202ec5a7edc3f0054e554d90cc04cb8a

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sat, 15 Apr 2023 00:36:18 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KH54%2FKLbF6x33Geu2UO8KD6TRF50A9PlbC%2FyZmC6XhxKVrQof%2FWso0baj%2FBBG6mAZjwL44S0OIUzpMsd9t9yhjHVphv5GMOj1D5CDVO2Yik%2B3Uc8XFlB2YvID4XUZC%2BYLAtDRuwJ"}],"group":"cf-nel","max_age":604800}
content-type
application/json
access-control-allow-origin
https://www.cpomagazine.com
cache-control
no-cache
access-control-allow-credentials
true
cf-ray
7b801d0f799b112c-ORD
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
38
expires
0
v1
btlr.sharethrough.com/universal/ 		565 B
885 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by
Host: monu.delivery
URL: https://monu.delivery/sitesplit/d3/0.4.5/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
52.55.204.172 -, , ASN (),
Reverse DNS
Software
/
Resource Hash
f58d8a1e02100aba9fb71180fc80c963dcc1b005f62d09f18782e91aa18405d6

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
text/plain

Response headers

date
Sat, 15 Apr 2023 00:36:18 GMT
content-encoding
gzip
x-openrtb-version
2.5
vary
Origin
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.cpomagazine.com
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-length
365
v1
btlr.sharethrough.com/universal/ 		882 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by
Host: monu.delivery
URL: https://monu.delivery/sitesplit/d3/0.4.5/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
52.55.204.172 -, , ASN (),
Reverse DNS
Software
/
Resource Hash
aff7c57b76dc629e4a9b4c22edaf44e70b78f94704c3484dfb2861d87beacc66

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
text/plain

Response headers

date
Sat, 15 Apr 2023 00:36:18 GMT
content-encoding
gzip
x-openrtb-version
2.5
vary
Origin
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.cpomagazine.com
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-length
505
bid
ap.lijit.com/rtb/ 		95 B
631 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ap.lijit.com/rtb/bid?src=prebid_prebid_7.34.0
Requested by
Host: monu.delivery
URL: https://monu.delivery/sitesplit/d3/0.4.5/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.92.190.68 Charlotte, United States, ASN10913 (INTERNAP-BLK, US),
Reverse DNS
Software
/
Resource Hash
bdfaaa31db5f25cb60d1cee9c7a4c5c483e5b21da822c2a70b3c76926043a0a8

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
text/plain

Response headers

Date
Sat, 15 Apr 2023 00:36:18 GMT
Content-Encoding
gzip
Vary
Accept-Encoding, User-Agent
Access-Control-Allow-Methods
GET, POST, DELETE, PUT
Content-Type
application/json
Access-Control-Allow-Origin
https://www.cpomagazine.com
Access-Control-Allow-Credentials
true
X-Sovrn-Pod
ad_ap2ewr1
Access-Control-Allow-Headers
X-Requested-With, Content-Type
Content-Length
100
prebid
prebid.media.net/rtb/ 		651 B
501 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebid.media.net/rtb/prebid?cid=8CUWWG7OK
Requested by
Host: monu.delivery
URL: https://monu.delivery/sitesplit/d3/0.4.5/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.107.148.139 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
139.148.107.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
b3055386b68c9417f75aeafce34f95d12720fd217509957741180f4270e26da8

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sat, 15 Apr 2023 00:36:18 GMT
content-encoding
gzip
via
1.1 google
server
nginx
accept-ch
Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://www.cpomagazine.com
cache-control
max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
alt-svc
clear
expires
Sat, 15 Apr 2023 00:36:18 GMT
v2
e.serverbid.com/api/ 		16 B
202 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://e.serverbid.com/api/v2
Requested by
Host: monu.delivery
URL: https://monu.delivery/sitesplit/d3/0.4.5/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
159.89.246.130 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
/
Resource Hash
903eb8f1cc364e01930ba03579f049a72794aa91d1a5842a2edb6365e436bb7c

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
text/plain

Response headers

date
Sat, 15 Apr 2023 00:36:18 GMT
content-encoding
gzip
access-control-max-age
10080
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/json
access-control-allow-origin
https://www.cpomagazine.com
access-control-allow-credentials
true
access-control-allow-headers
origin, content-type, accept
content-length
42
prebid
ads.yieldmo.com/exchange/ 		0
227 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ads.yieldmo.com/exchange/prebid?pbav=7.34.0&p=%5B%7B%22placement_id%22%3A%22mmt-7c484d7b-0e27-4bec-ab1d-5681e5c25576-ad%22%2C%22callback_id%22%3A%22118a1fdbe760ca04%22%2C%22sizes%22%3A%5B%5B300%2C250%5D%2C%5B300%2C600%5D%5D%2C%22ym_placement_id%22%3A%222668194220820340961%22%2C%22gpid%22%3A%22%2F20842576%2C22558570530%2FGSU0BM%2FGSU0BM-DDS.B%23sidebar-2%22%2C%22tid%22%3A%22b4e6a77d-4401-4029-8592-ed7b539da54c%22%2C%22auctionId%22%3A%22590324ca-c2c2-440e-88e0-f5433b4ec0ba%22%7D%5D&page_url=https%3A%2F%2Fwww.cpomagazine.com%2Fcyber-security%2Fsuspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware%2F&bust=1681518978457&dnt=false&description=Suspected%20Chinese%20threat%20actors%20compromised%20an%20IRS-authorized%20online%20tax%20return%20website%20eFile.com%20using%20JavaScript%20malware%20to%20create%20backdoors%20on%20users%E2%80%99%20devices.&userConsent=%7B%22gdprApplies%22%3A%22%22%2C%22cmp%22%3A%22%22%7D&us_privacy=1---&pr=&scrd=1&title=Suspected%20Chinese%20Threat%20Actors%20Infected%20IRS%20Authorized%20Tax%20Return%20Website%20With%20JavaScript%20Malware%20-%20CPO%20Magazine&w=1600&h=1200&pubcid=f6a3602b-20d0-453b-ab39-49dbb75d7ee8&tdid=c3db27b5-56e8-4f77-8870-8d51c49d4722&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22monumetric.com%22%2C%22sid%22%3A%2251064762-e29f-4335-ac37-b358a1f27bc2%22%2C%22hp%22%3A1%2C%22rid%22%3A%228a155ae6-9f7a-4c03-acb2-afa9521022fc%22%7D%5D%7D&eids=%5B%7B%22source%22%3A%22pubcid.org%22%2C%22uids%22%3A%5B%7B%22id%22%3A%22f6a3602b-20d0-453b-ab39-49dbb75d7ee8%22%2C%22atype%22%3A1%7D%5D%7D%2C%7B%22source%22%3A%22id5-sync.com%22%2C%22uids%22%3A%5B%7B%22id%22%3A%22ID5*8QJMToHjLhI41MQ6utISKy5xNxzU35fuwAaI9hSx7VxEBQ6ZwsW32VhQCy_jUR7dRAagl9kWlwgB0bfFbatM1g%22%2C%22atype%22%3A1%2C%22ext%22%3A%7B%22linkType%22%3A2%7D%7D%5D%7D%2C%7B%22source%22%3A%22adserver.org%22%2C%22uids%22%3A%5B%7B%22id%22%3A%22c3db27b5-56e8-4f77-8870-8d51c49d4722%22%2C%22atype%22%3A1%2C%22ext%22%3A%7B%22rtiPartner%22%3A%22TDID%22%7D%7D%5D%7D%5D
Requested by
Host: monu.delivery
URL: https://monu.delivery/sitesplit/d3/0.4.5/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.214.100.121 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-214-100-121.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://www.cpomagazine.com
pragma
no-cache
date
Sat, 15 Apr 2023 00:36:18 GMT
access-control-allow-credentials
true
x-robots-tag
none,NOINDEX,NOFOLLOW
access-control-allow-methods
POST, GET, OPTIONS
access-control-request-headers
Cache-Control, Pragma
bidRequest
c2shb.pubgw.yahoo.com/ 		66 B
117 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c2shb.pubgw.yahoo.com/bidRequest
Requested by
Host: monu.delivery
URL: https://monu.delivery/sitesplit/d3/0.4.5/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.236.83.94 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-236-83-94.compute-1.amazonaws.com
Software
ATS/9.1.10.25 /
Resource Hash
d38a16e06db1090cebe752b272bc5e5b2834f5a20427deb54465e24a8142d4eb

Request headers

Referer
x-openrtb-version
2.5
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
application/json

Response headers

date
Sat, 15 Apr 2023 00:36:18 GMT
content-encoding
gzip
server
ATS/9.1.10.25
age
0
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Accept-Encoding, User-Agent
access-control-allow-methods
POST,GET,HEAD,OPTIONS
content-type
application/json;charset=utf-8
access-control-allow-origin
https://www.cpomagazine.com
access-control-allow-credentials
true
content-length
84
bidRequest
c2shb.pubgw.yahoo.com/ 		66 B
117 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c2shb.pubgw.yahoo.com/bidRequest
Requested by
Host: monu.delivery
URL: https://monu.delivery/sitesplit/d3/0.4.5/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.236.83.94 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-236-83-94.compute-1.amazonaws.com
Software
ATS/9.1.10.25 /
Resource Hash
dc52abfa9b39696c25446b973f82653b8625ee3a16e043c1cd94cab23a1fcda4

Request headers

Referer
x-openrtb-version
2.5
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
application/json

Response headers

date
Sat, 15 Apr 2023 00:36:18 GMT
content-encoding
gzip
server
ATS/9.1.10.25
age
0
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Accept-Encoding, User-Agent
access-control-allow-methods
POST,GET,HEAD,OPTIONS
content-type
application/json;charset=utf-8
access-control-allow-origin
https://www.cpomagazine.com
access-control-allow-credentials
true
content-length
84
c
prebid.a-mo.net/a/ 		147 B
315 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebid.a-mo.net/a/c
Requested by
Host: monu.delivery
URL: https://monu.delivery/sitesplit/d3/0.4.5/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
145.40.88.5 Secaucus, United States, ASN54825 (PACKET, US),
Reverse DNS
Software
envoy /
Resource Hash
8f49a3ec64610a2a49cf3378ee9d1ea2f0d1b8a292ffbc4b58aecc12293fb771

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
text/plain

Response headers

date
Sat, 15 Apr 2023 00:36:18 GMT
content-encoding
gzip
server
envoy
vary
origin, Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.cpomagazine.com
cache-control
max-age=0, private, must-revalidate
access-control-allow-credentials
true
x-envoy-upstream-service-time
1
pbjs
htlb.casalemedia.com/openrtb/ 		38 B
507 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://htlb.casalemedia.com/openrtb/pbjs?s=201337
Requested by
Host: monu.delivery
URL: https://monu.delivery/sitesplit/d3/0.4.5/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.24.185 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0ef323a8bd61536f4d2d1ade7a59d4711b0dd06a74fd299743d63a8bc0072073

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sat, 15 Apr 2023 00:36:18 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9iNZ%2F2zlL3uO5XHjEViCpMLn0eLGrcbfS6rwUIGoQQsiHmUP9xnDN95Mt%2F3uz7FfqRhc2YRyrdRRkp5vo6OH%2FAdNqhVJVPuCuNC5MhlsgAed6IRJtlpblUG1yhQzptEMkbhCUiT6"}],"group":"cf-nel","max_age":604800}
content-type
application/json
access-control-allow-origin
https://www.cpomagazine.com
cache-control
no-cache
access-control-allow-credentials
true
cf-ray
7b801d0f89a3112c-ORD
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
38
expires
0
prebid
prebid.media.net/rtb/ 		651 B
479 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebid.media.net/rtb/prebid?cid=8CUWWG7OK
Requested by
Host: monu.delivery
URL: https://monu.delivery/sitesplit/d3/0.4.5/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.107.148.139 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
139.148.107.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
710d167963d5b65c6046bda05aac464cb6c138df6e62ff26833c250b1a0b823d

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sat, 15 Apr 2023 00:36:18 GMT
content-encoding
gzip
via
1.1 google
server
nginx
accept-ch
Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://www.cpomagazine.com
cache-control
max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
alt-svc
clear
expires
Sat, 15 Apr 2023 00:36:18 GMT
v1
btlr.sharethrough.com/universal/ 		487 B
874 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by
Host: monu.delivery
URL: https://monu.delivery/sitesplit/d3/0.4.5/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
52.55.204.172 -, , ASN (),
Reverse DNS
Software
/
Resource Hash
1cd6f44b5916f55642f1cdeba12d1e251c6e57ab52e7411b221c47e75eb56999

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
text/plain

Response headers

date
Sat, 15 Apr 2023 00:36:18 GMT
content-encoding
gzip
x-openrtb-version
2.5
vary
Origin
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.cpomagazine.com
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-length
354
v1
btlr.sharethrough.com/universal/ 		360 B
787 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by
Host: monu.delivery
URL: https://monu.delivery/sitesplit/d3/0.4.5/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
52.55.204.172 -, , ASN (),
Reverse DNS
Software
/
Resource Hash
a6c116f0400f45d0e8ceb44aa926a54d69be6740df943b08168d2d38ffc758f7

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
text/plain

Response headers

date
Sat, 15 Apr 2023 00:36:18 GMT
content-encoding
gzip
x-openrtb-version
2.5
vary
Origin
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.cpomagazine.com
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-length
267
v2
e.serverbid.com/api/ 		16 B
225 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://e.serverbid.com/api/v2
Requested by
Host: monu.delivery
URL: https://monu.delivery/sitesplit/d3/0.4.5/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
159.89.246.130 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
/
Resource Hash
903eb8f1cc364e01930ba03579f049a72794aa91d1a5842a2edb6365e436bb7c

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
text/plain

Response headers

date
Sat, 15 Apr 2023 00:36:18 GMT
content-encoding
gzip
access-control-max-age
10080
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/json
access-control-allow-origin
https://www.cpomagazine.com
access-control-allow-credentials
true
access-control-allow-headers
origin, content-type, accept
content-length
42
translator
hbopenbid.pubmatic.com/ 		0
63 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by
Host: monu.delivery
URL: https://monu.delivery/sitesplit/d3/0.4.5/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.36.115.111 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://www.cpomagazine.com
date
Sat, 15 Apr 2023 00:36:18 GMT
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
637e6546decb82d45236f0f8
prebid.cootlogix.com/prebid/multi/ 		0
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebid.cootlogix.com/prebid/multi/637e6546decb82d45236f0f8
Requested by
Host: monu.delivery
URL: https://monu.delivery/sitesplit/d3/0.4.5/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
45.77.203.141 Piscataway, United States, ASN20473 (AS-CHOOPA, US),
Reverse DNS
45.77.203.141.vultrusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://www.cpomagazine.com
date
Sat, 15 Apr 2023 00:36:18 GMT
cache-control
max-age=0, no-cache, must-revalidate, proxy-revalidate
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, Content-Range, Cache-Control
content-length
0
v1
hb-api.omnitagjs.com/hb-api/prebid/ 		360 B
497 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://hb-api.omnitagjs.com/hb-api/prebid/v1?RefererUrl=https%3A%2F%2Fwww.cpomagazine.com%2Fcyber-security%2Fsuspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware%2F&PageUrl=https%3A%2F%2Fwww.cpomagazine.com%2Fcyber-security%2Fsuspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware%2F&PageReferrer=https%3A%2F%2Fwww.cpomagazine.com%2Fcyber-security%2Fsuspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware%2F&CanonicalUrl=https%3A%2F%2Fwww.cpomagazine.com%2Fcyber-security%2Fsuspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware%2F
Requested by
Host: monu.delivery
URL: https://monu.delivery/sitesplit/d3/0.4.5/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
195.244.31.11 Newark, United States, ASN63140 (IGUANA-WORLDWIDE, US),
Reverse DNS
Software
ayl-lb-usa02 /
Resource Hash
043ad48808f23c99a50e9dd6fe2d06af0eedd7eb9a6f1b84b53970d3a15a1331
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
text/plain

Response headers

date
Sat, 15 Apr 2023 00:36:18 GMT
x-content-type-options
nosniff
p3p
CP="CAO PSA OUR"
x-envoy-upstream-service-time
23
content-length
360
pragma
no-cache
server
ayl-lb-usa02
access-control-max-age
3600
access-control-allow-methods
OPTIONS, POST
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.cpomagazine.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
vary
Accept-Encoding
access-control-allow-headers
Accept-Encoding, Content-Type
expires
0
trinity.json
apex.go.sonobi.com/ 		500 B
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://apex.go.sonobi.com/trinity.json?key_maker=%7B%22146d09de8b078686%22%3A%22dcc4cd9596e80d497120%7C300x250%2C300x600%7Cgpid%3D%2F20842576%2C22558570530%2FGSU0BM%2FGSU0BM-DDS.A%23sidebar-1%2Cc%3Dd%2C%22%2C%22147a6d840794d1b5%22%3A%22d23fc2fbe929165f22f9%7C300x250%2C300x600%7Cgpid%3D%2F20842576%2C22558570530%2FGSU0BM%2FGSU0BM-DDS.A%23sidebar-1%2Cc%3Dd%2C%22%7D&ref=https%3A%2F%2Fwww.cpomagazine.com%2Fcyber-security%2Fsuspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware%2F&s=d5a5ab5e-c896-49ab-87f0-df490b421cd2&pv=a8d57ca9-d890-4c53-9b91-7829f485246f&vp=desktop&lib_name=prebid&lib_v=7.34.0&us=5&fpd=%7B%22regs%22%3A%7B%22ext%22%3A%7B%22us_privacy%22%3A%221---%22%7D%7D%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fwww.cpomagazine.com%2Fcyber-security%2Fsuspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware%2F%22%2C%22domain%22%3A%22cpomagazine.com%22%2C%22publisher%22%3A%7B%22domain%22%3A%22cpomagazine.com%22%7D%7D%2C%22device%22%3A%7B%22w%22%3A1600%2C%22h%22%3A1200%2C%22dnt%22%3A0%2C%22ua%22%3A%22Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F112.0.5615.49%20Safari%2F537.36%22%2C%22language%22%3A%22en%22%2C%22sua%22%3A%7B%22source%22%3A2%2C%22browsers%22%3A%5B%5D%2C%22mobile%22%3A0%2C%22model%22%3A%22%22%2C%22bitness%22%3A%22%22%2C%22architecture%22%3A%22%22%7D%7D%7D&ius=0&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22monumetric.com%22%2C%22sid%22%3A%2251064762-e29f-4335-ac37-b358a1f27bc2%22%2C%22hp%22%3A1%2C%22rid%22%3A%223b0c30df-59af-45a2-8010-82147dd47427%22%7D%5D%7D&userid=%7B%22pubcid%22%3A%22f6a3602b-20d0-453b-ab39-49dbb75d7ee8%22%2C%22id5id%22%3A%22ID5*8QJMToHjLhI41MQ6utISKy5xNxzU35fuwAaI9hSx7VxEBQ6ZwsW32VhQCy_jUR7dRAagl9kWlwgB0bfFbatM1g%22%2C%22tdid%22%3A%22c3db27b5-56e8-4f77-8870-8d51c49d4722%22%7D&eids=%5B%7B%22source%22%3A%22pubcid.org%22%2C%22uids%22%3A%5B%7B%22id%22%3A%22f6a3602b-20d0-453b-ab39-49dbb75d7ee8%22%2C%22atype%22%3A1%7D%5D%7D%2C%7B%22source%22%3A%22id5-sync.com%22%2C%22uids%22%3A%5B%7B%22id%22%3A%22ID5*8QJMToHjLhI41MQ6utISKy5xNxzU35fuwAaI9hSx7VxEBQ6ZwsW32VhQCy_jUR7dRAagl9kWlwgB0bfFbatM1g%22%2C%22atype%22%3A1%2C%22ext%22%3A%7B%22linkType%22%3A2%7D%7D%5D%7D%2C%7B%22source%22%3A%22adserver.org%22%2C%22uids%22%3A%5B%7B%22id%22%3A%22c3db27b5-56e8-4f77-8870-8d51c49d4722%22%2C%22atype%22%3A1%2C%22ext%22%3A%7B%22rtiPartner%22%3A%22TDID%22%7D%7D%5D%7D%5D&us_privacy=1---&coppa=0
Requested by
Host: monu.delivery
URL: https://monu.delivery/sitesplit/d3/0.4.5/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
69.166.1.14 , United States, ASN27630 (AS-XFERNET, US),
Reverse DNS
Software
sonobi-go /
Resource Hash
0923770bb815e3bfdf797d47f2fc2dbacb8f3a3f6ef4962fb54e2d9b0f1ea64c
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Sat, 15 Apr 2023 00:36:18 GMT
Content-Encoding
gzip
Server
sonobi-go
Vary
negotiate,Accept-Encoding
X-Go-Server
go-iad-2-5-33
Content-Type
application/json
P3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin
https://www.cpomagazine.com
Cache-Control
no-cache, no-store, private
Access-Control-Allow-Credentials
true
Tcn
Choice
Content-Length
363
X-Xss-Protection
0
Expires
Sat, 26 Jul 1997 05:00:00 GMT
imp
g2.gumgum.com/hbid/ 		675 B
778 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://g2.gumgum.com/hbid/imp?lt=1681518978476&to=0&aun=mmt-a3351054-7e69-4664-86d7-41f1c0f3fe7e-ad&pubcid=f6a3602b-20d0-453b-ab39-49dbb75d7ee8&id5id=ID5*8QJMToHjLhI41MQ6utISKy5xNxzU35fuwAaI9hSx7VxEBQ6ZwsW32VhQCy_jUR7dRAagl9kWlwgB0bfFbatM1g&tdid=c3db27b5-56e8-4f77-8870-8d51c49d4722&gpid=%2F20842576%2C22558570530%2FGSU0BM%2FGSU0BM-DDS.A%23sidebar-1&pv=ae44de31-6f1b-4579-ac0e-29ae61b79816&maxw=300&maxh=600&si=222946&pi=3&bf=300x250%2C300x600&uspConsent=1---&schain=1.0%2C1!monumetric.com%2C51064762-e29f-4335-ac37-b358a1f27bc2%2C1%2C3b0c30df-59af-45a2-8010-82147dd47427%2C%2C&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fwww.cpomagazine.com%2Fcyber-security%2Fsuspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware%2F&ce=false&dpr=1&jcsi=%7B%22t%22%3A0%2C%22rq%22%3A8%2C%22pbv%22%3A%227.34.0%22%7D&ogu=https%3A%2F%2Fwww.cpomagazine.com%2Fcyber-security%2Fsuspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware%2F&ns=10240
Requested by
Host: monu.delivery
URL: https://monu.delivery/sitesplit/d3/0.4.5/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.235.206.17 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-18-235-206-17.compute-1.amazonaws.com
Software
nginx /
Resource Hash
94ab74a6aa8a5a9884c210c3b27563475238da4f46cc3132368222e0dd33a46b

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sat, 15 Apr 2023 00:36:18 GMT
content-encoding
gzip
server
nginx
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://www.cpomagazine.com
cache-control
private, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
timing-allow-origin
*
expires
0
imp
g2.gumgum.com/hbid/ 		675 B
778 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://g2.gumgum.com/hbid/imp?lt=1681518978476&to=0&aun=mmt-a3351054-7e69-4664-86d7-41f1c0f3fe7e-ad&pubcid=f6a3602b-20d0-453b-ab39-49dbb75d7ee8&id5id=ID5*8QJMToHjLhI41MQ6utISKy5xNxzU35fuwAaI9hSx7VxEBQ6ZwsW32VhQCy_jUR7dRAagl9kWlwgB0bfFbatM1g&tdid=c3db27b5-56e8-4f77-8870-8d51c49d4722&gpid=%2F20842576%2C22558570530%2FGSU0BM%2FGSU0BM-DDS.A%23sidebar-1&pv=ae44de31-6f1b-4579-ac0e-29ae61b79816&maxw=300&maxh=600&si=222947&pi=3&bf=300x250%2C300x600&uspConsent=1---&schain=1.0%2C1!monumetric.com%2C51064762-e29f-4335-ac37-b358a1f27bc2%2C1%2C3b0c30df-59af-45a2-8010-82147dd47427%2C%2C&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fwww.cpomagazine.com%2Fcyber-security%2Fsuspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware%2F&ce=false&dpr=1&jcsi=%7B%22t%22%3A0%2C%22rq%22%3A8%2C%22pbv%22%3A%227.34.0%22%7D&ogu=https%3A%2F%2Fwww.cpomagazine.com%2Fcyber-security%2Fsuspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware%2F&ns=10240
Requested by
Host: monu.delivery
URL: https://monu.delivery/sitesplit/d3/0.4.5/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.235.206.17 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-18-235-206-17.compute-1.amazonaws.com
Software
nginx /
Resource Hash
94ab74a6aa8a5a9884c210c3b27563475238da4f46cc3132368222e0dd33a46b

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sat, 15 Apr 2023 00:36:18 GMT
content-encoding
gzip
server
nginx
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://www.cpomagazine.com
cache-control
private, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
timing-allow-origin
*
expires
0
bid
ap.lijit.com/rtb/ 		95 B
629 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ap.lijit.com/rtb/bid?src=prebid_prebid_7.34.0
Requested by
Host: monu.delivery
URL: https://monu.delivery/sitesplit/d3/0.4.5/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.92.190.68 Charlotte, United States, ASN10913 (INTERNAP-BLK, US),
Reverse DNS
Software
/
Resource Hash
594d3c9939f2525d213200f4ff9c88bb506099e803184a0d6d343a7a2f994554

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
text/plain

Response headers

Date
Sat, 15 Apr 2023 00:36:18 GMT
Content-Encoding
gzip
Vary
Accept-Encoding, User-Agent
Access-Control-Allow-Methods
GET, POST, DELETE, PUT
Content-Type
application/json
Access-Control-Allow-Origin
https://www.cpomagazine.com
Access-Control-Allow-Credentials
true
X-Sovrn-Pod
ad_ap2ewr1
Access-Control-Allow-Headers
X-Requested-With, Content-Type
Content-Length
99
prebid
ib.adnxs.com/ut/v3/ 		19 B
982 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: monu.delivery
URL: https://monu.delivery/sitesplit/d3/0.4.5/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
68.67.179.153 North Bergen, United States, ASN29990 (ASN-APPNEX, US),
Reverse DNS
570.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
0c09c070833c786cb25be38bc30992b30bad578f817dbc9e34beacd8b8ea44c5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Sat, 15 Apr 2023 00:36:18 GMT
AN-X-Request-Uuid
ef3fd158-aa39-45b7-b11d-f9603ef6c8fa
Server
nginx/1.21.3
Accept-CH
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type
application/json; charset=utf-8
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
https://www.cpomagazine.com
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
X-Proxy-Origin
167.88.7.162; 167.88.7.162; 570.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
Content-Length
19
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
fastlane.json
fastlane.rubiconproject.com/a/api/ 		519 B
554 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=23852&site_id=389792&zone_id=2276222&size_id=15&alt_size_ids=10&us_privacy=1---&rp_schain=1.0,1!monumetric.com,51064762-e29f-4335-ac37-b358a1f27bc2,1,3b0c30df-59af-45a2-8010-82147dd47427,,&eid_pubcid.org=f6a3602b-20d0-453b-ab39-49dbb75d7ee8%5E1&eid_id5-sync.com=ID5*8QJMToHjLhI41MQ6utISKy5xNxzU35fuwAaI9hSx7VxEBQ6ZwsW32VhQCy_jUR7dRAagl9kWlwgB0bfFbatM1g%5E1%5E2&tpid_tdid=c3db27b5-56e8-4f77-8870-8d51c49d4722&eid_adserver.org=c3db27b5-56e8-4f77-8870-8d51c49d4722&rf=https%3A%2F%2Fwww.cpomagazine.com%2Fcyber-security%2Fsuspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware%2F&tg_i.page=https%3A%2F%2Fwww.cpomagazine.com%2Fcyber-security%2Fsuspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware%2F&tg_i.domain=cpomagazine.com&tg_i.pbadslot=%2F20842576%2C22558570530%2FGSU0BM%2FGSU0BM-DDS.A%23sidebar-1&tk_flint=pbjs_lite_v7.34.0&x_source.tid=cd583024-44e8-4b4d-af9e-6630632b13df&l_pb_bid_id=1572f0b68e3a6d14&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&p_gpid=%2F20842576%2C22558570530%2FGSU0BM%2FGSU0BM-DDS.A%23sidebar-1&slots=1&rand=0.3255019779747954
Requested by
Host: monu.delivery
URL: https://monu.delivery/sitesplit/d3/0.4.5/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2602:803:c002:200::115 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.21.4 /
Resource Hash
1b11fe07fa35527293631d74b9198b31e092ec310c41bf479c153f827d047c99

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sat, 15 Apr 2023 00:36:18 GMT
server
nginx/1.21.4
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
https://www.cpomagazine.com
p3p
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
content-length
519
expires
Wed, 17 Sep 1975 21:32:10 GMT
prebid
ads.yieldmo.com/exchange/ 		0
227 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ads.yieldmo.com/exchange/prebid?pbav=7.34.0&p=%5B%7B%22placement_id%22%3A%22mmt-a3351054-7e69-4664-86d7-41f1c0f3fe7e-ad%22%2C%22callback_id%22%3A%22159670b2edc14b23%22%2C%22sizes%22%3A%5B%5B300%2C250%5D%2C%5B300%2C600%5D%5D%2C%22ym_placement_id%22%3A%222668194220820340961%22%2C%22gpid%22%3A%22%2F20842576%2C22558570530%2FGSU0BM%2FGSU0BM-DDS.A%23sidebar-1%22%2C%22tid%22%3A%22cd583024-44e8-4b4d-af9e-6630632b13df%22%2C%22auctionId%22%3A%227adc8455-e828-4534-8e80-cecf84c33094%22%7D%5D&page_url=https%3A%2F%2Fwww.cpomagazine.com%2Fcyber-security%2Fsuspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware%2F&bust=1681518978481&dnt=false&description=Suspected%20Chinese%20threat%20actors%20compromised%20an%20IRS-authorized%20online%20tax%20return%20website%20eFile.com%20using%20JavaScript%20malware%20to%20create%20backdoors%20on%20users%E2%80%99%20devices.&userConsent=%7B%22gdprApplies%22%3A%22%22%2C%22cmp%22%3A%22%22%7D&us_privacy=1---&pr=&scrd=1&title=Suspected%20Chinese%20Threat%20Actors%20Infected%20IRS%20Authorized%20Tax%20Return%20Website%20With%20JavaScript%20Malware%20-%20CPO%20Magazine&w=1600&h=1200&pubcid=f6a3602b-20d0-453b-ab39-49dbb75d7ee8&tdid=c3db27b5-56e8-4f77-8870-8d51c49d4722&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22monumetric.com%22%2C%22sid%22%3A%2251064762-e29f-4335-ac37-b358a1f27bc2%22%2C%22hp%22%3A1%2C%22rid%22%3A%223b0c30df-59af-45a2-8010-82147dd47427%22%7D%5D%7D&eids=%5B%7B%22source%22%3A%22pubcid.org%22%2C%22uids%22%3A%5B%7B%22id%22%3A%22f6a3602b-20d0-453b-ab39-49dbb75d7ee8%22%2C%22atype%22%3A1%7D%5D%7D%2C%7B%22source%22%3A%22id5-sync.com%22%2C%22uids%22%3A%5B%7B%22id%22%3A%22ID5*8QJMToHjLhI41MQ6utISKy5xNxzU35fuwAaI9hSx7VxEBQ6ZwsW32VhQCy_jUR7dRAagl9kWlwgB0bfFbatM1g%22%2C%22atype%22%3A1%2C%22ext%22%3A%7B%22linkType%22%3A2%7D%7D%5D%7D%2C%7B%22source%22%3A%22adserver.org%22%2C%22uids%22%3A%5B%7B%22id%22%3A%22c3db27b5-56e8-4f77-8870-8d51c49d4722%22%2C%22atype%22%3A1%2C%22ext%22%3A%7B%22rtiPartner%22%3A%22TDID%22%7D%7D%5D%7D%5D
Requested by
Host: monu.delivery
URL: https://monu.delivery/sitesplit/d3/0.4.5/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.214.100.121 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-214-100-121.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://www.cpomagazine.com
pragma
no-cache
date
Sat, 15 Apr 2023 00:36:18 GMT
access-control-allow-credentials
true
x-robots-tag
none,NOINDEX,NOFOLLOW
access-control-allow-methods
POST, GET, OPTIONS
access-control-request-headers
Cache-Control, Pragma
bidRequest
c2shb.pubgw.yahoo.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://c2shb.pubgw.yahoo.com/bidRequest
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.236.83.94 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-236-83-94.compute-1.amazonaws.com
Software
ATS/9.1.10.25 /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-openrtb-version
Access-Control-Request-Method
POST
Origin
https://www.cpomagazine.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
X-Requested-With,Content-Type,X-Openrtb-Version
access-control-allow-methods
GET,POST,OPTIONS
access-control-allow-origin
https://www.cpomagazine.com
access-control-max-age
600
age
0
content-length
0
date
Sat, 15 Apr 2023 00:36:18 GMT
server
ATS/9.1.10.25
bidRequest
c2shb.pubgw.yahoo.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://c2shb.pubgw.yahoo.com/bidRequest
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.236.83.94 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-236-83-94.compute-1.amazonaws.com
Software
ATS/9.1.10.25 /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-openrtb-version
Access-Control-Request-Method
POST
Origin
https://www.cpomagazine.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
X-Requested-With,Content-Type,X-Openrtb-Version
access-control-allow-methods
GET,POST,OPTIONS
access-control-allow-origin
https://www.cpomagazine.com
access-control-max-age
600
age
0
content-length
0
date
Sat, 15 Apr 2023 00:36:18 GMT
server
ATS/9.1.10.25
bidRequest
c2shb.pubgw.yahoo.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://c2shb.pubgw.yahoo.com/bidRequest
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.236.83.94 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-236-83-94.compute-1.amazonaws.com
Software
ATS/9.1.10.25 /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-openrtb-version
Access-Control-Request-Method
POST
Origin
https://www.cpomagazine.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
X-Requested-With,Content-Type,X-Openrtb-Version
access-control-allow-methods
GET,POST,OPTIONS
access-control-allow-origin
https://www.cpomagazine.com
access-control-max-age
600
age
0
content-length
0
date
Sat, 15 Apr 2023 00:36:18 GMT
server
ATS/9.1.10.25
bidRequest
c2shb.pubgw.yahoo.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://c2shb.pubgw.yahoo.com/bidRequest
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.236.83.94 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-236-83-94.compute-1.amazonaws.com
Software
ATS/9.1.10.25 /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-openrtb-version
Access-Control-Request-Method
POST
Origin
https://www.cpomagazine.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
X-Requested-With,Content-Type,X-Openrtb-Version
access-control-allow-methods
GET,POST,OPTIONS
access-control-allow-origin
https://www.cpomagazine.com
access-control-max-age
600
age
0
content-length
0
date
Sat, 15 Apr 2023 00:36:18 GMT
server
ATS/9.1.10.25
cookie.js
partner.googleadservices.com/gampad/ 		219 B
422 B 		Script
General
Check archive.org
Download Go to
Full URL
https://partner.googleadservices.com/gampad/cookie.js?domain=www.cpomagazine.com&callback=_gfp_s_&client=ca-pub-1360089709940309&cookie=ID%3Ddbb218a7b09e9ffc%3AT%3D1681518969%3AS%3DALNI_MZ_54gw5Po37YGUasJzBAJR9z_tRQ&gpic=UID%3D00000be2ab1fca0e%3AT%3D1681518969%3ART%3D1681518969%3AS%3DALNI_MaDsYPmWyU5yV_OwRsNx6yGEDPQ8g
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202304100101/show_ads_impl_fy2021.js?bust=31073762
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81e::2002 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a3ad126418c507a350da1563ff625e3dd93186a42c868b57bd8524c152716b82
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Sat, 15 Apr 2023 00:36:18 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type
text/javascript; charset=UTF-8
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
207
x-xss-protection
0
ads
googleads.g.doubleclick.net/pagead/ Frame 5D0E 		603 B
112 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?gdpr=0&us_privacy=1---&client=ca-pub-1360089709940309&output=html&adk=1812271804&adf=3025194257&lmt=1681509637&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=164x810_l%7C164x810_r&format=0x0&url=https%3A%2F%2Fwww.cpomagazine.com%2Fcyber-security%2Fsuspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware%2F&ea=0&host=ca-host-pub-2644536267352236&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1681518978141&bpp=7&bdt=11579&idt=385&shv=r20230412&mjsv=m202304100101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Ddbb218a7b09e9ffc%3AT%3D1681518969%3AS%3DALNI_MZ_54gw5Po37YGUasJzBAJR9z_tRQ&gpic=UID%3D00000be2ab1fca0e%3AT%3D1681518969%3ART%3D1681518969%3AS%3DALNI_MaDsYPmWyU5yV_OwRsNx6yGEDPQ8g&nras=1&correlator=2939805918124&rume=1&frm=20&pv=2&ga_vid=557382840.1681518967&ga_sid=1681518969&ga_hid=882669968&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31073585%2C31073762%2C31061691%2C31061692&oid=2&pvsid=4164485387214954&tmod=1829275388&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=2&uci=a!2&fsb=1&dtd=447
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202304100101/show_ads_impl_fy2021.js?bust=31073762
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81f::2002 -, , ASN (),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding
br
content-length
46
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Sat, 15 Apr 2023 00:36:18 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
ads
googleads.g.doubleclick.net/pagead/ Frame 6BBC 		603 B
109 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?gdpr=0&us_privacy=1---&client=ca-pub-1360089709940309&output=html&h=280&slotname=2664408395&adk=2415172762&adf=138841947&pi=t.ma~as.2664408395&w=770&fwrn=1&fwrnh=100&lmt=1681509637&rafmt=1&format=770x280&url=https%3A%2F%2Fwww.cpomagazine.com%2Fcyber-security%2Fsuspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware%2F&host=ca-host-pub-2644536267352236&fwr=0&fwrattr=false&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1681518978169&bpp=5&bdt=11607&idt=452&shv=r20230412&mjsv=m202304100101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Ddbb218a7b09e9ffc%3AT%3D1681518969%3AS%3DALNI_MZ_54gw5Po37YGUasJzBAJR9z_tRQ&gpic=UID%3D00000be2ab1fca0e%3AT%3D1681518969%3ART%3D1681518969%3AS%3DALNI_MaDsYPmWyU5yV_OwRsNx6yGEDPQ8g&prev_fmts=0x0&nras=1&correlator=2939805918124&rume=1&frm=20&pv=1&ga_vid=557382840.1681518967&ga_sid=1681518969&ga_hid=882669968&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=3795&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31073585%2C31073762%2C31061691%2C31061692&oid=2&pvsid=4164485387214954&tmod=1829275388&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=cCaaYUJ5Qp&p=https%3A//www.cpomagazine.com&dtd=465
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202304100101/show_ads_impl_fy2021.js?bust=31073762
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81f::2002 -, , ASN (),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding
br
content-length
46
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Sat, 15 Apr 2023 00:36:18 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
mmt.gif
imps.monu.delivery/ 		37 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://imps.monu.delivery/mmt.gif?s=378656d2-f9de-4c85-8a3e-09b46c005318&a=b.r&u=7c484d7b-0e27-4bec-ab1d-5681e5c25576&d=%7B%22utm%22%3A%7B%7D%7D
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.186.236.140 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
140.236.186.35.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
b2e4d08754839510a3d77ddf8205a515e51e4277c323932b10441196744ce757

