journalmetro.com Open in urlscan Pro
192.0.66.2 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://journalmetro.com/societe/techno/2808007/ce-virus-se-deguise-en-une-application-populaire-pour-voler-les-acces-des...
Submission: On April 18 via api (April 18th 2022, 5:14:17 pm UTC) from US — Scanned from DE

Summary HTTP 176 Redirects Links 15 Behaviour Indicators

Summary

This website contacted 53 IPs in 6 countries across 35 domains to perform 176 HTTP transactions. The main IP is 192.0.66.2, located in San Francisco, United States and belongs to AUTOMATTIC, US. The main domain is journalmetro.com. The Cisco Umbrella rank of the primary domain is 588338.
TLS certificate: Issued by R3 on February 25th 2022. Valid for: 3 months.

This is the only time journalmetro.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
35	192.0.66.2 192.0.66.2	2635 (AUTOMATTIC) (AUTOMATTIC)
1	184.87.213.83 184.87.213.83	16625 (AKAMAI-AS) (AKAMAI-AS)
4	35.227.246.163 35.227.246.163	15169 (GOOGLE) (GOOGLE)
4	99.86.7.67 99.86.7.67	16509 (AMAZON-02) (AMAZON-02)
15	178.79.242.16 178.79.242.16	22822 (LLNW) (LLNW)
1	65.9.61.60 65.9.61.60	16509 (AMAZON-02) (AMAZON-02)
2	192.0.76.3 192.0.76.3	2635 (AUTOMATTIC) (AUTOMATTIC)
8	108.157.4.35 108.157.4.35	16509 (AMAZON-02) (AMAZON-02)
10	2a02:26f0:350... 2a02:26f0:3500:7::17d8:4dd1	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2a02:26f0:350... 2a02:26f0:3500:7::17d8:4dc7	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	35.227.201.248 35.227.201.248	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:829::2008	15169 (GOOGLE) (GOOGLE)
1	52.8.117.187 52.8.117.187	16509 (AMAZON-02) (AMAZON-02)
5	169.44.97.2 169.44.97.2	36351 (SOFTLAYER) (SOFTLAYER)
2	188.65.124.90 188.65.124.90	41690 (DAILYMOTI...) (DAILYMOTION For peering related business)
1	34.194.161.83 34.194.161.83	14618 (AMAZON-AES) (AMAZON-AES)
2	65.9.66.173 65.9.66.173	16509 (AMAZON-02) (AMAZON-02)
5	142.250.186.98 142.250.186.98	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:800::200e	15169 (GOOGLE) (GOOGLE)
1	142.250.184.194 142.250.184.194	15169 (GOOGLE) (GOOGLE)
1 2	37.252.172.37 37.252.172.37	29990 (ASN-APPNEX) (ASN-APPNEX)
2	184.87.212.214 184.87.212.214	16625 (AKAMAI-AS) (AKAMAI-AS)
3	2a03:2880:f01... 2a03:2880:f01c:216:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
4	54.162.166.147 54.162.166.147	14618 (AMAZON-AES) (AMAZON-AES)
1	185.86.137.17 185.86.137.17	201081 (SMARTADSE...) (SMARTADSERVER)
1 1	104.92.74.8 104.92.74.8	16625 (AKAMAI-AS) (AKAMAI-AS)
2	104.89.20.125 104.89.20.125	16625 (AKAMAI-AS) (AKAMAI-AS)
1 2	185.86.137.110 185.86.137.110	201081 (SMARTADSE...) (SMARTADSERVER)
1 2	2600:1f18:612... 2600:1f18:612b:4200:ada2:2974:cd33:9395	14618 (AMAZON-AES) (AMAZON-AES)
1 1	8.2.111.137 8.2.111.137	46636 (NATCOWEB) (NATCOWEB)
1	34.254.143.3 34.254.143.3	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:82f::200a	15169 (GOOGLE) (GOOGLE)
8	188.65.124.59 188.65.124.59	41690 (DAILYMOTI...) (DAILYMOTION For peering related business)
5	2a00:1450:400... 2a00:1450:4001:80f::200a	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:80e::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:400c:c0b::9a	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:827::2004	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:80e::2003	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:812::2003	15169 (GOOGLE) (GOOGLE)
1	188.65.124.91 188.65.124.91	41690 (DAILYMOTI...) (DAILYMOTION For peering related business)
2	92.123.225.34 92.123.225.34	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
4	2a03:2880:f11... 2a03:2880:f11c:8083:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
2	151.139.128.11 151.139.128.11	20446 (STACKPATH...) (STACKPATH-CDN)
1	69.173.144.139 69.173.144.139	26667 (RUBICONPR...) (RUBICONPROJECT)
2	2a00:1450:400... 2a00:1450:4001:80e::2006	15169 (GOOGLE) (GOOGLE)
1	188.65.124.38 188.65.124.38	41690 (DAILYMOTI...) (DAILYMOTION For peering related business)
6	2a00:1450:400... 2a00:1450:4001:808::2002	15169 (GOOGLE) (GOOGLE)
1	8.39.36.142 8.39.36.142	26667 (RUBICONPR...) (RUBICONPROJECT)
1	2600:1f18:612... 2600:1f18:612b:4216:e715:23fc:28e9:ce6e	14618 (AMAZON-AES) (AMAZON-AES)
1	54.173.181.170 54.173.181.170	14618 (AMAZON-AES) (AMAZON-AES)
1	2a00:1450:400... 2a00:1450:4001:800::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82a::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82a::2001	15169 (GOOGLE) (GOOGLE)
1	198.47.127.19 198.47.127.19	3257 (GTT-BACKB...) (GTT-BACKBONE GTT)
3	2a00:1450:400... 2a00:1450:4001:810::2001	15169 (GOOGLE) (GOOGLE)
176	53

35 192.0.66.2 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)

journalmetro.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 184.87.213.83 (Milan, Italy)

ASN16625 (AKAMAI-AS, US)
PTR: a184-87-213-83.deploy.static.akamaitechnologies.com

s.ntv.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 35.227.246.163 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 163.246.227.35.bc.googleusercontent.com

rdc.m32.media	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 99.86.7.67 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-86-7-67.fra6.r.cloudfront.net

static.freeskreen.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 178.79.242.16 (United States)

ASN22822 (LLNW, US)
PTR: https-178-79-242-16.fra.llnw.net

api.dmcdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
static1.dmcdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
vendorlist.dmcdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 65.9.61.60 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-65-9-61-60.fra56.r.cloudfront.net

cdn.parsely.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 192.0.76.3 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)

stats.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 108.157.4.35 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-157-4-35.dus51.r.cloudfront.net

sb.freeskreen.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a02:26f0:3500:7::17d8:4dd1 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

use.typekit.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:3500:7::17d8:4dc7 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

p.typekit.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.227.201.248 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 248.201.227.35.bc.googleusercontent.com

geoloc.m32.media	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:829::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.8.117.187 (San Jose, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-8-117-187.us-west-1.compute.amazonaws.com

jadserve.postrelease.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 169.44.97.2 (United States)

ASN36351 (SOFTLAYER, US)
PTR: 2.61.2ca9.ip4.static.sl-reverse.com

rumble.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 188.65.124.90 (France)

ASN41690 (DAILYMOTION For peering related business, please mail peering@dailymotion.com, FR)
PTR: fp.dc3.dailymotion.com

www.dailymotion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.194.161.83 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-194-161-83.compute-1.amazonaws.com

p1.parsely.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 65.9.66.173 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-65-9-66-173.fra56.r.cloudfront.net

c.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 142.250.186.98 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s06-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:800::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.184.194 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s11-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 37.252.172.37 (Frankfurt am Main, Germany) 1 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 691.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 184.87.212.214 (Milan, Italy)

ASN16625 (AKAMAI-AS, US)
PTR: a184-87-212-214.deploy.static.akamaitechnologies.com

ads.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a03:2880:f01c:216:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 54.162.166.147 (United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-162-166-147.compute-1.amazonaws.com

tags.srv.stackadapt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.86.137.17 (France)

ASN201081 (SMARTADSERVER, FR)

ww1772.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.92.74.8 (Frankfurt am Main, Germany) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a104-92-74-8.deploy.static.akamaitechnologies.com

secure-assets.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.89.20.125 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-89-20-125.deploy.static.akamaitechnologies.com

eus.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.86.137.110 (France) 1 redirects

ASN201081 (SMARTADSERVER, FR)

sync.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:1f18:612b:4200:ada2:2974:cd33:9395 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)

scm.publishers.tremorhub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 8.2.111.137 (United States) 1 redirects

ASN46636 (NATCOWEB, US)

cs.admanmedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.254.143.3 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-254-143-3.eu-west-1.compute.amazonaws.com

loadeu.exelator.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82f::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 188.65.124.59 (France)

ASN41690 (DAILYMOTION For peering related business, please mail peering@dailymotion.com, FR)
PTR: ebed2.dm.gg

pebed.dm-event.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:80f::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

imasdk.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80e::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400c:c0b::9a (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:827::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:80e::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:812::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 188.65.124.91 (France)

ASN41690 (DAILYMOTION For peering related business, please mail peering@dailymotion.com, FR)
PTR: st.dc3.dailymotion.com

speedtest.dailymotion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 92.123.225.34 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a92-123-225-34.deploy.static.akamaitechnologies.com

s2.dmcdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a03:2880:f11c:8083:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.139.128.11 (United States)

ASN20446 (STACKPATH-CDN, US)

sp.rmbl.ws	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.144.139 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)

token.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80e::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 188.65.124.38 (France)

ASN41690 (DAILYMOTION For peering related business, please mail peering@dailymotion.com, FR)
PTR: icscale-01-pub-ix7.vip.dailymotion.com

dmxleo.dailymotion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:808::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 8.39.36.142 (United States)

ASN26667 (RUBICONPROJECT, US)

pixel-us-west.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1f18:612b:4216:e715:23fc:28e9:ce6e (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

pc178-7uxjk.ads.tremorhub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.173.181.170 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-173-181-170.compute-1.amazonaws.com

ads.freeskreen.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:800::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82a::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82a::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

024be88163f6450705310453a11d0d1d.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 198.47.127.19 (United States)

ASN3257 (GTT-BACKBONE GTT, US)

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:810::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
35	journalmetro.com journalmetro.com — Cisco Umbrella Rank: 588338	3 MB
17	dmcdn.net api.dmcdn.net — Cisco Umbrella Rank: 28668 static1.dmcdn.net — Cisco Umbrella Rank: 13556 vendorlist.dmcdn.net — Cisco Umbrella Rank: 17432 s2.dmcdn.net — Cisco Umbrella Rank: 16159	524 KB
13	freeskreen.com static.freeskreen.com — Cisco Umbrella Rank: 46673 sb.freeskreen.com — Cisco Umbrella Rank: 36072 ads.freeskreen.com — Cisco Umbrella Rank: 45195	166 KB
11	typekit.net use.typekit.net — Cisco Umbrella Rank: 510 p.typekit.net — Cisco Umbrella Rank: 625	235 KB
10	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 98 024be88163f6450705310453a11d0d1d.safeframe.googlesyndication.com tpc.googlesyndication.com — Cisco Umbrella Rank: 128	65 KB
8	dm-event.net pebed.dm-event.net — Cisco Umbrella Rank: 14629	1 KB
8	doubleclick.net securepubads.g.doubleclick.net — Cisco Umbrella Rank: 193 googleads.g.doubleclick.net — Cisco Umbrella Rank: 40 stats.g.doubleclick.net — Cisco Umbrella Rank: 95	279 KB
6	googleapis.com ajax.googleapis.com — Cisco Umbrella Rank: 282 imasdk.googleapis.com — Cisco Umbrella Rank: 417	878 KB
5	google.com www.google.com — Cisco Umbrella Rank: 4 adservice.google.com — Cisco Umbrella Rank: 77	2 KB
5	rubiconproject.com 1 redirects secure-assets.rubiconproject.com — Cisco Umbrella Rank: 1117 eus.rubiconproject.com — Cisco Umbrella Rank: 567 token.rubiconproject.com — Cisco Umbrella Rank: 675 pixel-us-west.rubiconproject.com — Cisco Umbrella Rank: 4599	11 KB
5	rumble.com rumble.com — Cisco Umbrella Rank: 21179	37 KB
5	m32.media rdc.m32.media — Cisco Umbrella Rank: 25991 geoloc.m32.media — Cisco Umbrella Rank: 27787	140 KB
4	facebook.com www.facebook.com — Cisco Umbrella Rank: 100	531 B
4	google.de www.google.de — Cisco Umbrella Rank: 5383 adservice.google.de — Cisco Umbrella Rank: 7579	1 KB
4	stackadapt.com tags.srv.stackadapt.com — Cisco Umbrella Rank: 3894	6 KB
4	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 37	20 KB
4	dailymotion.com www.dailymotion.com — Cisco Umbrella Rank: 13757 speedtest.dailymotion.com — Cisco Umbrella Rank: 16213 dmxleo.dailymotion.com — Cisco Umbrella Rank: 14301	24 KB
3	tremorhub.com 1 redirects scm.publishers.tremorhub.com — Cisco Umbrella Rank: 52371 pc178-7uxjk.ads.tremorhub.com	966 B
3	smartadserver.com 1 redirects ww1772.smartadserver.com — Cisco Umbrella Rank: 52771 sync.smartadserver.com — Cisco Umbrella Rank: 1463	686 B
3	facebook.net connect.facebook.net — Cisco Umbrella Rank: 138	201 KB
3	pubmatic.com ads.pubmatic.com — Cisco Umbrella Rank: 461 image6.pubmatic.com — Cisco Umbrella Rank: 622	9 KB
2	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 262	33 KB
2	rmbl.ws sp.rmbl.ws — Cisco Umbrella Rank: 27596	51 KB
2	gstatic.com www.gstatic.com	18 KB
2	adnxs.com 1 redirects secure.adnxs.com — Cisco Umbrella Rank: 438	2 KB
2	amazon-adsystem.com c.amazon-adsystem.com — Cisco Umbrella Rank: 302	40 KB
2	wp.com stats.wp.com — Cisco Umbrella Rank: 2657 pixel.wp.com — Cisco Umbrella Rank: 2521	3 KB
2	parsely.com cdn.parsely.com — Cisco Umbrella Rank: 2749 p1.parsely.com — Cisco Umbrella Rank: 2214	19 KB
1	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 176	29 KB
1	exelator.com loadeu.exelator.com — Cisco Umbrella Rank: 7475	324 B
1	admanmedia.com 1 redirects cs.admanmedia.com — Cisco Umbrella Rank: 1260	444 B
1	googleadservices.com www.googleadservices.com — Cisco Umbrella Rank: 104	15 KB
1	postrelease.com jadserve.postrelease.com — Cisco Umbrella Rank: 1183	538 B
1	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 71	56 KB
1	ntv.io s.ntv.io — Cisco Umbrella Rank: 3577	115 KB
176	35

	Domain	Requested by
35	journalmetro.com	journalmetro.com
13	static1.dmcdn.net	www.dailymotion.com static1.dmcdn.net
10	use.typekit.net	journalmetro.com use.typekit.net
8	pebed.dm-event.net	www.dailymotion.com static1.dmcdn.net
8	sb.freeskreen.com	static.freeskreen.com journalmetro.com
6	pagead2.googlesyndication.com	srcdoc securepubads.g.doubleclick.net tpc.googlesyndication.com
5	imasdk.googleapis.com	www.dailymotion.com static1.dmcdn.net imasdk.googleapis.com rumble.com
5	securepubads.g.doubleclick.net	rdc.m32.media securepubads.g.doubleclick.net www.googletagservices.com
5	rumble.com	journalmetro.com rumble.com
4	www.facebook.com	journalmetro.com
4	www.google.com	journalmetro.com tpc.googlesyndication.com
4	tags.srv.stackadapt.com	journalmetro.com tags.srv.stackadapt.com
4	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com journalmetro.com
4	static.freeskreen.com	journalmetro.com
4	rdc.m32.media	journalmetro.com rdc.m32.media
3	tpc.googlesyndication.com	securepubads.g.doubleclick.net tpc.googlesyndication.com
3	www.google.de	journalmetro.com
3	connect.facebook.net	journalmetro.com connect.facebook.net
2	s0.2mdn.net	imasdk.googleapis.com
2	sp.rmbl.ws	journalmetro.com
2	s2.dmcdn.net	www.dailymotion.com
2	www.gstatic.com	static1.dmcdn.net www.gstatic.com
2	stats.g.doubleclick.net	www.google-analytics.com
2	scm.publishers.tremorhub.com	1 redirects journalmetro.com
2	sync.smartadserver.com	1 redirects journalmetro.com
2	eus.rubiconproject.com	sb.freeskreen.com eus.rubiconproject.com
2	ads.pubmatic.com	journalmetro.com ads.pubmatic.com
2	secure.adnxs.com	1 redirects journalmetro.com
2	c.amazon-adsystem.com	rdc.m32.media c.amazon-adsystem.com
2	www.dailymotion.com	journalmetro.com www.dailymotion.com
1	image6.pubmatic.com	ads.pubmatic.com
1	024be88163f6450705310453a11d0d1d.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
1	adservice.google.com	securepubads.g.doubleclick.net
1	adservice.google.de	securepubads.g.doubleclick.net
1	www.googletagservices.com	sb.freeskreen.com
1	ads.freeskreen.com	ajax.googleapis.com
1	pc178-7uxjk.ads.tremorhub.com	ajax.googleapis.com
1	pixel-us-west.rubiconproject.com	eus.rubiconproject.com
1	dmxleo.dailymotion.com	static1.dmcdn.net
1	token.rubiconproject.com	eus.rubiconproject.com
1	speedtest.dailymotion.com	static1.dmcdn.net
1	vendorlist.dmcdn.net	static1.dmcdn.net
1	googleads.g.doubleclick.net	www.googleadservices.com
1	ajax.googleapis.com	journalmetro.com
1	loadeu.exelator.com	journalmetro.com
1	cs.admanmedia.com	1 redirects
1	secure-assets.rubiconproject.com	1 redirects
1	ww1772.smartadserver.com	sb.freeskreen.com
1	pixel.wp.com	journalmetro.com
1	www.googleadservices.com	www.googletagmanager.com
1	p1.parsely.com	journalmetro.com
1	jadserve.postrelease.com	s.ntv.io
1	www.googletagmanager.com	journalmetro.com
1	geoloc.m32.media	rdc.m32.media
1	p.typekit.net	use.typekit.net
1	stats.wp.com	journalmetro.com
1	cdn.parsely.com	journalmetro.com
1	api.dmcdn.net	journalmetro.com
1	s.ntv.io	journalmetro.com
176	59

This site contains links to these domains. Also see Links.

Domain
www.zscaler.com
francoischarron.com
metromedia.ca
www.quebechebdo.com
www.corriereitaliano.com
www.facebook.com
twitter.com
www.instagram.com
www.tiktok.com
www.linkedin.com
apps.apple.com
play.google.com

Subject Issuer	Validity	Valid
journalmetro.com R3	`2022-02-25` - `2022-05-26`	3 months	crt.sh
*.ntv.io DigiCert SHA2 Secure Server CA	`2021-12-04` - `2022-12-06`	a year	crt.sh
*.m32.media Sectigo RSA Domain Validation Secure Server CA	`2021-12-16` - `2023-01-16`	a year	crt.sh
*.freeskreen.com Amazon	`2021-12-19` - `2023-01-16`	a year	crt.sh
*.dmcdn.net ZeroSSL RSA Domain Secure Site CA	`2022-03-12` - `2022-06-10`	3 months	crt.sh
*.parsely.com Amazon	`2021-07-05` - `2022-08-03`	a year	crt.sh
*.wp.com Sectigo RSA Domain Validation Secure Server CA	`2020-04-02` - `2022-07-05`	2 years	crt.sh
use.typekit.net DigiCert TLS RSA SHA256 2020 CA1	`2022-03-07` - `2023-04-07`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-03-28` - `2022-06-20`	3 months	crt.sh
*.postrelease.com Amazon	`2021-12-29` - `2023-01-27`	a year	crt.sh
*.rumble.com DigiCert TLS RSA SHA256 2020 CA1	`2021-11-11` - `2022-12-07`	a year	crt.sh
www.dailymotion.com ZeroSSL RSA Domain Secure Site CA	`2022-04-12` - `2022-07-11`	3 months	crt.sh
c.amazon-adsystem.com Amazon	`2021-07-06` - `2022-06-27`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-03-28` - `2022-06-20`	3 months	crt.sh
www.googleadservices.com GTS CA 1C3	`2022-03-28` - `2022-06-20`	3 months	crt.sh
*.pubmatic.com DigiCert SHA2 Secure Server CA	`2022-02-04` - `2023-02-03`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2022-01-26` - `2022-04-26`	3 months	crt.sh
*.srv.stackadapt.com Amazon	`2021-11-09` - `2022-12-07`	a year	crt.sh
*.smartadserver.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-01-25` - `2023-01-25`	a year	crt.sh
*.rubiconproject.com DigiCert TLS RSA SHA256 2020 CA1	`2022-03-17` - `2023-04-04`	a year	crt.sh
*.exelator.com DigiCert TLS RSA SHA256 2020 CA1	`2021-06-02` - `2022-06-07`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2022-03-28` - `2022-06-20`	3 months	crt.sh
*.dm-event.net ZeroSSL RSA Domain Secure Site CA	`2022-04-16` - `2022-07-15`	3 months	crt.sh
www.google.com GTS CA 1C3	`2022-03-28` - `2022-06-20`	3 months	crt.sh
www.google.de GTS CA 1C3	`2022-03-28` - `2022-06-20`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2022-03-28` - `2022-06-20`	3 months	crt.sh
speedtest.dailymotion.com ZeroSSL RSA Domain Secure Site CA	`2022-02-25` - `2022-05-26`	3 months	crt.sh
api.dmcdn.net R3	`2022-04-14` - `2022-07-13`	3 months	crt.sh
sp.rmbl.ws R3	`2022-04-02` - `2022-07-01`	3 months	crt.sh
*.google.com GTS CA 1C3	`2022-03-28` - `2022-06-20`	3 months	crt.sh
*.google.de GTS CA 1C3	`2022-03-28` - `2022-06-20`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2022-03-28` - `2022-06-20`	3 months	crt.sh
dmxleo.dailymotion.com ZeroSSL RSA Domain Secure Site CA	`2022-02-24` - `2022-05-25`	3 months	crt.sh
*.tremorhub.com Amazon	`2022-03-24` - `2023-04-22`	a year	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2022-03-28` - `2022-06-20`	3 months	crt.sh

This page contains 16 frames:

Primary Page: https://journalmetro.com/societe/techno/2808007/ce-virus-se-deguise-en-une-application-populaire-pour-voler-les-acces-des-comptes-facebook-et-plus-encore/
Frame ID: 2A38055BC2F81B02AB3951A46C9850EA
Requests: 106 HTTP requests in this frame

Frame: https://www.dailymotion.com/embed/video/x89xs1h?autoPlay=0&mute=0
Frame ID: A7419CD40C8347EB73B805B5F24C2A22
Requests: 27 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?p=123456&endpoint=us-west
Frame ID: 53ACE922905C9AF8C802807FC6A75A4B
Requests: 4 HTTP requests in this frame

Frame: https://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js
Frame ID: E97182DC55AC21F36419CED0B3AE0C48
Requests: 11 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Frame ID: 665F0AF2434793EDCC2E2206B54461FC
Requests: 2 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.510.1_en.html
Frame ID: F5D946441D120D1F09697F7BE5087757
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: 45B2B9E1A67D3A1671342060ACCE7DE8
Requests: 1 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.510.1_en.html
Frame ID: F6275A0BDCE8771F69A7ABC99648CFEE
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: 9E2D58E45C162DDF06F5DF0C17464F4C
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: D8A4E0C983982E56019EABDC0672E137
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: 228BB998242143722CCDDDFC90EF5C23
Requests: 1 HTTP requests in this frame

Frame: https://www.googletagservices.com/tag/js/gpt.js
Frame ID: 1225D4A0CD5E41536C88112199CB7A8C
Requests: 8 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&SPug=true&p=158606&s=2565852&predirect=https%3A%2F%2Fpubmlisher.com%2FcookieSyncEndPoint%3Fpubmatic_uid%3D(PM_UID)&userIdMacro=(PM_UID)&gdpr_consent=ABCFETYFDJLNBFCV&gdpr=1&us_privacy=&
Frame ID: 70675E5B1528A56EB07C5F76A8A48AF1
Requests: 2 HTTP requests in this frame

Frame: https://024be88163f6450705310453a11d0d1d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Frame ID: D1F043A9AB24885CBEBDC02F6C859C56
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 816AEDAAB7DC821DB27E1B58C24211EA
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 6B8BF7193F660F68A4C3DEB09F09B2ED
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Ce virus se déguise en une application populaire pour voler les accès des comptes Facebook et plus encore

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
/wp-(?:content|includes)/

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

DoubleClick for Publishers (DFP) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googletagservices\.com/tag/js/gpt(?:_mobile)?\.js

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js

PubMatic (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.pubmatic\.com

Rubicon Project (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.rubiconproject\.com

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

176
Requests

98 %
HTTPS

38 %
IPv6

35
Domains

59
Subdomains

53
IPs

6
Countries

5880 kB
Transfer

12794 kB
Size

25
Cookies

15 Outgoing links

These are links going to different origins than the main page.

URL: https://www.zscaler.com/blogs/security-research/ffdroider-stealer-targeting-social-media-platform-users
Title: rapport publié par les chercheurs de chez Zscaler

Search URL Search Domain Scan URL

URL: https://francoischarron.com/securite/logiciels-securite-prevention/nos-suggestions-des-meilleurs-antivirus-et-suites-de-protection-pour-ordinateur/kdrORvUM0C/
Title: antivirus

Search URL Search Domain Scan URL

URL: https://francoischarron.com/reseaux-sociaux/facebook/comment-desactiver-lenregistrement-de-vos-informations-de-connexion-sur-facebook/2ZADysDuA0/
Title: désactiver l’enregistrement de nos informations de connexion sur Facebook

Search URL Search Domain Scan URL

URL: https://francoischarron.com/sur-le-web/trucs-conseils/conseils-pour-choisir-un-bon-mot-de-passe/gp2xLTdqAY/
Title: mot de passe fort

Search URL Search Domain Scan URL

URL: https://francoischarron.com/reseaux-sociaux/facebook/les-meilleurs-trucs-pour-proteger-securiser-et-eviter-de-se-faire-pirater-son-compte-facebook/mThQg0oBeE/
Title: Les meilleurs trucs pour protéger, sécuriser et éviter de se faire pirater son compte Facebook

Search URL Search Domain Scan URL

URL: https://metromedia.ca/
Title: Métro Média

Search URL Search Domain Scan URL

URL: https://www.quebechebdo.com/
Title: Métro Québec

Search URL Search Domain Scan URL

URL: https://www.corriereitaliano.com/
Title: Corriere Italiano

Search URL Search Domain Scan URL

URL: https://www.facebook.com/journalmetro/
Title: Facebook

Search URL Search Domain Scan URL

URL: https://twitter.com/journalmetro
Title: Twitter

Search URL Search Domain Scan URL

URL: https://www.instagram.com/journalmetro/
Title: Instagram

Search URL Search Domain Scan URL

URL: https://www.tiktok.com/@journalmetro
Title: TikTok

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/journalmetro/
Title: LinkedIn

Search URL Search Domain Scan URL

URL: https://apps.apple.com/ca/app/m%C3%A9tro/id1579705887

Search URL Search Domain Scan URL

URL: https://play.google.com/store/apps/details?id=com.journalmetro.app

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 65

https://secure.adnxs.com/seg?add=18870188&t=1 HTTP 307
https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D18870188%26t%3D1

Request Chain 71

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=123456&endpoint=us-west HTTP 301
https://eus.rubiconproject.com/usync.html?p=123456&endpoint=us-west

Request Chain 72

https://sync.smartadserver.com/getuid?url=https%3A%2F%2Fsb.freeskreen.com%2Fum%3Fsa%3D%5Bsas_uid%5D HTTP 302
https://sync.smartadserver.com/getuid?url=https://sb.freeskreen.com/um?sa=[sas_uid]&cklb=1

Request Chain 73

https://scm.publishers.tremorhub.com/pubsync?redir=https%3A%2F%2Fsb.freeskreen.com%2Fum%3Ftlr%3D%5Btvid%5D HTTP 302
https://scm.publishers.tremorhub.com/pubsync/verify?redir=https%3A%2F%2Fsb.freeskreen.com%2Fum%3Ftlr%3D%5Btvid%5D

Request Chain 74

https://cs.admanmedia.com/sync/smaato?redir=https%3A%2F%2Fsb.freeskreen.com%2Fum%3Fac%3D{$UID} HTTP 302
https://sb.freeskreen.com/um?ac={$UID}

176 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
journalmetro.com/societe/techno/2808007/ce-virus-se-deguise-en-une-application-populaire-pour-voler-les-acces-des-comptes-facebook-et-plus-encore/ 134 KB
27 KB 498ms
471ms Document
text/html 192.0.66.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://journalmetro.com/societe/techno/2808007/ce-virus-se-deguise-en-une-application-populaire-pour-voler-les-acces-des-comptes-facebook-et-plus-encore/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx / WordPress VIP <https://wpvip.com>

Resource Hash

3b3bfa83d0748f840ad71399c512fe13ca4eec39b959efd0efea9eade4e20421

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
cache-control: max-age=300, must-revalidate
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Mon, 18 Apr 2022 17:14:09 GMT
host-header: a9130478a60e5f9135f765b23f26593b
link: <https://journalmetro.com/wp-json/>; rel="https://api.w.org/" <https://journalmetro.com/wp-json/wp/v2/posts/2808007>; rel="alternate"; type="application/json" <https://journalmetro.com/?p=2808007>; rel=shortlink
server: nginx
strict-transport-security: max-age=31536000
vary: Accept-Encoding
x-cache: miss
x-distributor: yes
x-hacker: If you're reading this, you should visit wpvip.com/careers and apply to join the fun, mention this header.
x-powered-by: WordPress VIP <https://wpvip.com>
x-rq: hhn2 0 4 9980
x-tec-api-origin: https://journalmetro.com
x-tec-api-root: https://journalmetro.com/wp-json/tribe/events/v1/
x-tec-api-version: v1

