urlscan.io logo urlscan.io
SecurityTrails logo

www.ibtimes.com Open in urlscan Pro
34.196.188.175  Public Scan

Go To Rescan Add Verdict Report
URL: https://www.ibtimes.com/beware-new-android-banking-malware-can-take-over-your-device-spread-through-fake-apps-3469028
Submission: On April 12 via manual from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 96 IPs in 13 countries across 76 domains to perform 295 HTTP transactions. The main IP is 34.196.188.175, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is www.ibtimes.com. The Cisco Umbrella rank of the primary domain is 159729.
TLS certificate: Issued by Amazon on March 22nd 2022. Valid for: a year.
This is the only time www.ibtimes.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 34.196.188.175 14618 (AMAZON-AES)
1 2600:9000:223... 16509 (AMAZON-02)
2 2600:9000:249... 16509 (AMAZON-02)
41 151.139.128.11 20446 (STACKPATH...)
1 2a00:1450:400... 15169 (GOOGLE)
2 2606:4700::68... 13335 (CLOUDFLAR...)
2 199.232.136.157 54113 (FASTLY)
18 104.19.136.78 13335 (CLOUDFLAR...)
3 2606:4700:10:... 13335 (CLOUDFLAR...)
8 104.160.77.202 46469 (GETRESPON...)
1 2600:9000:236... 16509 (AMAZON-02)
1 2600:9000:225... 16509 (AMAZON-02)
1 35.186.195.222 15169 (GOOGLE)
4 18.66.109.174 16509 (AMAZON-02)
1 14 151.101.2.137 54113 (FASTLY)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 145.40.89.200 54825 (PACKET)
1 2a02:fa8:8806... 41041 (VCLK-EU-SE)
1 3.67.111.41 16509 (AMAZON-02)
1 2602:803:c003... 26667 (RUBICONPR...)
2 3 185.33.221.50 29990 (ASN-APPNEX)
3 35.244.159.8 15169 (GOOGLE)
1 18.184.69.62 16509 (AMAZON-02)
1 34.204.162.123 14618 (AMAZON-AES)
1 35.157.83.195 16509 (AMAZON-02)
1 52.58.101.33 16509 (AMAZON-02)
2 23.32.59.34 16625 (AKAMAI-AS)
3 142.250.186.162 15169 (GOOGLE)
2 35.190.72.161 15169 (GOOGLE)
4 13.32.99.59 16509 (AMAZON-02)
1 35.190.36.172 15169 (GOOGLE)
2 2600:9000:225... 16509 (AMAZON-02)
3 2a00:1450:400... 15169 (GOOGLE)
1 3.214.80.58 14618 (AMAZON-AES)
2 52.222.214.80 16509 (AMAZON-02)
1 2600:9000:223... 16509 (AMAZON-02)
2 2a03:2880:f02... 32934 (FACEBOOK)
2 2a00:1450:400... 15169 (GOOGLE)
6 2a00:1450:400... 15169 (GOOGLE)
1 34.224.160.147 14618 (AMAZON-AES)
6 3.130.124.226 16509 (AMAZON-02)
21 13.32.99.101 16509 (AMAZON-02)
3 2600:1901:0:2... 15169 (GOOGLE)
2 13.32.99.22 16509 (AMAZON-02)
1 104.244.42.200 13414 (TWITTER)
6 205.185.216.42 20446 (STACKPATH...)
2 2a00:1450:400... 15169 (GOOGLE)
4 2a00:1450:400... 15169 (GOOGLE)
1 2 2620:116:800d... 16509 (AMAZON-02)
2 4 13.32.121.72 16509 (AMAZON-02)
1 2a00:1450:400... 15169 (GOOGLE)
4 2a00:1450:400... 15169 (GOOGLE)
2 54.84.95.29 14618 (AMAZON-AES)
1 2600:9000:223... 16509 (AMAZON-02)
4 69.16.175.42 20446 (STACKPATH...)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2600:9000:223... 16509 (AMAZON-02)
2 34.233.53.19 14618 (AMAZON-AES)
1 35.153.152.203 14618 (AMAZON-AES)
2 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
15 104.19.132.78 13335 (CLOUDFLAR...)
5 6 3.122.58.191 16509 (AMAZON-02)
1 63.33.106.135 16509 (AMAZON-02)
2 2 63.33.104.96 16509 (AMAZON-02)
7 12 142.250.184.194 15169 (GOOGLE)
4 9 69.173.144.165 26667 (RUBICONPR...)
3 3 185.184.8.90 204995 (RTB-HOUSE...)
1 1 52.59.17.14 16509 (AMAZON-02)
2 2 109.206.161.21 50245 (SERVEREL-AS)
1 1 185.86.137.108 201081 (SMARTADSE...)
5 7 3.33.220.150 16509 (AMAZON-02)
6 6 82.145.213.8 39832 (NO-OPERA)
4 7 13.248.245.213 16509 (AMAZON-02)
2 2 2a02:6b8::90 208722 (YNDX)
3 6 18.156.0.31 16509 (AMAZON-02)
1 2606:4700:10:... 13335 (CLOUDFLAR...)
1 104.16.221.74 13335 (CLOUDFLAR...)
2 2 35.212.212.222 15169 (GOOGLE)
1 108.138.7.24 16509 (AMAZON-02)
1 34.120.133.55 396982 (GOOGLE-CL...)
1 104.17.120.107 13335 (CLOUDFLAR...)
1 23.35.236.247 16625 (AKAMAI-AS)
2 23.205.235.133 16625 (AKAMAI-AS)
2 23.35.236.201 16625 (AKAMAI-AS)
1 151.101.1.108 54113 (FASTLY)
2 3.216.159.172 14618 (AMAZON-AES)
2 2 151.101.130.49 54113 (FASTLY)
4 4 3.66.2.206 16509 (AMAZON-02)
1 2620:1ec:21::14 8068 (MICROSOFT...)
2 2 2a05:d018:d29... 16509 (AMAZON-02)
1 2620:1ec:c11:... 8068 (MICROSOFT...)
1 2 209.54.177.54 16509 (AMAZON-02)
1 1 64.74.236.159 22075 (AS-OUTBRAIN)
1 198.47.127.19 3257 (GTT-BACKB...)
3 4 37.157.3.29 198622 (ADFORM)
2 2 216.200.232.249 30419 (MEDIAMATH...)
8 185.64.190.80 62713 (AS-PUBMATIC)
2 2 213.155.156.180 1299 (TWELVE99 ...)
1 178.250.2.151 44788 (ASN-CRITE...)
2 198.47.127.20 3257 (GTT-BACKB...)
4 4 141.94.170.64 16276 (OVH)
2 2 34.254.143.3 16509 (AMAZON-02)
2 2 52.50.215.59 16509 (AMAZON-02)
1 3.127.178.105 16509 (AMAZON-02)
1 159.122.14.34 36351 (SOFTLAYER)
1 35.244.174.68 15169 (GOOGLE)
2 3 52.95.125.22 16509 (AMAZON-02)
295 96
1    34.196.188.175 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-196-188-175.compute-1.amazonaws.com
www.ibtimes.com
1    2600:9000:223f:7400:3:f9b0:4040:93a1 (United States)

ASN16509 (AMAZON-02, US)
ccpa-wrapper.privacymanager.io
2    2600:9000:2491:1000:11:2a6a:9480:93a1 (United States)

ASN16509 (AMAZON-02, US)
gdpr-wrapper.privacymanager.io
41    151.139.128.11 (United States)

ASN20446 (STACKPATH-CDN, US)
s1.ibtimes.com
d1.spcdn.ibt.com
playlist.ibtimes.com
a5b4v2r5.stackpathcdn.com
dc.newsweek.com
video.newsweek.com
1    2a00:1450:4001:828::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagservices.com
2    2606:4700::6811:d5cc (United States)

ASN13335 (CLOUDFLARENET, US)
js.hs-scripts.com
js-na1.hs-scripts.com
2    199.232.136.157 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)
platform.twitter.com
18    104.19.136.78 (None, )

ASN13335 (CLOUDFLARENET, US)
jsc.mgid.com
c.mgid.com
cdn.mgid.com
servicer.mgid.com
cm.mgid.com
3    2606:4700:10::ac43:1695 (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.vuukle.com
vuukle.com
8    104.160.77.202 (United States)

ASN46469 (GETRESPONSE-IMPLIX, US)
PTR: mta-1.ibt-mail.com
www.ibt-mail.com
1    2600:9000:236e:3000:9:dc53:cc00:93a1 (United States)

ASN16509 (AMAZON-02, US)
ccpa.privacymanager.io
1    2600:9000:2250:ae00:16:f82a:8600:93a1 (United States)

ASN16509 (AMAZON-02, US)
gdpr.privacymanager.io
1    35.186.195.222 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 222.195.186.35.bc.googleusercontent.com
query.fqtag.com
4    18.66.109.174 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-109-174.fra56.r.cloudfront.net
c.amazon-adsystem.com
14    151.101.2.137 (United States)

ASN54113 (FASTLY, US)
cd.connatix.com
cds.connatix.com
capi.connatix.com
ins.connatix.com
vid.connatix.com
img.connatix.com
1    2606:4700::6811:46b0 (United States)

ASN13335 (CLOUDFLARENET, US)
js.hs-analytics.net
1    2606:4700::6812:15bf (United States)

ASN13335 (CLOUDFLARENET, US)
js.hs-banner.com
1    145.40.89.200 (Ashburn, United States)

ASN54825 (PACKET, US)
prebid.a-mo.net
1    2a02:fa8:8806:20::2100 (Singapore)

ASN41041 (VCLK-EU-SE, US)
web.hb.ad.cpe.dotomi.com
1    3.67.111.41 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-67-111-41.eu-central-1.compute.amazonaws.com
prebid-server.rubiconproject.com
1    2602:803:c003:200::21 (Amsterdam, Netherlands)

ASN26667 (RUBICONPROJECT, US)
fastlane.rubiconproject.com
3    185.33.221.50 (Amsterdam, Netherlands)

ASN29990 (ASN-APPNEX, US)
PTR: 728.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
ib.adnxs.com
3    35.244.159.8 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 8.159.244.35.bc.googleusercontent.com
u.openx.net
1    18.184.69.62 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-184-69-62.eu-central-1.compute.amazonaws.com
tlx.3lift.com
1    34.204.162.123 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-204-162-123.compute-1.amazonaws.com
reachms.bfmio.com
1    35.157.83.195 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-35-157-83-195.eu-central-1.compute.amazonaws.com
ads.adaptv.advertising.com
1    52.58.101.33 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-58-101-33.eu-central-1.compute.amazonaws.com
hb.emxdgt.com
2    23.32.59.34 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-32-59-34.deploy.static.akamaitechnologies.com
htlb.casalemedia.com
3    142.250.186.162 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s08-in-f2.1e100.net
securepubads.g.doubleclick.net
2    35.190.72.161 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 161.72.190.35.bc.googleusercontent.com
fqtag.com
4    13.32.99.59 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-99-59.fra60.r.cloudfront.net
geo.privacymanager.io
1    35.190.36.172 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 172.36.190.35.bc.googleusercontent.com
cdn.fqtag.com
2    2600:9000:2251:1200:1b:d3ea:d40:93a1 (United States)

ASN16509 (AMAZON-02, US)
vendors.privacymanager.io
3    2a00:1450:4001:82a::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fundingchoicesmessages.google.com
1    3.214.80.58 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-214-80-58.compute-1.amazonaws.com
adops.ibt.com
2    52.222.214.80 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-222-214-80.fra56.r.cloudfront.net
dau-prod.launch.liveramp.com
1    2600:9000:223e:c600:17:1429:b980:93a1 (United States)

ASN16509 (AMAZON-02, US)
cdn.feeds.ibt.com
2    2a03:2880:f02d:100:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
connect.facebook.net
2    2a00:1450:4001:82a::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
6    2a00:1450:4001:813::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
imasdk.googleapis.com
1    34.224.160.147 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-224-160-147.compute-1.amazonaws.com
feeds.ibt.com
6    3.130.124.226 (Columbus, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-130-124-226.us-east-2.compute.amazonaws.com
capi-tier-1-us-east-2.connatix.com
21    13.32.99.101 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-99-101.fra60.r.cloudfront.net
cmp-consent-tool.privacymanager.io
3    2600:1901:0:298e:: (Kansas City, United States)

ASN15169 (GOOGLE, US)
aux.fqtag.com
2    13.32.99.22 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-99-22.fra60.r.cloudfront.net
api.pushnami.com
1    104.244.42.200 (United States)

ASN13414 (TWITTER, US)
syndication.twitter.com
6    205.185.216.42 (United States)

ASN20446 (STACKPATH-CDN, US)
PTR: map2.hwcdn.net
us-as.gr-cdn.com
2    2a00:1450:4001:80e::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
s0.2mdn.net
4    2a00:1450:4001:809::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
2    2620:116:800d:21:51e4:db4b:4436:b305 (United States)

ASN16509 (AMAZON-02, US)
secure.quantserve.com
pixel.quantserve.com
4    13.32.121.72 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-121-72.fra60.r.cloudfront.net
sb.scorecardresearch.com
1    2a00:1450:4001:808::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
ajax.googleapis.com
4    2a00:1450:4001:812::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
pagead2.googlesyndication.com
2    54.84.95.29 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-84-95-29.compute-1.amazonaws.com
trc.pushnami.com
1    2600:9000:223c:8e00:6:44e3:f8c0:93a1 (United States)

ASN16509 (AMAZON-02, US)
rules.quantcount.com
4    69.16.175.42 (United States)

ASN20446 (STACKPATH-CDN, US)
PTR: hwcdn.net
multimedia.ibt-mail.com
1    2a00:1450:400c:c00::9b (Brussels, Belgium)

ASN15169 (GOOGLE, US)
stats.g.doubleclick.net
1    2a00:1450:4001:829::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
1    2a00:1450:4001:80f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.de
1    2606:4700::6813:9a53 (United States)

ASN13335 (CLOUDFLARENET, US)
track.hubspot.com
1    2600:9000:223c:1600:18:1fcd:34f:cdc1 (United States)

ASN16509 (AMAZON-02, US)
static.chartbeat.com
2    34.233.53.19 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-233-53-19.compute-1.amazonaws.com
psp.pushnami.com
1    35.153.152.203 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-35-153-152-203.compute-1.amazonaws.com
ping.chartbeat.net
2    2a00:1450:4001:812::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
1    2a00:1450:4001:802::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
15    104.19.132.78 (None, )

ASN13335 (CLOUDFLARENET, US)
s-img.mgid.com
6    3.122.58.191 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-122-58-191.eu-central-1.compute.amazonaws.com
x.bidswitch.net
1    63.33.106.135 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-63-33-106-135.eu-west-1.compute.amazonaws.com
s.pubmine.com
2    63.33.104.96 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-63-33-104-96.eu-west-1.compute.amazonaws.com
ad.360yield.com
12    142.250.184.194 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s11-in-f2.1e100.net
cm.g.doubleclick.net
9    69.173.144.165 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)
pixel.rubiconproject.com
token.rubiconproject.com
3    185.184.8.90 (Amsterdam, Netherlands)

ASN204995 (RTB-HOUSE-AMS, PL)
PTR: ip-185-184-8-90.rtbhouse.net
creativecdn.com
1    52.59.17.14 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-59-17-14.eu-central-1.compute.amazonaws.com
sonata-notifications.taptapnetworks.com
2    109.206.161.21 (Netherlands)

ASN50245 (SERVEREL-AS, NL)
PTR: 109.206.161.21.serverel.net
sync.e-volution.ai
1    185.86.137.108 (France)

ASN201081 (SMARTADSERVER, FR)
ssbsync.smartadserver.com
7    3.33.220.150 (United States)

ASN16509 (AMAZON-02, US)
PTR: a12b7a488abeaa9e4.awsglobalaccelerator.com
match.adsrvr.org
6    82.145.213.8 (Norway)

ASN39832 (NO-OPERA, NO)
PTR: n-sysadmin-jumpbox-03.feednews.opera.technology
t.adx.opera.com
7    13.248.245.213 (United States)

ASN16509 (AMAZON-02, US)
PTR: a0f671730127a0812.awsglobalaccelerator.com
eb2.3lift.com
2    2a02:6b8::90 (Moscow, Russian Federation)

ASN208722 (YNDX, FI)
an.yandex.ru
6    18.156.0.31 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-156-0-31.eu-central-1.compute.amazonaws.com
ups.analytics.yahoo.com
1    2606:4700:10::ac43:db6 (United States)

ASN13335 (CLOUDFLARENET, US)
mwzeom.zeotap.com
1    104.16.221.74 (None, )

ASN13335 (CLOUDFLARENET, US)
cm.idealmedia.io
2    35.212.212.222 (The Dalles, United States)

ASN15169 (GOOGLE, US)
PTR: 222.212.212.35.bc.googleusercontent.com
rtb-usw.mfadsrvr.com
1    108.138.7.24 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-7-24.fra56.r.cloudfront.net
check.analytics.rlcdn.com
1    34.120.133.55 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 55.133.120.34.bc.googleusercontent.com
api.rlcdn.com
1    104.17.120.107 (None, )

ASN13335 (CLOUDFLARENET, US)
biddr.brealtime.com
1    23.35.236.247 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-35-236-247.deploy.static.akamaitechnologies.com
js-sec.indexww.com
2    23.205.235.133 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-205-235-133.deploy.static.akamaitechnologies.com
eus.rubiconproject.com
2    23.35.236.201 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-35-236-201.deploy.static.akamaitechnologies.com
ads.pubmatic.com
1    151.101.1.108 (United States)

ASN54113 (FASTLY, US)
acdn.adnxs.com
2    3.216.159.172 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-216-159-172.compute-1.amazonaws.com
sync.bfmio.com
2    151.101.130.49 (United States)

ASN54113 (FASTLY, US)
sync-tm.everesttech.net
4    3.66.2.206 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-66-2-206.eu-central-1.compute.amazonaws.com
pixel.advertising.com
1    2620:1ec:21::14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
px.ads.linkedin.com
2    2a05:d018:d29:3605:f0a6:34d:3817:a391 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
pr-bh.ybp.yahoo.com
1    2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
c.bing.com
2    209.54.177.54 (Ashburn, United States)

ASN16509 (AMAZON-02, US)
s.amazon-adsystem.com
1    64.74.236.159 (United States)

ASN22075 (AS-OUTBRAIN, US)
PTR: chi.outbrain.com
b1sync.zemanta.com
1    198.47.127.19 (United States)

ASN3257 (GTT-BACKBONE GTT, US)
image6.pubmatic.com
4    37.157.3.29 (Denmark)

ASN198622 (ADFORM, DK)
c1.adform.net
2    216.200.232.249 (Monrovia, United States)

ASN30419 (MEDIAMATH-INC, US)
sync.mathtag.com
8    185.64.190.80 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)
simage2.pubmatic.com
image2.pubmatic.com
2    213.155.156.180 (Uppsala, Sweden)

ASN1299 (TWELVE99 Arelion, fka Telia Carrier, SE)
PTR: 213-155-156-180.teliacarrier-cust.com
d5p.de17a.com
1    178.250.2.151 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
dis.criteo.com
2    198.47.127.20 (United States)

ASN3257 (GTT-BACKBONE GTT, US)
image4.pubmatic.com
simage4.pubmatic.com
4    141.94.170.64 (France)

ASN16276 (OVH, FR)
PTR: pikafka-eu-7.cloudy.ovh
pixel.onaudience.com
2    34.254.143.3 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-254-143-3.eu-west-1.compute.amazonaws.com
loada.exelator.com
2    52.50.215.59 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-50-215-59.eu-west-1.compute.amazonaws.com
sync.crwdcntrl.net
1    3.127.178.105 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-127-178-105.eu-central-1.compute.amazonaws.com
ps.eyeota.net
1    159.122.14.34 (United States)