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Sat, 18 Mar 2023 21:52:05 GMT
age
2342653
x-guploader-uploadid
ADPycdtubwQalT_2g6m8-2YqpQC5joU8a_RZ5sxsFUo1pHnc37qCC9oqG_o2AybqFk-jd0o7cE-3QmrGzhwX10dciOr7k2m_BeqN
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
5
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
37
last-modified
Wed, 12 Jul 2017 09:13:19 GMT
server
UploadServer
etag
"455005e2f4b8ecc484500fab08619f70"
x-goog-generation
1499850799559224
x-goog-hash
crc32c=1zd0wQ==, md5=RVAF4vS47MSEUA+rCGGfcA==
content-type
image/gif
cache-control
public, max-age=31536000
x-goog-stored-content-length
37
accept-ranges
bytes
expires
Sun, 17 Mar 2024 21:52:05 GMT
v1
hb-api.omnitagjs.com/hb-api/prebid/ 		360 B
497 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://hb-api.omnitagjs.com/hb-api/prebid/v1?RefererUrl=https%3A%2F%2Fwww.cpomagazine.com%2Fcyber-security%2Fsuspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware%2F&PageUrl=https%3A%2F%2Fwww.cpomagazine.com%2Fcyber-security%2Fsuspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware%2F&PageReferrer=https%3A%2F%2Fwww.cpomagazine.com%2Fcyber-security%2Fsuspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware%2F&CanonicalUrl=https%3A%2F%2Fwww.cpomagazine.com%2Fcyber-security%2Fsuspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware%2F
Requested by
Host: monu.delivery
URL: https://monu.delivery/sitesplit/d3/0.4.5/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
195.244.31.11 Newark, United States, ASN63140 (IGUANA-WORLDWIDE, US),
Reverse DNS
Software
ayl-lb-usa02 /
Resource Hash
81c14743b734588b4d03449c56faf6105c5a6977c9059f9606092964f4504009
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
text/plain

Response headers

date
Sat, 15 Apr 2023 00:36:18 GMT
x-content-type-options
nosniff
p3p
CP="CAO PSA OUR"
x-envoy-upstream-service-time
10
content-length
360
pragma
no-cache
server
ayl-lb-usa02
access-control-max-age
3600
access-control-allow-methods
OPTIONS, POST
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.cpomagazine.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
vary
Accept-Encoding
access-control-allow-headers
Accept-Encoding, Content-Type
expires
0
prebid
ads.yieldmo.com/exchange/ 		0
227 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ads.yieldmo.com/exchange/prebid?pbav=7.34.0&p=%5B%7B%22placement_id%22%3A%22mmt-67263a0a-e2a0-4b54-bd61-25366a6be707-ad%22%2C%22callback_id%22%3A%22165648177072fb0e%22%2C%22sizes%22%3A%5B%5B300%2C250%5D%2C%5B300%2C600%5D%5D%2C%22ym_placement_id%22%3A%222668194220820340961%22%2C%22gpid%22%3A%22%2F20842576%2C22558570530%2FGSU0BM%2FGSU0BM-DDS.C%23sidebar-3%22%2C%22tid%22%3A%22d8f7aff4-63a9-4cd1-b7a2-22c5c6490dba%22%2C%22auctionId%22%3A%220fcadf6a-368e-4a5c-930e-61f45e7268c6%22%7D%5D&page_url=https%3A%2F%2Fwww.cpomagazine.com%2Fcyber-security%2Fsuspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware%2F&bust=1681518978783&dnt=false&description=Suspected%20Chinese%20threat%20actors%20compromised%20an%20IRS-authorized%20online%20tax%20return%20website%20eFile.com%20using%20JavaScript%20malware%20to%20create%20backdoors%20on%20users%E2%80%99%20devices.&userConsent=%7B%22gdprApplies%22%3A%22%22%2C%22cmp%22%3A%22%22%7D&us_privacy=1---&pr=&scrd=1&title=Suspected%20Chinese%20Threat%20Actors%20Infected%20IRS%20Authorized%20Tax%20Return%20Website%20With%20JavaScript%20Malware%20-%20CPO%20Magazine&w=1600&h=1200&pubcid=f6a3602b-20d0-453b-ab39-49dbb75d7ee8&tdid=c3db27b5-56e8-4f77-8870-8d51c49d4722&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22monumetric.com%22%2C%22sid%22%3A%2251064762-e29f-4335-ac37-b358a1f27bc2%22%2C%22hp%22%3A1%2C%22rid%22%3A%223b0c30df-59af-45a2-8010-82147dd47427%22%7D%5D%7D&eids=%5B%7B%22source%22%3A%22pubcid.org%22%2C%22uids%22%3A%5B%7B%22id%22%3A%22f6a3602b-20d0-453b-ab39-49dbb75d7ee8%22%2C%22atype%22%3A1%7D%5D%7D%2C%7B%22source%22%3A%22id5-sync.com%22%2C%22uids%22%3A%5B%7B%22id%22%3A%22ID5*8QJMToHjLhI41MQ6utISKy5xNxzU35fuwAaI9hSx7VxEBQ6ZwsW32VhQCy_jUR7dRAagl9kWlwgB0bfFbatM1g%22%2C%22atype%22%3A1%2C%22ext%22%3A%7B%22linkType%22%3A2%7D%7D%5D%7D%2C%7B%22source%22%3A%22adserver.org%22%2C%22uids%22%3A%5B%7B%22id%22%3A%22c3db27b5-56e8-4f77-8870-8d51c49d4722%22%2C%22atype%22%3A1%2C%22ext%22%3A%7B%22rtiPartner%22%3A%22TDID%22%7D%7D%5D%7D%5D
Requested by
Host: monu.delivery
URL: https://monu.delivery/sitesplit/d3/0.4.5/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.214.100.121 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-214-100-121.compute-1.amazonaws.com
Software
/
Resource Hash

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://www.cpomagazine.com
pragma
no-cache
date
Sat, 15 Apr 2023 00:36:18 GMT
access-control-allow-credentials
true
x-robots-tag
none,NOINDEX,NOFOLLOW
access-control-allow-methods
POST, GET, OPTIONS
access-control-request-headers
Cache-Control, Pragma
pbjs
htlb.casalemedia.com/openrtb/ 		38 B
507 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://htlb.casalemedia.com/openrtb/pbjs?s=201337
Requested by
Host: monu.delivery
URL: https://monu.delivery/sitesplit/d3/0.4.5/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.24.185 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sat, 15 Apr 2023 00:36:18 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NJ%2F4eT3KE53FXNZWsamN%2Bu0QwDQKlEBQlfjGlaJGfQXv2QFFAAjT45w9xEcrZsCU6h0UVeWm3gd8AuUKvH%2BqKxZQzYwAuBeBRfP5wmavs269Ual7930eutEuWhcEMXg9wGtLkKWa"}],"group":"cf-nel","max_age":604800}
content-type
application/json
access-control-allow-origin
https://www.cpomagazine.com
cache-control
no-cache
access-control-allow-credentials
true
cf-ray
7b801d117c7a112c-ORD
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
38
expires
0
imp
g2.gumgum.com/hbid/ 		675 B
778 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://g2.gumgum.com/hbid/imp?lt=1681518978786&to=0&aun=mmt-67263a0a-e2a0-4b54-bd61-25366a6be707-ad&pubcid=f6a3602b-20d0-453b-ab39-49dbb75d7ee8&id5id=ID5*8QJMToHjLhI41MQ6utISKy5xNxzU35fuwAaI9hSx7VxEBQ6ZwsW32VhQCy_jUR7dRAagl9kWlwgB0bfFbatM1g&tdid=c3db27b5-56e8-4f77-8870-8d51c49d4722&gpid=%2F20842576%2C22558570530%2FGSU0BM%2FGSU0BM-DDS.C%23sidebar-3&pv=ae44de31-6f1b-4579-ac0e-29ae61b79816&maxw=300&maxh=600&si=222946&pi=3&bf=300x250%2C300x600&uspConsent=1---&schain=1.0%2C1!monumetric.com%2C51064762-e29f-4335-ac37-b358a1f27bc2%2C1%2C3b0c30df-59af-45a2-8010-82147dd47427%2C%2C&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fwww.cpomagazine.com%2Fcyber-security%2Fsuspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware%2F&ce=false&dpr=1&jcsi=%7B%22t%22%3A0%2C%22rq%22%3A8%2C%22pbv%22%3A%227.34.0%22%7D&ogu=https%3A%2F%2Fwww.cpomagazine.com%2Fcyber-security%2Fsuspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware%2F&ns=10240
Requested by
Host: monu.delivery
URL: https://monu.delivery/sitesplit/d3/0.4.5/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.235.206.17 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-18-235-206-17.compute-1.amazonaws.com
Software
nginx /
Resource Hash

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sat, 15 Apr 2023 00:36:18 GMT
content-encoding
gzip
server
nginx
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://www.cpomagazine.com
cache-control
private, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
timing-allow-origin
*
expires
0
imp
g2.gumgum.com/hbid/ 		675 B
778 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://g2.gumgum.com/hbid/imp?lt=1681518978786&to=0&aun=mmt-67263a0a-e2a0-4b54-bd61-25366a6be707-ad&pubcid=f6a3602b-20d0-453b-ab39-49dbb75d7ee8&id5id=ID5*8QJMToHjLhI41MQ6utISKy5xNxzU35fuwAaI9hSx7VxEBQ6ZwsW32VhQCy_jUR7dRAagl9kWlwgB0bfFbatM1g&tdid=c3db27b5-56e8-4f77-8870-8d51c49d4722&gpid=%2F20842576%2C22558570530%2FGSU0BM%2FGSU0BM-DDS.C%23sidebar-3&pv=ae44de31-6f1b-4579-ac0e-29ae61b79816&maxw=300&maxh=600&si=222947&pi=3&bf=300x250%2C300x600&uspConsent=1---&schain=1.0%2C1!monumetric.com%2C51064762-e29f-4335-ac37-b358a1f27bc2%2C1%2C3b0c30df-59af-45a2-8010-82147dd47427%2C%2C&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fwww.cpomagazine.com%2Fcyber-security%2Fsuspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware%2F&ce=false&dpr=1&jcsi=%7B%22t%22%3A0%2C%22rq%22%3A8%2C%22pbv%22%3A%227.34.0%22%7D&ogu=https%3A%2F%2Fwww.cpomagazine.com%2Fcyber-security%2Fsuspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware%2F&ns=10240
Requested by
Host: monu.delivery
URL: https://monu.delivery/sitesplit/d3/0.4.5/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.235.206.17 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-18-235-206-17.compute-1.amazonaws.com
Software
nginx /
Resource Hash

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sat, 15 Apr 2023 00:36:18 GMT
content-encoding
gzip
server
nginx
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://www.cpomagazine.com
cache-control
private, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
timing-allow-origin
*
expires
0
637e6546decb82d45236f0f8
prebid.cootlogix.com/prebid/multi/ 		0
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebid.cootlogix.com/prebid/multi/637e6546decb82d45236f0f8
Requested by
Host: monu.delivery
URL: https://monu.delivery/sitesplit/d3/0.4.5/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
45.77.203.141 Piscataway, United States, ASN20473 (AS-CHOOPA, US),
Reverse DNS
45.77.203.141.vultrusercontent.com
Software
/
Resource Hash

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://www.cpomagazine.com
date
Sat, 15 Apr 2023 00:36:19 GMT
cache-control
max-age=0, no-cache, must-revalidate, proxy-revalidate
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, Content-Range, Cache-Control
content-length
0
bid
ap.lijit.com/rtb/ 		95 B
628 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ap.lijit.com/rtb/bid?src=prebid_prebid_7.34.0
Requested by
Host: monu.delivery
URL: https://monu.delivery/sitesplit/d3/0.4.5/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.92.190.68 Charlotte, United States, ASN10913 (INTERNAP-BLK, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
text/plain

Response headers

Date
Sat, 15 Apr 2023 00:36:18 GMT
Content-Encoding
gzip
Vary
Accept-Encoding, User-Agent
Access-Control-Allow-Methods
GET, POST, DELETE, PUT
Content-Type
application/json
Access-Control-Allow-Origin
https://www.cpomagazine.com
Access-Control-Allow-Credentials
true
X-Sovrn-Pod
ad_ap2ewr1
Access-Control-Allow-Headers
X-Requested-With, Content-Type
Content-Length
98
trinity.json
apex.go.sonobi.com/ 		410 B
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://apex.go.sonobi.com/trinity.json?key_maker=%7B%221780d4a7b07d67e1%22%3A%22dcc4cd9596e80d497120%7C300x250%2C300x600%7Cgpid%3D%2F20842576%2C22558570530%2FGSU0BM%2FGSU0BM-DDS.C%23sidebar-3%2Cc%3Dd%2C%22%2C%22179d2ed5a7f96dcb%22%3A%22d23fc2fbe929165f22f9%7C300x250%2C300x600%7Cgpid%3D%2F20842576%2C22558570530%2FGSU0BM%2FGSU0BM-DDS.C%23sidebar-3%2Cc%3Dd%2C%22%7D&ref=https%3A%2F%2Fwww.cpomagazine.com%2Fcyber-security%2Fsuspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware%2F&s=1b06158b-7d8c-4f11-8bde-355e24dbc275&pv=a8d57ca9-d890-4c53-9b91-7829f485246f&vp=desktop&lib_name=prebid&lib_v=7.34.0&us=5&fpd=%7B%22regs%22%3A%7B%22ext%22%3A%7B%22us_privacy%22%3A%221---%22%7D%7D%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fwww.cpomagazine.com%2Fcyber-security%2Fsuspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware%2F%22%2C%22domain%22%3A%22cpomagazine.com%22%2C%22publisher%22%3A%7B%22domain%22%3A%22cpomagazine.com%22%7D%7D%2C%22device%22%3A%7B%22w%22%3A1600%2C%22h%22%3A1200%2C%22dnt%22%3A0%2C%22ua%22%3A%22Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F112.0.5615.49%20Safari%2F537.36%22%2C%22language%22%3A%22en%22%2C%22sua%22%3A%7B%22source%22%3A2%2C%22browsers%22%3A%5B%5D%2C%22mobile%22%3A0%2C%22model%22%3A%22%22%2C%22bitness%22%3A%22%22%2C%22architecture%22%3A%22%22%7D%7D%7D&ius=0&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22monumetric.com%22%2C%22sid%22%3A%2251064762-e29f-4335-ac37-b358a1f27bc2%22%2C%22hp%22%3A1%2C%22rid%22%3A%223b0c30df-59af-45a2-8010-82147dd47427%22%7D%5D%7D&userid=%7B%22pubcid%22%3A%22f6a3602b-20d0-453b-ab39-49dbb75d7ee8%22%2C%22id5id%22%3A%22ID5*8QJMToHjLhI41MQ6utISKy5xNxzU35fuwAaI9hSx7VxEBQ6ZwsW32VhQCy_jUR7dRAagl9kWlwgB0bfFbatM1g%22%2C%22tdid%22%3A%22c3db27b5-56e8-4f77-8870-8d51c49d4722%22%7D&eids=%5B%7B%22source%22%3A%22pubcid.org%22%2C%22uids%22%3A%5B%7B%22id%22%3A%22f6a3602b-20d0-453b-ab39-49dbb75d7ee8%22%2C%22atype%22%3A1%7D%5D%7D%2C%7B%22source%22%3A%22id5-sync.com%22%2C%22uids%22%3A%5B%7B%22id%22%3A%22ID5*8QJMToHjLhI41MQ6utISKy5xNxzU35fuwAaI9hSx7VxEBQ6ZwsW32VhQCy_jUR7dRAagl9kWlwgB0bfFbatM1g%22%2C%22atype%22%3A1%2C%22ext%22%3A%7B%22linkType%22%3A2%7D%7D%5D%7D%2C%7B%22source%22%3A%22adserver.org%22%2C%22uids%22%3A%5B%7B%22id%22%3A%22c3db27b5-56e8-4f77-8870-8d51c49d4722%22%2C%22atype%22%3A1%2C%22ext%22%3A%7B%22rtiPartner%22%3A%22TDID%22%7D%7D%5D%7D%5D&us_privacy=1---&coppa=0
Requested by
Host: monu.delivery
URL: https://monu.delivery/sitesplit/d3/0.4.5/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
69.166.1.14 , United States, ASN27630 (AS-XFERNET, US),
Reverse DNS
Software
sonobi-go /
Resource Hash
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Sat, 15 Apr 2023 00:36:18 GMT
Content-Encoding
gzip
Server
sonobi-go
Vary
negotiate,Accept-Encoding
X-Go-Server
go-iad-2-5-33
Content-Type
application/json
P3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin
https://www.cpomagazine.com
Cache-Control
no-cache, no-store, private
Access-Control-Allow-Credentials
true
Tcn
Choice
Content-Length
336
X-Xss-Protection
0
Expires
Sat, 26 Jul 1997 05:00:00 GMT
translator
hbopenbid.pubmatic.com/ 		0
63 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by
Host: monu.delivery
URL: https://monu.delivery/sitesplit/d3/0.4.5/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.36.115.111 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://www.cpomagazine.com
date
Sat, 15 Apr 2023 00:36:18 GMT
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
v2
e.serverbid.com/api/ 		16 B
202 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://e.serverbid.com/api/v2
Requested by
Host: monu.delivery
URL: https://monu.delivery/sitesplit/d3/0.4.5/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
159.89.246.130 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
text/plain

Response headers

date
Sat, 15 Apr 2023 00:36:18 GMT
content-encoding
gzip
access-control-max-age
10080
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/json
access-control-allow-origin
https://www.cpomagazine.com
access-control-allow-credentials
true
access-control-allow-headers
origin, content-type, accept
content-length
42
fastlane.json
fastlane.rubiconproject.com/a/api/ 		519 B
554 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=23852&site_id=389792&zone_id=2276222&size_id=15&alt_size_ids=10&us_privacy=1---&rp_schain=1.0,1!monumetric.com,51064762-e29f-4335-ac37-b358a1f27bc2,1,3b0c30df-59af-45a2-8010-82147dd47427,,&eid_pubcid.org=f6a3602b-20d0-453b-ab39-49dbb75d7ee8%5E1&eid_id5-sync.com=ID5*8QJMToHjLhI41MQ6utISKy5xNxzU35fuwAaI9hSx7VxEBQ6ZwsW32VhQCy_jUR7dRAagl9kWlwgB0bfFbatM1g%5E1%5E2&tpid_tdid=c3db27b5-56e8-4f77-8870-8d51c49d4722&eid_adserver.org=c3db27b5-56e8-4f77-8870-8d51c49d4722&rf=https%3A%2F%2Fwww.cpomagazine.com%2Fcyber-security%2Fsuspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware%2F&tg_i.page=https%3A%2F%2Fwww.cpomagazine.com%2Fcyber-security%2Fsuspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware%2F&tg_i.domain=cpomagazine.com&tg_i.pbadslot=%2F20842576%2C22558570530%2FGSU0BM%2FGSU0BM-DDS.C%23sidebar-3&tk_flint=pbjs_lite_v7.34.0&x_source.tid=d8f7aff4-63a9-4cd1-b7a2-22c5c6490dba&l_pb_bid_id=1879fd33c6735752&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&p_gpid=%2F20842576%2C22558570530%2FGSU0BM%2FGSU0BM-DDS.C%23sidebar-3&slots=1&rand=0.05152320029781343
Requested by
Host: monu.delivery
URL: https://monu.delivery/sitesplit/d3/0.4.5/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2602:803:c002:200::115 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.21.4 /
Resource Hash

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sat, 15 Apr 2023 00:36:18 GMT
server
nginx/1.21.4
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
https://www.cpomagazine.com
p3p
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
content-length
519
expires
Wed, 17 Sep 1975 21:32:10 GMT
prebid
ib.adnxs.com/ut/v3/ 		19 B
982 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: monu.delivery
URL: https://monu.delivery/sitesplit/d3/0.4.5/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
68.67.179.153 North Bergen, United States, ASN29990 (ASN-APPNEX, US),
Reverse DNS
570.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Sat, 15 Apr 2023 00:36:18 GMT
AN-X-Request-Uuid
76b627b6-ea21-4aeb-b772-79106991d5f0
Server
nginx/1.21.3
Accept-CH
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type
application/json; charset=utf-8
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
https://www.cpomagazine.com
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
X-Proxy-Origin
167.88.7.162; 167.88.7.162; 570.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
Content-Length
19
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
v1
btlr.sharethrough.com/universal/ 		615 B
920 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by
Host: monu.delivery
URL: https://monu.delivery/sitesplit/d3/0.4.5/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
52.55.204.172 -, , ASN (),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
text/plain

Response headers

date
Sat, 15 Apr 2023 00:36:18 GMT
content-encoding
gzip
x-openrtb-version
2.5
vary
Origin
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.cpomagazine.com
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-length
400
v1
btlr.sharethrough.com/universal/ 		549 B
882 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by
Host: monu.delivery
URL: https://monu.delivery/sitesplit/d3/0.4.5/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
52.55.204.172 -, , ASN (),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
text/plain

Response headers

date
Sat, 15 Apr 2023 00:36:18 GMT
content-encoding
gzip
x-openrtb-version
2.5
vary
Origin
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.cpomagazine.com
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-length
362
bidRequest
c2shb.pubgw.yahoo.com/ 		66 B
117 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c2shb.pubgw.yahoo.com/bidRequest
Requested by
Host: monu.delivery
URL: https://monu.delivery/sitesplit/d3/0.4.5/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.236.83.94 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-236-83-94.compute-1.amazonaws.com
Software
ATS/9.1.10.25 /
Resource Hash

Request headers

Referer
x-openrtb-version
2.5
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
application/json

Response headers

date
Sat, 15 Apr 2023 00:36:18 GMT
content-encoding
gzip
server
ATS/9.1.10.25
age
0
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Accept-Encoding, User-Agent
access-control-allow-methods
POST,GET,HEAD,OPTIONS
content-type
application/json;charset=utf-8
access-control-allow-origin
https://www.cpomagazine.com
access-control-allow-credentials
true
content-length
84
bidRequest
c2shb.pubgw.yahoo.com/ 		66 B
308 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c2shb.pubgw.yahoo.com/bidRequest
Requested by
Host: monu.delivery
URL: https://monu.delivery/sitesplit/d3/0.4.5/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.236.83.94 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-236-83-94.compute-1.amazonaws.com
Software
ATS/9.1.10.25 /
Resource Hash

Request headers

Referer
x-openrtb-version
2.5
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
application/json

Response headers

date
Sat, 15 Apr 2023 00:36:19 GMT
content-encoding
gzip
server
ATS/9.1.10.25
age
1
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Accept-Encoding, User-Agent
access-control-allow-methods
POST,GET,HEAD,OPTIONS
content-type
application/json;charset=utf-8
access-control-allow-origin
https://www.cpomagazine.com
access-control-allow-credentials
true
content-length
84
prebid
prebid.media.net/rtb/ 		651 B
479 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebid.media.net/rtb/prebid?cid=8CUWWG7OK
Requested by
Host: monu.delivery
URL: https://monu.delivery/sitesplit/d3/0.4.5/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.107.148.139 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
139.148.107.34.bc.googleusercontent.com
Software
nginx /
Resource Hash

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sat, 15 Apr 2023 00:36:18 GMT
content-encoding
gzip
via
1.1 google
server
nginx
accept-ch
Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://www.cpomagazine.com
cache-control
max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
alt-svc
clear
expires
Sat, 15 Apr 2023 00:36:18 GMT
c
prebid.a-mo.net/a/ 		245 B
337 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebid.a-mo.net/a/c
Requested by
Host: monu.delivery
URL: https://monu.delivery/sitesplit/d3/0.4.5/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
145.40.88.5 Secaucus, United States, ASN54825 (PACKET, US),
Reverse DNS
Software
envoy /
Resource Hash

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
text/plain

Response headers

date
Sat, 15 Apr 2023 00:36:18 GMT
content-encoding
gzip
server
envoy
vary
origin, Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.cpomagazine.com
cache-control
max-age=0, private, must-revalidate
access-control-allow-credentials
true
x-envoy-upstream-service-time
1
ads
securepubads.g.doubleclick.net/gampad/ 		21 KB
9 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?pvsid=4164485387214954&correlator=3053710349512800&eid=31072020%2C31073828%2C31073843%2C676982961%2C31061691%2C31061692&output=ldjh&gdfp_req=1&vrg=202304130101&ptt=17&impl=fif&gdpr=0&us_privacy=1---&iu_parts=20842576%3A22558570530%2CGSU0BM%2CGSU0BM-DDS.A&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=300x250%7C300x600&ifi=6&adks=4245094980&sfv=1-0-40&prev_scp=pos%3D1%26monu%3D300x250-300x600_B1%26amznbid%3Dtjjmkg%26amznp%3D1v2ipkw%26amzniid%3DJBkW8z3fyZi2I1O0aljPhc4AAAGHgldl3gEAAAJYAQBhcHNfdHhuX2JpZDEgICBhcHNfdHhuX2ltcDEgICCiL9zZ%26amznsz%3D300x250%26target_adx_floor%3D0.00%26refresh_count%3D0%26tabVisibilityState%3Dvisible%26max_bid%3Dnone%26context%3D0__chrome&eri=1&cust_params=page_num%3Dundefined%26big4%3Dtrue%26referrer%3Ddirect%26infolinks%3Dtrue%26hem_included%3Dfalse%26tcf_gdprApplies%3Dfalse%26tcfBehavior%3DnotApplicable&sc=1&cookie=ID%3Ddbb218a7b09e9ffc%3AT%3D1681518969%3AS%3DALNI_MZ_54gw5Po37YGUasJzBAJR9z_tRQ&gpic=UID%3D00000be2ab1fca0e%3AT%3D1681518969%3ART%3D1681518969%3AS%3DALNI_MaDsYPmWyU5yV_OwRsNx6yGEDPQ8g&abxe=1&dt=1681518978876&lmt=1681509637&dlt=1681518966562&idt=2549&adxs=1050&adys=1277&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=2&ucis=3&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fwww.cpomagazine.com%2Fcyber-security%2Fsuspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware%2F&rumc=4164485387214954&rume=1&frm=20&vis=1&psz=310x600&msz=300x0&fws=0&ohw=0&psts=AHQMDFetgnz5xssIcXevtINAuxsYIgg2uF-5qbKgHuxZegwZh7MvO-PtuiTEnN9v5aaK9j8Hq9Z_4KzZASbfpiOvWrb0yQ&ga_vid=557382840.1681518967&ga_sid=1681518969&ga_hid=882669968&ga_fc=true
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304130101/pubads_impl.js?cb=31073843
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4020:805::2002 Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Sat, 15 Apr 2023 00:36:19 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
9573
x-xss-protection
0
google-lineitem-id
-1
pragma
no-cache
server
cafe
google-creative-id
-1
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://www.cpomagazine.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
translator
hbopenbid.pubmatic.com/ 		0
63 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by
Host: monu.delivery
URL: https://monu.delivery/sitesplit/d3/0.4.5/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.36.115.111 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://www.cpomagazine.com
date
Sat, 15 Apr 2023 00:36:19 GMT
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
637e6546decb82d45236f0f8
prebid.cootlogix.com/prebid/multi/ 		0
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebid.cootlogix.com/prebid/multi/637e6546decb82d45236f0f8
Requested by
Host: monu.delivery
URL: https://monu.delivery/sitesplit/d3/0.4.5/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
45.77.203.141 Piscataway, United States, ASN20473 (AS-CHOOPA, US),
Reverse DNS
45.77.203.141.vultrusercontent.com
Software
/
Resource Hash

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://www.cpomagazine.com
date
Sat, 15 Apr 2023 00:36:19 GMT
cache-control
max-age=0, no-cache, must-revalidate, proxy-revalidate
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, Content-Range, Cache-Control
content-length
0
prebid
ib.adnxs.com/ut/v3/ 		19 B
982 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: monu.delivery
URL: https://monu.delivery/sitesplit/d3/0.4.5/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
68.67.179.153 North Bergen, United States, ASN29990 (ASN-APPNEX, US),
Reverse DNS
570.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Sat, 15 Apr 2023 00:36:18 GMT
AN-X-Request-Uuid
4f9b0783-0c16-4441-bf0d-2e182cb0ddc2
Server
nginx/1.21.3
Accept-CH
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type
application/json; charset=utf-8
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
https://www.cpomagazine.com
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
X-Proxy-Origin
167.88.7.162; 167.88.7.162; 570.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
Content-Length
19
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
prebid
prebid.media.net/rtb/ 		651 B
480 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebid.media.net/rtb/prebid?cid=8CUWWG7OK
Requested by
Host: monu.delivery
URL: https://monu.delivery/sitesplit/d3/0.4.5/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.107.148.139 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
139.148.107.34.bc.googleusercontent.com
Software
nginx /
Resource Hash

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sat, 15 Apr 2023 00:36:19 GMT
content-encoding
gzip
via
1.1 google
server
nginx
accept-ch
Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://www.cpomagazine.com
cache-control
max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
alt-svc
clear
expires
Sat, 15 Apr 2023 00:36:18 GMT
v1
hb-api.omnitagjs.com/hb-api/prebid/ 		360 B
497 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://hb-api.omnitagjs.com/hb-api/prebid/v1?RefererUrl=https%3A%2F%2Fwww.cpomagazine.com%2Fcyber-security%2Fsuspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware%2F&PageUrl=https%3A%2F%2Fwww.cpomagazine.com%2Fcyber-security%2Fsuspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware%2F&PageReferrer=https%3A%2F%2Fwww.cpomagazine.com%2Fcyber-security%2Fsuspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware%2F&CanonicalUrl=https%3A%2F%2Fwww.cpomagazine.com%2Fcyber-security%2Fsuspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware%2F
Requested by
Host: monu.delivery
URL: https://monu.delivery/sitesplit/d3/0.4.5/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
195.244.31.11 Newark, United States, ASN63140 (IGUANA-WORLDWIDE, US),
Reverse DNS
Software
ayl-lb-usa02 /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
text/plain

Response headers

date
Sat, 15 Apr 2023 00:36:18 GMT
x-content-type-options
nosniff
p3p
CP="CAO PSA OUR"
x-envoy-upstream-service-time
15
content-length
360
pragma
no-cache
server
ayl-lb-usa02
access-control-max-age
3600
access-control-allow-methods
OPTIONS, POST
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.cpomagazine.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
vary
Accept-Encoding
access-control-allow-headers
Accept-Encoding, Content-Type
expires
0
imp
g2.gumgum.com/hbid/ 		675 B
778 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://g2.gumgum.com/hbid/imp?lt=1681518978910&to=0&aun=mmt-b215f622-e4af-4875-9585-d49470e16318-ad&pubcid=f6a3602b-20d0-453b-ab39-49dbb75d7ee8&id5id=ID5*8QJMToHjLhI41MQ6utISKy5xNxzU35fuwAaI9hSx7VxEBQ6ZwsW32VhQCy_jUR7dRAagl9kWlwgB0bfFbatM1g&tdid=c3db27b5-56e8-4f77-8870-8d51c49d4722&gpid=%2F20842576%2C22558570530%2FGSU0BM%2FGSU0BM-DDS.D%23sidebar-4&pv=ae44de31-6f1b-4579-ac0e-29ae61b79816&maxw=300&maxh=600&si=222946&pi=3&bf=300x250%2C300x600&uspConsent=1---&schain=1.0%2C1!monumetric.com%2C51064762-e29f-4335-ac37-b358a1f27bc2%2C1%2C86641d7a-bdcc-442c-a15a-cc344ccc2d26%2C%2C&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fwww.cpomagazine.com%2Fcyber-security%2Fsuspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware%2F&ce=false&dpr=1&jcsi=%7B%22t%22%3A0%2C%22rq%22%3A8%2C%22pbv%22%3A%227.34.0%22%7D&ogu=https%3A%2F%2Fwww.cpomagazine.com%2Fcyber-security%2Fsuspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware%2F&ns=10240
Requested by
Host: monu.delivery
URL: https://monu.delivery/sitesplit/d3/0.4.5/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.235.206.17 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-18-235-206-17.compute-1.amazonaws.com
Software
nginx /
Resource Hash

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sat, 15 Apr 2023 00:36:18 GMT
content-encoding
gzip
server
nginx
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://www.cpomagazine.com
cache-control
private, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
timing-allow-origin
*
expires
0
imp
g2.gumgum.com/hbid/ 		675 B
778 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://g2.gumgum.com/hbid/imp?lt=1681518978910&to=0&aun=mmt-b215f622-e4af-4875-9585-d49470e16318-ad&pubcid=f6a3602b-20d0-453b-ab39-49dbb75d7ee8&id5id=ID5*8QJMToHjLhI41MQ6utISKy5xNxzU35fuwAaI9hSx7VxEBQ6ZwsW32VhQCy_jUR7dRAagl9kWlwgB0bfFbatM1g&tdid=c3db27b5-56e8-4f77-8870-8d51c49d4722&gpid=%2F20842576%2C22558570530%2FGSU0BM%2FGSU0BM-DDS.D%23sidebar-4&pv=ae44de31-6f1b-4579-ac0e-29ae61b79816&maxw=300&maxh=600&si=222947&pi=3&bf=300x250%2C300x600&uspConsent=1---&schain=1.0%2C1!monumetric.com%2C51064762-e29f-4335-ac37-b358a1f27bc2%2C1%2C86641d7a-bdcc-442c-a15a-cc344ccc2d26%2C%2C&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fwww.cpomagazine.com%2Fcyber-security%2Fsuspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware%2F&ce=false&dpr=1&jcsi=%7B%22t%22%3A0%2C%22rq%22%3A8%2C%22pbv%22%3A%227.34.0%22%7D&ogu=https%3A%2F%2Fwww.cpomagazine.com%2Fcyber-security%2Fsuspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware%2F&ns=10240
Requested by
Host: monu.delivery
URL: https://monu.delivery/sitesplit/d3/0.4.5/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.235.206.17 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-18-235-206-17.compute-1.amazonaws.com
Software
nginx /
Resource Hash