GET
H/1.1 200
OK load.js Show response
s.ntv.io/serve/ 394 KB
115 KB 177ms
35ms Script
application/x-javascript 184.87.213.83
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://s.ntv.io/serve/load.js
Requested by: Host: journalmetro.com
URL: https://journalmetro.com/societe/techno/2808007/ce-virus-se-deguise-en-une-application-populaire-pour-voler-les-acces-des-comptes-facebook-et-plus-encore/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.87.213.83 Milan, Italy, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-87-213-83.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: a0b374cb5be30cf745d18c8403fcf6d68c68720a8b72f6205960a38231056bc3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://journalmetro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Mon, 18 Apr 2022 17:14:10 GMT
Content-Encoding: gzip
x-amz-request-id: NMYPA40T2P6HA552
x-amz-server-side-encryption: AES256
Transfer-Encoding: chunked
Connection: keep-alive, Transfer-Encoding
x-amz-id-2: d+McgAf3RL8WcxnoLqJbuSE9iPdwk3NYtTydm2FqN84YpaemN80xv8yPNwsl286hpPhzLdTXwMM=
Last-Modified: Tue, 12 Apr 2022 15:30:17 GMT
Server: AmazonS3
ETag: "aa068ae425ad39385b7557af7408b5ba"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: application/x-javascript
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=3600
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

GET
H2 200 m32pixel.min.js Show response
rdc.m32.media/ 61 KB
17 KB 160ms
116ms Script
application/javascript 35.227.246.163
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://rdc.m32.media/m32pixel.min.js
Requested by: Host: journalmetro.com
URL: https://journalmetro.com/societe/techno/2808007/ce-virus-se-deguise-en-une-application-populaire-pour-voler-les-acces-des-comptes-facebook-et-plus-encore/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.227.246.163 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 163.246.227.35.bc.googleusercontent.com
Software: nginx/1.10.3 /
Resource Hash: 069f695140cae015bfd9f54836c257da65969097a565500f49adb1a262ae6719

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://journalmetro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 17:14:10 GMT
content-encoding: gzip
last-modified: Mon, 04 Apr 2022 18:37:29 GMT
server: nginx/1.10.3
etag: W/"624b3ae9-f449"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=900
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
via: 1.1 google
expires: Mon, 18 Apr 2022 17:29:10 GMT

GET
H/1.1 200
OK freeskreen.min.js Show response
static.freeskreen.com/ba/178/ 25 KB
10 KB 51ms
8ms Script
text/javascript 99.86.7.67
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.freeskreen.com/ba/178/freeskreen.min.js
Requested by: Host: journalmetro.com
URL: https://journalmetro.com/societe/techno/2808007/ce-virus-se-deguise-en-une-application-populaire-pour-voler-les-acces-des-comptes-facebook-et-plus-encore/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.7.67 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-7-67.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: f2cbdca26b4a69378f33d852d753e98da4d1e072593b84988510426fb7061ae7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://journalmetro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-amz-version-id: OeZgvulR.mciHt0rPQ9VLAPlsuVaOU6s
Content-Encoding: gzip
Last-Modified: Fri, 05 Feb 2021 19:12:29 GMT
Server: AmazonS3
Age: 45290
ETag: "250e1fbc1a421882d2953e5f1855da6c"
X-Cache: Hit from cloudfront
Content-Type: text/javascript
Via: 1.1 d3039ad83798b26ecb9f9f1e666afe26.cloudfront.net (CloudFront)
Connection: keep-alive
Date: Mon, 18 Apr 2022 04:42:49 GMT
X-Amz-Cf-Pop: FRA6-C1
Accept-Ranges: bytes
Content-Length: 9275
X-Amz-Cf-Id: uzlZAV-ZZ8bTgc6LCQM260j8sJQ-EnzZTAuOBZBJjzCo2KxgKzg7Nw==

GET
H2 200 metro-blocks.css
journalmetro.com/wp-content/plugins/metro-blocks/assets/blocks/ 625 B
480 B 7ms
5ms Stylesheet
text/css 192.0.66.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://journalmetro.com/wp-content/plugins/metro-blocks/assets/blocks/metro-blocks.css?m=1650287091g

Requested by

Host: journalmetro.com
URL: https://journalmetro.com/societe/techno/2808007/ce-virus-se-deguise-en-une-application-populaire-pour-voler-les-acces-des-comptes-facebook-et-plus-encore/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

9011ddae3deb1ab73795c21348c5828cccb5c54c8df96e208be00a6db2555aff

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://journalmetro.com/societe/techno/2808007/ce-virus-se-deguise-en-une-application-populaire-pour-voler-les-acces-des-comptes-facebook-et-plus-encore/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 17:14:10 GMT
x-rq: hhn2 0 4 9980
last-modified: Mon, 18 Apr 2022 13:04:51 GMT
server: nginx
age: 6646
etag: W/"625d61f3-271"
vary: Accept-Encoding
x-cache: hit
content-type: text/css
cache-control: max-age=31536000
strict-transport-security: max-age=31536000
accept-ranges: bytes
content-encoding: gzip
content-length: 331
expires: Tue, 18 Apr 2023 17:14:10 GMT

GET
H2 200 /
journalmetro.com/_static/ 82 KB
11 KB 7ms
6ms Stylesheet
text/css 192.0.66.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://journalmetro.com/_static/??/wp-content/plugins/events-calendar-pro/src/resources/css/tribe-events-pro-mini-calendar-block.min.css,/wp-includes/css/dist/block-library/style.min.css?m=1650287090

Requested by

Host: journalmetro.com
URL: https://journalmetro.com/societe/techno/2808007/ce-virus-se-deguise-en-une-application-populaire-pour-voler-les-acces-des-comptes-facebook-et-plus-encore/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

518c6914d11db0af6748292e85c75661a0db4c1508c6b1c1e904cf1f1fb047f9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://journalmetro.com/societe/techno/2808007/ce-virus-se-deguise-en-une-application-populaire-pour-voler-les-acces-des-comptes-facebook-et-plus-encore/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 17:14:10 GMT
x-rq: hhn2 0 4 9980
last-modified: Mon, 18 Apr 2022 13:04:50 GMT
server: nginx
age: 6646
vary: Accept-Encoding
x-cache: hit
content-type: text/css;charset=utf-8
cache-control: max-age=31536000
strict-transport-security: max-age=31536000
accept-ranges: bytes
content-encoding: gzip
content-length: 11337

GET
H2 200 /
journalmetro.com/_static/ 15 KB
3 KB 15ms
14ms Stylesheet
text/css 192.0.66.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://journalmetro.com/_static/??-eJzTLy/QzcxLzilNSS3WzyrWz01NyUxMzUnNTc0rQeEU5CRWphbp5qSmJyZX6uVm5uklFxfr6OPTDpRD5sM02efaGpqZWFqamloYmAMARQou8Q==

Requested by

Host: journalmetro.com
URL: https://journalmetro.com/societe/techno/2808007/ce-virus-se-deguise-en-une-application-populaire-pour-voler-les-acces-des-comptes-facebook-et-plus-encore/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

3d2c10cf69410c10177fc6e56937d05151b182841fa6aee36f651d587d91fbb8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://journalmetro.com/societe/techno/2808007/ce-virus-se-deguise-en-une-application-populaire-pour-voler-les-acces-des-comptes-facebook-et-plus-encore/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 17:14:10 GMT
x-rq: hhn2 0 4 9980
last-modified: Thu, 14 Apr 2022 17:03:27 GMT
server: nginx
age: 6646
vary: Accept-Encoding
x-cache: hit
content-type: text/css;charset=utf-8
cache-control: max-age=31536000
strict-transport-security: max-age=31536000
accept-ranges: bytes
content-encoding: gzip
content-length: 3431

GET
H2 200 /
journalmetro.com/_static/ 377 KB
60 KB 8ms
7ms Stylesheet
text/css 192.0.66.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://journalmetro.com/_static/??-eJx1jcEOgjAQRH/IsoWI0YPxU0gpGyiw24Zu099XEQ4Gvb6ZeQM5KOtZkAXCnHrHEXJoRmoWwxMuEFI7Ows2fnP14cWLn+CvIxuxQ+f7o2VPNo8ixweXDEgYgVAWz5gjdC7K6iDzo05J7e8jSjB2UqUurutgA+/Ng+7lpdbV7VxX+gn3CF7U

Requested by

Host: journalmetro.com
URL: https://journalmetro.com/societe/techno/2808007/ce-virus-se-deguise-en-une-application-populaire-pour-voler-les-acces-des-comptes-facebook-et-plus-encore/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

77545f18cd0ede257cff7c58498d4bb0a83005a9c77d0c68bfebe64a1237a384

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://journalmetro.com/societe/techno/2808007/ce-virus-se-deguise-en-une-application-populaire-pour-voler-les-acces-des-comptes-facebook-et-plus-encore/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 17:14:10 GMT
x-rq: hhn2 0 4 9980
last-modified: Mon, 18 Apr 2022 15:08:40 GMT
server: nginx
age: 6646
vary: Accept-Encoding
x-cache: hit
content-type: text/css;charset=utf-8
cache-control: max-age=31536000
strict-transport-security: max-age=31536000
accept-ranges: bytes
content-encoding: gzip
content-length: 60811

GET
H2 200 / Show response
journalmetro.com/_static/ 98 KB
34 KB 15ms
14ms Script
application/javascript 192.0.66.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://journalmetro.com/_static/??-eJzTLy/QzcxLzilNSS3WzwKiwtLUokoopZebmaeXVayjj0+Rbm5melFiSSpUsX2uraGZiaWlqamFgXkWAK/QIi4=

Requested by

Host: journalmetro.com
URL: https://journalmetro.com/societe/techno/2808007/ce-virus-se-deguise-en-une-application-populaire-pour-voler-les-acces-des-comptes-facebook-et-plus-encore/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

75839e3ea0cd949a33dc21dd8b0931f396829fea8e0e3148b576b1228f40e469

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://journalmetro.com/societe/techno/2808007/ce-virus-se-deguise-en-une-application-populaire-pour-voler-les-acces-des-comptes-facebook-et-plus-encore/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 17:14:10 GMT
x-rq: hhn2 0 4 9980
last-modified: Thu, 14 Apr 2022 17:03:27 GMT
server: nginx
age: 6646
vary: Accept-Encoding
x-cache: hit
content-type: application/javascript
cache-control: max-age=31536000
strict-transport-security: max-age=31536000
accept-ranges: bytes
content-encoding: gzip
content-length: 34312

GET
H2 200 madops.js Show response
rdc.m32.media/ 56 KB
16 KB 157ms
115ms Script
application/javascript 35.227.246.163
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://rdc.m32.media/madops.js?ver=5.9.3
Requested by: Host: journalmetro.com
URL: https://journalmetro.com/societe/techno/2808007/ce-virus-se-deguise-en-une-application-populaire-pour-voler-les-acces-des-comptes-facebook-et-plus-encore/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.227.246.163 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 163.246.227.35.bc.googleusercontent.com
Software: nginx/1.10.3 /
Resource Hash: 48314bca6a877c6ca70c34c4bd60020b3074cc017979239086489a16d1cee26b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://journalmetro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 17:14:10 GMT
content-encoding: gzip
last-modified: Fri, 15 Apr 2022 18:41:15 GMT
server: nginx/1.10.3
etag: W/"6259bc4b-df7f"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=900, public
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
via: 1.1 google
expires: Mon, 18 Apr 2022 17:29:10 GMT

GET
H2 200 cross.svg
journalmetro.com/wp-content/themes/metronews/assets/images/ 839 B
544 B 108ms
108ms Image
image/svg+xml 192.0.66.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://journalmetro.com/wp-content/themes/metronews/assets/images/cross.svg

Requested by

Host: journalmetro.com
URL: https://journalmetro.com/societe/techno/2808007/ce-virus-se-deguise-en-une-application-populaire-pour-voler-les-acces-des-comptes-facebook-et-plus-encore/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

a45446c3fc328ce393d561e708f868b6ea7f39637230a3eed0f875ab010a2cf5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://journalmetro.com/societe/techno/2808007/ce-virus-se-deguise-en-une-application-populaire-pour-voler-les-acces-des-comptes-facebook-et-plus-encore/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 17:14:10 GMT
content-encoding: gzip
x-rq: hhn2 0 4 9980
last-modified: Mon, 18 Apr 2022 13:04:52 GMT
server: nginx
age: 0
etag: W/"625d61f4-347"
vary: X-Mobile-Class
x-cache: miss
content-type: image/svg+xml
cache-control: max-age=31536000
strict-transport-security: max-age=31536000
accept-ranges: bytes
content-length: 443
expires: Tue, 18 Apr 2023 17:14:10 GMT

GET
H2 200 logo-metro.svg
journalmetro.com/wp-content/themes/metronews/assets/images/ 3 KB
1 KB 108ms
108ms Image
image/svg+xml 192.0.66.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://journalmetro.com/wp-content/themes/metronews/assets/images/logo-metro.svg

Requested by

Host: journalmetro.com
URL: https://journalmetro.com/societe/techno/2808007/ce-virus-se-deguise-en-une-application-populaire-pour-voler-les-acces-des-comptes-facebook-et-plus-encore/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

19760ec5e87fdd96ed03c57bbb684e623784b308012f884f8bda3d7058d672f7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://journalmetro.com/societe/techno/2808007/ce-virus-se-deguise-en-une-application-populaire-pour-voler-les-acces-des-comptes-facebook-et-plus-encore/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 17:14:10 GMT
content-encoding: gzip
x-rq: hhn2 0 4 9980
last-modified: Mon, 18 Apr 2022 13:04:52 GMT
server: nginx
age: 0
etag: W/"625d61f4-a3f"
vary: X-Mobile-Class
x-cache: miss
content-type: image/svg+xml
cache-control: max-age=31536000
strict-transport-security: max-age=31536000
accept-ranges: bytes
content-length: 1073
expires: Tue, 18 Apr 2023 17:14:10 GMT

GET
H2 200 Default-Image.png
journalmetro.com/wp-content/uploads/2022/04/ 3 KB
3 KB 9ms
8ms Image
image/webp 192.0.66.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://journalmetro.com/wp-content/uploads/2022/04/Default-Image.png

Requested by

Host: journalmetro.com
URL: https://journalmetro.com/societe/techno/2808007/ce-virus-se-deguise-en-une-application-populaire-pour-voler-les-acces-des-comptes-facebook-et-plus-encore/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

0fc945ab1a7298bdf377d557f8eed188ce3003b61a39a35c77f6b718c37cab9a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://journalmetro.com/societe/techno/2808007/ce-virus-se-deguise-en-une-application-populaire-pour-voler-les-acces-des-comptes-facebook-et-plus-encore/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 17:14:10 GMT
x-rq: hhn2 109 139 443
last-modified: Tue, 05 Apr 2022 16:56:50 GMT
server: nginx
etag: "acaf462366969dbf"
vary: Accept
x-cache: HIT
content-type: image/webp
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
content-length: 2820
expires: Wed, 05 Apr 2023 16:56:50 GMT

GET
H2 200 virus-trojan-ffdroider-deguissement-application-telegram-ordinateur-pc.jpg
journalmetro.com/wp-content/uploads/2022/04/ 22 KB
22 KB 75ms
74ms Image
image/webp 192.0.66.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://journalmetro.com/wp-content/uploads/2022/04/virus-trojan-ffdroider-deguissement-application-telegram-ordinateur-pc.jpg?resize=768%2C285

Requested by

Host: journalmetro.com
URL: https://journalmetro.com/societe/techno/2808007/ce-virus-se-deguise-en-une-application-populaire-pour-voler-les-acces-des-comptes-facebook-et-plus-encore/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

10bf65bff01b778a325c94d5cf30cd289a798b50a19830bfda75ef7b7c9388e9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://journalmetro.com/societe/techno/2808007/ce-virus-se-deguise-en-une-application-populaire-pour-voler-les-acces-des-comptes-facebook-et-plus-encore/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 17:14:10 GMT
x-rq: hhn2 109 83 443
last-modified: Mon, 18 Apr 2022 17:14:10 GMT
server: nginx
etag: "560608533887313b"
vary: Accept
x-cache: MISS
content-type: image/webp
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
content-length: 22908
expires: Tue, 18 Apr 2023 17:14:10 GMT

GET
H2 200 app-store-logo.svg
journalmetro.com/wp-content/themes/metronews/assets/images/ 15 KB
3 KB 109ms
108ms Image
image/svg+xml 192.0.66.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://journalmetro.com/wp-content/themes/metronews/assets/images/app-store-logo.svg

Requested by

Host: journalmetro.com
URL: https://journalmetro.com/societe/techno/2808007/ce-virus-se-deguise-en-une-application-populaire-pour-voler-les-acces-des-comptes-facebook-et-plus-encore/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

e62f3ad2a3c11b1991861932754874d9f192b4fc73e781d19feabfc4fdd98c3a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://journalmetro.com/societe/techno/2808007/ce-virus-se-deguise-en-une-application-populaire-pour-voler-les-acces-des-comptes-facebook-et-plus-encore/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 17:14:10 GMT
content-encoding: gzip
x-rq: hhn2 0 4 9980
last-modified: Mon, 18 Apr 2022 13:04:52 GMT
server: nginx
age: 0
etag: W/"625d61f4-3aa2"
vary: X-Mobile-Class
x-cache: miss
content-type: image/svg+xml
cache-control: max-age=31536000
strict-transport-security: max-age=31536000
accept-ranges: bytes
content-length: 3096
expires: Tue, 18 Apr 2023 17:14:10 GMT

GET
H2 200 google-play-logo.svg
journalmetro.com/wp-content/themes/metronews/assets/images/ 27 KB
7 KB 109ms
109ms Image
image/svg+xml 192.0.66.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://journalmetro.com/wp-content/themes/metronews/assets/images/google-play-logo.svg

Requested by

Host: journalmetro.com
URL: https://journalmetro.com/societe/techno/2808007/ce-virus-se-deguise-en-une-application-populaire-pour-voler-les-acces-des-comptes-facebook-et-plus-encore/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

bce499b4657284e931f638588da4f70c3cef3b891c063a820ba2dfe3e4ed0605

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://journalmetro.com/societe/techno/2808007/ce-virus-se-deguise-en-une-application-populaire-pour-voler-les-acces-des-comptes-facebook-et-plus-encore/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 17:14:10 GMT
content-encoding: gzip
x-rq: hhn2 0 4 9980
last-modified: Mon, 18 Apr 2022 13:04:52 GMT
server: nginx
age: 0
etag: W/"625d61f4-6db5"
vary: X-Mobile-Class
x-cache: miss
content-type: image/svg+xml
cache-control: max-age=31536000
strict-transport-security: max-age=31536000
accept-ranges: bytes
content-length: 7185
expires: Tue, 18 Apr 2023 17:14:10 GMT

GET
H2 200 nav.js Show response
journalmetro.com/wp-content/themes/metronews/js/ 31 KB
9 KB 7ms
7ms Script
application/javascript 192.0.66.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://journalmetro.com/wp-content/themes/metronews/js/nav.js

Requested by

Host: journalmetro.com
URL: https://journalmetro.com/societe/techno/2808007/ce-virus-se-deguise-en-une-application-populaire-pour-voler-les-acces-des-comptes-facebook-et-plus-encore/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

5ec8847c40ba5d2d194d72cf8d2a23aeaf1a9ef6af611029fd88d677d4106c77

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://journalmetro.com/societe/techno/2808007/ce-virus-se-deguise-en-une-application-populaire-pour-voler-les-acces-des-comptes-facebook-et-plus-encore/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 17:14:10 GMT
x-rq: hhn2 0 4 9980
last-modified: Tue, 29 Mar 2022 16:11:35 GMT
server: nginx
age: 177650
etag: W/"62432fb7-7a4a"
vary: Accept-Encoding
x-cache: hit
content-type: application/javascript
cache-control: max-age=31536000
strict-transport-security: max-age=31536000
accept-ranges: bytes
content-encoding: gzip
content-length: 9218
expires: Tue, 18 Apr 2023 17:14:10 GMT

GET
H2 200 / Show response
journalmetro.com/_static/ 1 KB
598 B 6ms
6ms Script
application/javascript 192.0.66.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://journalmetro.com/_static/??/wp-content/mu-plugins/jetpack-10.8/_inc/build/photon/photon.min.js,/wp-content/plugins/tk-favorites/assets/js/public.js?m=1650287091j

Requested by

Host: journalmetro.com
URL: https://journalmetro.com/societe/techno/2808007/ce-virus-se-deguise-en-une-application-populaire-pour-voler-les-acces-des-comptes-facebook-et-plus-encore/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

e5a9f374db7c0c93a2d513d12b6f34f8e25e394aa441a483a0b5095e30df94fb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://journalmetro.com/societe/techno/2808007/ce-virus-se-deguise-en-une-application-populaire-pour-voler-les-acces-des-comptes-facebook-et-plus-encore/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 17:14:10 GMT
x-rq: hhn2 0 4 9980
last-modified: Mon, 18 Apr 2022 13:04:51 GMT
server: nginx
age: 6646
vary: Accept-Encoding
x-cache: hit
content-type: application/javascript
cache-control: max-age=31536000
strict-transport-security: max-age=31536000
accept-ranges: bytes
content-encoding: gzip
content-length: 562

GET
H2 200 all.js Show response
api.dmcdn.net/ 29 KB
11 KB 40ms
7ms Script
application/x-javascript 178.79.242.16
LLNW

General

Check archive.org

Show headers Download Go to

Full URL: https://api.dmcdn.net/all.js?ver=5.9.3
Requested by: Host: journalmetro.com
URL: https://journalmetro.com/societe/techno/2808007/ce-virus-se-deguise-en-une-application-populaire-pour-voler-les-acces-des-comptes-facebook-et-plus-encore/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 178.79.242.16 , United States, ASN22822 (LLNW, US),
Reverse DNS: https-178-79-242-16.fra.llnw.net
Software: DMS/1.0.42 /
Resource Hash: 49566600bfa0cd1a7804582e0cb5da0f8abaad1c19cba621fb698d5536f0d4ca

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://journalmetro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 17:14:10 GMT
content-encoding: gzip
age: 5858
server-timing: total;dur=0, dc;desc="dc3"
content-length: 10850
last-modified: Tue, 23 Nov 2021 08:29:55 GMT
server: DMS/1.0.42
etag: "619ca683-7477"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: max-age=86400
accept-ranges: bytes
timing-allow-origin: *
x-llid: acdf5ebdc07c5428673c21b606d6dbbc
expires: Tue, 19 Apr 2022 15:36:32 GMT

GET
H2 404 app.min.js
journalmetro.com/wp-content/themes/metronews/assets/js/ 0
0 108ms
107ms Script
text/html 192.0.66.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://journalmetro.com/wp-content/themes/metronews/assets/js/app.min.js?ver=1.1.2

Requested by

Host: journalmetro.com
URL: https://journalmetro.com/societe/techno/2808007/ce-virus-se-deguise-en-une-application-populaire-pour-voler-les-acces-des-comptes-facebook-et-plus-encore/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://journalmetro.com/societe/techno/2808007/ce-virus-se-deguise-en-une-application-populaire-pour-voler-les-acces-des-comptes-facebook-et-plus-encore/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 17:14:10 GMT
x-rq: hhn2 0 4 9980
server: nginx
age: 0
vary: Accept-Encoding
x-cache: miss
content-type: text/html
strict-transport-security: max-age=31536000
content-encoding: gzip

GET
H2 200 / Show response
journalmetro.com/_static/ 98 KB
28 KB 7ms
7ms Script
application/javascript 192.0.66.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://journalmetro.com/_static/??-eJx9zMEOgkAMhOEXEooETDwYn4Wwg+5m25Jugfj2bowHT57n/4aOtYky5y2gUCoUYnHaIUGNDA8IbHK1xjbxyGg5SpvKif6wOq2aX0vM+TefVRzi5E9wRQw3FRxfWz94+sR3vp0vY9dfh7Hv0hsFxzq0

Requested by

Host: journalmetro.com
URL: https://journalmetro.com/societe/techno/2808007/ce-virus-se-deguise-en-une-application-populaire-pour-voler-les-acces-des-comptes-facebook-et-plus-encore/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

db92a0118b94820130bd67f52bfb51b2129d1d0f1beaeed43f6ac65d2b098e08

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://journalmetro.com/societe/techno/2808007/ce-virus-se-deguise-en-une-application-populaire-pour-voler-les-acces-des-comptes-facebook-et-plus-encore/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 17:14:10 GMT
x-rq: hhn2 0 4 9980
last-modified: Mon, 18 Apr 2022 15:08:40 GMT
server: nginx
age: 3878
vary: Accept-Encoding
x-cache: hit
content-type: application/javascript
cache-control: max-age=31536000
strict-transport-security: max-age=31536000
accept-ranges: bytes
content-encoding: gzip
content-length: 28920

GET
H2 200 p.js Show response
cdn.parsely.com/keys/journalmetro.com/ 50 KB
19 KB 44ms
9ms Script
application/javascript 65.9.61.60
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.parsely.com/keys/journalmetro.com/p.js?ver=2.5.0
Requested by: Host: journalmetro.com
URL: https://journalmetro.com/societe/techno/2808007/ce-virus-se-deguise-en-une-application-populaire-pour-voler-les-acces-des-comptes-facebook-et-plus-encore/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.61.60 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-61-60.fra56.r.cloudfront.net
Software: nginx /
Resource Hash: ec0eec5408d22e16ae62df56c1a2c12fd40a1ec3f2b9d759e5f5b1747f115595

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://journalmetro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: public
date: Mon, 18 Apr 2022 06:54:25 GMT
content-encoding: gzip
last-modified: Mon, 03 May 2021 15:18:33 GMT
server: nginx
age: 37185
etag: W/"60901449-c8b0"
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 35a6ad9a7597ea2f4dacbdb5dc66a66c.cloudfront.net (CloudFront)
cache-control: max-age=86400, public
x-amz-cf-pop: FRA56-C1
x-amz-cf-id: 8mRt3g3OGnD_sUOgOAXiIAdWaOjQ_YVXDK81L3S0TR9V1VF_8CfCLQ==
expires: Tue, 19 Apr 2022 06:54:25 GMT

GET
H2 200 e-202216.js Show response
stats.wp.com/ 9 KB
3 KB 41ms
12ms Script
application/javascript 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.wp.com/e-202216.js
Requested by: Host: journalmetro.com
URL: https://journalmetro.com/societe/techno/2808007/ce-virus-se-deguise-en-une-application-populaire-pour-voler-les-acces-des-comptes-facebook-et-plus-encore/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 82d0aae1e7b8cfc0574d6548d1f35096f5e4310321aa964ff3fdb46c4d12e302

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://journalmetro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-nc: HIT ams
date: Mon, 18 Apr 2022 17:14:10 GMT
content-encoding: br
server: nginx
etag: W/"6197c5cf-3508"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
expires: Mon, 10 Apr 2023 04:41:20 GMT

GET
H2 200 script.js Show response
sb.freeskreen.com/publisher/ 74 KB
22 KB 117ms
76ms Script
text/html 108.157.4.35
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://sb.freeskreen.com/publisher/script.js?bai=178&ut=&uts=&flc=&slc=&windowlocation=https%3A%2F%2Fjournalmetro.com%2Fsociete%2Ftechno%2F2808007%2Fce-virus-se-deguise-en-une-application-populaire-pour-voler-les-acces-des-comptes-facebook-et-plus-encore%2F&usp=&gdpr=-1&cs=-1
Requested by: Host: static.freeskreen.com
URL: https://static.freeskreen.com/ba/178/freeskreen.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.157.4.35 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-157-4-35.dus51.r.cloudfront.net
Software: Apache/2.4.29 (Ubuntu) /
Resource Hash: bf4bd6c3154aaa63c42d8a93e705c9d2bc648ddf71eda070985da3334c70b2b3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://journalmetro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Apr 2022 17:14:10 GMT
content-encoding: gzip
server: Apache/2.4.29 (Ubuntu)
x-amz-cf-pop: DUS51-P2
vary: Accept-Encoding
x-cache: Miss from cloudfront
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI INT DEM STA PRE COM NAV NOI DSP COR"
via: 1.1 6d98bef126a4247ea75e1c5621ccd3fc.cloudfront.net (CloudFront)
cache-control: no-cache, no-store, must-revalidate
content-type: text/html;charset=UTF-8
content-length: 22002
x-amz-cf-id: 4-6OPOzVqiDxL9BgQ-Urzl4D05S-FlSnrtxDikf6aDRo6uclf3z14A==
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 wp-emoji-release.min.js Show response
journalmetro.com/wp-includes/js/ 18 KB
5 KB 9ms
8ms Script
application/javascript 192.0.66.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://journalmetro.com/wp-includes/js/wp-emoji-release.min.js?ver=5.9.3

Requested by

Host: journalmetro.com
URL: https://journalmetro.com/societe/techno/2808007/ce-virus-se-deguise-en-une-application-populaire-pour-voler-les-acces-des-comptes-facebook-et-plus-encore/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

def5de6254be138b8b35d680d1fdd8b07827d03b8626daebfeeb4157ec330ea7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://journalmetro.com/societe/techno/2808007/ce-virus-se-deguise-en-une-application-populaire-pour-voler-les-acces-des-comptes-facebook-et-plus-encore/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 17:14:10 GMT
x-rq: hhn2 0 4 9980
last-modified: Thu, 14 Apr 2022 17:03:27 GMT
server: nginx
age: 177650
etag: W/"625853df-4705"
vary: Accept-Encoding
x-cache: hit
content-type: application/javascript
cache-control: max-age=31536000
strict-transport-security: max-age=31536000
accept-ranges: bytes
content-encoding: gzip
content-length: 4926
expires: Tue, 18 Apr 2023 17:14:10 GMT