ASN36351 (SOFTLAYER, US)
PTR: 22.0e.7a9f.ip4.static.sl-reverse.com
um.simpli.fi
1    35.244.174.68 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 68.174.244.35.bc.googleusercontent.com
id.rlcdn.com
3    52.95.125.22 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
aax-eu.amazon-adsystem.com
Apex Domain
Subdomains		 Transfer
35 ibtimes.com
www.ibtimes.com — Cisco Umbrella Rank: 159729
s1.ibtimes.com — Cisco Umbrella Rank: 225816
playlist.ibtimes.com — Cisco Umbrella Rank: 515442
856 KB
33 mgid.com
jsc.mgid.com — Cisco Umbrella Rank: 8262
c.mgid.com — Cisco Umbrella Rank: 5541
cdn.mgid.com — Cisco Umbrella Rank: 10746
servicer.mgid.com — Cisco Umbrella Rank: 8391
s-img.mgid.com — Cisco Umbrella Rank: 7283
cm.mgid.com — Cisco Umbrella Rank: 2107
332 KB
32 privacymanager.io
ccpa-wrapper.privacymanager.io — Cisco Umbrella Rank: 61346
gdpr-wrapper.privacymanager.io — Cisco Umbrella Rank: 14556
ccpa.privacymanager.io — Cisco Umbrella Rank: 68886
gdpr.privacymanager.io — Cisco Umbrella Rank: 16606
geo.privacymanager.io — Cisco Umbrella Rank: 1433
vendors.privacymanager.io — Cisco Umbrella Rank: 27072
cmp-consent-tool.privacymanager.io — Cisco Umbrella Rank: 32018
698 KB
20 connatix.com
cd.connatix.com — Cisco Umbrella Rank: 3305
cds.connatix.com — Cisco Umbrella Rank: 3432
capi.connatix.com — Cisco Umbrella Rank: 3684
ins.connatix.com — Cisco Umbrella Rank: 5945
capi-tier-1-us-east-2.connatix.com — Cisco Umbrella Rank: 4176
vid.connatix.com — Cisco Umbrella Rank: 4148
img.connatix.com — Cisco Umbrella Rank: 3984
431 KB
16 doubleclick.net
securepubads.g.doubleclick.net — Cisco Umbrella Rank: 193
stats.g.doubleclick.net — Cisco Umbrella Rank: 95
cm.g.doubleclick.net — Cisco Umbrella Rank: 211
156 KB
13 pubmatic.com
hbopenbid.pubmatic.com Failed
ads.pubmatic.com — Cisco Umbrella Rank: 461
image6.pubmatic.com — Cisco Umbrella Rank: 622
simage2.pubmatic.com — Cisco Umbrella Rank: 620
image2.pubmatic.com — Cisco Umbrella Rank: 898
image4.pubmatic.com — Cisco Umbrella Rank: 880
simage4.pubmatic.com — Cisco Umbrella Rank: 1174
25 KB
13 rubiconproject.com
prebid-server.rubiconproject.com — Cisco Umbrella Rank: 1106
fastlane.rubiconproject.com — Cisco Umbrella Rank: 458
pixel.rubiconproject.com — Cisco Umbrella Rank: 350
eus.rubiconproject.com — Cisco Umbrella Rank: 567
token.rubiconproject.com — Cisco Umbrella Rank: 675
16 KB
12 ibt-mail.com
www.ibt-mail.com — Cisco Umbrella Rank: 500096
multimedia.ibt-mail.com — Cisco Umbrella Rank: 575094
4 MB
9 googleapis.com
imasdk.googleapis.com — Cisco Umbrella Rank: 417
ajax.googleapis.com — Cisco Umbrella Rank: 282
fonts.googleapis.com — Cisco Umbrella Rank: 46
1 MB
9 amazon-adsystem.com
c.amazon-adsystem.com — Cisco Umbrella Rank: 302
s.amazon-adsystem.com — Cisco Umbrella Rank: 281
aax-eu.amazon-adsystem.com — Cisco Umbrella Rank: 1212
43 KB
8 yahoo.com
ups.analytics.yahoo.com — Cisco Umbrella Rank: 300
pr-bh.ybp.yahoo.com — Cisco Umbrella Rank: 474
4 KB
8 3lift.com
tlx.3lift.com — Cisco Umbrella Rank: 569
eb2.3lift.com — Cisco Umbrella Rank: 400
13 KB
7 adsrvr.org
match.adsrvr.org — Cisco Umbrella Rank: 355
3 KB
7 fqtag.com
query.fqtag.com — Cisco Umbrella Rank: 29905
fqtag.com — Cisco Umbrella Rank: 13397
cdn.fqtag.com — Cisco Umbrella Rank: 17678
aux.fqtag.com — Cisco Umbrella Rank: 17998
91 KB
6 opera.com
t.adx.opera.com — Cisco Umbrella Rank: 4380
4 KB
6 bidswitch.net
x.bidswitch.net — Cisco Umbrella Rank: 289
3 KB
6 gr-cdn.com
us-as.gr-cdn.com — Cisco Umbrella Rank: 93387
111 KB
6 pushnami.com
api.pushnami.com — Cisco Umbrella Rank: 3931
trc.pushnami.com — Cisco Umbrella Rank: 4037
psp.pushnami.com — Cisco Umbrella Rank: 16854
28 KB
5 advertising.com
ads.adaptv.advertising.com — Cisco Umbrella Rank: 3768
pixel.advertising.com — Cisco Umbrella Rank: 371
2 KB
4 onaudience.com
pixel.onaudience.com — Cisco Umbrella Rank: 2962
2 KB
4 adform.net
c1.adform.net — Cisco Umbrella Rank: 577
2 KB
4 googlesyndication.com
pagead2.googlesyndication.com — Cisco Umbrella Rank: 98
51 KB
4 scorecardresearch.com
sb.scorecardresearch.com — Cisco Umbrella Rank: 137
1 KB
4 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 37
21 KB
4 google.com
fundingchoicesmessages.google.com — Cisco Umbrella Rank: 2298
www.google.com — Cisco Umbrella Rank: 4
89 KB
4 adnxs.com
ib.adnxs.com — Cisco Umbrella Rank: 248
acdn.adnxs.com — Cisco Umbrella Rank: 597
34 KB
4 ibt.com
d1.spcdn.ibt.com — Cisco Umbrella Rank: 717982
adops.ibt.com — Cisco Umbrella Rank: 908556
cdn.feeds.ibt.com — Cisco Umbrella Rank: 563883
feeds.ibt.com — Cisco Umbrella Rank: 386535
91 KB
3 rlcdn.com
check.analytics.rlcdn.com — Cisco Umbrella Rank: 3301
api.rlcdn.com — Cisco Umbrella Rank: 821
id.rlcdn.com — Cisco Umbrella Rank: 601
711 B
3 creativecdn.com
creativecdn.com — Cisco Umbrella Rank: 677
948 B
3 newsweek.com
dc.newsweek.com — Cisco Umbrella Rank: 454236
video.newsweek.com — Cisco Umbrella Rank: 46481
3 MB
3 stackpathcdn.com
a5b4v2r5.stackpathcdn.com — Cisco Umbrella Rank: 963606
27 KB
3 bfmio.com
reachms.bfmio.com — Cisco Umbrella Rank: 4287
sync.bfmio.com — Cisco Umbrella Rank: 1264
1 KB
3 openx.net
u.openx.net — Cisco Umbrella Rank: 709
587 B
3 vuukle.com
cdn.vuukle.com — Cisco Umbrella Rank: 16032
vuukle.com — Cisco Umbrella Rank: 13989
43 KB
3 twitter.com
platform.twitter.com — Cisco Umbrella Rank: 624
syndication.twitter.com — Cisco Umbrella Rank: 891
133 KB
2 crwdcntrl.net
sync.crwdcntrl.net — Cisco Umbrella Rank: 662
954 B
2 exelator.com
loada.exelator.com — Cisco Umbrella Rank: 25327
2 KB
2 de17a.com
d5p.de17a.com — Cisco Umbrella Rank: 5130
637 B
2 mathtag.com
sync.mathtag.com — Cisco Umbrella Rank: 445
1 KB
2 everesttech.net
sync-tm.everesttech.net — Cisco Umbrella Rank: 576
670 B
2 mfadsrvr.com
rtb-usw.mfadsrvr.com — Cisco Umbrella Rank: 8109
758 B
2 yandex.ru
an.yandex.ru — Cisco Umbrella Rank: 2967
605 B
2 e-volution.ai
sync.e-volution.ai — Cisco Umbrella Rank: 2906
918 B
2 360yield.com
ad.360yield.com — Cisco Umbrella Rank: 655
612 B
2 quantserve.com
secure.quantserve.com — Cisco Umbrella Rank: 975
pixel.quantserve.com — Cisco Umbrella Rank: 423
10 KB
2 2mdn.net
s0.2mdn.net — Cisco Umbrella Rank: 262
33 KB
2 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 71
131 KB
2 facebook.net
connect.facebook.net — Cisco Umbrella Rank: 138
83 KB
2 liveramp.com
dau-prod.launch.liveramp.com — Cisco Umbrella Rank: 75621
471 B
2 casalemedia.com
htlb.casalemedia.com — Cisco Umbrella Rank: 463
664 B
2 hs-scripts.com
js.hs-scripts.com — Cisco Umbrella Rank: 2436
js-na1.hs-scripts.com — Cisco Umbrella Rank: 8038
1 KB
1 simpli.fi
um.simpli.fi — Cisco Umbrella Rank: 825
610 B
1 eyeota.net
ps.eyeota.net — Cisco Umbrella Rank: 960
344 B
1 criteo.com
dis.criteo.com — Cisco Umbrella Rank: 706
363 B
1 zemanta.com
b1sync.zemanta.com — Cisco Umbrella Rank: 593
301 B
1 bing.com
c.bing.com — Cisco Umbrella Rank: 234
596 B
1 linkedin.com
px.ads.linkedin.com — Cisco Umbrella Rank: 482
704 B
1 indexww.com
js-sec.indexww.com — Cisco Umbrella Rank: 723
2 KB
1 brealtime.com
biddr.brealtime.com — Cisco Umbrella Rank: 2644
1 KB
1 idealmedia.io
cm.idealmedia.io — Cisco Umbrella Rank: 12130
173 B
1 zeotap.com
mwzeom.zeotap.com — Cisco Umbrella Rank: 1566
456 B
1 smartadserver.com
ssbsync.smartadserver.com — Cisco Umbrella Rank: 1254
347 B
1 taptapnetworks.com
sonata-notifications.taptapnetworks.com — Cisco Umbrella Rank: 5706
320 B
1 pubmine.com
s.pubmine.com — Cisco Umbrella Rank: 9989
286 B
1 gstatic.com
fonts.gstatic.com
16 KB
1 chartbeat.net
ping.chartbeat.net — Cisco Umbrella Rank: 1170
201 B
1 chartbeat.com
static.chartbeat.com — Cisco Umbrella Rank: 1216
14 KB
1 hubspot.com
track.hubspot.com — Cisco Umbrella Rank: 2374
966 B
1 google.de
www.google.de — Cisco Umbrella Rank: 5383
501 B
1 quantcount.com
rules.quantcount.com — Cisco Umbrella Rank: 903
354 B
1 emxdgt.com
hb.emxdgt.com — Cisco Umbrella Rank: 1787
159 B
1 dotomi.com
web.hb.ad.cpe.dotomi.com — Cisco Umbrella Rank: 2075
745 B
1 a-mo.net
prebid.a-mo.net — Cisco Umbrella Rank: 1173
348 B
1 hs-banner.com
js.hs-banner.com — Cisco Umbrella Rank: 2289
16 KB
1 hs-analytics.net
js.hs-analytics.net — Cisco Umbrella Rank: 2287
20 KB
1 googletagservices.com
www.googletagservices.com — Cisco Umbrella Rank: 176
28 KB
295 76
Domain Requested by
33 s1.ibtimes.com www.ibtimes.com
21 cmp-consent-tool.privacymanager.io gdpr.privacymanager.io
cmp-consent-tool.privacymanager.io
15 s-img.mgid.com
12 cm.g.doubleclick.net 7 redirects eb2.3lift.com
9 cm.mgid.com jsc.mgid.com
8 www.ibt-mail.com www.ibtimes.com
www.ibt-mail.com
us-as.gr-cdn.com
7 eb2.3lift.com 4 redirects s1.ibtimes.com
eb2.3lift.com
7 match.adsrvr.org 5 redirects eb2.3lift.com
7 img.connatix.com www.ibtimes.com
6 ups.analytics.yahoo.com 3 redirects
6 t.adx.opera.com 6 redirects
6 pixel.rubiconproject.com 1 redirects
6 x.bidswitch.net 5 redirects eb2.3lift.com
6 us-as.gr-cdn.com www.ibt-mail.com
us-as.gr-cdn.com
6 capi-tier-1-us-east-2.connatix.com cd.connatix.com
6 imasdk.googleapis.com s1.ibtimes.com
cd.connatix.com
imasdk.googleapis.com
5 image2.pubmatic.com ads.pubmatic.com
5 cdn.mgid.com jsc.mgid.com
4 pixel.onaudience.com 4 redirects
4 c1.adform.net 3 redirects ads.pubmatic.com
4 pixel.advertising.com 4 redirects
4 multimedia.ibt-mail.com www.ibtimes.com
4 pagead2.googlesyndication.com srcdoc
4 sb.scorecardresearch.com 2 redirects www.ibtimes.com
4 www.google-analytics.com www.googletagmanager.com
www.google-analytics.com
www.ibtimes.com
4 geo.privacymanager.io gdpr.privacymanager.io
ccpa.privacymanager.io
4 c.amazon-adsystem.com www.ibtimes.com
c.amazon-adsystem.com
3 aax-eu.amazon-adsystem.com 2 redirects
3 token.rubiconproject.com 3 redirects
3 simage2.pubmatic.com ads.pubmatic.com
3 creativecdn.com 3 redirects
3 aux.fqtag.com cdn.fqtag.com
3 a5b4v2r5.stackpathcdn.com www.ibtimes.com
3 fundingchoicesmessages.google.com securepubads.g.doubleclick.net
3 securepubads.g.doubleclick.net www.googletagservices.com
cd.connatix.com
3 u.openx.net s1.ibtimes.com
3 ib.adnxs.com 2 redirects s1.ibtimes.com
3 cds.connatix.com www.ibtimes.com
cd.connatix.com
2 sync.crwdcntrl.net 2 redirects
2 loada.exelator.com 2 redirects
2 d5p.de17a.com 2 redirects
2 sync.mathtag.com 2 redirects
2 s.amazon-adsystem.com 1 redirects eb2.3lift.com
2 pr-bh.ybp.yahoo.com 2 redirects
2 sync-tm.everesttech.net 2 redirects
2 sync.bfmio.com s1.ibtimes.com
sync.bfmio.com
2 ads.pubmatic.com s1.ibtimes.com
2 eus.rubiconproject.com s1.ibtimes.com
eus.rubiconproject.com
2 rtb-usw.mfadsrvr.com 2 redirects
2 an.yandex.ru 2 redirects
2 sync.e-volution.ai 2 redirects
2 ad.360yield.com 2 redirects
2 fonts.googleapis.com client
2 psp.pushnami.com api.pushnami.com
2 trc.pushnami.com api.pushnami.com
2 s0.2mdn.net imasdk.googleapis.com
2 video.newsweek.com s1.ibtimes.com
2 api.pushnami.com www.ibtimes.com
api.pushnami.com
2 www.googletagmanager.com s1.ibtimes.com
www.googletagmanager.com
2 connect.facebook.net www.ibtimes.com
connect.facebook.net
2 dau-prod.launch.liveramp.com ccpa.privacymanager.io
2 vendors.privacymanager.io gdpr.privacymanager.io
2 fqtag.com www.ibtimes.com
cdn.fqtag.com
2 htlb.casalemedia.com s1.ibtimes.com
2 cdn.vuukle.com www.ibtimes.com
cdn.vuukle.com
2 jsc.mgid.com www.ibtimes.com
jsc.mgid.com
2 platform.twitter.com www.ibtimes.com
platform.twitter.com
2 gdpr-wrapper.privacymanager.io www.ibtimes.com
gdpr.privacymanager.io
1 simage4.pubmatic.com ads.pubmatic.com
1 id.rlcdn.com
1 pixel.quantserve.com 1 redirects
1 um.simpli.fi
1 ps.eyeota.net
1 image4.pubmatic.com
1 dis.criteo.com ads.pubmatic.com
1 image6.pubmatic.com ads.pubmatic.com
1 b1sync.zemanta.com 1 redirects
1 c.bing.com eb2.3lift.com
1 px.ads.linkedin.com eb2.3lift.com
1 acdn.adnxs.com s1.ibtimes.com
1 js-sec.indexww.com s1.ibtimes.com
1 biddr.brealtime.com s1.ibtimes.com
1 api.rlcdn.com s1.ibtimes.com
1 check.analytics.rlcdn.com s1.ibtimes.com
1 cm.idealmedia.io
1 mwzeom.zeotap.com
1 ssbsync.smartadserver.com 1 redirects
1 sonata-notifications.taptapnetworks.com 1 redirects
1 s.pubmine.com
1 servicer.mgid.com jsc.mgid.com
1 fonts.gstatic.com fonts.googleapis.com
1 c.mgid.com jsc.mgid.com
1 ping.chartbeat.net
1 static.chartbeat.com www.ibtimes.com
1 track.hubspot.com
1 js-na1.hs-scripts.com js.hs-analytics.net
1 www.google.de www.ibtimes.com
1 www.google.com www.ibtimes.com
1 stats.g.doubleclick.net www.google-analytics.com
1 rules.quantcount.com secure.quantserve.com
1 ajax.googleapis.com cdn.feeds.ibt.com
1 secure.quantserve.com www.googletagmanager.com
1 syndication.twitter.com platform.twitter.com
1 dc.newsweek.com www.ibtimes.com
1 vid.connatix.com cd.connatix.com
1 ins.connatix.com cd.connatix.com
1 feeds.ibt.com www.ibtimes.com
1 playlist.ibtimes.com s1.ibtimes.com
1 cdn.feeds.ibt.com www.ibtimes.com
1 capi.connatix.com cd.connatix.com
1 adops.ibt.com www.ibtimes.com
1 cdn.fqtag.com fqtag.com
1 hb.emxdgt.com s1.ibtimes.com
1 ads.adaptv.advertising.com s1.ibtimes.com
1 reachms.bfmio.com s1.ibtimes.com
1 tlx.3lift.com s1.ibtimes.com
1 fastlane.rubiconproject.com s1.ibtimes.com
1 prebid-server.rubiconproject.com s1.ibtimes.com
1 web.hb.ad.cpe.dotomi.com s1.ibtimes.com
1 prebid.a-mo.net s1.ibtimes.com
1 js.hs-banner.com js.hs-scripts.com
1 js.hs-analytics.net js.hs-scripts.com
1 vuukle.com cdn.vuukle.com
1 cd.connatix.com 1 redirects
1 query.fqtag.com www.ibtimes.com
1 gdpr.privacymanager.io gdpr-wrapper.privacymanager.io
1 ccpa.privacymanager.io ccpa-wrapper.privacymanager.io
1 d1.spcdn.ibt.com www.ibtimes.com
1 js.hs-scripts.com www.ibtimes.com
1 www.googletagservices.com www.ibtimes.com
1 ccpa-wrapper.privacymanager.io www.ibtimes.com
1 www.ibtimes.com
0 hbopenbid.pubmatic.com Failed s1.ibtimes.com
295 133
Subject Issuer Validity Valid
*.ibtimes.com
Amazon		 2022-03-22 -
2023-04-20		 a year crt.sh
*.privacymanager.io
Amazon		 2021-09-25 -
2022-10-24		 a year crt.sh
s1.ibtimes.com
R3		 2022-03-17 -
2022-06-15		 3 months crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2022-03-21 -
2022-06-13		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2021-07-04 -
2022-07-03		 a year crt.sh
platform.twitter.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-07-29 -
2022-07-29		 a year crt.sh
ibt-mail.com
R3		 2022-03-23 -
2022-06-21		 3 months crt.sh
d1.spcdn.ibt.com
R3		 2022-03-20 -
2022-06-18		 3 months crt.sh
*.fqtag.com
R3		 2022-03-27 -
2022-06-25		 3 months crt.sh
c.amazon-adsystem.com
Amazon		 2021-07-06 -
2022-06-27		 a year crt.sh
*.a-mo.net
R3		 2022-02-18 -
2022-05-19		 3 months crt.sh
ad.cpe.dotomi.com
GlobalSign RSA OV SSL CA 2018		 2021-07-13 -
2022-06-25		 a year crt.sh
*.rubiconproject.com
DigiCert TLS RSA SHA256 2020 CA1		 2022-03-08 -
2023-04-04		 a year crt.sh
*.adnxs.com
GeoTrust ECC CA 2018		 2022-02-11 -
2023-03-14		 a year crt.sh
*.openx.net
GeoTrust RSA CA 2018		 2021-07-08 -
2022-08-08		 a year crt.sh
*.3lift.com
Amazon		 2021-06-12 -
2022-07-11		 a year crt.sh
*.bfmio.com
Amazon		 2021-05-16 -
2022-06-14		 a year crt.sh
*.v.ssp.yahoo.com
DigiCert SHA2 High Assurance Server CA		 2022-03-15 -
2022-09-07		 6 months crt.sh
*.emxdgt.com
Amazon		 2021-07-02 -
2022-07-31		 a year crt.sh
san.casalemedia.com
GeoTrust RSA CA 2018		 2021-12-12 -
2022-12-13		 a year crt.sh
*.connatix.com
Go Daddy Secure Certificate Authority - G2		 2021-08-20 -
2022-09-21		 a year crt.sh
*.google.com
GTS CA 1C3		 2022-03-21 -
2022-06-13		 3 months crt.sh
*.ibt.com
Amazon		 2021-06-12 -
2022-07-11		 a year crt.sh
*.launch.liveramp.com
Amazon		 2021-09-16 -
2022-10-15		 a year crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2022-01-20 -
2022-04-20		 3 months crt.sh
*.google-analytics.com
GTS CA 1C3		 2022-03-21 -
2022-06-13		 3 months crt.sh
upload.video.google.com
GTS CA 1C3		 2022-03-21 -
2022-06-13		 3 months crt.sh
playlist.ibtimes.com
R3		 2022-03-30 -
2022-06-28		 3 months crt.sh
*.newsweek.com
Amazon		 2021-11-05 -
2022-12-03		 a year crt.sh
*.stackpathcdn.com
Sectigo RSA Domain Validation Secure Server CA		 2021-05-31 -
2022-05-31		 a year crt.sh
*.pushnami.com
Amazon		 2022-04-03 -
2023-05-02		 a year crt.sh
dc.newsweek.com
R3		 2022-03-14 -
2022-06-12		 3 months crt.sh
syndication.twitter.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2022-03-07 -
2023-03-06		 a year crt.sh
video.newsweek.com
R3		 2022-03-13 -
2022-06-11		 3 months crt.sh
*.gr-cdn.com
Go Daddy Secure Certificate Authority - G2		 2022-03-30 -
2023-04-10		 a year crt.sh
*.doubleclick.net
GTS CA 1C3		 2022-03-21 -
2022-06-13		 3 months crt.sh
*.quantserve.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-09-22 -
2022-09-21		 a year crt.sh
www.google.com
GTS CA 1C3		 2022-03-21 -
2022-06-13		 3 months crt.sh
www.google.de
GTS CA 1C3		 2022-03-28 -
2022-06-20		 3 months crt.sh
hubspot.com
Cloudflare Inc ECC CA-3		 2022-03-08 -
2023-03-07		 a year crt.sh
*.chartbeat.com
Thawte RSA CA 2018		 2021-05-20 -
2022-06-03		 a year crt.sh
*.chartbeat.net
Thawte RSA CA 2018		 2021-12-01 -
2022-12-30		 a year crt.sh
*.gstatic.com
GTS CA 1C3		 2022-03-21 -
2022-06-13		 3 months crt.sh
analytics.rlcdn.com
Amazon		 2021-08-26 -
2022-09-24		 a year crt.sh
*.rlcdn.com
Sectigo RSA Domain Validation Secure Server CA		 2022-02-03 -
2023-02-25		 a year crt.sh
*.brealtime.com
Go Daddy Secure Certificate Authority - G2		 2022-01-21 -
2023-02-22		 a year crt.sh
*.pubmatic.com
DigiCert SHA2 Secure Server CA		 2022-02-04 -
2023-02-03		 a year crt.sh
cdn.adnxs.com
GlobalSign Organization Validated CA - SHA256 - G4		 2021-05-10 -
2022-06-11		 a year crt.sh
*.adsrvr.org
GlobalSign GCC R3 DV TLS CA 2020		 2021-03-18 -
2022-04-19		 a year crt.sh
www.linkedin.com
DigiCert SHA2 Secure Server CA		 2022-03-28 -
2022-09-28		 6 months crt.sh
*.bidswitch.net
Sectigo RSA Domain Validation Secure Server CA		 2022-04-05 -
2023-05-04		 a year crt.sh
www.bing.com
Microsoft RSA TLS CA 01		 2022-03-16 -
2022-09-16		 6 months crt.sh
track.adform.net
DigiCert TLS RSA SHA256 2020 CA1		 2021-09-06 -
2022-10-07		 a year crt.sh
*.criteo.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2022-04-11 -
2022-07-07		 3 months crt.sh
*.simpli.fi
DigiCert TLS RSA SHA256 2020 CA1		 2021-10-27 -
2022-11-27		 a year crt.sh

This page contains 27 frames:

Primary Page: https://www.ibtimes.com/beware-new-android-banking-malware-can-take-over-your-device-spread-through-fake-apps-3469028
Frame ID: 3EC9D1A716FEE2FA7E2366D6E04D975A
Requests: 177 HTTP requests in this frame

Frame: https://cds.connatix.com/p/158503/connatix.playspace.dc.js
Frame ID: CCE6749CFF466DD948388F49F4369119
Requests: 14 HTTP requests in this frame

Frame: https://www.ibt-mail.com/site2/ibts_fast_start/?u=B&webforms_id=Z&v=0
Frame ID: F74A4DD8CE1F382DABDF6A1F8B124F49
Requests: 17 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.c1cdceed40059a51b374bf347e6a2ae0.html?origin=https%3A%2F%2Fwww.ibtimes.com
Frame ID: F57AFC420EB78F7EF10AD7FE2657AE53
Requests: 2 HTTP requests in this frame

Frame: https://cmp-consent-tool.privacymanager.io/latest/index.html
Frame ID: 58F0E2AF5EEBEA340FD5C1EF3D20BF7E
Requests: 21 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.510.0_en.html
Frame ID: 4A0CB19F3540578138DB0AF4F77DEB6F
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: 390E5CC32BFE9C338CB02DF8711AF5A8
Requests: 1 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.510.0_en.html
Frame ID: 131EF42BAE156C488C77E4E0372D55FD
Requests: 1 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.510.0_en.html
Frame ID: BCE0817DEFE6052F98028295BEB608FB
Requests: 1 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.510.0_en.html
Frame ID: BF5D4DC16C2A77A6BD642CCE031FD672
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: CDE897F3393DB9FF31E2F4E41CA90B8D
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: FEE36BD58BB2BC113C4DE3EA8880F91C
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: 526FEDD3F6858070F3F329B4C9238C82
Requests: 1 HTTP requests in this frame

Frame: https://api.pushnami.com/scripts/v1/hub
Frame ID: 63693FC983D47CC4CDCE981705797A9A
Requests: 1 HTTP requests in this frame

Frame: https://cm.mgid.com/i-noref.js?cbuster=1649798622881220408442&consentData=&gdprApplies=0&uspString=1---
Frame ID: 1FA654D35EBC31B8CEB1888B9256BD6C
Requests: 1 HTTP requests in this frame

Frame: https://biddr.brealtime.com/check.html
Frame ID: FAAA2ADEC8E82FF1B92043E24FDC4AFE
Requests: 1 HTTP requests in this frame

Frame: https://js-sec.indexww.com/um/ixmatch.html
Frame ID: 0DA5F024324FDF40F26EF99EB21F2DAC
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html
Frame ID: 3B7A0625B94E2B8435E876FE9EE9D3F3
Requests: 10 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158003
Frame ID: 5D0C31F1A6E8D02AC69DC13AF882EC29
Requests: 13 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: 7894F3D6A13157428FF47F1D0CD1E57F
Requests: 1 HTTP requests in this frame

Frame: https://u.openx.net/w/1.0/pd
Frame ID: 803B76694B3F042610F734AD8818FB9B
Requests: 1 HTTP requests in this frame

Frame: https://sync.bfmio.com/sync_iframe?ifg=1&id=9950dc87-e457-40ab-84d2-0662b604390c&gdpr=0&gc=&gce=1&us_privacy=
Frame ID: 21AAD2C1B936060D5BB28F97F63E6E17
Requests: 2 HTTP requests in this frame

Frame: https://eb2.3lift.com/sync
Frame ID: 058702AAD6313319147B4BE23A2EDC66
Requests: 11 HTTP requests in this frame

Frame: https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=BF0C64D4-C496-4DDE-8558-30D8A01BA999
Frame ID: 7E96786CC78CA4A6EDF6189F9CF3D851
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA==&piggybackCookie=uid:3cde6255-ede1-4a00-9d80-cbac0a89c5e5&gdpr=0&gdpr_consent=
Frame ID: 74A8FA31A8001ADE20B5FE2250B91A85
Requests: 1 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=6539567528254966003
Frame ID: 7CED4E2742FF700AD0DF2CB4BDF4681F
Requests: 1 HTTP requests in this frame

Frame: https://dis.criteo.com/dis/usersync.aspx?r=3&p=4&cp=pubmaticUS&cu=1&&gdpr=0&gdpr_consent=&url=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:@@CRITEO_USERID@@
Frame ID: 74D6CE1046DEFA625DA40BE486BDB143
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Beware: New Android Banking Malware Can Take Over Your Device, Spread Through Fake Apps

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link rel="amphtml"
Overall confidence: 100%
Detected patterns
  • adnxs\.(?:net|com)
Overall confidence: 100%
Detected patterns
  • chartbeat\.js
Overall confidence: 100%
Detected patterns
  • 2mdn\.net
Overall confidence: 100%
Detected patterns
  • googletagservices\.com/tag/js/gpt(?:_mobile)?\.js
Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js
Overall confidence: 100%
Detected patterns
  • googlesyndication\.com/
  • 2mdn\.net
Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtm\.js
  • googletagmanager\.com/gtag/js
Overall confidence: 100%
Detected patterns
  • js\.hs-analytics\.net/analytics
Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.openx\.net
Overall confidence: 100%
Detected patterns
  • adnxs\.com/[^"]*(?:prebid|/pb\.js)
Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.pubmatic\.com
Overall confidence: 100%
Detected patterns
  • api\.pushnami\.com
Overall confidence: 100%
Detected patterns
  • \.quantserve\.com/quant\.js
Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.rubiconproject\.com
Overall confidence: 100%
Detected patterns
  • //platform\.twitter\.com/widgets\.js
Overall confidence: 100%
Detected patterns
  • /([\d.]+)/jquery(?:\.min)?\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