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sat, 15 Apr 2023 00:36:18 GMT
content-encoding
gzip
server
nginx
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://www.cpomagazine.com
cache-control
private, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
timing-allow-origin
*
expires
0
prebid
ads.yieldmo.com/exchange/ 		0
227 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ads.yieldmo.com/exchange/prebid?pbav=7.34.0&p=%5B%7B%22placement_id%22%3A%22mmt-b215f622-e4af-4875-9585-d49470e16318-ad%22%2C%22callback_id%22%3A%222187a4b326cebe9a%22%2C%22sizes%22%3A%5B%5B300%2C250%5D%2C%5B300%2C600%5D%5D%2C%22ym_placement_id%22%3A%222668194220820340961%22%2C%22gpid%22%3A%22%2F20842576%2C22558570530%2FGSU0BM%2FGSU0BM-DDS.D%23sidebar-4%22%2C%22tid%22%3A%22bfec9e6f-778f-4a10-aaf9-52cd249a5496%22%2C%22auctionId%22%3A%222bc09775-3577-4178-8ca5-51629f0c7497%22%7D%5D&page_url=https%3A%2F%2Fwww.cpomagazine.com%2Fcyber-security%2Fsuspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware%2F&bust=1681518978912&dnt=false&description=Suspected%20Chinese%20threat%20actors%20compromised%20an%20IRS-authorized%20online%20tax%20return%20website%20eFile.com%20using%20JavaScript%20malware%20to%20create%20backdoors%20on%20users%E2%80%99%20devices.&userConsent=%7B%22gdprApplies%22%3A%22%22%2C%22cmp%22%3A%22%22%7D&us_privacy=1---&pr=&scrd=1&title=Suspected%20Chinese%20Threat%20Actors%20Infected%20IRS%20Authorized%20Tax%20Return%20Website%20With%20JavaScript%20Malware%20-%20CPO%20Magazine&w=1600&h=1200&pubcid=f6a3602b-20d0-453b-ab39-49dbb75d7ee8&tdid=c3db27b5-56e8-4f77-8870-8d51c49d4722&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22monumetric.com%22%2C%22sid%22%3A%2251064762-e29f-4335-ac37-b358a1f27bc2%22%2C%22hp%22%3A1%2C%22rid%22%3A%2286641d7a-bdcc-442c-a15a-cc344ccc2d26%22%7D%5D%7D&eids=%5B%7B%22source%22%3A%22pubcid.org%22%2C%22uids%22%3A%5B%7B%22id%22%3A%22f6a3602b-20d0-453b-ab39-49dbb75d7ee8%22%2C%22atype%22%3A1%7D%5D%7D%2C%7B%22source%22%3A%22id5-sync.com%22%2C%22uids%22%3A%5B%7B%22id%22%3A%22ID5*8QJMToHjLhI41MQ6utISKy5xNxzU35fuwAaI9hSx7VxEBQ6ZwsW32VhQCy_jUR7dRAagl9kWlwgB0bfFbatM1g%22%2C%22atype%22%3A1%2C%22ext%22%3A%7B%22linkType%22%3A2%7D%7D%5D%7D%2C%7B%22source%22%3A%22adserver.org%22%2C%22uids%22%3A%5B%7B%22id%22%3A%22c3db27b5-56e8-4f77-8870-8d51c49d4722%22%2C%22atype%22%3A1%2C%22ext%22%3A%7B%22rtiPartner%22%3A%22TDID%22%7D%7D%5D%7D%5D
Requested by
Host: monu.delivery
URL: https://monu.delivery/sitesplit/d3/0.4.5/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.214.100.121 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-214-100-121.compute-1.amazonaws.com
Software
/
Resource Hash

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://www.cpomagazine.com
pragma
no-cache
date
Sat, 15 Apr 2023 00:36:19 GMT
access-control-allow-credentials
true
x-robots-tag
none,NOINDEX,NOFOLLOW
access-control-allow-methods
POST, GET, OPTIONS
access-control-request-headers
Cache-Control, Pragma
v2
e.serverbid.com/api/ 		16 B
202 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://e.serverbid.com/api/v2
Requested by
Host: monu.delivery
URL: https://monu.delivery/sitesplit/d3/0.4.5/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
159.89.246.130 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
text/plain

Response headers

date
Sat, 15 Apr 2023 00:36:18 GMT
content-encoding
gzip
access-control-max-age
10080
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/json
access-control-allow-origin
https://www.cpomagazine.com
access-control-allow-credentials
true
access-control-allow-headers
origin, content-type, accept
content-length
42
bidRequest
c2shb.pubgw.yahoo.com/ 		66 B
117 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c2shb.pubgw.yahoo.com/bidRequest
Requested by
Host: monu.delivery
URL: https://monu.delivery/sitesplit/d3/0.4.5/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.236.83.94 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-236-83-94.compute-1.amazonaws.com
Software
ATS/9.1.10.25 /
Resource Hash

Request headers

Referer
x-openrtb-version
2.5
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
application/json

Response headers

date
Sat, 15 Apr 2023 00:36:19 GMT
content-encoding
gzip
server
ATS/9.1.10.25
age
1
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Accept-Encoding, User-Agent
access-control-allow-methods
POST,GET,HEAD,OPTIONS
content-type
application/json;charset=utf-8
access-control-allow-origin
https://www.cpomagazine.com
access-control-allow-credentials
true
content-length
84
bidRequest
c2shb.pubgw.yahoo.com/ 		66 B
119 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c2shb.pubgw.yahoo.com/bidRequest
Requested by
Host: monu.delivery
URL: https://monu.delivery/sitesplit/d3/0.4.5/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.236.83.94 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-236-83-94.compute-1.amazonaws.com
Software
ATS/9.1.10.25 /
Resource Hash

Request headers

Referer
x-openrtb-version
2.5
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
application/json

Response headers

date
Sat, 15 Apr 2023 00:36:19 GMT
content-encoding
gzip
server
ATS/9.1.10.25
age
1
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Accept-Encoding, User-Agent
access-control-allow-methods
POST,GET,HEAD,OPTIONS
content-type
application/json;charset=utf-8
access-control-allow-origin
https://www.cpomagazine.com
access-control-allow-credentials
true
content-length
83
bid
ap.lijit.com/rtb/ 		95 B
631 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ap.lijit.com/rtb/bid?src=prebid_prebid_7.34.0
Requested by
Host: monu.delivery
URL: https://monu.delivery/sitesplit/d3/0.4.5/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.92.190.68 Charlotte, United States, ASN10913 (INTERNAP-BLK, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
text/plain

Response headers

Date
Sat, 15 Apr 2023 00:36:18 GMT
Content-Encoding
gzip
Vary
Accept-Encoding, User-Agent
Access-Control-Allow-Methods
GET, POST, DELETE, PUT
Content-Type
application/json
Access-Control-Allow-Origin
https://www.cpomagazine.com
Access-Control-Allow-Credentials
true
X-Sovrn-Pod
ad_ap2ewr1
Access-Control-Allow-Headers
X-Requested-With, Content-Type
Content-Length
100
trinity.json
apex.go.sonobi.com/ 		410 B
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://apex.go.sonobi.com/trinity.json?key_maker=%7B%22229eba4ed447b534%22%3A%22dcc4cd9596e80d497120%7C300x250%2C300x600%7Cgpid%3D%2F20842576%2C22558570530%2FGSU0BM%2FGSU0BM-DDS.D%23sidebar-4%2Cc%3Dd%2C%22%2C%222306aa7adb1d0fcb%22%3A%22d23fc2fbe929165f22f9%7C300x250%2C300x600%7Cgpid%3D%2F20842576%2C22558570530%2FGSU0BM%2FGSU0BM-DDS.D%23sidebar-4%2Cc%3Dd%2C%22%7D&ref=https%3A%2F%2Fwww.cpomagazine.com%2Fcyber-security%2Fsuspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware%2F&s=1e6c62ca-dc9a-4b48-a29b-5498ae14706a&pv=a8d57ca9-d890-4c53-9b91-7829f485246f&vp=desktop&lib_name=prebid&lib_v=7.34.0&us=5&fpd=%7B%22regs%22%3A%7B%22ext%22%3A%7B%22us_privacy%22%3A%221---%22%7D%7D%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fwww.cpomagazine.com%2Fcyber-security%2Fsuspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware%2F%22%2C%22domain%22%3A%22cpomagazine.com%22%2C%22publisher%22%3A%7B%22domain%22%3A%22cpomagazine.com%22%7D%7D%2C%22device%22%3A%7B%22w%22%3A1600%2C%22h%22%3A1200%2C%22dnt%22%3A0%2C%22ua%22%3A%22Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F112.0.5615.49%20Safari%2F537.36%22%2C%22language%22%3A%22en%22%2C%22sua%22%3A%7B%22source%22%3A2%2C%22browsers%22%3A%5B%5D%2C%22mobile%22%3A0%2C%22model%22%3A%22%22%2C%22bitness%22%3A%22%22%2C%22architecture%22%3A%22%22%7D%7D%7D&ius=0&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22monumetric.com%22%2C%22sid%22%3A%2251064762-e29f-4335-ac37-b358a1f27bc2%22%2C%22hp%22%3A1%2C%22rid%22%3A%22ed882903-b976-4f31-bb19-eed83542a728%22%7D%5D%7D&userid=%7B%22pubcid%22%3A%22f6a3602b-20d0-453b-ab39-49dbb75d7ee8%22%2C%22id5id%22%3A%22ID5*8QJMToHjLhI41MQ6utISKy5xNxzU35fuwAaI9hSx7VxEBQ6ZwsW32VhQCy_jUR7dRAagl9kWlwgB0bfFbatM1g%22%2C%22tdid%22%3A%22c3db27b5-56e8-4f77-8870-8d51c49d4722%22%7D&eids=%5B%7B%22source%22%3A%22pubcid.org%22%2C%22uids%22%3A%5B%7B%22id%22%3A%22f6a3602b-20d0-453b-ab39-49dbb75d7ee8%22%2C%22atype%22%3A1%7D%5D%7D%2C%7B%22source%22%3A%22id5-sync.com%22%2C%22uids%22%3A%5B%7B%22id%22%3A%22ID5*8QJMToHjLhI41MQ6utISKy5xNxzU35fuwAaI9hSx7VxEBQ6ZwsW32VhQCy_jUR7dRAagl9kWlwgB0bfFbatM1g%22%2C%22atype%22%3A1%2C%22ext%22%3A%7B%22linkType%22%3A2%7D%7D%5D%7D%2C%7B%22source%22%3A%22adserver.org%22%2C%22uids%22%3A%5B%7B%22id%22%3A%22c3db27b5-56e8-4f77-8870-8d51c49d4722%22%2C%22atype%22%3A1%2C%22ext%22%3A%7B%22rtiPartner%22%3A%22TDID%22%7D%7D%5D%7D%5D&us_privacy=1---&coppa=0
Requested by
Host: monu.delivery
URL: https://monu.delivery/sitesplit/d3/0.4.5/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
69.166.1.14 , United States, ASN27630 (AS-XFERNET, US),
Reverse DNS
Software
sonobi-go /
Resource Hash
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Sat, 15 Apr 2023 00:36:19 GMT
Content-Encoding
gzip
Server
sonobi-go
Vary
negotiate,Accept-Encoding
X-Go-Server
go-iad-2-5-33
Content-Type
application/json
P3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin
https://www.cpomagazine.com
Cache-Control
no-cache, no-store, private
Access-Control-Allow-Credentials
true
Tcn
Choice
Content-Length
336
X-Xss-Protection
0
Expires
Sat, 26 Jul 1997 05:00:00 GMT
v1
btlr.sharethrough.com/universal/ 		545 B
883 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by
Host: monu.delivery
URL: https://monu.delivery/sitesplit/d3/0.4.5/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
52.55.204.172 -, , ASN (),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
text/plain

Response headers

date
Sat, 15 Apr 2023 00:36:18 GMT
content-encoding
gzip
x-openrtb-version
2.5
vary
Origin
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.cpomagazine.com
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-length
363
v1
btlr.sharethrough.com/universal/ 		624 B
931 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by
Host: monu.delivery
URL: https://monu.delivery/sitesplit/d3/0.4.5/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
52.55.204.172 -, , ASN (),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
text/plain

Response headers

date
Sat, 15 Apr 2023 00:36:18 GMT
content-encoding
gzip
x-openrtb-version
2.5
vary
Origin
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.cpomagazine.com
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-length
411
pbjs
htlb.casalemedia.com/openrtb/ 		38 B
509 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://htlb.casalemedia.com/openrtb/pbjs?s=201337
Requested by
Host: monu.delivery
URL: https://monu.delivery/sitesplit/d3/0.4.5/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.24.185 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sat, 15 Apr 2023 00:36:18 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0Ta%2FjwbQPnN1dg593YqHT1pzOFzQkb%2BTEMJ65dBDrqGhO5ys6BcmhhbKq8EadKl0FScyMY%2Bm9BlqaI3RJQBPRFz3p9ItluxNTD76NHfYtnVIEXQi6dmJt%2BeuPaJVOzcCVxk5qx27"}],"group":"cf-nel","max_age":604800}
content-type
application/json
access-control-allow-origin
https://www.cpomagazine.com
cache-control
no-cache
access-control-allow-credentials
true
cf-ray
7b801d125dab112c-ORD
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
38
expires
0
c
prebid.a-mo.net/a/ 		245 B
339 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebid.a-mo.net/a/c
Requested by
Host: monu.delivery
URL: https://monu.delivery/sitesplit/d3/0.4.5/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
145.40.88.5 Secaucus, United States, ASN54825 (PACKET, US),
Reverse DNS
Software
envoy /
Resource Hash

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
text/plain

Response headers

date
Sat, 15 Apr 2023 00:36:18 GMT
content-encoding
gzip
server
envoy
vary
origin, Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.cpomagazine.com
cache-control
max-age=0, private, must-revalidate
access-control-allow-credentials
true
x-envoy-upstream-service-time
6
fastlane.json
fastlane.rubiconproject.com/a/api/ 		519 B
577 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=23852&site_id=389792&zone_id=2276222&size_id=15&alt_size_ids=10&us_privacy=1---&rp_schain=1.0,1!monumetric.com,51064762-e29f-4335-ac37-b358a1f27bc2,1,ed882903-b976-4f31-bb19-eed83542a728,,&eid_pubcid.org=f6a3602b-20d0-453b-ab39-49dbb75d7ee8%5E1&eid_id5-sync.com=ID5*8QJMToHjLhI41MQ6utISKy5xNxzU35fuwAaI9hSx7VxEBQ6ZwsW32VhQCy_jUR7dRAagl9kWlwgB0bfFbatM1g%5E1%5E2&tpid_tdid=c3db27b5-56e8-4f77-8870-8d51c49d4722&eid_adserver.org=c3db27b5-56e8-4f77-8870-8d51c49d4722&rf=https%3A%2F%2Fwww.cpomagazine.com%2Fcyber-security%2Fsuspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware%2F&tg_i.page=https%3A%2F%2Fwww.cpomagazine.com%2Fcyber-security%2Fsuspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware%2F&tg_i.domain=cpomagazine.com&tg_i.pbadslot=%2F20842576%2C22558570530%2FGSU0BM%2FGSU0BM-DDS.D%23sidebar-4&tk_flint=pbjs_lite_v7.34.0&x_source.tid=bfec9e6f-778f-4a10-aaf9-52cd249a5496&l_pb_bid_id=2403b226e7a690b6&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&p_gpid=%2F20842576%2C22558570530%2FGSU0BM%2FGSU0BM-DDS.D%23sidebar-4&slots=1&rand=0.7386433603639488
Requested by
Host: monu.delivery
URL: https://monu.delivery/sitesplit/d3/0.4.5/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2602:803:c002:200::115 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.21.4 /
Resource Hash

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sat, 15 Apr 2023 00:36:19 GMT
server
nginx/1.21.4
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
https://www.cpomagazine.com
p3p
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
content-length
519
expires
Wed, 17 Sep 1975 21:32:10 GMT
integrator.js
adservice.google.com/adsid/ 		107 B
122 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=www.cpomagazine.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304130101/pubads_impl.js?cb=31073843
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4020:806::2002 Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Sat, 15 Apr 2023 00:36:18 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
content-type
application/javascript; charset=UTF-8
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
100
x-xss-protection
0
ads
securepubads.g.doubleclick.net/gampad/ 		53 KB
20 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?pvsid=4164485387214954&correlator=751581323727515&eid=31072020%2C31073828%2C31073843%2C676982961%2C31061691%2C31061692&output=ldjh&gdfp_req=1&vrg=202304130101&ptt=17&impl=fif&gdpr=0&us_privacy=1---&iu_parts=20842576%3A22558570530%2CGSU0BM%2CGSU0BM-DDS.B&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=300x250%7C300x600&ifi=7&adks=3959924890&sfv=1-0-40&prev_scp=pos%3D2%26monu%3D300x250-300x600_A2%26amznbid%3Dtjjmkg%26amznp%3D1v2ipkw%26amzniid%3DJKIykIEje8eAmq_aHlwLTxMAAAGHgldl2gEAAAJYAQBhcHNfdHhuX2JpZDEgICBhcHNfdHhuX2ltcDEgICAMJ6PK%26amznsz%3D300x600%26bidder_responseTime%3Dyahoossp_300%26auction_id%3D590324ca-c2c2-440e-88e0-f5433b4ec0ba%26monu_df%3D0.01%26safeframe%3Dfalse%26bid_source%3Dclient%26hb_size%3D300x600%26hb_adid%3D90f0a00bb3f351%26hb_bidder%3Dyahoossp%26target_adx_floor%3D0.00%26refresh_count%3D0%26tabVisibilityState%3Dvisible%26max_bid%3Dtam%26context%3D0__chrome&eri=1&cust_params=page_num%3Dundefined%26big4%3Dtrue%26referrer%3Ddirect%26infolinks%3Dtrue%26hem_included%3Dfalse%26tcf_gdprApplies%3Dfalse%26tcfBehavior%3DnotApplicable&sc=1&cookie=ID%3Ddbb218a7b09e9ffc%3AT%3D1681518969%3AS%3DALNI_MZ_54gw5Po37YGUasJzBAJR9z_tRQ&gpic=UID%3D00000be2ab1fca0e%3AT%3D1681518969%3ART%3D1681518969%3AS%3DALNI_MaDsYPmWyU5yV_OwRsNx6yGEDPQ8g&abxe=1&dt=1681518978955&lmt=1681509637&dlt=1681518966562&idt=2549&adxs=1050&adys=627&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=4&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fwww.cpomagazine.com%2Fcyber-security%2Fsuspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware%2F&rumc=4164485387214954&rume=1&frm=20&vis=1&psz=310x600&msz=300x0&fws=0&ohw=0&psts=AHQMDFetgnz5xssIcXevtINAuxsYIgg2uF-5qbKgHuxZegwZh7MvO-PtuiTEnN9v5aaK9j8Hq9Z_4KzZASbfpiOvWrb0yQ&ga_vid=557382840.1681518967&ga_sid=1681518969&ga_hid=882669968&ga_fc=true
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304130101/pubads_impl.js?cb=31073843
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4020:805::2002 Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Sat, 15 Apr 2023 00:36:19 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
20890
x-xss-protection
0
google-lineitem-id
6249261992
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
138425997609
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://www.cpomagazine.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
bidRequest
c2shb.pubgw.yahoo.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://c2shb.pubgw.yahoo.com/bidRequest
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.236.83.94 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-236-83-94.compute-1.amazonaws.com
Software
ATS/9.1.10.25 /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-openrtb-version
Access-Control-Request-Method
POST
Origin
https://www.cpomagazine.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
X-Requested-With,Content-Type,X-Openrtb-Version
access-control-allow-methods
GET,POST,OPTIONS
access-control-allow-origin
https://www.cpomagazine.com
access-control-max-age
600
age
0
content-length
0
date
Sat, 15 Apr 2023 00:36:18 GMT
server
ATS/9.1.10.25
bidRequest
c2shb.pubgw.yahoo.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://c2shb.pubgw.yahoo.com/bidRequest
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.236.83.94 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-236-83-94.compute-1.amazonaws.com
Software
ATS/9.1.10.25 /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-openrtb-version
Access-Control-Request-Method
POST
Origin
https://www.cpomagazine.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
X-Requested-With,Content-Type,X-Openrtb-Version
access-control-allow-methods
GET,POST,OPTIONS
access-control-allow-origin
https://www.cpomagazine.com
access-control-max-age
600
age
0
content-length
0
date
Sat, 15 Apr 2023 00:36:18 GMT
server
ATS/9.1.10.25
bidRequest
c2shb.pubgw.yahoo.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://c2shb.pubgw.yahoo.com/bidRequest
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.236.83.94 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-236-83-94.compute-1.amazonaws.com
Software
ATS/9.1.10.25 /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-openrtb-version
Access-Control-Request-Method
POST
Origin
https://www.cpomagazine.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
X-Requested-With,Content-Type,X-Openrtb-Version
access-control-allow-methods
GET,POST,OPTIONS
access-control-allow-origin
https://www.cpomagazine.com
access-control-max-age
600
age
0
content-length
0
date
Sat, 15 Apr 2023 00:36:18 GMT
server
ATS/9.1.10.25
bidRequest
c2shb.pubgw.yahoo.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://c2shb.pubgw.yahoo.com/bidRequest
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.236.83.94 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-236-83-94.compute-1.amazonaws.com
Software
ATS/9.1.10.25 /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-openrtb-version
Access-Control-Request-Method
POST
Origin
https://www.cpomagazine.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
X-Requested-With,Content-Type,X-Openrtb-Version
access-control-allow-methods
GET,POST,OPTIONS
access-control-allow-origin
https://www.cpomagazine.com
access-control-max-age
600
age
0
content-length
0
date
Sat, 15 Apr 2023 00:36:18 GMT
server
ATS/9.1.10.25
view
securepubads.g.doubleclick.net/pcs/ Frame EFF2 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuDbgmqv5uEE_ZHr7uVjP5Ed79faRGWgvBdZbK6ZJG1BYuocwnDPu6fSDCqujZ0QFYC7tGKCk26xWXg-mdehHM-E-pGZK-sM8npAX0awqhrzJGikTlFJOHaIksC959nJHzVdUUBt5MekFxeio9qXeKVwJOraACaOfaq8_8Dn0CaS7o_eTKtL2pVmlehtbQxYsUJ6s2gtFlRJ5iMGz2Y6uTW6JuxI7tMo9caFyG6uevCkBj_3SzNOkrLa-dXTQ8u31cuzQa0wu2yxUwoSTmU1t_H-fWyiQPl9DDchpOnMOXbSqaDc69XNqNQCOQ82Zq4BYrDnF3ZtqjmDd4&sai=AMfl-YRtuEymyaSqTvHMpdczZMmZEJECy0LznC5GoUPbxil1vDLqCJkzpDdHc4zAdh_YNZfUPIGgxNtAFxjOF5O7MzFABteruCjeS8SRbacd6oCbX8uoxmLvz_oSVDV2Gmo&sig=Cg0ArKJSzC_uQa7eQYbUEAE&uach_m=[UACH]&adurl=
Requested by
Host: www.cpomagazine.com
URL: https://www.cpomagazine.com/cyber-security/suspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4020:805::2002 Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Sat, 15 Apr 2023 00:36:19 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
abg_lite_fy2021.js
tpc.googlesyndication.com/pagead/js/r20230412/r20110914/ Frame EFF2 		22 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20230412/r20110914/abg_lite_fy2021.js
Requested by
Host: www.cpomagazine.com
URL: https://www.cpomagazine.com/cyber-security/suspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4020:807::2001 Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Sat, 15 Apr 2023 00:36:19 GMT
content-encoding
br
x-content-type-options
nosniff
age
0
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
8756
x-xss-protection
0
server
cafe
etag
5179999606349116156
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Sat, 29 Apr 2023 00:36:19 GMT
window_focus_fy2021.js
tpc.googlesyndication.com/pagead/js/r20230412/r20110914/client/ Frame EFF2 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20230412/r20110914/client/window_focus_fy2021.js
Requested by
Host: www.cpomagazine.com
URL: https://www.cpomagazine.com/cyber-security/suspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4020:807::2001 Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Fri, 14 Apr 2023 19:24:36 GMT
content-encoding
br
x-content-type-options
nosniff
age
18703
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1236
x-xss-protection
0
server
cafe
etag
15004572836499977866
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Fri, 28 Apr 2023 19:24:36 GMT
l
www.google.com/ads/measurement/ Frame EFF2 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/measurement/l?ebcid=ALh7CaRxSgBuD0E2l7QmGyXMOPmKUzR9ub49w5ABec6iirJNpfrV71hsRTuJiuYzfDJWwP3PCm3djTuN5FLRGvGkdfo1mey7jQ
Requested by
Host: www.cpomagazine.com
URL: https://www.cpomagazine.com/cyber-security/suspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81c::2004 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame EFF2 		159 KB
49 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: www.cpomagazine.com
URL: https://www.cpomagazine.com/cyber-security/suspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:81e::2002 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Sat, 15 Apr 2023 00:36:19 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
49801
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1681299295334834"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 15 Apr 2023 00:36:19 GMT
2997354391691522333
tpc.googlesyndication.com/simgad/ Frame EFF2 		98 KB
98 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/simgad/2997354391691522333
Requested by
Host: www.cpomagazine.com
URL: https://www.cpomagazine.com/cyber-security/suspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4020:807::2001 Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Fri, 14 Apr 2023 10:10:49 GMT
x-content-type-options
nosniff
age
51930
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
100228
x-xss-protection
0
last-modified
Fri, 26 Aug 2022 22:30:50 GMT
server
sffe
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Sat, 13 Apr 2024 10:10:49 GMT
bidRequest
c2shb.pubgw.yahoo.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://c2shb.pubgw.yahoo.com/bidRequest
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.236.83.94 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-236-83-94.compute-1.amazonaws.com
Software
ATS/9.1.10.25 /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-openrtb-version
Access-Control-Request-Method
POST
Origin
https://www.cpomagazine.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
X-Requested-With,Content-Type,X-Openrtb-Version
access-control-allow-methods
GET,POST,OPTIONS
access-control-allow-origin
https://www.cpomagazine.com
access-control-max-age
600
age
0
content-length
0
date
Sat, 15 Apr 2023 00:36:19 GMT
server
ATS/9.1.10.25
bidRequest
c2shb.pubgw.yahoo.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://c2shb.pubgw.yahoo.com/bidRequest
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.236.83.94 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-236-83-94.compute-1.amazonaws.com
Software
ATS/9.1.10.25 /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-openrtb-version
Access-Control-Request-Method
POST
Origin
https://www.cpomagazine.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
X-Requested-With,Content-Type,X-Openrtb-Version
access-control-allow-methods
GET,POST,OPTIONS
access-control-allow-origin
https://www.cpomagazine.com
access-control-max-age
600
age
0
content-length
0
date
Sat, 15 Apr 2023 00:36:19 GMT
server
ATS/9.1.10.25
637e6546decb82d45236f0f8
prebid.cootlogix.com/prebid/multi/ 		0
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebid.cootlogix.com/prebid/multi/637e6546decb82d45236f0f8
Requested by
Host: monu.delivery
URL: https://monu.delivery/sitesplit/d3/0.4.5/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
45.77.203.141 Piscataway, United States, ASN20473 (AS-CHOOPA, US),
Reverse DNS
45.77.203.141.vultrusercontent.com
Software
/
Resource Hash

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://www.cpomagazine.com
date
Sat, 15 Apr 2023 00:36:19 GMT
cache-control
max-age=0, no-cache, must-revalidate, proxy-revalidate
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, Content-Range, Cache-Control
content-length
0
prebid
ib.adnxs.com/ut/v3/ 		19 B
982 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: monu.delivery
URL: https://monu.delivery/sitesplit/d3/0.4.5/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
68.67.179.153 North Bergen, United States, ASN29990 (ASN-APPNEX, US),
Reverse DNS
570.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Sat, 15 Apr 2023 00:36:19 GMT
AN-X-Request-Uuid
90761267-6cdf-4a00-883c-9f97c68c23ca
Server
nginx/1.21.3
Accept-CH
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type
application/json; charset=utf-8
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
https://www.cpomagazine.com
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
X-Proxy-Origin
167.88.7.162; 167.88.7.162; 570.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
Content-Length
19
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
trinity.json
apex.go.sonobi.com/ 		410 B
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://apex.go.sonobi.com/trinity.json?key_maker=%7B%22246519b7ebcac421%22%3A%22dcc4cd9596e80d497120%7C300x250%2C300x600%7Cgpid%3D%2F20842576%2C22558570530%2FGSU0BM%2FGSU0BM-DDS.E%23sidebar-5%2Cc%3Dd%2C%22%2C%22247f62296aae3157%22%3A%22d23fc2fbe929165f22f9%7C300x250%2C300x600%7Cgpid%3D%2F20842576%2C22558570530%2FGSU0BM%2FGSU0BM-DDS.E%23sidebar-5%2Cc%3Dd%2C%22%7D&ref=https%3A%2F%2Fwww.cpomagazine.com%2Fcyber-security%2Fsuspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware%2F&s=6f3c7156-ad0e-415e-80bb-ddf7a9ed5624&pv=a8d57ca9-d890-4c53-9b91-7829f485246f&vp=desktop&lib_name=prebid&lib_v=7.34.0&us=5&fpd=%7B%22regs%22%3A%7B%22ext%22%3A%7B%22us_privacy%22%3A%221---%22%7D%7D%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fwww.cpomagazine.com%2Fcyber-security%2Fsuspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware%2F%22%2C%22domain%22%3A%22cpomagazine.com%22%2C%22publisher%22%3A%7B%22domain%22%3A%22cpomagazine.com%22%7D%7D%2C%22device%22%3A%7B%22w%22%3A1600%2C%22h%22%3A1200%2C%22dnt%22%3A0%2C%22ua%22%3A%22Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F112.0.5615.49%20Safari%2F537.36%22%2C%22language%22%3A%22en%22%2C%22sua%22%3A%7B%22source%22%3A2%2C%22browsers%22%3A%5B%5D%2C%22mobile%22%3A0%2C%22model%22%3A%22%22%2C%22bitness%22%3A%22%22%2C%22architecture%22%3A%22%22%7D%7D%7D&ius=0&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22monumetric.com%22%2C%22sid%22%3A%2251064762-e29f-4335-ac37-b358a1f27bc2%22%2C%22hp%22%3A1%2C%22rid%22%3A%22ed882903-b976-4f31-bb19-eed83542a728%22%7D%5D%7D&userid=%7B%22pubcid%22%3A%22f6a3602b-20d0-453b-ab39-49dbb75d7ee8%22%2C%22id5id%22%3A%22ID5*8QJMToHjLhI41MQ6utISKy5xNxzU35fuwAaI9hSx7VxEBQ6ZwsW32VhQCy_jUR7dRAagl9kWlwgB0bfFbatM1g%22%2C%22tdid%22%3A%22c3db27b5-56e8-4f77-8870-8d51c49d4722%22%7D&eids=%5B%7B%22source%22%3A%22pubcid.org%22%2C%22uids%22%3A%5B%7B%22id%22%3A%22f6a3602b-20d0-453b-ab39-49dbb75d7ee8%22%2C%22atype%22%3A1%7D%5D%7D%2C%7B%22source%22%3A%22id5-sync.com%22%2C%22uids%22%3A%5B%7B%22id%22%3A%22ID5*8QJMToHjLhI41MQ6utISKy5xNxzU35fuwAaI9hSx7VxEBQ6ZwsW32VhQCy_jUR7dRAagl9kWlwgB0bfFbatM1g%22%2C%22atype%22%3A1%2C%22ext%22%3A%7B%22linkType%22%3A2%7D%7D%5D%7D%2C%7B%22source%22%3A%22adserver.org%22%2C%22uids%22%3A%5B%7B%22id%22%3A%22c3db27b5-56e8-4f77-8870-8d51c49d4722%22%2C%22atype%22%3A1%2C%22ext%22%3A%7B%22rtiPartner%22%3A%22TDID%22%7D%7D%5D%7D%5D&us_privacy=1---&coppa=0
Requested by
Host: monu.delivery
URL: https://monu.delivery/sitesplit/d3/0.4.5/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
69.166.1.14 , United States, ASN27630 (AS-XFERNET, US),
Reverse DNS
Software
sonobi-go /
Resource Hash
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Sat, 15 Apr 2023 00:36:19 GMT
Content-Encoding
gzip
Server
sonobi-go
Vary
negotiate,Accept-Encoding
X-Go-Server
go-iad-2-5-33
Content-Type
application/json
P3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin
https://www.cpomagazine.com
Cache-Control
no-cache, no-store, private
Access-Control-Allow-Credentials
true
Tcn
Choice
Content-Length
336
X-Xss-Protection
0
Expires
Sat, 26 Jul 1997 05:00:00 GMT
translator
hbopenbid.pubmatic.com/ 		0
63 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by
Host: monu.delivery
URL: https://monu.delivery/sitesplit/d3/0.4.5/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.36.115.111 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://www.cpomagazine.com
date
Sat, 15 Apr 2023 00:36:19 GMT
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
imp
g2.gumgum.com/hbid/ 		675 B
778 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://g2.gumgum.com/hbid/imp?lt=1681518979068&to=0&aun=mmt-d0536803-0534-4a8b-b6c5-c2b163d909f8-ad&pubcid=f6a3602b-20d0-453b-ab39-49dbb75d7ee8&id5id=ID5*8QJMToHjLhI41MQ6utISKy5xNxzU35fuwAaI9hSx7VxEBQ6ZwsW32VhQCy_jUR7dRAagl9kWlwgB0bfFbatM1g&tdid=c3db27b5-56e8-4f77-8870-8d51c49d4722&gpid=%2F20842576%2C22558570530%2FGSU0BM%2FGSU0BM-DDS.E%23sidebar-5&pv=ae44de31-6f1b-4579-ac0e-29ae61b79816&maxw=300&maxh=600&si=222946&pi=3&bf=300x250%2C300x600&uspConsent=1---&schain=1.0%2C1!monumetric.com%2C51064762-e29f-4335-ac37-b358a1f27bc2%2C1%2Ced882903-b976-4f31-bb19-eed83542a728%2C%2C&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fwww.cpomagazine.com%2Fcyber-security%2Fsuspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware%2F&ce=false&dpr=1&jcsi=%7B%22t%22%3A0%2C%22rq%22%3A8%2C%22pbv%22%3A%227.34.0%22%7D&ogu=https%3A%2F%2Fwww.cpomagazine.com%2Fcyber-security%2Fsuspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware%2F&ns=10240
Requested by
Host: monu.delivery
URL: https://monu.delivery/sitesplit/d3/0.4.5/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.235.206.17 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-18-235-206-17.compute-1.amazonaws.com
Software
nginx /
Resource Hash

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sat, 15 Apr 2023 00:36:19 GMT
content-encoding
gzip
server
nginx
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://www.cpomagazine.com
cache-control
private, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
timing-allow-origin
*
expires
0
imp
g2.gumgum.com/hbid/ 		675 B
778 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://g2.gumgum.com/hbid/imp?lt=1681518979068&to=0&aun=mmt-d0536803-0534-4a8b-b6c5-c2b163d909f8-ad&pubcid=f6a3602b-20d0-453b-ab39-49dbb75d7ee8&id5id=ID5*8QJMToHjLhI41MQ6utISKy5xNxzU35fuwAaI9hSx7VxEBQ6ZwsW32VhQCy_jUR7dRAagl9kWlwgB0bfFbatM1g&tdid=c3db27b5-56e8-4f77-8870-8d51c49d4722&gpid=%2F20842576%2C22558570530%2FGSU0BM%2FGSU0BM-DDS.E%23sidebar-5&pv=ae44de31-6f1b-4579-ac0e-29ae61b79816&maxw=300&maxh=600&si=222947&pi=3&bf=300x250%2C300x600&uspConsent=1---&schain=1.0%2C1!monumetric.com%2C51064762-e29f-4335-ac37-b358a1f27bc2%2C1%2Ced882903-b976-4f31-bb19-eed83542a728%2C%2C&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fwww.cpomagazine.com%2Fcyber-security%2Fsuspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware%2F&ce=false&dpr=1&jcsi=%7B%22t%22%3A0%2C%22rq%22%3A8%2C%22pbv%22%3A%227.34.0%22%7D&ogu=https%3A%2F%2Fwww.cpomagazine.com%2Fcyber-security%2Fsuspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware%2F&ns=10240
Requested by
Host: monu.delivery
URL: https://monu.delivery/sitesplit/d3/0.4.5/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.235.206.17 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-18-235-206-17.compute-1.amazonaws.com
Software
nginx /
Resource Hash