GET
H2 200 txa6kkw.css
use.typekit.net/ 10 KB
1 KB 78ms
32ms Stylesheet
text/css 2a02:26f0:3500:7::17d8:4dd1
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://use.typekit.net/txa6kkw.css

Requested by

Host: journalmetro.com
URL: https://journalmetro.com/_static/??-eJx1jcEOgjAQRH/IsoWI0YPxU0gpGyiw24Zu099XEQ4Gvb6ZeQM5KOtZkAXCnHrHEXJoRmoWwxMuEFI7Ows2fnP14cWLn+CvIxuxQ+f7o2VPNo8ixweXDEgYgVAWz5gjdC7K6iDzo05J7e8jSjB2UqUurutgA+/Ng+7lpdbV7VxX+gn3CF7U

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3500:7::17d8:4dd1 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

nginx /

Resource Hash

4bee99b4a53e7882d94714c07932776e4b4fdc56e53df4c09cd3b82baae52f96

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://journalmetro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains;
content-encoding: gzip
server: nginx
date: Mon, 18 Apr 2022 17:14:10 GMT
vary: Accept-Encoding
content-type: text/css;charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=600, stale-while-revalidate=604800
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 1164

GET
H2 200 p.css
p.typekit.net/ 5 B
181 B 64ms
19ms Stylesheet
text/css 2a02:26f0:3500:7::17d8:4dc7
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://p.typekit.net/p.css?s=1&k=txa6kkw&ht=tk&f=1885.26034.26053.26055.26060.26062.26063.25996.25998.26000.26004.26006.26019&a=62214393&app=typekit&e=css
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/txa6kkw.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:7::17d8:4dc7 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://use.typekit.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 17:14:10 GMT
last-modified: Sat, 16 Oct 2021 08:18:43 GMT
server: nginx
etag: "616a8ae3-5"
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=604800
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 5

GET
H2 200 / Show response
geoloc.m32.media/json/ 211 B
425 B 218ms
115ms XHR
application/json 35.227.201.248
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://geoloc.m32.media/json/

Requested by

Host: rdc.m32.media
URL: https://rdc.m32.media/m32pixel.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.227.201.248 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

248.201.227.35.bc.googleusercontent.com

Software

nginx/1.18.0 (Ubuntu) /

Resource Hash

f254108533fdca503650281e2c784668e0fdf8c7879464f95b0cbd44401d39b8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://journalmetro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 17:14:10 GMT
content-encoding: gzip
x-database-date: Mon, 18 Apr 2022 02:00:13 GMT
server: nginx/1.18.0 (Ubuntu)
vary: Origin
content-type: application/json
access-control-allow-origin: https://journalmetro.com
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubdomains;
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
via: 1.1 google

GET
H3 200 custom.json Show response
rdc.m32.media/adops/custom_files/journalmetro.com/ 2 KB
983 B 129ms
119ms XHR
application/json 35.227.246.163
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://rdc.m32.media/adops/custom_files/journalmetro.com/custom.json
Requested by: Host: rdc.m32.media
URL: https://rdc.m32.media/madops.js?ver=5.9.3
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.227.246.163 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 163.246.227.35.bc.googleusercontent.com
Software: nginx/1.10.3 /
Resource Hash: ee0805dc6e11c1587bbefd09c3cc7be9a6776ff87cf6198d72e680fc5870844d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://journalmetro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 17:14:10 GMT
content-encoding: gzip
last-modified: Mon, 18 Apr 2022 10:43:54 GMT
server: nginx/1.10.3
etag: W/"625d40ea-953"
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
cache-control: max-age=900
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
via: 1.1 google
expires: Mon, 18 Apr 2022 17:29:10 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 150 KB
56 KB 50ms
25ms Script
application/javascript 2a00:1450:4001:829::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-PKJL6LH

Requested by

Host: journalmetro.com
URL: https://journalmetro.com/societe/techno/2808007/ce-virus-se-deguise-en-une-application-populaire-pour-voler-les-acces-des-comptes-facebook-et-plus-encore/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

9d82662ea2490cfe1cddb56202d18db4f8c5da97427d9372b1210ee868ba39b4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://journalmetro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 17:14:10 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 56469
x-xss-protection: 0
last-modified: Mon, 18 Apr 2022 15:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 18 Apr 2022 17:14:10 GMT

GET
H2 200 l
use.typekit.net/af/46da36/00000000000000003b9acaf6/27/ 26 KB
26 KB 93ms
47ms Font
application/font-woff2 2a02:26f0:3500:7::17d8:4dd1
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/46da36/00000000000000003b9acaf6/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n4&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/txa6kkw.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:7::17d8:4dd1 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 464b561ee00c86db1cddb80f2c9d6febbc2c1aa95f422fa73a4fb8ef7d5d5028

Request headers

Referer: https://use.typekit.net/txa6kkw.css
Origin: https://journalmetro.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 17:14:10 GMT
server: nginx
etag: "de29fb2e3e401b15877c6b3a0953702fe7fa1105"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 26812

GET
H2 200 t Show response
jadserve.postrelease.com/ 115 B
538 B 663ms
180ms Script
text/javascript 52.8.117.187
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://jadserve.postrelease.com/t?ntv_url=https%3A%2F%2Fjournalmetro.com%2Fsociete%2Ftechno%2F2808007%2Fce-virus-se-deguise-en-une-application-populaire-pour-voler-les-acces-des-comptes-facebook-et-plus-encore%2F&ntv_mvi
Requested by: Host: s.ntv.io
URL: https://s.ntv.io/serve/load.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.8.117.187 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-8-117-187.us-west-1.compute.amazonaws.com
Software: nginx/1.12.1 /
Resource Hash: 3055597f43adef2648996efac659bd63f616b0d1937f6e774ae3ac8fe35fb195

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://journalmetro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Apr 2022 17:14:11 GMT
content-encoding: gzip
server: nginx/1.12.1
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-type: text/javascript;charset=UTF-8
content-length: 122
expires: Mon, 1 Jan 1990 12:00:00 GMT

GET
H2 200 fond-navigation-sidebar.gif
journalmetro.com/wp-content/themes/metronews/dist/assets/images/ 1 KB
1 KB 8ms
6ms Image
image/gif 192.0.66.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://journalmetro.com/wp-content/themes/metronews/dist/assets/images/fond-navigation-sidebar.gif

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

2854593eaa0199ac3ff2651097c0cb427149deb643e250d398b0d74b4dbea041

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://journalmetro.com/_static/??-eJx1jcEOgjAQRH/IsoWI0YPxU0gpGyiw24Zu099XEQ4Gvb6ZeQM5KOtZkAXCnHrHEXJoRmoWwxMuEFI7Ows2fnP14cWLn+CvIxuxQ+f7o2VPNo8ixweXDEgYgVAWz5gjdC7K6iDzo05J7e8jSjB2UqUurutgA+/Ng+7lpdbV7VxX+gn3CF7U
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 17:14:10 GMT
x-rq: hhn2 0 4 9980
last-modified: Sun, 20 Mar 2022 12:40:37 GMT
server: nginx
age: 2400955
etag: W/"623720c5-4f3"
strict-transport-security: max-age=31536000
x-cache: hit
content-type: image/gif
cache-control: max-age=31536000
accept-ranges: bytes
content-encoding: gzip
content-length: 985
expires: Tue, 18 Apr 2023 17:14:10 GMT

GET
H2 200 l
use.typekit.net/af/027dd4/00000000000000003b9acafa/27/ 26 KB
26 KB 61ms
44ms Font
application/font-woff2 2a02:26f0:3500:7::17d8:4dd1
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/027dd4/00000000000000003b9acafa/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n6&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/txa6kkw.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:7::17d8:4dd1 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 00f7d628d0c49b1b0d512c3c56d16cc8d0ac222e7437efea750b584083c053dd

Request headers

Referer: https://use.typekit.net/txa6kkw.css
Origin: https://journalmetro.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 17:14:10 GMT
server: nginx
etag: "37da2a6b18214f547dbbc4036f830d9caa1b9787"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 26676

GET
H2 200 l
use.typekit.net/af/69b3c5/00000000000000003b9acb0e/27/ 25 KB
25 KB 72ms
56ms Font
application/font-woff2 2a02:26f0:3500:7::17d8:4dd1
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/69b3c5/00000000000000003b9acb0e/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n7&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/txa6kkw.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:7::17d8:4dd1 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 36b1e1e2216f868764bddd51fd6b566062777491dfefc1027f0b4540b95038ce

Request headers

Referer: https://use.typekit.net/txa6kkw.css
Origin: https://journalmetro.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 17:14:10 GMT
server: nginx
etag: "dcd1ab979ab586a950ef155f1a511b1ec739aeed"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 25632

GET
H2 200 fa-light-300.woff2
journalmetro.com/wp-content/themes/metronews/dist/assets/fonts/fontawesome/ 180 KB
180 KB 145ms
145ms Font
font/woff2 192.0.66.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://journalmetro.com/wp-content/themes/metronews/dist/assets/fonts/fontawesome/fa-light-300.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

e9f0d24d1230e0a5760800e4a1657801cff8edf2ba87a05c5d96f74ce44ec06d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://journalmetro.com/_static/??-eJx1jcEOgjAQRH/IsoWI0YPxU0gpGyiw24Zu099XEQ4Gvb6ZeQM5KOtZkAXCnHrHEXJoRmoWwxMuEFI7Ows2fnP14cWLn+CvIxuxQ+f7o2VPNo8ixweXDEgYgVAWz5gjdC7K6iDzo05J7e8jSjB2UqUurutgA+/Ng+7lpdbV7VxX+gn3CF7U
Origin: https://journalmetro.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 17:14:10 GMT
content-encoding: gzip
vary: X-Mobile-Class
age: 0
x-cache: miss
x-rq: hhn2 0 4 9980
last-modified: Mon, 18 Apr 2022 15:08:40 GMT
server: nginx
etag: W/"625d7ef8-2cf50"
strict-transport-security: max-age=31536000
access-control-allow-methods: GET, HEAD
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
expires: Tue, 18 Apr 2023 17:14:10 GMT

GET
H2 200 / Show response
rumble.com/embedJS/ut3mi.vy3tqk/ 28 KB
11 KB 646ms
311ms Script
application/javascript 169.44.97.2
SOFTLAYER

General

Check archive.org

Show headers Download Go to

Full URL

https://rumble.com/embedJS/ut3mi.vy3tqk/?url=https%3A%2F%2Fjournalmetro.com%2Fsociete%2Ftechno%2F2808007%2Fce-virus-se-deguise-en-une-application-populaire-pour-voler-les-acces-des-comptes-facebook-et-plus-encore%2F&args=%5B%22play%22%2C%7B%22video%22%3A%22vy3tqk%22%2C%22div%22%3A%22rumble_vy3tqk%22%7D%5D

Requested by

Host: journalmetro.com
URL: https://journalmetro.com/societe/techno/2808007/ce-virus-se-deguise-en-une-application-populaire-pour-voler-les-acces-des-comptes-facebook-et-plus-encore/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

169.44.97.2 , United States, ASN36351 (SOFTLAYER, US),

Reverse DNS

2.61.2ca9.ip4.static.sl-reverse.com

Software

nginx /

Resource Hash

93c9ced59035ad857149f0c810cad571860d5992bded7ed0afb31cfeb02ffc9f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubDomains;preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://journalmetro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 17:14:10 GMT
content-encoding: br
vary: Accept-Encoding
server: nginx
link: <https://rumble.com/v10pzqk-virus-pc.html>; rel="canonical"
strict-transport-security: max-age=31536000;includeSubDomains;preload
content-type: application/javascript;charset=utf-8

GET
H2 200 dot.png
journalmetro.com/wp-content/themes/metronews/dist/assets/images/ 247 B
303 B 7ms
6ms Image
image/png 192.0.66.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://journalmetro.com/wp-content/themes/metronews/dist/assets/images/dot.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

8f054d2ca2fb334a22cfd81be44d3da656c455de06c79759c655a285f0c4b685

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://journalmetro.com/_static/??-eJx1jcEOgjAQRH/IsoWI0YPxU0gpGyiw24Zu099XEQ4Gvb6ZeQM5KOtZkAXCnHrHEXJoRmoWwxMuEFI7Ows2fnP14cWLn+CvIxuxQ+f7o2VPNo8ixweXDEgYgVAWz5gjdC7K6iDzo05J7e8jSjB2UqUurutgA+/Ng+7lpdbV7VxX+gn3CF7U
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 17:14:10 GMT
x-rq: hhn2 0 4 9980
last-modified: Sun, 20 Mar 2022 12:40:37 GMT
server: nginx
age: 2400955
etag: "623720c5-f7"
strict-transport-security: max-age=31536000
x-cache: hit
content-type: image/png
cache-control: max-age=31536000
accept-ranges: bytes
content-length: 247
expires: Tue, 18 Apr 2023 17:14:10 GMT

GET
H2 200 l
use.typekit.net/af/6d4bb2/00000000000000003b9acafc/27/ 26 KB
26 KB 20ms
19ms Font
application/font-woff2 2a02:26f0:3500:7::17d8:4dd1
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/6d4bb2/00000000000000003b9acafc/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n7&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/txa6kkw.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:7::17d8:4dd1 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: da03f140d305f2abdf496bdd3fad9cfed87a237cf09f6a2edcec58bc5a1f044d

Request headers

Referer: https://use.typekit.net/txa6kkw.css
Origin: https://journalmetro.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 17:14:10 GMT
server: nginx
etag: "7d4a321fb4284bed9856c33aee6c065aba0855a7"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 26392

GET
H2 200 l
use.typekit.net/af/4b28f4/00000000000000003b9acb08/27/ 25 KB
26 KB 183ms
182ms Font
application/font-woff2 2a02:26f0:3500:7::17d8:4dd1
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/4b28f4/00000000000000003b9acb08/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n4&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/txa6kkw.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:7::17d8:4dd1 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 74e66c6fffa12e9f5637a8c5e46aae8afe022b8ae19370d7bd0a9fb4dc5ed7fa

Request headers

Referer: https://use.typekit.net/txa6kkw.css
Origin: https://journalmetro.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 17:14:10 GMT
server: nginx
etag: "9b2f7f4f97b2a727703206062462973fb459907c"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 25976

GET
H2 200 l
use.typekit.net/af/ac1071/00000000000000003b9acafe/27/ 26 KB
26 KB 89ms
89ms Font
application/font-woff2 2a02:26f0:3500:7::17d8:4dd1
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/ac1071/00000000000000003b9acafe/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n8&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/txa6kkw.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:7::17d8:4dd1 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: cd26dce56b5ab3c491224289cca48fe509a97e5212fac0eb809e425dac4b3747

Request headers

Referer: https://use.typekit.net/txa6kkw.css
Origin: https://journalmetro.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 17:14:10 GMT
server: nginx
etag: "a2ea86fcdc8d27e208241c07846bcc7d4f232a71"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 26688

GET
H2 200 gestionnaire-mots-passe-keeper-securite.jpg
journalmetro.com/wp-content/uploads/2022/04/ 41 KB
41 KB 13ms
12ms Image
image/webp 192.0.66.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://journalmetro.com/wp-content/uploads/2022/04/gestionnaire-mots-passe-keeper-securite.jpg?resize=640,360

Requested by

Host: journalmetro.com
URL: https://journalmetro.com/societe/techno/2808007/ce-virus-se-deguise-en-une-application-populaire-pour-voler-les-acces-des-comptes-facebook-et-plus-encore/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

c29d9d46c99a9d6f4386118d459ee67210d1b16776b0e56dcfbc251d7e8a01bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://journalmetro.com/societe/techno/2808007/ce-virus-se-deguise-en-une-application-populaire-pour-voler-les-acces-des-comptes-facebook-et-plus-encore/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 17:14:10 GMT
x-rq: hhn2 109 200 443
last-modified: Fri, 15 Apr 2022 08:49:49 GMT
server: nginx
etag: "3344d50356766c05"
vary: Accept
x-cache: HIT
content-type: image/webp
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
content-length: 41836
expires: Sat, 15 Apr 2023 08:49:49 GMT

GET
H/1.1 200
OK x89xs1h Show response
www.dailymotion.com/embed/video/ Frame A741 31 KB
11 KB 226ms
73ms Document
text/html 188.65.124.90
DAILYMOTION For p...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.dailymotion.com/embed/video/x89xs1h?autoPlay=0&mute=0

Requested by

Host: journalmetro.com
URL: https://journalmetro.com/societe/techno/2808007/ce-virus-se-deguise-en-une-application-populaire-pour-voler-les-acces-des-comptes-facebook-et-plus-encore/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

188.65.124.90 , France, ASN41690 (DAILYMOTION For peering related business, please mail peering@dailymotion.com, FR),

Reverse DNS

fp.dc3.dailymotion.com

Software

DMS/1.0.42 /

Resource Hash

754a601471ecfb7f0ec3dba987d0618258159f1a798f3b146bdf2f0f07f46ab1

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31708800; includeSubDomains; preload

Request headers

Referer: https://journalmetro.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-cache, no-store
Content-Encoding: gzip
Content-Length: 10408
Content-Security-Policy: upgrade-insecure-requests
Content-Security-Policy-Report-Only: default-src https: blob: wss: data: android-webview-video-poster: android-webview: chrome-extension: safari-extension: 'unsafe-eval' 'unsafe-inline'; report-uri https://www.dailymotion.com/content_security_policy_report_uri
Content-Type: text/html; charset=utf-8
Date: Mon, 18 Apr 2022 17:14:10 GMT
Expect-Ct: max-age=0, report-uri="https://www.dailymotion.com/content_security_policy_report_uri"
Link: <https://static1.dmcdn.net>; rel=preconnect
Referrer-Policy: strict-origin-when-cross-origin
Server: DMS/1.0.42
Server-Timing: total;dur=25, dc;desc="dc3"
Strict-Transport-Security: max-age=31708800; includeSubDomains; preload
Timing-Allow-Origin: *
Vary: X-DM-SSL,Accept-Encoding

GET
H2 200 chevron-down-white.svg
journalmetro.com/wp-content/themes/metronews/dist/assets/images/ 286 B
337 B 142ms
142ms Image
image/svg+xml 192.0.66.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://journalmetro.com/wp-content/themes/metronews/dist/assets/images/chevron-down-white.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

a51778ecbebd314d776056947127fd68690d4dc9b888e6a83912fb1b28b40003

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://journalmetro.com/_static/??-eJx1jcEOgjAQRH/IsoWI0YPxU0gpGyiw24Zu099XEQ4Gvb6ZeQM5KOtZkAXCnHrHEXJoRmoWwxMuEFI7Ows2fnP14cWLn+CvIxuxQ+f7o2VPNo8ixweXDEgYgVAWz5gjdC7K6iDzo05J7e8jSjB2UqUurutgA+/Ng+7lpdbV7VxX+gn3CF7U
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 17:14:10 GMT
x-rq: hhn2 0 4 9980
last-modified: Mon, 18 Apr 2022 15:08:40 GMT
server: nginx
age: 0
etag: "625d7ef8-11e"
vary: X-Mobile-Class
x-cache: miss
content-type: image/svg+xml
cache-control: max-age=31536000
strict-transport-security: max-age=31536000
accept-ranges: bytes
content-length: 286
expires: Tue, 18 Apr 2023 17:14:10 GMT

GET
H2 200 l
use.typekit.net/af/829fc1/00000000000000003b9acaf8/27/ 26 KB
26 KB 78ms
77ms Font
application/font-woff2 2a02:26f0:3500:7::17d8:4dd1
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/829fc1/00000000000000003b9acaf8/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n5&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/txa6kkw.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:7::17d8:4dd1 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 70b0ba2e905ee3b5306c214e775d7385503f3c10fe8ecf365fbfbccd36f0504b

Request headers

Referer: https://use.typekit.net/txa6kkw.css
Origin: https://journalmetro.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 17:14:10 GMT
server: nginx
etag: "2ef5f07b11daf2dcb1721fcc3c8ffbf6d19927bb"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 26648

GET
H2 200 l
use.typekit.net/af/3b3b32/00000000000000003b9acb10/27/ 25 KB
25 KB 68ms
68ms Font
application/font-woff2 2a02:26f0:3500:7::17d8:4dd1
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/3b3b32/00000000000000003b9acb10/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n8&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/txa6kkw.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:7::17d8:4dd1 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 27c37eaaa6345fcb63b3f342c9ee650622a994e90c45c50277fc2466d1be6f0b

Request headers

Referer: https://use.typekit.net/txa6kkw.css
Origin: https://journalmetro.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 17:14:10 GMT
server: nginx
etag: "d0ce46a03d0e9bc55fc4f4e4ce14d8ed3bbebbf4"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 25684

GET
H2 200 l
use.typekit.net/af/b1bf07/00000000000000003b9acb0a/27/ 25 KB
26 KB 99ms
99ms Font
application/font-woff2 2a02:26f0:3500:7::17d8:4dd1
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/b1bf07/00000000000000003b9acb0a/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n5&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/txa6kkw.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:7::17d8:4dd1 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 7305039b6ff2a6f824348a2ccf813763eed339b9878e64116269c21196cbde45

Request headers

Referer: https://use.typekit.net/txa6kkw.css
Origin: https://journalmetro.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 17:14:10 GMT
server: nginx
etag: "bf5dbbc27b58c5c4380c8122e4da4f7384b9b36b"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 25992

GET
H2 200 paris-city-vision-site-tourisme-visiter-ville-lumiere-france.jpg
journalmetro.com/wp-content/uploads/2022/04/ 88 KB
88 KB 11ms
6ms Image
image/webp 192.0.66.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://journalmetro.com/wp-content/uploads/2022/04/paris-city-vision-site-tourisme-visiter-ville-lumiere-france.jpg?resize=640,360

Requested by

Host: journalmetro.com
URL: https://journalmetro.com/societe/techno/2808007/ce-virus-se-deguise-en-une-application-populaire-pour-voler-les-acces-des-comptes-facebook-et-plus-encore/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

e02159a2b8611457dab49a2c22e349aafac46d996f909795497c1f56e7cf1985

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://journalmetro.com/societe/techno/2808007/ce-virus-se-deguise-en-une-application-populaire-pour-voler-les-acces-des-comptes-facebook-et-plus-encore/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 17:14:10 GMT
x-rq: hhn2 109 32 443
last-modified: Fri, 15 Apr 2022 08:49:49 GMT
server: nginx
etag: "61119c80cf78d662"
vary: Accept
x-cache: HIT
content-type: image/webp
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
content-length: 90252
expires: Sat, 15 Apr 2023 08:49:49 GMT

GET
H2 200 thumbnai_lampe_chevet_recharge.jpg
journalmetro.com/wp-content/uploads/2022/04/ 33 KB
33 KB 12ms
7ms Image
image/webp 192.0.66.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://journalmetro.com/wp-content/uploads/2022/04/thumbnai_lampe_chevet_recharge.jpg?resize=640,360

Requested by

Host: journalmetro.com
URL: https://journalmetro.com/societe/techno/2808007/ce-virus-se-deguise-en-une-application-populaire-pour-voler-les-acces-des-comptes-facebook-et-plus-encore/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

70e7e12ac01b3686f7e55ae850a59f850c846b992235b01275f967708b399f67

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://journalmetro.com/societe/techno/2808007/ce-virus-se-deguise-en-une-application-populaire-pour-voler-les-acces-des-comptes-facebook-et-plus-encore/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 17:14:10 GMT
x-rq: hhn2 109 83 443
last-modified: Thu, 14 Apr 2022 05:44:51 GMT
server: nginx
etag: "678ca78c3bb2e927"
vary: Accept
x-cache: HIT
content-type: image/webp
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
content-length: 33590
expires: Fri, 14 Apr 2023 05:44:51 GMT

GET
H2 200 alimentation_prix_1200x675.jpg
journalmetro.com/wp-content/uploads/2022/02/ 105 KB
106 KB 11ms
7ms Image
image/webp 192.0.66.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://journalmetro.com/wp-content/uploads/2022/02/alimentation_prix_1200x675.jpg?w=980

Requested by

Host: journalmetro.com
URL: https://journalmetro.com/societe/techno/2808007/ce-virus-se-deguise-en-une-application-populaire-pour-voler-les-acces-des-comptes-facebook-et-plus-encore/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

7710a0b3f4d6131a3395b49dd602b855b020a3a382349d29917c865607ab4912

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://journalmetro.com/societe/techno/2808007/ce-virus-se-deguise-en-une-application-populaire-pour-voler-les-acces-des-comptes-facebook-et-plus-encore/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 17:14:10 GMT
x-rq: hhn2 109 200 443
last-modified: Mon, 28 Feb 2022 22:03:01 GMT
server: nginx
etag: "963bc6b9ada9cc17"
vary: Accept
x-cache: HIT
content-type: image/webp
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
content-length: 108014
expires: Tue, 28 Feb 2023 22:03:01 GMT

GET
H2 200 Dossier-bouffe-tes-economies.jpg
journalmetro.com/wp-content/uploads/2022/02/ 64 KB
64 KB 14ms
10ms Image
image/webp 192.0.66.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://journalmetro.com/wp-content/uploads/2022/02/Dossier-bouffe-tes-economies.jpg?w=980

Requested by

Host: journalmetro.com
URL: https://journalmetro.com/societe/techno/2808007/ce-virus-se-deguise-en-une-application-populaire-pour-voler-les-acces-des-comptes-facebook-et-plus-encore/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

b50744cba1be886aa444ef5172874120e6214089e69999fbb6271787d63a6e51

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://journalmetro.com/societe/techno/2808007/ce-virus-se-deguise-en-une-application-populaire-pour-voler-les-acces-des-comptes-facebook-et-plus-encore/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 17:14:10 GMT
x-rq: hhn2 109 139 443
last-modified: Wed, 13 Apr 2022 18:05:59 GMT
server: nginx
etag: "1f16b4d7a45bc220"
vary: Accept
x-cache: HIT
content-type: image/webp
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
content-length: 65608
expires: Thu, 13 Apr 2023 18:05:59 GMT

GET
H2 200 ACT-TLJ-bouffes-tes-economies-nourriture-bio-22-02-670-1.jpg
journalmetro.com/wp-content/uploads/2022/02/ 128 KB
128 KB 14ms
10ms Image
image/webp 192.0.66.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://journalmetro.com/wp-content/uploads/2022/02/ACT-TLJ-bouffes-tes-economies-nourriture-bio-22-02-670-1.jpg?w=980

Requested by

Host: journalmetro.com
URL: https://journalmetro.com/societe/techno/2808007/ce-virus-se-deguise-en-une-application-populaire-pour-voler-les-acces-des-comptes-facebook-et-plus-encore/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

078a18d2ed7a3667cab0a5c2a8dd63bfae808ab83199bf22aa0d56d8a1e9eb58

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://journalmetro.com/societe/techno/2808007/ce-virus-se-deguise-en-une-application-populaire-pour-voler-les-acces-des-comptes-facebook-et-plus-encore/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 17:14:10 GMT
x-rq: hhn2 109 27 443
last-modified: Sat, 26 Feb 2022 10:15:42 GMT
server: nginx
etag: "c2b51927bc780e3e"
vary: Accept
x-cache: HIT
content-type: image/webp
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
content-length: 130816
expires: Sun, 26 Feb 2023 10:15:42 GMT

GET
H2 200 Epicerie_paiement.jpg
journalmetro.com/wp-content/uploads/2022/02/ 33 KB
34 KB 14ms
10ms Image
image/webp 192.0.66.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://journalmetro.com/wp-content/uploads/2022/02/Epicerie_paiement.jpg?w=980

Requested by

Host: journalmetro.com
URL: https://journalmetro.com/societe/techno/2808007/ce-virus-se-deguise-en-une-application-populaire-pour-voler-les-acces-des-comptes-facebook-et-plus-encore/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

5453b13d69534fd0173fb59ce08bb8698bccd357761a0fba3536ee417c8a2b1d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://journalmetro.com/societe/techno/2808007/ce-virus-se-deguise-en-une-application-populaire-pour-voler-les-acces-des-comptes-facebook-et-plus-encore/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 17:14:10 GMT
x-rq: hhn2 109 144 443
last-modified: Fri, 25 Feb 2022 10:19:20 GMT
server: nginx
etag: "35bbc7a5484702f7"
vary: Accept
x-cache: HIT
content-type: image/webp
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
content-length: 34262
expires: Sat, 25 Feb 2023 10:19:20 GMT

GET
H2 200 ACTU-IS-Demolition_pour_57_nouveaux_logements.png
journalmetro.com/wp-content/uploads/2022/03/ 542 KB
543 KB 28ms
25ms Image
image/webp 192.0.66.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://journalmetro.com/wp-content/uploads/2022/03/ACTU-IS-Demolition_pour_57_nouveaux_logements.png?w=980

Requested by

Host: journalmetro.com
URL: https://journalmetro.com/societe/techno/2808007/ce-virus-se-deguise-en-une-application-populaire-pour-voler-les-acces-des-comptes-facebook-et-plus-encore/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

04eb2fd3fb1d42fd294e2f617da3a1dd8447760c814922ad1a9bee57c0a5be97

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://journalmetro.com/societe/techno/2808007/ce-virus-se-deguise-en-une-application-populaire-pour-voler-les-acces-des-comptes-facebook-et-plus-encore/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 17:14:10 GMT
x-rq: hhn2 109 28 443
last-modified: Mon, 18 Apr 2022 12:21:45 GMT
server: nginx
etag: "fb8428c9bb01e8be"
vary: Accept
x-cache: HIT
content-type: image/webp
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
content-length: 555494
expires: Tue, 18 Apr 2023 12:21:45 GMT

GET
H2 200 Capture-decran-434.png
journalmetro.com/wp-content/uploads/2022/04/ 826 KB
827 KB 28ms
25ms Image
image/webp 192.0.66.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://journalmetro.com/wp-content/uploads/2022/04/Capture-decran-434.png?w=980