295
Requests

84 %
HTTPS

32 %
IPv6

76
Domains

133
Subdomains

96
IPs

13
Countries

12443 kB
Transfer

21840 kB
Size

98
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 37
  • https://cd.connatix.com/connatix.playspace.js HTTP 302
  • https://cds.connatix.com/p/158503/connatix.playspace.dc.js
Request Chain 127
  • https://sb.scorecardresearch.com/b?c1=2&c2=7922264&ns__t=1649798621540&ns_c=UTF-8&c8=Beware%3A%20New%20Android%20Banking%20Malware%20Can%20Take%20Over%20Your%20Device%2C%20Spread%20Through%20Fake%20Apps&c7=https%3A%2F%2Fwww.ibtimes.com%2Fbeware-new-android-banking-malware-can-take-over-your-device-spread-through-fake-apps-3469028&c9= HTTP 302
  • https://sb.scorecardresearch.com/b2?c1=2&c2=7922264&ns__t=1649798621540&ns_c=UTF-8&c8=Beware%3A%20New%20Android%20Banking%20Malware%20Can%20Take%20Over%20Your%20Device%2C%20Spread%20Through%20Fake%20Apps&c7=https%3A%2F%2Fwww.ibtimes.com%2Fbeware-new-android-banking-malware-can-take-over-your-device-spread-through-fake-apps-3469028&c9=
Request Chain 192
  • https://sb.scorecardresearch.com/c2/7922264/cs.js HTTP 302
  • https://sb.scorecardresearch.com/internal-c2/default/cs.js
Request Chain 225
  • https://x.bidswitch.net/sync?dsp_id=303&user_id=m3cGwraYNZne HTTP 302
  • https://x.bidswitch.net/ul_cb/sync?dsp_id=303&user_id=m3cGwraYNZne HTTP 302
  • https://s.pubmine.com/match?bidder_id=1&external_user_id=1d7650e5-2594-4528-8498-907c7bb0560f&ssp_data=&gdpr=&gdpr_consent=
Request Chain 226
  • https://ad.360yield.com/server_match?partner_id=1944&r=https%3A%2F%2Fcm.mgid.com%2Fm%3Fcdsp%3D665953%26c%3D%7BPUB_USER_ID%7D HTTP 302
  • https://ad.360yield.com/ul_cb/server_match?partner_id=1944&r=https%3A%2F%2Fcm.mgid.com%2Fm%3Fcdsp%3D665953%26c%3D%7BPUB_USER_ID%7D HTTP 302
  • https://cm.mgid.com/m?cdsp=665953&c=365d1e09-e9cc-44d7-b79e-c025be1b0687
Request Chain 227
  • https://cm.g.doubleclick.net/pixel?google_nid=marketgid&google_cm=&google_ula={guid}&google_hm=bTNjR3dyYVlOWm5l&muidn=m3cGwraYNZne HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=marketgid&google_cm=&google_ula={guid}&google_hm=bTNjR3dyYVlOWm5l&muidn=m3cGwraYNZne&google_tc= HTTP 302
  • https://cm.mgid.com/google?muidn=m3cGwraYNZne&google_ula={guid},5&google_gid=CAESEHh0lAwN08dOWb4-jhr_0RA&google_cver=1
Request Chain 229
  • https://creativecdn.com/cm-notify?pi=mgid HTTP 302
  • https://creativecdn.com/cm-notify?pi=mgid&tc=1 HTTP 302
  • https://cm.mgid.com/m?cdsp=501037&c=CDGpYeKQOSY9UXYiIIDN&pi=mgid&tc=1
Request Chain 230
  • https://x.bidswitch.net/sync?ssp=mgid HTTP 302
  • https://x.bidswitch.net/ul_cb/sync?ssp=mgid HTTP 302
  • https://sonata-notifications.taptapnetworks.com/web/cookie/bidswitch/sync?bidswitch_ssp_id=mgid&bsw_custom_parameter=1d7650e5-2594-4528-8498-907c7bb0560f&gdpr=&gdpr_consent=&gdpr_pd= HTTP 302
  • https://x.bidswitch.net/sync?dsp_id=413&ssp=mgid&user_id=csonata_99e4ec82-0a24-4f92-9417-59f855fb4e38&bsw_param=1d7650e5-2594-4528-8498-907c7bb0560f&expires=10 HTTP 302
  • https://cm.mgid.com/m?cdsp=433145&c=1d7650e5-2594-4528-8498-907c7bb0560f&gdpr=&gdpr_consent=&us_privacy=
Request Chain 231
  • https://sync.e-volution.ai/34b9aae5baa016b251b9fc488f4a97cd.gif?puid=m3cGwraYNZne HTTP 302
  • https://ssbsync.smartadserver.com/api/sync?callerId=24&gdpr=0&gdpr_consent=&us_privacy= HTTP 302
  • https://sync.e-volution.ai/a02d62607dea0c97e41ff36ebd422945.gif?puid=2672647737883558751&gdpr=0&gdpr_consent= HTTP 302
  • https://pixel.rubiconproject.com/exchange/sync.php?p=pbs-pashadv&gdpr=0&gdpr_consent=&us_privacy=
Request Chain 232
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=omn67hl&ttd_tpi=1 HTTP 302
  • https://match.adsrvr.org/track/cmb/generic?ttd_pid=omn67hl&ttd_tpi=1 HTTP 302
  • https://cm.mgid.com/m?cdsp=371158&c=e66d38a0-d6a9-4685-b8ac-ad4c862a2a6f&ttl=1652390623
Request Chain 233
  • https://t.adx.opera.com/pub/sync?pubid=pub6103523253312 HTTP 302
  • https://ib.adnxs.com/getuid?https%3A%2F%2Ft.adx.opera.com%2Fsync%3Fvendor%3D60141%26uid%3D%24UID HTTP 302
  • https://t.adx.opera.com/sync?vendor=60141&uid=6406053966499447073 HTTP 302
  • https://creativecdn.com/cm-notify?pi=opera HTTP 302
  • https://t.adx.opera.com/sync?vendor=60039&uid=CDGpYeKQOSY9UXYiIIDN&pi=opera HTTP 302
  • https://eb2.3lift.com/getuid?redir=https%3A%2F%2Ft.adx.opera.com%2Fsync%3Fvendor%3D60124%26uid%3D$UID HTTP 302
  • https://eb2.3lift.com/getuid?ld=1&gdpr=1&cmp_cs=&us_privacy=&redir=https%3A%2F%2Ft.adx.opera.com%2Fsync%3Fvendor%3D60124%26uid%3D%24UID HTTP 302
  • https://t.adx.opera.com/sync?vendor=60124&uid=3341262232987407313122 HTTP 302
  • https://an.yandex.ru/mapuid/operacom/ HTTP 302
  • https://an.yandex.ru/mapuid/operacom/?redir-setuniq=1 HTTP 302
  • https://t.adx.opera.com/sync?vendor=60143&uid=2D6F6294C28E58A9 HTTP 302
  • https://ups.analytics.yahoo.com/ups/58484/occ HTTP 302
  • https://ups.analytics.yahoo.com/ups/58484/occ?verify=true HTTP 302
  • https://t.adx.opera.com/sync?vendor=60112&uid=y-A7krQz5E2uEwKDvnePlcTIRwg7DuykDfmQbatGc-~A HTTP 302
  • https://cm.mgid.com/m?cdsp=528163&c=bcc1df01936740e697673c4500f022ef
Request Chain 236
  • https://rtb-usw.mfadsrvr.com/sync?ssp=mgid HTTP 302
  • https://rtb-usw.mfadsrvr.com/ul_cb/sync?ssp=mgid HTTP 302
  • https://cm.mgid.com/m?cdsp=287839&c=0c9e0ff7-3912-4830-9ded-4b9435c97638
Request Chain 251
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=adaptv&ttd_tpi=1 HTTP 302
  • https://ups.analytics.yahoo.com/ups/55953/sync?uid=e66d38a0-d6a9-4685-b8ac-ad4c862a2a6f&_origin=1&gdpr=1&gdpr_consent=
Request Chain 252
  • https://sync-tm.everesttech.net/upi/pid/m7y5t93k?gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fpixel.advertising.com%2Fups%2F55986%2Fsync%3Fuid%3D%24%7BUSER_ID%7D%26_origin%3D0&gdpr=0&gdpr_consent= HTTP 302
  • https://sync-tm.everesttech.net/ct/upi/pid/m7y5t93k?gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fpixel.advertising.com%2Fups%2F55986%2Fsync%3Fuid%3D%24%7BUSER_ID%7D%26_origin%3D0&gdpr=0&gdpr_consent=&_test=YlXt4AABhYp_UgAZ HTTP 302
  • https://pixel.advertising.com/ups/55986/sync?uid=YlXt4AABhYp_UgAZ&_origin=0&gdpr=0&gdpr_consent=&_test=YlXt4AABhYp_UgAZ HTTP 302
  • https://ups.analytics.yahoo.com/ups/55986/sync?uid=YlXt4AABhYp_UgAZ&_origin=0&gdpr=0&gdpr_consent=&_test=YlXt4AABhYp_UgAZ&apid=UPd5583de5-baa6-11ec-bde6-063271c60a24
Request Chain 253
  • https://pixel.advertising.com/ups/57304/sync?gdpr=&gdpr_consent=&_origin=0&redir=true HTTP 302
  • https://pixel.advertising.com/ups/57304/sync?gdpr=&gdpr_consent=&_origin=0&redir=true&verify=true HTTP 302
  • https://ups.analytics.yahoo.com/ups/57304/sync?gdpr=&gdpr_consent=&_origin=0&redir=true&apid=UPd5583de5-baa6-11ec-bde6-063271c60a24 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=adaptv_dbm&google_cm&google_hm=VVBkNTU4M2RlNS1iYWE2LTExZWMtYmRlNi0wNjMyNzFjNjBhMjQ%3D HTTP 302
  • https://pixel.advertising.com/ups/57304/sync?uid=CAESEFoM8juKbxeKwi6c2VfyMY4&google_cver=1 HTTP 302
  • https://ups.analytics.yahoo.com/ups/57304/sync?uid=CAESEFoM8juKbxeKwi6c2VfyMY4&google_cver=1&apid=UPd5583de5-baa6-11ec-bde6-063271c60a24
Request Chain 255
  • https://eb2.3lift.com/ebda?sync=1&gdpr=1&cmp_cs= HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MzM0MTI2MjIzMjk4NzQwNzMxMzEyMg%3D%3D
Request Chain 257
  • https://eb2.3lift.com/sync/google/demand?sync=1&gdpr=1&gdpr_consent= HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=triplelift&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MzM0MTI2MjIzMjk4NzQwNzMxMzEyMg%3D%3D
Request Chain 259
  • https://pr-bh.ybp.yahoo.com/sync/triplelift/3341262232987407313122?gdpr=1&gdpr_consent= HTTP 302
  • https://eb2.3lift.com/xuid?mid=2662&xuid=y-be29IYhE2oRBm3f7O.w8FNsFSgmCm724tG.WPA8f8g--~A&dongle=0883
Request Chain 262
  • https://s.amazon-adsystem.com/x/757c0557066e95cfd4c7?gdpr=1&gdpr_consent=&uid=3341262232987407313122 HTTP 302
  • https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&dl=3lift&gdpr=1&gdpr_consent=&uid=3341262232987407313122&dcc=t
Request Chain 263
  • https://b1sync.zemanta.com/usersync/triplelift?gdpr=1&gdpr_consent= HTTP 302
  • https://eb2.3lift.com/xuid?mid=2460&dongle=dba8&xuid=&gdpr=1
Request Chain 266
  • https://c1.adform.net/serving/cookie/match?party=14&cid=BF0C64D4-C496-4DDE-8558-30D8A01BA999 HTTP 302
  • https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=BF0C64D4-C496-4DDE-8558-30D8A01BA999
Request Chain 267
  • https://sync.mathtag.com/sync/img?mt_exid=3&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA%3D%3D%26piggybackCookie%3Duid%3A%5BMM_UUID%5D HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA==&piggybackCookie=uid:3cde6255-ede1-4a00-9d80-cbac0a89c5e5&gdpr=0&gdpr_consent=
Request Chain 268
  • https://d5p.de17a.com/getuid/pubmatic?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID HTTP 302
  • https://d5p.de17a.com/getuid/pubmatic;c?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=6539567528254966003
Request Chain 270
  • https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=vwxk1MSWTd6FWDDYoBupmQ%3D%3D HTTP 302
  • https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=
Request Chain 271
  • https://sync.mathtag.com/sync/img?mt_exid=3&redir=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3FpartnerID%3D27%26partnerUID%3D%5BMM_UUID%5D HTTP 302
  • https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=bad66255-ede1-4400-a8df-bd50102c1262
Request Chain 272
  • https://pixel.onaudience.com/?partner=214&mapped=BF0C64D4-C496-4DDE-8558-30D8A01BA999 HTTP 302
  • https://loada.exelator.com/load/?p=1164&g=1&j=r&ru=https%3A%2F%2Fpixel.onaudience.com%2F%3Fpartner%3D161%26icm%26cver%26mapped%3D%25%25UID%25%25%26gdpr%3D1 HTTP 302
  • https://loada.exelator.com/load/?p=1164&g=1&j=r&ru=https%3A%2F%2Fpixel.onaudience.com%2F%3Fpartner%3D161%26icm%26cver%26mapped%3D%25%25UID%25%25%26gdpr%3D1&xl8blockcheck=1 HTTP 302
  • https://pixel.onaudience.com/?partner=161&icm&cver&mapped=0799eb96609287efb057f61466323f27&gdpr=1 HTTP 302
  • https://sync.crwdcntrl.net/map/c=8587/tp=CLOD/tpid=e4d5a380a656836c/gdpr=1/gdpr_consent=?https%3A%2F%2Fpixel.onaudience.com%2F%3Fpartner%3D104%26icm%26cver%26mapped%3D%24%7Bprofile_id%7D%26gdpr%3D%24%7Bgdpr%7D%26gdpr_consent%3D%24%7Bgdpr_consent%7D HTTP 302
  • https://sync.crwdcntrl.net/map/ct=y/c=8587/tp=CLOD/tpid=e4d5a380a656836c/gdpr=1/gdpr_consent=?https%3A%2F%2Fpixel.onaudience.com%2F%3Fpartner%3D104%26icm%26cver%26mapped%3D%24%7Bprofile_id%7D%26gdpr%3D%24%7Bgdpr%7D%26gdpr_consent%3D%24%7Bgdpr_consent%7D HTTP 302
  • https://pixel.onaudience.com/?partner=104&icm&cver&mapped=7fe135f2a2b15bbebf70152ef1974165&gdpr=1&gdpr_consent=${gdpr_consent} HTTP 302
  • https://pixel.onaudience.com/?partner=162&icm&cver&gdpr=1&gdpr_consent=${gdpr_consent}&smartmap=1&redirect=ps.eyeota.net%2Fpixel%3Fgdpr%3D1%26gdpr_consent%3D${gdpr_consent}%26pid%3Ddn5h51u%26t%3Dgif%26uid%3D%25m HTTP 302
  • https://ps.eyeota.net/pixel?gdpr=1&gdpr_consent=${gdpr_consent}&pid=dn5h51u&t=gif&uid=10ea2cbff71608f7
Request Chain 273
  • https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=QkYwQzY0RDQtQzQ5Ni00RERFLTg1NTgtMzBEOEEwMUJBOTk5&gdpr=0&gdpr_consent= HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
Request Chain 274
  • https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent= HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEJYeGg-SMNab-Xf5ZZssIpc&google_cver=1
Request Chain 276
  • https://c1.adform.net/serving/cookie/match?party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COOKIES%20HERE]&gdpr=0&gdpr_consent= HTTP 302
  • https://c1.adform.net/serving/cookie/match?CC=1&party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COOKIES%20HERE]&gdpr=0&gdpr_consent= HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=3525668781184695540
Request Chain 277
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=e66d38a0-d6a9-4685-b8ac-ad4c862a2a6f
Request Chain 278
  • https://ib.adnxs.com/getuid?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=$UID&gdpr=0&gdpr_consent= HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=6406053966499447073&gdpr=0&gdpr_consent=
Request Chain 279
  • https://pixel.quantserve.com/pixel/p-5aWVS_roA1dVM.gif?idmatch=0&gdpr=0&gdpr_consent= HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=jI3Utt_bhLKXjta2iNzM4tncguCXi9Owg4ior2jT
Request Chain 280
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=rwuq9ny&ttd_tpi=1 HTTP 302
  • https://sync.bfmio.com/sync?pid=106&uid=e66d38a0-d6a9-4685-b8ac-ad4c862a2a6f
Request Chain 281
  • https://token.rubiconproject.com/token?pid=2974&pt=n&a=1&us_privacy=1--- HTTP 302
  • https://pr-bh.ybp.yahoo.com/sync/rubicon/6-pZrmsVNAt64Fgb5n3U-A?csrc=&us_privacy=1--- HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=4144688919164354826
Request Chain 283
  • https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=&us_privacy=1--- HTTP 302
  • https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=&us_privacy=1---&dcc=t HTTP 302
  • https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=G2NLbN00T-qYCeO2exHdGg&rk=usync-other HTTP 302
  • https://aax-eu.amazon-adsystem.com/s/ecm3?ex=rubiconprojectHMT&id=G2NLbN00T-qYCeO2exHdGg
Request Chain 284
  • https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc&us_privacy=1--- HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEJblA2QrVm2xCtKnTC1qBdE&google_cver=1
Request Chain 286
  • https://token.rubiconproject.com/token?pid=25470&us_privacy=1--- HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDFXTkkyWkYtMy03NFVP&us_privacy=1---
Request Chain 288
  • https://token.rubiconproject.com/token?pid=2249&pt=n&us_privacy=1--- HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=MDZhY2FiMTFkZjVmZWYxZmIwNmEyMTBhYTc1OWU3NGU4Y2MxMjZlMg&us_privacy=1---

295 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request beware-new-android-banking-malware-can-take-over-your-device-spread-through-fake-apps-3469028
www.ibtimes.com/ 		228 KB
52 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.ibtimes.com/beware-new-android-banking-malware-can-take-over-your-device-spread-through-fake-apps-3469028
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.196.188.175 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-196-188-175.compute-1.amazonaws.com
Software
/
Resource Hash
1fb2b2c8c5a064fd488dd784b811ab63b41c2667ba8671937339dfeaaf7fce47
Security Headers
Name Value
Strict-Transport-Security max-age=1000; includeSubDomains
X-Content-Type-Options nosniff nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
0
cache-control
public, max-age=1800, public
content-encoding
gzip
content-language
en
content-type
text/html; charset=utf-8
date
Tue, 12 Apr 2022 21:23:40 GMT
etag
"1649798619-1"
expires
Sun, 19 Nov 1978 05:00:00 GMT
grace
none
last-modified
Tue, 12 Apr 2022 21:23:39 GMT
strict-transport-security
max-age=1000; includeSubDomains
vary
Cookie,Accept-Encoding, User-Agent
x-cache
MISS
x-cache-hits
0
x-content-type-options
nosniff nosniff
x-frame-options
SAMEORIGIN
x-geoip
DE
x-ua-compatible
IE=edge
x-ua-device
pc
x-xss-protection
1; mode=block
ccpa-liveramp.js
ccpa-wrapper.privacymanager.io/ccpa/b048e9c3-ab54-4024-9fa6-983e6fcec56c/ 		18 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ccpa-wrapper.privacymanager.io/ccpa/b048e9c3-ab54-4024-9fa6-983e6fcec56c/ccpa-liveramp.js
Requested by
Host: www.ibtimes.com
URL: https://www.ibtimes.com/beware-new-android-banking-malware-can-take-over-your-device-spread-through-fake-apps-3469028
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223f:7400:3:f9b0:4040:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
6f2babf2cc23ba3832aa3c62c2d5f37e5ad0442c67d70405833112839dbb981a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.ibtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-amz-version-id
ZjkGxWYkKNMBBjt4LKTRiSL8IrlYBWdE
content-encoding
gzip
etag
W/"5734e2bb4e0a3f2acb3ed189c8f93fab"
age
57844
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
content-disposition
attachment; filename="ccpa-liveramp.js"
last-modified
Wed, 16 Dec 2020 15:56:39 GMT
server
AmazonS3
date
Tue, 12 Apr 2022 05:19:39 GMT
vary
Accept-Encoding
content-type
text/javascript
via
1.1 7463e2e784b132604afa3cd91a5d39a2.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P5
x-amz-cf-id
sg-5xuylfSNnsTrQHyraW1JkVTYIxIu-TJX5apFMwInNkeSzafKU_A==
gdpr-liveramp.js
gdpr-wrapper.privacymanager.io/gdpr/93872cc6-8fc9-44b6-9bbe-081c7bd04dc4/ 		16 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://gdpr-wrapper.privacymanager.io/gdpr/93872cc6-8fc9-44b6-9bbe-081c7bd04dc4/gdpr-liveramp.js
Requested by
Host: www.ibtimes.com
URL: https://www.ibtimes.com/beware-new-android-banking-malware-can-take-over-your-device-spread-through-fake-apps-3469028
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2491:1000:11:2a6a:9480:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
f6269f2b649529a84e5cb5845acebfa005268d16b13c259c609e6efb8fc6f438

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.ibtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 12 Apr 2022 17:13:55 GMT
content-encoding
gzip
age
14986
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
content-disposition
attachment; filename="gdpr-liveramp.js"
last-modified
Tue, 09 Mar 2021 20:55:50 GMT
server
AmazonS3
etag
W/"dff727e8257a70cc219bf7d012c600e8"
vary
Accept-Encoding
x-amz-version-id
uiy.v4_x072mCrzHPE59UacguHJ9QSPN
via
1.1 93efd892a8e99dc59164afbee331cd56.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P7
content-type
text/javascript
x-amz-cf-id
KrJdbhivCSfOQvkhRbCw-IwfXTyNOKZahEp7caoFCT-fSroeJ4GaBA==
prebid.min.js
s1.ibtimes.com/sites/all/modules/modules-custom/fusion/fusion_ads/js/ 		363 KB
109 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s1.ibtimes.com/sites/all/modules/modules-custom/fusion/fusion_ads/js/prebid.min.js?v=6.3
Requested by
Host: www.ibtimes.com
URL: https://www.ibtimes.com/beware-new-android-banking-malware-can-take-over-your-device-spread-through-fake-apps-3469028
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.139.128.11 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software
/
Resource Hash
7d844e4ddc4bd12d3d34ca74a580e2da84643e08a0e73c7740dbfdedfa5a1e0a
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.ibtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 12 Apr 2022 21:23:40 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
0
grace
none
x-cache
MISS
x-ua-device
bot
content-length
111707
last-modified
Thu, 09 Dec 2021 17:24:22 GMT
etag
"5adb9-5d2b9e09ac5b3-gzip"
x-hw
1649798620.cds016.fr8.hn,1649798620.cds133.fr8.c
content-type
application/javascript
x-geoip
US
cache-control
max-age=1209600, public
accept-ranges
bytes
x-cache-hits
0
gpt.js
www.googletagservices.com/tag/js/ 		83 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/tag/js/gpt.js
Requested by
Host: www.ibtimes.com
URL: https://www.ibtimes.com/beware-new-android-banking-malware-can-take-over-your-device-spread-through-fake-apps-3469028
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
1df3b6e55ee9219d7e8edd63f06bd31ff7b22216da133e7a24d4feb9c8c349b2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.ibtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 12 Apr 2022 21:23:40 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
28314
x-xss-protection
0
server
sffe
etag
"1186 / 264 of 1000 / last-modified: 1649774618"
vary
Accept-Encoding
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type
text/javascript
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
expires
Tue, 12 Apr 2022 21:23:40 GMT
5154892.js
js.hs-scripts.com/ 		857 B
859 B 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hs-scripts.com/5154892.js
Requested by
Host: www.ibtimes.com
URL: https://www.ibtimes.com/beware-new-android-banking-malware-can-take-over-your-device-spread-through-fake-apps-3469028
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:d5cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
31cfdb3b5650179106b4e2e5114fc69a73da92170cb88da211c0afbf5d29031f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.ibtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 12 Apr 2022 21:23:40 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
HIT
age
3
cf-polished
origSize=964
x-hubspot-correlation-id
61f6c13b-8ee6-4c83-9691-47a6ec883004
last-modified
Tue, 12 Apr 2022 21:23:37 GMT
server
cloudflare
x-trace
2BA81B03B2B0385E51FC99E182BAB008E7AD122570000000000000000000
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age
3600
content-type
application/javascript;charset=utf-8
access-control-allow-origin
https://www.ibtimes.com
expires
Tue, 12 Apr 2022 21:24:40 GMT
cache-control
public, max-age=60
access-control-allow-credentials
true
cf-ray
6faf0642289691e4-FRA
cf-bgj
minify
widgets.js
platform.twitter.com/ 		97 KB
29 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://platform.twitter.com/widgets.js
Requested by
Host: www.ibtimes.com
URL: https://www.ibtimes.com/beware-new-android-banking-malware-can-take-over-your-device-spread-through-fake-apps-3469028
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
199.232.136.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
b3d1267f470c1399da3788f58fc567a3d51893463ef29a9f1ea406f15bcb8226

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.ibtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 12 Apr 2022 21:23:40 GMT
content-encoding
gzip
last-modified
Thu, 07 Apr 2022 19:43:04 GMT
etag
"a9ea5b6f323c8a4851cd3ebb744b57ff+gzip"
vary
Accept-Encoding
access-control-allow-methods
GET
p3p
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
access-control-allow-origin
*
cache-control
public, max-age=1800
x-cache
HIT, HIT
accept-ranges
bytes
content-type
application/javascript; charset=utf-8
content-length
29460
tw-cdn
FT
x-served-by
cache-iad-kiad7000139-IAD, cache-hhn11524-HHN
js__4doaOVrHFXWtNkAxvpJErZYJegMxIyNI_v23DlFpHaU__AdhAFZ5QAk_VrKkFUOCnxJb9ANrhuWlKf15A7QHm14M__BLfDMTfdyIpy-VJFGDnAh4bOQZnbFz8z57imDSXIqUw.js
s1.ibtimes.com/sites/www.ibtimes.com/files/advagg_js/ 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s1.ibtimes.com/sites/www.ibtimes.com/files/advagg_js/js__4doaOVrHFXWtNkAxvpJErZYJegMxIyNI_v23DlFpHaU__AdhAFZ5QAk_VrKkFUOCnxJb9ANrhuWlKf15A7QHm14M__BLfDMTfdyIpy-VJFGDnAh4bOQZnbFz8z57imDSXIqUw.js
Requested by
Host: www.ibtimes.com
URL: https://www.ibtimes.com/beware-new-android-banking-malware-can-take-over-your-device-spread-through-fake-apps-3469028
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.139.128.11 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software
/
Resource Hash
69b116c12bbdb23eab4b5600fb5e071a12c5d47494c7a600ffacc4ffa4cd44aa
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.ibtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 12 Apr 2022 21:23:40 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
0
grace
none
x-cache
MISS
x-ua-device
bot
content-length
1080
last-modified
Tue, 31 Aug 2021 13:11:21 GMT
etag
"1630415481"
x-hw
1649798620.cds016.fr8.hn,1649798620.cds127.fr8.c
content-type
application/javascript
x-geoip
US
cache-control
max-age=31449600, public, no-transform, public, immutable
accept-ranges
bytes
x-cache-hits
0
one-of-japans-top-dating-apps-has-warned.jpg
s1.ibtimes.com/sites/www.ibtimes.com/files/styles/embed/public/2021/05/24/ 		59 KB
59 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s1.ibtimes.com/sites/www.ibtimes.com/files/styles/embed/public/2021/05/24/one-of-japans-top-dating-apps-has-warned.jpg
Requested by
Host: www.ibtimes.com
URL: https://www.ibtimes.com/beware-new-android-banking-malware-can-take-over-your-device-spread-through-fake-apps-3469028
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.139.128.11 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software
/
Resource Hash
097b011d68299f6d50339c44cc0a17d1fcc134d6d2a40235601fe1778e6d202d
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.ibtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 12 Apr 2022 21:23:40 GMT
x-content-type-options
nosniff
age
0
grace
none
x-cache
MISS
x-ua-device
pc
content-length
60251
last-modified
Mon, 24 May 2021 09:04:15 GMT
etag
"eb5b-5c30fb197f125"
x-hw
1649798620.cds016.fr8.hn,1649798620.cds013.fr8.c
content-type
image/jpeg
access-control-allow-origin
*
x-geoip
OTHER
cache-control
max-age=1209600, public
accept-ranges
bytes
x-cache-hits
0
ibtimes.com.307820.js
jsc.mgid.com/i/b/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://jsc.mgid.com/i/b/ibtimes.com.307820.js
Requested by
Host: www.ibtimes.com
URL: https://www.ibtimes.com/beware-new-android-banking-malware-can-take-over-your-device-spread-through-fake-apps-3469028
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.19.136.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b9375bafa005d10382a0b9bd1a333423ce9e6383e34c7f492611323510306cb8

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.ibtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 12 Apr 2022 21:23:40 GMT
content-encoding
br
cf-cache-status
HIT
age
5647
cf-polished
origSize=5665
last-modified
Thu, 31 Mar 2022 15:06:01 GMT
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id
KRNE1PM61TH1ZZBC
x-amz-id-2
mTBO938SjgbDFvCN40f7JKLh/HgCjmXsFyMVfSZVEe+QwdJ7msBAjdhuvLntXD/qESFnX1+D8pY=
cf-bgj
minify
server
cloudflare
etag
W/"13f919693441b33495df2c34ac002569"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=10800
cf-ray
6faf06422bcf5bf1-FRA
expires
Wed, 13 Apr 2022 00:23:40 GMT
platform.js
cdn.vuukle.com/ 		150 KB
41 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.vuukle.com/platform.js
Requested by
Host: www.ibtimes.com
URL: https://www.ibtimes.com/beware-new-android-banking-malware-can-take-over-your-device-spread-through-fake-apps-3469028
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:1695 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
63bd3822c82eaa5f4977ced76317ee353ca73d99f83c2167262ca841b6a95873