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sat, 15 Apr 2023 00:36:19 GMT
content-encoding
gzip
server
nginx
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://www.cpomagazine.com
cache-control
private, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
timing-allow-origin
*
expires
0
prebid
prebid.media.net/rtb/ 		651 B
503 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebid.media.net/rtb/prebid?cid=8CUWWG7OK
Requested by
Host: monu.delivery
URL: https://monu.delivery/sitesplit/d3/0.4.5/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.107.148.139 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
139.148.107.34.bc.googleusercontent.com
Software
nginx /
Resource Hash

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sat, 15 Apr 2023 00:36:19 GMT
content-encoding
gzip
via
1.1 google
server
nginx
accept-ch
Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://www.cpomagazine.com
cache-control
max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
alt-svc
clear
expires
Sat, 15 Apr 2023 00:36:19 GMT
bidRequest
c2shb.pubgw.yahoo.com/ 		66 B
118 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c2shb.pubgw.yahoo.com/bidRequest
Requested by
Host: monu.delivery
URL: https://monu.delivery/sitesplit/d3/0.4.5/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.236.83.94 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-236-83-94.compute-1.amazonaws.com
Software
ATS/9.1.10.25 /
Resource Hash

Request headers

Referer
x-openrtb-version
2.5
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
application/json

Response headers

date
Sat, 15 Apr 2023 00:36:19 GMT
content-encoding
gzip
server
ATS/9.1.10.25
age
0
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Accept-Encoding, User-Agent
access-control-allow-methods
POST,GET,HEAD,OPTIONS
content-type
application/json;charset=utf-8
access-control-allow-origin
https://www.cpomagazine.com
access-control-allow-credentials
true
content-length
82
bidRequest
c2shb.pubgw.yahoo.com/ 		66 B
117 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c2shb.pubgw.yahoo.com/bidRequest
Requested by
Host: monu.delivery
URL: https://monu.delivery/sitesplit/d3/0.4.5/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.236.83.94 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-236-83-94.compute-1.amazonaws.com
Software
ATS/9.1.10.25 /
Resource Hash

Request headers

Referer
x-openrtb-version
2.5
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
application/json

Response headers

date
Sat, 15 Apr 2023 00:36:19 GMT
content-encoding
gzip
server
ATS/9.1.10.25
age
0
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Accept-Encoding, User-Agent
access-control-allow-methods
POST,GET,HEAD,OPTIONS
content-type
application/json;charset=utf-8
access-control-allow-origin
https://www.cpomagazine.com
access-control-allow-credentials
true
content-length
84
v1
hb-api.omnitagjs.com/hb-api/prebid/ 		360 B
497 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://hb-api.omnitagjs.com/hb-api/prebid/v1?RefererUrl=https%3A%2F%2Fwww.cpomagazine.com%2Fcyber-security%2Fsuspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware%2F&PageUrl=https%3A%2F%2Fwww.cpomagazine.com%2Fcyber-security%2Fsuspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware%2F&PageReferrer=https%3A%2F%2Fwww.cpomagazine.com%2Fcyber-security%2Fsuspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware%2F&CanonicalUrl=https%3A%2F%2Fwww.cpomagazine.com%2Fcyber-security%2Fsuspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware%2F
Requested by
Host: monu.delivery
URL: https://monu.delivery/sitesplit/d3/0.4.5/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
195.244.31.11 Newark, United States, ASN63140 (IGUANA-WORLDWIDE, US),
Reverse DNS
Software
ayl-lb-usa02 /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
text/plain

Response headers

date
Sat, 15 Apr 2023 00:36:18 GMT
x-content-type-options
nosniff
p3p
CP="CAO PSA OUR"
x-envoy-upstream-service-time
11
content-length
360
pragma
no-cache
server
ayl-lb-usa02
access-control-max-age
3600
access-control-allow-methods
OPTIONS, POST
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.cpomagazine.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
vary
Accept-Encoding
access-control-allow-headers
Accept-Encoding, Content-Type
expires
0
pbjs
htlb.casalemedia.com/openrtb/ 		38 B
506 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://htlb.casalemedia.com/openrtb/pbjs?s=201337
Requested by
Host: monu.delivery
URL: https://monu.delivery/sitesplit/d3/0.4.5/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.24.185 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sat, 15 Apr 2023 00:36:19 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0E24go2erFut9PZzUOyDw0ezfMvKSCcPJS7uZYf889Wpc5QnxMpKQ3h10HpzVBmlcfSgyOH1Qdrt0%2FxzjXIe%2FpF6vDUgItPz2wHiqI8iHJIxeNqOqbRxIRtbiFkVMyKOMGHqeRHY"}],"group":"cf-nel","max_age":604800}
content-type
application/json
access-control-allow-origin
https://www.cpomagazine.com
cache-control
no-cache
access-control-allow-credentials
true
cf-ray
7b801d134ef8112c-ORD
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
38
expires
0
bid
ap.lijit.com/rtb/ 		95 B
631 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ap.lijit.com/rtb/bid?src=prebid_prebid_7.34.0
Requested by
Host: monu.delivery
URL: https://monu.delivery/sitesplit/d3/0.4.5/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.92.190.68 Charlotte, United States, ASN10913 (INTERNAP-BLK, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
text/plain

Response headers

Date
Sat, 15 Apr 2023 00:36:19 GMT
Content-Encoding
gzip
Vary
Accept-Encoding, User-Agent
Access-Control-Allow-Methods
GET, POST, DELETE, PUT
Content-Type
application/json
Access-Control-Allow-Origin
https://www.cpomagazine.com
Access-Control-Allow-Credentials
true
X-Sovrn-Pod
ad_ap2ewr1
Access-Control-Allow-Headers
X-Requested-With, Content-Type
Content-Length
100
c
prebid.a-mo.net/a/ 		245 B
337 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebid.a-mo.net/a/c
Requested by
Host: monu.delivery
URL: https://monu.delivery/sitesplit/d3/0.4.5/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
145.40.88.5 Secaucus, United States, ASN54825 (PACKET, US),
Reverse DNS
Software
envoy /
Resource Hash

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
text/plain

Response headers

date
Sat, 15 Apr 2023 00:36:18 GMT
content-encoding
gzip
server
envoy
vary
origin, Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.cpomagazine.com
cache-control
max-age=0, private, must-revalidate
access-control-allow-credentials
true
x-envoy-upstream-service-time
6
v2
e.serverbid.com/api/ 		16 B
225 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://e.serverbid.com/api/v2
Requested by
Host: monu.delivery
URL: https://monu.delivery/sitesplit/d3/0.4.5/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
159.89.246.130 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
text/plain

Response headers

date
Sat, 15 Apr 2023 00:36:19 GMT
content-encoding
gzip
access-control-max-age
10080
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/json
access-control-allow-origin
https://www.cpomagazine.com
access-control-allow-credentials
true
access-control-allow-headers
origin, content-type, accept
content-length
42
fastlane.json
fastlane.rubiconproject.com/a/api/ 		519 B
554 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=23852&site_id=389792&zone_id=2276222&size_id=15&alt_size_ids=10&us_privacy=1---&rp_schain=1.0,1!monumetric.com,51064762-e29f-4335-ac37-b358a1f27bc2,1,ff825a4d-0f65-45d4-8955-95bcf2a1c7f9,,&eid_pubcid.org=f6a3602b-20d0-453b-ab39-49dbb75d7ee8%5E1&eid_id5-sync.com=ID5*8QJMToHjLhI41MQ6utISKy5xNxzU35fuwAaI9hSx7VxEBQ6ZwsW32VhQCy_jUR7dRAagl9kWlwgB0bfFbatM1g%5E1%5E2&tpid_tdid=c3db27b5-56e8-4f77-8870-8d51c49d4722&eid_adserver.org=c3db27b5-56e8-4f77-8870-8d51c49d4722&rf=https%3A%2F%2Fwww.cpomagazine.com%2Fcyber-security%2Fsuspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware%2F&tg_i.page=https%3A%2F%2Fwww.cpomagazine.com%2Fcyber-security%2Fsuspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware%2F&tg_i.domain=cpomagazine.com&tg_i.pbadslot=%2F20842576%2C22558570530%2FGSU0BM%2FGSU0BM-DDS.E%23sidebar-5&tk_flint=pbjs_lite_v7.34.0&x_source.tid=ddec0708-2ac0-46ad-83db-a5dc2eacf87f&l_pb_bid_id=27560c02b031e84c&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&p_gpid=%2F20842576%2C22558570530%2FGSU0BM%2FGSU0BM-DDS.E%23sidebar-5&slots=1&rand=0.26749608763486155
Requested by
Host: monu.delivery
URL: https://monu.delivery/sitesplit/d3/0.4.5/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2602:803:c002:200::115 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.21.4 /
Resource Hash

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sat, 15 Apr 2023 00:36:19 GMT
server
nginx/1.21.4
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
https://www.cpomagazine.com
p3p
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
content-length
519
expires
Wed, 17 Sep 1975 21:32:10 GMT
v1
btlr.sharethrough.com/universal/ 		277 B
741 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by
Host: monu.delivery
URL: https://monu.delivery/sitesplit/d3/0.4.5/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
52.55.204.172 -, , ASN (),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
text/plain

Response headers

date
Sat, 15 Apr 2023 00:36:18 GMT
content-encoding
gzip
x-openrtb-version
2.5
vary
Origin
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.cpomagazine.com
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-length
221
v1
btlr.sharethrough.com/universal/ 		429 B
859 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by
Host: monu.delivery
URL: https://monu.delivery/sitesplit/d3/0.4.5/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
52.55.204.172 -, , ASN (),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
text/plain

Response headers

date
Sat, 15 Apr 2023 00:36:18 GMT
content-encoding
gzip
x-openrtb-version
2.5
vary
Origin
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.cpomagazine.com
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-length
339
prebid
ads.yieldmo.com/exchange/ 		0
227 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ads.yieldmo.com/exchange/prebid?pbav=7.34.0&p=%5B%7B%22placement_id%22%3A%22mmt-d0536803-0534-4a8b-b6c5-c2b163d909f8-ad%22%2C%22callback_id%22%3A%22280fe976067eb887%22%2C%22sizes%22%3A%5B%5B300%2C250%5D%2C%5B300%2C600%5D%5D%2C%22ym_placement_id%22%3A%222668194220820340961%22%2C%22gpid%22%3A%22%2F20842576%2C22558570530%2FGSU0BM%2FGSU0BM-DDS.E%23sidebar-5%22%2C%22tid%22%3A%22ddec0708-2ac0-46ad-83db-a5dc2eacf87f%22%2C%22auctionId%22%3A%220c45a1b1-0007-4aed-92ea-28d8ff1e46f0%22%7D%5D&page_url=https%3A%2F%2Fwww.cpomagazine.com%2Fcyber-security%2Fsuspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware%2F&bust=1681518979079&dnt=false&description=Suspected%20Chinese%20threat%20actors%20compromised%20an%20IRS-authorized%20online%20tax%20return%20website%20eFile.com%20using%20JavaScript%20malware%20to%20create%20backdoors%20on%20users%E2%80%99%20devices.&userConsent=%7B%22gdprApplies%22%3A%22%22%2C%22cmp%22%3A%22%22%7D&us_privacy=1---&pr=&scrd=1&title=Suspected%20Chinese%20Threat%20Actors%20Infected%20IRS%20Authorized%20Tax%20Return%20Website%20With%20JavaScript%20Malware%20-%20CPO%20Magazine&w=1600&h=1200&pubcid=f6a3602b-20d0-453b-ab39-49dbb75d7ee8&tdid=c3db27b5-56e8-4f77-8870-8d51c49d4722&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22monumetric.com%22%2C%22sid%22%3A%2251064762-e29f-4335-ac37-b358a1f27bc2%22%2C%22hp%22%3A1%2C%22rid%22%3A%22ff825a4d-0f65-45d4-8955-95bcf2a1c7f9%22%7D%5D%7D&eids=%5B%7B%22source%22%3A%22pubcid.org%22%2C%22uids%22%3A%5B%7B%22id%22%3A%22f6a3602b-20d0-453b-ab39-49dbb75d7ee8%22%2C%22atype%22%3A1%7D%5D%7D%2C%7B%22source%22%3A%22id5-sync.com%22%2C%22uids%22%3A%5B%7B%22id%22%3A%22ID5*8QJMToHjLhI41MQ6utISKy5xNxzU35fuwAaI9hSx7VxEBQ6ZwsW32VhQCy_jUR7dRAagl9kWlwgB0bfFbatM1g%22%2C%22atype%22%3A1%2C%22ext%22%3A%7B%22linkType%22%3A2%7D%7D%5D%7D%2C%7B%22source%22%3A%22adserver.org%22%2C%22uids%22%3A%5B%7B%22id%22%3A%22c3db27b5-56e8-4f77-8870-8d51c49d4722%22%2C%22atype%22%3A1%2C%22ext%22%3A%7B%22rtiPartner%22%3A%22TDID%22%7D%7D%5D%7D%5D
Requested by
Host: monu.delivery
URL: https://monu.delivery/sitesplit/d3/0.4.5/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.214.100.121 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-214-100-121.compute-1.amazonaws.com
Software
/
Resource Hash

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://www.cpomagazine.com
pragma
no-cache
date
Sat, 15 Apr 2023 00:36:19 GMT
access-control-allow-credentials
true
x-robots-tag
none,NOINDEX,NOFOLLOW
access-control-allow-methods
POST, GET, OPTIONS
access-control-request-headers
Cache-Control, Pragma
bidRequest
c2shb.pubgw.yahoo.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://c2shb.pubgw.yahoo.com/bidRequest
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.236.83.94 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-236-83-94.compute-1.amazonaws.com
Software
ATS/9.1.10.25 /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-openrtb-version
Access-Control-Request-Method
POST
Origin
https://www.cpomagazine.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
X-Requested-With,Content-Type,X-Openrtb-Version
access-control-allow-methods
GET,POST,OPTIONS
access-control-allow-origin
https://www.cpomagazine.com
access-control-max-age
600
age
0
content-length
0
date
Sat, 15 Apr 2023 00:36:19 GMT
server
ATS/9.1.10.25
bidRequest
c2shb.pubgw.yahoo.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://c2shb.pubgw.yahoo.com/bidRequest
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.236.83.94 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-236-83-94.compute-1.amazonaws.com
Software
ATS/9.1.10.25 /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-openrtb-version
Access-Control-Request-Method
POST
Origin
https://www.cpomagazine.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
X-Requested-With,Content-Type,X-Openrtb-Version
access-control-allow-methods
GET,POST,OPTIONS
access-control-allow-origin
https://www.cpomagazine.com
access-control-max-age
600
age
0
content-length
0
date
Sat, 15 Apr 2023 00:36:19 GMT
server
ATS/9.1.10.25
prebid
prebid.media.net/rtb/ 		651 B
480 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebid.media.net/rtb/prebid?cid=8CUWWG7OK
Requested by
Host: monu.delivery
URL: https://monu.delivery/sitesplit/d3/0.4.5/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.107.148.139 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
139.148.107.34.bc.googleusercontent.com
Software
nginx /
Resource Hash

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sat, 15 Apr 2023 00:36:19 GMT
content-encoding
gzip
via
1.1 google
server
nginx
accept-ch
Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://www.cpomagazine.com
cache-control
max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
alt-svc
clear
expires
Sat, 15 Apr 2023 00:36:19 GMT
pbjs
htlb.casalemedia.com/openrtb/ 		37 B
508 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://htlb.casalemedia.com/openrtb/pbjs?s=201337
Requested by
Host: monu.delivery
URL: https://monu.delivery/sitesplit/d3/0.4.5/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.24.185 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sat, 15 Apr 2023 00:36:19 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Z8f0mnqxy4KTfkFusQQuKkyUvcgJbTv9m9DdZW50Tutpm3%2Bmoqg%2Fd%2B6uku5oNGOl6L%2F4oafU5Nvxgxc3ED7rQ0YgEWDn5XkwMicZxLcBOT2UEeOgg1%2Bs7JxiSXofbbqTk5kBFR52"}],"group":"cf-nel","max_age":604800}
content-type
application/json
access-control-allow-origin
https://www.cpomagazine.com
cache-control
no-cache
access-control-allow-credentials
true
cf-ray
7b801d137f43112c-ORD
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
37
expires
0
imp
g2.gumgum.com/hbid/ 		675 B
778 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://g2.gumgum.com/hbid/imp?lt=1681518979104&to=0&aun=mmt-ec5738eb-0829-450d-9398-be0ecd722893-ad&pubcid=f6a3602b-20d0-453b-ab39-49dbb75d7ee8&id5id=ID5*8QJMToHjLhI41MQ6utISKy5xNxzU35fuwAaI9hSx7VxEBQ6ZwsW32VhQCy_jUR7dRAagl9kWlwgB0bfFbatM1g&tdid=c3db27b5-56e8-4f77-8870-8d51c49d4722&gpid=%2F20842576%2C22558570530%2FGSU0BM%2FGSU0BM-DDS.F%23sidebar-6&pv=ae44de31-6f1b-4579-ac0e-29ae61b79816&maxw=300&maxh=600&si=222946&pi=3&bf=300x250%2C300x600&uspConsent=1---&schain=1.0%2C1!monumetric.com%2C51064762-e29f-4335-ac37-b358a1f27bc2%2C1%2Cff825a4d-0f65-45d4-8955-95bcf2a1c7f9%2C%2C&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fwww.cpomagazine.com%2Fcyber-security%2Fsuspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware%2F&ce=false&dpr=1&jcsi=%7B%22t%22%3A0%2C%22rq%22%3A8%2C%22pbv%22%3A%227.34.0%22%7D&ogu=https%3A%2F%2Fwww.cpomagazine.com%2Fcyber-security%2Fsuspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware%2F&ns=10240
Requested by
Host: monu.delivery
URL: https://monu.delivery/sitesplit/d3/0.4.5/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.235.206.17 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-18-235-206-17.compute-1.amazonaws.com
Software
nginx /
Resource Hash

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sat, 15 Apr 2023 00:36:19 GMT
content-encoding
gzip
server
nginx
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://www.cpomagazine.com
cache-control
private, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
timing-allow-origin
*
expires
0
imp
g2.gumgum.com/hbid/ 		675 B
778 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://g2.gumgum.com/hbid/imp?lt=1681518979105&to=0&aun=mmt-ec5738eb-0829-450d-9398-be0ecd722893-ad&pubcid=f6a3602b-20d0-453b-ab39-49dbb75d7ee8&id5id=ID5*8QJMToHjLhI41MQ6utISKy5xNxzU35fuwAaI9hSx7VxEBQ6ZwsW32VhQCy_jUR7dRAagl9kWlwgB0bfFbatM1g&tdid=c3db27b5-56e8-4f77-8870-8d51c49d4722&gpid=%2F20842576%2C22558570530%2FGSU0BM%2FGSU0BM-DDS.F%23sidebar-6&pv=ae44de31-6f1b-4579-ac0e-29ae61b79816&maxw=300&maxh=600&si=222947&pi=3&bf=300x250%2C300x600&uspConsent=1---&schain=1.0%2C1!monumetric.com%2C51064762-e29f-4335-ac37-b358a1f27bc2%2C1%2Cff825a4d-0f65-45d4-8955-95bcf2a1c7f9%2C%2C&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fwww.cpomagazine.com%2Fcyber-security%2Fsuspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware%2F&ce=false&dpr=1&jcsi=%7B%22t%22%3A0%2C%22rq%22%3A8%2C%22pbv%22%3A%227.34.0%22%7D&ogu=https%3A%2F%2Fwww.cpomagazine.com%2Fcyber-security%2Fsuspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware%2F&ns=10240
Requested by
Host: monu.delivery
URL: https://monu.delivery/sitesplit/d3/0.4.5/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.235.206.17 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-18-235-206-17.compute-1.amazonaws.com
Software
nginx /
Resource Hash

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sat, 15 Apr 2023 00:36:19 GMT
content-encoding
gzip
server
nginx
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://www.cpomagazine.com
cache-control
private, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
timing-allow-origin
*
expires
0
prebid
ads.yieldmo.com/exchange/ 		0
227 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ads.yieldmo.com/exchange/prebid?pbav=7.34.0&p=%5B%7B%22placement_id%22%3A%22mmt-ec5738eb-0829-450d-9398-be0ecd722893-ad%22%2C%22callback_id%22%3A%22291a20cc34b1b117%22%2C%22sizes%22%3A%5B%5B300%2C250%5D%2C%5B300%2C600%5D%5D%2C%22ym_placement_id%22%3A%222668194220820340961%22%2C%22gpid%22%3A%22%2F20842576%2C22558570530%2FGSU0BM%2FGSU0BM-DDS.F%23sidebar-6%22%2C%22tid%22%3A%227f85e391-f9b2-4435-86d1-995b03847b02%22%2C%22auctionId%22%3A%2286f985ac-e760-4f84-98e3-aeea91b5dd63%22%7D%5D&page_url=https%3A%2F%2Fwww.cpomagazine.com%2Fcyber-security%2Fsuspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware%2F&bust=1681518979109&dnt=false&description=Suspected%20Chinese%20threat%20actors%20compromised%20an%20IRS-authorized%20online%20tax%20return%20website%20eFile.com%20using%20JavaScript%20malware%20to%20create%20backdoors%20on%20users%E2%80%99%20devices.&userConsent=%7B%22gdprApplies%22%3A%22%22%2C%22cmp%22%3A%22%22%7D&us_privacy=1---&pr=&scrd=1&title=Suspected%20Chinese%20Threat%20Actors%20Infected%20IRS%20Authorized%20Tax%20Return%20Website%20With%20JavaScript%20Malware%20-%20CPO%20Magazine&w=1600&h=1200&pubcid=f6a3602b-20d0-453b-ab39-49dbb75d7ee8&tdid=c3db27b5-56e8-4f77-8870-8d51c49d4722&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22monumetric.com%22%2C%22sid%22%3A%2251064762-e29f-4335-ac37-b358a1f27bc2%22%2C%22hp%22%3A1%2C%22rid%22%3A%22ff825a4d-0f65-45d4-8955-95bcf2a1c7f9%22%7D%5D%7D&eids=%5B%7B%22source%22%3A%22pubcid.org%22%2C%22uids%22%3A%5B%7B%22id%22%3A%22f6a3602b-20d0-453b-ab39-49dbb75d7ee8%22%2C%22atype%22%3A1%7D%5D%7D%2C%7B%22source%22%3A%22id5-sync.com%22%2C%22uids%22%3A%5B%7B%22id%22%3A%22ID5*8QJMToHjLhI41MQ6utISKy5xNxzU35fuwAaI9hSx7VxEBQ6ZwsW32VhQCy_jUR7dRAagl9kWlwgB0bfFbatM1g%22%2C%22atype%22%3A1%2C%22ext%22%3A%7B%22linkType%22%3A2%7D%7D%5D%7D%2C%7B%22source%22%3A%22adserver.org%22%2C%22uids%22%3A%5B%7B%22id%22%3A%22c3db27b5-56e8-4f77-8870-8d51c49d4722%22%2C%22atype%22%3A1%2C%22ext%22%3A%7B%22rtiPartner%22%3A%22TDID%22%7D%7D%5D%7D%5D
Requested by
Host: monu.delivery
URL: https://monu.delivery/sitesplit/d3/0.4.5/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.214.100.121 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-214-100-121.compute-1.amazonaws.com
Software
/
Resource Hash

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://www.cpomagazine.com
pragma
no-cache
date
Sat, 15 Apr 2023 00:36:19 GMT
access-control-allow-credentials
true
x-robots-tag
none,NOINDEX,NOFOLLOW
access-control-allow-methods
POST, GET, OPTIONS
access-control-request-headers
Cache-Control, Pragma
637e6546decb82d45236f0f8
prebid.cootlogix.com/prebid/multi/ 		0
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebid.cootlogix.com/prebid/multi/637e6546decb82d45236f0f8
Requested by
Host: monu.delivery
URL: https://monu.delivery/sitesplit/d3/0.4.5/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
45.77.203.141 Piscataway, United States, ASN20473 (AS-CHOOPA, US),
Reverse DNS
45.77.203.141.vultrusercontent.com
Software
/
Resource Hash

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://www.cpomagazine.com
date
Sat, 15 Apr 2023 00:36:19 GMT
cache-control
max-age=0, no-cache, must-revalidate, proxy-revalidate
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, Content-Range, Cache-Control
content-length
0
v1
btlr.sharethrough.com/universal/ 		666 B
933 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by
Host: monu.delivery
URL: https://monu.delivery/sitesplit/d3/0.4.5/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
52.55.204.172 -, , ASN (),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
text/plain

Response headers

date
Sat, 15 Apr 2023 00:36:19 GMT
content-encoding
gzip
x-openrtb-version
2.5
vary
Origin
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.cpomagazine.com
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-length
413
v1
btlr.sharethrough.com/universal/ 		442 B
838 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by
Host: monu.delivery
URL: https://monu.delivery/sitesplit/d3/0.4.5/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
52.55.204.172 -, , ASN (),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
text/plain

Response headers

date
Sat, 15 Apr 2023 00:36:18 GMT
content-encoding
gzip
x-openrtb-version
2.5
vary
Origin
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.cpomagazine.com
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-length
318
prebid
ib.adnxs.com/ut/v3/ 		19 B
982 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: monu.delivery
URL: https://monu.delivery/sitesplit/d3/0.4.5/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
68.67.179.153 North Bergen, United States, ASN29990 (ASN-APPNEX, US),
Reverse DNS
570.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Sat, 15 Apr 2023 00:36:19 GMT
AN-X-Request-Uuid
ab4bc24c-62e1-41b1-b7e1-abff5a775f46
Server
nginx/1.21.3
Accept-CH
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type
application/json; charset=utf-8
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
https://www.cpomagazine.com
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
X-Proxy-Origin
167.88.7.162; 167.88.7.162; 570.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
Content-Length
19
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
bid
ap.lijit.com/rtb/ 		95 B
631 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ap.lijit.com/rtb/bid?src=prebid_prebid_7.34.0
Requested by
Host: monu.delivery
URL: https://monu.delivery/sitesplit/d3/0.4.5/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.92.190.68 Charlotte, United States, ASN10913 (INTERNAP-BLK, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
text/plain

Response headers

Date
Sat, 15 Apr 2023 00:36:19 GMT
Content-Encoding
gzip
Vary
Accept-Encoding, User-Agent
Access-Control-Allow-Methods
GET, POST, DELETE, PUT
Content-Type
application/json
Access-Control-Allow-Origin
https://www.cpomagazine.com
Access-Control-Allow-Credentials
true
X-Sovrn-Pod
ad_ap2ewr1
Access-Control-Allow-Headers
X-Requested-With, Content-Type
Content-Length
100
bidRequest
c2shb.pubgw.yahoo.com/ 		66 B
117 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c2shb.pubgw.yahoo.com/bidRequest
Requested by
Host: monu.delivery
URL: https://monu.delivery/sitesplit/d3/0.4.5/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.236.83.94 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-236-83-94.compute-1.amazonaws.com
Software
ATS/9.1.10.25 /
Resource Hash

Request headers

Referer
x-openrtb-version
2.5
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
application/json

Response headers

date
Sat, 15 Apr 2023 00:36:19 GMT
content-encoding
gzip
server
ATS/9.1.10.25
age
0
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Accept-Encoding, User-Agent
access-control-allow-methods
POST,GET,HEAD,OPTIONS
content-type
application/json;charset=utf-8
access-control-allow-origin
https://www.cpomagazine.com
access-control-allow-credentials
true
content-length
84
bidRequest
c2shb.pubgw.yahoo.com/ 		66 B
117 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c2shb.pubgw.yahoo.com/bidRequest
Requested by
Host: monu.delivery
URL: https://monu.delivery/sitesplit/d3/0.4.5/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.236.83.94 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-236-83-94.compute-1.amazonaws.com
Software
ATS/9.1.10.25 /
Resource Hash

Request headers

Referer
x-openrtb-version
2.5
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
application/json

Response headers

date
Sat, 15 Apr 2023 00:36:19 GMT
content-encoding
gzip
server
ATS/9.1.10.25
age
0
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Accept-Encoding, User-Agent
access-control-allow-methods
POST,GET,HEAD,OPTIONS
content-type
application/json;charset=utf-8
access-control-allow-origin
https://www.cpomagazine.com
access-control-allow-credentials
true
content-length
84
trinity.json
apex.go.sonobi.com/ 		410 B
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://apex.go.sonobi.com/trinity.json?key_maker=%7B%2230698152179e8b51%22%3A%22dcc4cd9596e80d497120%7C300x250%2C300x600%7Cgpid%3D%2F20842576%2C22558570530%2FGSU0BM%2FGSU0BM-DDS.F%23sidebar-6%2Cc%3Dd%2C%22%2C%2230716bb9c4cd7e53%22%3A%22d23fc2fbe929165f22f9%7C300x250%2C300x600%7Cgpid%3D%2F20842576%2C22558570530%2FGSU0BM%2FGSU0BM-DDS.F%23sidebar-6%2Cc%3Dd%2C%22%7D&ref=https%3A%2F%2Fwww.cpomagazine.com%2Fcyber-security%2Fsuspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware%2F&s=fbc7506e-dc2b-4700-99b9-f6826057b583&pv=a8d57ca9-d890-4c53-9b91-7829f485246f&vp=desktop&lib_name=prebid&lib_v=7.34.0&us=5&fpd=%7B%22regs%22%3A%7B%22ext%22%3A%7B%22us_privacy%22%3A%221---%22%7D%7D%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fwww.cpomagazine.com%2Fcyber-security%2Fsuspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware%2F%22%2C%22domain%22%3A%22cpomagazine.com%22%2C%22publisher%22%3A%7B%22domain%22%3A%22cpomagazine.com%22%7D%7D%2C%22device%22%3A%7B%22w%22%3A1600%2C%22h%22%3A1200%2C%22dnt%22%3A0%2C%22ua%22%3A%22Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F112.0.5615.49%20Safari%2F537.36%22%2C%22language%22%3A%22en%22%2C%22sua%22%3A%7B%22source%22%3A2%2C%22browsers%22%3A%5B%5D%2C%22mobile%22%3A0%2C%22model%22%3A%22%22%2C%22bitness%22%3A%22%22%2C%22architecture%22%3A%22%22%7D%7D%7D&ius=0&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22monumetric.com%22%2C%22sid%22%3A%2251064762-e29f-4335-ac37-b358a1f27bc2%22%2C%22hp%22%3A1%2C%22rid%22%3A%22f77144b6-e159-46d1-94e7-ba62ad1a340c%22%7D%5D%7D&userid=%7B%22pubcid%22%3A%22f6a3602b-20d0-453b-ab39-49dbb75d7ee8%22%2C%22id5id%22%3A%22ID5*8QJMToHjLhI41MQ6utISKy5xNxzU35fuwAaI9hSx7VxEBQ6ZwsW32VhQCy_jUR7dRAagl9kWlwgB0bfFbatM1g%22%2C%22tdid%22%3A%22c3db27b5-56e8-4f77-8870-8d51c49d4722%22%7D&eids=%5B%7B%22source%22%3A%22pubcid.org%22%2C%22uids%22%3A%5B%7B%22id%22%3A%22f6a3602b-20d0-453b-ab39-49dbb75d7ee8%22%2C%22atype%22%3A1%7D%5D%7D%2C%7B%22source%22%3A%22id5-sync.com%22%2C%22uids%22%3A%5B%7B%22id%22%3A%22ID5*8QJMToHjLhI41MQ6utISKy5xNxzU35fuwAaI9hSx7VxEBQ6ZwsW32VhQCy_jUR7dRAagl9kWlwgB0bfFbatM1g%22%2C%22atype%22%3A1%2C%22ext%22%3A%7B%22linkType%22%3A2%7D%7D%5D%7D%2C%7B%22source%22%3A%22adserver.org%22%2C%22uids%22%3A%5B%7B%22id%22%3A%22c3db27b5-56e8-4f77-8870-8d51c49d4722%22%2C%22atype%22%3A1%2C%22ext%22%3A%7B%22rtiPartner%22%3A%22TDID%22%7D%7D%5D%7D%5D&us_privacy=1---&coppa=0
Requested by
Host: monu.delivery
URL: https://monu.delivery/sitesplit/d3/0.4.5/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
69.166.1.14 , United States, ASN27630 (AS-XFERNET, US),
Reverse DNS
Software
sonobi-go /
Resource Hash
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Sat, 15 Apr 2023 00:36:19 GMT
Content-Encoding
gzip
Server
sonobi-go
Vary
negotiate,Accept-Encoding
X-Go-Server
go-iad-2-5-33
Content-Type
application/json
P3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin
https://www.cpomagazine.com
Cache-Control
no-cache, no-store, private
Access-Control-Allow-Credentials
true
Tcn
Choice
Content-Length
337
X-Xss-Protection
0
Expires
Sat, 26 Jul 1997 05:00:00 GMT
c
prebid.a-mo.net/a/ 		245 B
337 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebid.a-mo.net/a/c
Requested by
Host: monu.delivery
URL: https://monu.delivery/sitesplit/d3/0.4.5/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
145.40.88.5 Secaucus, United States, ASN54825 (PACKET, US),
Reverse DNS
Software
envoy /
Resource Hash

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
text/plain

Response headers

date
Sat, 15 Apr 2023 00:36:18 GMT
content-encoding
gzip
server
envoy
vary
origin, Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.cpomagazine.com
cache-control
max-age=0, private, must-revalidate
access-control-allow-credentials
true
x-envoy-upstream-service-time
3
fastlane.json
fastlane.rubiconproject.com/a/api/ 		519 B
554 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=23852&site_id=389792&zone_id=2276222&size_id=15&alt_size_ids=10&us_privacy=1---&rp_schain=1.0,1!monumetric.com,51064762-e29f-4335-ac37-b358a1f27bc2,1,f77144b6-e159-46d1-94e7-ba62ad1a340c,,&eid_pubcid.org=f6a3602b-20d0-453b-ab39-49dbb75d7ee8%5E1&eid_id5-sync.com=ID5*8QJMToHjLhI41MQ6utISKy5xNxzU35fuwAaI9hSx7VxEBQ6ZwsW32VhQCy_jUR7dRAagl9kWlwgB0bfFbatM1g%5E1%5E2&tpid_tdid=c3db27b5-56e8-4f77-8870-8d51c49d4722&eid_adserver.org=c3db27b5-56e8-4f77-8870-8d51c49d4722&rf=https%3A%2F%2Fwww.cpomagazine.com%2Fcyber-security%2Fsuspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware%2F&tg_i.page=https%3A%2F%2Fwww.cpomagazine.com%2Fcyber-security%2Fsuspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware%2F&tg_i.domain=cpomagazine.com&tg_i.pbadslot=%2F20842576%2C22558570530%2FGSU0BM%2FGSU0BM-DDS.F%23sidebar-6&tk_flint=pbjs_lite_v7.34.0&x_source.tid=7f85e391-f9b2-4435-86d1-995b03847b02&l_pb_bid_id=311dc086138d3268&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&p_gpid=%2F20842576%2C22558570530%2FGSU0BM%2FGSU0BM-DDS.F%23sidebar-6&slots=1&rand=0.9999036162723984
Requested by
Host: monu.delivery
URL: https://monu.delivery/sitesplit/d3/0.4.5/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2602:803:c002:200::115 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.21.4 /
Resource Hash

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sat, 15 Apr 2023 00:36:19 GMT
server
nginx/1.21.4
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
https://www.cpomagazine.com
p3p
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
content-length
519
expires
Wed, 17 Sep 1975 21:32:10 GMT
v2
e.serverbid.com/api/ 		16 B
202 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://e.serverbid.com/api/v2
Requested by
Host: monu.delivery
URL: https://monu.delivery/sitesplit/d3/0.4.5/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
159.89.246.130 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
text/plain