Requested by

Host: journalmetro.com
URL: https://journalmetro.com/societe/techno/2808007/ce-virus-se-deguise-en-une-application-populaire-pour-voler-les-acces-des-comptes-facebook-et-plus-encore/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

f73cac9731450b0f15844d1bd3a86db9f9e04a24f5d9b1764afdec4b82085491

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://journalmetro.com/societe/techno/2808007/ce-virus-se-deguise-en-une-application-populaire-pour-voler-les-acces-des-comptes-facebook-et-plus-encore/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 17:14:10 GMT
x-rq: hhn2 109 200 443
x-optim-disabled: true
last-modified: Mon, 18 Apr 2022 09:22:09 GMT
server: nginx
etag: "56ce5e78d5af0837"
vary: Accept
x-cache: HIT
content-type: image/webp
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
content-length: 846286
expires: Tue, 18 Apr 2023 09:22:09 GMT

GET
H2 200 Print-3.jpg
journalmetro.com/wp-content/uploads/2022/04/ 42 KB
43 KB 28ms
25ms Image
image/webp 192.0.66.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://journalmetro.com/wp-content/uploads/2022/04/Print-3.jpg?w=980

Requested by

Host: journalmetro.com
URL: https://journalmetro.com/societe/techno/2808007/ce-virus-se-deguise-en-une-application-populaire-pour-voler-les-acces-des-comptes-facebook-et-plus-encore/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

a02f66a1a2c5211b390d79d18eacd4160647747b1e2386ab0d55d449444aa551

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://journalmetro.com/societe/techno/2808007/ce-virus-se-deguise-en-une-application-populaire-pour-voler-les-acces-des-comptes-facebook-et-plus-encore/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 17:14:10 GMT
x-rq: hhn2 109 140 443
last-modified: Mon, 18 Apr 2022 09:22:10 GMT
server: nginx
etag: "c6c8388094400233"
vary: Accept
x-cache: HIT
content-type: image/webp
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
content-length: 43486
expires: Tue, 18 Apr 2023 09:22:10 GMT

GET
H2 200 iStock-1318669351.jpg
journalmetro.com/wp-content/uploads/2022/04/ 233 KB
234 KB 28ms
25ms Image
image/webp 192.0.66.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://journalmetro.com/wp-content/uploads/2022/04/iStock-1318669351.jpg?w=980

Requested by

Host: journalmetro.com
URL: https://journalmetro.com/societe/techno/2808007/ce-virus-se-deguise-en-une-application-populaire-pour-voler-les-acces-des-comptes-facebook-et-plus-encore/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

2741a285d8be99ca5f4913b048d4eaccf0aa7e3b1df03649ae925cb0918ec7d9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://journalmetro.com/societe/techno/2808007/ce-virus-se-deguise-en-une-application-populaire-pour-voler-les-acces-des-comptes-facebook-et-plus-encore/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 17:14:10 GMT
x-rq: hhn2 109 144 443
last-modified: Mon, 18 Apr 2022 09:22:10 GMT
server: nginx
etag: "0a0391afed7903c1"
vary: Accept
x-cache: HIT
content-type: image/webp
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
content-length: 238800
expires: Tue, 18 Apr 2023 09:22:10 GMT

GET
H2 200 iStock-1072525708.jpg
journalmetro.com/wp-content/uploads/2022/04/ 121 KB
122 KB 168ms
165ms Image
image/webp 192.0.66.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://journalmetro.com/wp-content/uploads/2022/04/iStock-1072525708.jpg?w=980

Requested by

Host: journalmetro.com
URL: https://journalmetro.com/societe/techno/2808007/ce-virus-se-deguise-en-une-application-populaire-pour-voler-les-acces-des-comptes-facebook-et-plus-encore/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

c760ec525cc91d869745de03b6f025d4294989bef5d2dea389f6b27911cbad3f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://journalmetro.com/societe/techno/2808007/ce-virus-se-deguise-en-une-application-populaire-pour-voler-les-acces-des-comptes-facebook-et-plus-encore/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 17:14:10 GMT
x-rq: hhn2 109 198 443
last-modified: Mon, 18 Apr 2022 17:14:10 GMT
server: nginx
etag: "552acff86e4b4716"
vary: Accept
x-cache: MISS
content-type: image/webp
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
content-length: 124342
expires: Tue, 18 Apr 2023 17:14:10 GMT

GET
H2 200 iStock-1138018696.jpg
journalmetro.com/wp-content/uploads/2022/04/ 190 KB
190 KB 28ms
26ms Image
image/webp 192.0.66.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://journalmetro.com/wp-content/uploads/2022/04/iStock-1138018696.jpg?w=980

Requested by

Host: journalmetro.com
URL: https://journalmetro.com/societe/techno/2808007/ce-virus-se-deguise-en-une-application-populaire-pour-voler-les-acces-des-comptes-facebook-et-plus-encore/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

f2aae9491020a4e4af1c595bc6634d6710d0f15c0c36ed03b0d568e9b55a0af0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://journalmetro.com/societe/techno/2808007/ce-virus-se-deguise-en-une-application-populaire-pour-voler-les-acces-des-comptes-facebook-et-plus-encore/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 17:14:10 GMT
x-rq: hhn2 109 198 443
last-modified: Mon, 18 Apr 2022 14:53:10 GMT
server: nginx
etag: "448d1ecc44321e29"
vary: Accept
x-cache: HIT
content-type: image/webp
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
content-length: 194408
expires: Tue, 18 Apr 2023 14:53:10 GMT

GET
H2 200 Les-collections-de-lentreprise-quebecoise-MAME-font-fureur.jpg
journalmetro.com/wp-content/uploads/2022/04/ 51 KB
51 KB 28ms
26ms Image
image/webp 192.0.66.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://journalmetro.com/wp-content/uploads/2022/04/Les-collections-de-lentreprise-quebecoise-MAME-font-fureur.jpg?w=980

Requested by

Host: journalmetro.com
URL: https://journalmetro.com/societe/techno/2808007/ce-virus-se-deguise-en-une-application-populaire-pour-voler-les-acces-des-comptes-facebook-et-plus-encore/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

a1241146ad277023b86a0fab414950b900a1db4c4da15a7ffd385b3aced05f44

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://journalmetro.com/societe/techno/2808007/ce-virus-se-deguise-en-une-application-populaire-pour-voler-les-acces-des-comptes-facebook-et-plus-encore/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 17:14:10 GMT
x-rq: hhn2 109 27 443
last-modified: Mon, 18 Apr 2022 11:31:08 GMT
server: nginx
etag: "a45ca51b1f2a1c84"
vary: Accept
x-cache: HIT
content-type: image/webp
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
content-length: 52140
expires: Tue, 18 Apr 2023 11:31:08 GMT

GET
H/1.1 200
OK /
p1.parsely.com/plogger/ 43 B
257 B 546ms
96ms Image
image/gif 34.194.161.83
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://p1.parsely.com/plogger/?rand=1650302050754&plid=19328566&idsite=journalmetro.com&url=https%3A%2F%2Fjournalmetro.com%2Fsociete%2Ftechno%2F2808007%2Fce-virus-se-deguise-en-une-application-populaire-pour-voler-les-acces-des-comptes-facebook-et-plus-encore%2F&urlref=&screen=1600x1200%7C1600x1200%7C24&data=%7B%7D&sid=1&surl=https%3A%2F%2Fjournalmetro.com%2Fsociete%2Ftechno%2F2808007%2Fce-virus-se-deguise-en-une-application-populaire-pour-voler-les-acces-des-comptes-facebook-et-plus-encore%2F&sref=&sts=1650302050751&slts=0&title=Ce+virus+se+d%C3%A9guise+en+une+application+populaire+pour+voler+les+acc%C3%A8s+des+comptes+Facebook+et+plus+encore&date=Mon+Apr+18+2022+17%3A14%3A10+GMT%2B0000+(GMT)&action=pageview&pvid=84562249&u=pid%3D543764ca1d38c246dc747042be443d8e
Requested by: Host: journalmetro.com
URL: https://journalmetro.com/societe/techno/2808007/ce-virus-se-deguise-en-une-application-populaire-pour-voler-les-acces-des-comptes-facebook-et-plus-encore/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.194.161.83 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-194-161-83.compute-1.amazonaws.com
Software: nginx /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://journalmetro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Mon, 18 Apr 2022 17:14:11 GMT
Cache-Control: no-cache
Last-Modified: Monday, 18-Apr-2022 17:14:11 GMT
Server: nginx
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif

GET
H2 200 apstag.js Show response
c.amazon-adsystem.com/aax2/ 135 KB
37 KB 99ms
41ms Script
application/javascript 65.9.66.173
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/aax2/apstag.js
Requested by: Host: rdc.m32.media
URL: https://rdc.m32.media/madops.js?ver=5.9.3
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.173 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-173.fra56.r.cloudfront.net
Software: Server /
Resource Hash: 1909b2a83fd41494d94862c4323944d9d0aa1f1e653f252ea5a73fc5944308b0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://journalmetro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-amz-version-id: 6RTeJ.t3xDSJXjTxhAMtPfr9IcIsozAE
content-encoding: gzip
etag: 4abd427e43cd6822329a2c05539e321f
age: 870
x-cache: Hit from cloudfront
server: Server
x-amz-rid: 03AK814JSB58XH99V8A7
date: Mon, 18 Apr 2022 16:59:42 GMT
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 980059f199bdd603b925d049efedf130.cloudfront.net (CloudFront)
cache-control: public, max-age=900
x-amz-cf-pop: FRA56-C1
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: 7pDnYfDk8WXcqwoyrrNWy9bKyQ3Kba-NiIi4kJ_TN0Fwo9RsBGYbtg==

GET
H3 200 prebid.1.js Show response
rdc.m32.media/ 357 KB
105 KB 186ms
157ms Script
application/javascript 35.227.246.163
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://rdc.m32.media/prebid.1.js
Requested by: Host: rdc.m32.media
URL: https://rdc.m32.media/madops.js?ver=5.9.3
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.227.246.163 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 163.246.227.35.bc.googleusercontent.com
Software: nginx/1.10.3 /
Resource Hash: a7381728062093b40cb0be9759591640e54dc894bf203f90280b234044f37e74

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://journalmetro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 17:14:10 GMT
content-encoding: gzip
last-modified: Fri, 15 Apr 2022 18:40:52 GMT
server: nginx/1.10.3
etag: W/"6259bc34-592a2"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=900, public
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
via: 1.1 google
expires: Mon, 18 Apr 2022 17:29:10 GMT

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 83 KB
29 KB 130ms
67ms Script
text/javascript 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: rdc.m32.media
URL: https://rdc.m32.media/madops.js?ver=5.9.3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

sffe /

Resource Hash

8a5fd6f02721d00363758b74caac13b46e66d15f66528cc3ba4a02f3218add1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://journalmetro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 17:14:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28592
x-xss-protection: 0
server: sffe
etag: "1190 / 816 of 1000 / last-modified: 1650280322"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Mon, 18 Apr 2022 17:14:10 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 111ms
41ms Script
text/javascript 2a00:1450:4001:800::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PKJL6LH

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://journalmetro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 02 Nov 2021 17:39:06 GMT
server: Golfe2
age: 5960
date: Mon, 18 Apr 2022 15:34:50 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Mon, 18 Apr 2022 17:34:50 GMT

GET
H2 200 conversion_async.js Show response
www.googleadservices.com/pagead/ 39 KB
15 KB 134ms
65ms Script
text/javascript 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion_async.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PKJL6LH

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

cafe /

Resource Hash

b9dff679ff9931afbbb8019d522a7d03d7787a7d7818037d48f3a502c652e2b6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://journalmetro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 17:14:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14892
x-xss-protection: 0
server: cafe
etag: 4605403730725282575
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Mon, 18 Apr 2022 17:14:10 GMT

GET
H/1.1

200
OK

bounce Show response
secure.adnxs.com/
Redirect Chain

https://secure.adnxs.com/seg?add=18870188&t=1
https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D18870188%26t%3D1

0
1017 B

95ms
93ms

Script
application/javascript

37.252.172.37
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D18870188%26t%3D1

Requested by

Host: journalmetro.com
URL: https://journalmetro.com/societe/techno/2808007/ce-virus-se-deguise-en-une-application-populaire-pour-voler-les-acces-des-comptes-facebook-et-plus-encore/

Protocol

HTTP/1.1

Server

37.252.172.37 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

691.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://journalmetro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 18 Apr 2022 17:14:10 GMT
X-Proxy-Origin: 217.64.151.31; 217.64.151.31; 691.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid: cd40a22b-c217-4848-802e-9c64dfd39cd5
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/javascript; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 18 Apr 2022 17:14:10 GMT
X-Proxy-Origin: 217.64.151.31; 217.64.151.31; 691.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid: 15d93592-2b1c-4cc8-ba92-f8a5a2aec19c
Server: nginx/1.21.3
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D18870188%26t%3D1
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 userSync.js Show response
ads.pubmatic.com/AdServer/js/ 7 KB
3 KB 540ms
29ms Script
text/javascript 184.87.212.214
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/userSync.js
Requested by: Host: journalmetro.com
URL: https://journalmetro.com/societe/techno/2808007/ce-virus-se-deguise-en-une-application-populaire-pour-voler-les-acces-des-comptes-facebook-et-plus-encore/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.87.212.214 Milan, Italy, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-87-212-214.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 5a49ffdeec0e61058ab6cdd783275b84a2c27a7a26b95a644f7764a78b510a7a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://journalmetro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 17:14:11 GMT
content-encoding: gzip
last-modified: Tue, 15 Jun 2021 06:08:14 GMT
server: Apache/2.2.15 (CentOS)
etag: "1300709-1af3-5c4c7cca9e573"
vary: Accept-Encoding
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: public, max-age=38811
accept-ranges: bytes
content-type: text/javascript
content-length: 2267
expires: Tue, 19 Apr 2022 04:01:02 GMT

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 99 KB
27 KB 150ms
46ms Script
application/x-javascript 2a03:2880:f01c:216:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: journalmetro.com
URL: https://journalmetro.com/societe/techno/2808007/ce-virus-se-deguise-en-une-application-populaire-pour-voler-les-acces-des-comptes-facebook-et-plus-encore/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

086f1c868f8f769ef0039b238b415fc3c46d97e342309dc8c61cefb40868212e

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://journalmetro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 26311
x-xss-protection: 0
pragma: public
x-fb-debug: v2jrBK999smL26avAhOUMREhvgaMQgmfbtUyCUuxXSmyCSoRreHIW3s0i7PADo7DanBAAH7xzvp6DkIPKCJOgg==
x-fb-trip-id: 686109401
x-frame-options: DENY
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
date: Mon, 18 Apr 2022 17:14:10 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H/1.1 200
OK events.js Show response
tags.srv.stackadapt.com/ 13 KB
5 KB 539ms
104ms Script
text/javascript 54.162.166.147
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/events.js
Requested by: Host: journalmetro.com
URL: https://journalmetro.com/societe/techno/2808007/ce-virus-se-deguise-en-une-application-populaire-pour-voler-les-acces-des-comptes-facebook-et-plus-encore/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.162.166.147 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-162-166-147.compute-1.amazonaws.com
Software: /
Resource Hash: f5367613366df6ae329a173e723ded717312d713df9dea19bc4fd5a9de1561c4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://journalmetro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Mon, 18 Apr 2022 17:14:11 GMT
Content-Encoding: gzip
Cache-Control: max-age=30
Content-Length: 4430
Connection: keep-alive
Content-Type: text/javascript

GET
H2 200 g.gif
pixel.wp.com/ 50 B
93 B 52ms
50ms Image
image/gif 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.wp.com/g.gif?v=ext&j=1%3A10.8&blog=157296718&post=2808007&tz=-4&srv=journalmetro.com&hp=vip&host=journalmetro.com&ref=&fcp=1154&rand=0.15212172098855548
Requested by: Host: journalmetro.com
URL: https://journalmetro.com/societe/techno/2808007/ce-virus-se-deguise-en-une-application-populaire-pour-voler-les-acces-des-comptes-facebook-et-plus-encore/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://journalmetro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

access-control-allow-origin: *
date: Mon, 18 Apr 2022 17:14:10 GMT
cache-control: no-cache
server: nginx
content-length: 50
content-type: image/gif

GET
H/1.1 200
OK ac Show response
ww1772.smartadserver.com/ 16 B
320 B 340ms
32ms Script
application/javascript 185.86.137.17
SMARTADSERVER

General

Check archive.org

Show headers Download Go to

Full URL: https://ww1772.smartadserver.com/ac?pgid=662773&insid=7974420&tmstp=907583395&out=js
Requested by: Host: sb.freeskreen.com
URL: https://sb.freeskreen.com/publisher/script.js?bai=178&ut=&uts=&flc=&slc=&windowlocation=https%3A%2F%2Fjournalmetro.com%2Fsociete%2Ftechno%2F2808007%2Fce-virus-se-deguise-en-une-application-populaire-pour-voler-les-acces-des-comptes-facebook-et-plus-encore%2F&usp=&gdpr=-1&cs=-1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.137.17 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: efded6408c7e64cd48c00b10bdd63b79539c5bb13a396b9f3773f71fe2d5a606

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://journalmetro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Apr 2022 17:14:10 GMT
content-encoding: br
vary: Accept-Encoding
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control: no-cache,no-store
transfer-encoding: chunked
content-type: application/javascript; charset=UTF-8

GET
H/1.1

200
OK

usync.html Show response
eus.rubiconproject.com/ Frame 53AC
Redirect Chain

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=123456&endpoint=us-west
https://eus.rubiconproject.com/usync.html?p=123456&endpoint=us-west

281 B
554 B

154ms
20ms

Document
text/html

104.89.20.125
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html?p=123456&endpoint=us-west
Requested by: Host: sb.freeskreen.com
URL: https://sb.freeskreen.com/publisher/script.js?bai=178&ut=&uts=&flc=&slc=&windowlocation=https%3A%2F%2Fjournalmetro.com%2Fsociete%2Ftechno%2F2808007%2Fce-virus-se-deguise-en-une-application-populaire-pour-voler-les-acces-des-comptes-facebook-et-plus-encore%2F&usp=&gdpr=-1&cs=-1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.89.20.125 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-89-20-125.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer: https://journalmetro.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Mon, 18 Apr 2022 17:14:11 GMT
ETag: "40014-119-5d32342a551c0"
Last-Modified: Tue, 14 Dec 2021 23:07:59 GMT
Server: Apache/2.2.15 (CentOS)
Vary: Accept-Encoding

Redirect headers

access-control-allow-credentials: true
access-control-allow-origin: *
content-length: 0
date: Mon, 18 Apr 2022 17:14:10 GMT
location: https://eus.rubiconproject.com/usync.html?p=123456&endpoint=us-west
server: AkamaiGHost

GET
H/1.1

200
OK

getuid
sync.smartadserver.com/
Redirect Chain

https://sync.smartadserver.com/getuid?url=https%3A%2F%2Fsb.freeskreen.com%2Fum%3Fsa%3D%5Bsas_uid%5D
https://sync.smartadserver.com/getuid?url=https://sb.freeskreen.com/um?sa=[sas_uid]&cklb=1

0
75 B

21ms
21ms

Image
text/plain

185.86.137.110
SMARTADSERVER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.smartadserver.com/getuid?url=https://sb.freeskreen.com/um?sa=[sas_uid]&cklb=1
Requested by: Host: journalmetro.com
URL: https://journalmetro.com/societe/techno/2808007/ce-virus-se-deguise-en-une-application-populaire-pour-voler-les-acces-des-comptes-facebook-et-plus-encore/
Protocol: HTTP/1.1
Server: 185.86.137.110 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://journalmetro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 17:14:10 GMT
content-length: 0

Redirect headers

location: https://sync.smartadserver.com:443/getuid?url=https://sb.freeskreen.com/um?sa=[sas_uid]&cklb=1
pragma: no-cache
date: Mon, 18 Apr 2022 17:14:11 GMT
cache-control: no-cache,no-store
content-length: 0
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"

GET
H2

200

verify
scm.publishers.tremorhub.com/pubsync/
Redirect Chain

https://scm.publishers.tremorhub.com/pubsync?redir=https%3A%2F%2Fsb.freeskreen.com%2Fum%3Ftlr%3D%5Btvid%5D
https://scm.publishers.tremorhub.com/pubsync/verify?redir=https%3A%2F%2Fsb.freeskreen.com%2Fum%3Ftlr%3D%5Btvid%5D

43 B
182 B

94ms
94ms

Image
image/gif

2600:1f18:612b:4200:ada2:2974:cd33:9395
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://scm.publishers.tremorhub.com/pubsync/verify?redir=https%3A%2F%2Fsb.freeskreen.com%2Fum%3Ftlr%3D%5Btvid%5D
Requested by: Host: journalmetro.com
URL: https://journalmetro.com/societe/techno/2808007/ce-virus-se-deguise-en-une-application-populaire-pour-voler-les-acces-des-comptes-facebook-et-plus-encore/
Protocol: H2
Server: 2600:1f18:612b:4200:ada2:2974:cd33:9395 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://journalmetro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 17:14:11 GMT
server: Apache-Coyote/1.1
p3p: CP='This is not a P3P policy. See https://telaria.com/privacy-policy/'
content-type: image/gif

Redirect headers

location: pubsync/verify?redir=https%3A%2F%2Fsb.freeskreen.com%2Fum%3Ftlr%3D%5Btvid%5D
date: Mon, 18 Apr 2022 17:14:11 GMT
server: Apache-Coyote/1.1
content-length: 0
p3p: CP='This is not a P3P policy. See https://telaria.com/privacy-policy/'

GET
H2

200

um
sb.freeskreen.com/
Redirect Chain

https://cs.admanmedia.com/sync/smaato?redir=https%3A%2F%2Fsb.freeskreen.com%2Fum%3Fac%3D{$UID}
https://sb.freeskreen.com/um?ac={$UID}

43 B
580 B

35ms
35ms

Image
image/gif

108.157.4.35
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sb.freeskreen.com/um?ac={$UID}
Requested by: Host: journalmetro.com
URL: https://journalmetro.com/societe/techno/2808007/ce-virus-se-deguise-en-une-application-populaire-pour-voler-les-acces-des-comptes-facebook-et-plus-encore/
Protocol: H2
Server: 108.157.4.35 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-157-4-35.dus51.r.cloudfront.net
Software: Apache/2.4.29 (Ubuntu) /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://journalmetro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Apr 2022 17:14:11 GMT
via: 1.1 6d98bef126a4247ea75e1c5621ccd3fc.cloudfront.net (CloudFront)
server: Apache/2.4.29 (Ubuntu)
x-amz-cf-pop: DUS51-P2
x-cache: Miss from cloudfront
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI INT DEM STA PRE COM NAV NOI DSP COR"
cache-control: no-cache, no-store
content-type: image/gif
content-length: 43
x-amz-cf-id: 8HoJUQFroI1EYluyu9Fo_jqL-2pDtUR4MjKup_RbsyiykShnpMl6Ag==
expires: -1

Redirect headers

Location: https://sb.freeskreen.com/um?ac={$UID}
Date: Mon, 18 Apr 2022 17:14:11 GMT
Transfer-Encoding: chunked
Server: nginx
Connection: keep-alive
X-Frame-Options: DENY
Strict-Transport-Security: max-age=63072000; includeSubdomains; preload

GET
H2 204 /
loadeu.exelator.com/load/ 0
324 B 970ms
812ms Image
text/plain 34.254.143.3
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://loadeu.exelator.com/load/?p=204&g=1300&j=0
Requested by: Host: journalmetro.com
URL: https://journalmetro.com/societe/techno/2808007/ce-virus-se-deguise-en-une-application-populaire-pour-voler-les-acces-des-comptes-facebook-et-plus-encore/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.254.143.3 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-254-143-3.eu-west-1.compute.amazonaws.com
Software: nginx / Undertow/1
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://journalmetro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 17:14:11 GMT
cache-control: no-cache
access-control-allow-credentials: true
server: nginx
x-powered-by: Undertow/1
p3p: policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA, policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/1.9.1/ Frame E971 90 KB
91 KB 48ms
9ms Script
text/javascript 2a00:1450:4001:82f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js

Requested by

Host: journalmetro.com
URL: https://journalmetro.com/societe/techno/2808007/ce-virus-se-deguise-en-une-application-populaire-pour-voler-les-acces-des-comptes-facebook-et-plus-encore/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://journalmetro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 14 Apr 2022 14:56:48 GMT
x-content-type-options: nosniff
age: 353843
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 92629
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 14 Apr 2023 14:56:48 GMT

GET
H/1.1 200
OK fsk.css
static.freeskreen.com/css/20210107205009/default/ Frame E971 50 KB
29 KB 43ms
42ms Stylesheet
text/css 99.86.7.67
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.freeskreen.com/css/20210107205009/default/fsk.css
Requested by: Host: journalmetro.com
URL: https://journalmetro.com/societe/techno/2808007/ce-virus-se-deguise-en-une-application-populaire-pour-voler-les-acces-des-comptes-facebook-et-plus-encore/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.7.67 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-7-67.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 31ace63fa339896dc045f21da77b1ffdc57160e2db5690b132766b0086d6f58e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://journalmetro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-amz-version-id: 5DtU9pV9aPv90d5PMlXs6Og9O1cWT0Fu
Content-Encoding: gzip
ETag: "ba07184144408ada0c1691c69221a457"
Age: 49679
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 28958
Last-Modified: Thu, 07 Jan 2021 20:54:53 GMT
Server: AmazonS3
x-amz-meta-s3cmd-attrs: atime:1610052891/ctime:1610052892/gid:497/gname:jenkins/md5:ba07184144408ada0c1691c69221a457/mode:33188/mtime:1610052892/uid:498/uname:jenkins
Date: Mon, 18 Apr 2022 03:26:11 GMT
Content-Type: text/css
Via: 1.1 d3039ad83798b26ecb9f9f1e666afe26.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA6-C1
Accept-Ranges: bytes
X-Amz-Cf-Id: 3Dn4tIGSJkk2I3mYfNmhYTZg3y47XPXzmGQngerZi8Z5jBFZqNHjng==

GET
H2 200 dmp.jq_flight.3033f0d7176196134921.js Show response
static1.dmcdn.net/playerv5/ Frame A741 41 KB
15 KB 164ms
107ms Script
application/x-javascript 178.79.242.16
LLNW

General

Check archive.org

Show headers Download Go to

Full URL: https://static1.dmcdn.net/playerv5/dmp.jq_flight.3033f0d7176196134921.js
Requested by: Host: www.dailymotion.com
URL: https://www.dailymotion.com/embed/video/x89xs1h?autoPlay=0&mute=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 178.79.242.16 , United States, ASN22822 (LLNW, US),
Reverse DNS: https-178-79-242-16.fra.llnw.net
Software: DMS/1.0.42 /
Resource Hash: e4617a5b39cda8cd99c5725cd79a12bf58f402b90f76c364ec7de7852ec15050

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.dailymotion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 17:14:10 GMT
content-encoding: gzip
age: 539
server-timing: total;dur=0, dc;desc="dc3"
content-length: 14940
last-modified: Fri, 15 Apr 2022 08:30:35 GMT
server: DMS/1.0.42
etag: "62592d2b-a5dc"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
timing-allow-origin: *
x-llid: 8b47f18f05094fba425437dc94a364a4
expires: Wed, 18 May 2022 17:05:11 GMT

GET
H2 200 dmp.manifest.b57e7c390ab5520c6d59.js Show response
static1.dmcdn.net/playerv5/ Frame A741 4 KB
2 KB 221ms
165ms Script
application/x-javascript 178.79.242.16
LLNW

General

Check archive.org

Show headers Download Go to

Full URL: https://static1.dmcdn.net/playerv5/dmp.manifest.b57e7c390ab5520c6d59.js
Requested by: Host: www.dailymotion.com
URL: https://www.dailymotion.com/embed/video/x89xs1h?autoPlay=0&mute=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 178.79.242.16 , United States, ASN22822 (LLNW, US),
Reverse DNS: https-178-79-242-16.fra.llnw.net
Software: DMS/1.0.42 /
Resource Hash: 3e9764e9888defe2684000706198d1bd1503714d5511a95a24894c34f93a26a8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.dailymotion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 17:14:10 GMT
content-encoding: gzip
age: 4485
server-timing: total;dur=0, dc;desc="dc3"
content-length: 1995
last-modified: Fri, 15 Apr 2022 08:30:18 GMT
server: DMS/1.0.42
etag: "62592d1a-102c"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
timing-allow-origin: *
x-llid: a0acb2b64ce98f0af94ce21ee767fc62
expires: Wed, 18 May 2022 15:59:25 GMT

GET
H2 200 dmp.vendor.db7831ef505449d77ad2.js Show response
static1.dmcdn.net/playerv5/ Frame A741 334 KB
101 KB 108ms
52ms Script
application/x-javascript 178.79.242.16
LLNW

General

Check archive.org

Show headers Download Go to

Full URL: https://static1.dmcdn.net/playerv5/dmp.vendor.db7831ef505449d77ad2.js
Requested by: Host: www.dailymotion.com
URL: https://www.dailymotion.com/embed/video/x89xs1h?autoPlay=0&mute=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 178.79.242.16 , United States, ASN22822 (LLNW, US),
Reverse DNS: https-178-79-242-16.fra.llnw.net
Software: DMS/1.0.42 /
Resource Hash: b659f8a85ec763d4cc2a28a2e371f4a05dd54c3cbf860920baf37a2c4685f745

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.dailymotion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 17:14:10 GMT
content-encoding: gzip
age: 116
server-timing: total;dur=1, dc;desc="dc3"
content-length: 103349
last-modified: Fri, 15 Apr 2022 08:30:18 GMT
server: DMS/1.0.42
etag: "62592d1a-538a4"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
timing-allow-origin: *
x-llid: 2dd4f3736342a757c5b067d1c660a693
expires: Wed, 18 May 2022 17:12:14 GMT

GET
H2 200 dmp.main.b125b3d8b9e78016c376.js Show response
static1.dmcdn.net/playerv5/ Frame A741 203 KB
47 KB 281ms
226ms Script
application/x-javascript 178.79.242.16
LLNW

General

Check archive.org

Show headers Download Go to

Full URL: https://static1.dmcdn.net/playerv5/dmp.main.b125b3d8b9e78016c376.js
Requested by: Host: www.dailymotion.com
URL: https://www.dailymotion.com/embed/video/x89xs1h?autoPlay=0&mute=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 178.79.242.16 , United States, ASN22822 (LLNW, US),
Reverse DNS: https-178-79-242-16.fra.llnw.net
Software: DMS/1.0.42 /
Resource Hash: a76f6c69d18926f3405187ab8e38ddd3d852b09e1c9ddf2eba2b1f0c00e9b73c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.dailymotion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 17:14:10 GMT
content-encoding: gzip
age: 610
server-timing: total;dur=0, dc;desc="dc3"
content-length: 47797
last-modified: Fri, 15 Apr 2022 08:30:18 GMT
server: DMS/1.0.42
etag: "62592d1a-32c19"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
timing-allow-origin: *
x-llid: 6f53293ac552d2db166c0cc6774c9adb
expires: Wed, 18 May 2022 17:04:00 GMT

GET
H2 200 dmp.svg_critical.2202bba64ea46ecc7424.js Show response
static1.dmcdn.net/playerv5/ Frame A741 11 KB
3 KB 105ms
50ms Script
application/x-javascript 178.79.242.16
LLNW

General

Check archive.org

Show headers Download Go to

Full URL: https://static1.dmcdn.net/playerv5/dmp.svg_critical.2202bba64ea46ecc7424.js
Requested by: Host: www.dailymotion.com
URL: https://www.dailymotion.com/embed/video/x89xs1h?autoPlay=0&mute=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 178.79.242.16 , United States, ASN22822 (LLNW, US),
Reverse DNS: https-178-79-242-16.fra.llnw.net
Software: DMS/1.0.42 /
Resource Hash: e578fda3845b781d5c0045ae9c5dc94257e613d1c93d5155720c10453e44e91a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.dailymotion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 17:14:10 GMT
content-encoding: gzip
age: 2332
server-timing: total;dur=0, dc;desc="dc3"
content-length: 2586
last-modified: Fri, 15 Apr 2022 08:30:18 GMT
server: DMS/1.0.42
etag: "62592d1a-2da4"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
timing-allow-origin: *
x-llid: 6e8aba04007007f475da22453a26e90f
expires: Wed, 18 May 2022 16:35:18 GMT

GET
H2 200 aps_csm.js Show response
c.amazon-adsystem.com/bao-csm/aps-comm/ 6 KB
3 KB 150ms
58ms XHR
application/javascript 65.9.66.173
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.173 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-173.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://journalmetro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-amz-version-id: khsXo6Z3HSo5bHNWbmb1eMp88IHhxPc.
content-encoding: gzip
etag: W/"a4d296427fc806b21335359e398c025c"
age: 43774
x-cache: Hit from cloudfront
access-control-max-age: 3000
access-control-allow-origin: *
last-modified: Thu, 17 Mar 2022 02:21:48 GMT
server: AmazonS3
date: Mon, 18 Apr 2022 05:04:37 GMT
vary: Origin
access-control-allow-methods: GET
content-type: application/javascript
via: 1.1 fdd677a35b242f0199586a71e2f6859e.cloudfront.net (CloudFront)
cache-control: public, max-age=86400
x-amz-cf-pop: FRA56-C1
x-amz-cf-id: q3ZmOt-KSS7IWCDqStovrxAje_Vr-JcIlTOjr-V71Al0XD2-l82bng==

OPTIONS
H/1.1 200
OK /
pebed.dm-event.net/ Frame 0
0 259ms
64ms Preflight 188.65.124.59
DAILYMOTION For p...