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.ibtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 12 Apr 2022 21:23:40 GMT
content-encoding
br
cf-cache-status
HIT
age
22868
cf-polished
origSize=153298
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Tue, 12 Apr 2022 15:01:40 GMT
server
cloudflare
etag
W/"62559454-256d2"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript
access-control-allow-origin
*
access-control-expose-headers
Content-Length,Content-Range
cache-control
max-age=1800
cf-ray
6faf06420f549b67-FRA
access-control-allow-headers
DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
cf-bgj
minify
view_webform_v2.js
www.ibt-mail.com/ 		41 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.ibt-mail.com/view_webform_v2.js?u=t&webforms_id=Z
Requested by
Host: www.ibtimes.com
URL: https://www.ibtimes.com/beware-new-android-banking-malware-can-take-over-your-device-spread-through-fake-apps-3469028
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.160.77.202 , United States, ASN46469 (GETRESPONSE-IMPLIX, US),
Reverse DNS
mta-1.ibt-mail.com
Software
nginx /
Resource Hash
7f9eb5fa35909b7d48955c315ecf4d83c50c5f4ef629925329b105c4d80db1f8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.ibtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date
Tue, 12 Apr 2022 21:23:40 GMT
Content-Encoding
gzip
Referrer-Policy
strict-origin-when-cross-origin
Server
nginx
X-Frame-Options
sameorigin
Content-Type
application/x-javascript
X-XSS-Protection
1; mode=block
Connection
keep-alive
Feature-Policy
accelerometer *; ambient-light-sensor *; autoplay *; camera *; encrypted-media *; fullscreen *; geolocation *; gyroscope *; magnetometer *; microphone *; midi *; payment *; picture-in-picture *; speaker *; sync-xhr *; usb *; vr *
Server-Timing
dtSInfo;desc="1"
Transfer-Encoding
chunked
X-Content-Type-Options
nosniff
newsletter_bg_1.jpg
s1.ibtimes.com/sites/www.ibtimes.com/files/ 		30 KB
30 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s1.ibtimes.com/sites/www.ibtimes.com/files/newsletter_bg_1.jpg
Requested by
Host: www.ibtimes.com
URL: https://www.ibtimes.com/beware-new-android-banking-malware-can-take-over-your-device-spread-through-fake-apps-3469028
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.139.128.11 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software
/
Resource Hash
2e91e2bd6a52d19af42ffde53abe566521ba206270cef9fd6adb26da84f6cf4c
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.ibtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 12 Apr 2022 21:23:40 GMT
x-content-type-options
nosniff
age
0
grace
none
x-cache
MISS
x-ua-device
pc
content-length
30722
last-modified
Thu, 13 May 2021 19:46:48 GMT
etag
"7802-5c23b63505906"
x-hw
1649798620.cds016.fr8.hn,1649798620.cds016.fr8.c
content-type
image/jpeg
access-control-allow-origin
*
x-geoip
US
cache-control
max-age=1209600, public
accept-ranges
bytes
x-cache-hits
0
the-federal-reserve-building-is-seen-in-washington.jpg
s1.ibtimes.com/sites/www.ibtimes.com/files/styles/sm/public/2022/02/10/ 		16 KB
16 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s1.ibtimes.com/sites/www.ibtimes.com/files/styles/sm/public/2022/02/10/the-federal-reserve-building-is-seen-in-washington.jpg
Requested by
Host: www.ibtimes.com
URL: https://www.ibtimes.com/beware-new-android-banking-malware-can-take-over-your-device-spread-through-fake-apps-3469028
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.139.128.11 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software
/
Resource Hash
2e351a4112ed4e41b027d99fad22b8b897f52667a2d59569fb594d43305b0fc0
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.ibtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 12 Apr 2022 21:23:40 GMT
x-content-type-options
nosniff
age
0
grace
none
x-cache
MISS
x-ua-device
pc
content-length
16556
last-modified
Thu, 10 Feb 2022 16:25:06 GMT
etag
"40ac-5d7ac64a99cc9"
x-hw
1649798620.cds016.fr8.hn,1649798620.cds163.fr8.c
content-type
image/jpeg
access-control-allow-origin
*
x-geoip
DE
cache-control
max-age=1209600, public
accept-ranges
bytes
x-cache-hits
0
with-his-snowy-white-hair-and-round-glasses.jpg
s1.ibtimes.com/sites/www.ibtimes.com/files/styles/sm/public/2022/02/12/ 		10 KB
10 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s1.ibtimes.com/sites/www.ibtimes.com/files/styles/sm/public/2022/02/12/with-his-snowy-white-hair-and-round-glasses.jpg
Requested by
Host: www.ibtimes.com
URL: https://www.ibtimes.com/beware-new-android-banking-malware-can-take-over-your-device-spread-through-fake-apps-3469028
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.139.128.11 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software
/
Resource Hash
3fe4cc563195e9e74c0e8ca99af0bd54640b3cef999fe1f0ce9a7724bbd76a6c
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.ibtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 12 Apr 2022 21:23:40 GMT
x-content-type-options
nosniff
age
0
grace
none
x-cache
MISS
x-ua-device
mobile
content-length
9872
last-modified
Sun, 13 Feb 2022 02:16:51 GMT
etag
"2690-5d7dce49dd5a7"
x-hw
1649798620.cds016.fr8.hn,1649798620.cds120.fr8.c
content-type
image/jpeg
access-control-allow-origin
*
x-geoip
US
cache-control
max-age=1209600, public
accept-ranges
bytes
x-cache-hits
0
firefighters-try-to-contain-a-fire-at-a.jpg
s1.ibtimes.com/sites/www.ibtimes.com/files/styles/sm/public/2022/04/11/ 		12 KB
12 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s1.ibtimes.com/sites/www.ibtimes.com/files/styles/sm/public/2022/04/11/firefighters-try-to-contain-a-fire-at-a.jpg
Requested by
Host: www.ibtimes.com
URL: https://www.ibtimes.com/beware-new-android-banking-malware-can-take-over-your-device-spread-through-fake-apps-3469028
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.139.128.11 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software
/
Resource Hash
2485bfaae063e63f6f5344d1919745d64b7bb409f5fb5dde10e6e2b9dc95b3d5
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.ibtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 12 Apr 2022 21:23:40 GMT
x-content-type-options
nosniff
age
0
grace
none
x-cache
MISS
x-ua-device
pc
content-length
12204
last-modified
Tue, 12 Apr 2022 02:22:30 GMT
etag
"2fac-5dc6bbb96f42b"
x-hw
1649798620.cds016.fr8.hn,1649798620.cds290.fr8.c
content-type
image/jpeg
access-control-allow-origin
*
x-geoip
OTHER
cache-control
max-age=1209600, public
accept-ranges
bytes
x-cache-hits
0
a-participant-stands-near-a-logo-of-imf.jpg
s1.ibtimes.com/sites/www.ibtimes.com/files/styles/sm/public/2022/04/12/ 		15 KB
15 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s1.ibtimes.com/sites/www.ibtimes.com/files/styles/sm/public/2022/04/12/a-participant-stands-near-a-logo-of-imf.jpg
Requested by
Host: www.ibtimes.com
URL: https://www.ibtimes.com/beware-new-android-banking-malware-can-take-over-your-device-spread-through-fake-apps-3469028
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.139.128.11 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software
/
Resource Hash
d4f3517ea3c20d09738dd2edf360156ab67b04c0f92404edc3840f5011d19878
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.ibtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 12 Apr 2022 21:23:40 GMT
x-content-type-options
nosniff
age
0
grace
none
x-cache
MISS
x-ua-device
tablet
content-length
15496
last-modified
Tue, 12 Apr 2022 15:27:02 GMT
etag
"3c88-5dc76b14f7fd5"
x-hw
1649798620.cds016.fr8.hn,1649798620.cds149.fr8.c
content-type
image/jpeg
access-control-allow-origin
*
x-geoip
US
cache-control
max-age=1209600, public
accept-ranges
bytes
x-cache-hits
0
ibtspotlight-min.jpeg
s1.ibtimes.com/sites/www.ibtimes.com/files/2021/05/26/ 		22 KB
22 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s1.ibtimes.com/sites/www.ibtimes.com/files/2021/05/26/ibtspotlight-min.jpeg
Requested by
Host: www.ibtimes.com
URL: https://www.ibtimes.com/beware-new-android-banking-malware-can-take-over-your-device-spread-through-fake-apps-3469028
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.139.128.11 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software
/
Resource Hash
918a84b6c1200fe1c8f438c72eb92b0ed499c274896e2241d3bcb14bfdc1fb3c
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.ibtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 12 Apr 2022 21:23:40 GMT
x-content-type-options
nosniff
age
0
grace
none
x-cache
MISS
x-ua-device
pc
content-length
22667
last-modified
Wed, 26 May 2021 21:01:39 GMT
etag
"588b-5c341f2e8a6f0"
x-hw
1649798620.cds016.fr8.hn,1649798620.cds264.fr8.c
content-type
image/jpeg
access-control-allow-origin
*
x-geoip
US
cache-control
max-age=1209600, public
accept-ranges
bytes
x-cache-hits
0
istock-1333368370.jpg
s1.ibtimes.com/sites/www.ibtimes.com/files/styles/v2_small/public/2022/04/08/ 		13 KB
13 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s1.ibtimes.com/sites/www.ibtimes.com/files/styles/v2_small/public/2022/04/08/istock-1333368370.jpg
Requested by
Host: www.ibtimes.com
URL: https://www.ibtimes.com/beware-new-android-banking-malware-can-take-over-your-device-spread-through-fake-apps-3469028
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.139.128.11 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software
/
Resource Hash
87dc6e1d6c6aea1ea22cbb5d4deab9eeac40d2c9d2f27fd551b72b968dda187b
Security Headers
Name Value
Strict-Transport-Security max-age=1000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.ibtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 12 Apr 2022 21:23:40 GMT
x-content-type-options
nosniff
age
0
x-geoip
US
x-cache
MISS
grace
none
x-ua-device
pc
content-length
13630
x-xss-protection
1; mode=block
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=1000; includeSubDomains
x-hw
1649798620.cds016.fr8.hn,1649798620.cds001.fr8.c
content-type
image/jpeg
cache-control
public, max-age=1209600, public
accept-ranges
bytes
x-cache-hits
0
lorna-borenstein.jpeg
d1.spcdn.ibt.com/multiupload/2021/08/26/ 		85 KB
85 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d1.spcdn.ibt.com/multiupload/2021/08/26/lorna-borenstein.jpeg
Requested by
Host: www.ibtimes.com
URL: https://www.ibtimes.com/beware-new-android-banking-malware-can-take-over-your-device-spread-through-fake-apps-3469028
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.139.128.11 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software
Apache/2.4.18 (Ubuntu) /
Resource Hash
b3e2992d1f2544fb9ab995d215bc479084d910759b62ea5f4c8b787884c8c688

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.ibtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 12 Apr 2022 21:23:40 GMT
last-modified
Thu, 26 Aug 2021 06:56:25 GMT
server
Apache/2.4.18 (Ubuntu)
etag
"154d3-5ca70dd90fa6d"
x-hw
1649798620.cds287.fr8.hn,1649798620.cds007.fr8.c
content-type
image/jpeg
access-control-allow-origin
*
cache-control
max-age=345600
accept-ranges
bytes
content-length
87251
robert-glazer.jpeg
s1.ibtimes.com/sites/www.ibtimes.com/files/styles/square_thumbnail/public/7/profile_image/ 		15 KB
15 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s1.ibtimes.com/sites/www.ibtimes.com/files/styles/square_thumbnail/public/7/profile_image/robert-glazer.jpeg
Requested by
Host: www.ibtimes.com
URL: https://www.ibtimes.com/beware-new-android-banking-malware-can-take-over-your-device-spread-through-fake-apps-3469028
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.139.128.11 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software
/
Resource Hash
2cf773555b435d7bab830a66563feb69e680b5fc2d2a0fc4b147275b694ba142
Security Headers
Name Value
Strict-Transport-Security max-age=1000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.ibtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 12 Apr 2022 21:23:40 GMT
x-content-type-options
nosniff
age
0
x-geoip
DE
x-cache
MISS
grace
none
x-ua-device
pc
content-length
15299
x-xss-protection
1; mode=block
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=1000; includeSubDomains
x-hw
1649798620.cds016.fr8.hn,1649798620.cds015.fr8.c
content-type
image/jpeg
cache-control
public, max-age=1209600, public
accept-ranges
bytes
x-cache-hits
0
js__Gyt98BNZBp62Hdp7ubSwvRKn1TtNmpkY-X5lIrn-rnw__VVfZji-D_VzFHWjho2-OtNHEFXIgpt1awGvCFLcx49A__BLfDMTfdyIpy-VJFGDnAh4bOQZnbFz8z57imDSXIqUw.js
s1.ibtimes.com/sites/www.ibtimes.com/files/advagg_js/ 		93 KB
33 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s1.ibtimes.com/sites/www.ibtimes.com/files/advagg_js/js__Gyt98BNZBp62Hdp7ubSwvRKn1TtNmpkY-X5lIrn-rnw__VVfZji-D_VzFHWjho2-OtNHEFXIgpt1awGvCFLcx49A__BLfDMTfdyIpy-VJFGDnAh4bOQZnbFz8z57imDSXIqUw.js
Requested by
Host: www.ibtimes.com
URL: https://www.ibtimes.com/beware-new-android-banking-malware-can-take-over-your-device-spread-through-fake-apps-3469028
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.139.128.11 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software
/
Resource Hash
39d630dfd93b5463b82c0e08411aec3cd41b0ffb1a8fc07e8b46ca6f96021945
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.ibtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 12 Apr 2022 21:23:40 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
0
grace
none
x-cache
MISS
x-ua-device
bot
content-length
33803
last-modified
Tue, 31 Aug 2021 13:11:22 GMT
etag
"1630415482"
x-hw
1649798620.cds016.fr8.hn,1649798620.cds227.fr8.c
content-type
application/javascript
x-geoip
US
cache-control
max-age=31449600, public, no-transform, public, immutable
accept-ranges
bytes
x-cache-hits
0
js__L9T9MMhD4LjvhcuxbWhNp7dB0VOAKyD3X9nWHmhjY4Q__E-YCd_HO3bT_lM9iSiqLVO-fzD5c-3rTbipbwfZlqLA__BLfDMTfdyIpy-VJFGDnAh4bOQZnbFz8z57imDSXIqUw.js
s1.ibtimes.com/sites/www.ibtimes.com/files/advagg_js/ 		65 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s1.ibtimes.com/sites/www.ibtimes.com/files/advagg_js/js__L9T9MMhD4LjvhcuxbWhNp7dB0VOAKyD3X9nWHmhjY4Q__E-YCd_HO3bT_lM9iSiqLVO-fzD5c-3rTbipbwfZlqLA__BLfDMTfdyIpy-VJFGDnAh4bOQZnbFz8z57imDSXIqUw.js
Requested by
Host: www.ibtimes.com
URL: https://www.ibtimes.com/beware-new-android-banking-malware-can-take-over-your-device-spread-through-fake-apps-3469028
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.139.128.11 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software
/
Resource Hash
daafa49c00ad71ec3477d7da2e14be1b14807f8d3178349239219e612e9dcecf
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.ibtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 12 Apr 2022 21:23:40 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
0
grace
none
x-cache
MISS
x-ua-device
pc
content-length
21750
last-modified
Tue, 31 Aug 2021 13:11:21 GMT
etag
"1630415481"
x-hw
1649798620.cds016.fr8.hn,1649798620.cds283.fr8.c
content-type
application/javascript
x-geoip
AE
cache-control
max-age=31449600, public, no-transform, public, immutable
accept-ranges
bytes
x-cache-hits
0
js__CcWIFRDSoUxnsdQz_WJ0oTQqrcb7XPj2j0oxIjRlshg__cnj50U89ayT6YVVde1Dnkyr6B7iet_a1WjaAi2M76zM__BLfDMTfdyIpy-VJFGDnAh4bOQZnbFz8z57imDSXIqUw.js
s1.ibtimes.com/sites/www.ibtimes.com/files/advagg_js/ 		77 KB
22 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s1.ibtimes.com/sites/www.ibtimes.com/files/advagg_js/js__CcWIFRDSoUxnsdQz_WJ0oTQqrcb7XPj2j0oxIjRlshg__cnj50U89ayT6YVVde1Dnkyr6B7iet_a1WjaAi2M76zM__BLfDMTfdyIpy-VJFGDnAh4bOQZnbFz8z57imDSXIqUw.js
Requested by
Host: www.ibtimes.com
URL: https://www.ibtimes.com/beware-new-android-banking-malware-can-take-over-your-device-spread-through-fake-apps-3469028
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.139.128.11 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software
/
Resource Hash
87106a6db13151afb9eedfc55dd216bf1d05f45164673030778e55867d382f7f
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.ibtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 12 Apr 2022 21:23:40 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
0
grace
none
x-cache
MISS
x-ua-device
pc
content-length
22499
last-modified
Thu, 09 Sep 2021 22:29:38 GMT
etag
"1631226578"
x-hw
1649798620.cds016.fr8.hn,1649798620.cds284.fr8.c
content-type
application/javascript
x-geoip
US
cache-control
max-age=31449600, public, no-transform, public, immutable
accept-ranges
bytes
x-cache-hits
0
js__K8ArvkXR4ILCClr7YJ4pnHFJpRuFieZm33dzKb4NAkk__TizRDfJUe6v58ZlgBKjytcGi9qGeQKc-URBlBCBasNk__BLfDMTfdyIpy-VJFGDnAh4bOQZnbFz8z57imDSXIqUw.js
s1.ibtimes.com/sites/www.ibtimes.com/files/advagg_js/ 		592 KB
160 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s1.ibtimes.com/sites/www.ibtimes.com/files/advagg_js/js__K8ArvkXR4ILCClr7YJ4pnHFJpRuFieZm33dzKb4NAkk__TizRDfJUe6v58ZlgBKjytcGi9qGeQKc-URBlBCBasNk__BLfDMTfdyIpy-VJFGDnAh4bOQZnbFz8z57imDSXIqUw.js
Requested by
Host: www.ibtimes.com
URL: https://www.ibtimes.com/beware-new-android-banking-malware-can-take-over-your-device-spread-through-fake-apps-3469028
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.139.128.11 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software
/
Resource Hash
8f7fb89d1e3057f044d785adec915f2bb1f6dfed2a9ae2431f4cc4e059676438
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.ibtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 12 Apr 2022 21:23:40 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
0
grace
none
x-cache
MISS
x-ua-device
mobile
content-length
163179
last-modified
Thu, 16 Sep 2021 16:24:34 GMT
etag
"1631809474"
x-hw
1649798620.cds016.fr8.hn,1649798620.cds005.fr8.c
content-type
application/javascript
x-geoip
US
cache-control
max-age=31449600, public, no-transform, public, immutable
accept-ranges
bytes
x-cache-hits
0
js__hTfUrXDx_a5QNyz8rTU7bcGGqbTJvsIbcOhPcBriQ_U__Z0nT8VOPJLWOlqE9CBC0qAPGt4UdFE3JqqgX2UEyQVY__BLfDMTfdyIpy-VJFGDnAh4bOQZnbFz8z57imDSXIqUw.js
s1.ibtimes.com/sites/www.ibtimes.com/files/advagg_js/ 		59 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s1.ibtimes.com/sites/www.ibtimes.com/files/advagg_js/js__hTfUrXDx_a5QNyz8rTU7bcGGqbTJvsIbcOhPcBriQ_U__Z0nT8VOPJLWOlqE9CBC0qAPGt4UdFE3JqqgX2UEyQVY__BLfDMTfdyIpy-VJFGDnAh4bOQZnbFz8z57imDSXIqUw.js
Requested by
Host: www.ibtimes.com
URL: https://www.ibtimes.com/beware-new-android-banking-malware-can-take-over-your-device-spread-through-fake-apps-3469028
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.139.128.11 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software
/
Resource Hash
aa5b6cc2a93399bd2d249c3bcd11c98e5b8295daf6bedeb62064dd5d0af75a72
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.ibtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 12 Apr 2022 21:23:40 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
0
grace
none
x-cache
MISS
x-ua-device
pc
content-length
12473
last-modified
Tue, 26 Oct 2021 21:12:12 GMT
etag
"1635282732"
x-hw
1649798620.cds016.fr8.hn,1649798620.cds211.fr8.c
content-type
application/javascript
x-geoip
CO
cache-control
max-age=31449600, public, no-transform, public, immutable
accept-ranges
bytes
x-cache-hits
0
ccpa.bundle.js
ccpa.privacymanager.io/1/ 		131 KB
41 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ccpa.privacymanager.io/1/ccpa.bundle.js
Requested by
Host: ccpa-wrapper.privacymanager.io
URL: https://ccpa-wrapper.privacymanager.io/ccpa/b048e9c3-ab54-4024-9fa6-983e6fcec56c/ccpa-liveramp.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:236e:3000:9:dc53:cc00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
a6175d081940061cb96a2e8c9c90887b6f603361fe584bb053761581a36cb908

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.ibtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-amz-version-id
S55.q4LHTQasxIIGmk7UfPvyt9yqJHGy
content-encoding
gzip
etag
W/"7f5aef4d639402ac1025ddfa0b62c5d8"
age
52811
x-amz-server-side-encryption
AES256
x-amz-meta-codebuild-buildarn
arn:aws:codebuild:eu-west-1:469675294282:build/CCPALibrary-prod:a6c91178-f8bd-4f06-8ae8-e76e8e3a3629
x-cache
Hit from cloudfront
x-amz-meta-codebuild-content-md5
cb289bc810fc195ae8814bb681f582bb
last-modified
Tue, 16 Nov 2021 19:24:49 GMT
server
AmazonS3
date
Tue, 12 Apr 2022 06:43:30 GMT
vary
Accept-Encoding
x-amz-meta-codebuild-content-sha256
74033cf5ad3c6b4675a2f160d9899f764650cd888b96172f921de07f527a8f56
via
1.1 0dec5f752f0f332c449471a83f050dd2.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P1
content-type
application/x-javascript
x-amz-cf-id
r5ZxodPpqWcLGL1bdc5W-zEjaspR9aaNlUxF55KE3MolZrDnjffQbw==
gdpr.bundle.js
gdpr.privacymanager.io/1/ 		136 KB
43 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://gdpr.privacymanager.io/1/gdpr.bundle.js
Requested by
Host: gdpr-wrapper.privacymanager.io
URL: https://gdpr-wrapper.privacymanager.io/gdpr/93872cc6-8fc9-44b6-9bbe-081c7bd04dc4/gdpr-liveramp.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2250:ae00:16:f82a:8600:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
e660409d9d38f3b0eb3f3a7a6fee086ffcc6963ef7ce1cc34c0e0914a5711e9b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.ibtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-amz-version-id
glAwAaxvc.ZjOjOIWNogJPvvcVsiZL4F
content-encoding
gzip
etag
W/"b058249a7fc2cf2f0c875f009d362924"
age
2705
x-amz-server-side-encryption
AES256
x-amz-meta-codebuild-buildarn
arn:aws:codebuild:eu-west-1:469675294282:build/TCFBuild-prod:8c0e5ea4-8848-401a-9cc7-ca61b76821ff
x-cache
Hit from cloudfront
x-amz-meta-codebuild-content-md5
b1dc6e25e8260c0cdc432ece37e1d5a0
last-modified
Wed, 09 Mar 2022 10:50:36 GMT
server
AmazonS3
date
Tue, 12 Apr 2022 20:38:37 GMT
vary
Accept-Encoding
x-amz-meta-codebuild-content-sha256
c059696b69225d5ab3b863c15e081ff488d08abad942f988fe8ebc1d57d5c409
via
1.1 da6955a1993e1118f32bcb48c6630c20.cloudfront.net (CloudFront)
cache-control
must-revalidate,public,max-age=3600
x-amz-cf-pop
FRA60-P2
content-type
application/x-javascript
x-amz-cf-id
z8Efu0ptXW6Q6-brfFwV34VTmZj3jLxuQPVZe8BxtgyXyagU6uj03g==
b
query.fqtag.com/ 		82 B
195 B 		Script
General
Check archive.org
Download Go to
Full URL
https://query.fqtag.com/b?org=8adasewre3atrefrejuj&sk=Pd8JDmKG8eZNvkNzvGBX&callback=fq_callback&p=www.ibtimes.com_article&a=article&cmp=none&cb=1649798620439&url=none&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F100.0.4896.75%20Safari%2F537.36
Requested by
Host: www.ibtimes.com
URL: https://www.ibtimes.com/beware-new-android-banking-malware-can-take-over-your-device-spread-through-fake-apps-3469028
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.186.195.222 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
222.195.186.35.bc.googleusercontent.com
Software
/
Resource Hash
b896263dd16c4f5f4009a72b04489499dcd90ce9658086dcb3eb4b01409f088b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.ibtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 12 Apr 2022 21:23:40 GMT
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
82
apstag.js
c.amazon-adsystem.com/aax2/ 		134 KB
36 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://c.amazon-adsystem.com/aax2/apstag.js
Requested by
Host: www.ibtimes.com
URL: https://www.ibtimes.com/beware-new-android-banking-malware-can-take-over-your-device-spread-through-fake-apps-3469028
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.109.174 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-109-174.fra56.r.cloudfront.net
Software
Server /
Resource Hash
3ef5bfd224e0baa902eb88c94979cfaeccf2169a996c601fa3de4c3f3b33da01

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.ibtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-amz-version-id
.7apL996dsR_ZFPBtTTtY5SRaPfBf8DJ
content-encoding
gzip
etag
4e3fad24a118a07cea7ce88b2721a583
age
797
x-cache
Hit from cloudfront
server
Server
x-amz-rid
128E1N5NDDVAQ4V6N134
date
Tue, 12 Apr 2022 21:10:27 GMT
vary
Accept-Encoding
content-type
application/javascript
via
1.1 da9380f22ff2303fc2fd4652bf7ec7ba.cloudfront.net (CloudFront)
cache-control
public, max-age=900
x-amz-cf-pop
FRA56-P5
accept-ranges
bytes
timing-allow-origin
*
x-amz-cf-id
sBQtRVmBSZHNDjAb5_1lIqD2paFMZtV1JFFMs9vfbcxRjBnIzM6B-w==
icon_menu.svg
s1.ibtimes.com/sites/www.ibtimes.com/themes/us_ibtimes/images/ 		566 B
469 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s1.ibtimes.com/sites/www.ibtimes.com/themes/us_ibtimes/images/icon_menu.svg
Requested by
Host: www.ibtimes.com
URL: https://www.ibtimes.com/beware-new-android-banking-malware-can-take-over-your-device-spread-through-fake-apps-3469028
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.139.128.11 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software
/
Resource Hash
123ff4ecb2beb9d9b5d1ebded092bbba81532fd7cad794a5574d106fbb2151e1
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.ibtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 12 Apr 2022 21:23:40 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
0
grace
none
x-cache
MISS
x-ua-device
pc
content-length
347
last-modified
Tue, 31 Aug 2021 13:08:49 GMT
etag
"236-5cadaa6940d09-gzip"
x-hw
1649798620.cds016.fr8.hn,1649798620.cds268.fr8.c
content-type
image/svg+xml
access-control-allow-origin
*
x-geoip
US
cache-control
max-age=1209600, public
accept-ranges
bytes
x-cache-hits
0
icon_search.svg
s1.ibtimes.com/sites/www.ibtimes.com/themes/us_ibtimes/images/ 		622 B
547 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s1.ibtimes.com/sites/www.ibtimes.com/themes/us_ibtimes/images/icon_search.svg
Requested by
Host: www.ibtimes.com
URL: https://www.ibtimes.com/beware-new-android-banking-malware-can-take-over-your-device-spread-through-fake-apps-3469028
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.139.128.11 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software
/
Resource Hash
9322512e96eb29c7d82a4d55d58cb5d6886aa235c4ba1c0ebfe815240cb3ba6d
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.ibtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 12 Apr 2022 21:23:40 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
0
grace
none
x-cache
MISS
x-ua-device
mobile
content-length
419
last-modified
Tue, 31 Aug 2021 13:08:49 GMT
etag
"26e-5cadaa6940d09-gzip"
x-hw
1649798620.cds016.fr8.hn,1649798620.cds232.fr8.c
content-type
image/svg+xml
access-control-allow-origin
*
x-geoip
US
cache-control
max-age=1209600, public
accept-ranges
bytes
x-cache-hits
0
logo-md.svg
s1.ibtimes.com/sites/www.ibtimes.com/themes/us_ibtimes/images/ 		6 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s1.ibtimes.com/sites/www.ibtimes.com/themes/us_ibtimes/images/logo-md.svg
Requested by
Host: www.ibtimes.com
URL: https://www.ibtimes.com/beware-new-android-banking-malware-can-take-over-your-device-spread-through-fake-apps-3469028
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.139.128.11 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software
/
Resource Hash
efa977023c6486f558af30e428480972817e39f602b5ac0307f1e64f5fad5e91
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.ibtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 12 Apr 2022 21:23:40 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
0
grace
none
x-cache
MISS
x-ua-device
pc
content-length
1560
last-modified
Thu, 16 Apr 2020 18:00:48 GMT
etag
"1766-5a36c36488787-gzip"
x-hw
1649798620.cds016.fr8.hn,1649798620.cds138.fr8.c
content-type
image/svg+xml
access-control-allow-origin
*
x-geoip
US
cache-control
max-age=1209600, public
accept-ranges
bytes
x-cache-hits
0
GothamNarrow-Book.woff2
s1.ibtimes.com/sites/www.ibtimes.com/themes/us_ibtimes/fonts/ 		20 KB
20 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://s1.ibtimes.com/sites/www.ibtimes.com/themes/us_ibtimes/fonts/GothamNarrow-Book.woff2
Requested by
Host: www.ibtimes.com
URL: https://www.ibtimes.com/beware-new-android-banking-malware-can-take-over-your-device-spread-through-fake-apps-3469028
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.139.128.11 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software
/
Resource Hash
d297ed5bc864561563c23526a7e616c5aa859c02eb00845dfae4439f83f09354
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.ibtimes.com/
Origin
https://www.ibtimes.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 12 Apr 2022 21:23:40 GMT
x-content-type-options
nosniff
age
0
grace
none
x-cache
MISS
x-ua-device
mobile
content-length
20328
last-modified
Mon, 09 Mar 2020 17:42:48 GMT
etag
"4f68-5a06f881cc24d"
x-hw
1649798620.cds002.fr8.hn,1649798620.cds277.fr8.c
content-type
application/octet-stream
access-control-allow-origin
*
x-geoip
US
cache-control
max-age=1209600, public
accept-ranges
bytes
x-cache-hits
0
GothamNarrow-Medium.woff2
s1.ibtimes.com/sites/www.ibtimes.com/themes/us_ibtimes/fonts/ 		20 KB
20 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://s1.ibtimes.com/sites/www.ibtimes.com/themes/us_ibtimes/fonts/GothamNarrow-Medium.woff2
Requested by
Host: www.ibtimes.com
URL: https://www.ibtimes.com/beware-new-android-banking-malware-can-take-over-your-device-spread-through-fake-apps-3469028
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.139.128.11 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software
/
Resource Hash
bf8c52fac4387f2c2892a116d6cd08de6c64061e88200df7ca256b1918db8a23
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.ibtimes.com/
Origin
https://www.ibtimes.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 12 Apr 2022 21:23:40 GMT
x-content-type-options
nosniff
age
14589
grace
none
x-cache
HIT
x-ua-device
mobile
content-length
20396
last-modified
Mon, 09 Mar 2020 17:42:48 GMT
etag
"4fac-5a06f881ce18d"
x-hw
1649798620.cds002.fr8.hn,1649798620.cds244.fr8.c
content-type
application/octet-stream
access-control-allow-origin
*
x-geoip
US
cache-control
max-age=1209600, public
accept-ranges
bytes
x-cache-hits
1
Genericons.woff
s1.ibtimes.com/sites/all/themes/lemon/fonts/ 		14 KB
14 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://s1.ibtimes.com/sites/all/themes/lemon/fonts/Genericons.woff
Requested by
Host: www.ibtimes.com
URL: https://www.ibtimes.com/beware-new-android-banking-malware-can-take-over-your-device-spread-through-fake-apps-3469028
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.139.128.11 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software
/
Resource Hash
970a3fa15876d16dcc0fd70eb7c9ab44d733108b3ddca1a449edd0356c1b79a7
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.ibtimes.com/
Origin
https://www.ibtimes.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 12 Apr 2022 21:23:40 GMT
x-content-type-options
nosniff
age
0
grace
none
x-cache
MISS
x-ua-device
mobile
content-length
13988
last-modified
Tue, 26 Jul 2016 03:18:10 GMT
etag
"36a4-52cba959d601d"
x-hw
1649798620.cds002.fr8.hn,1649798620.cds140.fr8.c
content-type
application/x-font-woff
access-control-allow-origin
*
x-geoip
US
cache-control
max-age=1209600, public
accept-ranges
bytes
x-cache-hits
0
GothamNarrow-Bold.woff2
s1.ibtimes.com/sites/www.ibtimes.com/themes/us_ibtimes/fonts/ 		20 KB
20 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://s1.ibtimes.com/sites/www.ibtimes.com/themes/us_ibtimes/fonts/GothamNarrow-Bold.woff2
Requested by
Host: www.ibtimes.com
URL: https://www.ibtimes.com/beware-new-android-banking-malware-can-take-over-your-device-spread-through-fake-apps-3469028
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.139.128.11 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software
/
Resource Hash
fa9d0382df6ffc1160364daa89169e6635cb1198d0ea46c5edbc483dba4f3024
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.ibtimes.com/
Origin
https://www.ibtimes.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 12 Apr 2022 21:23:40 GMT
x-content-type-options
nosniff
age
25831
grace
none
x-cache
HIT
x-ua-device
mobile
content-length
20268
last-modified
Mon, 09 Mar 2020 17:42:48 GMT
etag
"4f2c-56706e30d80b6"
x-hw
1649798620.cds002.fr8.hn,1649798620.cds041.fr8.c
content-type
application/octet-stream
access-control-allow-origin
*
x-geoip
US
cache-control
max-age=1209600, public
accept-ranges
bytes
x-cache-hits
1
GothamNarrow-Black.woff2
s1.ibtimes.com/sites/www.ibtimes.com/themes/us_ibtimes/fonts/ 		27 KB
27 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://s1.ibtimes.com/sites/www.ibtimes.com/themes/us_ibtimes/fonts/GothamNarrow-Black.woff2
Requested by
Host: www.ibtimes.com
URL: https://www.ibtimes.com/beware-new-android-banking-malware-can-take-over-your-device-spread-through-fake-apps-3469028
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.139.128.11 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software
/
Resource Hash
0bf095b71113f5dce2d2fc47d5d8ae5ead9299bfd4ef43245fcd07b5de85a2a9
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.ibtimes.com/
Origin
https://www.ibtimes.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 12 Apr 2022 21:23:40 GMT
x-content-type-options
nosniff
age
0
grace
none
x-cache
MISS
x-ua-device
mobile
content-length
27792
last-modified
Mon, 09 Mar 2020 17:42:48 GMT
etag
"6c90-59ce70c6d064f"
x-hw
1649798620.cds002.fr8.hn,1649798620.cds245.fr8.c
content-type
application/octet-stream
access-control-allow-origin
*
x-geoip
US
cache-control
max-age=1209600, public
accept-ranges
bytes
x-cache-hits
0
connatix.playspace.dc.js
cds.connatix.com/p/158503/ Frame CCE6
Redirect Chain
  • https://cd.connatix.com/connatix.playspace.js
  • https://cds.connatix.com/p/158503/connatix.playspace.dc.js
883 KB
205 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cds.connatix.com/p/158503/connatix.playspace.dc.js
Requested by
Host: www.ibtimes.com
URL: https://www.ibtimes.com/beware-new-android-banking-malware-can-take-over-your-device-spread-through-fake-apps-3469028
Protocol
H2
Server
151.101.2.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
20a652841cdbc369bb0ba40e1c6f6705826b2989df58b6c35385b942631e1792