Response headers

date
Sat, 15 Apr 2023 00:36:18 GMT
content-encoding
gzip
access-control-max-age
10080
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/json
access-control-allow-origin
https://www.cpomagazine.com
access-control-allow-credentials
true
access-control-allow-headers
origin, content-type, accept
content-length
42
translator
hbopenbid.pubmatic.com/ 		0
63 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by
Host: monu.delivery
URL: https://monu.delivery/sitesplit/d3/0.4.5/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.36.115.111 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://www.cpomagazine.com
date
Sat, 15 Apr 2023 00:36:18 GMT
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
v1
hb-api.omnitagjs.com/hb-api/prebid/ 		360 B
497 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://hb-api.omnitagjs.com/hb-api/prebid/v1?RefererUrl=https%3A%2F%2Fwww.cpomagazine.com%2Fcyber-security%2Fsuspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware%2F&PageUrl=https%3A%2F%2Fwww.cpomagazine.com%2Fcyber-security%2Fsuspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware%2F&PageReferrer=https%3A%2F%2Fwww.cpomagazine.com%2Fcyber-security%2Fsuspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware%2F&CanonicalUrl=https%3A%2F%2Fwww.cpomagazine.com%2Fcyber-security%2Fsuspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware%2F
Requested by
Host: monu.delivery
URL: https://monu.delivery/sitesplit/d3/0.4.5/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
195.244.31.11 Newark, United States, ASN63140 (IGUANA-WORLDWIDE, US),
Reverse DNS
Software
ayl-lb-usa02 /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
text/plain

Response headers

date
Sat, 15 Apr 2023 00:36:18 GMT
x-content-type-options
nosniff
p3p
CP="CAO PSA OUR"
x-envoy-upstream-service-time
26
content-length
360
pragma
no-cache
server
ayl-lb-usa02
access-control-max-age
3600
access-control-allow-methods
OPTIONS, POST
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.cpomagazine.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
vary
Accept-Encoding
access-control-allow-headers
Accept-Encoding, Content-Type
expires
0
truncated
/ Frame EFF2 		214 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

Content-Type
image/png
view
securepubads.g.doubleclick.net/pcs/ Frame EFF2 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuN8HucSkWrH7XYx1i-__46wdgPyRC1KfIaKukgRV9MVkQ8RR0xgP--EnlumBA3wz1tUjxihMhDwfz47eiZWglqvUfdo60Yja4CxzvhWBVInFNgDXoVdjc32BQUfT3ULr992-WTMGaFJ8rr4PeaYvv-5BzLK4C7oqyycEVCkArIKco0YBIwWr0LS55r4fIhr5zdahYMz-_ZNvFmcEN1uSjKhMTmiUgrYRb0GLgv3RQ6e3TwV4YRU_wCPKrSdHO7Klu3qqMlbEHA8WmtHfIMirrxkj_tijXMXatduaXUsvM_gWeDnu_BYDQrpBBuGEkIZGe5fv2gWHAB8unlxA&sai=AMfl-YQmczQ046SngOc-0_TZqnRpRsQ5CryMDF1PQCmY7gs-MuRQJeZYk1WG8yAfJGvOuIwVHpmy8bc0_ChNO1Yg8bWcqwQycFGhLEvjI0SxvkbOhHDoPiwaEbRW-flhDxg&sig=Cg0ArKJSzFpP0Z0sGX9QEAE&uach_m=[UACH]&adurl=
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4020:805::2002 Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Sat, 15 Apr 2023 00:36:19 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Sat, 15 Apr 2023 00:36:19 GMT
integrator.js
adservice.google.com/adsid/ 		107 B
122 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=www.cpomagazine.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304130101/pubads_impl.js?cb=31073843
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4020:806::2002 Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Sat, 15 Apr 2023 00:36:19 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
content-type
application/javascript; charset=UTF-8
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
100
x-xss-protection
0
ads
securepubads.g.doubleclick.net/gampad/ 		53 KB
21 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?pvsid=4164485387214954&correlator=3859268580410325&eid=31072020%2C31073828%2C31073843%2C676982961%2C31061691%2C31061692&output=ldjh&gdfp_req=1&vrg=202304130101&ptt=17&impl=fif&gdpr=0&us_privacy=1---&iu_parts=20842576%3A22558570530%2CGSU0BM%2CGSU0BM-DDS.D&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=300x250%7C300x600&ifi=8&adks=1147208452&sfv=1-0-40&prev_scp=pos%3D4%26monu%3D300x250-300x600_B4%26amznbid%3D2wmlts%26amznp%3D1v2ipkw%26amzniid%3DJKr31XoOcRGD_Cw33PlZsJUAAAGHgldmSwEAAAJYAQBhcHNfdHhuX2JpZDEgICBhcHNfdHhuX2ltcDEgICDeDvqE%26amznsz%3D300x250%26target_adx_floor%3D0.00%26refresh_count%3D0%26tabVisibilityState%3Dvisible%26max_bid%3Dnone%26context%3D0__chrome&eri=1&cust_params=page_num%3Dundefined%26big4%3Dtrue%26referrer%3Ddirect%26infolinks%3Dtrue%26hem_included%3Dfalse%26tcf_gdprApplies%3Dfalse%26tcfBehavior%3DnotApplicable&sc=1&cookie=ID%3Ddbb218a7b09e9ffc-22a876ec17df00b2%3AT%3D1681518969%3ART%3D1681518978%3AS%3DALNI_MZmJ80B-U7uM76lq0wvX4c9sauhfg&gpic=UID%3D00000be2ab1fca0e%3AT%3D1681518969%3ART%3D1681518969%3AS%3DALNI_MaDsYPmWyU5yV_OwRsNx6yGEDPQ8g&abxe=1&dt=1681518979208&lmt=1681509637&dlt=1681518966562&idt=2549&adxs=1050&adys=3083&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=3&ucis=5&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fwww.cpomagazine.com%2Fcyber-security%2Fsuspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware%2F&rumc=4164485387214954&rume=1&frm=20&vis=1&psz=310x600&msz=300x0&fws=0&ohw=0&psts=AHQMDFetgnz5xssIcXevtINAuxsYIgg2uF-5qbKgHuxZegwZh7MvO-PtuiTEnN9v5aaK9j8Hq9Z_4KzZASbfpiOvWrb0yQ%2CAHQMDFfud7xlZeg-jpu8tqoKHID9ruZ5eZiFmc2sHXP-g0r77_WNsjBkJIb6vksUEqw6EmrhBZNolPGCwC4A6fg4LICmmA&ga_vid=557382840.1681518967&ga_sid=1681518969&ga_hid=882669968&ga_fc=true
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304130101/pubads_impl.js?cb=31073843
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4020:805::2002 Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Sat, 15 Apr 2023 00:36:19 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
20965
x-xss-protection
0
google-lineitem-id
6249261992
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
138425997609
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://www.cpomagazine.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
rum.js
securepubads.g.doubleclick.net/pagead/js/ Frame EFF2 		63 KB
23 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pagead/js/rum.js
Requested by
Host: www.cpomagazine.com
URL: https://www.cpomagazine.com/cyber-security/suspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4020:805::2002 Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Fri, 14 Apr 2023 23:59:03 GMT
content-encoding
br
x-content-type-options
nosniff
age
2236
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
23897
x-xss-protection
0
server
cafe
etag
4499765138105498878
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=3600
timing-allow-origin
*
expires
Sat, 15 Apr 2023 00:59:03 GMT
bidRequest
c2shb.pubgw.yahoo.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://c2shb.pubgw.yahoo.com/bidRequest
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.236.83.94 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-236-83-94.compute-1.amazonaws.com
Software
ATS/9.1.10.25 /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-openrtb-version
Access-Control-Request-Method
POST
Origin
https://www.cpomagazine.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
X-Requested-With,Content-Type,X-Openrtb-Version
access-control-allow-methods
GET,POST,OPTIONS
access-control-allow-origin
https://www.cpomagazine.com
access-control-max-age
600
age
0
content-length
0
date
Sat, 15 Apr 2023 00:36:19 GMT
server
ATS/9.1.10.25
trinity.json
apex.go.sonobi.com/ 		388 B
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://apex.go.sonobi.com/trinity.json?key_maker=%7B%22322832cf42706289%22%3A%224038e93c4d4c13bc38d7%7C728x90%7Cgpid%3D%2F20842576%2C22558570530%2FGSU0BM%2FGSU0BM-DDA.C%23anchor-3%2Cc%3Dd%2C%22%7D&ref=https%3A%2F%2Fwww.cpomagazine.com%2Fcyber-security%2Fsuspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware%2F&s=b79e4c6d-65df-494d-86b1-af2ab07f04ac&pv=a8d57ca9-d890-4c53-9b91-7829f485246f&vp=desktop&lib_name=prebid&lib_v=7.34.0&us=5&fpd=%7B%22regs%22%3A%7B%22ext%22%3A%7B%22us_privacy%22%3A%221---%22%7D%7D%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fwww.cpomagazine.com%2Fcyber-security%2Fsuspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware%2F%22%2C%22domain%22%3A%22cpomagazine.com%22%2C%22publisher%22%3A%7B%22domain%22%3A%22cpomagazine.com%22%7D%7D%2C%22device%22%3A%7B%22w%22%3A1600%2C%22h%22%3A1200%2C%22dnt%22%3A0%2C%22ua%22%3A%22Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F112.0.5615.49%20Safari%2F537.36%22%2C%22language%22%3A%22en%22%2C%22sua%22%3A%7B%22source%22%3A2%2C%22browsers%22%3A%5B%5D%2C%22mobile%22%3A0%2C%22model%22%3A%22%22%2C%22bitness%22%3A%22%22%2C%22architecture%22%3A%22%22%7D%7D%7D&ius=0&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22monumetric.com%22%2C%22sid%22%3A%2251064762-e29f-4335-ac37-b358a1f27bc2%22%2C%22hp%22%3A1%2C%22rid%22%3A%22f77144b6-e159-46d1-94e7-ba62ad1a340c%22%7D%5D%7D&userid=%7B%22pubcid%22%3A%22f6a3602b-20d0-453b-ab39-49dbb75d7ee8%22%2C%22id5id%22%3A%22ID5*8QJMToHjLhI41MQ6utISKy5xNxzU35fuwAaI9hSx7VxEBQ6ZwsW32VhQCy_jUR7dRAagl9kWlwgB0bfFbatM1g%22%2C%22tdid%22%3A%22c3db27b5-56e8-4f77-8870-8d51c49d4722%22%7D&eids=%5B%7B%22source%22%3A%22pubcid.org%22%2C%22uids%22%3A%5B%7B%22id%22%3A%22f6a3602b-20d0-453b-ab39-49dbb75d7ee8%22%2C%22atype%22%3A1%7D%5D%7D%2C%7B%22source%22%3A%22id5-sync.com%22%2C%22uids%22%3A%5B%7B%22id%22%3A%22ID5*8QJMToHjLhI41MQ6utISKy5xNxzU35fuwAaI9hSx7VxEBQ6ZwsW32VhQCy_jUR7dRAagl9kWlwgB0bfFbatM1g%22%2C%22atype%22%3A1%2C%22ext%22%3A%7B%22linkType%22%3A2%7D%7D%5D%7D%2C%7B%22source%22%3A%22adserver.org%22%2C%22uids%22%3A%5B%7B%22id%22%3A%22c3db27b5-56e8-4f77-8870-8d51c49d4722%22%2C%22atype%22%3A1%2C%22ext%22%3A%7B%22rtiPartner%22%3A%22TDID%22%7D%7D%5D%7D%5D&us_privacy=1---&coppa=0
Requested by
Host: monu.delivery
URL: https://monu.delivery/sitesplit/d3/0.4.5/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
69.166.1.14 , United States, ASN27630 (AS-XFERNET, US),
Reverse DNS
Software
sonobi-go /
Resource Hash
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Sat, 15 Apr 2023 00:36:19 GMT
Content-Encoding
gzip
Server
sonobi-go
Vary
negotiate,Accept-Encoding
X-Go-Server
go-iad-2-5-33
Content-Type
application/json
P3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin
https://www.cpomagazine.com
Cache-Control
no-cache, no-store, private
Access-Control-Allow-Credentials
true
Tcn
Choice
Content-Length
323
X-Xss-Protection
0
Expires
Sat, 26 Jul 1997 05:00:00 GMT
prebid
ads.yieldmo.com/exchange/ 		0
227 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ads.yieldmo.com/exchange/prebid?pbav=7.34.0&p=%5B%7B%22placement_id%22%3A%22mmt-575ee5ff-9f35-4cd7-9baf-39c6b507353a-ad%22%2C%22callback_id%22%3A%2232459d43b851cedf%22%2C%22sizes%22%3A%5B%5B728%2C90%5D%5D%2C%22ym_placement_id%22%3A%222668194220820340961%22%2C%22gpid%22%3A%22%2F20842576%2C22558570530%2FGSU0BM%2FGSU0BM-DDA.C%23anchor-3%22%2C%22tid%22%3A%222a6e728e-8551-40e9-8fa8-3f306583e063%22%2C%22auctionId%22%3A%2246a6333b-0a89-4c27-92ab-6af11134ad53%22%7D%5D&page_url=https%3A%2F%2Fwww.cpomagazine.com%2Fcyber-security%2Fsuspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware%2F&bust=1681518979260&dnt=false&description=Suspected%20Chinese%20threat%20actors%20compromised%20an%20IRS-authorized%20online%20tax%20return%20website%20eFile.com%20using%20JavaScript%20malware%20to%20create%20backdoors%20on%20users%E2%80%99%20devices.&userConsent=%7B%22gdprApplies%22%3A%22%22%2C%22cmp%22%3A%22%22%7D&us_privacy=1---&pr=&scrd=1&title=Suspected%20Chinese%20Threat%20Actors%20Infected%20IRS%20Authorized%20Tax%20Return%20Website%20With%20JavaScript%20Malware%20-%20CPO%20Magazine&w=1600&h=1200&pubcid=f6a3602b-20d0-453b-ab39-49dbb75d7ee8&tdid=c3db27b5-56e8-4f77-8870-8d51c49d4722&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22monumetric.com%22%2C%22sid%22%3A%2251064762-e29f-4335-ac37-b358a1f27bc2%22%2C%22hp%22%3A1%2C%22rid%22%3A%22f77144b6-e159-46d1-94e7-ba62ad1a340c%22%7D%5D%7D&eids=%5B%7B%22source%22%3A%22pubcid.org%22%2C%22uids%22%3A%5B%7B%22id%22%3A%22f6a3602b-20d0-453b-ab39-49dbb75d7ee8%22%2C%22atype%22%3A1%7D%5D%7D%2C%7B%22source%22%3A%22id5-sync.com%22%2C%22uids%22%3A%5B%7B%22id%22%3A%22ID5*8QJMToHjLhI41MQ6utISKy5xNxzU35fuwAaI9hSx7VxEBQ6ZwsW32VhQCy_jUR7dRAagl9kWlwgB0bfFbatM1g%22%2C%22atype%22%3A1%2C%22ext%22%3A%7B%22linkType%22%3A2%7D%7D%5D%7D%2C%7B%22source%22%3A%22adserver.org%22%2C%22uids%22%3A%5B%7B%22id%22%3A%22c3db27b5-56e8-4f77-8870-8d51c49d4722%22%2C%22atype%22%3A1%2C%22ext%22%3A%7B%22rtiPartner%22%3A%22TDID%22%7D%7D%5D%7D%5D
Requested by
Host: monu.delivery
URL: https://monu.delivery/sitesplit/d3/0.4.5/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.214.100.121 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-214-100-121.compute-1.amazonaws.com
Software
/
Resource Hash

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://www.cpomagazine.com
pragma
no-cache
date
Sat, 15 Apr 2023 00:36:19 GMT
access-control-allow-credentials
true
x-robots-tag
none,NOINDEX,NOFOLLOW
access-control-allow-methods
POST, GET, OPTIONS
access-control-request-headers
Cache-Control, Pragma
prebid
ib.adnxs.com/ut/v3/ 		19 B
982 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: monu.delivery
URL: https://monu.delivery/sitesplit/d3/0.4.5/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
68.67.179.153 North Bergen, United States, ASN29990 (ASN-APPNEX, US),
Reverse DNS
570.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Sat, 15 Apr 2023 00:36:19 GMT
AN-X-Request-Uuid
8a9ecf2d-4430-49aa-b7ea-c741c25f43f5
Server
nginx/1.21.3
Accept-CH
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type
application/json; charset=utf-8
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
https://www.cpomagazine.com
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
X-Proxy-Origin
167.88.7.162; 167.88.7.162; 570.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
Content-Length
19
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
translator
hbopenbid.pubmatic.com/ 		0
63 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by
Host: monu.delivery
URL: https://monu.delivery/sitesplit/d3/0.4.5/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.36.115.111 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://www.cpomagazine.com
date
Sat, 15 Apr 2023 00:36:18 GMT
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
fastlane.json
fastlane.rubiconproject.com/a/api/ 		497 B
532 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=23852&site_id=389792&zone_id=2276222&size_id=2&p_pos=atf&us_privacy=1---&rp_schain=1.0,1!monumetric.com,51064762-e29f-4335-ac37-b358a1f27bc2,1,f77144b6-e159-46d1-94e7-ba62ad1a340c,,&eid_pubcid.org=f6a3602b-20d0-453b-ab39-49dbb75d7ee8%5E1&eid_id5-sync.com=ID5*8QJMToHjLhI41MQ6utISKy5xNxzU35fuwAaI9hSx7VxEBQ6ZwsW32VhQCy_jUR7dRAagl9kWlwgB0bfFbatM1g%5E1%5E2&tpid_tdid=c3db27b5-56e8-4f77-8870-8d51c49d4722&eid_adserver.org=c3db27b5-56e8-4f77-8870-8d51c49d4722&rf=https%3A%2F%2Fwww.cpomagazine.com%2Fcyber-security%2Fsuspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware%2F&tg_i.page=https%3A%2F%2Fwww.cpomagazine.com%2Fcyber-security%2Fsuspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware%2F&tg_i.domain=cpomagazine.com&tg_i.pbadslot=%2F20842576%2C22558570530%2FGSU0BM%2FGSU0BM-DDA.C%23anchor-3&tk_flint=pbjs_lite_v7.34.0&x_source.tid=2a6e728e-8551-40e9-8fa8-3f306583e063&l_pb_bid_id=3304014e0adc5c49&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&p_gpid=%2F20842576%2C22558570530%2FGSU0BM%2FGSU0BM-DDA.C%23anchor-3&slots=1&rand=0.22424201638110364
Requested by
Host: monu.delivery
URL: https://monu.delivery/sitesplit/d3/0.4.5/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2602:803:c002:200::115 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.21.4 /
Resource Hash

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sat, 15 Apr 2023 00:36:19 GMT
server
nginx/1.21.4
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
https://www.cpomagazine.com
p3p
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
content-length
497
expires
Wed, 17 Sep 1975 21:32:10 GMT
v2
e.serverbid.com/api/ 		16 B
202 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://e.serverbid.com/api/v2
Requested by
Host: monu.delivery
URL: https://monu.delivery/sitesplit/d3/0.4.5/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
159.89.246.130 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
text/plain

Response headers

date
Sat, 15 Apr 2023 00:36:18 GMT
content-encoding
gzip
access-control-max-age
10080
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/json
access-control-allow-origin
https://www.cpomagazine.com
access-control-allow-credentials
true
access-control-allow-headers
origin, content-type, accept
content-length
42
imp
g2.gumgum.com/hbid/ 		755 B
801 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://g2.gumgum.com/hbid/imp?lt=1681518979265&to=0&aun=mmt-575ee5ff-9f35-4cd7-9baf-39c6b507353a-ad&pubcid=f6a3602b-20d0-453b-ab39-49dbb75d7ee8&id5id=ID5*8QJMToHjLhI41MQ6utISKy5xNxzU35fuwAaI9hSx7VxEBQ6ZwsW32VhQCy_jUR7dRAagl9kWlwgB0bfFbatM1g&tdid=c3db27b5-56e8-4f77-8870-8d51c49d4722&gpid=%2F20842576%2C22558570530%2FGSU0BM%2FGSU0BM-DDA.C%23anchor-3&pv=ae44de31-6f1b-4579-ac0e-29ae61b79816&t=y3oo6v2j&pi=2&uspConsent=1---&schain=1.0%2C1!monumetric.com%2C51064762-e29f-4335-ac37-b358a1f27bc2%2C1%2Cf77144b6-e159-46d1-94e7-ba62ad1a340c%2C%2C&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fwww.cpomagazine.com%2Fcyber-security%2Fsuspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware%2F&ce=false&dpr=1&jcsi=%7B%22t%22%3A0%2C%22rq%22%3A8%2C%22pbv%22%3A%227.34.0%22%7D&ogu=https%3A%2F%2Fwww.cpomagazine.com%2Fcyber-security%2Fsuspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware%2F&ns=10240
Requested by
Host: monu.delivery
URL: https://monu.delivery/sitesplit/d3/0.4.5/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.235.206.17 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-18-235-206-17.compute-1.amazonaws.com
Software
nginx /
Resource Hash

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sat, 15 Apr 2023 00:36:19 GMT
content-encoding
gzip
server
nginx
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://www.cpomagazine.com
cache-control
private, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
timing-allow-origin
*
expires
0
bidRequest
c2shb.pubgw.yahoo.com/ 		66 B
116 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c2shb.pubgw.yahoo.com/bidRequest
Requested by
Host: monu.delivery
URL: https://monu.delivery/sitesplit/d3/0.4.5/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.236.83.94 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-236-83-94.compute-1.amazonaws.com
Software
ATS/9.1.10.25 /
Resource Hash

Request headers

Referer
x-openrtb-version
2.5
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
application/json

Response headers

date
Sat, 15 Apr 2023 00:36:19 GMT
content-encoding
gzip
server
ATS/9.1.10.25
age
0
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Accept-Encoding, User-Agent
access-control-allow-methods
POST,GET,HEAD,OPTIONS
content-type
application/json;charset=utf-8
access-control-allow-origin
https://www.cpomagazine.com
access-control-allow-credentials
true
content-length
83
v1
hb-api.omnitagjs.com/hb-api/prebid/ 		181 B
340 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://hb-api.omnitagjs.com/hb-api/prebid/v1?RefererUrl=https%3A%2F%2Fwww.cpomagazine.com%2Fcyber-security%2Fsuspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware%2F&PageUrl=https%3A%2F%2Fwww.cpomagazine.com%2Fcyber-security%2Fsuspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware%2F&PageReferrer=https%3A%2F%2Fwww.cpomagazine.com%2Fcyber-security%2Fsuspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware%2F&CanonicalUrl=https%3A%2F%2Fwww.cpomagazine.com%2Fcyber-security%2Fsuspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware%2F
Requested by
Host: monu.delivery
URL: https://monu.delivery/sitesplit/d3/0.4.5/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
195.244.31.11 Newark, United States, ASN63140 (IGUANA-WORLDWIDE, US),
Reverse DNS
Software
ayl-lb-usa02 /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
text/plain

Response headers

date
Sat, 15 Apr 2023 00:36:19 GMT
x-content-type-options
nosniff
p3p
CP="CAO PSA OUR"
x-envoy-upstream-service-time
9
content-length
181
pragma
no-cache
server
ayl-lb-usa02
access-control-max-age
3600
access-control-allow-methods
OPTIONS, POST
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.cpomagazine.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
vary
Accept-Encoding
access-control-allow-headers
Accept-Encoding, Content-Type
expires
0
c
prebid.a-mo.net/a/ 		245 B
337 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebid.a-mo.net/a/c
Requested by
Host: monu.delivery
URL: https://monu.delivery/sitesplit/d3/0.4.5/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
145.40.88.5 Secaucus, United States, ASN54825 (PACKET, US),
Reverse DNS
Software
envoy /
Resource Hash

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
text/plain

Response headers

date
Sat, 15 Apr 2023 00:36:18 GMT
content-encoding
gzip
server
envoy
vary
origin, Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.cpomagazine.com
cache-control
max-age=0, private, must-revalidate
access-control-allow-credentials
true
x-envoy-upstream-service-time
2
prebid
prebid.media.net/rtb/ 		16 KB
7 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebid.media.net/rtb/prebid?cid=8CUWWG7OK
Requested by
Host: monu.delivery
URL: https://monu.delivery/sitesplit/d3/0.4.5/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.107.148.139 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
139.148.107.34.bc.googleusercontent.com
Software
nginx /
Resource Hash

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sat, 15 Apr 2023 00:36:19 GMT
content-encoding
gzip
via
1.1 google
server
nginx
accept-ch
Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://www.cpomagazine.com
cache-control
max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
alt-svc
clear
expires
Sat, 15 Apr 2023 00:36:19 GMT
637e6546decb82d45236f0f8
prebid.cootlogix.com/prebid/multi/ 		0
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebid.cootlogix.com/prebid/multi/637e6546decb82d45236f0f8
Requested by
Host: monu.delivery
URL: https://monu.delivery/sitesplit/d3/0.4.5/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
45.77.203.141 Piscataway, United States, ASN20473 (AS-CHOOPA, US),
Reverse DNS
45.77.203.141.vultrusercontent.com
Software
/
Resource Hash

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://www.cpomagazine.com
date
Sat, 15 Apr 2023 00:36:19 GMT
cache-control
max-age=0, no-cache, must-revalidate, proxy-revalidate
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, Content-Range, Cache-Control
content-length
0
pbjs
htlb.casalemedia.com/openrtb/ 		37 B
505 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://htlb.casalemedia.com/openrtb/pbjs?s=201336
Requested by
Host: monu.delivery
URL: https://monu.delivery/sitesplit/d3/0.4.5/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.24.185 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sat, 15 Apr 2023 00:36:19 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rhR7%2FkA1Jinxo7%2Bi6tM6jB5jjFFZ4JuBz2ogn1m5AVXQbRkDUJiob90mopvwCNhYY2WoJUljNDtzZj5XGd08unjYDh6xlLZTtUR4QlA4hs7l3DEyQGSsdyAXATQfAq5lps9k%2FOb2"}],"group":"cf-nel","max_age":604800}
content-type
application/json
access-control-allow-origin
https://www.cpomagazine.com
cache-control
no-cache
access-control-allow-credentials
true
cf-ray
7b801d1488fd112c-ORD
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
37
expires
0
bid
ap.lijit.com/rtb/ 		95 B
631 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ap.lijit.com/rtb/bid?src=prebid_prebid_7.34.0
Requested by
Host: monu.delivery
URL: https://monu.delivery/sitesplit/d3/0.4.5/5/1/064762-e29f-4335-ac37-b358a1f27bc2.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.92.190.68 Charlotte, United States, ASN10913 (INTERNAP-BLK, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
text/plain

Response headers

Date
Sat, 15 Apr 2023 00:36:19 GMT
Content-Encoding
gzip
Vary
Accept-Encoding, User-Agent
Access-Control-Allow-Methods
GET, POST, DELETE, PUT
Content-Type
application/json
Access-Control-Allow-Origin
https://www.cpomagazine.com
Access-Control-Allow-Credentials
true
X-Sovrn-Pod
ad_ap2ewr1
Access-Control-Allow-Headers
X-Requested-With, Content-Type
Content-Length
100
ads
securepubads.g.doubleclick.net/gampad/ 		53 KB
21 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?pvsid=4164485387214954&correlator=2336167257515947&eid=31072020%2C31073828%2C31073843%2C676982961%2C31061691%2C31061692&output=ldjh&gdfp_req=1&vrg=202304130101&ptt=17&impl=fif&gdpr=0&us_privacy=1---&iu_parts=20842576%3A22558570530%2CGSU0BM%2CGSU0BM-DDS.C&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=300x250%7C300x600&ifi=9&adks=2554824453&sfv=1-0-40&prev_scp=pos%3D3%26monu%3D300x250-300x600_B3%26amznbid%3Dtjjmkg%26amznp%3D1v2ipkw%26amzniid%3DJCyNlGw22OoLxJ8reCpwo24AAAGHgldl1AEAAAJYAQBhcHNfdHhuX2JpZDEgICBhcHNfdHhuX2ltcDEgICDxkqiK%26amznsz%3D300x250%26target_adx_floor%3D0.00%26refresh_count%3D0%26tabVisibilityState%3Dvisible%26max_bid%3Dnone%26context%3D0__chrome&eri=1&cust_params=page_num%3Dundefined%26big4%3Dtrue%26referrer%3Ddirect%26infolinks%3Dtrue%26hem_included%3Dfalse%26tcf_gdprApplies%3Dfalse%26tcfBehavior%3DnotApplicable&sc=1&cookie=ID%3Ddbb218a7b09e9ffc-22a876ec17df00b2%3AT%3D1681518969%3ART%3D1681518978%3AS%3DALNI_MZmJ80B-U7uM76lq0wvX4c9sauhfg&gpic=UID%3D00000be2ab1fca0e%3AT%3D1681518969%3ART%3D1681518969%3AS%3DALNI_MaDsYPmWyU5yV_OwRsNx6yGEDPQ8g&abxe=1&dt=1681518979287&lmt=1681509637&dlt=1681518966562&idt=2549&adxs=1050&adys=1927&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=4&ucis=6&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fwww.cpomagazine.com%2Fcyber-security%2Fsuspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware%2F&rumc=4164485387214954&rume=1&frm=20&vis=1&psz=310x600&msz=300x0&fws=0&ohw=0&psts=AHQMDFetgnz5xssIcXevtINAuxsYIgg2uF-5qbKgHuxZegwZh7MvO-PtuiTEnN9v5aaK9j8Hq9Z_4KzZASbfpiOvWrb0yQ%2CAHQMDFfud7xlZeg-jpu8tqoKHID9ruZ5eZiFmc2sHXP-g0r77_WNsjBkJIb6vksUEqw6EmrhBZNolPGCwC4A6fg4LICmmA&ga_vid=557382840.1681518967&ga_sid=1681518969&ga_hid=882669968&ga_fc=true
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304130101/pubads_impl.js?cb=31073843
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4020:805::2002 Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Sat, 15 Apr 2023 00:36:19 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
21021
x-xss-protection
0
google-lineitem-id
6249261992
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
138425997597
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://www.cpomagazine.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
csi
csi.gstatic.com/ Frame EFF2 		0
17 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://csi.gstatic.com/csi?v=2&s=pagead&action=csi_pagead&dmc=8&puid=1~lgh8zg81&chm=1&c=4164485387214954&ctx=2&qqid=CIn-jKvSqv4CFW4MiAkdgJIGiQ&met.4=fb.x~lb.4o~ol.5p~idt.1fm~dt.-j7&met.3=733.4r~748.56~749.57~742.4q_o~739.5f~736.5g~738.5p~735.6e_2~740.6h_1~113.8r_1~112.8q_2&met.1=1.lgh8zfzb~14.b~15.0~16.b~17.b~18.b~19.c~20.c~21.c~22.36~23.36&met.7=CCIQBBgBICcoJzByOExoKHByeKwCsAEBuAED~CAkQChgBICgoKDCTAThraCpwkQF44EaAAbREiAGSrwGwAQG4AQM~CB4QChgBICkoKTBVOC1oKnBVeIAMgAHUCYgBgRWwAQG4AQM~CBsQBhgBICkoKTBrOEI~CE0QChgBICkoKTCaAThxaCtwc3i1hwOAAYmFA4gBmfcJsAEBuAED~CBcQBhgBICooKjBxOEdoLXBaeLCRBoABhI8GiAGEjwawAQG4AQM~CCIQBBgBIL4BKL4BMI0COE9oxQFwjAJ4rAKwAQG4AQM~CCgQChgBIOgBKOgBMJkCODFo6QFwlAJ4hb0BgAHZugGIAYv1A7ABAbgBAw
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/js/rum.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2001:4860:4802:32::3 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 15 Apr 2023 00:36:19 GMT
last-modified
Wed, 21 Jan 2004 19:51:30 GMT
server
Golfe2
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
container.html
3d42143788880280390f9d4398796108.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 58EA 		6 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://3d42143788880280390f9d4398796108.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Requested by
Host: cdn.confiant-integrations.net
URL: https://cdn.confiant-integrations.net/gptprebidnative/202302281347/wrap.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81e::2001 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

accept-ranges
bytes
age
10
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, immutable, max-age=31536000
content-encoding
br
content-length
2653
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Sat, 15 Apr 2023 00:36:09 GMT
expires
Sun, 14 Apr 2024 00:36:09 GMT
last-modified
Thu, 03 Nov 2022 19:10:08 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
mmt.gif
imps.monu.delivery/ 		37 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://imps.monu.delivery/mmt.gif?s=378656d2-f9de-4c85-8a3e-09b46c005318&a=b.r&u=575ee5ff-9f35-4cd7-9baf-39c6b507353a&d=%7B%22utm%22%3A%7B%7D%7D
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.186.236.140 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
140.236.186.35.bc.googleusercontent.com
Software
UploadServer /
Resource Hash