General

Check archive.org

Show headers Download Go to

Full URL: https://pebed.dm-event.net/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 188.65.124.59 , France, ASN41690 (DAILYMOTION For peering related business, please mail peering@dailymotion.com, FR),
Reverse DNS: ebed2.dm.gg
Software: edward-ed/2.2.1 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: x-dm-eventbus-compression-duration,x-dm-eventbus-worker-duration
Access-Control-Request-Method: POST
Origin: https://www.dailymotion.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Access-Control-Allow-Headers: Content-Encoding, X-Dm-EventBus-Compression-Duration, X-Dm-EventBus-Worker-Duration
Access-Control-Allow-Methods: POST
Access-Control-Allow-Origin: *
Access-Control-Max-Age: 604800
Content-Length: 0
Date: Mon, 18 Apr 2022 17:14:11 GMT
Server: edward-ed/2.2.1

GET
H2 200 dmp.locale-en-US.4409b26aeb08f8a7d136.json Show response
static1.dmcdn.net/playerv5/ Frame A741 4 KB
1 KB 244ms
51ms XHR
application/json 178.79.242.16
LLNW

General

Check archive.org

Show headers Download Go to

Full URL: https://static1.dmcdn.net/playerv5/dmp.locale-en-US.4409b26aeb08f8a7d136.json
Requested by: Host: www.dailymotion.com
URL: https://www.dailymotion.com/embed/video/x89xs1h?autoPlay=0&mute=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 178.79.242.16 , United States, ASN22822 (LLNW, US),
Reverse DNS: https-178-79-242-16.fra.llnw.net
Software: DMS/1.0.42 /
Resource Hash: bcaeaaa9dc8573ad31e3b6b811ada024e58354b912fa7210a73bb12224d3de9d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.dailymotion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 17:14:11 GMT
content-encoding: gzip
age: 1764
server-timing: total;dur=0, dc;desc="dc3"
content-length: 1048
last-modified: Fri, 15 Apr 2022 08:30:36 GMT
server: DMS/1.0.42
etag: "62592d2c-f07"
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
timing-allow-origin: *
x-llid: 215319dcf8ebfe9b90b5226247f46f6f
expires: Wed, 18 May 2022 16:44:47 GMT

POST
H/1.1 200
OK / Show response
pebed.dm-event.net/ Frame A741 15 B
363 B 48ms
47ms XHR
application/json 188.65.124.59
DAILYMOTION For p...

General

Check archive.org

Show headers Download Go to

Full URL: https://pebed.dm-event.net/
Requested by: Host: www.dailymotion.com
URL: https://www.dailymotion.com/embed/video/x89xs1h?autoPlay=0&mute=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 188.65.124.59 , France, ASN41690 (DAILYMOTION For peering related business, please mail peering@dailymotion.com, FR),
Reverse DNS: ebed2.dm.gg
Software: edward-ed/2.2.1 /
Resource Hash: a29ee2b15c494311c52521766e44af56a3ad2248e7a8ab465e5206463c13d288

Request headers

X-Dm-EventBus-Worker-Duration: 0
Referer: https://www.dailymotion.com/
accept-language: de-DE,de;q=0.9
X-Dm-EventBus-Compression-Duration: 0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type: text/plain; charset=UTF-8

Response headers

Date: Mon, 18 Apr 2022 17:14:11 GMT
Server: edward-ed/2.2.1
Access-Control-Max-Age: 604800
Access-Control-Allow-Methods: POST
Content-Type: application/json
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Content-Encoding, X-Dm-EventBus-Compression-Duration, X-Dm-EventBus-Worker-Duration
Content-Length: 15

GET
H/1.1 200
OK x89xs1h Show response
www.dailymotion.com/player/metadata/video/ Frame A741 14 KB
10 KB 227ms
226ms XHR
application/json 188.65.124.90
DAILYMOTION For p...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.dailymotion.com/player/metadata/video/x89xs1h?embedder=https%3A%2F%2Fjournalmetro.com%2F&referer=&dmTs=257716&is_native_app=0&dmV1st=3604C56942CBCBDCF06B40923EACD54A

Requested by

Host: www.dailymotion.com
URL: https://www.dailymotion.com/embed/video/x89xs1h?autoPlay=0&mute=0

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

188.65.124.90 , France, ASN41690 (DAILYMOTION For peering related business, please mail peering@dailymotion.com, FR),

Reverse DNS

fp.dc3.dailymotion.com

Software

DMS/1.0.42 /

Resource Hash

b2950d9549e61f87ae17b4b53142a0aefe16aec35286a2919e7af1507df28554

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31708800; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.dailymotion.com/embed/video/x89xs1h?autoPlay=0&mute=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Content-Security-Policy: upgrade-insecure-requests
Content-Encoding: gzip
Referrer-Policy: strict-origin-when-cross-origin
Server: DMS/1.0.42
Date: Mon, 18 Apr 2022 17:14:10 GMT
Expect-Ct: max-age=0, report-uri="https://www.dailymotion.com/content_security_policy_report_uri"
Content-Security-Policy-Report-Only: default-src https: blob: wss: data: android-webview-video-poster: android-webview: chrome-extension: safari-extension: 'unsafe-eval' 'unsafe-inline'; report-uri https://www.dailymotion.com/content_security_policy_report_uri
Content-Type: application/json; charset=utf-8
Cache-Control: no-cache
Server-Timing: total;dur=156, dc;desc="dc3"
Strict-Transport-Security: max-age=31708800; includeSubDomains; preload
Timing-Allow-Origin: *
Vary: X-DM-SSL,Accept-Encoding
Content-Length: 9245

GET
H2 200 dmp.theme_neon.705f34519dda9e95246a.js Show response
static1.dmcdn.net/playerv5/ Frame A741 556 KB
152 KB 97ms
50ms Script
application/x-javascript 178.79.242.16
LLNW

General

Check archive.org

Show headers Download Go to

Full URL: https://static1.dmcdn.net/playerv5/dmp.theme_neon.705f34519dda9e95246a.js
Requested by: Host: www.dailymotion.com
URL: https://www.dailymotion.com/embed/video/x89xs1h?autoPlay=0&mute=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 178.79.242.16 , United States, ASN22822 (LLNW, US),
Reverse DNS: https-178-79-242-16.fra.llnw.net
Software: DMS/1.0.42 /
Resource Hash: 0106fbb66851b93fe594733be1ce4bcaebc88e531df5e4430813f3f0e565be44

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.dailymotion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 17:14:10 GMT
content-encoding: gzip
age: 18
server-timing: total;dur=1, dc;desc="dc3"
content-length: 155688
last-modified: Fri, 15 Apr 2022 08:30:18 GMT
server: DMS/1.0.42
etag: "62592d1a-8afd7"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
timing-allow-origin: *
x-llid: b695afa2edb85195205bd768f1e2571f
expires: Wed, 18 May 2022 17:13:52 GMT

GET
H2 200 dmp.vendors~theme_neon.d755456c0822a3d30c91.js Show response
static1.dmcdn.net/playerv5/ Frame A741 62 KB
17 KB 155ms
108ms Script
application/x-javascript 178.79.242.16
LLNW

General

Check archive.org

Show headers Download Go to

Full URL: https://static1.dmcdn.net/playerv5/dmp.vendors~theme_neon.d755456c0822a3d30c91.js
Requested by: Host: www.dailymotion.com
URL: https://www.dailymotion.com/embed/video/x89xs1h?autoPlay=0&mute=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 178.79.242.16 , United States, ASN22822 (LLNW, US),
Reverse DNS: https-178-79-242-16.fra.llnw.net
Software: DMS/1.0.42 /
Resource Hash: 9f832a039796e62a587b85bc69fdd8842a69c5c83c0b1caca0fbb55d19b6e777

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.dailymotion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 17:14:10 GMT
content-encoding: gzip
age: 634
server-timing: total;dur=0, dc;desc="dc3"
content-length: 16954
last-modified: Fri, 15 Apr 2022 08:30:18 GMT
server: DMS/1.0.42
etag: "62592d1a-f72c"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
timing-allow-origin: *
x-llid: 82add260a6bf4f2bfa4378a13b25d8cb
expires: Wed, 18 May 2022 17:03:36 GMT

GET
H2 200 ima3.js Show response
imasdk.googleapis.com/js/sdkloader/ Frame A741 376 KB
126 KB 259ms
68ms Script
text/javascript 2a00:1450:4001:80f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/sdkloader/ima3.js

Requested by

Host: www.dailymotion.com
URL: https://www.dailymotion.com/embed/video/x89xs1h?autoPlay=0&mute=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2767df6736abef725fe8b1e39307f402dc27a7c8341f9354a8c1b883dcc563dc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.dailymotion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 17:14:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 128424
x-xss-protection: 0
expires: Mon, 18 Apr 2022 17:14:11 GMT

POST
H3 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 119ms
61ms XHR
text/plain 2a00:1450:4001:800::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&a=1279738023&t=pageview&_s=1&dl=https%3A%2F%2Fjournalmetro.com%2Fsociete%2Ftechno%2F2808007%2Fce-virus-se-deguise-en-une-application-populaire-pour-voler-les-acces-des-comptes-facebook-et-plus-encore%2F&ul=en-us&de=UTF-8&dt=Ce%20virus%20se%20d%C3%A9guise%20en%20une%20application%20populaire%20pour%20voler%20les%20acc%C3%A8s%20des%20comptes%20Facebook%20et%20plus%20encore&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEABAAAAAC~&jid=1026374815&gjid=267292925&cid=623847660.1650302051&tid=UA-132922227-1&_gid=984464754.1650302051&_r=1&gtm=2wg4d0PKJL6LH&cd1=Francois%20Charron&cd2=Techno&cd3=&z=328153088

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://journalmetro.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 18 Apr 2022 17:14:10 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://journalmetro.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/319190234/ 3 KB
2 KB 59ms
22ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/319190234/?random=1650302050925&cv=9&fst=1650302050925&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg4d0&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fjournalmetro.com%2Fsociete%2Ftechno%2F2808007%2Fce-virus-se-deguise-en-une-application-populaire-pour-voler-les-acces-des-comptes-facebook-et-plus-encore%2F&tiba=Ce%20virus%20se%20d%C3%A9guise%20en%20une%20application%20populaire%20pour%20voler%20les%20acc%C3%A8s%20des%20comptes%20Facebook%20et%20plus%20encore&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e7afc4428a301112cadc78578f7c3f39c7fc68847dd15fccd390dd1aedb0d85e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://journalmetro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Apr 2022 17:14:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1148
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 681978815959930 Show response
connect.facebook.net/signals/config/ 307 KB
87 KB 258ms
204ms Script
application/x-javascript 2a03:2880:f01c:216:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/681978815959930?v=2.9.57&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

40c8a0bb734205d3c9a8f4b9ae5443cac27a825240b98128175664b3ced8eaa8

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://journalmetro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
x-xss-protection: 0
pragma: public
x-fb-debug: w5hElIGOlcKcq0y3Gz0et/5tJzP/5nvw59ORz6NPqbBu9aEeo3A5GBwVwH0Xvxi79iD+d7RBRkjS2c7UjeHjXQ==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Mon, 18 Apr 2022 17:14:11 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3 200 pubads_impl_2022041301.js Show response
securepubads.g.doubleclick.net/gpt/ 362 KB
123 KB 116ms
57ms Script
text/javascript 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022041301.js?cb=31067132

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

sffe /

Resource Hash

638d2f5ba5cf501a58131a42efe30aa2c2154904b0654a517cce4baeef308022

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://journalmetro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 14:41:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 9167
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 125956
x-xss-protection: 0
last-modified: Wed, 13 Apr 2022 08:34:59 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Tue, 18 Apr 2023 14:41:24 GMT

GET
H3 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 155 B
138 B 132ms
70ms XHR
application/json 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=journalmetro.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

9a6aeb402dfac612f6a62c7efd3f2320955aefa405fa0b3dff084ec38d457a48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://journalmetro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 18 Apr 2022 17:14:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 113
x-xss-protection: 0
expires: Mon, 18 Apr 2022 17:14:11 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
442 B 182ms
33ms XHR
text/plain 2a00:1450:400c:c0b::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-132922227-1&cid=623847660.1650302051&jid=1026374815&gjid=267292925&_gid=984464754.1650302051&_u=YEBAAEAAAAAAAC~&z=1455012552

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c0b::9a Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://journalmetro.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Mon, 18 Apr 2022 17:14:11 GMT
content-type: text/plain
access-control-allow-origin: https://journalmetro.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
501 B 79ms
43ms Image
image/gif 2a00:1450:4001:827::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-132922227-1&cid=623847660.1650302051&jid=1026374815&_u=YEBAAEAAAAAAAC~&z=297289874

Requested by

Host: journalmetro.com
URL: https://journalmetro.com/societe/techno/2808007/ce-virus-se-deguise-en-une-application-populaire-pour-voler-les-acces-des-comptes-facebook-et-plus-encore/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://journalmetro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Apr 2022 17:14:11 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
501 B 72ms
45ms Image
image/gif 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-132922227-1&cid=623847660.1650302051&jid=1026374815&_u=YEBAAEAAAAAAAC~&z=297289874

Requested by

Host: journalmetro.com
URL: https://journalmetro.com/societe/techno/2808007/ce-virus-se-deguise-en-une-application-populaire-pour-voler-les-acces-des-comptes-facebook-et-plus-encore/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://journalmetro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Apr 2022 17:14:11 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame 53AC 32 KB
10 KB 14ms
13ms Script
text/html 104.89.20.125
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=123456&endpoint=us-west
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.89.20.125 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-89-20-125.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: d4d11466f8a21a8c3c96dfaf304aa45107dd8d95687a8da3cb23f49c3d138fb1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/usync.html?p=123456&endpoint=us-west
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Mon, 18 Apr 2022 17:14:11 GMT
Content-Encoding: gzip
Last-Modified: Wed, 02 Mar 2022 16:28:01 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=50892
Connection: keep-alive
Content-Type: text/html; charset=UTF-8
Content-Length: 9541
Expires: Tue, 19 Apr 2022 07:22:23 GMT

GET
H2 200 vendor-list.json Show response
vendorlist.dmcdn.net/v2/ Frame A741 314 KB
40 KB 10ms
9ms XHR
application/json 178.79.242.16
LLNW

General

Check archive.org

Show headers Download Go to

Full URL: https://vendorlist.dmcdn.net/v2/vendor-list.json
Requested by: Host: static1.dmcdn.net
URL: https://static1.dmcdn.net/playerv5/dmp.vendors~theme_neon.d755456c0822a3d30c91.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 178.79.242.16 , United States, ASN22822 (LLNW, US),
Reverse DNS: https-178-79-242-16.fra.llnw.net
Software: AmazonS3 /
Resource Hash: f6d6fd9ee20791527032536e7f88692828aeb251ba1a4ef9676a64cd22500087

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.dailymotion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-amz-version-id: MkQmVEn4qvGuo76Z2QqwFoFhLnJA.LEV
via: 1.1 01e7df96c01c9ecdb1cce1b6595ae260.cloudfront.net (CloudFront)
age: 349439
content-encoding: gzip
content-length: 40538
last-modified: Thu, 14 Apr 2022 16:05:28 GMT
server: AmazonS3
date: Mon, 18 Apr 2022 17:14:11 GMT
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=604800
x-ip-address: 178.79.244.53
x-amz-cf-pop: CDG53-C1
x-amz-cf-id: 6SaXsBIsQAfah61jg452lGdkHrHQrjs55KRURFeq-6klwG94nnQ_Iw==
x-llid: 83c2d12335776a6ef90d5ac6ae37eb59
expires: Thu, 21 Apr 2022 16:10:12 GMT

GET
H2 200 Retina-Regular.039feafb8e07151a9fa79dd01263f273.woff2
static1.dmcdn.net/playerv5/fonts/ Frame A741 36 KB
37 KB 12ms
11ms Font
application/octet-stream 178.79.242.16
LLNW

General

Check archive.org

Show headers Download Go to

Full URL: https://static1.dmcdn.net/playerv5/fonts/Retina-Regular.039feafb8e07151a9fa79dd01263f273.woff2
Requested by: Host: www.dailymotion.com
URL: https://www.dailymotion.com/embed/video/x89xs1h?autoPlay=0&mute=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 178.79.242.16 , United States, ASN22822 (LLNW, US),
Reverse DNS: https-178-79-242-16.fra.llnw.net
Software: DMS/1.0.42 /
Resource Hash: 9f0384a2c4cddef7a95fce9cc026e0901482723d031610c2dc33f23864e8d5c3

Request headers

Referer: https://www.dailymotion.com/
Origin: https://www.dailymotion.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 17:14:11 GMT
last-modified: Fri, 15 Apr 2022 08:30:18 GMT
server: DMS/1.0.42
age: 498
etag: "62592d1a-9118"
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: max-age=2592000
server-timing: total;dur=0, dc;desc="dc3"
accept-ranges: bytes
timing-allow-origin: *
content-length: 37144
x-llid: 528bcac8a553e21aa809301b5610e8aa
expires: Wed, 18 May 2022 17:05:53 GMT

GET
H2 200 cast_sender.js Show response
www.gstatic.com/cv/js/sender/v1/ Frame A741 4 KB
3 KB 40ms
16ms Script
text/javascript 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/cv/js/sender/v1/cast_sender.js

Requested by

Host: static1.dmcdn.net
URL: https://static1.dmcdn.net/playerv5/dmp.theme_neon.705f34519dda9e95246a.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ee147e859ad0f09aa50367974e38ab53e7c7054c4a51d400a7f45b0eb251454f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.dailymotion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 17:14:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cloudview
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2007
x-xss-protection: 0
last-modified: Tue, 16 Feb 2021 23:57:06 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="cloudview"
vary: Accept-Encoding
report-to: {"group":"cloudview","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cloudview"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 18 Apr 2022 17:14:11 GMT

GET
H/1.1 200
OK latencies.js Show response
speedtest.dailymotion.com/ Frame A741 7 KB
2 KB 82ms
18ms Script
application/javascript 188.65.124.91
DAILYMOTION For p...

General

Check archive.org

Show headers Download Go to

Full URL: https://speedtest.dailymotion.com/latencies.js
Requested by: Host: static1.dmcdn.net
URL: https://static1.dmcdn.net/playerv5/dmp.theme_neon.705f34519dda9e95246a.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 188.65.124.91 , France, ASN41690 (DAILYMOTION For peering related business, please mail peering@dailymotion.com, FR),
Reverse DNS: st.dc3.dailymotion.com
Software: /
Resource Hash: 72b2181e58d5c45800d66d36702794ca5ae5bf1fbc20f106442b7eac3191a623

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.dailymotion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Mon, 18 Apr 2022 17:14:11 GMT
Content-Encoding: gzip
Last-Modified: Thu, 17 Sep 2020 07:44:45 GMT
Content-Type: application/javascript
Cache-Control: max-age=21600, public
Accept-Ranges: bytes
Content-Length: 2041
Expires: Mon, 18 Apr 2022 23:14:11 GMT

GET
H3 200 ima3.js Show response
imasdk.googleapis.com/js/sdkloader/ Frame 665F 376 KB
125 KB 41ms
25ms Script
text/javascript 2a00:1450:4001:80f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/sdkloader/ima3.js

Requested by

Host: static1.dmcdn.net
URL: https://static1.dmcdn.net/playerv5/dmp.theme_neon.705f34519dda9e95246a.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2767df6736abef725fe8b1e39307f402dc27a7c8341f9354a8c1b883dcc563dc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.dailymotion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 17:14:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 128424
x-xss-protection: 0
expires: Mon, 18 Apr 2022 17:14:11 GMT

GET
H2 404 85aTP1YM4GGKJtO8x
s2.dmcdn.net/w/ Frame A741 0
0 130ms
27ms Image
text/html 92.123.225.34
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s2.dmcdn.net/w/85aTP1YM4GGKJtO8x
Requested by: Host: www.dailymotion.com
URL: https://www.dailymotion.com/embed/video/x89xs1h?autoPlay=0&mute=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 92.123.225.34 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a92-123-225-34.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.dailymotion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

GET
H2 200 dmp.controls_seek.28ddd7d869bbcadb8e38.js Show response
static1.dmcdn.net/playerv5/ Frame A741 71 KB
18 KB 30ms
30ms Script
application/x-javascript 178.79.242.16
LLNW

General

Check archive.org

Show headers Download Go to

Full URL: https://static1.dmcdn.net/playerv5/dmp.controls_seek.28ddd7d869bbcadb8e38.js
Requested by: Host: static1.dmcdn.net
URL: https://static1.dmcdn.net/playerv5/dmp.manifest.b57e7c390ab5520c6d59.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 178.79.242.16 , United States, ASN22822 (LLNW, US),
Reverse DNS: https-178-79-242-16.fra.llnw.net
Software: DMS/1.0.42 /
Resource Hash: 2121f1f092f074767f55c00e5cb24adf3631e9a79fd6c72f80496cc4806d064c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.dailymotion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 17:14:11 GMT
content-encoding: gzip
age: 2232
server-timing: total;dur=0, dc;desc="dc3"
content-length: 18389
last-modified: Fri, 15 Apr 2022 08:30:18 GMT
server: DMS/1.0.42
etag: "62592d1a-11b02"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
timing-allow-origin: *
x-llid: ad0eb70561306ccf339492417c814cb5
expires: Wed, 18 May 2022 16:36:59 GMT

GET
H2 200 dmp.interaction.13a492ae9e08b3755d8d.js Show response
static1.dmcdn.net/playerv5/ Frame A741 15 KB
5 KB 37ms
36ms Script
application/x-javascript 178.79.242.16
LLNW

General

Check archive.org

Show headers Download Go to

Full URL: https://static1.dmcdn.net/playerv5/dmp.interaction.13a492ae9e08b3755d8d.js
Requested by: Host: static1.dmcdn.net
URL: https://static1.dmcdn.net/playerv5/dmp.manifest.b57e7c390ab5520c6d59.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 178.79.242.16 , United States, ASN22822 (LLNW, US),
Reverse DNS: https-178-79-242-16.fra.llnw.net
Software: DMS/1.0.42 /
Resource Hash: ddc120e35ca4da9fd80454386db62d0282787157f9b7283e5ffc21f30f5dff80

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.dailymotion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 17:14:11 GMT
content-encoding: gzip
age: 2036
server-timing: total;dur=0, dc;desc="dc3"
content-length: 4663
last-modified: Fri, 15 Apr 2022 08:30:18 GMT
server: DMS/1.0.42
etag: "62592d1a-3c4b"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
timing-allow-origin: *
x-llid: 529a1575b93374bf119d68384684ebf7
expires: Wed, 18 May 2022 16:40:15 GMT

GET
H3 200 2890491554339416 Show response
connect.facebook.net/signals/config/ 307 KB
87 KB 153ms
153ms Script
application/x-javascript 2a03:2880:f01c:216:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/2890491554339416?v=2.9.57&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

4ebe94afc2bfe14af3f9429a6a5477c4348901773d4bc0bb9aac2a8f2d4419a5

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://journalmetro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
x-xss-protection: 0
pragma: public
x-fb-debug: yA3g6pWr12005h+xa6lQsWNoxXyo8o8qqAttLqTCQJKFZGVTodYodKWmWghNnoosriik64v7t07+2wXyYredAA==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Mon, 18 Apr 2022 17:14:11 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 44 B
410 B 28ms
11ms Image
image/gif 2a03:2880:f11c:8083:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=681978815959930&ev=PageView&dl=https%3A%2F%2Fjournalmetro.com%2Fsociete%2Ftechno%2F2808007%2Fce-virus-se-deguise-en-une-application-populaire-pour-voler-les-acces-des-comptes-facebook-et-plus-encore%2F&rl=&if=false&ts=1650302051464&sw=1600&sh=1200&v=2.9.57&r=stable&a=tmgoogletagmanager&ec=0&o=30&fbp=fb.1.1650302051462.880306955&it=1650302050951&coo=false&exp=p0&rqm=GET

Requested by

Host: journalmetro.com
URL: https://journalmetro.com/societe/techno/2808007/ce-virus-se-deguise-en-une-application-populaire-pour-voler-les-acces-des-comptes-facebook-et-plus-encore/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://journalmetro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 17:14:11 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 44
expires: Mon, 18 Apr 2022 17:14:11 GMT

POST
H/1.1 200
OK / Show response
pebed.dm-event.net/ Frame A741 15 B
363 B 21ms
21ms XHR
application/json 188.65.124.59
DAILYMOTION For p...

General

Check archive.org

Show headers Download Go to

Full URL: https://pebed.dm-event.net/
Requested by: Host: static1.dmcdn.net
URL: https://static1.dmcdn.net/playerv5/dmp.vendor.db7831ef505449d77ad2.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 188.65.124.59 , France, ASN41690 (DAILYMOTION For peering related business, please mail peering@dailymotion.com, FR),
Reverse DNS: ebed2.dm.gg
Software: edward-ed/2.2.1 /
Resource Hash: a29ee2b15c494311c52521766e44af56a3ad2248e7a8ab465e5206463c13d288

Request headers

Accept: application/json, text/plain, */*
X-Dm-EventBus-Worker-Duration: 0
Referer: https://www.dailymotion.com/
accept-language: de-DE,de;q=0.9
X-Dm-EventBus-Compression-Duration: 0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type: text/plain; charset=UTF-8

Response headers

Date: Mon, 18 Apr 2022 17:14:11 GMT
Server: edward-ed/2.2.1
Access-Control-Max-Age: 604800
Access-Control-Allow-Methods: POST
Content-Type: application/json
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Content-Encoding, X-Dm-EventBus-Compression-Duration, X-Dm-EventBus-Worker-Duration
Content-Length: 15

OPTIONS
H/1.1 200
OK /
pebed.dm-event.net/ Frame 0
0 20ms
19ms Preflight 188.65.124.59
DAILYMOTION For p...