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 12 Apr 2022 21:23:40 GMT
content-encoding
br
last-modified
Mon, 11 Apr 2022 15:32:30 GMT
age
49227
etag
"61c8ce6dff07011741125bc951f1e8d5"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
access-control-max-age
86400
cache-control
public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges
bytes
content-length
209840

Redirect headers

location
https://cds.connatix.com/p/158503/connatix.playspace.dc.js
date
Tue, 12 Apr 2022 21:23:40 GMT
cache-control
no-cache, no-store, must-revalidate, max-age=0
accept-ranges
bytes
content-length
0
access-control-max-age
86400
getGeo
vuukle.com/ 		90 B
406 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://vuukle.com/getGeo
Requested by
Host: cdn.vuukle.com
URL: https://cdn.vuukle.com/platform.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:1695 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
53f98bb0b288d162a288ce2caf8406c00c1fd474f0c73a58b5893098271621a9

Request headers

Referer
https://www.ibtimes.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain

Response headers

date
Tue, 12 Apr 2022 21:23:40 GMT
content-encoding
br
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
access-control-allow-methods
GET,HEAD,POST,OPTIONS
content-type
application/json;charset=UTF-8
access-control-allow-origin
*
access-control-max-age
86400
cf-ray
6faf06433d4e9960-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
ibtimes.com.307820.es6.js
jsc.mgid.com/i/b/ 		327 KB
85 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://jsc.mgid.com/i/b/ibtimes.com.307820.es6.js
Requested by
Host: jsc.mgid.com
URL: https://jsc.mgid.com/i/b/ibtimes.com.307820.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.19.136.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
07bcb0cc8d8e4837f96c19f8b5ea32585a406111f153fbfd3c5e79fa457960b5

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.ibtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 12 Apr 2022 21:23:40 GMT
content-encoding
br
cf-cache-status
HIT
age
6957
cf-polished
origSize=449229
last-modified
Wed, 06 Apr 2022 13:49:01 GMT
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id
2FS2PE203S2Y915A
x-amz-id-2
sUGmA3xI3DG8T/xctIhkyh5O0kedoQFQnpGIixnUFsClDD4vjKrAdZBpiwL4SNwh2TsAJFpz22Y=
cf-bgj
minify
server
cloudflare
etag
W/"7b9a3a5855ec0460e12cee08e1f1b0f8"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=10800
cf-ray
6faf0642ed705bf1-FRA
expires
Wed, 13 Apr 2022 00:23:40 GMT
5154892.js
js.hs-analytics.net/analytics/1649798400000/ 		62 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hs-analytics.net/analytics/1649798400000/5154892.js
Requested by
Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/5154892.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:46b0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3bad50438d4a6ef70f91a61bb343967bb3f12863e971f6d522dc054ecca233b2

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.ibtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 12 Apr 2022 21:23:40 GMT
content-encoding
br
cf-cache-status
HIT
age
148
x-amz-server-side-encryption
AES256
x-amz-request-id
NP54Q6A4A0G0HX4C
x-amz-id-2
Wli9RJqs3u+JF/sDNDvGiPb7aCuSJrRdEjVrGIY8EK2qGGzWAaOWmq6RRSSMqXE3V3stCNchVtY=
last-modified
Thu, 24 Feb 2022 12:22:52 GMT
server
cloudflare
etag
W/"82eabeb3f4095c4d76740e6cb6c3b24d"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/javascript
cache-control
max-age=300, public
access-control-allow-credentials
false
x-amz-version-id
null
cf-ray
6faf06434ca69b28-FRA
expires
Tue, 12 Apr 2022 21:26:12 GMT
5154892.js
js.hs-banner.com/ 		61 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hs-banner.com/5154892.js
Requested by
Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/5154892.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:15bf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
681306be297e72ea2d197fa951c8f9d4a9f4529fd88b14a96b26cef3125ada9e

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.ibtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 12 Apr 2022 21:23:40 GMT
content-encoding
br
cf-cache-status
HIT
age
197
x-amz-server-side-encryption
AES256
content-type
text/javascript; charset=UTF-8
access-control-max-age
604800
x-amz-request-id
Q5Y9C9P2K79RS18W
x-amz-id-2
PjhwMt619FkW/RvGFqLAMX+2jW18bIFNtqfXAg/g+zGd8cNJeIfQHxo4UxwOMxdVqa/a16xUCFQ=
timing-allow-origin
*
last-modified
Thu, 17 Feb 2022 21:18:40 GMT
server
cloudflare
etag
W/"1b903dc9cf9f226fd93adb39f683650e"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
x-amz-version-id
cqG.12I2wwo7Q_o6kzso1hLwef5kqHil
access-control-allow-origin
https://www.ibtimes.com
access-control-expose-headers
x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
cache-control
max-age=300, public
access-control-allow-credentials
true
cf-ray
6faf06433f745c26-FRA
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
expires
Tue, 12 Apr 2022 21:25:23 GMT
c
prebid.a-mo.net/a/ 		0
348 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebid.a-mo.net/a/c
Requested by
Host: s1.ibtimes.com
URL: https://s1.ibtimes.com/sites/all/modules/modules-custom/fusion/fusion_ads/js/prebid.min.js?v=6.3
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
145.40.89.200 Ashburn, United States, ASN54825 (PACKET, US),
Reverse DNS
Software
envoy /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.ibtimes.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://www.ibtimes.com
date
Tue, 12 Apr 2022 21:23:40 GMT
cache-control
max-age=0, private, must-revalidate
access-control-allow-credentials
true
server
envoy
x-envoy-upstream-service-time
446
vary
origin, Accept-Encoding
25
web.hb.ad.cpe.dotomi.com/cvx/client/hb/ortb/ 		560 B
745 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://web.hb.ad.cpe.dotomi.com/cvx/client/hb/ortb/25
Requested by
Host: s1.ibtimes.com
URL: https://s1.ibtimes.com/sites/all/modules/modules-custom/fusion/fusion_ads/js/prebid.min.js?v=6.3
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a02:fa8:8806:20::2100 , Singapore, ASN41041 (VCLK-EU-SE, US),
Reverse DNS
Software
nginx /
Resource Hash
b22651855d24a663f57b81ad347cf67385aab5a8ee23c98e5b33fabfe12a0464

Request headers

Referer
https://www.ibtimes.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Tue, 12 Apr 2022 21:23:40 GMT
server
nginx
content-type
application/json
access-control-allow-origin
https://www.ibtimes.com
cache-control
no-cache
access-control-allow-credentials
true
content-length
560
expires
0
auction
prebid-server.rubiconproject.com/openrtb2/ 		173 B
404 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebid-server.rubiconproject.com/openrtb2/auction
Requested by
Host: s1.ibtimes.com
URL: https://s1.ibtimes.com/sites/all/modules/modules-custom/fusion/fusion_ads/js/prebid.min.js?v=6.3
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.67.111.41 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-67-111-41.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
cbd4d5023330712fc2b290e91eb7d59b545f5f1f44a058b5b58eaf07fc4d5ac2

Request headers

Referer
https://www.ibtimes.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Tue, 12 Apr 2022 21:23:40 GMT
content-encoding
gzip
x-prebid
pbs-java/1.86.0
content-type
application/json
access-control-allow-origin
https://www.ibtimes.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-length
169
expires
0
fastlane.json
fastlane.rubiconproject.com/a/api/ 		1021 B
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=19988&site_id=234676&zone_id=1157176%3B1157168%3B1157170%3B1157172%3B1157174&size_id=2%3B15%3B15%3B15%3B15&alt_size_ids=57%3B10%3B10%3B%3B9%2C10&rf=https%3A%2F%2Fwww.ibtimes.com%2Fbeware-new-android-banking-malware-can-take-over-your-device-spread-through-fake-apps-3469028&kw=androidmalware%2Cocto%2Chacking%2C&tg_i.ref=https%3A%2F%2Fwww.ibtimes.com%2Fbeware-new-android-banking-malware-can-take-over-your-device-spread-through-fake-apps-3469028&tg_i.page=https%3A%2F%2Fwww.ibtimes.com%2Fbeware-new-android-banking-malware-can-take-over-your-device-spread-through-fake-apps-3469028&tg_i.domain=ibtimes.com&tg_i.pbadslot=dfp-ad-top%3Bdfp-ad-right1%3Bdfp-ad-right2%3Bdfp-ad-right3%3Bdfp-ad-right4&tk_flint=pbjs_lite_v6.3.0&x_source.tid=0000e3b2-7011-4930-8331-81c16cc25a96%3B227dbe26-5734-4eac-b17f-483703cbe2b0%3B4e013c0d-08ec-4b6f-a9d5-a4ef5af7261c%3Bcbf117b2-3411-4fe7-b36f-e588892d6942%3Bdeefde28-b898-4528-aa98-419f516255ad&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=5&rand=0.8921467302341899
Requested by
Host: s1.ibtimes.com
URL: https://s1.ibtimes.com/sites/all/modules/modules-custom/fusion/fusion_ads/js/prebid.min.js?v=6.3
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
2602:803:c003:200::21 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.21.4 /
Resource Hash
2966f3a32b707aca8e2f41738ea6394f6378a2721785fb718e4912317d7d53a8

Request headers

Referer
https://www.ibtimes.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Tue, 12 Apr 2022 21:23:40 GMT
Content-Encoding
gzip
Server
nginx/1.21.4
Vary
Accept-Encoding
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
https://www.ibtimes.com
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json
Content-Length
406
Expires
Wed, 17 Sep 1975 21:32:10 GMT
prebid
ib.adnxs.com/ut/v3/ 		52 KB
15 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: s1.ibtimes.com
URL: https://s1.ibtimes.com/sites/all/modules/modules-custom/fusion/fusion_ads/js/prebid.min.js?v=6.3
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.221.50 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
728.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
76d338ca99491f36c314e9fe400eaa2cbfa90e31865d65dfefdf45534a5d86e4
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://www.ibtimes.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain

Response headers

Date
Tue, 12 Apr 2022 21:23:40 GMT
Content-Encoding
gzip
Transfer-Encoding
chunked
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection
keep-alive
X-Proxy-Origin
217.114.215.131; 217.114.215.131; 728.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
X-XSS-Protection
0
Pragma
no-cache
AN-X-Request-Uuid
67045866-883c-4563-b360-cb4e8526c957
Server
nginx/1.21.3
Vary
Accept-Encoding
Content-Type
application/json; charset=utf-8
Access-Control-Allow-Origin
https://www.ibtimes.com
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Expires
Sat, 15 Nov 2008 16:00:00 GMT
arj
u.openx.net/w/1.0/ 		73 B
379 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://u.openx.net/w/1.0/arj?ju=https%3A%2F%2Fwww.ibtimes.com%2Fbeware-new-android-banking-malware-can-take-over-your-device-spread-through-fake-apps-3469028&ch=UTF-8&res=1600x1200x24&ifr=false&tz=0&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=0000e3b2-7011-4930-8331-81c16cc25a96%2C227dbe26-5734-4eac-b17f-483703cbe2b0%2C4e013c0d-08ec-4b6f-a9d5-a4ef5af7261c%2Ccbf117b2-3411-4fe7-b36f-e588892d6942%2Cdeefde28-b898-4528-aa98-419f516255ad&nocache=1649798620671&ph=c426afb7-9100-4325-a885-afed645e58b6&aus=728x90%2C970x250%7C300x250%2C300x600%7C300x250%2C300x600%7C300x250%7C300x250%2C300x600%2C160x600&divids=dfp-ad-top%2Cdfp-ad-right1%2Cdfp-ad-right2%2Cdfp-ad-right3%2Cdfp-ad-right4&aucs=dfp-ad-top%2Cdfp-ad-right1%2Cdfp-ad-right2%2Cdfp-ad-right3%2Cdfp-ad-right4&auid=540734349%2C540734343%2C540734346%2C540734347%2C540734348
Requested by
Host: s1.ibtimes.com
URL: https://s1.ibtimes.com/sites/all/modules/modules-custom/fusion/fusion_ads/js/prebid.min.js?v=6.3
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
8.159.244.35.bc.googleusercontent.com
Software
OXGW/18.0.0 /
Resource Hash
14378a8aabe974f976f24811edeace63bcef66de85648388eb84604afcc94ca2

Request headers

Referer
https://www.ibtimes.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Tue, 12 Apr 2022 21:23:40 GMT
content-encoding
gzip
server
OXGW/18.0.0
vary
Accept, Accept-Encoding
p3p
CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin
https://www.ibtimes.com
cache-control
private, max-age=0, no-cache
access-control-allow-credentials
true
content-type
application/json
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
79
via
1.1 google
expires
Mon, 26 Jul 1997 05:00:00 GMT
avjp
u.openx.net/v/1.0/ 		106 B
173 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://u.openx.net/v/1.0/avjp?ju=https%3A%2F%2Fwww.ibtimes.com%2Fbeware-new-android-banking-malware-can-take-over-your-device-spread-through-fake-apps-3469028&ch=UTF-8&res=1600x1200x24&ifr=false&tz=0&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=43c4a1e2-291f-4976-883b-57722444bf9f&nocache=1649798620671&ph=c426afb7-9100-4325-a885-afed645e58b6&openrtb=%7B%22imp%22%3A%5B%7B%22video%22%3A%7B%22w%22%3A640%2C%22h%22%3A360%2C%22mimes%22%3A%5B%22video%2Fmp4%22%2C%22application%2Fjavascript%22%5D%2C%22protocols%22%3A%5B2%2C3%2C5%2C6%2C7%2C8%5D%2C%22api%22%3A%5B2%5D%2C%22playbackmethod%22%3A%5B1%2C2%2C3%5D%2C%22delivery%22%3A%5B2%5D%2C%22maxduration%22%3A60%2C%22linearity%22%3A1%2C%22placement%22%3A1%7D%7D%5D%7D&auid=540745828&vwd=640&vht=360&aucs=video&aumfs=2000
Requested by
Host: s1.ibtimes.com
URL: https://s1.ibtimes.com/sites/all/modules/modules-custom/fusion/fusion_ads/js/prebid.min.js?v=6.3
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
8.159.244.35.bc.googleusercontent.com
Software
OXGW/18.0.0 /
Resource Hash
730fa1f3e8b3c4a223c4e69f4a27e690a4552f96ab97dba05b943dff44967658

Request headers

Referer
https://www.ibtimes.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Tue, 12 Apr 2022 21:23:40 GMT
via
1.1 google
server
OXGW/18.0.0
p3p
CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin
https://www.ibtimes.com
cache-control
private, max-age=0, no-cache
access-control-allow-credentials
true
content-type
application/json
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
106
expires
Mon, 26 Jul 1997 05:00:00 GMT
auction
tlx.3lift.com/header/ 		26 KB
10 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://tlx.3lift.com/header/auction?lib=prebid&v=6.3.0&referrer=https%3A%2F%2Fwww.ibtimes.com%2Fbeware-new-android-banking-malware-can-take-over-your-device-spread-through-fake-apps-3469028&tmax=1000
Requested by
Host: s1.ibtimes.com
URL: https://s1.ibtimes.com/sites/all/modules/modules-custom/fusion/fusion_ads/js/prebid.min.js?v=6.3
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.184.69.62 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-184-69-62.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
fed1530ad405c5acbfac41806aa4a45569e0cbdc98cfb3d70475c5eaaf202675
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://www.ibtimes.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Tue, 12 Apr 2022 21:23:41 GMT
content-encoding
gzip
accept-ch
sec-ch-ua-bitness,sec-ch-ua,sec-ch-ua-arch,sec-ch-rtt,sec-ch-viewport-height,sec-ch-ua-platform,sec-ch-viewport-width,sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version,sec-ch-dpr,sec-ch-device-memory,sec-ch-save-data,sec-ch-ua-mobile,sec-ch-downlink,user-agent,sec-ch-ect,sec-ch-width,sec-ch-prefers-color-scheme
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.ibtimes.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-length
10211
x-xss-protection
0
expires
Thu, 15 Oct 1992 20:10:00 GMT
bid.json
reachms.bfmio.com/ 		0
218 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://reachms.bfmio.com/bid.json?exchange_id=9950dc87-e457-40ab-84d2-0662b604390c
Requested by
Host: s1.ibtimes.com
URL: https://s1.ibtimes.com/sites/all/modules/modules-custom/fusion/fusion_ads/js/prebid.min.js?v=6.3
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.204.162.123 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-204-162-123.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.ibtimes.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://www.ibtimes.com
date
Tue, 12 Apr 2022 21:23:40 GMT
access-control-allow-credentials
true
access-control-expose-headers
location
vary
Origin
expires
Thu, 01 Jan 1970 00:00:00 GMT
translator
hbopenbid.pubmatic.com/ 		0
0
openrtb
ads.adaptv.advertising.com/rtb/ 		41 B
377 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ads.adaptv.advertising.com/rtb/openrtb?ext_id=IBTimes
Requested by
Host: s1.ibtimes.com
URL: https://s1.ibtimes.com/sites/all/modules/modules-custom/fusion/fusion_ads/js/prebid.min.js?v=6.3
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.157.83.195 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-157-83-195.eu-central-1.compute.amazonaws.com
Software
adaptv/1.0 /
Resource Hash
9c963a33a9c2cb053945df36c0368e88ae3f52d0c6770399428504f4f8a48e40

Request headers

Referer
https://www.ibtimes.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
content-encoding
gzip
server
adaptv/1.0
content-type
text/plain
access-control-allow-origin
https://www.ibtimes.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
Connection
keep-alive
Content-Length
61
expires
0
/
hb.emxdgt.com/ 		0
159 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://hb.emxdgt.com/?t=1000&ts=1649798620679&src=pbjs
Requested by
Host: s1.ibtimes.com
URL: https://s1.ibtimes.com/sites/all/modules/modules-custom/fusion/fusion_ads/js/prebid.min.js?v=6.3
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.58.101.33 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-58-101-33.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.ibtimes.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://www.ibtimes.com
date
Tue, 12 Apr 2022 21:23:40 GMT
cache-control
no-cache
access-control-allow-credentials
true
access-control-allow-headers
security, Content-Type
cygnus
htlb.casalemedia.com/ 		37 B
332 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://htlb.casalemedia.com/cygnus?s=340178&v=7.2&ac=j&sd=1&r=%7B%22id%22%3A%22596e7d59dac7214%22%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fwww.ibtimes.com%2Fbeware-new-android-banking-malware-can-take-over-your-device-spread-through-fake-apps-3469028%22%2C%22ref%22%3A%22https%3A%2F%2Fwww.ibtimes.com%2Fbeware-new-android-banking-malware-can-take-over-your-device-spread-through-fake-apps-3469028%22%2C%22domain%22%3A%22ibtimes.com%22%2C%22publisher%22%3A%7B%22domain%22%3A%22ibtimes.com%22%7D%2C%22keywords%22%3A%22androidmalware%2Cocto%2Chacking%2C%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%2C%22ixdiag%22%3A%7B%22msd%22%3A0%2C%22msi%22%3A0%2C%22mfu%22%3A0%2C%22bu%22%3A5%2C%22iu%22%3A1%2C%22nu%22%3A0%2C%22ou%22%3A0%2C%22allu%22%3A6%2C%22ren%22%3Afalse%2C%22version%22%3A%226.3.0%22%2C%22userIds%22%3A%5B%5D%2C%22fpd%22%3Atrue%7D%7D%2C%22imp%22%3A%5B%7B%22id%22%3A%226067ee3e5271a29%22%2C%22banner%22%3A%7B%22topframe%22%3A1%2C%22format%22%3A%5B%7B%22w%22%3A728%2C%22h%22%3A90%2C%22ext%22%3A%7B%22siteID%22%3A%22340178%22%2C%22sid%22%3A%22728x90%22%7D%7D%2C%7B%22w%22%3A970%2C%22h%22%3A250%2C%22ext%22%3A%7B%22siteID%22%3A%22340178%22%2C%22sid%22%3A%22970x250%22%7D%7D%5D%7D%7D%2C%7B%22id%22%3A%2262e24a6c5ce08ef%22%2C%22banner%22%3A%7B%22topframe%22%3A1%2C%22format%22%3A%5B%7B%22w%22%3A300%2C%22h%22%3A250%2C%22ext%22%3A%7B%22siteID%22%3A%22340179%22%2C%22sid%22%3A%22300x250%22%7D%7D%2C%7B%22w%22%3A300%2C%22h%22%3A600%2C%22ext%22%3A%7B%22siteID%22%3A%22340179%22%2C%22sid%22%3A%22300x600%22%7D%7D%5D%7D%7D%2C%7B%22id%22%3A%22648974b0b8c1593%22%2C%22banner%22%3A%7B%22topframe%22%3A1%2C%22format%22%3A%5B%7B%22w%22%3A300%2C%22h%22%3A250%2C%22ext%22%3A%7B%22siteID%22%3A%22340180%22%2C%22sid%22%3A%22300x250%22%7D%7D%2C%7B%22w%22%3A300%2C%22h%22%3A600%2C%22ext%22%3A%7B%22siteID%22%3A%22340180%22%2C%22sid%22%3A%22300x600%22%7D%7D%5D%7D%7D%2C%7B%22id%22%3A%2266af3fe54007c06%22%2C%22banner%22%3A%7B%22topframe%22%3A1%2C%22format%22%3A%5B%7B%22w%22%3A300%2C%22h%22%3A250%2C%22ext%22%3A%7B%22siteID%22%3A%22340181%22%2C%22sid%22%3A%22300x250%22%7D%7D%5D%7D%7D%2C%7B%22id%22%3A%226722153016c4e76%22%2C%22banner%22%3A%7B%22topframe%22%3A1%2C%22format%22%3A%5B%7B%22w%22%3A300%2C%22h%22%3A250%2C%22ext%22%3A%7B%22siteID%22%3A%22340182%22%2C%22sid%22%3A%22300x250%22%7D%7D%2C%7B%22w%22%3A300%2C%22h%22%3A600%2C%22ext%22%3A%7B%22siteID%22%3A%22340182%22%2C%22sid%22%3A%22300x600%22%7D%7D%2C%7B%22w%22%3A160%2C%22h%22%3A600%2C%22ext%22%3A%7B%22siteID%22%3A%22340182%22%2C%22sid%22%3A%22160x600%22%7D%7D%5D%7D%7D%5D%2C%22at%22%3A1%2C%22user%22%3A%7B%7D%7D
Requested by
Host: s1.ibtimes.com
URL: https://s1.ibtimes.com/sites/all/modules/modules-custom/fusion/fusion_ads/js/prebid.min.js?v=6.3
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.32.59.34 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-32-59-34.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
e63dbae11648adafe4c4e0e66c5fd33bbada00c55308643b55e585118e024163