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Sat, 18 Mar 2023 21:52:05 GMT
age
2342654
x-guploader-uploadid
ADPycdtubwQalT_2g6m8-2YqpQC5joU8a_RZ5sxsFUo1pHnc37qCC9oqG_o2AybqFk-jd0o7cE-3QmrGzhwX10dciOr7k2m_BeqN
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
5
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
37
last-modified
Wed, 12 Jul 2017 09:13:19 GMT
server
UploadServer
etag
"455005e2f4b8ecc484500fab08619f70"
x-goog-generation
1499850799559224
x-goog-hash
crc32c=1zd0wQ==, md5=RVAF4vS47MSEUA+rCGGfcA==
content-type
image/gif
cache-control
public, max-age=31536000
x-goog-stored-content-length
37
accept-ranges
bytes
expires
Sun, 17 Mar 2024 21:52:05 GMT
integrator.js
adservice.google.com/adsid/ 		107 B
122 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=www.cpomagazine.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304130101/pubads_impl.js?cb=31073843
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4020:806::2002 Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Sat, 15 Apr 2023 00:36:19 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
content-type
application/javascript; charset=UTF-8
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
100
x-xss-protection
0
ads
securepubads.g.doubleclick.net/gampad/ 		53 KB
21 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?pvsid=4164485387214954&correlator=3929503587269977&eid=31072020%2C31073828%2C31073843%2C676982961%2C31061691%2C31061692&output=ldjh&gdfp_req=1&vrg=202304130101&ptt=17&impl=fif&gdpr=0&us_privacy=1---&iu_parts=20842576%3A22558570530%2CGSU0BM%2CGSU0BM-DDS.F&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=300x250%7C300x600&ifi=10&adks=3912404030&sfv=1-0-40&prev_scp=pos%3D6%26monu%3D300x250-300x600_B6%26amznbid%3D12f6mtc%26amznp%3D1v2ipkw%26amzniid%3DJPuv4ByGkM2bbrkqKe7cFuMAAAGHgldmHwEAAAJYAQBhcHNfdHhuX2JpZDEgICBhcHNfdHhuX2ltcDEgICCSHbeG%26amznsz%3D300x600%26target_adx_floor%3D0.00%26refresh_count%3D0%26tabVisibilityState%3Dvisible%26max_bid%3Dnone%26context%3D0__chrome&eri=1&cust_params=page_num%3Dundefined%26big4%3Dtrue%26referrer%3Ddirect%26infolinks%3Dtrue%26hem_included%3Dfalse%26tcf_gdprApplies%3Dfalse%26tcfBehavior%3DnotApplicable&sc=1&cookie=ID%3Ddbb218a7b09e9ffc-22a876ec17df00b2%3AT%3D1681518969%3ART%3D1681518978%3AS%3DALNI_MZmJ80B-U7uM76lq0wvX4c9sauhfg&gpic=UID%3D00000be2ab1fca0e%3AT%3D1681518969%3ART%3D1681518969%3AS%3DALNI_MaDsYPmWyU5yV_OwRsNx6yGEDPQ8g&abxe=1&dt=1681518979485&lmt=1681509637&dlt=1681518966562&idt=2549&adxs=1050&adys=4383&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=5&ucis=7&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fwww.cpomagazine.com%2Fcyber-security%2Fsuspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware%2F&rumc=4164485387214954&rume=1&frm=20&vis=1&psz=310x600&msz=300x0&fws=0&ohw=0&psts=AHQMDFetgnz5xssIcXevtINAuxsYIgg2uF-5qbKgHuxZegwZh7MvO-PtuiTEnN9v5aaK9j8Hq9Z_4KzZASbfpiOvWrb0yQ%2CAHQMDFfud7xlZeg-jpu8tqoKHID9ruZ5eZiFmc2sHXP-g0r77_WNsjBkJIb6vksUEqw6EmrhBZNolPGCwC4A6fg4LICmmA&ga_vid=557382840.1681518967&ga_sid=1681518969&ga_hid=882669968&ga_fc=true
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304130101/pubads_impl.js?cb=31073843
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4020:805::2002 Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Sat, 15 Apr 2023 00:36:19 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
21007
x-xss-protection
0
google-lineitem-id
6249261992
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
138425997609
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://www.cpomagazine.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=gpt_pgbrk&pvsid=4164485387214954&vrg=202304130101&nw_id=20842576%5C%2C22558570530&nslots=9&eid=31072020%2C31073828%2C31073843%2C676982961%2C31061691%2C31061692&pub_url=https%3A%2F%2Fwww.cpomagazine.com%2Fcyber-security%2Fsuspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware%2F&qid=CIn-jKvSqv4CFW4MiAkdgJIGiQ&iu=%2F20842576%2C22558570530%2FGSU0BM%2FGSU0BM-DDI.A&e=61952&ret=300x250&req=300x250&bm=0&efh=0&stk=0&ifi=10
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4020:805::2002 Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 15 Apr 2023 00:36:19 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
view
securepubads.g.doubleclick.net/pcs/ Frame 396F 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstNb876yOd2g3ZUl5j3Z66Sgp-4q8pxWkOR9Qf36d7_l8fD1vUEE8ZAvxM7-DG0BMlGvpmf0Egm_3PXf6UWVb24oJ6pnIPDA0w65G5m1kk1Wvk_8jA0j3Cu0UxiDUV9a8-u4pOJtGs31qm7xO4baLqocYEH1c8CVf2Vp-c_qf-tP3gZP9eCleRJ7upCtjby_cE7-Eq458Q417qD8h6luivlJ5DFWpUyWKpwqdC9Apg3mAT5K2mFzYhMvs390IybZ0SNOfyQgjn1qcrWt9MSA3i8Ysm6_Y1m97ITW8oGNk8xVJLMZ13CE05z5qFVPk_hbSvpvGHw5_ewbjw&sai=AMfl-YQ6NSeZrm_lH2mlDB-yvpQ4to-rHpUCvdZo-ygw0BMvW3PZAl7yeckN7cHzSYl8LZc4Rwb9eR_YyJDOcaSgRApZjqTpZfbsJuXPgQkp-vl6HdeGdQi6zwUwnoVS-zI&sig=Cg0ArKJSzKhbX3_MomjMEAE&uach_m=[UACH]&adurl=
Requested by
Host: www.cpomagazine.com
URL: https://www.cpomagazine.com/cyber-security/suspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4020:805::2002 Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Sat, 15 Apr 2023 00:36:19 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
abg_lite_fy2021.js
tpc.googlesyndication.com/pagead/js/r20230412/r20110914/ Frame 396F 		22 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20230412/r20110914/abg_lite_fy2021.js
Requested by
Host: www.cpomagazine.com
URL: https://www.cpomagazine.com/cyber-security/suspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4020:807::2001 Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Sat, 15 Apr 2023 00:36:19 GMT
content-encoding
br
x-content-type-options
nosniff
age
0
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
8756
x-xss-protection
0
server
cafe
etag
5179999606349116156
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Sat, 29 Apr 2023 00:36:19 GMT
window_focus_fy2021.js
tpc.googlesyndication.com/pagead/js/r20230412/r20110914/client/ Frame 396F 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20230412/r20110914/client/window_focus_fy2021.js
Requested by
Host: www.cpomagazine.com
URL: https://www.cpomagazine.com/cyber-security/suspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4020:807::2001 Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Fri, 14 Apr 2023 19:24:36 GMT
content-encoding
br
x-content-type-options
nosniff
age
18703
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1236
x-xss-protection
0
server
cafe
etag
15004572836499977866
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Fri, 28 Apr 2023 19:24:36 GMT
l
www.google.com/ads/measurement/ Frame 396F 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/measurement/l?ebcid=ALh7CaQx3e-A0yaXtm41cnp-VdigoWqOLLNbIYc8Lit6wHbWAW3qYHAydDXWmjD1dA9kuLQWF5rQqrULuIbIbFHfDX9q6Vnt1Q
Requested by
Host: www.cpomagazine.com
URL: https://www.cpomagazine.com/cyber-security/suspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:81c::2004 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 396F 		159 KB
49 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: www.cpomagazine.com
URL: https://www.cpomagazine.com/cyber-security/suspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:81e::2002 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Sat, 15 Apr 2023 00:36:19 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
49801
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1681299295334834"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 15 Apr 2023 00:36:19 GMT
16630820227160513789
tpc.googlesyndication.com/simgad/ Frame 396F 		191 KB
191 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/simgad/16630820227160513789
Requested by
Host: www.cpomagazine.com
URL: https://www.cpomagazine.com/cyber-security/suspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4020:807::2001 Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Thu, 13 Apr 2023 15:00:59 GMT
x-content-type-options
nosniff
age
120920
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
195142
x-xss-protection
0
last-modified
Fri, 26 Aug 2022 22:32:07 GMT
server
sffe
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Fri, 12 Apr 2024 15:00:59 GMT
ads
securepubads.g.doubleclick.net/gampad/ 		0
0
view
securepubads.g.doubleclick.net/pcs/ Frame F77D 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstTLzgbDbADjw22KGrN-4eL5fGcd2_BIq_EzV5e0q7YxZKCzXfHZT5ySEU2Xi_48OVNJkZ-pjaJww771T8nnsfVslNhU57yBNbyfHJauGWcUvVR7jtyJutwmCb5glpM94-h_xktVY7N4AW-m7W1NmP56l6tBkYYNtb9FfIRN1Y5Yn-i0R2HSRGx_ooeJlTtUFu8bALEAs_TR_9INXeYzWZp0Zh-h-NG3CXczT8Jr20nsnAaWMNqqe7_i6P76l7fS_sEXN7qqtDrAqUcDK7DxJD_GSuDgP90S4Ba-PbKWCiUZ37wsT0jhlJPcFWF5GoDH1vB_9DFJM8Zicg&sai=AMfl-YTFTLBDLJc7QOLDU6bdgyNONxc-czlHO_TozapVEYZMbhzFcU4xfoj-lUIx2eHW-5Vhdl25R7F_JAagUqa0QxcSpiBE9Wy1t4wgaiKL8dn553H7lgAt_8JVpJpXB5E&sig=Cg0ArKJSzKaORaBxZfiwEAE&uach_m=[UACH]&adurl=
Requested by
Host: www.cpomagazine.com
URL: https://www.cpomagazine.com/cyber-security/suspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4020:805::2002 Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Sat, 15 Apr 2023 00:36:19 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
16630820227160513789
tpc.googlesyndication.com/simgad/ Frame F77D 		191 KB
191 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/simgad/16630820227160513789
Requested by
Host: www.cpomagazine.com
URL: https://www.cpomagazine.com/cyber-security/suspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4020:807::2001 Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Thu, 13 Apr 2023 15:00:59 GMT
x-content-type-options
nosniff
age
120920
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
195142
x-xss-protection
0
last-modified
Fri, 26 Aug 2022 22:32:07 GMT
server
sffe
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Fri, 12 Apr 2024 15:00:59 GMT
abg_lite_fy2021.js
tpc.googlesyndication.com/pagead/js/r20230412/r20110914/ Frame F77D 		22 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20230412/r20110914/abg_lite_fy2021.js
Requested by
Host: www.cpomagazine.com
URL: https://www.cpomagazine.com/cyber-security/suspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4020:807::2001 Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Sat, 15 Apr 2023 00:36:19 GMT
content-encoding
br
x-content-type-options
nosniff
age
0
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
8756
x-xss-protection
0
server
cafe
etag
5179999606349116156
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Sat, 29 Apr 2023 00:36:19 GMT
window_focus_fy2021.js
tpc.googlesyndication.com/pagead/js/r20230412/r20110914/client/ Frame F77D 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20230412/r20110914/client/window_focus_fy2021.js
Requested by
Host: www.cpomagazine.com
URL: https://www.cpomagazine.com/cyber-security/suspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4020:807::2001 Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Fri, 14 Apr 2023 19:24:36 GMT
content-encoding
br
x-content-type-options
nosniff
age
18703
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1236
x-xss-protection
0
server
cafe
etag
15004572836499977866
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Fri, 28 Apr 2023 19:24:36 GMT
l
www.google.com/ads/measurement/ Frame F77D 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/measurement/l?ebcid=ALh7CaQA7n2zAZc2U1KXt6LLm1azVE7UYBi1xW8le-E2trapanSgnE5gVZq--p1iA9h2B39CDKkb6vBmWuOv66bxyq3kBuhj7w
Requested by
Host: www.cpomagazine.com
URL: https://www.cpomagazine.com/cyber-security/suspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:81c::2004 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame F77D 		159 KB
49 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: www.cpomagazine.com
URL: https://www.cpomagazine.com/cyber-security/suspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:81e::2002 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Sat, 15 Apr 2023 00:36:19 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
49801
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1681299295334834"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 15 Apr 2023 00:36:19 GMT
pixel
googleads.g.doubleclick.net/xbbe/ Frame C01B 		645 B
254 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/xbbe/pixel?d=CIYBELSz2JsDGL72uuUBMAE&v=APEucNWTts8dzM0KSeEA8R1Qgf4g-p9ItJHK5BY1ZBL1nIvQtjGgL-85Ea0tOEPvylK9F2CMLxPfX2yrCq9SaFGLBBeXh3n3n39S99ubhHngN_LiuORmeg0
Requested by
Host: 3d42143788880280390f9d4398796108.safeframe.googlesyndication.com
URL: https://3d42143788880280390f9d4398796108.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:81f::2002 -, , ASN (),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://3d42143788880280390f9d4398796108.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding
br
content-length
234
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Sat, 15 Apr 2023 00:36:19 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
dv3.js
pagead2.googlesyndication.com/pagead/js/ Frame 58EA 		78 KB
27 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/dv3.js
Requested by
Host: 3d42143788880280390f9d4398796108.safeframe.googlesyndication.com
URL: https://3d42143788880280390f9d4398796108.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4020:805::2002 Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://3d42143788880280390f9d4398796108.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Sat, 15 Apr 2023 00:36:19 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
28043
x-xss-protection
0
server
cafe
etag
15270303690107644053
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=600
timing-allow-origin
*
expires
Sat, 15 Apr 2023 00:36:19 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 58EA 		42 B
66 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-Akh8slxydGU1fR1-9tRBLP5B-GODmH35J66CtvOUswuZO1fq30vpYEpZcG-fmizhojtP1ioHuEY7M2d05eGtXENLw2lzi7Og9BJH3Jtz0OyysCBPs
Requested by
Host: 3d42143788880280390f9d4398796108.safeframe.googlesyndication.com
URL: https://3d42143788880280390f9d4398796108.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4020:805::2002 Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://3d42143788880280390f9d4398796108.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 15 Apr 2023 00:36:19 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 58EA 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=12883429629277375602&x=1&ct=76
Requested by
Host: 3d42143788880280390f9d4398796108.safeframe.googlesyndication.com
URL: https://3d42143788880280390f9d4398796108.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4020:805::2002 Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://3d42143788880280390f9d4398796108.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 15 Apr 2023 00:36:19 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
window_focus_fy2021.js
tpc.googlesyndication.com/pagead/js/r20230412/r20110914/client/ Frame 58EA 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20230412/r20110914/client/window_focus_fy2021.js
Requested by
Host: 3d42143788880280390f9d4398796108.safeframe.googlesyndication.com
URL: https://3d42143788880280390f9d4398796108.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4020:807::2001 Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://3d42143788880280390f9d4398796108.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Fri, 14 Apr 2023 19:24:36 GMT
content-encoding
br
x-content-type-options
nosniff
age
18703
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1236
x-xss-protection
0
server
cafe
etag
15004572836499977866
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Fri, 28 Apr 2023 19:24:36 GMT
qs_click_protection_fy2021.js
tpc.googlesyndication.com/pagead/js/r20230412/r20110914/client/ Frame 58EA 		20 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20230412/r20110914/client/qs_click_protection_fy2021.js
Requested by
Host: 3d42143788880280390f9d4398796108.safeframe.googlesyndication.com
URL: https://3d42143788880280390f9d4398796108.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4020:807::2001 Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://3d42143788880280390f9d4398796108.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Fri, 14 Apr 2023 19:24:36 GMT
content-encoding
br
x-content-type-options
nosniff
age
18703
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
8509
x-xss-protection
0
server
cafe
etag
3034682829645713766
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Fri, 28 Apr 2023 19:24:36 GMT
l
www.google.com/ads/measurement/ Frame 58EA 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/measurement/l?ebcid=ALh7CaT_nhM6Z_XXpaZhwMrOo7szgJH-9HFsWAeEmbOAoxuk2M77SlFztCMAHdvnJd9ozfEcP3uAYeiJgkJtD0fPO9fPobVw5A
Requested by
Host: 3d42143788880280390f9d4398796108.safeframe.googlesyndication.com
URL: https://3d42143788880280390f9d4398796108.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:81c::2004 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash

Request headers

accept-language
en-US,en;q=0.9
Referer
https://3d42143788880280390f9d4398796108.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 58EA 		159 KB
49 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: 3d42143788880280390f9d4398796108.safeframe.googlesyndication.com
URL: https://3d42143788880280390f9d4398796108.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:81e::2002 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://3d42143788880280390f9d4398796108.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Sat, 15 Apr 2023 00:36:19 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
49801
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1681299295334834"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 15 Apr 2023 00:36:19 GMT
pixel
protected-by.clarium.io/ Frame 58EA 		68 B
244 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://protected-by.clarium.io/pixel?tag=wt_T09oM2JUcnRiMm5IeU93R2syTFRPNVNXbzU0LzIzNjcyNTUwMTA6MzAweDI1MA==&v=5&s=v31gu15eqls&id=eyJkZnAiOnsiYWQiOjI4MTkyMjk2LCJjIjpudWxsLCJsIjowLCJvIjoyMzY3MjU1MDEwLCJBIjoiLzIwODQyNTc2LDIyNTU4NTcwNTMwL0dTVTBCTS9HU1UwQk0tRERTLkEiLCJ5IjoxMjE3NTksImNvIjowLCJzIjoibW10LWEzMzUxMDU0LTdlNjktNDY2NC04NmQ3LTQxZjFjMGYzZmU3ZS1hZCJ9LCJ0cF9jcmlkIjpudWxsfQ%3D%3D&cb=547590&h=www.cpomagazine.com&d=eyJ3aCI6IlQwOW9NMkpVY25SaU1tNUllVTkzUjJzeVRGUlBOVk5YYnpVMEx6SXpOamN5TlRVd01UQTZNekF3ZURJMU1BPT0iLCJ3ZCI6eyJvIjoyMzY3MjU1MDEwLCJ3IjoiMzAwIiwiaCI6IjI1MCJ9LCJ3ciI6Mn0=
Requested by
Host: 3d42143788880280390f9d4398796108.safeframe.googlesyndication.com
URL: https://3d42143788880280390f9d4398796108.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.197.171.49 -, , ASN (),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash

Request headers

accept-language
en-US,en;q=0.9
Referer
https://3d42143788880280390f9d4398796108.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

content-type
image/png
pragma
no-cache
date
Sat, 15 Apr 2023 00:36:19 GMT
cache-control
no-store, no-cache, must-revalidate, max-age=0
server
nginx/1.18.0 (Ubuntu)
expires
Sat, 26 Jul 1997 05:00:00 GMT
view
securepubads.g.doubleclick.net/pcs/ Frame CD23 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvJ0oCvpUEZm7J5GYd4mvVePNI6WYt3Um8yJ1wA0XcI6ZNQSq6g54I3nUx-er-yuzzjRolp9KDXUspgOga6SKcYDMFxVXcdSxpBYWb_94eAcXisRt7RgEVZN313uo4ARBK24Cebd5O23-PIxGuO0FReBNZRzHFTpbYnwhP2tewU7Nlw4kibfT3HdQIi97zbvCTW0Hlfc7bIZ7F0JHIClCIhJk-_vwxMYJ7VsUNc21l2dKr7Uh3AqBOmbTs4fBxsTqV9PQ961EX-lidRhV7W4RlaUkETRfzLgQ4xeE9AZ5Xct3Ffd1njlRUJ7LP2daEkFFeLccQNerLKxeY&sai=AMfl-YRFIBLN3dVwmR-NQyp_GNakJZxnl2XjezbVX0f9Pf6g5l3O-TNVa8NpLeYKPqodHgz-PeV79lgoOUq5Kvs4bh_QvJ4EMHaAos54jbuV8WASsQ800Qy0kCw8g9af3KA&sig=Cg0ArKJSzA6_N5c0Gpr4EAE&uach_m=[UACH]&adurl=
Requested by
Host: www.cpomagazine.com
URL: https://www.cpomagazine.com/cyber-security/suspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4020:805::2002 Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Sat, 15 Apr 2023 00:36:19 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
abg_lite_fy2021.js
tpc.googlesyndication.com/pagead/js/r20230412/r20110914/ Frame CD23 		22 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20230412/r20110914/abg_lite_fy2021.js
Requested by
Host: www.cpomagazine.com
URL: https://www.cpomagazine.com/cyber-security/suspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4020:807::2001 Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Sat, 15 Apr 2023 00:36:19 GMT
content-encoding
br
x-content-type-options
nosniff
age
0
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
8756
x-xss-protection
0
server
cafe
etag
5179999606349116156
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Sat, 29 Apr 2023 00:36:19 GMT
window_focus_fy2021.js
tpc.googlesyndication.com/pagead/js/r20230412/r20110914/client/ Frame CD23 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20230412/r20110914/client/window_focus_fy2021.js
Requested by
Host: www.cpomagazine.com
URL: https://www.cpomagazine.com/cyber-security/suspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4020:807::2001 Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Fri, 14 Apr 2023 19:24:36 GMT
content-encoding
br
x-content-type-options
nosniff
age
18703
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1236
x-xss-protection
0
server
cafe
etag
15004572836499977866
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Fri, 28 Apr 2023 19:24:36 GMT
l
www.google.com/ads/measurement/ Frame CD23 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/measurement/l?ebcid=ALh7CaTxhl0g9IytkOUQTToEG-IiKV1ugf6fYYettfaH2-1zS9FcDCht8MuWaTZrrMOGSe0ZxOAuBwpUim-g1Lu0XExWepkXDg
Requested by
Host: www.cpomagazine.com
URL: https://www.cpomagazine.com/cyber-security/suspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:81c::2004 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame CD23 		159 KB
49 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: www.cpomagazine.com
URL: https://www.cpomagazine.com/cyber-security/suspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:81e::2002 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Sat, 15 Apr 2023 00:36:19 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
49801
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1681299295334834"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 15 Apr 2023 00:36:19 GMT
12738669734505117874
tpc.googlesyndication.com/simgad/ Frame CD23 		120 KB
120 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/simgad/12738669734505117874
Requested by
Host: www.cpomagazine.com
URL: https://www.cpomagazine.com/cyber-security/suspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4020:807::2001 Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Sat, 15 Apr 2023 00:36:19 GMT
x-content-type-options
nosniff
age
0
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
123093
x-xss-protection
0
last-modified
Fri, 26 Aug 2022 22:30:50 GMT
server
sffe
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Sun, 14 Apr 2024 00:36:19 GMT
truncated
/ Frame 396F 		217 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

Content-Type
image/png
metrics
connect-metrics-collector.s-onetag.com/ 		0
73 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://connect-metrics-collector.s-onetag.com/metrics
Requested by
Host: get.s-onetag.com
URL: https://get.s-onetag.com/e599ac32-ea3f-46fa-a00b-60b8e4861a70/tag.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
75.2.13.80 -, , ASN (),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

access-control-allow-origin
*
date
Sat, 15 Apr 2023 00:36:19 GMT
content-length
0
vary
Origin
rum
dsum-sec.casalemedia.com/ Frame C01B
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm&gdpr=0
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEH-ZCwmV3JZhCjyQkRleEQo&google_cver=1&gdpr=0
0
0
pixel
cm.g.doubleclick.net/ Frame C01B
Redirect Chain
  • https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&gdpr=0&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZDnxevXW-NcseN8s76eLBgAA
0
0
setuid
ib.adnxs.com/ Frame C01B
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm&gdpr=0
  • https://ib.adnxs.com/setuid?entity=101&gdpr=0&code=CAESEIisuX1QQJ90-1PlEnyKnR8&google_cver=1
0
0
pixel
cm.g.doubleclick.net/ Frame C01B
Redirect Chain
  • https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDMyNjI5NzgxOTgzNjQxNTg4Nw%3D%3D
0
0
truncated
/ Frame F77D 		217 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

Content-Type
image/png
view
securepubads.g.doubleclick.net/pcs/ Frame F77D 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjss2hm0keI9QAB7cQYO3Nbtm5gxJ4lO5Y256rm3GOGQyuQrHs8gnJiDApR91a_2ivx2w55CM11PkicgFTcgvRuso1z1JWVJbsXWj9hjmy2QWVwH1Yqa8XGKnxlXPZxFCFhs2hn9jc5swlo3UkTqxkD3A2L5XqDgTfnJzcJyoXkftbKJAzbQ-7aT_-nbFGkhYFVAXtpNXbck7OHW_uzQHSG1fiIynW6cMQyojGr8EVojaXv3xKqXi18T0SUmTBd3zqNoy-_By85TkUe9oQ4B-WbfFfbClioxwDS1HE2Fp7OabaU_piKYoEZgGtwA8nQdyAj9xS5yqO27kjqradw&sai=AMfl-YSESJWZsFyNURAtDLdCiZwB6CrKEiMeCBdS04rcVvSZjVVABFJRrYxHk1UVuFyjCuUs2vq9LOvpE4M8QJnCMKafqbAY5LvRWy4m_-yBjckHPW6DbSCL114gbd1Qlpg&sig=Cg0ArKJSzKmiF0ey8p02EAE&uach_m=[UACH]&adurl=
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4020:805::2002 Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Sat, 15 Apr 2023 00:36:19 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Sat, 15 Apr 2023 00:36:19 GMT
view
securepubads.g.doubleclick.net/pcs/ Frame 396F 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsurlcyPgg-ftIKk7s1sERJkD1jBLnPtl8FDUU4Hg88CynyP4DoaX_fXMIz6pjaPJ4aStWz39eRpkZIzDmHYUq-oPhX322lLIOV1fwdvWCTJd8Is9APDED8Ymhfg588KxGOPS4qWrBdsoRH-gGh7oRzjgqd-rgdWd-4jgPR-eTlAq3nmZiDBAfDFESb-mq9v9oR2NLnNqkF0s9oq6eK4xB-K15Cr1mSkvkfgfmWF3WKHEjm2rOPm8d1TIhTdxMCSVUUp-_iBsbvSti7xzuGLszCLDwM_kGd81qvhu1BBCPN224tYNdnPQEAE1pUfazjfDyz0zBHkvRQXSjdsAg&sai=AMfl-YQ37KCxNcCs-hVRWx8dD_cCZVQmykoNgBjd5RdqcaikeSSTtTYESh3T7wU9hpmAWaU6oC6GtMmPFJTe9DWoRJDYGfAqyx0lm_t83e8LoGPzhdBfoJgyK2uii4IU75c&sig=Cg0ArKJSzNtMiACCLhGkEAE&uach_m=[UACH]&adurl=
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4020:805::2002 Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Sat, 15 Apr 2023 00:36:19 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Sat, 15 Apr 2023 00:36:19 GMT
integrator.js
adservice.google.com/adsid/ 		107 B
122 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=www.cpomagazine.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304130101/pubads_impl.js?cb=31073843
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4020:806::2002 Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Sat, 15 Apr 2023 00:36:20 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
content-type
application/javascript; charset=UTF-8
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
100
x-xss-protection
0
ads
securepubads.g.doubleclick.net/gampad/ 		0
0
view
securepubads.g.doubleclick.net/pcs/ Frame D4C6 		0
0
16630820227160513789
tpc.googlesyndication.com/simgad/ Frame D4C6 		191 KB
191 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/simgad/16630820227160513789
Requested by
Host: www.cpomagazine.com
URL: https://www.cpomagazine.com/cyber-security/suspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4020:807::2001 Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Thu, 13 Apr 2023 15:00:59 GMT
x-content-type-options
nosniff
age
120921
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
195142
x-xss-protection
0
last-modified
Fri, 26 Aug 2022 22:32:07 GMT
server
sffe
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Fri, 12 Apr 2024 15:00:59 GMT
abg_lite_fy2021.js
tpc.googlesyndication.com/pagead/js/r20230412/r20110914/ Frame D4C6 		0
0
window_focus_fy2021.js
tpc.googlesyndication.com/pagead/js/r20230412/r20110914/client/ Frame D4C6 		3 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20230412/r20110914/client/window_focus_fy2021.js
Requested by
Host: www.cpomagazine.com
URL: https://www.cpomagazine.com/cyber-security/suspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4020:807::2001 Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Fri, 14 Apr 2023 19:24:36 GMT
content-encoding
br
x-content-type-options
nosniff
age
18704
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1236
x-xss-protection
0
server
cafe
etag
15004572836499977866
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Fri, 28 Apr 2023 19:24:36 GMT
l
www.google.com/ads/measurement/ Frame D4C6 		0
0
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame D4C6 		0
0
rum.js
securepubads.g.doubleclick.net/pagead/js/ Frame F77D 		0
0
metrics
signal-metrics-collector-beta.s-onetag.com/ 		0
0
truncated
/ Frame CD23 		216 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

Content-Type
image/png
gen_204
pagead2.googlesyndication.com/pagead/ Frame 58EA 		0
0
gen_204
pagead2.googlesyndication.com/pagead/ Frame 58EA 		0
0
ad
googleads.g.doubleclick.net/dbm/ Frame 58EA 		0
0
rum.js
securepubads.g.doubleclick.net/pagead/js/ Frame 396F 		0
0
view
securepubads.g.doubleclick.net/pcs/ Frame CD23 		0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
cpomagazine.activehosted.com
URL
https://cpomagazine.activehosted.com/f/embed.php?static=0&id=1&6439CD050E048&nostyles=0&preview=0
Domain
cpomagazine.activehosted.com
URL
https://cpomagazine.activehosted.com/f/embed.php?static=0&id=1&6439CD050DC5A&nostyles=0&preview=0
Domain
dsum.casalemedia.com
URL
https://dsum.casalemedia.com/pbusermatch?origin=prebid&site_id=242369&p=1&i=0&gdpr=0&gdpr_consent=&us_privacy=
Domain
securepubads.g.doubleclick.net
URL
https://securepubads.g.doubleclick.net/gampad/ads?pvsid=4164485387214954&correlator=2111715696806248&eid=31072020%2C31073828%2C31073843%2C676982961%2C31061691%2C31061692&output=ldjh&gdfp_req=1&vrg=202304130101&ptt=17&impl=fif&gdpr=0&us_privacy=1---&iu_parts=20842576%3A22558570530%2CGSU0BM%2CGSU0BM-DDA.C&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=728x90&ifi=11&adks=3877474539&sfv=1-0-40&prev_scp=pos%3D3%26monu%3D728x90_B3%26directDeals%3Dsticky_bottom%26amznbid%3Dtjjmkg%26amznp%3D1v2ipkw%26amzniid%3DJO1KG5JhClUlTufF06al_CwAAAGHgldmBwEAAAJYAQBhcHNfdHhuX2JpZDEgICBhcHNfdHhuX2ltcDEgICAldIv0%26amznsz%3D728x90%26bidder_responseTime%3Dmedianet_200%26auction_id%3D46a6333b-0a89-4c27-92ab-6af11134ad53%26monu_df%3D0.02%26safeframe%3Dtrue%26bid_source%3Dclient%26hb_size%3D728x90%26hb_adid%3D35532a43c43a4261%26hb_bidder%3Dmedianet%26target_adx_floor%3D0.00%26refresh_count%3D0%26tabVisibilityState%3Dvisible%26max_bid%3Ddf%26context%3D0__chrome&eri=1&cust_params=page_num%3Dundefined%26big4%3Dtrue%26referrer%3Ddirect%26infolinks%3Dtrue%26hem_included%3Dfalse%26tcf_gdprApplies%3Dfalse%26tcfBehavior%3DnotApplicable&sc=1&cookie=ID%3Ddbb218a7b09e9ffc-22a876ec17df00b2%3AT%3D1681518969%3ART%3D1681518978%3AS%3DALNI_MZmJ80B-U7uM76lq0wvX4c9sauhfg&gpic=UID%3D00000be2ab1fca0e%3AT%3D1681518969%3ART%3D1681518969%3AS%3DALNI_MaDsYPmWyU5yV_OwRsNx6yGEDPQ8g&abxe=1&dt=1681518979632&lmt=1681509637&dlt=1681518966562&idt=2549&adxs=436&adys=1200&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=6&ucis=8&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fwww.cpomagazine.com%2Fcyber-security%2Fsuspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware%2F&rumc=4164485387214954&rume=1&frm=20&vis=1&psz=728x-1&msz=728x-1&fws=512&ohw=0&psts=AHQMDFetgnz5xssIcXevtINAuxsYIgg2uF-5qbKgHuxZegwZh7MvO-PtuiTEnN9v5aaK9j8Hq9Z_4KzZASbfpiOvWrb0yQ%2CAHQMDFfud7xlZeg-jpu8tqoKHID9ruZ5eZiFmc2sHXP-g0r77_WNsjBkJIb6vksUEqw6EmrhBZNolPGCwC4A6fg4LICmmA%2CAHQMDFft4FPsLjfBmv6qoTGblU3da6MjUfZP5FO-9g-PJA7CVHho8MMCD0zAKVh-RUpu1g8Q9mGFdDP2BGoZjHlJx52PFw&ga_vid=557382840.1681518967&ga_sid=1681518969&ga_hid=882669968&ga_fc=true
Domain
dsum-sec.casalemedia.com
URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEH-ZCwmV3JZhCjyQkRleEQo&google_cver=1&gdpr=0
Domain
cm.g.doubleclick.net
URL
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZDnxevXW-NcseN8s76eLBgAA
Domain
ib.adnxs.com
URL
https://ib.adnxs.com/setuid?entity=101&gdpr=0&code=CAESEIisuX1QQJ90-1PlEnyKnR8&google_cver=1
Domain
cm.g.doubleclick.net
URL
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDMyNjI5NzgxOTgzNjQxNTg4Nw%3D%3D
Domain
securepubads.g.doubleclick.net
URL
https://securepubads.g.doubleclick.net/gampad/ads?pvsid=4164485387214954&correlator=477948703504621&eid=31072020%2C31073828%2C31073843%2C676982961%2C31061691%2C31061692&output=ldjh&gdfp_req=1&vrg=202304130101&ptt=17&impl=fif&gdpr=0&us_privacy=1---&iu_parts=20842576%3A22558570530%2CGSU0BM%2CGSU0BM-DDS.E&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=300x250%7C300x600&ifi=12&adks=1759185456&sfv=1-0-40&prev_scp=pos%3D5%26monu%3D300x250-300x600_B5%26amznbid%3D2%26amznp%3D2%26target_adx_floor%3D0.00%26refresh_count%3D0%26tabVisibilityState%3Dvisible%26max_bid%3Dnone%26context%3D0__chrome&eri=1&cust_params=page_num%3Dundefined%26big4%3Dtrue%26referrer%3Ddirect%26infolinks%3Dtrue%26hem_included%3Dfalse%26tcf_gdprApplies%3Dfalse%26tcfBehavior%3DnotApplicable&sc=1&cookie=ID%3Ddbb218a7b09e9ffc-22a876ec17df00b2%3AT%3D1681518969%3AS%3DALNI_MZmJ80B-U7uM76lq0wvX4c9sauhfg&gpic=UID%3D00000be2ab1fca0e%3AT%3D1681518969%3ART%3D1681518969%3AS%3DALNI_MaDsYPmWyU5yV_OwRsNx6yGEDPQ8g&abxe=1&dt=1681518979982&lmt=1681509637&dlt=1681518966562&idt=2549&adxs=1050&adys=3793&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=7&ucis=9&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fwww.cpomagazine.com%2Fcyber-security%2Fsuspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware%2F&rumc=4164485387214954&rume=1&frm=20&vis=1&psz=310x600&msz=300x0&fws=0&ohw=0&psts=AHQMDFetgnz5xssIcXevtINAuxsYIgg2uF-5qbKgHuxZegwZh7MvO-PtuiTEnN9v5aaK9j8Hq9Z_4KzZASbfpiOvWrb0yQ%2CAHQMDFfud7xlZeg-jpu8tqoKHID9ruZ5eZiFmc2sHXP-g0r77_WNsjBkJIb6vksUEqw6EmrhBZNolPGCwC4A6fg4LICmmA%2CAHQMDFft4FPsLjfBmv6qoTGblU3da6MjUfZP5FO-9g-PJA7CVHho8MMCD0zAKVh-RUpu1g8Q9mGFdDP2BGoZjHlJx52PFw%2CAHQMDFcvHZaAM79IqcXfQmMBGr0-agFRJTb8b4Uj9-v7PsVhZeTBpiQhqQqPuJE6B2faNZvBWM7MCBVHdnSRYlu2BgV4Bw%2CAHQMDFd7aFEeZR1gLkQDh1lE9x5DEqiKrO6TnwoE_ZTk-2g460WbCbIuA5mVBdU3PT-4rsXT0a7Ju5TOSQVa1PX57ooOVQ&ga_vid=557382840.1681518967&ga_sid=1681518969&ga_hid=882669968&ga_fc=true
Domain
securepubads.g.doubleclick.net
URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuAL5Iwxyh_1xJyAbl33P-ZzKfEp0MfDqDO7t2KArzoUtthCYySlZaJuQg1LtLiLPhKPvrx_GOJcSWbUJMvW51l6I5nS5Ot2K6ULzpNcbJX-N_WKOpw5rgWdoZbYKv2yNYD5qKP4MFjzvy90a5ejVHQ5K8PgC3ibEpjwukuZ5RLsJYLIWyoKpraa3w-Wpjq6oJ9pGbNfQ8sKh485axXOxwsARksPmBRJ6dX3YqJYAjFDFbgoVuAheY3MtTnuSZQC2P7XqMTbG0CTMmxLD56TFqoHR3APbRoMXFY544MJ2iwu_S-lq1WnVCg_E_5tvOYnPFbfKMKdBwJmH0&sai=AMfl-YToij8wPhkQtX1CVGrd9yAYFj3RaWwEEuxrhQTnUIwhdwohbI7lPfzcmlXKL7QnXAC4rwP-_u17CpiYzTik6xmVxuzqJXq2GUV_Ie60qRtXXhn-oI0d-Jbc7Pu-ik0&sig=Cg0ArKJSzPS-Tqfa28CMEAE&uach_m=[UACH]&adurl=
Domain
tpc.googlesyndication.com
URL
https://tpc.googlesyndication.com/pagead/js/r20230412/r20110914/abg_lite_fy2021.js
Domain
www.google.com
URL
https://www.google.com/ads/measurement/l?ebcid=ALh7CaSlh090PVjUscVKSQKjEeQ4wpwiAcrkENdUFXoCB_3RaYEoPWXIUJRRMSECN4JSpd0fmHNBlTKyn2lVmEDdwuN9k-1I4A
Domain
www.googletagservices.com
URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Domain
securepubads.g.doubleclick.net
URL
https://securepubads.g.doubleclick.net/pagead/js/rum.js
Domain
signal-metrics-collector-beta.s-onetag.com
URL
https://signal-metrics-collector-beta.s-onetag.com/metrics
Domain
pagead2.googlesyndication.com
URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=6427013834932&version=m202301230201
Domain
pagead2.googlesyndication.com
URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=6427013834932&version=m202301230201&ct=76&x=1&cor=12883429629277377000
Domain
googleads.g.doubleclick.net
URL
https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AAIkbWYpWoLBLs__f_JuwBvNTuEhNle07D27S01bYIq42fnBMb_no47fEhL9wYhq-G3lSVMSOpdHC2jvrpVjA5FX7Hmw&cry=1&dbm_d=AKAmf-Cr2ca0vijk-areVzPOTjDqxT7GXE7szZWeWEnB-rtjQmvmFQShF5GexofC6my-tLPk4Fx56DV5SVTHNEeKc7uI8m141i2VAFU6bCfsPbpJgSnpDa4philmCqgK4TdbLUyl0DfBLdA2N-RMU55lHJEV2Hkh6loL7nL-u27hAoCXj91zF55kqKHV-oxf4DezWJKXM6r1DNuONnD2EK67bHEIPCspEoZsZS4k7K9s8KPZqdPv2GoVhBcgNUIheaiK73g9gbmziQ0yzkz-nquBox8GzmQEWN0SS07mekoisRjUV2nszMaB3vZmHXG76YnLp38xK6eHuZ35lS5_GRf8MO8BGH8u7tIuQusIfP0IUrM37GC8DrO84dgj-uk-DzP5mK-40VvP715qOlmoOCA4uL7jMqRgEn9I-TSGydSKmoy_8Vsbm1nG1yPWTNgSmRpJE-6BHYyhVhVMKgFym1nQk6MVy5a1AgcGUIlB7MlyMWMUOddftJz-N5J1lzgfEsKiGxM7rgrml9YD56l_JqV-gSw8Pk_1l61PvI5dVj-clAq9vwjjO7FcZVaMCS1r7GeR8qvhIFoyw70vB6FUMX_KJtcjELq5Dju3QxLUoVmJcGl8mHIqRKwX8HLvZ1JWWm_5NJwaCqqUqFm0CU6xXdMHx0BxuOrsx7RQhd1xz6uVEiF5aMrfbyXZoKyNQmEUgfeQT14z4m5EAHmRSBmhi2sFu-Wes00wbw0Sn-Jp3GAsDzFAMI3aTJtSclVUrFxyXnM0X6tap_BJReRN9zvpX9j9MEXA89R8oBgCnvr95tFRuXwfwP6hMU0NLPee2oRwXEm3P0Oy9d1iLnNlWeGwAWHBiyrvrS6fHINVhf_CeQNDWs-M9fX9Z_x36aZeMXtrn8KNW6WGYlFziKm30YyHRTEX2p215vadpslU3PMusG1RbOjLva6cUhjkp-VvQkyVLjnavwkrZAl-y6BLk8kbFoShMjEeA0b_gj-aehHvo64-QgLjs3ARcy9JxqwoXKNoX_M8EpUM3wRXWZ96bPXXJDp3V1VAvVDSmDeZZVzLKoj2VKNC2QrHJVSJ7lmkcK8FTFlXquk6EUobP2pN24BLQaA4kqvp4JFx0LhWrwvJAOuiIJUQwFqAi01HW_VwrlYNRohX95ioVMkWb4nXPhmiAy0CGcOj9dYBjK-86ltPh_BJWfuMI1b8QFKeTa6tiI63MzwaPVqQIQIHr-o16qulp5w6AHSpNAt1PWuYdDeSfa2HMYfDPTxw_ySpRf73gekPmBuXU2iD8JdiBGjGsqbhY6zDDTSOKSV4lPSoSm1ZaXJk_TUx2zIiDhYnWnzm5kpF5GD0XBKPc8hC6E98FrMv2o-lLqw0mnb7Pwcve8oMcy2qLUeIRtXPyxPnfY7M6-0DUNQy161B__sU6rwGmaWCIc_KXtAelJB9osEloUj_stXX56pdpWW1IUrd3horr-X7px6bK9gKQq6xI5NkZPNCLfoKjFPMYkuDTV91a8KqYZ016pPtr4THAHGaUE8O7585--eOBUq-DYEYQyCAO16JRMBl3jS5ZM5XxIis5wgCEcYdjC_cIqU-djIz17FTg23RL7ivk4SZGAbjZnIqxHuHm0LDJOGUTNMoD5bpN-3gbsFX9XUL_7jeysJp40sM9oTyxHNf2gxsi-g1kESoSFmionbkPFErFZJeGb3wQ7H1Q56uPeNHghPTMZ6r5beT1YcFPElP2qNGMuhf9V00SwdWLV2RhyJfIgJaCzFCv5aDX9D4sdEsmOMv9ZUb8EmNyePWPQRGUk_DPpP4SCwJfGDIDDbGohAkuz1YJW4wDG1dvlt1rjfrAwVnjqhbGxVP6_f8aGVYXeFf9K9mZ7T9sDaPkJaaLOw_L6V-7Pimhd-_ZdCY-hirFH1YXrkIf71TsXVlSoAStifJ0vCaK_S39CP1-CFqfTVRGDphjuPaqyd05wwYd1nR4Qkse-tN4-FVtUHJUGaPjd8uXGv018r043ciYZNpw57H4R5A5il7yNN9bo3vpi74ZUF6TT9W3EG_UC4ESaALIWlim0GQRqRBXQXENiM19MMnuO2q2qBSrWd_qoz3BMi2x3ei_kHvSk4visLqvU48anVXRhdru6iKirDgaOKE4aWTKUl-9weXForhbAL7WV8nwyDBb2pNiBKf2L5rkaqMM78F4bh0abmTwEjs6CJuOTbB4R6UapBJk4LllENRvJyMpdkhMroK4w6U01O51bjhnEZY8IU-tddPqQmRmEaSkhZ2qhelqz0qJGN2vGLfrwcE-Iou8Or4H4zNI11ig2V7gRnYLAmKtnuR5tx3eLSTXUiA6rime5L2AHGzxskzSRTl-jj3SkJw7G0bzgqFrKv82XVc3I7gg5d97M-WJmP2ZJMdpg85A5yRccDoAp7R51VlWK4FtoJF6qikRCQXkmi2-q2_Yoo8z3JYaRnuShBpqD_SsiIM_bpMZ-PqlZBJ5W49Yb4B0_FQgcN2zzfRymj8eT9h-d7ScCJb7xpjEPhe-KGuxkn1bEQ2uZNZ_MvSKpd5taQgSDg7VK5jLBF0dk7L1CmZAftIJOv_1XFE3okqPV6ec5jkFuIAQ3ajkiaytEj-qL1hwt6rcvbiX3X4CdhbDj28_ePsvtyXfsWyqLqmTLM9H3_ZHvJuYQSHu1aRXJAjjq2NwDnq4qttM2VuRIqdRqnhm0eBA4yWUWBhYF9pLw1WMUbjwrtqXh3Bs9RG8E6ZfGOgIMSHNDs5pcipp4gP5zwcCB5sEYHEUw2pot1BSHkIRJeK1CJyyQGjdg5pfzauCEdCBverGd6iWrJ9rN4tsju5p6zRZvynLFNb2jYQ014-Mha5qbVgUuj6Z314PjMZp_MCktuU4-Z1PjDWg45xNNEzcbJSMwk_lzjlOz48MUClYB-1D8qMEOmKCayLpdhYFNdjebjimrr7H3PHviPPzCJQmCIg-CAllV7Rcfa_PASQeyKITlpi58miEQwvZsP8Z9sTSCuNcqrkqfZfj6LXCz-GRbyrXPItrqivHGKMX4TEAix-2-4He8u1HVfgZztAAaKoxFFvUTTVKelC4letap1mIgvrigNk43_z8cvoXZFuoFmYvfW-vbQNXBs1jAmSuyLa4wm19h5b2tzv7wadk90mkSHXdmpAYOAR-BeBup0v-jLQgclDaz2Z3YSBVa-m_iPmBgr4VMVFc2sLRKSABRQGRGc6_1RZadpGwm6LJ--5PF7ivfh-WHHIAfjAwk4r5bsIkUKrnC3At_MxCx8b5mDB_-dqgEg1f06q6jSy5NK5kGYrGykpw0aMt3UwDxurmKF2KswV1KmloJO193RQbjKLEyK4rg7ldECf8ao82mw2Fk-AmlsLK3pAwgn7xO1kotj-ZeyPVxH4-YZ1cEXlb6bv5CQw0soP0d1m_zd6bEG3mn54G8PWXG2_xQ5rgh31gg8pYNs6rEJHDyLKo9x2aiaZWoZlhmGYc30wiaegcUHeReqcdT6y1J2Cm_6VKhat1zc9NpMcdC7za_9MEFbc15ftbXea&cid=CAQSPABygQiDpae50u49bJ3nZmIrzkupxC-W4nlVGn-Ioz-SyRQHy3M5dcCoJ8tcs6H0YJ3UtOjmc-G9wem4YxgB&dv3_ver=m202301230201&rfl=https%3A%2F%2Fwww.cpomagazine.com&ds=l&xdt=1&iif=1&cor=12883429629277377000&adk=3037181500&idt=132&cac=0&dtd=11
Domain
securepubads.g.doubleclick.net
URL
https://securepubads.g.doubleclick.net/pagead/js/rum.js
Domain
securepubads.g.doubleclick.net
URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstGDSTOne8qpH_krVZu2aTvnstVePS5URYtGhJPi8GS2aEqgNVtCo0e7_doGxYfSpV7Dmw2neL76BBLikGuNCF5W9MmnRrRJ75QYGPkJVRwlXcsAh6uM4kWmnj6ffMJ3gCCcQOB1LgZ_s4axe9G9Z7paZbukSj1cXOfxCY_scSNJ7zRhmv05Qp6XAQrSZSJeMsRbbuDuJR4syyXZla3sZClecAmyNOYPj1eLmOpMOK7Zyg12sXgR73gaxP4LAiWW-_Ai_3yYpQPj5He6Ibz84yAR-NqlLSAVgieQeFqJfuMlebglGtBGFds1wCcHDplqZNad4QmWa4FxEohug&sai=AMfl-YQenYxqEAGeI4RNK_6UV2EJ8p0qJ6vYHBNiuhagcFyGdJNuK-9bcyOdsUp3ddwmRF6wrJy6lIq02BzCPZfBTWxWfqx5vzu-HsjW2eXBxEZRP_OHyiJaZc6LI2810Gc&sig=Cg0ArKJSzE5ilNnd40XHEAE&uach_m=[UACH]&adurl=