General

Check archive.org

Show headers Download Go to

Full URL: https://pebed.dm-event.net/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 188.65.124.59 , France, ASN41690 (DAILYMOTION For peering related business, please mail peering@dailymotion.com, FR),
Reverse DNS: ebed2.dm.gg
Software: edward-ed/2.2.1 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: x-dm-eventbus-compression-duration,x-dm-eventbus-worker-duration
Access-Control-Request-Method: POST
Origin: https://www.dailymotion.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Access-Control-Allow-Headers: Content-Encoding, X-Dm-EventBus-Compression-Duration, X-Dm-EventBus-Worker-Duration
Access-Control-Allow-Methods: POST
Access-Control-Allow-Origin: *
Access-Control-Max-Age: 604800
Content-Length: 0
Date: Mon, 18 Apr 2022 17:14:11 GMT
Server: edward-ed/2.2.1

GET
H2 200 ui.r2.js Show response
rumble.com/j/p/ 69 KB
25 KB 134ms
133ms Script
application/javascript 169.44.97.2
SOFTLAYER

General

Check archive.org

Show headers Download Go to

Full URL

https://rumble.com/j/p/ui.r2.js?_v=308

Requested by

Host: rumble.com
URL: https://rumble.com/embedJS/ut3mi.vy3tqk/?url=https%3A%2F%2Fjournalmetro.com%2Fsociete%2Ftechno%2F2808007%2Fce-virus-se-deguise-en-une-application-populaire-pour-voler-les-acces-des-comptes-facebook-et-plus-encore%2F&args=%5B%22play%22%2C%7B%22video%22%3A%22vy3tqk%22%2C%22div%22%3A%22rumble_vy3tqk%22%7D%5D

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

169.44.97.2 , United States, ASN36351 (SOFTLAYER, US),

Reverse DNS

2.61.2ca9.ip4.static.sl-reverse.com

Software

nginx /

Resource Hash

eb0b44522322e3379c9c3519c63813eab096880b9860a50a17712c5f085580e3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubDomains;preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://journalmetro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 17:14:11 GMT
content-encoding: br
last-modified: Thu, 30 Dec 2021 22:19:57 GMT
server: nginx
etag: W/"61ce308d-11246"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public,max-age=31536000,immutable,stale-if-error=31536000,stale-while-revalidate=31536000
strict-transport-security: max-age=31536000;includeSubDomains;preload

GET
H2 200 SusRd.OvCc.1-small-virus-pc.jpg
sp.rmbl.ws/s8/1/S/u/s/R/ 51 KB
51 KB 251ms
200ms Image
image/jpeg 151.139.128.11
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sp.rmbl.ws/s8/1/S/u/s/R/SusRd.OvCc.1-small-virus-pc.jpg
Requested by: Host: journalmetro.com
URL: https://journalmetro.com/societe/techno/2808007/ce-virus-se-deguise-en-une-application-populaire-pour-voler-les-acces-des-comptes-facebook-et-plus-encore/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.11 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software: nginx /
Resource Hash: 33243e2dc91924de3cdddc069aa4bf1071df38251cff4e8ff65e0e9c05f85c7b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://journalmetro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 17:14:11 GMT
last-modified: Wed, 13 Apr 2022 15:57:10 GMT
server: nginx
etag: "ae3f428c864b6e3e26b3f6d60e15828c"
x-hw: 1650302051.cds080.lo4.hn,1650302051.cds250.lo4.e
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=86400
accept-ranges: bytes
content-length: 52275

GET
H/1.1 200
OK player-hb.js Show response
static.freeskreen.com/scm/player/20211014b/ Frame E971 265 KB
68 KB 13ms
13ms Script
text/javascript 99.86.7.67
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.freeskreen.com/scm/player/20211014b/player-hb.js
Requested by: Host: journalmetro.com
URL: https://journalmetro.com/societe/techno/2808007/ce-virus-se-deguise-en-une-application-populaire-pour-voler-les-acces-des-comptes-facebook-et-plus-encore/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.7.67 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-7-67.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 4af5765b7587881ef567c23d0aa9fcdbeff09e3354473ed56eca490f4df5ca30

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://journalmetro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-amz-version-id: 1a20JKKbfSum1GD_kgL27p_j3szFYaZQ
Content-Encoding: gzip
ETag: "409ad7e8925e1ea5584c81bef309f239"
Age: 20398
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 69058
Last-Modified: Thu, 14 Oct 2021 20:54:36 GMT
Server: AmazonS3
x-amz-meta-s3cmd-attrs: atime:1634244865/ctime:1634244872/gid:20/gname:staff/md5:409ad7e8925e1ea5584c81bef309f239/mode:33188/mtime:1634244865/uid:501/uname:mickael
Date: Mon, 18 Apr 2022 11:34:42 GMT
Content-Type: text/javascript
Via: 1.1 d3039ad83798b26ecb9f9f1e666afe26.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA6-C1
Accept-Ranges: bytes
X-Amz-Cf-Id: gPYs2sv0O2ppoxlZkQ5syK7eC-dVdY6PCC7OmTygslsvFDdN05Cssw==

GET
H/1.1 200
OK khaos.jpg
token.rubiconproject.com/ Frame 53AC 284 B
536 B 47ms
12ms Image
image/jpg 69.173.144.139
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://token.rubiconproject.com/khaos.jpg?
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=123456&endpoint=us-west
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 69.173.144.139 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: 492abbc30ace41332a8f68b7f34f56333a037aebac34e0bc9b9cedb0d1c3b032

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-length: 284
X-RPHost: a66cbf3142c6ef39e3614b84a34262cf
Content-Type: image/jpg

GET
H2 206 SusRd.gaa.mp4
sp.rmbl.ws/s8/2/S/u/s/R/ 554 KB
0 497ms
462ms Media
video/mp4 151.139.128.11
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://sp.rmbl.ws/s8/2/S/u/s/R/SusRd.gaa.mp4?u=t3mi&b=0
Requested by: Host: journalmetro.com
URL: https://journalmetro.com/societe/techno/2808007/ce-virus-se-deguise-en-une-application-populaire-pour-voler-les-acces-des-comptes-facebook-et-plus-encore/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.11 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Referer: https://journalmetro.com/
Accept-Encoding: identity;q=1, *;q=0
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Range: bytes=0-

Response headers

date: Mon, 18 Apr 2022 17:14:11 GMT
last-modified: Tue, 12 Apr 2022 16:45:11 GMT
server: nginx
access-control-allow-origin: *
etag: "93bab92bb9871ee228bea1e5bce0ae4a"
x-hw: 1650302051.cds080.lo4.hn,1650302051.cds225.lo4.e
content-type: video/mp4
Content-Range: bytes 0-53813570/53813571
cache-control: max-age=86400
accept-ranges: bytes
Content-Length: 53813571

GET
H3 200 /
www.google.com/pagead/1p-user-list/319190234/ 42 B
64 B 40ms
22ms Image
image/gif 2a00:1450:4001:827::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/319190234/?random=1650302050925&cv=9&fst=1650301200000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg4d0&sendb=1&frm=0&url=https%3A%2F%2Fjournalmetro.com%2Fsociete%2Ftechno%2F2808007%2Fce-virus-se-deguise-en-une-application-populaire-pour-voler-les-acces-des-comptes-facebook-et-plus-encore%2F&tiba=Ce%20virus%20se%20d%C3%A9guise%20en%20une%20application%20populaire%20pour%20voler%20les%20acc%C3%A8s%20des%20comptes%20Facebook%20et%20plus%20encore&async=1&fmt=3&is_vtc=1&random=2775729682&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: journalmetro.com
URL: https://journalmetro.com/societe/techno/2808007/ce-virus-se-deguise-en-une-application-populaire-pour-voler-les-acces-des-comptes-facebook-et-plus-encore/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://journalmetro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Apr 2022 17:14:11 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.de/pagead/1p-user-list/319190234/ 42 B
64 B 37ms
19ms Image
image/gif 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/319190234/?random=1650302050925&cv=9&fst=1650301200000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg4d0&sendb=1&frm=0&url=https%3A%2F%2Fjournalmetro.com%2Fsociete%2Ftechno%2F2808007%2Fce-virus-se-deguise-en-une-application-populaire-pour-voler-les-acces-des-comptes-facebook-et-plus-encore%2F&tiba=Ce%20virus%20se%20d%C3%A9guise%20en%20une%20application%20populaire%20pour%20voler%20les%20acc%C3%A8s%20des%20comptes%20Facebook%20et%20plus%20encore&async=1&fmt=3&is_vtc=1&random=2775729682&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: journalmetro.com
URL: https://journalmetro.com/societe/techno/2808007/ce-virus-se-deguise-en-une-application-populaire-pour-voler-les-acces-des-comptes-facebook-et-plus-encore/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://journalmetro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Apr 2022 17:14:11 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK sa.css
tags.srv.stackadapt.com/ 65 B
292 B 100ms
100ms Stylesheet
text/css 54.162.166.147
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/sa.css
Requested by: Host: tags.srv.stackadapt.com
URL: https://tags.srv.stackadapt.com/events.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.162.166.147 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-162-166-147.compute-1.amazonaws.com
Software: /
Resource Hash: 4b1f9a40e0f37b81af389727d57b49ab571b49f7d79850252a6d103b80475c33

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://journalmetro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Mon, 18 Apr 2022 17:14:11 GMT
Cache-Control: only-if-cached, no-transform, private, max-age=7776000
Connection: keep-alive
Content-Length: 65
Content-Type: text/css

GET
H/1.1 200
OK sa.jpeg Show response
tags.srv.stackadapt.com/ 0
881 B 381ms
96ms Fetch
image/jpeg 54.162.166.147
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/sa.jpeg
Requested by: Host: tags.srv.stackadapt.com
URL: https://tags.srv.stackadapt.com/events.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.162.166.147 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-162-166-147.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://journalmetro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Mon, 18 Apr 2022 17:14:11 GMT
Cache-Control: only-if-cached, no-transform, private, max-age=7776000
Connection: keep-alive
Content-Length: 651
Content-Type: image/jpeg

GET
H3 200 cast_sender.js Show response
www.gstatic.com/eureka/clank/100/ Frame A741 52 KB
15 KB 23ms
8ms Script
text/javascript 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/eureka/clank/100/cast_sender.js

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/cv/js/sender/v1/cast_sender.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

30b6e85cb864024d05a4778952ea29bc0612dc2f73e68354ae9ac3375eab7132

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.dailymotion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 11:47:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 19628
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cloudview-release
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15463
x-xss-protection: 0
last-modified: Mon, 07 Feb 2022 16:04:59 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="cloudview-release"
vary: Accept-Encoding
report-to: {"group":"cloudview-release","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cloudview-release"}]}
content-type: text/javascript
cache-control: public, max-age=86400
accept-ranges: bytes
expires: Tue, 19 Apr 2022 11:47:03 GMT

GET
H3 200 bridge3.510.1_en.html Show response
imasdk.googleapis.com/js/core/ Frame F5D9 631 KB
205 KB 8ms
7ms Document
text/html 2a00:1450:4001:80f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/core/bridge3.510.1_en.html

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dc89c933d5f3a060b6d6529c1f6748bbe87213a8aa11eca62361b67a2c39266b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.dailymotion.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 321926
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 209821
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
cross-origin-resource-policy: cross-origin
date: Thu, 14 Apr 2022 23:48:45 GMT
expires: Fri, 14 Apr 2023 23:48:45 GMT
last-modified: Thu, 14 Apr 2022 23:44:31 GMT
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 client.js Show response
s0.2mdn.net/instream/video/ Frame 665F 44 KB
17 KB 46ms
15ms Script
text/javascript 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/instream/video/client.js

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d0bffc7261df1454c5e05475cda7d9e6647318dc6c3936767e1252bfe8849c54

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.dailymotion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 17:14:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16746
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 18 Apr 2022 17:14:11 GMT

GET
H2 200 dmp.dynamic_quality_switcher.7197594aaa1298387d8d.js Show response
static1.dmcdn.net/playerv5/ Frame A741 22 KB
7 KB 10ms
9ms Script
application/x-javascript 178.79.242.16
LLNW

General

Check archive.org

Show headers Download Go to

Full URL: https://static1.dmcdn.net/playerv5/dmp.dynamic_quality_switcher.7197594aaa1298387d8d.js
Requested by: Host: static1.dmcdn.net
URL: https://static1.dmcdn.net/playerv5/dmp.manifest.b57e7c390ab5520c6d59.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 178.79.242.16 , United States, ASN22822 (LLNW, US),
Reverse DNS: https-178-79-242-16.fra.llnw.net
Software: DMS/1.0.42 /
Resource Hash: 0706446ba6d3f592986a55aed2e5d3015d5c182520a9d055c18d8b862ed8802c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.dailymotion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 17:14:11 GMT
content-encoding: gzip
age: 239
server-timing: total;dur=0, dc;desc="dc3"
content-length: 7190
last-modified: Fri, 15 Apr 2022 08:30:18 GMT
server: DMS/1.0.42
etag: "62592d1a-57a7"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
timing-allow-origin: *
x-llid: 97ed1025d4189d6a55e4e0c23383cbb1
expires: Wed, 18 May 2022 17:10:12 GMT

GET
H2 200 dmp.vendors~hlsjs_stable.607603975ee410c63a10.js Show response
static1.dmcdn.net/playerv5/ Frame A741 189 KB
54 KB 11ms
10ms Script
application/x-javascript 178.79.242.16
LLNW

General

Check archive.org

Show headers Download Go to

Full URL: https://static1.dmcdn.net/playerv5/dmp.vendors~hlsjs_stable.607603975ee410c63a10.js
Requested by: Host: static1.dmcdn.net
URL: https://static1.dmcdn.net/playerv5/dmp.manifest.b57e7c390ab5520c6d59.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 178.79.242.16 , United States, ASN22822 (LLNW, US),
Reverse DNS: https-178-79-242-16.fra.llnw.net
Software: DMS/1.0.42 /
Resource Hash: ca356d69f023a86170e7197b26266cc9f913b54fc90e96a760cec4152b7848b1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.dailymotion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 17:14:11 GMT
content-encoding: gzip
age: 2583
server-timing: total;dur=0, dc;desc="dc3"
content-length: 54717
last-modified: Fri, 15 Apr 2022 08:30:18 GMT
server: DMS/1.0.42
etag: "62592d1a-2f204"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
timing-allow-origin: *
x-llid: 6a6768d7920f61362f08b0adbfa95639
expires: Wed, 18 May 2022 16:31:08 GMT

GET
H2 204 x89xs1h.m3u8 Show response
dmxleo.dailymotion.com/cdn/manifest/video/ Frame A741 0
276 B 90ms
22ms Script
text/plain 188.65.124.38
DAILYMOTION For p...

General

Check archive.org

Show headers Download Go to

Full URL

https://dmxleo.dailymotion.com/cdn/manifest/video/x89xs1h.m3u8?auth=1650474850-2688-yjnizqeq-b4b91ceb6867fb987ccdf6086d6c5032NOyTLpACPpoTzxc1x7ZiVuSbMbHsSOeDs2qVsAFX3O5w2yTXcq9RCV-Yz4pKPaKNAqtHoZIscvo-yrI1U_RD98TKz7UYuruPzM0_SHawqBMxoL4w865oC9OZ0HlG38wbALJ9_NoMgF2uqcjGRjGvRbE6jb62yg8gJxR8PL5iJr_WjgcAwJYg--WORxs4r9Gg58uaP2xOP1tjOo5bQvAjoqOQWD12bO0k9tcq-SoLsmrG6BDP9L5K2N6oVnO81K5ANLVUCAkIpABB6iaoyi98ywu2T-gc5-H8tZH5-rQiCP2pCVSNMj9fctyDwbk6QnWhtFtHx9fHw7ESaG3aGSh3lLIO0svdu9JMLYTF0x06p-akGuC8fzWlANLZZaN2oP0iPmqiy74yohZlMJ87909PnI53V_cKxYp2or5wUfB1ZRGUMeL47fTmBgnzOodtwnxX_edkw_rpD75Fg-CMTyRRrpfB_E8Um-ncwuHopRIQQc5HXfS76tzKizSUXDd94e4YUZIr4B0AjKgcScnXbsGvpxQJEVqSNqaI6f45Qcv1b0PJqio983X_y9-ZtTYlV1-gobfr399u8eLbcn1dceXHs9NQtvlkliQrXO-h7ljrK9AZ6Bt5MSaTEgIeN1Zmd-qQavvi3VDU4WREEinRABZw6muyP_SjLsAv3ao25ylD1w4Jg6IfmGPAA4SGJZPXzidAM51x8xt3MplyOrfPRk1ehj_OS88MPoEVfu59pogFcDFMrc9JjI41zimdI5hUbJNCcw5qpEMW2nOoP__QMBFvJ8qDfkrBNnUPKOEwLJUrtc6ufY4DbGpmHsvVPSjOKTIthlri84oE_pilKmAa3AePktklj8ym2qtA1HpVcrRwALIhsjeGBdc6GKROSxtjSqmI0_bXLQIJdwxvar6fcfdlGSEinqZFBNCIKl-9DWsFZD2lzLaY70KhSmwqShrVEcbDQmKNyo_Eupa3nXwbqKnaDgCD-SAquf36tnL5GTLvowYswKIonBhIs-hgn8f5_r7ereGEVf1sMqe6DcSnTsSdd6lJrgMVBTNgPSasXzBqTFDnts3VO-guAQ-UzrQ17il-pYLqtolA1ieNHUIslQrnEdGIokVivdc1Mt71wHiZLQD9s-Z80ctILCR-Kp2BDT6xr5BsRGf5XefhdW4ovJax6U25nUbPF263F6FyhdDfNO3bOSZcdQ71ApcdkEodMuHag4sntaEZuHaYzc1MgZj10JG3ukwI4w_ROdR5AE-P_emZ2egMXifYBffkXEZX8XZkVWJlYVknDvckIsB2bzscfIu_APs8psu5J2ULEjm_VTl68De1hjy3u-KiZTTen3A7bOGyD716xwHPLZDsP1OPgozIJ6l54ARs-IVBfyRfczYtXV0M0HwuBzYKAaclMLeYGW7L0Ucz_Ujy3LPhGKN_5IWdJCRbMtYsmtnd9RftEPl3hr_41NTusL5HM_5Ej9FoH-S1hs4XVzB9tS0oghZzZ90Y7nVDx83-ARXrQ0dZP4T3CdzlD7Euip3X0lb3mnYiG1183aRaZvnAstNlu_Qhw8KTOn_tIGTpPmzZslgzvB7eEPDqXB1ZE5GOjHqrxTX59tNdwHUDYc0MKWPK3VUeuV8Rc_KyKWgXg3KYM_fhkUoln8gpo1W-U47Q78Yg6-e1aT_rnoF7MW_VyCvb4-XMwcY3WJenvlcZRWy8TBcoaux1xzwSQnTJMWWGJIqMB_QJGQ5SfezMm1A5BEQNSuC23cy5CtW82LXF_Xv3mlENVwf3kyKUI_N0v5TahlhD2vu0hl2fNOzfHQGDwDNf6-Yrj12lUffq0yZxQnG8wtLswFpiKZEq1qDv46Y8RedYJrInllg6hj8MpRepKRuhaS_H1mI0o-P8SU3CBnfSwwRO8SsxkTrvasG9ltDccygCIvSmaUh7P7_YriBsf2hCGFDaIj90O5qjSwqVWuv7VsVxaaIXgfM7ZHsphg77kkqsmF5h1-jVY8WKOKvhxL72sl3LF825Ds_fBTMGKDd7cMjoxME3HJ-x854vl-cMwQA4ZpxMd3VqMOekOSzBx2spa2_VJ93JFERWCMnsNxTfWDf6Gg4eFgxcVZnxXU4hWjUUHXsxAyJlTScSGrStiac0ZPhzQp0UXnNV2A-d6GnCpH2qzPd_UAUHoBty30_OwexntSeAFTx5RrvkeULNuUUsAfZunPuGZQYS8van6ZHHfOno9znM-tgBRfaDkFjBWZZgRl3qCBprGFTiys_RiVjfGkpOqu62RC3ZnQlDm3rX82-JZQxJqrVp-T_aEj2iPCmYn2GTshmNQQbkVtfl6RJkHHiCcZFzSRJnVO9tRPfXCxXPQu0S1f__0Ry8zdnr2WF-qci9w6XQobQ3_3MMptR8x-ikvVu5b5UtD3oOk0Ozp_7nsYrkNtAf7ETGTrlridyALhbj-RQMbHvQdu1sWq-Cxt_I9fOmyDOw7Hkn_fBvrT3QUMTB7K3__c5WHot-8EwHJX-Ow4Xslcowt8sN280uU10gZucYrzjl-02-mN7qdTRs9CneCJLDvkdWjqZknODvZruU5_IJHE2lrb4eIgHALQxPRjvkNINDbeo-7WhjwmyKzryKfVUi4e4KF1q-JUuVfp_zkNUHMg068tPFmS6JwYgfdK4jBzV_iFnpu3LxpWEPaxOHyVojZhcxf4hdOjwcdEQ-B3ikZbaQfx2NTIgeAjBtZiTJx5zddpUECbiUsIshdv8AAfXi4SvWNUJIEiE4Bj5gtHQP5oKhZU-y7aY6-YcWffaB10XlXmBe_CPvpDPXrKXuHaQ7OnEmGnBnZm6C1Gk-L3YOaulgsH3dRw9VdlTIfd0iE7SgkwztZc96yM2aYuk4W5-lzJ457pSBQzaQhj5C5xh_IbQGwMul7IHxB8GVD1QfyJepLpddyFIWqUch5fuVRxP6Fy4tcVCPDrBvd0uabCNeenY3NJsOW-xgrGsDr74YOPR5R6sE3MCnIFUwORI4sop72fv4Z38O5rXHIuh9D&bs=1&cookie_sync_ab_gk=1&reader_gdpr_flag=1&reader_gdpr_consent=&gdpr_binary_consent=opt-out&gdpr_comes_from_infopack=0&reader_us_privacy=1---

Requested by

Host: static1.dmcdn.net
URL: https://static1.dmcdn.net/playerv5/dmp.theme_neon.705f34519dda9e95246a.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

188.65.124.38 , France, ASN41690 (DAILYMOTION For peering related business, please mail peering@dailymotion.com, FR),

Reverse DNS

icscale-01-pub-ix7.vip.dailymotion.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.dailymotion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-dm-lb-name: icscale-01-02.adm.ix7.dailymotion.com
date: Mon, 18 Apr 2022 17:14:11 GMT
content-encoding: gzip
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-methods: GET
access-control-allow-origin: https://www.dailymotion.com/
access-control-allow-credentials: true
access-control-allow-headers: Authorization, Content-Type

GET
H/1.1 200
OK 2B9FAA34215E8F662454539B7C2FD14C.cache.js Show response
static.freeskreen.com/gwt/20210107205009/advertisement/freeskreen_splitbox_client/ Frame E971 98 KB
34 KB 12ms
12ms Script
application/javascript 99.86.7.67
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.freeskreen.com/gwt/20210107205009/advertisement/freeskreen_splitbox_client/2B9FAA34215E8F662454539B7C2FD14C.cache.js
Requested by: Host: journalmetro.com
URL: https://journalmetro.com/societe/techno/2808007/ce-virus-se-deguise-en-une-application-populaire-pour-voler-les-acces-des-comptes-facebook-et-plus-encore/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.7.67 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-7-67.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 7a41da1f7e70ad9aa4d7772e6cb239e50ecf944808eb73e6de07cdb92c2552c6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://journalmetro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-amz-version-id: 3PIgB876VbZVlHUwnXSJVJ7NAqTCm2v1
Content-Encoding: gzip
ETag: "4444d8b2df068cd8be696adeacc34754"
Age: 50399
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 34116
Last-Modified: Thu, 07 Jan 2021 20:53:52 GMT
Server: AmazonS3
x-amz-meta-s3cmd-attrs: atime:1610052721/ctime:1610052830/gid:497/gname:jenkins/md5:4444d8b2df068cd8be696adeacc34754/mode:33188/mtime:1610052721/uid:498/uname:jenkins
Date: Mon, 18 Apr 2022 03:15:33 GMT
Content-Type: application/javascript
Via: 1.1 d3039ad83798b26ecb9f9f1e666afe26.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA6-C1
Accept-Ranges: bytes
X-Amz-Cf-Id: RohxCGB1n_gzh5o4vCSFqBbQtHMSgI4Gv34HJGuriLA4fNXtaimH5w==

GET
H2 200 t.gif
sb.freeskreen.com/ Frame E971 43 B
413 B 33ms
31ms Image
image/gif 108.157.4.35
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sb.freeskreen.com/t.gif?tm=1650302051&p=884&c=969&s=undefined&d=&v=&t=37c7c38b-f6ad-4f00-996d-f42e71fb11ee&co=SE&pr=AB&ci=Stockholm&dm=null&flc=&slc=&ttm=1650302050667&gdpr=1&gdpr_consent=-1&e=AdOpened&m=2&x=null
Requested by: Host: journalmetro.com
URL: https://journalmetro.com/societe/techno/2808007/ce-virus-se-deguise-en-une-application-populaire-pour-voler-les-acces-des-comptes-facebook-et-plus-encore/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.157.4.35 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-157-4-35.dus51.r.cloudfront.net
Software: Apache/2.4.29 (Ubuntu) /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://journalmetro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Apr 2022 17:14:11 GMT
via: 1.1 6d98bef126a4247ea75e1c5621ccd3fc.cloudfront.net (CloudFront)
server: Apache/2.4.29 (Ubuntu)
x-amz-cf-pop: DUS51-P2
x-cache: Miss from cloudfront
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI INT DEM STA PRE COM NAV NOI DSP COR"
cache-control: no-cache, no-store
content-type: image/gif
content-length: 43
x-amz-cf-id: DbGUdq5NzYJCFM5PEvIkcPdx1zuGrTrCRHzFA9IZsLXG6on2pTrs9w==
expires: -1

GET
H2 200 omweb-v1.js Show response
pagead2.googlesyndication.com/omsdk/releases/live/ Frame 45B2 37 KB
13 KB 32ms
8ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js

Requested by

Host: srcdoc
URL: about:srcdoc

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2511b147f3cf95f742758d3e2062eac98f5265a859dc07959eb8a32f0a2f528

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.dailymotion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 16:43:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1826
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12861
x-xss-protection: 0
last-modified: Tue, 26 Oct 2021 20:08:54 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="omsdk-team-release-policy"
vary: Accept-Encoding
report-to: {"group":"omsdk-team-release-policy","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/omsdk-team-release-policy"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Mon, 18 Apr 2022 17:43:45 GMT

GET
H2 200 x240
s2.dmcdn.net/v/TqzKr1YLZp06KcW-s/ Frame A741 12 KB
13 KB 28ms
28ms Image
image/jpeg 92.123.225.34
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s2.dmcdn.net/v/TqzKr1YLZp06KcW-s/x240
Requested by: Host: www.dailymotion.com
URL: https://www.dailymotion.com/embed/video/x89xs1h?autoPlay=0&mute=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 92.123.225.34 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a92-123-225-34.deploy.static.akamaitechnologies.com
Software: DMS/2 /
Resource Hash: 2fa2420e3319e3f55a0a81f029343c7d77499b632f3529db1b65b2de2e3d8d51

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.dailymotion.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 17:14:11 GMT
last-modified: Mon, 18 Apr 2022 05:12:21 GMT
server: DMS/2
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=86400
server-timing: total;dur=0, dc;desc="dc3"
timing-allow-origin: *
access-control-allow-headers: Range
content-length: 12739
expires: Tue, 19 Apr 2022 17:14:11 GMT

GET
H/1.1 204
No Content sync.php
pixel-us-west.rubiconproject.com/exchange/ Frame 53AC 0
239 B 752ms
155ms Image
image/gif 8.39.36.142
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel-us-west.rubiconproject.com/exchange/sync.php?p=123456
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=123456&endpoint=us-west
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 8.39.36.142 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: dbbc2dbf689859fb5870b364473d5441
Content-Type: image/gif

POST
H3 200 collect Show response
www.google-analytics.com/j/ 4 B
24 B 15ms
15ms XHR
text/plain 2a00:1450:4001:800::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&a=1279738023&t=pageview&_s=1&dl=https%3A%2F%2Frumble.com%2FembedJS%2Fut3mi.vy3tqk%2F&dr=https%3A%2F%2Fjournalmetro.com%2Fsociete%2Ftechno%2F2808007%2Fce-virus-se-deguise-en-une-application-populaire-pour-voler-les-acces-des-comptes-facebook-et-plus-encore%2F&ul=en-us&de=UTF-8&dt=Ce%20virus%20se%20d%C3%A9guise%20en%20une%20application%20populaire%20pour%20voler%20les%20acc%C3%A8s%20des%20comptes%20Facebook%20et%20plus%20encore&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aEDAAEABAAAAAC~&jid=2038710232&gjid=172209061&cid=623847660.1650302051&tid=UA-44331619-1&_gid=984464754.1650302051&_r=1&_slc=1&z=171889048

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://journalmetro.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 18 Apr 2022 17:14:11 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://journalmetro.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 view...y3tqk.15mm8lv
rumble.com/l/ 35 B
191 B 131ms
131ms Ping
image/gif 169.44.97.2
SOFTLAYER

General

Check archive.org

Show headers Download Go to

Full URL

https://rumble.com/l/view...y3tqk.15mm8lv?p=2.3&r=97401025&ref=https%3A%2F%2Fjournalmetro.com%2Fsociete%2Ftechno%2F2808007%2Fce-virus-se-deguise-en-une-application-populaire-pour-voler-les-acces-des-comptes-facebook-et-plus-encore%2F&gt=2

Requested by

Host: rumble.com
URL: https://rumble.com/j/p/ui.r2.js?_v=308

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

169.44.97.2 , United States, ASN36351 (SOFTLAYER, US),

Reverse DNS

2.61.2ca9.ip4.static.sl-reverse.com

Software

nginx /

Resource Hash

90252ef0aa9e3d36c861bbeaa1bd57b7f855333edf2957ab9473838a52e2dd7f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubDomains;preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://journalmetro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

access-control-allow-origin: *
pragma: no-cache
date: Mon, 18 Apr 2022 17:14:11 GMT
server: nginx
strict-transport-security: max-age=31536000;includeSubDomains;preload
log-code: 3
content-type: image/gif

GET
H3 200 ima3.js Show response
imasdk.googleapis.com/js/sdkloader/ 376 KB
125 KB 21ms
20ms Script
text/javascript 2a00:1450:4001:80f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/sdkloader/ima3.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2767df6736abef725fe8b1e39307f402dc27a7c8341f9354a8c1b883dcc563dc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://journalmetro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 17:14:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 128424
x-xss-protection: 0
expires: Mon, 18 Apr 2022 17:14:11 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 7ms
7ms Image
image/gif 2a00:1450:4001:800::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j96&a=1279738023&t=event&_s=2&dl=https%3A%2F%2Frumble.com%2FembedJS%2Fut3mi.vy3tqk%2F&dr=https%3A%2F%2Fjournalmetro.com%2Fsociete%2Ftechno%2F2808007%2Fce-virus-se-deguise-en-une-application-populaire-pour-voler-les-acces-des-comptes-facebook-et-plus-encore%2F&ul=en-us&de=UTF-8&dt=Ce%20virus%20se%20d%C3%A9guise%20en%20une%20application%20populaire%20pour%20voler%20les%20acc%C3%A8s%20des%20comptes%20Facebook%20et%20plus%20encore&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Embed&ea=View&el=vy3tqk&_u=aEDAAEABAAAAAC~&jid=&gjid=&cid=623847660.1650302051&tid=UA-44331619-1&_gid=984464754.1650302051&z=1434145965

Requested by

Host: journalmetro.com
URL: https://journalmetro.com/societe/techno/2808007/ce-virus-se-deguise-en-une-application-populaire-pour-voler-les-acces-des-comptes-facebook-et-plus-encore/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://journalmetro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 17 Apr 2022 18:21:23 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 82368
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H3 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
25 B 42ms
21ms XHR
text/plain 2a00:1450:400c:c0b::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-44331619-1&cid=623847660.1650302051&jid=2038710232&gjid=172209061&_gid=984464754.1650302051&_u=aEDAAEABAAAAAC~&z=59292385

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400c:c0b::9a Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://journalmetro.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Mon, 18 Apr 2022 17:14:11 GMT
content-type: text/plain
access-control-allow-origin: https://journalmetro.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H/1.1 200
OK / Show response
pebed.dm-event.net/ Frame A741 15 B
363 B 21ms
19ms XHR
application/json 188.65.124.59
DAILYMOTION For p...