Request headers

Referer
https://www.ibtimes.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Tue, 12 Apr 2022 21:23:40 GMT
x-ak-initial-geo
CC:[DE], RC:[HE], CN:[EU], CIP:[217.114.215.131], XFF:[]
server
Apache
content-type
application/json
access-control-allow-origin
https://www.ibtimes.com
x-cs-client-geo
12
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
true
content-length
37
x-ak-client-geo
12
expires
Tue, 12 Apr 2022 21:23:40 GMT
cygnus
htlb.casalemedia.com/ 		37 B
332 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://htlb.casalemedia.com/cygnus?s=340178&v=8.1&ac=j&sd=1&nf=1&r=%7B%22id%22%3A%22596e7d59dac7214%22%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fwww.ibtimes.com%2Fbeware-new-android-banking-malware-can-take-over-your-device-spread-through-fake-apps-3469028%22%2C%22ref%22%3A%22https%3A%2F%2Fwww.ibtimes.com%2Fbeware-new-android-banking-malware-can-take-over-your-device-spread-through-fake-apps-3469028%22%2C%22domain%22%3A%22ibtimes.com%22%2C%22publisher%22%3A%7B%22domain%22%3A%22ibtimes.com%22%7D%2C%22keywords%22%3A%22androidmalware%2Cocto%2Chacking%2C%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%2C%22ixdiag%22%3A%7B%22msd%22%3A0%2C%22msi%22%3A0%2C%22mfu%22%3A0%2C%22bu%22%3A5%2C%22iu%22%3A1%2C%22nu%22%3A0%2C%22ou%22%3A0%2C%22allu%22%3A6%2C%22ren%22%3Afalse%2C%22version%22%3A%226.3.0%22%2C%22userIds%22%3A%5B%5D%2C%22fpd%22%3Atrue%7D%7D%2C%22imp%22%3A%5B%7B%22id%22%3A%2270881b443ccb49e%22%2C%22ext%22%3A%7B%22siteID%22%3A%22441511%22%2C%22sid%22%3A%22640x360%22%7D%2C%22video%22%3A%7B%22mimes%22%3A%5B%22video%2Fmp4%22%2C%22video%2Fwebm%22%2C%22application%2Fjavascript%22%5D%2C%22minduration%22%3A5%2C%22maxduration%22%3A60%2C%22protocols%22%3A%5B2%2C3%2C5%2C6%2C7%2C8%5D%2C%22playerSize%22%3A%5B%5B640%2C360%5D%5D%2C%22api%22%3A%5B2%5D%2C%22playbackmethod%22%3A%5B1%2C2%2C3%5D%2C%22delivery%22%3A%5B2%5D%2C%22linearity%22%3A1%2C%22placement%22%3A1%2C%22w%22%3A640%2C%22h%22%3A360%7D%7D%5D%2C%22at%22%3A1%2C%22user%22%3A%7B%7D%7D
Requested by
Host: s1.ibtimes.com
URL: https://s1.ibtimes.com/sites/all/modules/modules-custom/fusion/fusion_ads/js/prebid.min.js?v=6.3
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.32.59.34 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-32-59-34.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
e63dbae11648adafe4c4e0e66c5fd33bbada00c55308643b55e585118e024163

Request headers

Referer
https://www.ibtimes.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Tue, 12 Apr 2022 21:23:40 GMT
x-ak-initial-geo
CC:[DE], RC:[HE], CN:[EU], CIP:[217.114.215.131], XFF:[]
server
Apache
content-type
application/json
access-control-allow-origin
https://www.ibtimes.com
x-cs-client-geo
12
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
true
content-length
37
x-ak-client-geo
12
expires
Tue, 12 Apr 2022 21:23:40 GMT
pubads_impl_2022040701.js
securepubads.g.doubleclick.net/gpt/ 		368 KB
125 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022040701.js?cb=31067065
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s08-in-f2.1e100.net
Software
sffe /
Resource Hash
4eba10304f45a9ca7d6b3b882e564a5dd00d3900dc515fbe6137765ed0fb45a3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.ibtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 12 Apr 2022 20:05:43 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
4677
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
127673
x-xss-protection
0
last-modified
Thu, 07 Apr 2022 08:34:53 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type
text/javascript
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
expires
Wed, 12 Apr 2023 20:05:43 GMT
ppub_config
securepubads.g.doubleclick.net/pagead/ 		595 B
873 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=www.ibtimes.com
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s08-in-f2.1e100.net
Software
cafe /
Resource Hash
7c11c036147d9cffca097d35be11c2411d4a043431a7dcea186ca1253266fb8d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.ibtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin
*
date
Tue, 12 Apr 2022 21:23:40 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
236
x-xss-protection
0
expires
Tue, 12 Apr 2022 21:23:40 GMT
config
c.amazon-adsystem.com/cdn/prod/ 		0
311 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.amazon-adsystem.com/cdn/prod/config?src=3794&u=https%3A%2F%2Fwww.ibtimes.com
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.109.174 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-109-174.fra56.r.cloudfront.net
Software
Server /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.ibtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 12 Apr 2022 17:32:16 GMT
via
1.1 da9380f22ff2303fc2fd4652bf7ec7ba.cloudfront.net (CloudFront)
server
Server
age
13883
x-cache
Hit from cloudfront
access-control-allow-origin
https://www.ibtimes.com
cache-control
max-age=21550, s-maxage=21600
access-control-allow-credentials
true
x-amz-cf-pop
FRA56-P5
x-amz-cf-id
yKZ5ZhwXt3m7kAj6vI3Gw3twa4yH59sQb958NViS5PKjl65nNk2UfA==
aps_csm.js
c.amazon-adsystem.com/bao-csm/aps-comm/ 		6 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.109.174 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-109-174.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.ibtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-amz-version-id
khsXo6Z3HSo5bHNWbmb1eMp88IHhxPc.
content-encoding
gzip
etag
W/"a4d296427fc806b21335359e398c025c"
age
66817
x-cache
Hit from cloudfront
access-control-max-age
3000
access-control-allow-origin
*
last-modified
Thu, 17 Mar 2022 02:21:48 GMT
server
AmazonS3
date
Tue, 12 Apr 2022 02:50:04 GMT
vary
Origin
access-control-allow-methods
GET
content-type
application/javascript
via
1.1 fb49d852ca52c03c834ce98098b51516.cloudfront.net (CloudFront)
cache-control
public, max-age=86400
x-amz-cf-pop
FRA56-P5
x-amz-cf-id
aLhWWLyClmvObvnkHTafwJE6wQiBwS-TVyEI9D44DLEzBkvk4Svy7Q==
implement-r.js
fqtag.com/tag/ 		3 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://fqtag.com/tag/implement-r.js?org=8adasewre3atrefrejuj&p=www.ibtimes.com_article_risk_Y&a=article&cmp=none&rd=none&rt=display&sl=1&fq=1
Requested by
Host: www.ibtimes.com
URL: https://www.ibtimes.com/beware-new-android-banking-malware-can-take-over-your-device-spread-through-fake-apps-3469028
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.190.72.161 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
161.72.190.35.bc.googleusercontent.com
Software
/
Resource Hash
60942e4a79890462530dfdb44eceb9bbe5f1a3ac298035118359a27a93272284
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.ibtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 12 Apr 2022 21:23:40 GMT
via
1.1 google
content-type
application/javascript
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2646
x-xss-protection
0
expires
0
cnsnt.platform.js
cdn.vuukle.com/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.vuukle.com/cnsnt.platform.js
Requested by
Host: cdn.vuukle.com
URL: https://cdn.vuukle.com/platform.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:10::ac43:1695 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
62c3a4f78334221a29592245d0d3cda9fb3a850afc658bc7010682c0b723cb72

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.ibtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 12 Apr 2022 21:23:40 GMT
content-encoding
br
cf-cache-status
HIT
age
1261
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Tue, 12 Apr 2022 15:01:04 GMT
server
cloudflare
etag
W/"62559430-edd"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript
access-control-allow-origin
*
access-control-expose-headers
Content-Length,Content-Range
cache-control
max-age=7200
cf-ray
6faf06439c499231-FRA
access-control-allow-headers
DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
cf-bgj
minify
vendor-list.json
gdpr-wrapper.privacymanager.io/gdpr/93872cc6-8fc9-44b6-9bbe-081c7bd04dc4/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://gdpr-wrapper.privacymanager.io/gdpr/93872cc6-8fc9-44b6-9bbe-081c7bd04dc4/vendor-list.json
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2491:1000:11:2a6a:9480:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
GET
Origin
https://www.ibtimes.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

access-control-allow-headers
content-type
access-control-allow-methods
GET
access-control-allow-origin
*
age
14979
content-length
0
date
Tue, 12 Apr 2022 17:14:02 GMT
server
AmazonS3
via
1.1 62e7b24ca032b612bb93fa7f3437469c.cloudfront.net (CloudFront)
x-amz-cf-id
mbgGhmBcydDAGDttWMXYpwZKoV9tLLn8oUD3MS5Z7aXnbfFGUQWyxQ==
x-amz-cf-pop
FRA56-P7
x-cache
Hit from cloudfront
/
geo.privacymanager.io/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://geo.privacymanager.io/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.99.59 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-99-59.fra60.r.cloudfront.net
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
GET
Origin
https://www.ibtimes.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

access-control-allow-headers
Content-Type,Authorization,X-Amz-Date,X-Api-Key,X-Amz-Security-Token
access-control-allow-methods
DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-origin
*
content-length
0
content-type
application/json
date
Tue, 12 Apr 2022 21:23:40 GMT
via
1.1 e86025dac63232624d2273c5fd256ce4.cloudfront.net (CloudFront), 1.1 c80ae6bd97b709ed6e4747f0d5ea4efc.cloudfront.net (CloudFront)
x-amz-apigw-id
QfIaiGL-joEFvGQ=
x-amz-cf-id
KwNxbsjnNXqe-IXvILPOvu1K4ulWev8tKKfXU2KFl523HufrnQVjxQ==
x-amz-cf-pop
FRA2-C1 FRA60-P3
x-amzn-requestid
cecfb666-a2b3-499a-acce-e26871480310
x-cache
Miss from cloudfront
vendor-list.json
gdpr-wrapper.privacymanager.io/gdpr/93872cc6-8fc9-44b6-9bbe-081c7bd04dc4/ 		0
0
/
geo.privacymanager.io/ 		28 B
592 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://geo.privacymanager.io/
Requested by
Host: gdpr.privacymanager.io
URL: https://gdpr.privacymanager.io/1/gdpr.bundle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.99.59 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-99-59.fra60.r.cloudfront.net
Software
/
Resource Hash
3b3ed4b191fdd529075b8e099f5daefd684e80acd4c9514a70b6ad746e949544

Request headers

Accept
application/json
Referer
https://www.ibtimes.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
application/json

Response headers

date
Tue, 12 Apr 2022 05:03:40 GMT
via
1.1 d79861a030d3421826a919f9c2b00146.cloudfront.net (CloudFront), 1.1 c80ae6bd97b709ed6e4747f0d5ea4efc.cloudfront.net (CloudFront)
age
58800
x-amzn-requestid
60a6df10-a76e-47a4-bb86-3edc7306dd9e
access-control-allow-methods
DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
content-type
application/json
access-control-allow-origin
*
x-amzn-trace-id
Root=1-6255082c-6882c80a1f063d2511913066;Sampled=0
x-cache
Hit from cloudfront
x-amz-cf-pop
FRA56-P3, FRA60-P3
x-amz-apigw-id
Qc42-HYmDoEFs1A=
content-length
28
x-amz-cf-id
WivcdB6b6p7yOJO5qKh8hAo1GWHxILiSZcOrBpKMnynVzItX3qYi4w==
access-control-allow-headers
Content-Type,Authorization,X-Amz-Date,X-Api-Key,X-Amz-Security-Token
/
geo.privacymanager.io/ 		28 B
592 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://geo.privacymanager.io/
Requested by
Host: ccpa.privacymanager.io
URL: https://ccpa.privacymanager.io/1/ccpa.bundle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.99.59 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-99-59.fra60.r.cloudfront.net
Software
/
Resource Hash
3b3ed4b191fdd529075b8e099f5daefd684e80acd4c9514a70b6ad746e949544

Request headers

Accept
application/json
Referer
https://www.ibtimes.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
application/json

Response headers

date
Tue, 12 Apr 2022 05:03:40 GMT
via
1.1 d79861a030d3421826a919f9c2b00146.cloudfront.net (CloudFront), 1.1 c80ae6bd97b709ed6e4747f0d5ea4efc.cloudfront.net (CloudFront)
age
58800
x-amzn-requestid
60a6df10-a76e-47a4-bb86-3edc7306dd9e
access-control-allow-methods
DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
content-type
application/json
access-control-allow-origin
*
x-amzn-trace-id
Root=1-6255082c-6882c80a1f063d2511913066;Sampled=0
x-cache
Hit from cloudfront
x-amz-cf-pop
FRA56-P3, FRA60-P3
x-amz-apigw-id
Qc42-HYmDoEFs1A=
content-length
28
x-amz-cf-id
om06L39Ty2JUWLDUZZtPOwoFcGp8sXe4d3-uwrIsBNo84fyTQCBcCA==
access-control-allow-headers
Content-Type,Authorization,X-Amz-Date,X-Api-Key,X-Amz-Security-Token
/
geo.privacymanager.io/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://geo.privacymanager.io/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.99.59 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-99-59.fra60.r.cloudfront.net
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
GET
Origin
https://www.ibtimes.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

access-control-allow-headers
Content-Type,Authorization,X-Amz-Date,X-Api-Key,X-Amz-Security-Token
access-control-allow-methods
DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-origin
*
content-length
0
content-type
application/json
date
Tue, 12 Apr 2022 21:23:40 GMT
via
1.1 cdcb559c2f25d8ad2ccf0419bee33b02.cloudfront.net (CloudFront), 1.1 c80ae6bd97b709ed6e4747f0d5ea4efc.cloudfront.net (CloudFront)
x-amz-apigw-id
QfIaiGL4joEFQiA=
x-amz-cf-id
yqUfCowO_H1f6oho266FnGVbQzibxo5vvZG_E1nkoLx8CZpM4Yj9Qg==
x-amz-cf-pop
FRA2-C1 FRA60-P3
x-amzn-requestid
caaa122b-6fee-4dd1-a6d8-b726f96f0f4e
x-cache
Miss from cloudfront
pixel.js
cdn.fqtag.com/1.27.339-ccfb11a/ 		88 KB
88 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.fqtag.com/1.27.339-ccfb11a/pixel.js
Requested by
Host: fqtag.com
URL: https://fqtag.com/tag/implement-r.js?org=8adasewre3atrefrejuj&p=www.ibtimes.com_article_risk_Y&a=article&cmp=none&rd=none&rt=display&sl=1&fq=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.190.36.172 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
172.36.190.35.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
e70a34c5f232fa80328a361630a994cf847c54deb926f13d40be4807291b657b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.ibtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 12 Apr 2022 20:44:59 GMT
age
2321
x-guploader-uploadid
ADPycdtNgx2Eo6Etps5lsbi75gyV4ZSnWmCr13mFT94LBJolHe1Gyl56Hw7uIORFFh7fnounYPG2knZ24irmTOnDtMLuwg
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
89647
last-modified
Wed, 27 Jan 2021 19:48:44 GMT
server
UploadServer
cache-control
public, max-age=3600
etag
"e0eff30579598f76147c9ea12f490d21"
x-goog-hash
crc32c=YwE4YA==, md5=4O/zBXlZj3YUfJ6hL0kNIQ==
content-language
en
x-goog-generation
1611776924905378
x-goog-expiration
Sun, 11 Nov 2294 19:48:44 GMT
x-goog-stored-content-length
89647
accept-ranges
bytes
content-type
application/javascript
expires
Tue, 12 Apr 2022 21:44:59 GMT
hls.5b3b785f487abbe00eee.js
cds.connatix.com/p/158503/ Frame CCE6 		0
47 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://cds.connatix.com/p/158503/hls.5b3b785f487abbe00eee.js
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.playspace.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.2.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 12 Apr 2022 21:23:40 GMT
content-encoding
br
last-modified
Mon, 11 Apr 2022 15:32:30 GMT
age
50119
etag
"182f65d040bfb9544bd8f71472475672"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
access-control-max-age
86400
cache-control
public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges
bytes
content-length
48258
connatix.playspace.css
cds.connatix.com/p/158503/ 		99 KB
13 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cds.connatix.com/p/158503/connatix.playspace.css
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.playspace.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.2.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
874cc1315f35963fb2488576f0c83489e22edfe22f6ce355e7e87e65063bbf7c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.ibtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 12 Apr 2022 21:23:40 GMT
content-encoding
br
last-modified
Mon, 11 Apr 2022 15:32:30 GMT
age
49227
etag
"132acf023a5a30ef72888d6e359a6663"
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
access-control-max-age
86400
cache-control
public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges
bytes
content-length
13634
vendor-list.json
vendors.privacymanager.io/ 		769 KB
102 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://vendors.privacymanager.io/vendor-list.json
Requested by
Host: gdpr.privacymanager.io
URL: https://gdpr.privacymanager.io/1/gdpr.bundle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2251:1200:1b:d3ea:d40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
b64b337de4b21c74d0b3992dd9322d4df35591ec49b044dde8dff9cbe8452e9d

Request headers

Accept
application/json
Referer
https://www.ibtimes.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
application/json

Response headers

x-amz-version-id
7PjAa_lo5DyOhNfYfdqt9m.uwDuONwXZ
content-encoding
gzip
etag
W/"d29d087d3ed3591f64f56dc626dcb0bc"
age
575
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
access-control-allow-origin
*
last-modified
Tue, 12 Apr 2022 17:00:26 GMT
server
AmazonS3
date
Tue, 12 Apr 2022 21:14:06 GMT
vary
Origin,Access-Control-Request-Headers,Access-Control-Request-Method
access-control-allow-methods
GET
content-type
application/json
via
1.1 b4904c5988fd0eaae341a12cc47f3766.cloudfront.net (CloudFront)
cache-control
must-revalidate,public,max-age=3600
x-amz-cf-pop
FRA60-P3
x-amz-cf-id
97UBT8arSwtv4I18Pr53l4TSoaUl5SZ_jQ2ItAsvFCodLnBS8TktTw==
vendor-list.json
vendors.privacymanager.io/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://vendors.privacymanager.io/vendor-list.json
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2251:1200:1b:d3ea:d40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
GET
Origin
https://www.ibtimes.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

access-control-allow-headers
content-type
access-control-allow-methods
GET
access-control-allow-origin
*
age
14977
content-length
0
date
Tue, 12 Apr 2022 17:14:04 GMT
server
AmazonS3
vary
Origin,Access-Control-Request-Headers,Access-Control-Request-Method
via
1.1 b4904c5988fd0eaae341a12cc47f3766.cloudfront.net (CloudFront)
x-amz-cf-id
3AC1RAgeUvoBtNeTwQc3U9FTOZ5FbqZzBoadd_E4UjIFBFK2bI-9DA==
x-amz-cf-pop
FRA60-P3
x-cache
Hit from cloudfront
213794966
fundingchoicesmessages.google.com/i/ 		90 KB
32 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/i/213794966?ers=3
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022040701.js?cb=31067065
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
36f2c6b8e584a14a957869048f1e3c1814f7e63ef78b6b4dbadfc5fd4a75dcca
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport, script-src 'report-sample' 'nonce-TmFwRnXRIfRJai3dd4FazQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'nonce-TmFwRnXRIfRJai3dd4FazQ' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.ibtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

content-security-policy
require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport, script-src 'report-sample' 'nonce-TmFwRnXRIfRJai3dd4FazQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'nonce-TmFwRnXRIfRJai3dd4FazQ' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
pragma
no-cache
server
ESF
cross-origin-opener-policy
same-origin
x-frame-options
SAMEORIGIN
date
Tue, 12 Apr 2022 21:23:40 GMT
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
content-type
application/javascript; charset=utf-8
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cache-control
no-cache, no-store, max-age=0, must-revalidate
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
expires
Mon, 01 Jan 1990 00:00:00 GMT
followbutton
adops.ibt.com/api/ 		20 B
320 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://adops.ibt.com/api/followbutton?url=https://www.ibtimes.com/beware-new-android-banking-malware-can-take-over-your-device-spread-through-fake-apps-3469028&de=desktop
Requested by
Host: www.ibtimes.com
URL: https://www.ibtimes.com/beware-new-android-banking-malware-can-take-over-your-device-spread-through-fake-apps-3469028
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.214.80.58 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-214-80-58.compute-1.amazonaws.com
Software
Apache/2.4.29 (Ubuntu) /
Resource Hash
02c045b5a38b1e9a01bf15ab6d48d526dc60a726bf041fe32d153b4ffd71e761

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.ibtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 12 Apr 2022 21:23:41 GMT
server
Apache/2.4.29 (Ubuntu)
content-type
text/html; charset=UTF-8
access-control-allow-origin
*
cache-control
no-store, no-cache, must-revalidate
content-length
20
expires
Thu, 19 Nov 1981 08:52:00 GMT
bid
c.amazon-adsystem.com/e/dtb/ 		23 B
494 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.amazon-adsystem.com/e/dtb/bid?src=3794&u=https%3A%2F%2Fwww.ibtimes.com%2Fbeware-new-android-banking-malware-can-take-over-your-device-spread-through-fake-apps-3469028&pid=PNMeJgcWpgG8E&cb=0&ws=1600x1200&v=7.74.0&t=2000&slots=%5B%7B%22sd%22%3A%22dfp-ad-top%22%2C%22s%22%3A%5B%22728x90%22%2C%22970x250%22%5D%7D%2C%7B%22sd%22%3A%22dfp-ad-right1%22%2C%22s%22%3A%5B%22300x250%22%2C%22300x600%22%5D%7D%2C%7B%22sd%22%3A%22dfp-ad-right2%22%2C%22s%22%3A%5B%22300x250%22%2C%22300x600%22%5D%7D%2C%7B%22sd%22%3A%22dfp-ad-right3%22%2C%22s%22%3A%5B%22300x250%22%5D%7D%2C%7B%22sd%22%3A%22dfp-ad-right4%22%2C%22s%22%3A%5B%22300x250%22%2C%22300x600%22%2C%22160x600%22%5D%7D%2C%7B%22id%22%3A%22IBT_videoSlot%22%2C%22mt%22%3A%22v%22%7D%5D&gdprl=%7B%22status%22%3A%22tcfv2-timeout%22%2C%22cmpTimeout%22%3A200%7D
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.109.174 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-109-174.fra56.r.cloudfront.net
Software
Server /
Resource Hash
745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.ibtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 12 Apr 2022 21:23:40 GMT
via
1.1 da9380f22ff2303fc2fd4652bf7ec7ba.cloudfront.net (CloudFront)
server
Server
x-amz-cf-pop
FRA56-P5
x-amz-rid
77T5ZGTTWFKKER9QGNCB
vary
Accept-Encoding,User-Agent
x-cache
Miss from cloudfront
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
https://www.ibtimes.com
access-control-allow-credentials
true
permissions-policy
interest-cohort=()
strict-transport-security
max-age=47474747; includeSubDomains; preload
timing-allow-origin
*
content-length
23
x-amz-cf-id
kSPg2_Ku7kDlYTa3bXw0wGPYZQjDL7amQsUZCAxHrALJ3WgjvLmKKA==
story
capi.connatix.com/core/ Frame CCE6 		5 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://capi.connatix.com/core/story?v=158503
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.playspace.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.2.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
ebd64d93ca0b09134a84000f78e4bd0d0b4fe3d1e30a3c2063a0be8eb2bddf08

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
multipart/form-data

Response headers

date
Tue, 12 Apr 2022 21:23:41 GMT
content-encoding
gzip
vary
Accept-Encoding
content-type
application/x-protobuf
access-control-allow-origin
https://www.ibtimes.com
access-control-max-age
86400
access-control-allow-credentials
true
accept-ranges
bytes
content-length
2921
/
www.ibt-mail.com/site2/ibts_fast_start/ Frame F74A 		19 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.ibt-mail.com/site2/ibts_fast_start/?u=B&webforms_id=Z&v=0
Requested by
Host: www.ibt-mail.com
URL: https://www.ibt-mail.com/view_webform_v2.js?u=t&webforms_id=Z
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.160.77.202 , United States, ASN46469 (GETRESPONSE-IMPLIX, US),
Reverse DNS
mta-1.ibt-mail.com
Software
nginx /
Resource Hash
46a59812d335a0fa3971f7218d179aa6a8c692c31e1a37a676f7e5d8b89f0f99
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.ibtimes.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html;charset=UTF-8
Date
Tue, 12 Apr 2022 21:23:41 GMT
Feature-Policy
accelerometer *; ambient-light-sensor *; autoplay *; camera *; encrypted-media *; fullscreen *; geolocation *; gyroscope *; magnetometer *; microphone *; midi *; payment *; picture-in-picture *; speaker *; sync-xhr *; usb *; vr *
Referrer-Policy
strict-origin-when-cross-origin
Server
nginx
Server-Timing
dtSInfo;desc="0", dtRpid;desc="1385739715"
Transfer-Encoding
chunked
X-Content-Type-Options
nosniff
X-OneAgent-JS-Injection
true
X-XSS-Protection
1; mode=block
X-ruxit-JS-Agent
true
gr_wf_v2.css
www.ibt-mail.com/stylesheets/core/pages/webFormV2/public/ 		8 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.ibt-mail.com/stylesheets/core/pages/webFormV2/public/gr_wf_v2.css
Requested by
Host: www.ibt-mail.com
URL: https://www.ibt-mail.com/view_webform_v2.js?u=t&webforms_id=Z
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.160.77.202 , United States, ASN46469 (GETRESPONSE-IMPLIX, US),
Reverse DNS
mta-1.ibt-mail.com
Software
nginx /
Resource Hash
0c9ac233a87095c82fb409d77e1e8214461f3cffad4ddf119072b3f37caff6b1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.ibtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date
Tue, 12 Apr 2022 21:23:40 GMT
Content-Encoding
gzip
Last-Modified
Sat, 26 Oct 1985 08:15:00 GMT
Server
nginx
ETag
W/"1dc09d84-1fd8"
Transfer-Encoding
chunked
Content-Type
text/css
Cache-Control
max-age=14400
Server-Timing
dtSInfo;desc="1"
Connection
keep-alive
Expires
Wed, 13 Apr 2022 01:23:40 GMT
records
dau-prod.launch.liveramp.com/kinesis/streams/daily-active-users-prod/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://dau-prod.launch.liveramp.com/kinesis/streams/daily-active-users-prod/records
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.222.214.80 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-222-214-80.fra56.r.cloudfront.net
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://www.ibtimes.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

access-control-allow-headers
Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token
access-control-allow-methods
GET,OPTIONS,POST
access-control-allow-origin
*
content-length
0
content-type
application/json
date
Tue, 12 Apr 2022 21:23:41 GMT
via
1.1 6851af5c4f6d355fa4ec39cc8cc0c358.cloudfront.net (CloudFront)
x-amz-apigw-id
QfIamG8OoAMF1fg=
x-amz-cf-id
lsu-Kjb4QmSh7mVOwqhWfKpQ1IcAsBeEDbcuOqT2QW5JyydGKM46fw==
x-amz-cf-pop
FRA56-P3
x-amzn-requestid
baa15b71-f704-48a7-b00c-ea8f8804e649
x-cache
Miss from cloudfront
records
dau-prod.launch.liveramp.com/kinesis/streams/daily-active-users-prod/ 		110 B
471 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://dau-prod.launch.liveramp.com/kinesis/streams/daily-active-users-prod/records
Requested by
Host: ccpa.privacymanager.io
URL: https://ccpa.privacymanager.io/1/ccpa.bundle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.222.214.80 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-222-214-80.fra56.r.cloudfront.net
Software
/
Resource Hash
ecf1849e7d5964d9a43da98f03ced2fe94f6fe7ffea9b3de8f5ac65c31956f48

Request headers

Referer
https://www.ibtimes.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
application/json