Verdicts & Comments Add Verdict or Comment

160 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| 6 object| 7 object| 8 boolean| credentialless object| $MMT object| __cfQR object| __cfBeacon function| xDomainCookie undefined| $ function| jQuery object| advanced_ads_pro_visitor_conditions function| gtag object| dataLayer string| GoogleAnalyticsObject function| ga function| __tcfapi function| __uspapi function| loadCSS function| advanced_ads_check_adblocker object| php_data object| advanced_ads_responsive object| dlmXHRtranslations object| dlmXHRinstance string| dlmXHRgif function| _createClass function| _classCallCheck function| RocketBrowserCompatibilityChecker object| RocketPreloadLinksConfig object| zeenJS object| zeen_60065 object| zeen_28354 object| advanced_ads_pro_ajax_object object| advads_passive_placements object| advads_has_ads object| lazyLoadOptions function| wprRemoveCPCSS function| pmTriggerDelayedScripts function| pmLoadDelayedScripts boolean| __cfRLUnblockHandlers function| LazyLoad object| google_tag_manager object| google_tag_data object| picturefillCFG function| picturefill object| advads object| gaplugins object| gaGlobal object| gaData function| get_unix_time_in_seconds object| images boolean| is_image object| iframes boolean| is_iframe object| rocket_lazy function| onYouTubeIframeAPIReady object| _qevents object| cfields function| _show_thank_you function| _show_error function| _load_script undefined| acEnableTracking number| advanced_ads_resizetimeout number| advanced_ads_cookieexpires number| advanced_ads_browser_width function| advanced_ads_resize_window function| advanced_ads_save_width function| advads_resize_delay function| advanced_ads_get_browser_width object| gsapVersions object| Linear object| Power0 object| Quad object| Power1 object| Cubic object| Power2 object| Quart object| Power3 object| Quint object| Power4 object| Strong object| Elastic object| Bounce object| Expo object| Circ object| Sine object| Back object| SteppedEase function| TweenLite function| TweenMax function| TimelineMax function| TimelineLite function| AttrPlugin function| EndArrayPlugin function| RoundPropsPlugin function| ModifiersPlugin function| SnapPlugin object| gsap object| CSSPlugin function| ScrollTrigger function| Cookies function| EvEmitter function| imagesLoaded function| quantserve function| __qc object| ezt object| _qoptions object| zeen object| _gsap function| _scrollTop function| _scrollLeft object| zenscroll object| advanced_ads_pro object| advads_pro_utils object| Advads_passive_cb_Conditions object| advanced_ads_group_refresh function| Advads_passive_cb_Placement function| Advads_passive_cb_Ad function| Advads_passive_cb_Group function| advads_postscribe object| advadsProCfp object| regeneratorRuntime function| __tcfapiui function| confiantWrap object| pbjsChunk object| pbjs object| _pbjsGlobals object| mnet object| apstag object| ifvisible object| googletag object| confiant object| headertag object| __connect boolean| apstagLOADED object| apscustom object| _aps object| ggeac object| google_js_reporting_queue boolean| creativeVendorLibraryLoaded boolean| google_measure_js_timing object| google_rum_config function| setImmediate function| clearImmediate object| ID5 number| google_srt object| _google_rum_ns_ undefined| google_rum_values object| google_image_requests object| googleToken object| googleIMState function| processGoogleToken number| google_unique_id object| GoogleGcLKhOms object| google_timing_params

220 Cookies

Domain/Path Name / Value
www.cpomagazine.com/cyber-security/suspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware Name: session
Value: 378656d2-f9de-4c85-8a3e-09b46c005318
.cpomagazine.com/ Name: _gid
Value: GA1.2.1576265047.1681518967
.cpomagazine.com/ Name: _gat
Value: 1
.cpomagazine.com/ Name: _gat_gtag_UA_97159346_1
Value: 1
www.cpomagazine.com/ Name: advanced_ads_page_impressions
Value: %7B%22expires%22%3A1996878967%2C%22data%22%3A1%7D
.cpomagazine.com/ Name: _ga_2VBFSSXERW
Value: GS1.1.1681518967.1.0.1681518967.60.0.0
.cpomagazine.com/ Name: _ga
Value: GA1.1.557382840.1681518967
www.cpomagazine.com/ Name: advanced_ads_browser_width
Value: 1600
www.cpomagazine.com/ Name: _pbjs_userid_consent_data
Value: 3524755945110770
.cpomagazine.com/ Name: __cf_bm
Value: CRkwvyqLh6WLXHq6IsfUIV_XTI5cIachtPvVizuZ0pE-1681518968-0-AfRl9U9jkvYwS2nkHaSYcAua89q0MQlyG8RE8n1+s76UsIz8OXE2EdPl/2HrFG9Fw3tRDa8z6jisR6J5bd1T5H8NvU+kwp1x71BOeO32Wq2DIqpPG/pSDq+V62b3kyeMdQ==
.quantserve.com/ Name: mc
Value: 6439f178-c6917-27ff5-53a10
.cpomagazine.com/ Name: __qca
Value: P0-1568752817-1681518967824
.prebid.a-mo.net/ Name: __amc
Value: 1_1681518968_1681518968
.a-mo.net/ Name: amuid2
Value: bd85c437-a6f4-40c1-8b27-035d9bfe8556
.prebid.a-mo.net/ Name: sd_amuid2
Value: bd85c437-a6f4-40c1-8b27-035d9bfe8556
.lijit.com/ Name: ljt_reader
Value: Ge2kaBZHe8r7r3dFQnWEe86B
.gumgum.com/ Name: cs
Value: true
.gumgum.com/ Name: loc
Value: jgFQ1i7taklKhSNj6gDbrbqFSt4QxLjXG7p9KKAPHtxQWYJLc_HaQC31ELvpNCxjcad8cZe6j_UE-WFuDYVnHQyC0BuBHeKAzf-GWSqrVkFyrpDalL1a_rdRipBZ-W2aOpXm6BJDyv0qa9jqS-Y2Xw
.gumgum.com/ Name: vst
Value: u_bfaec167-56bd-4884-992b-2080aacefc6a
.adsrvr.org/ Name: TDID
Value: c3db27b5-56e8-4f77-8870-8d51c49d4722
.go.sonobi.com/ Name: __uis
Value: c29ca13d-d74d-4d59-acbc-c85b804834fd
.go.sonobi.com/ Name: _usd_cpomagazine.com
Value: a8d57ca9-d890-4c53-9b91-7829f485246f
.go.sonobi.com/ Name: __uih
Value: 1
.go.sonobi.com/ Name: __uir_bw
Value: 1
.go.sonobi.com/ Name: __uir_mm
Value: 1
.go.sonobi.com/ Name: __uir_td
Value: 1
.go.sonobi.com/ Name: __uir_zt
Value: 1
.go.sonobi.com/ Name: __uir_pp
Value: 1
.go.sonobi.com/ Name: HAPLB8A
Value: s8533|ZDnxe
.rubiconproject.com/ Name: khaos
Value: LGH8Z875-S-H54N
.omnitagjs.com/ Name: ayl_visitor
Value: b5227a7ccae1e5a076d1b767aa1ce9b3
.yahoo.com/ Name: A3
Value: d=AQABBHnxOWQCEGdSuPnJcPFt5welFrOG-J4FEgEBAQFCO2RDZAAAAAAA_eMAAA&S=AQAAAs9QhcsTtqvESHrVRXUxOwA
.serverbid.com/ Name: CONSUMABLEID
Value: 5e2bf536d9cb4df0abf536d9cb2df0af
.amazon-adsystem.com/ Name: ad-id
Value: A9lTN-A8r08hny3GY4uyY78
.amazon-adsystem.com/ Name: ad-privacy
Value: 0
.lijit.com/ Name: ljtrtbexp
Value: eJyrVjI0U7IyNLMwMjeyMDWz1FEysUTlW5ii8c1R%2BUZQvqGRsbmZZS0ApWcQnQ%3D%3D
.adnxs.com/ Name: uuid2
Value: 4326297819836415887
.simpli.fi/ Name: suid
Value: E413E3FEFADF4A0294187682FE2624B3
.smaato.net/ Name: SCM
Value: f27be345
.smaato.net/ Name: SCMaps
Value: f27be345
.onetag-sys.com/ Name: OTP
Value: T0I_PhhQfApXkfJWdzvsu19xl8GlCLUWLU6tNm5SEFs
.openx.net/ Name: i
Value: 83f716b5-63f5-06d9-2ac1-38a63f111259|1681518969
.openx.net/ Name: pd
Value: v2|1681518969|vMgavPkWgy
.3lift.com/ Name: tluid
Value: 987842216595597250627
.cpomagazine.com/ Name: __gads
Value: ID=dbb218a7b09e9ffc:T=1681518969:S=ALNI_MZ_54gw5Po37YGUasJzBAJR9z_tRQ
.cpomagazine.com/ Name: __gpi
Value: UID=00000be2ab1fca0e:T=1681518969:RT=1681518969:S=ALNI_MaDsYPmWyU5yV_OwRsNx6yGEDPQ8g
.smartadserver.com/ Name: pid
Value: 8001528019965322294
.technoratimedia.com/ Name: tads_uidp_44
Value: LGGPZ6TN-1R-BU7K
.technoratimedia.com/ Name: tads_uidp_88
Value: 3718425185690377683412
.technoratimedia.com/ Name: tads_uidp_45
Value: CF25A2FF-2187-4EF3-8228-7427CC24597B
.technoratimedia.com/ Name: tads_uidp_46
Value: 7293429248809662083
.technoratimedia.com/ Name: tads_uidp_48
Value: 991d375c-aa22-481c-9ac9-93a7a21f2a03
.technoratimedia.com/ Name: tads_uidp_49
Value: AAABsuCEuPJdRwNxQ9ykAAAAAAA
.technoratimedia.com/ Name: tads_uidp_90
Value: 50566db9-e9c6-4494-b97a-f73609fe2b18
.technoratimedia.com/ Name: tads_uidp_91
Value: 6036790348656135630brt77751645033995481903ac
.technoratimedia.com/ Name: tads_uidp_70
Value: 70a38bd4-e22c-4326-9266-6140b14ab253
.technoratimedia.com/ Name: tads_uidp_50
Value: f61b6dfe-b20d-4f64-81d2-ec2098a74aa6
.technoratimedia.com/ Name: tads_uidp_76
Value: RX-47ebe435-9b21-4677-ab6f-067ba7f0a0db-005
.technoratimedia.com/ Name: tads_uidp_77
Value: LOKgBf_U_MGpIoTRdW_H8CtkI-WHoK5Ne0YBiPKB_qA
.technoratimedia.com/ Name: tads_uidp_79
Value: 7bf37b13-e914-450d-9214-5224e9dca785
.technoratimedia.com/ Name: tads_uidp_58
Value: d089a0b6-1705-4e51-ad5a-b54ff427d13c
.technoratimedia.com/ Name: tads_uidp_37
Value: 047941ad-da65-38fc-8eb3-aa523807f32f
.technoratimedia.com/ Name: tads_uidp_16
Value: 1550145739933
.technoratimedia.com/ Name: tads_uidp_7
Value: 9c2b9840-db9a-4914-92a5-668bfc2c15e5
.technoratimedia.com/ Name: tads_uidp_80
Value: y-xotTpiZE2uFpEZmf0zCXF0wH2wPkspjx~A
.technoratimedia.com/ Name: tads_uidp_82
Value: ZDl0zhugslYf5rmVvLxCHwAA&1421
.technoratimedia.com/ Name: tads_uidp_61
Value: 212142599278150
.technoratimedia.com/ Name: tads_uidp_83
Value: BzKIS13TXEMI
.technoratimedia.com/ Name: tads_uidp_62
Value: 3244881696419494000V10
.technoratimedia.com/ Name: tads_uidp_64
Value: XPX7Bio96tdMvW1wyevbmJW7F-0WqAXm
.technoratimedia.com/ Name: tads_uid
Value: 7B5D3D1F33554FFE86F29FD5649C94B3
.technoratimedia.com/ Name: tads_uid_cd
Value: 20230331073745+0000
.technoratimedia.com/ Name: tads_zora
Value: 2
.technoratimedia.com/ Name: envelope_liveramp.com
Value: 1680270534988
.yieldmo.com/ Name: yieldmo_id
Value: g33bb732c9e314e02683%7C1681518969914%7C0%7C
.sharethrough.com/ Name: stx_user_id
Value: 4d469659-77ed-4500-87c8-97853d0c70f4
.everesttech.net/ Name: everest_g_v2
Value: g_surferid~ZDnxeQAC0PB7jABS
.sitescout.com/ Name: ssi
Value: b3ea3968-d86d-46cc-abe9-65d6c080f422#1681518969913
.contextweb.com/ Name: V
Value: rtQ4O1zP1BMH
bh.contextweb.com/ Name: INGRESSCOOKIE
Value: 915d6eb005048273
.mathtag.com/ Name: uuid
Value: 585f6439-f17a-4c00-b1f6-f95423933410
.outbrain.com/ Name: obuid
Value: e59c71ad-586d-46a8-8c07-faf998ac5ff9
.admanmedia.com/ Name: admtr
Value: 374e3d00-6b0b-4bb3-9db1-a37a64f42882
.admanmedia.com/ Name: ac_r
Value: CS71
.lijit.com/ Name: _ljtrtb_27
Value: c3db27b5-56e8-4f77-8870-8d51c49d4722
.zemanta.com/ Name: zuid
Value: Y7fu5ag9inDiww0hVf_G
.ipredictive.com/ Name: cu
Value: 3394644c-f63c-4f49-a881-64a342a59cec|1681518969987
sync.srv.stackadapt.com/ Name: sa-user-id
Value: s%3A0-896497ea-5dde-5276-67db-4d15c2d6ed0f.vgTudeveT1F6qRFIqB517RvqV6CnEZbgB6%2BgVF0mXHU
sync.srv.stackadapt.com/ Name: sa-user-id-v2
Value: s%3AiWSX6l3eUnZn200VwtbtD6dYB6I.2Gp0zfPAdb81bcbFc1jXx3mS94YBAB65S76PSaIPWQI
.srv.stackadapt.com/ Name: sa-user-id-v2
Value: s%3AiWSX6l3eUnZn200VwtbtD6dYB6I.2Gp0zfPAdb81bcbFc1jXx3mS94YBAB65S76PSaIPWQI
.media.net/ Name: visitor-id
Value: 3245205696419414000V10
.casalemedia.com/ Name: CMID
Value: ZDnxevXW-NcseN8s76eLBgAA
.casalemedia.com/ Name: CMPS
Value: 031
.casalemedia.com/ Name: CMPRO
Value: 031
.bidr.io/ Name: bito
Value: AAEQok7Ic-MAACA7U7DXIQ
.bidr.io/ Name: bitoIsSecure
Value: ok
.mfadsrvr.com/ Name: tuuid
Value: b38ec8d5-57ed-4167-ad9e-77185aca6071
.mfadsrvr.com/ Name: c
Value: 1681518970
.mfadsrvr.com/ Name: tuuid_lu
Value: 1681518970
.csync.loopme.me/ Name: viewer_token
Value: cecf59c6-3046-4dd6-9727-2612df210d6e
.lijit.com/ Name: _ljtrtb_49
Value: rtQ4O1zP1BMH
.deepintent.com/ Name: CDIUSER
Value: di_b0b870fffd084db3bd6da
.bidswitch.net/ Name: tuuid
Value: 20b4ae6c-e39e-4a8a-ba76-53d1e9e8db78
.bidswitch.net/ Name: c
Value: 1681518970
.bidswitch.net/ Name: tuuid_lu
Value: 1681518970
.doubleclick.net/ Name: IDE
Value: AHWqTUmtsiUi_esx4GdmTrvm9AqiOXsUJvU6pNWITcopQ2g_nPOkPWpAjYWW3yx75sg
.ads.yieldmo.com/ Name: ptrt
Value: c3db27b5-56e8-4f77-8870-8d51c49d4722
.mfadsrvr.com/ Name: ssh
Value: !sovrn,1681518970
.tapad.com/ Name: TapAd_TS
Value: 1681518970214
.tapad.com/ Name: TapAd_DID
Value: f85c13a3-d03c-4262-bbee-6b71616ec533
.openx.net/ Name: univ_id
Value: 537072971|c3db27b5-56e8-4f77-8870-8d51c49d4722|1681518970229673
.lijit.com/ Name: _ljtrtb_85
Value: AAEQok7Ic-MAACA7U7DXIQ
.creativecdn.com/ Name: u
Value: dDdekom0waLgr7nK8NCu
.creativecdn.com/ Name: ts
Value: 1681518970
.bluekai.com/ Name: bku
Value: ikG99cghmVEr8pDe
.bluekai.com/ Name: bkpa
Value: KJhz06+FQM9z9wOwDTXIdgVyczMiCaJjY6ynOu8nKSiB090wsw4okNNtXwpnqpsRLPA9U+AFqbjtzFLTWUNbBjNgfF4kmENIIqmI3DlF714hBiYXxD9H6c/Nwno3d+Bz5E43K4P2HDY7GKZcHNzCGsDfBH5+WBOv+tto3XF4yfHst9l4QKlVgZuffs9HnAPS1BdiAHYjchWKYQ/vrcHeGofzPkf1xSE3/93Kipeh+NQ0APM3dyVuiUlmFeMT2/oWQQG0DReX0ekMBacgFH+WO1LBqJDGTiuS7Koqf0hdOyOEMaac
.ads.yieldmo.com/ Name: ptran
Value: 4326297819836415887
.socdm.com/ Name: SOC
Value: ZDnxesCo8X0AABoGDVcAAAAA
.360yield.com/ Name: tuuid
Value: 3bc9e70f-627e-432f-955b-98181c181322
.360yield.com/ Name: tuuid_lu
Value: 1681518970
.lijit.com/ Name: _ljtrtb_87
Value: b38ec8d5-57ed-4167-ad9e-77185aca6071
.sitescout.com/ Name: _ssuma
Value: eyI0OCI6MTY4MTUxODk3MDA2OSwiMzkiOjE2ODE1MTg5NzAwNjksIjciOjE2ODE1MTg5NzAwNjksIjQxIjoxNjgxNTE4OTcwMzMwfQ
.bttrack.com/ Name: GLOBALID
Value: 2uKlc8-sIBd987FnpwO7G-R-BXEFp1aGdHA45Yu2IEMOOjhqCIq5rYGwnRvT5fIvJmr2stzkS5QC4TM1
.adgrx.com/ Name: ADGRX_UID
Value: 84a85772-db25-11ed-8315-2ee2ecd483e8
.ads.yieldmo.com/ Name: ptrrc
Value: LGH8Z875-S-H54N
.mookie1.com/ Name: id
Value: 10595069973710774983
.mookie1.com/ Name: mdata
Value: 1|10595069973710774983|1681518970443
.mookie1.com/ Name: ov
Value: 8756f331509085e4d0ca31bfcc3860c3
.pubmatic.com/ Name: KADUSERCOOKIE
Value: 8F824F89-013C-46A9-87E2-69523480120E
.pubmatic.com/ Name: DPSync3
Value: 1682726400%3A263_262_201_245
.crwdcntrl.net/ Name: _cc_dc
Value: 0
.crwdcntrl.net/ Name: _cc_id
Value: 3486495d979c2e316b5351cebb86d8f7
.crwdcntrl.net/ Name: _cc_cc
Value: "ACZ4XmNQMDaxMDOxNE2xNLdMNko1NjRLMjU2NUxOTUqyMEuxSDNnAIIUy49VIBoKAEaHCqQ%3D"
.crwdcntrl.net/ Name: _cc_aud
Value: "ABR4XmNgYGBIsfxYBaSgAAAY%2BQIJ"
.adgrx.com/ Name: ADGRX_CM_CASALE_BRIDGED
Value: 1
.company-target.com/ Name: tuuid
Value: c7f3354c-f78d-491a-95dc-e3e12716e038
.company-target.com/ Name: tuuid_lu
Value: 1681518970|ix:0
.tapad.com/ Name: TapAd_3WAY_SYNCS
Value:
.bing.com/ Name: MUID
Value: 217DEC23217F69D512D8FED7201D6818
.c.bing.com/ Name: MR
Value: 0
.lijit.com/ Name: _ljtrtb_16
Value: b3ea3968-d86d-46cc-abe9-65d6c080f422-6439f179-5553
.linkedin.com/ Name: bcookie
Value: "v=2&80ae5533-fa4a-4551-8a27-29de1bfdbe43"
.linkedin.com/ Name: lidc
Value: "b=VGST07:s=V:r=V:a=V:p=V:g=2616:u=1:x=1:i=1681518970:t=1681605370:v=2:sig=AQHQgGQFL7hWEariV7l9GyNDNIFHi5HQ"
.turn.com/ Name: uid
Value: 3892945779723086819
.pubmatic.com/ Name: KRTBCOOKIE_377
Value: 6810-c3db27b5-56e8-4f77-8870-8d51c49d4722&KRTB&22918-c3db27b5-56e8-4f77-8870-8d51c49d4722&KRTB&23031-c3db27b5-56e8-4f77-8870-8d51c49d4722
.thrtle.com/ Name: mc
Value: eyJpZCI6Ijc5YTg3OGUwLTFmOGEtNDQ3Zi1iYzkwLTBkZWQ1YjEzODlmOCIsImwiOjE2ODE1MTg5NzA4NTUsInQiOjF9
.1rx.io/ Name: _rxuuid
Value: %7B%22rx_uuid%22%3A%22RX-54d3546a-c14b-4ee8-a37f-746800d03826-005%22%2C%22nxtrdr%22%3Afalse%7D
.pubmatic.com/ Name: KRTBCOOKIE_148
Value: 19421-uid:E413E3FEFADF4A0294187682FE2624B3
.pubmatic.com/ Name: KRTBCOOKIE_80
Value: 16514-CAESEPT30VTqeIxYobAh8GyettA&KRTB&22987-CAESEPT30VTqeIxYobAh8GyettA&KRTB&23025-CAESEPT30VTqeIxYobAh8GyettA&KRTB&23386-CAESEPT30VTqeIxYobAh8GyettA
.pubmatic.com/ Name: KRTBCOOKIE_22
Value: 14911-3892945779723086819&KRTB&23150-3892945779723086819
.smartadserver.com/ Name: csync
Value: 127:AAEQok7Ic-MAACA7U7DXIQ
.targeting.unrulymedia.com/ Name: _rxuuid
Value: %7B%22rx_uuid%22%3A%22RX-54d3546a-c14b-4ee8-a37f-746800d03826-005%22%7D
.ads.yieldmo.com/ Name: ptrunl
Value: RX-54d3546a-c14b-4ee8-a37f-746800d03826-005
.pubmatic.com/ Name: KRTBCOOKIE_699
Value: 22727-AAEQok7Ic-MAACA7U7DXIQ
www.cpomagazine.com/ Name: pbjs-unifiedid
Value: %7B%22TDID%22%3A%22c3db27b5-56e8-4f77-8870-8d51c49d4722%22%2C%22TDID_LOOKUP%22%3A%22TRUE%22%2C%22TDID_CREATED_AT%22%3A%222023-03-15T00%3A36%3A12%22%7D
.rubiconproject.com/ Name: audit
Value: 1|mFVHqHkj5bEdZj+UrqJgDVYvo2XO8wv+vGi7zdmzImaCWIKBvWs9GB6JruQIJ96ZfUBgvu+HAEWKOb+74Gc1uSI+cGIyUGm/7YLrICeHmIyZPI0ZJQQcUd1PNrebWf4Y/Vtt7hKIOSQ=
.prebid.a-mo.net/ Name: _sv3_0
Value: 1
.ads.yieldmo.com/ Name: consentc
Value: 1
.ads.yieldmo.com/ Name: rptr
Value: rc%3D1682727840000%7Cunl%3D1682727840000%7Cc%3D1168561%7Ct%3D1682727840000%7Ctapad%3D1682727840000%7Can%3D1682727840000
.analytics.yahoo.com/ Name: IDSYNC
Value: "18z8~2b3c:196y~2b3c"
.prebid.a-mo.net/ Name: _sv3_7
Value: 1
.prebid.a-mo.net/ Name: _sv3_9
Value: 1
.id5-sync.com/ Name: callback
Value:
.prebid.a-mo.net/ Name: _sv3_3
Value: 1
.contextweb.com/ Name: pb_rtb_ev
Value: 3-1k17|4is.0.CAESECWwuiuILUdaNLQDZq3MPQ4|7bq.0.1|7LJ.0.c29ca13d-d74d-4d59-acbc-c85b804834fd|7dN.0.AAEQok7Ic-MAACA7U7DXIQ|7dW.0.1
.ads.yieldmo.com/ Name: ptrc
Value: CAESELkFt03g8bcCrOTbN2XTowI
.criteo.com/ Name: uid
Value: fc762fa7-e685-4638-884d-0d61ea481235
.w55c.net/ Name: wfivefivec
Value: A4LNeo8n1PNtTK5
.go.sonobi.com/ Name: __uin_td
Value: c3db27b5-56e8-4f77-8870-8d51c49d4722
.go.sonobi.com/ Name: __uin_mm
Value: 585f6439-f17a-4c00-b1f6-f95423933410
.w55c.net/ Name: matchmedianet
Value: 5
.prebid.a-mo.net/ Name: _sv3_12
Value: 1
.go.sonobi.com/ Name: __uin_pp
Value: rtQ4O1zP1BMH
.pubmatic.com/ Name: SPugT
Value: 1681518971
.media.net/ Name: data-xu
Value: A4LNeo8n1PNtTK5~~8
.media.net/ Name: data-co
Value: AAABsuCE2nN6eANo4SSKAAAAAAA~~8
.go.sonobi.com/ Name: __uin_bw
Value: 20b4ae6c-e39e-4a8a-ba76-53d1e9e8db78
.adsrvr.org/ Name: TDCPM
Value: CAESFQoGY2FzYWxlEgsI-PPDke7U3jsQBRIUCgV0YXBhZBILCMKNzJLu1N47EAUSFwoIcHVibWF0aWMSCwjOxOeU7tTeOxAFGAEgASgCMgsIiPns24TV3jsQBTgBWgc4aDl1MTFoYAI.
.id5-sync.com/ Name: cf
Value:
.id5-sync.com/ Name: cip
Value:
.id5-sync.com/ Name: cnac
Value:
.id5-sync.com/ Name: car
Value:
.id5-sync.com/ Name: gdpr
Value:
.lijit.com/ Name: _ljtrtb_58
Value: 8F824F89-013C-46A9-87E2-69523480120E
.pubmatic.com/ Name: pi
Value: 156972:3
.betweendigital.com/ Name: dc
Value: was1
.betweendigital.com/ Name: tuuid
Value: a0cabee8-d195-5369-9359-3892f760c9ef
.betweendigital.com/ Name: ss
Value: 1
.rfihub.com/ Name: ruds
Value: H4sIAAAAAAAA_-MSNjS3MDY3Nzc2MrAwAbLMTIyMhfgMdcMMnZMCMoyCUv0dUwAJKVQVJQAAAA
.rfihub.com/ Name: rud
Value: H4sIAAAAAAAA_-MSNjS3MDY3Nzc2MrAwAbLMTIyMhfgMdcMMnZMCMoyCUv0dUwAJKVQVJQAAAA
.rfihub.com/ Name: eud
Value: H4sIAAAAAAAA_1slymtoZmFoamhhaW5sYWAGAMudlfkQAAAA
.id5-sync.com/ Name: id5
Value: 8f353098-f213-751e-ad05-13431e342ca8#1681518969946#5
match.sharethrough.com/ Name: AWSALBCORS
Value: ZJAa2z79TZA4rDOyHr9bjlUIf2dWcynDKZzKTZfQBZUOvVvxp58aanQDFcyjtUj9ChYG8POb/X89n4UJDWvAGiVVV0bDBwuz+Tv3cBYxE3JXVD2MYbRwtG2FLIdc
.lijit.com/ Name: ljtrtb
Value: eJwdjjtOBDEQBe%2FimJbcdn%2FJvMus2GAFEyCRztiehAAJEYG4Ow1pvSrpfSe2dJ%2FsYoUu5pCxnoGkOZguBcS5VLKMJS%2FpLqGEu9e5VReDYTLC7R22fToID%2BnZ8kElQqp%2BoDowc42SPMqPz5We8OsZT7fHYEWD9Tr2ojsDyzSgQxXMNIMNxk4%2BSEsJ1zjc1pb1%2FU2vHW6tnZu%2B6MPrdf1b9f%2BXzR4ZsM74haKwDZ%2BgisZb3yQrpp9fjH45zQ%3D%3D
.media.net/ Name: data-c
Value: fc762fa7-e685-4638-884d-0d61ea481235~~1
.media.net/ Name: data-c-ts
Value: 1681518973
.cootlogix.com/ Name: vdzh5_25af1e82
Value: rkj13q6IkRYKoHyxq6ChQ6AzMrPwc6Fg0WXlMMa182bX1WfkxBXAFGUy1GZmx7X2VBTxIOXA9%2BU2dqL18rTkgXAlNL
.dotomi.com/ Name: DotomiTest
Value: 4b2ed882f25b04bf
.betweendigital.com/ Name: ut
Value: ZDnxfQAOAfC9zJnq6GkYgUuEn8kIgm3M9E1O2Q==
.go.sonobi.com/ Name: __uin_zt
Value: 1783777320848376423
.go.sonobi.com/ Name: HAPLB8S
Value: s85123|ZDnxg
.pubmatic.com/ Name: KRTBCOOKIE_32
Value: 11175-AAABr635SA3EYwN-0pnZAAAAAAA&KRTB&22713-AAABr635SA3EYwN-0pnZAAAAAAA&KRTB&22715-AAABr635SA3EYwN-0pnZAAAAAAA
.pubmatic.com/ Name: PugT
Value: 1681518974
.pubmatic.com/ Name: SyncRTB3
Value: 1682121600%3A223_15_2%7C1682726400%3A21_54_71_166_22_220_13_250%7C1682380800%3A63
.pubmatic.com/ Name: ipc
Value: 156972^^1^0
.pubmatic.com/ Name: chkChromeAb67Sec
Value: 3
.360yield.com/ Name: umeh
Value: !79,0,1743726974,-1
.cootlogix.com/ Name: vdzh5_c48e34a9
Value: 5sF12CQq4L8fBeKuQOHMCWyJXBCtHcVcycWgSVX0LAm8BfEE1bmUVAXUVByEHKFgye2QTDHwMXnFRLRFzPg%3D%3D
.media.net/ Name: data-bs
Value: 20b4ae6c-e39e-4a8a-ba76-53d1e9e8db78~~1
.cootlogix.com/ Name: vdzh5_9d945a87
Value: Fb915hxKDINDl7rOdCg1E1o4Kz88Kk4NUAgBcQxQKiIDIXE8cx4EFgk1LTB0DUB9Bmsz
.cootlogix.com/ Name: vdzj1_3646a4db
Value: tsA153slivkl5rToL5ZESFEcCAQfAlAAJ012bnhzARUJXEEIDlEUY10oAW92C0JfXUNaXFRQeE16Bm0gAkFeW0dTXVAQNl4oBm9wBxFdC0FJQBdHMlx5Bj8jBRdbXUJaDwVCZVgoVj9yUBdORVRdXQdHZV8tUTtxAEANX0ZbXQJKY1p8A25nH1FaWkRaDgVLYlh9BGJxBksPWE9aWFRHYVpuaHZnUBwZBwJJVgZedggoRShnCQhOAAUuORdIMg4gRj9pERQIGQRJVhdCdkNuUj41QTADBwUOAkFQbk1uGXgwQCMeAAAKD0xQbk1uSHZnQBYfGh8EAhdIdg59ADtzBRYJRBBbXQBfMAt5BncmBURcRBJZDVRHNVgqA2l1UFFASxUEAlsXNxslWjQMV1FWS0BYW1BEYVt6UT8mUUteDUJeXgZEMl8qDXhpERofIBsKC1BQbhs%2BQD84
.cootlogix.com/ Name: vdzh5_af871a91
Value: dX015HsJd64NzuHUncwtM1EtFl9QbEBXemUMVxYRfhBnAQUNK1dBKW0PThUVf0VnUQVQfx9MLW0KAUBMag4%3D
.cootlogix.com/ Name: vdzh5_11f967df
Value: HcI15x9lHttn0CAnEZjqAxsZOxEGJ1Rhe0wmOQlCGQhZKllCClFybFt1Y1tcQF9Yf1kRDwJ1JVZ1Y1hIGlhONQ%3D%3D
pool.admedo.com/ Name: tuuid
Value: 7b99a14f-d3e9-4b21-bd4c-cbb2e5d60bda
pool.admedo.com/ Name: c
Value: 1681518974
pool.admedo.com/ Name: tuuid_lu
Value: 1681518974
.360yield.com/ Name: um
Value: !79,m5d3a7TDnsEhYEyCSVOTe299DuVm6d1iKLhXgWeE2YEPji02UjSiEh7fNzQJPYwV-6iKwbbQhq2E0vo0,1689294974
.id5-sync.com/ Name: 3pi
Value: 2#1681518974377#-1830168505#4326297819836415887|3#1681518974520#1782876448#585f6439-f17a-4c00-b1f6-f95423933410|264#1681518973487#-682079214#c3db27b5-56e8-4f77-8870-8d51c49d4722|203#1681518974230#1113717345#fc762fa7-e685-4638-884d-0d61ea481235|108#1681518972974#-1106036108|429#1681518972843#-1586287993#8F824F89-013C-46A9-87E2-69523480120E|434#1681518972688#-1979702587|441#1681518972558#-1305210664#u_31e42b89-13e1-47e8-9b7e-a077b1bf5178|1241#1681518973321#42050315|1242#1681518973657#42050315|155#1681518973154#1865258190#AAEQok7Ic-MAACA7U7DXIQ|796#1681518973854#-790473895|124#1681518974694#114608238|1245#1681518974027#42050315
.pubmatic.com/ Name: KRTBCOOKIE_466
Value: 16530-20b4ae6c-e39e-4a8a-ba76-53d1e9e8db78
.lijit.com/ Name: _ljtrtb_92
Value: 4326297819836415887