General

Check archive.org

Show headers Download Go to

Full URL: https://pebed.dm-event.net/
Requested by: Host: www.dailymotion.com
URL: https://www.dailymotion.com/embed/video/x89xs1h?autoPlay=0&mute=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 188.65.124.59 , France, ASN41690 (DAILYMOTION For peering related business, please mail peering@dailymotion.com, FR),
Reverse DNS: ebed2.dm.gg
Software: edward-ed/2.2.1 /
Resource Hash: a29ee2b15c494311c52521766e44af56a3ad2248e7a8ab465e5206463c13d288

Request headers

X-Dm-EventBus-Worker-Duration: 0
Referer: https://www.dailymotion.com/
accept-language: de-DE,de;q=0.9
X-Dm-EventBus-Compression-Duration: 0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type: text/plain; charset=UTF-8

Response headers

Date: Mon, 18 Apr 2022 17:14:11 GMT
Server: edward-ed/2.2.1
Access-Control-Max-Age: 604800
Access-Control-Allow-Methods: POST
Content-Type: application/json
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Content-Encoding, X-Dm-EventBus-Compression-Duration, X-Dm-EventBus-Worker-Duration
Content-Length: 15

OPTIONS
H/1.1 200
OK /
pebed.dm-event.net/ Frame 0
0 19ms
19ms Preflight 188.65.124.59
DAILYMOTION For p...

General

Check archive.org

Show headers Download Go to

Full URL: https://pebed.dm-event.net/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 188.65.124.59 , France, ASN41690 (DAILYMOTION For peering related business, please mail peering@dailymotion.com, FR),
Reverse DNS: ebed2.dm.gg
Software: edward-ed/2.2.1 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: x-dm-eventbus-compression-duration,x-dm-eventbus-worker-duration
Access-Control-Request-Method: POST
Origin: https://www.dailymotion.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Access-Control-Allow-Headers: Content-Encoding, X-Dm-EventBus-Compression-Duration, X-Dm-EventBus-Worker-Duration
Access-Control-Allow-Methods: POST
Access-Control-Allow-Origin: *
Access-Control-Max-Age: 604800
Content-Length: 0
Date: Mon, 18 Apr 2022 17:14:11 GMT
Server: edward-ed/2.2.1

GET
H3 200 /
www.facebook.com/tr/ 44 B
91 B 20ms
9ms Image
image/gif 2a03:2880:f11c:8083:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=2890491554339416&ev=PageView&dl=https%3A%2F%2Fjournalmetro.com%2Fsociete%2Ftechno%2F2808007%2Fce-virus-se-deguise-en-une-application-populaire-pour-voler-les-acces-des-comptes-facebook-et-plus-encore%2F&rl=&if=false&ts=1650302051830&sw=1600&sh=1200&v=2.9.57&r=stable&ec=0&o=30&fbp=fb.1.1650302051462.880306955&it=1650302050951&coo=false&exp=p0&rqm=GET

Requested by

Host: journalmetro.com
URL: https://journalmetro.com/societe/techno/2808007/ce-virus-se-deguise-en-une-application-populaire-pour-voler-les-acces-des-comptes-facebook-et-plus-encore/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://journalmetro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 17:14:11 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
content-length: 44
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
priority: u=3,i
expires: Mon, 18 Apr 2022 17:14:11 GMT

GET
H2 200 tag Show response
pc178-7uxjk.ads.tremorhub.com/ad/ Frame E971 55 B
500 B 474ms
205ms XHR
application/json 2600:1f18:612b:4216:e715:23fc:28e9:ce6e
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://pc178-7uxjk.ads.tremorhub.com/ad/tag?adCode=pc178-kb7ve&playerWidth=603&playerHeight=338&playerPosition=3&srcPageUrl=https%3A%2F%2Fjournalmetro.com%2Fsociete%2Ftechno%2F2808007%2Fce-virus-se-deguise-en-une-application-populaire-pour-voler-les-acces-des-comptes-facebook-et-plus-encore%2F&gdpr=1&gdpr_consent=&custom=969&c2=fr-ca&floor=USD:6&us_privacy=&fmt=json
Requested by: Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:612b:4216:e715:23fc:28e9:ce6e Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: c3642dbf596840d01eae537203983f333f6fbfb82e7f02b283ce84b55a6bec3a

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://journalmetro.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Apr 2022 17:14:12 GMT
content-encoding: gzip
server: Apache-Coyote/1.1
vary: accept-encoding
p3p: CP='This is not a P3P policy. See https://telaria.com/privacy-policy/'
access-control-allow-origin: https://journalmetro.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-tremorvideo-status: NO_AD
content-type: application/json;charset=UTF-8

GET
H2 204 bid Show response
ads.freeskreen.com/ Frame E971 0
197 B 375ms
158ms XHR
text/plain 54.173.181.170
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.freeskreen.com/bid?pid=884&tid=37c7c38b-f6ad-4f00-996d-f42e71fb11ee&w=603&h=338&u=https%3A%2F%2Fjournalmetro.com%2Fsociete%2Ftechno%2F2808007%2Fce-virus-se-deguise-en-une-application-populaire-pour-voler-les-acces-des-comptes-facebook-et-plus-encore%2F&ip=217.64.151.31&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F100.0.4896.75%20Safari%2F537.36&g_co=SE&g_p=AB&g_ci=Stockholm&g_d=null&s_1=&s_2=&cid=969&sid=undefined&vid=298&did=4901&pf=600&ttm=1650302050667&eu_c=-1&eu_g=1&eu_ggl=0
Requested by: Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.173.181.170 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-173-181-170.compute-1.amazonaws.com
Software: Apache-Coyote/1.1 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/xml, text/xml, */*; q=0.01
Referer: https://journalmetro.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Apr 2022 17:14:12 GMT
server: Apache-Coyote/1.1
access-control-allow-methods: GET
access-control-allow-origin: https://journalmetro.com
cache-control: no-cache, no-store
access-control-allow-credentials: true
expires: -1

GET
H3 200 bridge3.510.1_en.html Show response
imasdk.googleapis.com/js/core/ Frame F627 631 KB
205 KB 6ms
6ms Document
text/html 2a00:1450:4001:80f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/core/bridge3.510.1_en.html

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dc89c933d5f3a060b6d6529c1f6748bbe87213a8aa11eca62361b67a2c39266b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://journalmetro.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 321926
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 209821
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
cross-origin-resource-policy: cross-origin
date: Thu, 14 Apr 2022 23:48:45 GMT
expires: Fri, 14 Apr 2023 23:48:45 GMT
last-modified: Thu, 14 Apr 2022 23:44:31 GMT
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 client.js Show response
s0.2mdn.net/instream/video/ 44 KB
16 KB 42ms
23ms Script
text/javascript 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/instream/video/client.js

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d0bffc7261df1454c5e05475cda7d9e6647318dc6c3936767e1252bfe8849c54

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://journalmetro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 17:14:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16746
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 18 Apr 2022 17:14:11 GMT

POST
H2 200 a..t3mi.t3mi.y3tqk.c.297.ppavc
rumble.com/l/ 35 B
191 B 136ms
136ms Ping
image/gif 169.44.97.2
SOFTLAYER

General

Check archive.org

Show headers Download Go to

Full URL

https://rumble.com/l/a..t3mi.t3mi.y3tqk.c.297.ppavc?p=2.3&r=97401025&ref=https%3A%2F%2Fjournalmetro.com%2Fsociete%2Ftechno%2F2808007%2Fce-virus-se-deguise-en-une-application-populaire-pour-voler-les-acces-des-comptes-facebook-et-plus-encore%2F&t=6&a=0&art=0&atype=0&et=387&gt=2

Requested by

Host: rumble.com
URL: https://rumble.com/j/p/ui.r2.js?_v=308

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

169.44.97.2 , United States, ASN36351 (SOFTLAYER, US),

Reverse DNS

2.61.2ca9.ip4.static.sl-reverse.com

Software

nginx /

Resource Hash

90252ef0aa9e3d36c861bbeaa1bd57b7f855333edf2957ab9473838a52e2dd7f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubDomains;preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://journalmetro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

access-control-allow-origin: *
pragma: no-cache
date: Mon, 18 Apr 2022 17:14:11 GMT
server: nginx
strict-transport-security: max-age=31536000;includeSubDomains;preload
log-code: 3
content-type: image/gif

POST
H2 200 a..t3mi.t3mi.y3tqk.c.297.ppavc
rumble.com/l/ 35 B
191 B 136ms
136ms Ping
image/gif 169.44.97.2
SOFTLAYER

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: rumble.com
URL: https://rumble.com/j/p/ui.r2.js?_v=308

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

169.44.97.2 , United States, ASN36351 (SOFTLAYER, US),

Reverse DNS

2.61.2ca9.ip4.static.sl-reverse.com

Software

nginx /

Resource Hash

90252ef0aa9e3d36c861bbeaa1bd57b7f855333edf2957ab9473838a52e2dd7f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubDomains;preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://journalmetro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

access-control-allow-origin: *
pragma: no-cache
date: Mon, 18 Apr 2022 17:14:11 GMT
server: nginx
strict-transport-security: max-age=31536000;includeSubDomains;preload
log-code: 3
content-type: image/gif

GET
H3 200 ga-audiences
www.google.com/ads/ 42 B
63 B 43ms
43ms Image
image/gif 2a00:1450:4001:827::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-44331619-1&cid=623847660.1650302051&jid=2038710232&_u=aEDAAEABAAAAAC~&z=541158739

Requested by

Host: journalmetro.com
URL: https://journalmetro.com/societe/techno/2808007/ce-virus-se-deguise-en-une-application-populaire-pour-voler-les-acces-des-comptes-facebook-et-plus-encore/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://journalmetro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Apr 2022 17:14:11 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ga-audiences
www.google.de/ads/ 42 B
63 B 45ms
45ms Image
image/gif 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-44331619-1&cid=623847660.1650302051&jid=2038710232&_u=aEDAAEABAAAAAC~&z=541158739

Requested by

Host: journalmetro.com
URL: https://journalmetro.com/societe/techno/2808007/ce-virus-se-deguise-en-une-application-populaire-pour-voler-les-acces-des-comptes-facebook-et-plus-encore/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://journalmetro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Apr 2022 17:14:11 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 omweb-v1.js Show response
pagead2.googlesyndication.com/omsdk/releases/live/ Frame 9E2D 37 KB
13 KB 24ms
9ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js

Requested by

Host: srcdoc
URL: about:srcdoc

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2511b147f3cf95f742758d3e2062eac98f5265a859dc07959eb8a32f0a2f528

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://journalmetro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 16:43:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1826
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12861
x-xss-protection: 0
last-modified: Tue, 26 Oct 2021 20:08:54 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="omsdk-team-release-policy"
vary: Accept-Encoding
report-to: {"group":"omsdk-team-release-policy","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/omsdk-team-release-policy"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Mon, 18 Apr 2022 17:43:45 GMT

POST
H3 200 / Show response
www.facebook.com/tr/ Frame D8A4 0
15 B 14ms
14ms Document
text/plain 2a03:2880:f11c:8083:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Requested by

Host: journalmetro.com
URL: https://journalmetro.com/societe/techno/2808007/ce-virus-se-deguise-en-une-application-populaire-pour-voler-les-acces-des-comptes-facebook-et-plus-encore/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Content-Type: application/x-www-form-urlencoded
Origin: https://journalmetro.com
Referer: https://journalmetro.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-origin: https://journalmetro.com
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 0
content-type: text/plain
cross-origin-resource-policy: cross-origin
date: Mon, 18 Apr 2022 17:14:12 GMT
priority: u=0
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains

GET
H/1.1 200
OK saq_pxl Show response
tags.srv.stackadapt.com/ 116 B
421 B 127ms
127ms XHR
text/plain 54.162.166.147
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/saq_pxl?uid=AhAx6KAnILG8TE6Q9LxAog&is_js=true&landing_url=https%3A%2F%2Fjournalmetro.com%2Fsociete%2Ftechno%2F2808007%2Fce-virus-se-deguise-en-une-application-populaire-pour-voler-les-acces-des-comptes-facebook-et-plus-encore%2F&t=Ce%20virus%20se%20d%C3%A9guise%20en%20une%20application%20populaire%20pour%20voler%20les%20acc%C3%A8s%20des%20comptes%20Facebook%20et%20plus%20encore&host=https://journalmetro.com&sa_conv_data_css_value=%20%220-32bd76c3-20f9-4c11-7ffb-992920e17ea5%22&sa_conv_data_image_value=ffd8ffe000104a46494600010101006000600000ffdb004300080606070605080707070909080a0c140d0c0b0b0c1912130f141d1a1f1e1d1a1c1c20242e2720222c231c1c2837292c30313434341f27393d38323c2e333432ffdb0043010909090c0b0c180d0d1832211c213232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232ffc00011080001000103012200021101031101ffc4001f0000010501010101010100000000000000000102030405060708090a0bffc400b5100002010303020403050504040000017d01020300041105122131410613516107227114328191a1082342b1c11552d1f02433627282090a161718191a25262728292a3435363738393a434445464748494a535455565758595a636465666768696a737475767778797a838485868788898a92939495969798999aa2a3a4a5a6a7a8a9aab2b3b4b5b6b7b8b9bac2c3c4c5c6c7c8c9cad2d3d4d5d6d7d8d9dae1e2e3e4e5e6e7e8e9eaf1f2f3f4f5f6f7f8f9faffc4001f0100030101010101010101010000000000000102030405060708090a0bffc400b51100020102040403040705040400010277000102031104052131061241510761711322328108144291a1b1c109233352f0156272d10a162434e125f11718191a262728292a35363738393a434445464748494a535455565758595a636465666768696a737475767778797a82838485868788898a92939495969798999aa2a3a4a5a6a7a8a9aab2b3b4b5b6b7b8b9bac2c3c4c5c6c7c8c9cad2d3d4d5d6d7d8d9dae2e3e4e5e6e7e8e9eaf2f3f4f5f6f7f8f9faffda000c03010002110311003f00f7fa28a2803fffd97099345b361046d75917d0e8b563f855d940971f
Requested by: Host: tags.srv.stackadapt.com
URL: https://tags.srv.stackadapt.com/events.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.162.166.147 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-162-166-147.compute-1.amazonaws.com
Software: /
Resource Hash: a8300141915346761bbbd4f763929c4e7acae044e9dfcf6713e8cff7ca211a13

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://journalmetro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Mon, 18 Apr 2022 17:14:12 GMT
Access-Control-Allow-Methods: GET
Content-Type: text/plain; charset=utf-8
Access-Control-Allow-Origin: https://journalmetro.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: *
Content-Length: 116

GET
H2 200 t.gif
sb.freeskreen.com/ Frame E971 43 B
413 B 39ms
39ms Image
image/gif 108.157.4.35
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sb.freeskreen.com/t.gif?tm=1650302052&p=884&c=969&s=undefined&d=4901&v=298&t=37c7c38b-f6ad-4f00-996d-f42e71fb11ee&co=SE&pr=AB&ci=Stockholm&dm=null&flc=&slc=&ttm=1650302050667&gdpr=1&gdpr_consent=-1&e=VastRequest&m=1&x=https%3A%2F%2Fads.freeskreen.com%2Fbid%3Fpid%3D884%26tid%3D37c7c38b-f6ad-4f00-996d-f42e71fb11ee%26w%3D603%26h%3D338%26u%3Dhttps%253A%252F%252Fjournalmetro.com%252Fsociete%252Ftechno%252F2808007%252Fce-virus-se-deguise-en-une-application-populaire-pour-voler-les-acces-des-comptes-facebook-et-plus-encore%252F%26ip%3D217.64.151.31%26ua%3DMozilla%252F5.0%2520(Windows%2520NT%252010.0%253B%2520Win64%253B%2520x64)%2520AppleWebKit%252F537.36%2520(KHTML%252C%2520like%2520Gecko)%2520Chrome%252F100.0.4896.75%2520Safari%252F537.36%26g_co%3DSE%26g_p%3DAB%26g_ci%3DStockholm%26g_d%3Dnull%26s_1%3D%26s_2%3D%26cid%3D969%26sid%3Dundefined%26vid%3D298%26did%3D4901%26pf%3D600%26ttm%3D1650302050667%26eu_c%3D-1%26eu_g%3D1%26eu_ggl%3D0
Requested by: Host: journalmetro.com
URL: https://journalmetro.com/societe/techno/2808007/ce-virus-se-deguise-en-une-application-populaire-pour-voler-les-acces-des-comptes-facebook-et-plus-encore/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.157.4.35 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-157-4-35.dus51.r.cloudfront.net
Software: Apache/2.4.29 (Ubuntu) /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://journalmetro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Apr 2022 17:14:12 GMT
via: 1.1 6d98bef126a4247ea75e1c5621ccd3fc.cloudfront.net (CloudFront)
server: Apache/2.4.29 (Ubuntu)
x-amz-cf-pop: DUS51-P2
x-cache: Miss from cloudfront
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI INT DEM STA PRE COM NAV NOI DSP COR"
cache-control: no-cache, no-store
content-type: image/gif
content-length: 43
x-amz-cf-id: ydKL0tJpXG94GOYcdFTZtqL79a3vwlQiCHYuJwXtzwkkpuQE43TX0g==
expires: -1

GET
H2 200 t.gif
sb.freeskreen.com/ Frame E971 43 B
412 B 38ms
38ms Image
image/gif 108.157.4.35
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sb.freeskreen.com/t.gif?tm=1650302052&p=884&c=969&s=undefined&d=4901&v=298&t=37c7c38b-f6ad-4f00-996d-f42e71fb11ee&co=SE&pr=AB&ci=Stockholm&dm=null&flc=&slc=&ttm=1650302050667&gdpr=1&gdpr_consent=-1&e=VastEmpty&m=1&x=
Requested by: Host: journalmetro.com
URL: https://journalmetro.com/societe/techno/2808007/ce-virus-se-deguise-en-une-application-populaire-pour-voler-les-acces-des-comptes-facebook-et-plus-encore/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.157.4.35 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-157-4-35.dus51.r.cloudfront.net
Software: Apache/2.4.29 (Ubuntu) /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://journalmetro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Apr 2022 17:14:12 GMT
via: 1.1 6d98bef126a4247ea75e1c5621ccd3fc.cloudfront.net (CloudFront)
server: Apache/2.4.29 (Ubuntu)
x-amz-cf-pop: DUS51-P2
x-cache: Miss from cloudfront
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI INT DEM STA PRE COM NAV NOI DSP COR"
cache-control: no-cache, no-store
content-type: image/gif
content-length: 43
x-amz-cf-id: AdMq6eDcdimBu9e9AX6QPtJpqWueBukLMgYpmBwJNKmhx8EKwjFq4Q==
expires: -1

GET
H2 200 t.gif
sb.freeskreen.com/ Frame E971 43 B
412 B 33ms
32ms Image
image/gif 108.157.4.35
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sb.freeskreen.com/t.gif?tm=1650302052&p=884&c=969&s=undefined&d=323342&v=9316&t=37c7c38b-f6ad-4f00-996d-f42e71fb11ee&co=SE&pr=AB&ci=Stockholm&dm=null&flc=&slc=&ttm=1650302050667&gdpr=1&gdpr_consent=-1&e=VastRequest&m=1&x=https%3A%2F%2Fpc178-7uxjk.ads.tremorhub.com%2Fad%2Ftag%3FadCode%3Dpc178-kb7ve%26playerWidth%3D603%26playerHeight%3D338%26playerPosition%3D3%26srcPageUrl%3Dhttps%253A%252F%252Fjournalmetro.com%252Fsociete%252Ftechno%252F2808007%252Fce-virus-se-deguise-en-une-application-populaire-pour-voler-les-acces-des-comptes-facebook-et-plus-encore%252F%26gdpr%3D1%26gdpr_consent%3D%26custom%3D969%26c2%3Dfr-ca%26floor%3DUSD%3A6%26us_privacy%3D%26fmt%3Djson
Requested by: Host: journalmetro.com
URL: https://journalmetro.com/societe/techno/2808007/ce-virus-se-deguise-en-une-application-populaire-pour-voler-les-acces-des-comptes-facebook-et-plus-encore/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.157.4.35 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-157-4-35.dus51.r.cloudfront.net
Software: Apache/2.4.29 (Ubuntu) /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://journalmetro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Apr 2022 17:14:12 GMT
via: 1.1 6d98bef126a4247ea75e1c5621ccd3fc.cloudfront.net (CloudFront)
server: Apache/2.4.29 (Ubuntu)
x-amz-cf-pop: DUS51-P2
x-cache: Miss from cloudfront
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI INT DEM STA PRE COM NAV NOI DSP COR"
cache-control: no-cache, no-store
content-type: image/gif
content-length: 43
x-amz-cf-id: Ld4R9xGCpRIj2i35RIX82UT4gjUgpQy3hocFGxgnsCOQXkwSQ32b-g==
expires: -1

GET
H2 200 t.gif
sb.freeskreen.com/ Frame E971 43 B
412 B 33ms
33ms Image
image/gif 108.157.4.35
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sb.freeskreen.com/t.gif?tm=1650302052&p=884&c=969&s=undefined&d=&v=&t=37c7c38b-f6ad-4f00-996d-f42e71fb11ee&co=SE&pr=AB&ci=Stockholm&dm=null&flc=&slc=&ttm=1650302050667&gdpr=1&gdpr_consent=-1&e=VideoError&m=1&x=ErrorNoPlayableAd
Requested by: Host: journalmetro.com
URL: https://journalmetro.com/societe/techno/2808007/ce-virus-se-deguise-en-une-application-populaire-pour-voler-les-acces-des-comptes-facebook-et-plus-encore/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.157.4.35 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-157-4-35.dus51.r.cloudfront.net
Software: Apache/2.4.29 (Ubuntu) /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://journalmetro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Apr 2022 17:14:12 GMT
via: 1.1 6d98bef126a4247ea75e1c5621ccd3fc.cloudfront.net (CloudFront)
server: Apache/2.4.29 (Ubuntu)
x-amz-cf-pop: DUS51-P2
x-cache: Miss from cloudfront
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI INT DEM STA PRE COM NAV NOI DSP COR"
cache-control: no-cache, no-store
content-type: image/gif
content-length: 43
x-amz-cf-id: PmG7s9JysUHAu5KZLfCw9QIFRskiyA_7DPL2kn4cu9xZogG4ihWN2A==
expires: -1

POST
H3 200 / Show response
www.facebook.com/tr/ Frame 228B 0
15 B 10ms
10ms Document
text/plain 2a03:2880:f11c:8083:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Requested by

Host: journalmetro.com
URL: https://journalmetro.com/societe/techno/2808007/ce-virus-se-deguise-en-une-application-populaire-pour-voler-les-acces-des-comptes-facebook-et-plus-encore/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Content-Type: application/x-www-form-urlencoded
Origin: https://journalmetro.com
Referer: https://journalmetro.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-origin: https://journalmetro.com
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 0
content-type: text/plain
cross-origin-resource-policy: cross-origin
date: Mon, 18 Apr 2022 17:14:12 GMT
priority: u=0
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains

GET
H2 200 t.gif
sb.freeskreen.com/ 43 B
411 B 33ms
33ms Image
image/gif 108.157.4.35
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sb.freeskreen.com/t.gif?tm=1650302051&p=884&c=969&s=undefined&d=&v=&t=37c7c38b-f6ad-4f00-996d-f42e71fb11ee&co=SE&pr=AB&ci=Stockholm&dm=null&flc=&slc=&ttm=1650302050667&gdpr=1&gdpr_consent=-1&e=PassbackImpression_2588&m=2&x=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.157.4.35 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-157-4-35.dus51.r.cloudfront.net
Software: Apache/2.4.29 (Ubuntu) /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://journalmetro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Apr 2022 17:14:12 GMT
via: 1.1 6d98bef126a4247ea75e1c5621ccd3fc.cloudfront.net (CloudFront)
server: Apache/2.4.29 (Ubuntu)
x-amz-cf-pop: DUS51-P2
x-cache: Miss from cloudfront
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI INT DEM STA PRE COM NAV NOI DSP COR"
cache-control: no-cache, no-store
content-type: image/gif
content-length: 43
x-amz-cf-id: ALoJBsO-3ysUKdvAnAcU-s0awGi4xeem-qw9CXsrJMaEnv0JMgcrDA==
expires: -1

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ Frame 1225 83 KB
29 KB 38ms
15ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: sb.freeskreen.com
URL: https://sb.freeskreen.com/publisher/script.js?bai=178&ut=&uts=&flc=&slc=&windowlocation=https%3A%2F%2Fjournalmetro.com%2Fsociete%2Ftechno%2F2808007%2Fce-virus-se-deguise-en-une-application-populaire-pour-voler-les-acces-des-comptes-facebook-et-plus-encore%2F&usp=&gdpr=-1&cs=-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d6447b819f1671061eaef6eb9a388b162c8714aed75720e7e4a579f738e30cb6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://journalmetro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 17:14:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28592
x-xss-protection: 0
server: sffe
etag: "1190 / 443 of 1000 / last-modified: 1650280021"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Mon, 18 Apr 2022 17:14:12 GMT

GET
H3 200 pubads_impl_2022041201.js Show response
securepubads.g.doubleclick.net/gpt/ Frame 1225 369 KB
125 KB 7ms
7ms Script
text/javascript 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022041201.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

sffe /

Resource Hash

ae1662349ff25bf23f2d8c4d4affd74d2531892eac8dabfd7a05d80459c36583

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://journalmetro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 16:00:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 4406
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 127945
x-xss-protection: 0
last-modified: Tue, 12 Apr 2022 08:36:14 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Tue, 18 Apr 2023 16:00:46 GMT

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame 7067 15 KB
6 KB 29ms
29ms Document
text/html 184.87.212.214
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&SPug=true&p=158606&s=2565852&predirect=https%3A%2F%2Fpubmlisher.com%2FcookieSyncEndPoint%3Fpubmatic_uid%3D(PM_UID)&userIdMacro=(PM_UID)&gdpr_consent=ABCFETYFDJLNBFCV&gdpr=1&us_privacy=&
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/userSync.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.87.212.214 Milan, Italy, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-87-212-214.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152

Request headers

Referer: https://journalmetro.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
cache-control: max-age=80970
content-encoding: gzip
content-length: 5549
content-type: text/html; charset=UTF-8
date: Mon, 18 Apr 2022 17:14:12 GMT
etag: "1300708-3de4-5d6ef246ef4cf"
expires: Tue, 19 Apr 2022 15:43:42 GMT
last-modified: Tue, 01 Feb 2022 06:38:00 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: Apache/2.2.15 (CentOS)
vary: Accept-Encoding

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ Frame 1225 107 B
792 B 44ms
17ms Script
application/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=journalmetro.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022041201.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://journalmetro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 18 Apr 2022 17:14:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ Frame 1225 107 B
549 B 43ms
17ms Script
application/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=journalmetro.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022041201.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://journalmetro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 18 Apr 2022 17:14:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 1225 440 B
268 B 274ms
273ms XHR
text/plain 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3156576935646665&correlator=212051876851217&eid=31067071&output=ldjh&gdfp_req=1&vrg=2022041201&ptt=17&impl=fif&iu_parts=21658289790%3A22389335471%2Cjournalmetro%2Cslimcut_banner&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=300x250&ifi=1&adks=283820775&sfv=1-0-38&ecs=20220418&fsapi=false&eri=2&sc=1&cookie_enabled=1&cdm=journalmetro.com&abxe=1&dt=1650302052551&lmt=1650302052&dlt=1650302052421&idt=109&biw=1600&bih=1200&isw=300&ish=250&adxs=478&adys=1938&ucis=4goxnxt17c61&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&nhd=1&url=https%3A%2F%2Fjournalmetro.com%2Fsociete%2Ftechno%2F2808007%2Fce-virus-se-deguise-en-une-application-populaire-pour-voler-les-acces-des-comptes-facebook-et-plus-encore%2F&top=https%3A%2F%2Fjournalmetro.com%2Fsociete%2Ftechno%2F2808007%2Fce-virus-se-deguise-en-une-application-populaire-pour-voler-les-acces-des-comptes-facebook-et-plus-encore%2F&frm=23&vis=1&scr_x=0&scr_y=0&psz=300x250&msz=300x0&fws=256&ohw=0&ea=0&ga_vid=623847660.1650302051&ga_sid=1650302053&ga_hid=2093762522&ga_fc=true&btvi=1&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022041201.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

f1a622aef71601184996a07ea6f82376bbf4886b32a7e8bd0ebc4e5961431653

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://journalmetro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 17:14:12 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 237
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://journalmetro.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
024be88163f6450705310453a11d0d1d.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame D1F0 6 KB
4 KB 95ms
14ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://024be88163f6450705310453a11d0d1d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022041201.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://journalmetro.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 18 Apr 2022 17:14:12 GMT
expires: Tue, 18 Apr 2023 17:14:12 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 PugMaster Show response
image6.pubmatic.com/AdServer/ Frame 7067 0
42 B 303ms
13ms Script
text/plain 198.47.127.19
GTT-BACKBONE GTT

General

Check archive.org

Show headers Download Go to

Full URL: https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=87510991&p=158606&s=2565852&a=0&ptask=ALL&np=0&fp=0&rp=0&mpc=0&spug=1&coppa=0&gdpr=1&gdpr_consent=ABCFETYFDJLNBFCV&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&SPug=true&p=158606&s=2565852&predirect=https%3A%2F%2Fpubmlisher.com%2FcookieSyncEndPoint%3Fpubmatic_uid%3D(PM_UID)&userIdMacro=(PM_UID)&gdpr_consent=ABCFETYFDJLNBFCV&gdpr=1&us_privacy=&
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 198.47.127.19 , United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 17:14:12 GMT
content-length: 0

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 1225 14 KB
11 KB 45ms
30ms XHR
application/json 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022041201&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022041201.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5a8d4b11103c7db43dc934891235109375d7da8e2a9f21dd8949f730383fa69c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://journalmetro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 18 Apr 2022 17:14:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10841
x-xss-protection: 0

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 1225 17 KB
7 KB 42ms
19ms Script
text/javascript 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022041201.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://journalmetro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 17:14:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 18 Apr 2022 17:14:12 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 816A 13 KB
5 KB 23ms
6ms Document
text/html 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://journalmetro.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 4147
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 18 Apr 2022 16:05:05 GMT
expires: Tue, 18 Apr 2023 16:05:05 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 6B8B 783 B
534 B 16ms
16ms Document
text/html 2a00:1450:4001:827::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

7ab60989aa9015f60163776a747d67c0c949c2eba4e715d9cddf7d514a8424f8

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-T4rYmcWiRyq2ybU7igJvLg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://journalmetro.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=300
content-encoding: gzip
content-length: 512
content-security-policy: script-src 'report-sample' 'nonce-T4rYmcWiRyq2ybU7igJvLg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Mon, 18 Apr 2022 17:14:12 GMT
expires: Mon, 18 Apr 2022 17:14:12 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 6B8B 0
0 71ms
71ms Image
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022041201&jk=3156576935646665&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

GET
H3 200 iDHsPPU-w9vlnufKSHbr26QNWWZn22uKUKQjwtrxHns.js Show response
pagead2.googlesyndication.com/bg/ Frame 816A 35 KB
13 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/iDHsPPU-w9vlnufKSHbr26QNWWZn22uKUKQjwtrxHns.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8831ec3cf53ec3dbe59ee7ca4876ebdba40d596667db6b8a50a423c2daf11e7b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 15:41:17 GMT
content-encoding: br
x-content-type-options: nosniff
age: 5575
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13566
x-xss-protection: 0
last-modified: Mon, 11 Apr 2022 15:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 18 Apr 2023 15:41:17 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 816A 0
9 B 8ms
8ms Image
text/plain 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?zpXLGA
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 17:14:12 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 1225 0
0 50ms
50ms Image
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_2022041201&jk=3156576935646665&bg=!CgmlCU3NAAZvJBiFTyQ7ACkAdvg8Wil7r6yRQueUW3YyahFmqFOzJec6ZEyCITm5RGudRnLpq9jK3wIAAABhUgAAAANoAQeZArPnqsQg7FoVOcjg897JvxPAW0vDIdN4WObUnuEKbVdBwWuhv-4Ww9ta-0-4_7P9AxVXEwiry6U1m62wdVGwlSCTH_fVnCmSSZc0b-9AJzwX2B6hKqtWIAH5eG7lHOktXLKt5skUk2hKJ56W6u3fL1wIk-HxJPLukvDZJCPhkDq4cqnERqwX0AE-MCp0cuYlBjWqrYi6gaQEZBfHKJ1WSPheGhdMhOjjWwRgOxu3eoavaNgyn09q5jP7FDeJWP-_rZcPTDe9eDlLBcU6temXI4KS_pULcSZdO5EzQxze9tg5hwDLN0-5IbmWOR8N2P-dx_i6Jl5EBJ5UkRfhOwQ2YOZ775lFBeuWlco0U6DJ-WNksNAMFdd_ofsuiHdW2qdQM4Dk8tiill8nBiqCkLyHeCMoF4681bLPOB9BlhLhfjFsAVpa_LVcMFnv0XTSa1p21AK_9v3FDELyYGXS4AFlIwPlD03Qc2tC1ELiL22SW8Z8LCyDpHA71HA0Zy-LzGjSCWs-7cmk5hp9_hD-IBi8n5RjN-ipLClnVbohQjM1Ju1eE5ge-lfZkqHCruSqdK2KfJ0tFKCk7of3-5yHYDPnHarUU2PtEe8k51kCPMrE4z_A1-vEKoC-NxUt9G-iilVPkhfGOlCMbCfY1uY7RWZQHAxacN0pR1O_e9E4FETN6vyjoPhoiMOOis-HH9NSgTxCuCTuOfFJJB6_UQQWfRd385ndzDKd1hwWNFm4UzROSkFcyFFAPmnyAMmrw6kNRSar6V0Vt_HWKFoGDFkb5WSWGw6delws5u45YPFfC-leQPthg21FphmR0bePw1BjxoHqMmu4ul3kU7L3HwWDai1N3pZ1lZBycvjOff1qeW2z1GD5J8pmYyPq6xWKQYJ6nxjwEPBDGbuzxiCwLTE8EN0aWRTvfOJH
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://journalmetro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

POST
H/1.1 200
OK / Show response
pebed.dm-event.net/ Frame A741 15 B
363 B 20ms
20ms XHR
application/json 188.65.124.59
DAILYMOTION For p...

General

Check archive.org

Show headers Download Go to

Full URL: https://pebed.dm-event.net/
Requested by: Host: static1.dmcdn.net
URL: https://static1.dmcdn.net/playerv5/dmp.vendor.db7831ef505449d77ad2.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 188.65.124.59 , France, ASN41690 (DAILYMOTION For peering related business, please mail peering@dailymotion.com, FR),
Reverse DNS: ebed2.dm.gg
Software: edward-ed/2.2.1 /
Resource Hash: a29ee2b15c494311c52521766e44af56a3ad2248e7a8ab465e5206463c13d288

Request headers

Accept: application/json, text/plain, */*
X-Dm-EventBus-Worker-Duration: 0
Referer: https://www.dailymotion.com/
accept-language: de-DE,de;q=0.9
X-Dm-EventBus-Compression-Duration: 0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type: text/plain; charset=UTF-8

Response headers

Date: Mon, 18 Apr 2022 17:14:16 GMT
Server: edward-ed/2.2.1
Access-Control-Max-Age: 604800
Access-Control-Allow-Methods: POST
Content-Type: application/json
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Content-Encoding, X-Dm-EventBus-Compression-Duration, X-Dm-EventBus-Worker-Duration
Content-Length: 15

OPTIONS
H/1.1 200
OK /
pebed.dm-event.net/ Frame 0
0 18ms
18ms Preflight 188.65.124.59
DAILYMOTION For p...

General

Check archive.org

Show headers Download Go to

Full URL: https://pebed.dm-event.net/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 188.65.124.59 , France, ASN41690 (DAILYMOTION For peering related business, please mail peering@dailymotion.com, FR),
Reverse DNS: ebed2.dm.gg
Software: edward-ed/2.2.1 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: x-dm-eventbus-compression-duration,x-dm-eventbus-worker-duration
Access-Control-Request-Method: POST
Origin: https://www.dailymotion.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Access-Control-Allow-Headers: Content-Encoding, X-Dm-EventBus-Compression-Duration, X-Dm-EventBus-Worker-Duration
Access-Control-Allow-Methods: POST
Access-Control-Allow-Origin: *
Access-Control-Max-Age: 604800
Content-Length: 0
Date: Mon, 18 Apr 2022 17:14:16 GMT
Server: edward-ed/2.2.1

Verdicts & Comments Add Verdict or Comment

166 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

25 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
journalmetro.com/societe/techno/2808007/ce-virus-se-deguise-en-une-application-populaire-pour-voler-les-acces-des-comptes-facebook-et-plus-encore	1969-12-31 23:59:59	Name: ntvSession Value: {}
.freeskreen.com/	1970-01-20 02:35:06	Name: a Value: "OTY5PTF8fDs="
.journalmetro.com/	1970-01-20 02:25:03	Name: _parsely_session Value: {%22sid%22:1%2C%22surl%22:%22https://journalmetro.com/societe/techno/2808007/ce-virus-se-deguise-en-une-application-populaire-pour-voler-les-acces-des-comptes-facebook-et-plus-encore/%22%2C%22sref%22:%22%22%2C%22sts%22:1650302050751%2C%22slts%22:0}
.journalmetro.com/	1970-01-20 11:54:26	Name: _parsely_visitor Value: {%22id%22:%22pid=543764ca1d38c246dc747042be443d8e%22%2C%22session_count%22:1%2C%22last_session_ts%22:1650302050751}
journalmetro.com/	1970-01-20 02:25:02	Name: m32_pubgeo Value: JTdCJTIyaXAlMjIlM0ElMjIyMTcuNjQuMTUxLjMxJTIyJTJDJTIyY291bnRyeV9jb2RlJTIyJTNBJTIyU0UlMjIlMkMlMjJjb3VudHJ5X25hbWUlMjIlM0ElMjJTY2h3ZWRlbiUyMiUyQyUyMnJlZ2lvbl9jb2RlJTIyJTNBJTIyJTIyJTJDJTIycmVnaW9uX25hbWUlMjIlM0ElMjIlMjIlMkMlMjJjaXR5JTIyJTNBJTIyJTIyJTJDJTIydGltZV96b25lJTIyJTNBJTIyRXVyb3BlJTJGU3RvY2tob2xtJTIyJTJDJTIybGF0aXR1ZGUlMjIlM0E1OS4zMjQ3JTJDJTIybG9uZ2l0dWRlJTIyJTNBMTguMDU2JTJDJTIybWV0cm9fY29kZSUyMiUzQTAlMkMlMjJwb3N0YWxfY29kZSUyMiUzQSUyMiUyMiU3RA==
.journalmetro.com/	1970-01-20 04:34:38	Name: _gcl_au Value: 1.1.1609152212.1650302051
.dailymotion.com/	1970-01-20 11:53:50	Name: v1st Value: 3604C56942CBCBDCF06B40923EACD54A
.dailymotion.com/	1969-12-31 23:59:59	Name: dmvk Value: 625d9c62c6421
.dailymotion.com/	1970-01-20 11:53:50	Name: ts Value: 257716
.adnxs.com/	1970-01-20 04:34:38	Name: uuid2 Value: 5069179552826081518
.journalmetro.com/	1970-01-20 19:56:14	Name: _ga Value: GA1.2.623847660.1650302051
.journalmetro.com/	1970-01-20 02:26:28	Name: _gid Value: GA1.2.984464754.1650302051
.journalmetro.com/	1970-01-20 02:25:02	Name: _gat_UA-132922227-1 Value: 1
.adnxs.com/	1970-01-20 04:34:38	Name: anj Value: dTM7k!M4/8CxrEQF']wIg2E?ao0zq0!]tbP6j2F-XstGt!@E!?$zlr+
.postrelease.com/	1970-01-20 11:10:38	Name: opt_out Value: 1
.admanmedia.com/	1970-01-20 11:10:38	Name: admtr Value: bfc99c36fadfda24531a5080f31c4f26dfcb78af
tags.srv.stackadapt.com/	1970-01-20 11:10:38	Name: sa-user-id Value: s%3A0-32bd76c3-20f9-4c11-7ffb-992920e17ea5.fHv1nNyUCAK99Szjxn4ABG5B8676N9SvmLpT%2Fla5p7I
.srv.stackadapt.com/	1970-01-20 11:10:38	Name: sa-user-id-v2 Value: s%3AMr12wyD5TBF_-5kpIOF-pdlAlx8.VpTRegQFIV0HTYde7XoAv%2Bby87UqxEQVQqg1F996B2U
.dailymotion.com/	1970-01-20 11:53:50	Name: usprivacy Value: 1---
.journalmetro.com/	1970-01-20 04:34:38	Name: _fbp Value: fb.1.1650302051462.880306955
.facebook.com/	1970-01-20 04:34:38	Name: fr Value: 0CFu9jebEPjRn6vL2..BiXZxj...1.0.BiXZxj.
.freeskreen.com/	1970-01-20 02:35:06	Name: scmtid Value: c2NtaWQ9Y2RnYWZhY2FkYWZnYkhuYzBIcHJYMEd8MTY1MDMwMjA1MDYzMiZhY2lkPSU3QiUyNFVJRCU3RHwxNjUwMzAyMDUxNDg1
.journalmetro.com/	1970-01-20 02:25:02	Name: _gat_rumble Value: 1
.doubleclick.net/	1970-01-20 11:46:38	Name: IDE Value: AHWqTUlthIzd_qEHCLCfjRTGCojCD3A-iyDjo0K3As_Pq8jFElbZd1ua34gRD5iPcPw
.journalmetro.com/	1970-01-20 11:46:38	Name: __gads Value: ID=799bd8e3fe8fe755:T=1650302052:S=ALNI_MYYeSV4yvXmIYaO04Xm-cVisKIUiA

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://journalmetro.com/wp-content/themes/metronews/assets/js/app.min.js?ver=1.1.2 Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://s2.dmcdn.net/w/85aTP1YM4GGKJtO8x Message: Failed to load resource: the server responded with a status of 404 ()
javascript	warning	URL: https://www.dailymotion.com/embed/video/x89xs1h?autoPlay=0&mute=0 Message: The resource https://imasdk.googleapis.com/js/sdkloader/ima3.js was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

024be88163f6450705310453a11d0d1d.safeframe.googlesyndication.com
ads.freeskreen.com
ads.pubmatic.com
adservice.google.com
adservice.google.de
ajax.googleapis.com
api.dmcdn.net
c.amazon-adsystem.com
cdn.parsely.com
connect.facebook.net
cs.admanmedia.com
dmxleo.dailymotion.com
eus.rubiconproject.com
geoloc.m32.media
googleads.g.doubleclick.net
image6.pubmatic.com
imasdk.googleapis.com
jadserve.postrelease.com
journalmetro.com
loadeu.exelator.com
p.typekit.net
p1.parsely.com
pagead2.googlesyndication.com
pc178-7uxjk.ads.tremorhub.com
pebed.dm-event.net
pixel-us-west.rubiconproject.com
pixel.wp.com
rdc.m32.media
rumble.com
s.ntv.io
s0.2mdn.net
s2.dmcdn.net
sb.freeskreen.com
scm.publishers.tremorhub.com
secure-assets.rubiconproject.com
secure.adnxs.com
securepubads.g.doubleclick.net
sp.rmbl.ws
speedtest.dailymotion.com
static.freeskreen.com
static1.dmcdn.net
stats.g.doubleclick.net
stats.wp.com
sync.smartadserver.com
tags.srv.stackadapt.com
token.rubiconproject.com
tpc.googlesyndication.com
use.typekit.net
vendorlist.dmcdn.net
ww1772.smartadserver.com
www.dailymotion.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
104.89.20.125
104.92.74.8
108.157.4.35
142.250.184.194
142.250.186.98
151.139.128.11
169.44.97.2
178.79.242.16
184.87.212.214
184.87.213.83
185.86.137.110
185.86.137.17
188.65.124.38
188.65.124.59
188.65.124.90
188.65.124.91
192.0.66.2
192.0.76.3
198.47.127.19
2600:1f18:612b:4200:ada2:2974:cd33:9395
2600:1f18:612b:4216:e715:23fc:28e9:ce6e
2a00:1450:4001:800::2002
2a00:1450:4001:800::200e
2a00:1450:4001:808::2002
2a00:1450:4001:80e::2002
2a00:1450:4001:80e::2003
2a00:1450:4001:80e::2006
2a00:1450:4001:80f::200a
2a00:1450:4001:810::2001
2a00:1450:4001:812::2003
2a00:1450:4001:827::2004
2a00:1450:4001:829::2008
2a00:1450:4001:82a::2001
2a00:1450:4001:82a::2002
2a00:1450:4001:82f::200a
2a00:1450:400c:c0b::9a
2a02:26f0:3500:7::17d8:4dc7
2a02:26f0:3500:7::17d8:4dd1
2a03:2880:f01c:216:face:b00c:0:3
2a03:2880:f11c:8083:face:b00c:0:25de
34.194.161.83
34.254.143.3
35.227.201.248
35.227.246.163
37.252.172.37
52.8.117.187
54.162.166.147
54.173.181.170
65.9.61.60
65.9.66.173
69.173.144.139
8.2.111.137
8.39.36.142
92.123.225.34
99.86.7.67
00f7d628d0c49b1b0d512c3c56d16cc8d0ac222e7437efea750b584083c053dd
0106fbb66851b93fe594733be1ce4bcaebc88e531df5e4430813f3f0e565be44
04eb2fd3fb1d42fd294e2f617da3a1dd8447760c814922ad1a9bee57c0a5be97
069f695140cae015bfd9f54836c257da65969097a565500f49adb1a262ae6719
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
0706446ba6d3f592986a55aed2e5d3015d5c182520a9d055c18d8b862ed8802c
078a18d2ed7a3667cab0a5c2a8dd63bfae808ab83199bf22aa0d56d8a1e9eb58
086f1c868f8f769ef0039b238b415fc3c46d97e342309dc8c61cefb40868212e
0fc945ab1a7298bdf377d557f8eed188ce3003b61a39a35c77f6b718c37cab9a
10bf65bff01b778a325c94d5cf30cd289a798b50a19830bfda75ef7b7c9388e9
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
1909b2a83fd41494d94862c4323944d9d0aa1f1e653f252ea5a73fc5944308b0
19760ec5e87fdd96ed03c57bbb684e623784b308012f884f8bda3d7058d672f7
1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb
2121f1f092f074767f55c00e5cb24adf3631e9a79fd6c72f80496cc4806d064c
2741a285d8be99ca5f4913b048d4eaccf0aa7e3b1df03649ae925cb0918ec7d9
2767df6736abef725fe8b1e39307f402dc27a7c8341f9354a8c1b883dcc563dc
27c37eaaa6345fcb63b3f342c9ee650622a994e90c45c50277fc2466d1be6f0b
2854593eaa0199ac3ff2651097c0cb427149deb643e250d398b0d74b4dbea041
2fa2420e3319e3f55a0a81f029343c7d77499b632f3529db1b65b2de2e3d8d51
3055597f43adef2648996efac659bd63f616b0d1937f6e774ae3ac8fe35fb195
30b6e85cb864024d05a4778952ea29bc0612dc2f73e68354ae9ac3375eab7132
31ace63fa339896dc045f21da77b1ffdc57160e2db5690b132766b0086d6f58e
33243e2dc91924de3cdddc069aa4bf1071df38251cff4e8ff65e0e9c05f85c7b
36b1e1e2216f868764bddd51fd6b566062777491dfefc1027f0b4540b95038ce
3b3bfa83d0748f840ad71399c512fe13ca4eec39b959efd0efea9eade4e20421
3d2c10cf69410c10177fc6e56937d05151b182841fa6aee36f651d587d91fbb8
3e9764e9888defe2684000706198d1bd1503714d5511a95a24894c34f93a26a8
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390
40c8a0bb734205d3c9a8f4b9ae5443cac27a825240b98128175664b3ced8eaa8
464b561ee00c86db1cddb80f2c9d6febbc2c1aa95f422fa73a4fb8ef7d5d5028
48314bca6a877c6ca70c34c4bd60020b3074cc017979239086489a16d1cee26b
492abbc30ace41332a8f68b7f34f56333a037aebac34e0bc9b9cedb0d1c3b032
49566600bfa0cd1a7804582e0cb5da0f8abaad1c19cba621fb698d5536f0d4ca
4af5765b7587881ef567c23d0aa9fcdbeff09e3354473ed56eca490f4df5ca30
4b1f9a40e0f37b81af389727d57b49ab571b49f7d79850252a6d103b80475c33
4bee99b4a53e7882d94714c07932776e4b4fdc56e53df4c09cd3b82baae52f96
4ebe94afc2bfe14af3f9429a6a5477c4348901773d4bc0bb9aac2a8f2d4419a5
518c6914d11db0af6748292e85c75661a0db4c1508c6b1c1e904cf1f1fb047f9
5453b13d69534fd0173fb59ce08bb8698bccd357761a0fba3536ee417c8a2b1d
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
5a49ffdeec0e61058ab6cdd783275b84a2c27a7a26b95a644f7764a78b510a7a
5a8d4b11103c7db43dc934891235109375d7da8e2a9f21dd8949f730383fa69c
5ec8847c40ba5d2d194d72cf8d2a23aeaf1a9ef6af611029fd88d677d4106c77
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
638d2f5ba5cf501a58131a42efe30aa2c2154904b0654a517cce4baeef308022
70b0ba2e905ee3b5306c214e775d7385503f3c10fe8ecf365fbfbccd36f0504b
70e7e12ac01b3686f7e55ae850a59f850c846b992235b01275f967708b399f67
72b2181e58d5c45800d66d36702794ca5ae5bf1fbc20f106442b7eac3191a623
7305039b6ff2a6f824348a2ccf813763eed339b9878e64116269c21196cbde45
74e66c6fffa12e9f5637a8c5e46aae8afe022b8ae19370d7bd0a9fb4dc5ed7fa
754a601471ecfb7f0ec3dba987d0618258159f1a798f3b146bdf2f0f07f46ab1
75839e3ea0cd949a33dc21dd8b0931f396829fea8e0e3148b576b1228f40e469
7710a0b3f4d6131a3395b49dd602b855b020a3a382349d29917c865607ab4912
77545f18cd0ede257cff7c58498d4bb0a83005a9c77d0c68bfebe64a1237a384
7a41da1f7e70ad9aa4d7772e6cb239e50ecf944808eb73e6de07cdb92c2552c6
7ab60989aa9015f60163776a747d67c0c949c2eba4e715d9cddf7d514a8424f8
82d0aae1e7b8cfc0574d6548d1f35096f5e4310321aa964ff3fdb46c4d12e302
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
8831ec3cf53ec3dbe59ee7ca4876ebdba40d596667db6b8a50a423c2daf11e7b
8a5fd6f02721d00363758b74caac13b46e66d15f66528cc3ba4a02f3218add1f
8f054d2ca2fb334a22cfd81be44d3da656c455de06c79759c655a285f0c4b685
9011ddae3deb1ab73795c21348c5828cccb5c54c8df96e208be00a6db2555aff
90252ef0aa9e3d36c861bbeaa1bd57b7f855333edf2957ab9473838a52e2dd7f
93c9ced59035ad857149f0c810cad571860d5992bded7ed0afb31cfeb02ffc9f
9a6aeb402dfac612f6a62c7efd3f2320955aefa405fa0b3dff084ec38d457a48
9d82662ea2490cfe1cddb56202d18db4f8c5da97427d9372b1210ee868ba39b4
9f0384a2c4cddef7a95fce9cc026e0901482723d031610c2dc33f23864e8d5c3
9f832a039796e62a587b85bc69fdd8842a69c5c83c0b1caca0fbb55d19b6e777
a02f66a1a2c5211b390d79d18eacd4160647747b1e2386ab0d55d449444aa551
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a0b374cb5be30cf745d18c8403fcf6d68c68720a8b72f6205960a38231056bc3
a1241146ad277023b86a0fab414950b900a1db4c4da15a7ffd385b3aced05f44
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a29ee2b15c494311c52521766e44af56a3ad2248e7a8ab465e5206463c13d288
a45446c3fc328ce393d561e708f868b6ea7f39637230a3eed0f875ab010a2cf5
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a51778ecbebd314d776056947127fd68690d4dc9b888e6a83912fb1b28b40003
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
a7381728062093b40cb0be9759591640e54dc894bf203f90280b234044f37e74
a76f6c69d18926f3405187ab8e38ddd3d852b09e1c9ddf2eba2b1f0c00e9b73c
a8300141915346761bbbd4f763929c4e7acae044e9dfcf6713e8cff7ca211a13
ae1662349ff25bf23f2d8c4d4affd74d2531892eac8dabfd7a05d80459c36583
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
b2950d9549e61f87ae17b4b53142a0aefe16aec35286a2919e7af1507df28554
b50744cba1be886aa444ef5172874120e6214089e69999fbb6271787d63a6e51
b659f8a85ec763d4cc2a28a2e371f4a05dd54c3cbf860920baf37a2c4685f745
b9dff679ff9931afbbb8019d522a7d03d7787a7d7818037d48f3a502c652e2b6
bcaeaaa9dc8573ad31e3b6b811ada024e58354b912fa7210a73bb12224d3de9d
bce499b4657284e931f638588da4f70c3cef3b891c063a820ba2dfe3e4ed0605
bf4bd6c3154aaa63c42d8a93e705c9d2bc648ddf71eda070985da3334c70b2b3
c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4
c29d9d46c99a9d6f4386118d459ee67210d1b16776b0e56dcfbc251d7e8a01bf
c3642dbf596840d01eae537203983f333f6fbfb82e7f02b283ce84b55a6bec3a
c760ec525cc91d869745de03b6f025d4294989bef5d2dea389f6b27911cbad3f
ca356d69f023a86170e7197b26266cc9f913b54fc90e96a760cec4152b7848b1
cd26dce56b5ab3c491224289cca48fe509a97e5212fac0eb809e425dac4b3747
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d0bffc7261df1454c5e05475cda7d9e6647318dc6c3936767e1252bfe8849c54
d4d11466f8a21a8c3c96dfaf304aa45107dd8d95687a8da3cb23f49c3d138fb1
d6447b819f1671061eaef6eb9a388b162c8714aed75720e7e4a579f738e30cb6
da03f140d305f2abdf496bdd3fad9cfed87a237cf09f6a2edcec58bc5a1f044d
db92a0118b94820130bd67f52bfb51b2129d1d0f1beaeed43f6ac65d2b098e08
dc89c933d5f3a060b6d6529c1f6748bbe87213a8aa11eca62361b67a2c39266b
ddc120e35ca4da9fd80454386db62d0282787157f9b7283e5ffc21f30f5dff80
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
def5de6254be138b8b35d680d1fdd8b07827d03b8626daebfeeb4157ec330ea7
e02159a2b8611457dab49a2c22e349aafac46d996f909795497c1f56e7cf1985
e2511b147f3cf95f742758d3e2062eac98f5265a859dc07959eb8a32f0a2f528
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4617a5b39cda8cd99c5725cd79a12bf58f402b90f76c364ec7de7852ec15050
e578fda3845b781d5c0045ae9c5dc94257e613d1c93d5155720c10453e44e91a
e5a9f374db7c0c93a2d513d12b6f34f8e25e394aa441a483a0b5095e30df94fb
e62f3ad2a3c11b1991861932754874d9f192b4fc73e781d19feabfc4fdd98c3a
e7afc4428a301112cadc78578f7c3f39c7fc68847dd15fccd390dd1aedb0d85e
e9f0d24d1230e0a5760800e4a1657801cff8edf2ba87a05c5d96f74ce44ec06d
eb0b44522322e3379c9c3519c63813eab096880b9860a50a17712c5f085580e3
ec0eec5408d22e16ae62df56c1a2c12fd40a1ec3f2b9d759e5f5b1747f115595
ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152
ee0805dc6e11c1587bbefd09c3cc7be9a6776ff87cf6198d72e680fc5870844d
ee147e859ad0f09aa50367974e38ab53e7c7054c4a51d400a7f45b0eb251454f
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
efded6408c7e64cd48c00b10bdd63b79539c5bb13a396b9f3773f71fe2d5a606
f1a622aef71601184996a07ea6f82376bbf4886b32a7e8bd0ebc4e5961431653
f254108533fdca503650281e2c784668e0fdf8c7879464f95b0cbd44401d39b8
f2aae9491020a4e4af1c595bc6634d6710d0f15c0c36ed03b0d568e9b55a0af0
f2cbdca26b4a69378f33d852d753e98da4d1e072593b84988510426fb7061ae7
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1
f5367613366df6ae329a173e723ded717312d713df9dea19bc4fd5a9de1561c4
f6d6fd9ee20791527032536e7f88692828aeb251ba1a4ef9676a64cd22500087
f73cac9731450b0f15844d1bd3a86db9f9e04a24f5d9b1764afdec4b82085491

journalmetro.com Open in urlscan Pro 192.0.66.2 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

176 Requests

98 %HTTPS

38 %IPv6

35 Domains

59 Subdomains

53 IPs

6 Countries

5880 kBTransfer

12794 kBSize

25 Cookies

15 Outgoing links

Redirected requests

176 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

journalmetro.com Open in urlscan Pro
192.0.66.2 Public Scan

Screenshot
Live screenshot

Full Image

176
Requests

98 %
HTTPS

38 %
IPv6

35
Domains

59
Subdomains

53
IPs

6
Countries

5880 kB
Transfer

12794 kB
Size

25
Cookies

176 HTTP transactions
0 data transactions