5 Console Messages

Source Level URL
Text
network error URL: https://sync.adkernel.com/user-sync?zone=181093&r=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dmdp%26i%3D%5BUID%5D&gdpr=0&gdpr_consent=&ccpa=
Message:
Failed to load resource: the server responded with a status of 400 (Bad Request)
network error URL: https://dsum.casalemedia.com/pbusermatch?origin=prebid&site_id=242369&p=1&i=0&gdpr=0&gdpr_consent=&us_privacy=
Message:
Failed to load resource: net::ERR_SOCKET_NOT_CONNECTED
other warning URL: https://www.googletagservices.com/dcm/impl_v95.js(Line 97)
Message:
Unrecognized feature: 'attribution-reporting'.
other warning URL: https://www.googletagservices.com/dcm/impl_v95.js(Line 108)
Message:
Origin trial controlled feature not enabled: 'attribution-reporting'.
network error URL: https://googleads.g.doubleclick.net/pagead/ads?gdpr=0&us_privacy=1---&client=ca-pub-1360089709940309&output=html&h=280&slotname=2664408395&adk=2415172762&adf=138841947&pi=t.ma~as.2664408395&w=770&fwrn=1&fwrnh=100&lmt=1681509637&rafmt=1&format=770x280&url=https%3A%2F%2Fwww.cpomagazine.com%2Fcyber-security%2Fsuspected-chinese-threat-actors-infected-irs-authorized-tax-return-website-with-javascript-malware%2F&host=ca-host-pub-2644536267352236&fwr=0&fwrattr=false&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1681518978169&bpp=5&bdt=11607&idt=452&shv=r20230412&mjsv=m202304100101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Ddbb218a7b09e9ffc%3AT%3D1681518969%3AS%3DALNI_MZ_54gw5Po37YGUasJzBAJR9z_tRQ&gpic=UID%3D00000be2ab1fca0e%3AT%3D1681518969%3ART%3D1681518969%3AS%3DALNI_MaDsYPmWyU5yV_OwRsNx6yGEDPQ8g&prev_fmts=0x0&nras=1&correlator=2939805918124&rume=1&frm=20&pv=1&ga_vid=557382840.1681518967&ga_sid=1681518969&ga_hid=882669968&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=3795&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31073585%2C31073762%2C31061691%2C31061692&oid=2&pvsid=4164485387214954&tmod=1829275388&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=cCaaYUJ5Qp&p=https%3A//www.cpomagazine.com&dtd=465
Message:
Failed to load resource: the server responded with a status of 400 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy frame-ancestors 'self' https://pagead2.googlesyndication.com
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

3d42143788880280390f9d4398796108.safeframe.googlesyndication.com
aax-eu.amazon-adsystem.com
aax.amazon-adsystem.com
ad.360yield.com
ad.turn.com
ads.betweendigital.com
ads.pubmatic.com
ads.yieldmo.com
adservice.google.com
analytics.google.com
ap.lijit.com
apex.go.sonobi.com
api.id5-sync.com
api.rlcdn.com
apis.cmp.quantcast.com
as-sec.casalemedia.com
b1sync.zemanta.com
bh.contextweb.com
btlr.sharethrough.com
bttrack.com
c.amazon-adsystem.com
c.bing.com
c2shb.pubgw.yahoo.com
cdn.confiant-integrations.net
cdn.id5-sync.com
ce.lijit.com
cm.adgrx.com
cm.g.doubleclick.net
cmp.quantcast.com
connect-metrics-collector.s-onetag.com
contextual.media.net
cpomagazine.activehosted.com
creativecdn.com
cs.admanmedia.com
cs.media.net
csi.gstatic.com
csync.loopme.me
data.adsrvr.org
dis.criteo.com
dis.eu.criteo.com
dsum-sec.casalemedia.com
dsum.casalemedia.com
e.serverbid.com
eb2.3lift.com
eus.rubiconproject.com
fastlane.rubiconproject.com
fonts.googleapis.com
fonts.gstatic.com
g2.gumgum.com
get.s-onetag.com
googleads.g.doubleclick.net
hb-api.omnitagjs.com
hbopenbid.pubmatic.com
htlb.casalemedia.com
ib.adnxs.com
ice.360yield.com
id5-sync.com
image2.pubmatic.com
image4.pubmatic.com
image6.pubmatic.com
image8.pubmatic.com
imps.monu.delivery
js-sec.indexww.com
lb.eu-1-id5-sync.com
match.adsrvr.org
match.deepintent.com
match.prod.bidr.io
match.sharethrough.com
medianet-match.dotomi.com
monu.delivery
odr.mookie1.com
onetag-geo.s-onetag.com
onetag-sys.com
p.rfihub.com
pagead2.googlesyndication.com
partner.googleadservices.com
pixel-sync.sitescout.com
pixel-us-east.rubiconproject.com
pixel.quantserve.com
pixel.rubiconproject.com
pixel.tapad.com
pm.w55c.net
pool.admedo.com
pr-bh.ybp.yahoo.com
prebid.a-mo.net
prebid.cootlogix.com
prebid.media.net
prod.us-east-1.cxm-bcn.publisher-services.amazon.dev
protected-by.clarium.io
pubmatic-match.dotomi.com
px.ads.linkedin.com
quantcast.mgr.consensu.org
rtb-csync.smartadserver.com
rtb.gumgum.com
rtb.mfadsrvr.com
rules.quantcount.com
s.ad.smaato.net
s.amazon-adsystem.com
s.company-target.com
secure-assets.rubiconproject.com
secure.adnxs.com
secure.quantserve.com
securepubads.g.doubleclick.net
signal-beacon.s-onetag.com
signal-metrics-collector-beta.s-onetag.com
signal-segments.s-onetag.com
simage2.pubmatic.com
simage4.pubmatic.com
ssbsync-us.smartadserver.com
ssbsync.smartadserver.com
ssum-sec.casalemedia.com
stags.bluekai.com
static.cloudflareinsights.com
stats.g.doubleclick.net
sync-amz.ads.yieldmo.com
sync-tm.everesttech.net
sync.1rx.io
sync.adkernel.com
sync.cootlogix.com
sync.crwdcntrl.net
sync.go.sonobi.com
sync.ipredictive.com
sync.mathtag.com
sync.outbrain.com
sync.srv.stackadapt.com
sync.targeting.unrulymedia.com
sync.technoratimedia.com
tg.socdm.com
thrtle.com
token.rubiconproject.com
tpc.googlesyndication.com
u.openx.net
um.simpli.fi
unpkg.com
ups.analytics.yahoo.com
us-u.openx.net
usersync.gumgum.com
www.cpomagazine.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
x.bidswitch.net
cm.g.doubleclick.net
cpomagazine.activehosted.com
dsum-sec.casalemedia.com
dsum.casalemedia.com
googleads.g.doubleclick.net
ib.adnxs.com
pagead2.googlesyndication.com
securepubads.g.doubleclick.net
signal-metrics-collector-beta.s-onetag.com
tpc.googlesyndication.com
www.google.com
www.googletagservices.com
104.107.5.93
104.18.11.47
104.18.24.185
104.36.115.111
104.36.115.113
107.20.74.88
124.146.215.47
13.226.39.123
13.33.4.31
137.184.100.7
141.95.98.65
145.40.88.5
151.101.194.49
159.89.246.130
162.19.138.118
162.19.138.82
162.248.18.32
162.248.18.37
169.197.150.7
172.217.13.162
173.223.56.26
173.231.184.20
174.137.133.32
178.250.7.11
18.161.23.84
18.161.34.46
18.161.34.99
18.161.39.198
18.235.185.19
18.235.206.17
185.184.8.90
192.132.33.46
192.40.39.223
195.244.31.11
198.148.27.140
199.127.204.142
199.187.193.177
199.187.193.197
199.38.167.130
2001:4860:4802:32::3
2001:4860:4802:38::181
207.198.113.88
23.92.190.68
2600:1f18:4e9:5a02:9485:f56c:9e9b:dee5
2600:3c03:1::2d4f:f6e2
2600:9000:20ee:2a00:9:46dc:4700:93a1
2600:9000:21dd:7000:6:44e3:f8c0:93a1
2600:9000:2209:c00:1b:5138:8a40:93a1
2600:9000:24d6:f000:9:46dc:4700:93a1
2602:803:c002:200::115
2603:c020:400d:3000:bf17:cd18:9a23:846c
2606:4700:10::6816:3456
2606:4700:3033::ac43:be7c
2606:4700:4400::ac40:99f6
2606:4700::6810:3965
2606:4700::6810:7eaf
2606:4700::6811:586d
2606:ae80:1471:16::760
2607:f8b0:4004:c09::9a
2607:f8b0:4006:807::200a
2607:f8b0:4006:809::2008
2607:f8b0:4006:816::200e
2607:f8b0:4006:81c::2004
2607:f8b0:4006:81e::2001
2607:f8b0:4006:81e::2002
2607:f8b0:4006:81f::2002
2607:f8b0:4020:805::2002
2607:f8b0:4020:806::2002
2607:f8b0:4020:806::2003
2607:f8b0:4020:807::2001
2620:112:f002:bbbb::21
2620:116:800b:21:a021:b886:81cc:55cf
2620:1ec:21::14
2620:1ec:c11::200
3.214.100.121
3.220.4.20
3.225.218.10
3.229.9.249
34.107.148.139
34.111.113.62
34.120.155.137
34.205.97.218
34.236.83.94
34.96.71.22
34.98.64.218
35.186.236.140
35.190.90.30
35.194.66.159
35.207.24.140
35.210.53.219
35.211.178.172
35.214.153.92
44.206.197.88
45.77.203.141
51.222.39.186
52.2.156.62
52.223.22.214
52.223.40.198
52.3.16.139
52.46.151.131
52.55.204.172
52.86.227.251
52.87.143.191
52.94.220.185
54.197.171.49
54.84.32.213
54.87.127.173
63.251.114.136
68.67.160.184
68.67.179.153
69.166.1.12
69.166.1.14
69.173.151.100
70.42.32.159
70.42.32.191
72.247.65.83
74.119.119.150
74.121.140.14
75.2.13.80
8.28.7.83
8.28.7.84
80.77.87.163
96.16.24.29
96.16.25.21
96.17.64.208
96.46.183.20
0325b6c9e68ae3f6ec25f6817b4daef364bd99c2ff5f04588fd6f956bf983b97
043ad48808f23c99a50e9dd6fe2d06af0eedd7eb9a6f1b84b53970d3a15a1331
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
077f77c9c36b6609c8aee82deb6ca41f0d4e20dbd30eecd0e77771fd09a87655
0923770bb815e3bfdf797d47f2fc2dbacb8f3a3f6ef4962fb54e2d9b0f1ea64c
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0c09c070833c786cb25be38bc30992b30bad578f817dbc9e34beacd8b8ea44c5
0c34dc4de2a524e93b1315788f03ba101b99e22ff50082945e84a00368d73e16
0c5ba36d17dbb2d161ba94d7a42ddb19d35e24655843780991d300a54ff3747b
0d7e992398c5583785f67d5d8c6fc73e5db747036eaca729d2fb790e2d98de2a
0ef323a8bd61536f4d2d1ade7a59d4711b0dd06a74fd299743d63a8bc0072073
11e4342c37d88d69519e3d4be0ed9da7c51f1febe2abc7944745fc583b29c3a3
12389cbf93a4648b9def8381af8406865ccc4795de543bb3fc6433e334a75ac6
158ee1de1ada8484c7c8a541c919c2ff56e15bccf0b9630b0d8890fc620aff4c
15f9dda80ef6f6c9f463667434bdcf2b87d6aa5b5d4f73dc1dc3e188a0a089b9
174efc6b44234bcde6f9d45112517b9dd7fb66ba4e0f66bc4511986dd4fa1cfd
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002
19d82aec54ab06c4893a34f98b72e2ab01babae1056a9bc5b103eb7303613f33
1b11fe07fa35527293631d74b9198b31e092ec310c41bf479c153f827d047c99
1cd6f44b5916f55642f1cdeba12d1e251c6e57ab52e7411b221c47e75eb56999
1d9cd8fc4b53b62c920da11f3234b245e13ed06699dec1cd1181550458728f7e
2160bf35e174c6e88e61594fa3faf5a0e22b7e5a0ee48626e5d19ffff5eedd10
2164ccda35ef9f1994988c3854e7941905fffa2b6edf0a2f32826ada9b4c3ed0
2195e791cd25259c4a568ee1036b6e20a700a636db54fbb03fa76df03cd8feaf
21d86ec39200e69c8758314c29df763ef2f7d362df0a85cb0b104c9647b4ed94
226c2cd36a96900bd6ee442b6630ec391f2faf86f2b3955e4ea5e11e5e89cc93
22c29473716ed14198adc9db4ea074c19b2bce1caba9d7075b5a35777f902dcd
253dbb7cdf8b323dd7701b955a3557228e07163d34c34a09844928005b2107dd
2661bf324476669dbaf675b5345a83d9b3fe63d1dbdac68a15e9fec61190e829
267624d6585f5af3734a9cb080b139d9856688e4ef149fa091b9358cb931cfaa
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
26f2c1abc7720059c2f88aac37f0b15cd551c1b69b522eef0bf782cefcc98dc5
2a667d55b63b9a010e1d0039007470df84803725d422709d1fe851a3c858faec
2aa25a19729df7b573f42c20a108d4ec213403df5ac193414f02f35887e7017c
2af478968cfdba350d71cea6da37a73a0105a5b34eefb670d31b68e76233e051
2b85175c21358b9c4e67033cef7ea98ed3f508ded187fd5a627bf9c77c0f74fb
2bade56a7ffba357a889833a2ee130dba8ed6f3ac07ccb69306a7f0713902e75
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef
2ff89ded434e81949bb71cbfe7f2e1a1f479ce0ca499858ebfb43b4cf4e4f0ac
301600537083f6a2fe757fd25d475ca1e6ea804bf7fa0e488b6243e838841f4b
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
31ecc2f86d5917ed4667dcaaab4a3b212720237b8466f05c3f90a05e858a3031
3296d5f37229e0c0085a608e930bdac6353b9546c49a47781a77d539ca132d2e
36b745958adb1a0ad5b84075890a5898547e527ae23110f7360723b3ed7fa4ae
370b78312c0815efac0ec918d5522611c57d23b7f839fdd4fa8a1c6996f47e4f
385abfd40861f4219e6f965f9ebafe0f1323ed7ed2a5fd00c95215999f7b7f8c
3a48ba6d11055a2a6f840befa14e603650d8ca3d752e16daccd828d3869fb791
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
3f0e896a7089d518e75c207fb23eb3af295005b900d2ad7ee86e898afa6b3739
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390
40b8859bec2da6a6edb67e47760cab3cd1391af35a0039a5d720a17388dfc2af
40eaaf79ceb31c42372a460291a77950a61f9e6beb80d259475998aa2fa83e89
4269abba537698a6c9c5b33eb352ec4e64a3d5e5895fbd396729e0fec3056479
429bb4d4c0e60ac7db93ab6fb20a9417658b9a43f61e52f02d1f6dcb7307784e
4392c1b8a6c7c523e0d7d31b05e805b2e5540c266d87933179337f3d9d74fae4
43e96d451b13a80f769c106908376c94b31beb9aac6566498c5c60f0059ca4f1
453b94549eec4e46e867763d3b7a83bcc63b207ce706321ede5e640910a932de
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
480728a9f6122f34c3c84a4af8987bdfd95a6f2d9f3a52caf4559a0270d1d37e
483784ecdf80ccaffd50869e23e2efdbeed9343b1b4c7dae837667e4984a68a7
4860695983e79ae4c596701d7203945837da206d3fdba56684661a5cd60b16c2
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
48ac2030a4b163ee12689a8ab83beae6caff8d4246285f7febd68127c3f3db23
48e75093a4b39cba4cef328e0909d8c2e02d6a72b246b47132a4329ad0986dfe
4a8ed15fc730af0dc9bfa83e01c77cb09b690ddba25bb5dc5617e871196a7573
4c9cdaec4970cf14d52899f21e0a6297e2f33bf461c78d39eafe0711f65a4809
4d5f17b22ca098e09b7fb3b05f39d37fcddc663221163957a637568c33877c40
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4e1c60d000ba3349afb1eb1283044a42f2f6bc03b39761e98d7e1f07ca3b899b
5349a1cb507f89c1e88f41b3790db900668bf5c375ac44165242cee5060e86dd
54049ed31cddfc0fe34e9b14306d73a17100f2307fe88272ba2ec3f98be345cf
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
55aec25b8532f1669f97fe08f3729ee008a23d30c183a4336191ef7b6f8c3f75
594d3c9939f2525d213200f4ff9c88bb506099e803184a0d6d343a7a2f994554
5971b095cff574a66d35ada016d4c077c86e2dea62e9c0f14cf7c94b258619de
59ca72acaa7d5ef558ef3fa5da394fee9c98484b36497cb6a9fe857db8c648e9
5aca6d2e838b5ac05cb57c5e18836a89ce6d58d19f40a1bb6bf05bab8d9b7fc2
5caceb91a5c3157b7ce6b8efd3681c2985217520f475dcd5b029145664b0d4df
5d357e59e464329ea174ee6add3631078f821d8190ff89db5546999578310d88
5d80c98fb61975af43d63cdd0fa46018b43d1280a5a6d346009a4753aecc2483
5edf87d91ac7f84f7107140caf7c3c3d2441106fe490bcdb81d60c16be69f88a
5f6a398c7a4aaee0a4a4a87fd12bd0a39287fcc57825d8e0c3945ef399203f09
5f8ab520893c3b3ff5e8e9dc11b14a37f5472ba9ca56a4f9784757bdc1ed6c5e
5f9b744d2dc9a18a04ea686ea8f8b63f5b121393c65e4a75f724b77ec571c9d7
6019c3c9e47dc991f8d9937deafbb0740c2e61e321324798cb508773b0814824
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
67aac621e3c31ae0cf6866a00c2e2267256f7a3692f6f770ea046daed9efd66a
68a84433a9939762eaac536834e7e8c2470d867a6108cf1022831b8509d55caf
692c2fc940c7b6c310531bceab088550a70f7ce6b391e6f766e3184595337862
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6c87b40001d1d1ee933c62308fd150bf3c1b7c38801f82ee9aa15e3b06892245
6dd93964f7b7956561507fd6f0e8e741d254d4dbbea086e4a3fcfade8eb23f5f
70076b643a5de980682189950613ae3e0ac77c394b2d8bb82bd10354d461094b
710d167963d5b65c6046bda05aac464cb6c138df6e62ff26833c250b1a0b823d
72a64af6c85d8ab9bb2b508571c6a70080750c4891634dcbe36cb95737ca0f48
7880baffe2ae82053e2779e29e71c2070392d531d9b56b5ea5d74de367d2ae42
78cad1fb95d1e9bbe4a7b1f90fa38ef699314ee65bf914e65ffae62005103a8e
790a3e9cdecd8dd095e540c85d5666cd0b9b37168ff279901595a041f6b43849
792a5dff1eec6a0e4db2168bab33f4f46b2208de5f9a5b9ebbd631ccd1ff3674
7abe0db529694cf16771d54ba8381d1387872b9302ee49e8b5f68c6b788612c0
7b0fb27181aa8c2244ab51f28e8b544248585a334184445b1da9b04f89a794ac
7bc0c4519150a490750c0f9f77857d5af952bca0bad56e3db6d24bd79f18b4e7
7d10f96baf70d96b77e853a5c843c6e010f6f51a13d5cbcb5531f37ee6e11033
802a3b18272fce86b7ae5e349963873801db2a682c542ba2a78b673f295ff5e2
81c14743b734588b4d03449c56faf6105c5a6977c9059f9606092964f4504009
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
839339c99427edaff464c1f8ba1f1db3eb2521556ee946efae0912eed183fe9b
83a818561b7f93e0f7664504ef5993250ab3f2e6420b5d73cf708fba0f5665e4
851a1aace07f995f5075846e18098478b6fe7c7e921e84747504ceb39f6a94b6
8b8bd527d2f3767ea3f61834cefe64ab3c7898407d6f6aa35f1339bcceebe5f4
8ceb3992861ed1fda25855c2e500e76842ae0d788405e50e3a9f45df36499cf6
8d69652a1a136d57fe58fbbbd117f3c0fbc30bd7ec763edc1e3fa19281b719a7
8f49a3ec64610a2a49cf3378ee9d1ea2f0d1b8a292ffbc4b58aecc12293fb771
8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5
903eb8f1cc364e01930ba03579f049a72794aa91d1a5842a2edb6365e436bb7c
94ab74a6aa8a5a9884c210c3b27563475238da4f46cc3132368222e0dd33a46b
97db276c5f25880d98b97bbdf7cb8aa565a17fd09613843cb694b7936b121e82
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
9d82902c9ad1d86f5119662f0e507926c6a12ef1c4ba4eb83b886ce8cd0460d4
9e82a31a228f0f3e6b81e21297599c4bf47afa197a373e6da88a441d2067e8a0
9fb6304e031891f354e6a896a80127cbaf5d997864cf59a32b4157e679df45ec
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a0ed648b3788cb18d61d64d9ba4e0ca4f9deb73fa45c5d421dddec79c710f091
a19c50bfe787f159e850f6ca6f289295e5f314f755c0714ab75db6903e9f546c
a34c66357c23203a8f6fef28b03e31086f44e93e94a673eb593168a84db41159
a3ad126418c507a350da1563ff625e3dd93186a42c868b57bd8524c152716b82
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a6c116f0400f45d0e8ceb44aa926a54d69be6740df943b08168d2d38ffc758f7
a829d1fe9d7d1ba15c67371e60bbb7a139229c27458d007244c2a3c7d02c731c
a855a4ac0a2a8d534cb34ff2bed5314d9a72bed53c97b18099820af1fc5323f8
a986c26c40febdfac5074b57a925fe2d7b901e75b7bcad4a19a5cbe3987b51bf
acccc501aa6afa3cfac15e8ddccf1561deed2ed08c2f7d652abbdbe9aa71609a
acce299f5a2d2f91fab07ad234ddecd80ec3fa800bd207720c44102f4e0f379e
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
aff7c57b76dc629e4a9b4c22edaf44e70b78f94704c3484dfb2861d87beacc66
b06c733c6e6308df88efac97ab776bdaa9a03553752d78ad897acb04a048f3f8
b07bbe527fba6a3d53984a182715e4a8efa34740901152fb201e569da99e32b5
b0f8d4dd8c611e6091bbffa6bd39c444683fc1238bb08c3845ab4bdeab39045b
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b19d9fa78774aa8220f33e0679de11de57cfd936c2ea076e6812957016011007
b1c076f876b94e2023d470bdccf607aaf563fa33f890fce6d78905a4478d4a49
b2e4d08754839510a3d77ddf8205a515e51e4277c323932b10441196744ce757
b3055386b68c9417f75aeafce34f95d12720fd217509957741180f4270e26da8
b575b0ad75b0fd71c005f97c8f383bb4067448ef1b8f72063b2962daf23f07ba
b5980b9754e06c4b349a458cdfe27af99d20d6e5da905cf87635f8b6b6659762
b5d339cba7b482551ccc788baf8ce101cfca018747f89bfd4483c110cd1f038e
b5f7f68737e6ac4a12d1e743a7724cee2a0e14b968ebb3da1813de2998cd2ac2
b64069e2e14b684ebb6b7a678932d155c9c7627f8638a89bc8e144224d1145ee
b887a3f7aafc491fe1529e008ce3126197bca21d62ae1183be7b3abf8dfc6618
b918719a877970044821d50f582d79273e055607529039c335f3e60e0cfc5303
b9300c55f12e7f8def6ef28002f820dce1579b90b4e7ec5b9b7582ea7f13371e
b931ebe83dfbafe0461c6f41e3b0812baf1072238bc22d5ff8a88c3ac6c76f7a
ba8451f39b0887dfff955335e5bf9007d350bf5c2d9f5ef697e07275ecbc331a
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bce9806f44de9d2a512a3719e0c9a106152572b0f0279c18012e7a892cd9dd2e
bdfaaa31db5f25cb60d1cee9c7a4c5c483e5b21da822c2a70b3c76926043a0a8
bfb7fc3c20e7ba72ae5e015cd2fb4f5026b5896e34e102ca81371459bae9f519
c08054f7a3393693e60258290e3e05d4de664645aeba9f244b00d481e7226b64
c16b1459e064c5549b59ce8037572a115bb7e0dd683c84d98a78cba89923ae4c
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
c37a134e735f9a3dc9916bbed8f5e576f89b9f26537a59544d74004962b1a8ef
c58912e88ab5604fe9331bdceb4c4592202ec5a7edc3f0054e554d90cc04cb8a
c5a303f5ac4be05981e37d301ed8f080805d2f2529bc7c38fbd2f7f45aca51a8
c60ae505bc4742036b9e219b6d878d7e50cf4754ea56346e39f19f3f413b4889
c6956e8710cf477f7014440385ae16ee4b8cc7ecfd02fddd4d2f0c6c7fd15845
c6f945153fee8bc5ec7f1190559f4176b17be67625bfad61ea1408da5fff7eb8
c917dcfe706640daf3c2d180418829991cf8392a0ddcb996e1114703f2b04654
c9ac13bac7ab829224e6232b3ce729cdee42f28576b7482780e954ba99bd9092
ca070dfc7785775cbf5cce16064029ee534259de42c6d9de10e476e710000e93
caf2af138de3512090bf47c5309525803cc96404eeddf175539df19c6bca305b
cbc38667cc862f0f6d5062d0e070ffb73d4d0fd35b04f9f51809fce0ec6b3dbf
cbeee230de9adc4b4765d4387c54fa936a5c26f8306fe0e6f5f8415284f56c33
cc0055c95a9b40e9b1f1c6032df5a89701772e2546f677e7a599b1bd93a41ef6
cc0e716595a20cd577f4cba25c11b4b54d92311f5f4bf22b992af281cabbc0c7
cc7403bab52ed166e24ea9324241045af370be482f5b594468f4a6ac6e7e7981
ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142
cf1f8319ca782b440884e208138f7ead21a63f78e5fed43638f3e0104a8e1685
cf465519d2bf8affe1ddc2a19603047d26b817f73588c11e05f930c3f8ae540e
d38a16e06db1090cebe752b272bc5e5b2834f5a20427deb54465e24a8142d4eb
d49b7449aa58f66cee9a17e172cec2a0118bfaa380db2290d1aff39c450343d5
d4ad6488b98dc54a19fafd8a6e462938d13787e6b3b0f21516013c41bb7a8017
d65a105d3742a487b55df9d4ec44d00f660594fef5d1d0bbb9db004c8ff24d70
d6621200328c67a58e7f049fc077058611d49a8b0462acecdd1f25ef0b20a831
d6d47737737a16bde4063bae0ebfac9f8f99ed096cb22f031e6f1f2cb4946e3a
d6f86afdd338fc6f3765d02a1317cbe5844c5a1b1bf3e8b5a51fb57ba5c2ce28
d70cd722981668fc5cc2087c373af7a3784c29f9bf39d21aadacf3589c93ec49
d7d3820cac85b4f074f0801e3c87c8c3b37b28730bfadefe6ea9a921bfce34bc
d860723b3ff6030d220876c230d0ee578d31c80ca03a90c78c44126c422c42d7
dbc2930cb35eff36dc7f7b28bb33eedb59fcb304bcf621f86592b5ecaa4268f4
dc52abfa9b39696c25446b973f82653b8625ee3a16e043c1cd94cab23a1fcda4
dceb0e6e7212e955a13b2a5b830dcf64211c819e4ef0dab36fdfc097081865d5
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
e2cd2838d9537e8b405992bfa4ef5ddd9ab98461eec351ff661d7b9d475839dd
e33ba42f852ce067eb17fbd01903a7549c4e3f7abab563292000b002349d63b3
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e88a629625029f3654952ce4f62b2dce0e23699728a5ac9d4e847956cbba57b8
e94d9d4dc2b917019e391f381898fb6a4b74937d274f17001cbaf63ffefcf5df
ea9d7f12b79a5a8f143a9e4a6d53fe0c5617544afcc08e0c94eefaef8d7b5468
eafac78ab498f8af409e9d214c00ebc9e46fc5f5e06a7beb428e3297522954cd
ee88d7fe4fec2ac82a04b20b5b0d2ae70b6184b0a588e3cf2c2bcf661b3378fb
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f2e76f96c1aea767f75c924a169b75cff1990b57e0fd5d78c9146e0a798c7407
f31b91a059513fe96baae333fba5e643a41716bc4ad42d6085267eea82aca3ac
f38633352e23b2f65f1e39604fd478b07df48171bec9ddaf3c7485ff3f265a6b
f3f47d6a938ede7a828ca47022eee50835e4c9375f7ca41581fa94e25c8e950e
f4cf779d6f3c89fe7444351ffa29e8310c723bfef646a29148e2203d82c1e81c
f514543170b7d33d558d367a0047faf7d003acddeb3857f2cb929d6bfb5af190
f58d8a1e02100aba9fb71180fc80c963dcc1b005f62d09f18782e91aa18405d6
f5a1d79fd76ca1981dd17971d977374539665108c77705412e0709671dc8b610
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
f6dc5d8da13b8d2cb94dbedc5ab67a55c7b0f02c989eb323839fab4c4c8ce912
f8c134b6c96ca6883691740e36707f618f023c0ca7db994d86ecd3be5c2e0521
f9ffac5a8fa3d50c6bd5c0e6635e2a42489d5fe955bc6e7baba8a3277d8f7a27
fb3988b6fa5f64ea8de4cb6b8309d5b826685f81690a8c1f5a51366fe754dfb0
fb498b3a71cd40739119ca50ed11128fdb9390c25b2f3dad681d0346eb30cdb5
fdb425159f23a230e2ec11386d373f11e59ab8d539a52f0babbb66676e5d9e72
fea6ea9b6b0765ec97bb7d710da40a4416285fbe81016e64ff38adf03b11493b
feaed7c174eb22a5f9e4af065a391a5d9cabe28b47da9ee6f2144559f4419a41