Response headers

date
Tue, 12 Apr 2022 21:23:41 GMT
via
1.1 6851af5c4f6d355fa4ec39cc8cc0c358.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P3
x-amzn-requestid
23864ff1-67a2-478b-933c-ebfd26d47922
x-cache
Miss from cloudfront
content-type
application/json
access-control-allow-origin
*
x-amzn-trace-id
Root=1-6255eddd-3b207cf659f9655a4cfa4d2a
x-amz-apigw-id
QfIapFObIAMF-0w=
content-length
110
x-amz-cf-id
-pNDVfKAKqJhlsY5b_TwQLp7pfD2ilTUTOf-zH88jBfqUpvRAxkO9Q==
tm-hits-widget.js
cdn.feeds.ibt.com/ 		4 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.feeds.ibt.com/tm-hits-widget.js?story_type=analysis%2Carticle%2Ccolumn%2Ceditorial%2Cinterview%2Cop_ed%2Copinion%2Cpulse%2Cslideshow%2Cblog_entry&created=1649539419&syndication=1&numbered=0&numbered2=1&placeholder_id=most_popular_widget&include_categories=0&exclude_cateids=1060003%7C26%7C1630%7C19%7C12%7C34%7C1060006%7C2%7C1059213%7C315%7C38%7C6%7C10%7C35%7C14&include_images=1&include_shares=0&limit=5&sponsor=&include_spons1=&include_spons2=&include_spons3=&site=www.ibtimes.com
Requested by
Host: www.ibtimes.com
URL: https://www.ibtimes.com/beware-new-android-banking-malware-can-take-over-your-device-spread-through-fake-apps-3469028
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223e:c600:17:1429:b980:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache/2.4.18 (Ubuntu) /
Resource Hash
2fa5e807560d4a8a216d98dcda836199b9fb6d565712daf652c458863ad65721
Security Headers
Name Value
X-Content-Type-Options nosniff, nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.ibtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 12 Apr 2022 21:23:41 GMT
via
1.1 3d34e163f3f1a0c4a397ad818b79a810.cloudfront.net (CloudFront)
x-content-type-options
nosniff, nosniff
server
Apache/2.4.18 (Ubuntu)
x-amz-cf-pop
FRA56-P4
etag
"d8cdc7e88702273949b0a46667250754"
x-frame-options
SAMEORIGIN
x-cache
Miss from cloudfront
content-type
text/javascript; utf-8;charset=UTF-8
cache-control
public, max-age=900
x-drupal-cache
MISS
content-length
4607
x-amz-cf-id
iVC83sB2XQb5DET8uqxRML9PFToSbG8pI4LGKrkP3QsIYpAUOkKDyw==
expires
Sun, 19 Nov 1978 05:00:00 GMT
pixel
fqtag.com/ 		0
10 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://fqtag.com/pixel
Requested by
Host: cdn.fqtag.com
URL: https://cdn.fqtag.com/1.27.339-ccfb11a/pixel.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.190.72.161 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
161.72.190.35.bc.googleusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.ibtimes.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain; charset=UTF-8

Response headers

access-control-allow-origin
*
date
Tue, 12 Apr 2022 21:23:41 GMT
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
sdk.js
connect.facebook.net/en_US/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/sdk.js
Requested by
Host: www.ibtimes.com
URL: https://www.ibtimes.com/beware-new-android-banking-malware-can-take-over-your-device-spread-through-fake-apps-3469028
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f02d:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e33ae6eea61c15f311f9ae646cb9e4b6307db2224052a0b39d5dc41ecc15cd8b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.ibtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
content-md5
bbZpsSHEcwdb816ZIBAiMg==
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
expires
Tue, 12 Apr 2022 21:32:10 GMT
alt-svc
h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length
1685
x-fb-rlafr
0
x-fb-debug
OAEgLtouRYw5t/bRNgYXdS6kTlnjvkaaO2ysuyyud05Ix0lpcmP6ZIRh/jjhMTXrufEZIvY5e2XUyPkj5mRdHw==
x-fb-trip-id
917726464
x-fb-content-md5
528b33158f1dea6e84cfd720f91a3766
cross-origin-opener-policy
same-origin-allow-popups
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
date
Tue, 12 Apr 2022 21:23:41 GMT
x-frame-options
DENY
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public,max-age=1200,stale-while-revalidate=3600
etag
"f58fe6d8cf8879541daf9c6f41a41a2f"
timing-allow-origin
*
access-control-expose-headers
X-FB-Content-MD5
gtm.js
www.googletagmanager.com/ 		198 KB
65 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-5F22G6
Requested by
Host: s1.ibtimes.com
URL: https://s1.ibtimes.com/sites/www.ibtimes.com/files/advagg_js/js__Gyt98BNZBp62Hdp7ubSwvRKn1TtNmpkY-X5lIrn-rnw__VVfZji-D_VzFHWjho2-OtNHEFXIgpt1awGvCFLcx49A__BLfDMTfdyIpy-VJFGDnAh4bOQZnbFz8z57imDSXIqUw.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
2feb0d57534b67637bc58ef69272d4c3d57f94191443b85345176463c81043a1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.ibtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 12 Apr 2022 21:23:41 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
66527
x-xss-protection
0
last-modified
Tue, 12 Apr 2022 21:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Tue, 12 Apr 2022 21:23:41 GMT
ima3.js
imasdk.googleapis.com/js/sdkloader/ 		376 KB
126 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://imasdk.googleapis.com/js/sdkloader/ima3.js
Requested by
Host: s1.ibtimes.com
URL: https://s1.ibtimes.com/sites/www.ibtimes.com/files/advagg_js/js__K8ArvkXR4ILCClr7YJ4pnHFJpRuFieZm33dzKb4NAkk__TizRDfJUe6v58ZlgBKjytcGi9qGeQKc-URBlBCBasNk__BLfDMTfdyIpy-VJFGDnAh4bOQZnbFz8z57imDSXIqUw.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
15377398f026b4beb337db55bf9021fb3090d44db1786fec179955ef3b14c2d7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.ibtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 12 Apr 2022 21:23:41 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
cross-origin-opener-policy
same-origin; report-to="ads-doubleclick-instream-static"
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type
text/javascript
cache-control
private, max-age=900, stale-while-revalidate=3600
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
128424
x-xss-protection
0
expires
Tue, 12 Apr 2022 21:23:41 GMT
widget_iframe.c1cdceed40059a51b374bf347e6a2ae0.html
platform.twitter.com/widgets/ Frame F57A 		319 KB
103 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://platform.twitter.com/widgets/widget_iframe.c1cdceed40059a51b374bf347e6a2ae0.html?origin=https%3A%2F%2Fwww.ibtimes.com
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
199.232.136.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
c6d03b7a5561687268e57b13d9d4a6a4c71ee570ea74718040ce9227676e3e5e

Request headers

Referer
https://www.ibtimes.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
access-control-allow-methods
GET
access-control-allow-origin
*
cache-control
public, max-age=315360000
content-encoding
gzip
content-length
105433
content-type
text/html; charset=utf-8
date
Tue, 12 Apr 2022 21:23:41 GMT
etag
"8321d7cf58d70200c1423dfa0bca40f6+gzip"
last-modified
Thu, 07 Apr 2022 19:42:09 GMT
p3p
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
tw-cdn
FT
vary
Accept-Encoding
x-cache
HIT, HIT
x-served-by
cache-iad-kjyo7100095-IAD, cache-hhn11524-HHN
header-logo.svg
s1.ibtimes.com/sites/www.ibtimes.com/themes/us_ibtimes/images/ 		7 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s1.ibtimes.com/sites/www.ibtimes.com/themes/us_ibtimes/images/header-logo.svg
Requested by
Host: www.ibtimes.com
URL: https://www.ibtimes.com/beware-new-android-banking-malware-can-take-over-your-device-spread-through-fake-apps-3469028
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.139.128.11 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software
/
Resource Hash
784a8fabaaf06f69a98c9a16a46f62ac8aa1e68eef09cbd6d2fb442d7ebb9a6a
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.ibtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 12 Apr 2022 21:23:41 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
0
grace
none
x-cache
MISS
x-ua-device
mobile
content-length
2327
last-modified
Mon, 09 Mar 2020 17:42:48 GMT
etag
"1db2-5a06f881d00ce-gzip"
x-hw
1649798621.cds016.fr8.hn,1649798621.cds161.fr8.c
content-type
image/svg+xml
access-control-allow-origin
*
x-geoip
US
cache-control
max-age=1209600, public
accept-ranges
bytes
x-cache-hits
0
play-list
playlist.ibtimes.com/widget/ 		16 KB
16 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://playlist.ibtimes.com/widget/play-list?nid=506964&items=7
Requested by
Host: s1.ibtimes.com
URL: https://s1.ibtimes.com/sites/www.ibtimes.com/files/advagg_js/js__Gyt98BNZBp62Hdp7ubSwvRKn1TtNmpkY-X5lIrn-rnw__VVfZji-D_VzFHWjho2-OtNHEFXIgpt1awGvCFLcx49A__BLfDMTfdyIpy-VJFGDnAh4bOQZnbFz8z57imDSXIqUw.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.139.128.11 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software
Apache/2.4.18 (Ubuntu) /
Resource Hash
7b870538630062086ea9ac7bbb22077e204847ad6013e8d12d1544778ab29885

Request headers

Accept
*/*
Referer
https://www.ibtimes.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 12 Apr 2022 21:23:41 GMT
server
Apache/2.4.18 (Ubuntu)
x-hw
1649798621.cds129.fr8.hn,1649798621.cds276.fr8.c
content-type
application/json
access-control-allow-origin
*
cache-control
max-age=2592000
accept-ranges
bytes
content-length
16508
playfairdisplay-regular-webfont.woff2
s1.ibtimes.com/sites/www.ibtimes.com/themes/us_ibtimes/fonts/ 		31 KB
31 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://s1.ibtimes.com/sites/www.ibtimes.com/themes/us_ibtimes/fonts/playfairdisplay-regular-webfont.woff2
Requested by
Host: www.ibtimes.com
URL: https://www.ibtimes.com/beware-new-android-banking-malware-can-take-over-your-device-spread-through-fake-apps-3469028
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.139.128.11 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software
/
Resource Hash
0b5735b14f45d2be0b5aa6c83855e88d323751ee3855d87aea82c81c501c0731
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.ibtimes.com/
Origin
https://www.ibtimes.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 12 Apr 2022 21:23:41 GMT
x-content-type-options
nosniff
age
0
grace
none
x-cache
MISS
x-ua-device
pc
content-length
31820
last-modified
Mon, 09 Mar 2020 17:42:48 GMT
etag
"7c4c-5a06f881d00ce"
x-hw
1649798621.cds002.fr8.hn,1649798621.cds260.fr8.c
content-type
application/octet-stream
access-control-allow-origin
*
x-geoip
US
cache-control
max-age=1209600, public
accept-ranges
bytes
x-cache-hits
0
track.gif
feeds.ibt.com/ 		35 B
284 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://feeds.ibt.com/track.gif?type=tm_hits&id=3469028&site=www.ibtimes.com&title=New+Android+Banking+Malware+Can+Take+Over+Your+Device%2C+Spread+Through+Fake+Apps&category=Technology&category_id=6&category_url=https%3A%2F%2Fwww.ibtimes.com%2Ftechnology&story_type=article&syndication=1&created=1649648393&uid=1752399&image=https%3A%2F%2Fs1.ibtimes.com%2Fsites%2Fwww.ibtimes.com%2Ffiles%2Fstyles%2Fthumbnail%2Fpublic%2F2021%2F05%2F24%2Fone-of-japans-top-dating-apps-has-warned.jpg&url=https%3A%2F%2Fwww.ibtimes.com%2Fbeware-new-android-banking-malware-can-take-over-your-device-spread-through-fake-apps-3469028&t=1649798621074&st=1649798620
Requested by
Host: www.ibtimes.com
URL: https://www.ibtimes.com/beware-new-android-banking-malware-can-take-over-your-device-spread-through-fake-apps-3469028
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.224.160.147 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-224-160-147.compute-1.amazonaws.com
Software
Apache/2.4.18 (Ubuntu) /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.ibtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 12 Apr 2022 21:23:41 GMT
x-content-type-options
nosniff
last-modified
Tue, 08 Jan 2019 20:06:08 GMT
server
Apache/2.4.18 (Ubuntu)
etag
"23-57ef7e047b920"
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache
accept-ranges
bytes
content-length
35
expires
0
8d59fc64-8d47-4ab9-ad78-17cf5e0ce2d2
https://www.ibtimes.com/ 		31 B
0 		Other
General
Check archive.org
Download Go to
Full URL
blob:https://www.ibtimes.com/8d59fc64-8d47-4ab9-ad78-17cf5e0ce2d2
Requested by
Host: www.ibtimes.com
URL: https://www.ibtimes.com/beware-new-android-banking-malware-can-take-over-your-device-spread-through-fake-apps-3469028
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
7725538fe2f71147bffeba7452b434c826aef9009666cb4360c605d0b2a91d1d

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Content-Length
31
Content-Type
application/javascript
insights.bin
ins.connatix.com/dac1bb9b-6089-44e8-af28-ecbe13fbb532/09b6c69c-8897-4b49-b9ae-10970e38cfe7/ Frame CCE6 		540 B
559 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ins.connatix.com/dac1bb9b-6089-44e8-af28-ecbe13fbb532/09b6c69c-8897-4b49-b9ae-10970e38cfe7/insights.bin
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.playspace.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.2.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
c8a3a9835637bc02abf5a602931cb7f0f56023bb524ddd8367f61d7922789058

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 12 Apr 2022 21:23:41 GMT
content-encoding
gzip
last-modified
Tue, 12 Apr 2022 15:51:32 GMT
age
19821
etag
"4d722541e85e95581c5d376f71e5f64b"
vary
Accept-Encoding
content-type
application/octet-stream
access-control-allow-origin
*
access-control-max-age
86400
cache-control
public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges
bytes
content-length
322
sr
capi-tier-1-us-east-2.connatix.com/tr/ Frame CCE6 		0
316 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://capi-tier-1-us-east-2.connatix.com/tr/sr?v=158503
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.playspace.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.130.124.226 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-130-124-226.us-east-2.compute.amazonaws.com
Software
Kestrel /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
multipart/form-data

Response headers

date
Tue, 12 Apr 2022 21:23:40 GMT
content-encoding
gzip
server
Kestrel
vary
Accept-Encoding
content-type
application/x-protobuf
access-control-allow-origin
https://www.ibtimes.com
access-control-allow-credentials
true
Connection
keep-alive
Content-Length
20
gpt.js
securepubads.g.doubleclick.net/tag/js/ 		83 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/tag/js/gpt.js
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.playspace.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s08-in-f2.1e100.net
Software
sffe /
Resource Hash
dc14eb23bfb6635cc0f3b447ad1e138b275606b9ba1d52b1845f784e6da024a2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.ibtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 12 Apr 2022 21:23:41 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
28563
x-xss-protection
0
server
sffe
etag
"1186 / 183 of 1000 / last-modified: 1649774618"
vary
Accept-Encoding
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type
text/javascript
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
expires
Tue, 12 Apr 2022 21:23:41 GMT
ima3.js
imasdk.googleapis.com/js/sdkloader/ Frame CCE6 		376 KB
125 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://imasdk.googleapis.com/js/sdkloader/ima3.js
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.playspace.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
15377398f026b4beb337db55bf9021fb3090d44db1786fec179955ef3b14c2d7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 12 Apr 2022 21:23:41 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
cross-origin-opener-policy
same-origin; report-to="ads-doubleclick-instream-static"
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type
text/javascript
cache-control
private, max-age=900, stale-while-revalidate=3600
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
128424
x-xss-protection
0
expires
Tue, 12 Apr 2022 21:23:41 GMT
09b6c69c-8897-4b49-b9ae-10970e38cfe7.bin
vid.connatix.com/pid-31e6619b-4bfe-49be-9083-d8ec2c6b8340/dac1bb9b-6089-44e8-af28-ecbe13fbb532/ Frame CCE6 		2 KB
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://vid.connatix.com/pid-31e6619b-4bfe-49be-9083-d8ec2c6b8340/dac1bb9b-6089-44e8-af28-ecbe13fbb532/09b6c69c-8897-4b49-b9ae-10970e38cfe7.bin
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.playspace.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.2.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
b084db932250bef32d7a16a7add7642cf727f023137cc4ca669cdf3643b3deb4

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 12 Apr 2022 21:23:41 GMT
content-encoding
gzip
last-modified
Tue, 12 Apr 2022 15:49:36 GMT
age
19820
etag
"3e01925f713ded17c0050dd7b2ebe5ce"
vary
Accept-Encoding
content-type
application/octet-stream
access-control-allow-origin
*
access-control-max-age
86400
cache-control
public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges
bytes
content-length
984
1.png
img.connatix.com/pid-31e6619b-4bfe-49be-9083-d8ec2c6b8340/31e6619b-4bfe-49be-9083-d8ec2c6b8340/ 		22 KB
21 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.connatix.com/pid-31e6619b-4bfe-49be-9083-d8ec2c6b8340/31e6619b-4bfe-49be-9083-d8ec2c6b8340/1.png
Requested by
Host: www.ibtimes.com
URL: https://www.ibtimes.com/beware-new-android-banking-malware-can-take-over-your-device-spread-through-fake-apps-3469028
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.2.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
675c6f677b3cb70247991150c36e460ccbaf94546161828f759d11a0709c2d2a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.ibtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 12 Apr 2022 21:23:41 GMT
content-encoding
br
age
2384546
etag
"6YGbQefqA1BXk+1uT8hMf76vaxxnFV3rHv5HJMDDGWw"
access-control-max-age
86400
fastly-io-info
ifsz=41633 idim=838x589 ifmt=png ofsz=22314 odim=838x589 ofmt=png
access-control-allow-origin
*
cache-control
max-age=2592000, public
fastly-stats
io=1
accept-ranges
bytes
content-type
image/png
content-length
20898
index.html
cmp-consent-tool.privacymanager.io/latest/ Frame 58F0 		2 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://cmp-consent-tool.privacymanager.io/latest/index.html
Requested by
Host: gdpr.privacymanager.io
URL: https://gdpr.privacymanager.io/1/gdpr.bundle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.99.101 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-99-101.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
29b7f78db08d77ff1943d06b6a5f1ebf24843b1fb8cd40da79d576101f5f0b5e

Request headers

Referer
https://www.ibtimes.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
57145
cache-control
must-revalidate,public,max-age=604800
content-encoding
br
content-type
text/html
date
Tue, 12 Apr 2022 05:31:28 GMT
etag
W/"a9695f3941d7e7d526084ac0c78593a3"
last-modified
Wed, 09 Mar 2022 10:50:54 GMT
server
AmazonS3
vary
Accept-Encoding
via
1.1 efb4ddf9650598b987ef5db782c5b530.cloudfront.net (CloudFront)
x-amz-cf-id
Xq602s-IF_aoBlMqUa2vfHD9tne15T5Mfs5ldvBVMuYI4nr-OJwlnA==
x-amz-cf-pop
FRA60-P3
x-amz-meta-codebuild-buildarn
arn:aws:codebuild:eu-west-1:469675294282:build/GlobalCmpConsentTool-prod:417e39bd-029e-41e8-a838-7a23ded44720
x-amz-meta-codebuild-content-md5
058e673791501a5e5fb3f26f6ba37243
x-amz-meta-codebuild-content-sha256
3cbbe80bb7efaffc7ec0f7e868b65262b416ddfd69ae29c9404a4ea9befbd85c
x-amz-server-side-encryption
AES256
x-amz-version-id
rq6xq6X465RO8o05i6YcZhvfI1rBnoxy
x-cache
Hit from cloudfront
GoogleNews.png
a5b4v2r5.stackpathcdn.com/uploads/ 		10 KB
10 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://a5b4v2r5.stackpathcdn.com/uploads/GoogleNews.png
Requested by
Host: www.ibtimes.com
URL: https://www.ibtimes.com/beware-new-android-banking-malware-can-take-over-your-device-spread-through-fake-apps-3469028
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.139.128.11 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software
Apache/2.4.29 (Ubuntu) /
Resource Hash
4656f09df0d74b1c7bd89ccd8f70d3b3795b03fe98e5916368ffe62f036ad567

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.ibtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 12 Apr 2022 21:23:41 GMT
last-modified
Thu, 17 Feb 2022 23:10:07 GMT
server
Apache/2.4.29 (Ubuntu)
etag
"268f-5d83eddf76595"
x-hw
1649798621.cds002.fr8.hn,1649798621.cds266.fr8.c
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=7200
accept-ranges
bytes
content-length
9871
AppleNews.png
a5b4v2r5.stackpathcdn.com/uploads/ 		9 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://a5b4v2r5.stackpathcdn.com/uploads/AppleNews.png
Requested by
Host: www.ibtimes.com
URL: https://www.ibtimes.com/beware-new-android-banking-malware-can-take-over-your-device-spread-through-fake-apps-3469028
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.139.128.11 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software
Apache/2.4.29 (Ubuntu) /
Resource Hash
f94a1d9791bb36519ed10151a31b8011f194689aa9f275a485d491e755d743ad

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.ibtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 12 Apr 2022 21:23:41 GMT
last-modified
Thu, 17 Feb 2022 23:09:57 GMT
server
Apache/2.4.29 (Ubuntu)
etag
"244f-5d83edd6c0d1d"
x-hw
1649798621.cds002.fr8.hn,1649798621.cds229.fr8.c
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=7200
accept-ranges
bytes
content-length
9295
NewsBreak.png
a5b4v2r5.stackpathcdn.com/uploads/ 		7 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://a5b4v2r5.stackpathcdn.com/uploads/NewsBreak.png
Requested by
Host: www.ibtimes.com
URL: https://www.ibtimes.com/beware-new-android-banking-malware-can-take-over-your-device-spread-through-fake-apps-3469028
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.139.128.11 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software
Apache/2.4.29 (Ubuntu) /
Resource Hash
678925226ce923d5062fbd209e2c72f1f8c20285164ceebe69f957b965d99e90

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.ibtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 12 Apr 2022 21:23:41 GMT
last-modified
Thu, 17 Feb 2022 23:10:00 GMT
server
Apache/2.4.29 (Ubuntu)
etag
"1da9-5d83edd96e60b"
x-hw
1649798621.cds002.fr8.hn,1649798621.cds273.fr8.c
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=4486
accept-ranges
bytes
content-length
7593
d
aux.fqtag.com/aux/ 		0
94 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://aux.fqtag.com/aux/d
Requested by
Host: cdn.fqtag.com
URL: https://cdn.fqtag.com/1.27.339-ccfb11a/pixel.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:1901:0:298e:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.ibtimes.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain; charset=UTF-8

Response headers

access-control-allow-origin
*
date
Tue, 12 Apr 2022 21:23:41 GMT
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
5eff8cfa4b5f601334e201d0
api.pushnami.com/scripts/v1/pushnami-adv/ 		131 KB
26 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://api.pushnami.com/scripts/v1/pushnami-adv/5eff8cfa4b5f601334e201d0
Requested by
Host: www.ibtimes.com
URL: https://www.ibtimes.com/beware-new-android-banking-malware-can-take-over-your-device-spread-through-fake-apps-3469028
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.99.22 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-99-22.fra60.r.cloudfront.net
Software
/
Resource Hash
5a11f8b9530d1f1819b3815018fc1cf7f7d676ac082123cabd4c200bc5d70c76

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.ibtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 12 Apr 2022 21:13:51 GMT
via
1.1 5492e1c9a06f2320204e7fcc383cff5c.cloudfront.net (CloudFront)
age
589
vary
accept-encoding
x-cache
Hit from cloudfront
content-type
application/javascript; charset=utf-8
cache-control
no-cache
x-amz-cf-pop
FRA60-P3
content-encoding
gzip
x-amz-cf-id
wPf35QCIKuTMIZGfumVdUDJZGXQaz1qJLuy7OlIGfjy9jP3GYue-Gg==
john-demers.jpg
dc.newsweek.com/en/full/2021935/ 		21 KB
21 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dc.newsweek.com/en/full/2021935/john-demers.jpg?w=480&h=270&q=75&f=4a0a171d62819b6b94141ddc09e0a8d9
Requested by
Host: www.ibtimes.com
URL: https://www.ibtimes.com/beware-new-android-banking-malware-can-take-over-your-device-spread-through-fake-apps-3469028
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.139.128.11 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software
Apache /
Resource Hash
9902411324cce1b336828d828b76672453bfc512d2b32a4d912c4ba09e53d8cd
Security Headers
Name Value
Strict-Transport-Security max-age=86400; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.ibtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 12 Apr 2022 21:23:41 GMT
last-modified
Mon, 11 Apr 2022 03:51:59 GMT
server
Apache
x-cacheable
YES
etag
"1649649119"
strict-transport-security
max-age=86400; includeSubDomains
x-hw
1649798621.cds158.fr8.hn,1649798621.cds287.fr8.c
content-type
image/jpeg
access-control-allow-origin
*
x-cahce
HIT
cache-control
max-age=3600
accept-ranges
bytes
content-length
21156
truncated
/ 		4 KB
4 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
14bf8292ae1e1ac698da2f2155f00ab24d5eda73e0c3e1e25e368a905759283b

Request headers

Referer
Origin
https://www.ibtimes.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Content-Type
application/font-woff;charset=utf-8
sdk.js
connect.facebook.net/en_US/ 		283 KB
81 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/sdk.js?hash=c06cfc2fdd872aae6a8cfac06fe93287
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f02d:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
b497bc9501b97fa4033afcdce1685e9a249ac7dd85a65d555996219f3f23ea35
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://www.ibtimes.com/
Origin
https://www.ibtimes.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
content-md5
FWMQZbbZfSNSRfby3skcMg==
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
expires
Wed, 12 Apr 2023 20:09:59 GMT
alt-svc
h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length
82858
x-fb-rlafr
0
x-fb-debug
b2WUH3SbhVKP8G9852PyflrelHLV1wLp0pZaW2DLYI4Yc8yfclEAOXrYbNprkds9n1yRNIrG5dEYymfgG+aZww==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
x-fb-content-md5
5c88c3e2d6e053cbcb8cb0f6011a3adb
cross-origin-opener-policy
same-origin-allow-popups
date
Tue, 12 Apr 2022 21:23:41 GMT
x-frame-options
DENY
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public,max-age=31536000,stale-while-revalidate=3600,immutable
etag
"22a6e7241fda54ba9ba21010bdb99b12"
timing-allow-origin
*
priority
u=3,i
access-control-expose-headers
X-FB-Content-MD5
AGSKWxWNu1NnfLyLCJAYevNqI--OpOaX0cD3sXDVucHYv1R-qGHoFrxcb-XnIfV5aYe_bc2Op5MVUoqj-H0sllSGogU=
fundingchoicesmessages.google.com/el/ 		0
29 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/el/AGSKWxWNu1NnfLyLCJAYevNqI--OpOaX0cD3sXDVucHYv1R-qGHoFrxcb-XnIfV5aYe_bc2Op5MVUoqj-H0sllSGogU=?pvid=2ABDFE0D-2E5B-4AF7-9049-D4AE6B8ACBC9&anonid=706142E4-3BB4-459C-8AE4-CD75841BFD19
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.de.f022JI12qEs.es5.O/d=1/rs=AJlcJMzzWb5Jvpb4qbPMa5jKkL4ZSKsq-w/m=kernel_loader,loader_js_executable
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-oIE3oasFIRM5JBAedZ+5jQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'nonce-oIE3oasFIRM5JBAedZ+5jQ' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.ibtimes.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain

Response headers

date
Tue, 12 Apr 2022 21:23:41 GMT
access-control-allow-methods
POST, GET, OPTIONS
x-content-type-options
nosniff
access-control-allow-origin
https://www.ibtimes.com
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
pragma
no-cache
server
ESF
cross-origin-opener-policy
same-origin; report-to="ContributorLoggingHttp"
x-frame-options
SAMEORIGIN
access-control-max-age
86400
report-to
{"group":"ContributorLoggingHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ContributorLoggingHttp/external"}]}
content-type
text/html; charset=utf-8
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
content-security-policy
script-src 'report-sample' 'nonce-oIE3oasFIRM5JBAedZ+5jQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'nonce-oIE3oasFIRM5JBAedZ+5jQ' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
expires
Mon, 01 Jan 1990 00:00:00 GMT
AGSKWxV7aD2SvZBaxfYmb6NpGd8SAyfVImT1D3iSJbJ3zQ60JXbepSgfYSIBCu4oET3fUdUisWQXI3bHudhX3kJ0Y-0=
fundingchoicesmessages.google.com/f/ 		312 KB
56 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/f/AGSKWxV7aD2SvZBaxfYmb6NpGd8SAyfVImT1D3iSJbJ3zQ60JXbepSgfYSIBCu4oET3fUdUisWQXI3bHudhX3kJ0Y-0=?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNjQ5Nzk4NjIxLDM5ODAwMDAwMF0sIjJBQkRGRTBELTJFNUItNEFGNy05MDQ5LUQ0QUU2QjhBQ0JDOSIsIjcwNjE0MkU0LTNCQjQtNDU5Qy04QUU0LUNENzU4NDFCRkQxOSIsbnVsbCxbbnVsbCxbN11dLCJodHRwczovL3d3dy5pYnRpbWVzLmNvbS9iZXdhcmUtbmV3LWFuZHJvaWQtYmFua2luZy1tYWx3YXJlLWNhbi10YWtlLW92ZXIteW91ci1kZXZpY2Utc3ByZWFkLXRocm91Z2gtZmFrZS1hcHBzLTM0NjkwMjgiLG51bGwsW11d
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.de.f022JI12qEs.es5.O/d=1/rs=AJlcJMzzWb5Jvpb4qbPMa5jKkL4ZSKsq-w/m=kernel_loader,loader_js_executable
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
981203fbc5e29def332af5fb04b94ad8e5f7aa6f4a42fc71041e5fab5e7e358f
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-5X6YYg0hrN5QylKNqohjEg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'nonce-5X6YYg0hrN5QylKNqohjEg' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.ibtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

content-security-policy
script-src 'report-sample' 'nonce-5X6YYg0hrN5QylKNqohjEg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'nonce-5X6YYg0hrN5QylKNqohjEg' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
pragma
no-cache
server
ESF
cross-origin-opener-policy
same-origin; report-to="ContributorGlobalRouterHttp"
x-frame-options
SAMEORIGIN
date
Tue, 12 Apr 2022 21:23:41 GMT
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
report-to
{"group":"ContributorGlobalRouterHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ContributorGlobalRouterHttp/external"}]}
content-type
application/javascript; charset=utf-8
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cache-control
no-cache, no-store, max-age=0, must-revalidate
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
expires
Mon, 01 Jan 1990 00:00:00 GMT
settings
syndication.twitter.com/ Frame F57A 		243 B
456 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://syndication.twitter.com/settings?session_id=2f2e1ed91fbc13255698c15e832b152d824c9bcc
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/widgets/widget_iframe.c1cdceed40059a51b374bf347e6a2ae0.html?origin=https%3A%2F%2Fwww.ibtimes.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.244.42.200 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_o /
Resource Hash
16681d2db4a981cc18f92c35241cf94cf76fa588f3e6c64126fbdc927c776fdb
Security Headers
Name Value
Strict-Transport-Security max-age=631138519

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://platform.twitter.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-response-time
106
date
Tue, 12 Apr 2022 21:23:40 GMT
content-encoding
gzip
last-modified
Tue, 12 Apr 2022 21:23:41 GMT
server
tsa_o
vary
Origin
strict-transport-security
max-age=631138519
content-type
application/json; charset=utf-8
access-control-allow-origin
https://platform.twitter.com
cache-control
must-revalidate, max-age=600
access-control-allow-credentials
true
x-connection-hash
e60c4b67f5f7b717a7b6536b722863ba6b01414f7a3bb910826a60f64b2e2bec
content-length
174
gru-russia-1538666099.m3u8
video.newsweek.com/transcoder/720hls/2534/ 		452 B
751 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://video.newsweek.com/transcoder/720hls/2534/gru-russia-1538666099.m3u8
Requested by
Host: s1.ibtimes.com
URL: https://s1.ibtimes.com/sites/www.ibtimes.com/files/advagg_js/js__K8ArvkXR4ILCClr7YJ4pnHFJpRuFieZm33dzKb4NAkk__TizRDfJUe6v58ZlgBKjytcGi9qGeQKc-URBlBCBasNk__BLfDMTfdyIpy-VJFGDnAh4bOQZnbFz8z57imDSXIqUw.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.139.128.11 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
2704a9ed1c5c19792cd904b747a6fd9d6aa0da0d2ae57531adad20666468e80f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.ibtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 12 Apr 2022 21:23:41 GMT
last-modified
Thu, 03 Dec 2020 13:30:34 GMT
server
AmazonS3
x-amz-request-id
WG9C51AS47C90MV3
etag
"2ba8700155e8d4fec4ecbc64d67085c7"
x-hw
1649798621.cds253.fr8.hn,1649798621.cds229.fr8.c
content-type
application/x-mpegURL
access-control-allow-origin
*
cache-control
max-age=2469841
accept-ranges
bytes
content-length
452
x-amz-id-2
+3dSWmkThUGMwJwbjRZTHnDXmJ6FG/366zu7BBYWpIw5XWBF4kCxv1y/G+jXwh4Dyf6k3wT7J3Q=
ruxitagentjs_ICA27QVfgjqrux_10237220328075400.js
www.ibt-mail.com/ Frame F74A 		327 KB
119 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.ibt-mail.com/ruxitagentjs_ICA27QVfgjqrux_10237220328075400.js
Requested by
Host: www.ibt-mail.com
URL: https://www.ibt-mail.com/site2/ibts_fast_start/?u=B&webforms_id=Z&v=0
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.160.77.202 , United States, ASN46469 (GETRESPONSE-IMPLIX, US),
Reverse DNS
mta-1.ibt-mail.com
Software
nginx /
Resource Hash
5de3fca87819121a6e01c096f05541696a0b71ed66e6755c1af798b80181e570

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.ibt-mail.com/site2/ibts_fast_start/?u=B&webforms_id=Z&v=0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date
Tue, 12 Apr 2022 21:23:41 GMT
Content-Encoding
gzip
Last-Modified
Wed, 03 Mar 2010 07:01:40 GMT
Server
nginx
Content-Type
text/javascript; charset=utf-8
Cache-Control
public, max-age=31536000, immutable
Connection
keep-alive
Content-Length
121212
Expires
Wed, 12 Apr 2023 21:23:41 GMT
webforms_show_styles.9476b9eb2898975c0303.css
us-as.gr-cdn.com//javascripts/core/webforms/dist/ Frame F74A 		28 KB
7 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://us-as.gr-cdn.com//javascripts/core/webforms/dist/webforms_show_styles.9476b9eb2898975c0303.css
Requested by
Host: www.ibt-mail.com
URL: https://www.ibt-mail.com/site2/ibts_fast_start/?u=B&webforms_id=Z&v=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
205.185.216.42 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
map2.hwcdn.net
Software
/
Resource Hash
cc24fa24141812141e3862a2322934369461fef452d303cb79b922b1a2b670c5
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.ibt-mail.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 12 Apr 2022 21:23:41 GMT
content-encoding
gzip
last-modified
Sat, 26 Oct 1985 08:15:00 GMT
etag
W/"1dc09d84-6e8a"
strict-transport-security
max-age=63072000; includeSubDomains
x-hw
1649798621.dop234.fr8.t,1649798621.cds247.fr8.hn,1649798621.cds056.fr8.c
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=31536000, public
accept-ranges
bytes
content-length
6652
manifest.35779c62dedb17e0486d.js
us-as.gr-cdn.com//javascripts/core/webforms/dist/ Frame F74A 		1 KB
976 B 		Script
General
Check archive.org
Download Go to
Full URL
https://us-as.gr-cdn.com//javascripts/core/webforms/dist/manifest.35779c62dedb17e0486d.js
Requested by
Host: www.ibt-mail.com
URL: https://www.ibt-mail.com/site2/ibts_fast_start/?u=B&webforms_id=Z&v=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
205.185.216.42 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
map2.hwcdn.net
Software
/
Resource Hash
791995af533e2ac5bd3bfeb9344684013d5cd30b77bb86f35c64517a210346ea
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.ibt-mail.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 12 Apr 2022 21:23:41 GMT
content-encoding
gzip
last-modified
Sat, 26 Oct 1985 08:15:00 GMT
etag
W/"1dc09d84-5f4"
strict-transport-security
max-age=63072000; includeSubDomains
x-hw
1649798621.dop234.fr8.t,1649798621.cds247.fr8.hn,1649798621.cds260.fr8.c
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=31536000, public
accept-ranges
bytes
content-length
744
webforms_entry.chunk.88825abbaf24f26299d7.js
us-as.gr-cdn.com//javascripts/core/webforms/dist/ Frame F74A 		32 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://us-as.gr-cdn.com//javascripts/core/webforms/dist/webforms_entry.chunk.88825abbaf24f26299d7.js
Requested by
Host: www.ibt-mail.com
URL: https://www.ibt-mail.com/site2/ibts_fast_start/?u=B&webforms_id=Z&v=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
205.185.216.42 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
map2.hwcdn.net
Software
/
Resource Hash
1739f970cb33878df9ccb80f19f3bc861a3498a8e48694563f07f01a67bc63f2
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.ibt-mail.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 12 Apr 2022 21:23:41 GMT
content-encoding
gzip
last-modified
Sat, 26 Oct 1985 08:15:00 GMT
etag
W/"1dc09d84-7edb"
strict-transport-security
max-age=63072000; includeSubDomains
x-hw
1649798621.dop234.fr8.t,1649798621.cds247.fr8.hn,1649798621.cds145.fr8.c
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=31536000, public
accept-ranges
bytes
content-length
10132
show_webform_shared.chunk.e51c6b112972dd577bf9.js
us-as.gr-cdn.com//javascripts/core/webforms/dist/ Frame F74A 		288 KB
86 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://us-as.gr-cdn.com//javascripts/core/webforms/dist/show_webform_shared.chunk.e51c6b112972dd577bf9.js
Requested by
Host: www.ibt-mail.com
URL: https://www.ibt-mail.com/site2/ibts_fast_start/?u=B&webforms_id=Z&v=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
205.185.216.42 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
map2.hwcdn.net
Software
/
Resource Hash
d081fa6efbc795a2e616a72a97c8573b05485da894a1164ebbc3b8dce3d0c811
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.ibt-mail.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 12 Apr 2022 21:23:41 GMT
content-encoding
gzip
last-modified
Sat, 26 Oct 1985 08:15:00 GMT
etag
W/"1dc09d84-47f3c"
strict-transport-security
max-age=63072000; includeSubDomains
x-hw
1649798621.dop234.fr8.t,1649798621.cds247.fr8.hn,1649798621.cds245.fr8.c
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=31536000, public
server-timing
dtSInfo;desc="1"
accept-ranges
bytes
content-length
87876
show.chunk.687c11980651d69638fc.js
us-as.gr-cdn.com//javascripts/core/webforms/dist/ Frame F74A 		747 B
541 B 		Script
General
Check archive.org
Download Go to
Full URL
https://us-as.gr-cdn.com//javascripts/core/webforms/dist/show.chunk.687c11980651d69638fc.js
Requested by
Host: www.ibt-mail.com
URL: https://www.ibt-mail.com/site2/ibts_fast_start/?u=B&webforms_id=Z&v=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
205.185.216.42 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
map2.hwcdn.net
Software
/
Resource Hash
7000a28fe2a5e49e7a2966feaa44c0858d9627ac2cb4f9c7b2fe966cda1e4149
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.ibt-mail.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 12 Apr 2022 21:23:41 GMT
content-encoding
gzip
last-modified
Sat, 26 Oct 1985 08:15:00 GMT
etag
"1dc09d84-2eb"
strict-transport-security
max-age=63072000; includeSubDomains
x-hw
1649798621.dop234.fr8.t,1649798621.cds247.fr8.hn,1649798621.cds051.fr8.c
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=31536000, public
accept-ranges
bytes
content-length
415
ao
capi-tier-1-us-east-2.connatix.com/tr/ Frame CCE6 		0
316 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://capi-tier-1-us-east-2.connatix.com/tr/ao?v=158503
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.playspace.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.130.124.226 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-130-124-226.us-east-2.compute.amazonaws.com
Software
Kestrel /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
multipart/form-data

Response headers

date
Tue, 12 Apr 2022 21:23:40 GMT
content-encoding
gzip
server
Kestrel
vary
Accept-Encoding
content-type
application/x-protobuf
access-control-allow-origin
https://www.ibtimes.com
access-control-allow-credentials
true
Connection
keep-alive
Content-Length
20
g
capi-tier-1-us-east-2.connatix.com/rtb/ Frame CCE6 		880 B
725 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://capi-tier-1-us-east-2.connatix.com/rtb/g?v=158503
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.playspace.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.130.124.226 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-130-124-226.us-east-2.compute.amazonaws.com
Software
Kestrel /
Resource Hash
e427df3488f9dcd7746135443309a83d1c21cce883931f4cd10a0c46a8409a4c

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
multipart/form-data

Response headers

date
Tue, 12 Apr 2022 21:23:41 GMT
content-encoding
gzip
server
Kestrel
vary
Accept-Encoding
content-type
application/x-protobuf
access-control-allow-origin
https://www.ibtimes.com
access-control-allow-credentials
true
Connection
keep-alive
Content-Length
428
ps
capi-tier-1-us-east-2.connatix.com/tr/ Frame CCE6 		0
316 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://capi-tier-1-us-east-2.connatix.com/tr/ps?v=158503
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.playspace.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.130.124.226 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-130-124-226.us-east-2.compute.amazonaws.com
Software
Kestrel /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
multipart/form-data

Response headers

date
Tue, 12 Apr 2022 21:23:41 GMT
content-encoding
gzip
server
Kestrel
vary
Accept-Encoding
content-type
application/x-protobuf
access-control-allow-origin
https://www.ibtimes.com
access-control-allow-credentials
true
Connection
keep-alive
Content-Length
20
f1d333ab-1b4f-43c4-9e85-84c23b54d6c2.jpg
img.connatix.com/pid-31e6619b-4bfe-49be-9083-d8ec2c6b8340/dac1bb9b-6089-44e8-af28-ecbe13fbb532/ 		23 KB
23 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.connatix.com/pid-31e6619b-4bfe-49be-9083-d8ec2c6b8340/dac1bb9b-6089-44e8-af28-ecbe13fbb532/f1d333ab-1b4f-43c4-9e85-84c23b54d6c2.jpg?crop=580:398,smart&width=580&height=398&format=jpeg&quality=60&fit=crop
Requested by
Host: www.ibtimes.com
URL: https://www.ibtimes.com/beware-new-android-banking-malware-can-take-over-your-device-spread-through-fake-apps-3469028
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.2.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
1ab4d11e4be1262265f4b25e1de3c40be59cd957a43bf290860b27cc8896eecc

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.ibtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 12 Apr 2022 21:23:41 GMT
content-encoding
br
age
20009
etag
"I+Q+nzYWuSrzVr79aPUOlRIjrV40rTt1cD8TL5X8GlY"
access-control-max-age
86400
fastly-io-info
ifsz=114672 idim=1200x800 ifmt=jpeg ofsz=23688 odim=580x398 ofmt=jpeg
access-control-allow-origin
*
cache-control
max-age=2592000, public
fastly-stats
io=1
accept-ranges
bytes
content-type
image/jpeg
content-length
23290
bridge3.510.0_en.html
imasdk.googleapis.com/js/core/ Frame 4A0C 		631 KB
205 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://imasdk.googleapis.com/js/core/bridge3.510.0_en.html
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
3f4ab73fcb25dfeb952f72dfba4b5bb1e58256b96b745936b9fe4d50e032287e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.ibtimes.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
353940
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
209820
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="ads-doubleclick-instream-static"
cross-origin-resource-policy
cross-origin
date
Fri, 08 Apr 2022 19:04:41 GMT
expires
Sat, 08 Apr 2023 19:04:41 GMT
last-modified
Fri, 08 Apr 2022 19:01:15 GMT
report-to
{"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
client.js
s0.2mdn.net/instream/video/ 		44 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/instream/video/client.js
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
d0bffc7261df1454c5e05475cda7d9e6647318dc6c3936767e1252bfe8849c54
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.ibtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 12 Apr 2022 21:23:41 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
16746
x-xss-protection
0
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Tue, 12 Apr 2022 21:23:41 GMT
ffa02b2d-8878-4a5e-afaf-3c45f9f63046
https://www.ibtimes.com/ 		5 KB
0 		Other
General
Check archive.org
Download Go to
Full URL
blob:https://www.ibtimes.com/ffa02b2d-8878-4a5e-afaf-3c45f9f63046
Requested by
Host: www.ibtimes.com
URL: https://www.ibtimes.com/beware-new-android-banking-malware-can-take-over-your-device-spread-through-fake-apps-3469028
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
0f32bd9fcaec4e8368737ae90d1c161c3cf144d1f4ff1249fa68b3d9669ebcb1

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Content-Length
5394
Content-Type
application/javascript
js
www.googletagmanager.com/gtag/ 		178 KB
65 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-YGVZJQK0TD&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5F22G6
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
810dc8f22bec624a718f95172b324c8704f63668451997e74eb2a86a8e4e9d13
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.ibtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 12 Apr 2022 21:23:41 GMT
content-encoding
br
server
Google Tag Manager
access-control-allow-headers
Cache-Control
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; includeSubDomains
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
66757
x-xss-protection
0
expires
Tue, 12 Apr 2022 21:23:41 GMT
analytics.js
www.google-analytics.com/ 		49 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5F22G6
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.ibtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 02 Nov 2021 17:39:06 GMT
server
Golfe2
age
6531
date
Tue, 12 Apr 2022 19:34:50 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
20006
expires
Tue, 12 Apr 2022 21:34:50 GMT
quant.js
secure.quantserve.com/ 		24 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://secure.quantserve.com/quant.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5F22G6
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:116:800d:21:51e4:db4b:4436:b305 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
8d6580af877387b05d9ffac3ebeacfe25a7728c77adef6d9b32fd72ccbe21468

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.ibtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 12 Apr 2022 21:23:41 GMT
content-encoding
gzip
etag
"u2JtyZzqnTXwzBUswy2r+w=="
vary
Accept-Encoding
content-type
application/javascript
cache-control
private, max-age=604800
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
expires
Tue, 19 Apr 2022 21:23:41 GMT
b2
sb.scorecardresearch.com/
Redirect Chain
  • https://sb.scorecardresearch.com/b?c1=2&c2=7922264&ns__t=1649798621540&ns_c=UTF-8&c8=Beware%3A%20New%20Android%20Banking%20Malware%20Can%20Take%20Over%20Your%20Device%2C%20Spread%20Through%20Fake%2...
  • https://sb.scorecardresearch.com/b2?c1=2&c2=7922264&ns__t=1649798621540&ns_c=UTF-8&c8=Beware%3A%20New%20Android%20Banking%20Malware%20Can%20Take%20Over%20Your%20Device%2C%20Spread%20Through%20Fake%...
0
190 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sb.scorecardresearch.com/b2?c1=2&c2=7922264&ns__t=1649798621540&ns_c=UTF-8&c8=Beware%3A%20New%20Android%20Banking%20Malware%20Can%20Take%20Over%20Your%20Device%2C%20Spread%20Through%20Fake%20Apps&c7=https%3A%2F%2Fwww.ibtimes.com%2Fbeware-new-android-banking-malware-can-take-over-your-device-spread-through-fake-apps-3469028&c9=
Requested by
Host: www.ibtimes.com
URL: https://www.ibtimes.com/beware-new-android-banking-malware-can-take-over-your-device-spread-through-fake-apps-3469028
Protocol
H2
Server
13.32.121.72 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-121-72.fra60.r.cloudfront.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.ibtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 12 Apr 2022 21:23:41 GMT
via
1.1 ec85113c6ed859938b3fcfa19bc035f8.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P1
x-amz-cf-id
kHow8UDty_4dyFzVDuJVdzsgypvNBrJGB3tMxaIWAcV8do8-A-DsRQ==
x-cache
Miss from cloudfront

Redirect headers

location
/b2?c1=2&c2=7922264&ns__t=1649798621540&ns_c=UTF-8&c8=Beware%3A%20New%20Android%20Banking%20Malware%20Can%20Take%20Over%20Your%20Device%2C%20Spread%20Through%20Fake%20Apps&c7=https%3A%2F%2Fwww.ibtimes.com%2Fbeware-new-android-banking-malware-can-take-over-your-device-spread-through-fake-apps-3469028&c9=
date
Tue, 12 Apr 2022 21:23:41 GMT
via
1.1 ec85113c6ed859938b3fcfa19bc035f8.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P1
content-length
0
x-amz-cf-id
XjviSJl1jsjWna2mjzaPB5K6GmyVl3ccfetomNHnve3SNowFNboFbg==
x-cache
Miss from cloudfront
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/1.9.1/ 		90 KB
33 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js
Requested by
Host: cdn.feeds.ibt.com
URL: https://cdn.feeds.ibt.com/tm-hits-widget.js?story_type=analysis%2Carticle%2Ccolumn%2Ceditorial%2Cinterview%2Cop_ed%2Copinion%2Cpulse%2Cslideshow%2Cblog_entry&created=1649539419&syndication=1&numbered=0&numbered2=1&placeholder_id=most_popular_widget&include_categories=0&exclude_cateids=1060003%7C26%7C1630%7C19%7C12%7C34%7C1060006%7C2%7C1059213%7C315%7C38%7C6%7C10%7C35%7C14&include_images=1&include_shares=0&limit=5&sponsor=&include_spons1=&include_spons2=&include_spons3=&site=www.ibtimes.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.ibtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sun, 10 Apr 2022 16:51:02 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
189159
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
33018
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 19:15:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="hosted-libraries-pushers"
vary
Accept-Encoding
report-to
{"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Mon, 10 Apr 2023 16:51:02 GMT
styles.css
cmp-consent-tool.privacymanager.io/latest/ Frame 58F0 		90 KB
10 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cmp-consent-tool.privacymanager.io/latest/styles.css
Requested by
Host: cmp-consent-tool.privacymanager.io
URL: https://cmp-consent-tool.privacymanager.io/latest/index.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.99.101 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-99-101.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
5fd811628575c59ea4501cbacd7fee7ffcb6eac53994664438bf006142eb0e0e

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cmp-consent-tool.privacymanager.io/latest/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-amz-version-id
nEwlM.._Qi8qJMLWmPBYBhvbM4GMYxFT
content-encoding
br
etag
W/"cd863c459ddfca7fa3dde02a0bfde5fb"
age
57145
x-amz-server-side-encryption
AES256
x-amz-meta-codebuild-buildarn
arn:aws:codebuild:eu-west-1:469675294282:build/GlobalCmpConsentTool-prod:417e39bd-029e-41e8-a838-7a23ded44720
x-cache
Hit from cloudfront
x-amz-meta-codebuild-content-md5
058e673791501a5e5fb3f26f6ba37243
last-modified
Wed, 09 Mar 2022 10:51:08 GMT
server
AmazonS3
date
Tue, 12 Apr 2022 05:31:28 GMT
vary
Accept-Encoding
x-amz-meta-codebuild-content-sha256
3cbbe80bb7efaffc7ec0f7e868b65262b416ddfd69ae29c9404a4ea9befbd85c
via
1.1 efb4ddf9650598b987ef5db782c5b530.cloudfront.net (CloudFront)
cache-control
must-revalidate,public,max-age=604800
x-amz-cf-pop
FRA60-P3
content-type
text/css
x-amz-cf-id
sAwp1CdWBQ0uIhSm23wYqVz8yUerfdmPzGrcG3RBx2vF_FVTEbhxRw==
openSans.css
cmp-consent-tool.privacymanager.io/latest/ Frame 58F0 		28 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cmp-consent-tool.privacymanager.io/latest/openSans.css
Requested by
Host: cmp-consent-tool.privacymanager.io
URL: https://cmp-consent-tool.privacymanager.io/latest/index.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.99.101 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-99-101.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
107c3c8d58a4b471627bcbdb06e10ec2cbd670a02c29458fea8383c1f9d7ddb9

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cmp-consent-tool.privacymanager.io/latest/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-amz-version-id
nq96Ub70k4tMBdapDSXCFXhK3YpGXf5S
content-encoding
br
etag
W/"c23188cdd4f3dbe2a39713eb6d0950da"
age
57145
x-amz-server-side-encryption
AES256
x-amz-meta-codebuild-buildarn
arn:aws:codebuild:eu-west-1:469675294282:build/GlobalCmpConsentTool-prod:417e39bd-029e-41e8-a838-7a23ded44720
x-cache
Hit from cloudfront
x-amz-meta-codebuild-content-md5
058e673791501a5e5fb3f26f6ba37243
last-modified
Wed, 09 Mar 2022 10:50:49 GMT
server
AmazonS3
date
Tue, 12 Apr 2022 05:31:28 GMT
vary
Accept-Encoding
x-amz-meta-codebuild-content-sha256
3cbbe80bb7efaffc7ec0f7e868b65262b416ddfd69ae29c9404a4ea9befbd85c
via
1.1 efb4ddf9650598b987ef5db782c5b530.cloudfront.net (CloudFront)
cache-control
must-revalidate,public,max-age=604800
x-amz-cf-pop
FRA60-P3
content-type
text/css
x-amz-cf-id
UzfLIQS6fqNx5nJ-HWxZXcWul1JBVSOfcmQ26FzUnbzt6re8w3EjDw==
runtime.js
cmp-consent-tool.privacymanager.io/latest/ Frame 58F0 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cmp-consent-tool.privacymanager.io/latest/runtime.js
Requested by
Host: cmp-consent-tool.privacymanager.io
URL: https://cmp-consent-tool.privacymanager.io/latest/index.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.99.101 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-99-101.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
1357132a872bc3c79a758f8ee6bd845da8dd085917d3948fd9ea7eb5cbc8228d

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cmp-consent-tool.privacymanager.io/latest/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-amz-version-id
DVBk35MVilOkLxT1sOXWJnaJlBmWtHrm
content-encoding
br
etag
W/"a03d9881b932cb6ea8403f3d8fee84f2"
age
57144
x-amz-server-side-encryption
AES256
x-amz-meta-codebuild-buildarn
arn:aws:codebuild:eu-west-1:469675294282:build/GlobalCmpConsentTool-prod:417e39bd-029e-41e8-a838-7a23ded44720
x-cache
Hit from cloudfront
x-amz-meta-codebuild-content-md5
058e673791501a5e5fb3f26f6ba37243
last-modified
Wed, 09 Mar 2022 10:51:06 GMT
server
AmazonS3
date
Tue, 12 Apr 2022 05:31:28 GMT
vary
Accept-Encoding
x-amz-meta-codebuild-content-sha256
3cbbe80bb7efaffc7ec0f7e868b65262b416ddfd69ae29c9404a4ea9befbd85c
via
1.1 efb4ddf9650598b987ef5db782c5b530.cloudfront.net (CloudFront)
cache-control
must-revalidate,public,max-age=604800
x-amz-cf-pop
FRA60-P3
content-type
application/x-javascript
x-amz-cf-id
bEcn4TFzDlgfzOK0ArFHDcKWQUUIXBL5IqnQq4_jQRl6Us4nFe5NaA==
polyfills.js
cmp-consent-tool.privacymanager.io/latest/ Frame 58F0 		36 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cmp-consent-tool.privacymanager.io/latest/polyfills.js
Requested by
Host: cmp-consent-tool.privacymanager.io
URL: https://cmp-consent-tool.privacymanager.io/latest/index.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.99.101 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-99-101.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
50166cea7ed05f882dff7f3496d076e8bc9defb23b487d64d6d4a7c21c325d1a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cmp-consent-tool.privacymanager.io/latest/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-amz-version-id
U0FwliXRt76U5BXqiXUu4GWP3WWWFrCD
content-encoding
br
etag
W/"ebe9ec655a6443501377c61b7e89be52"
age
548295
x-amz-server-side-encryption
AES256
x-amz-meta-codebuild-buildarn
arn:aws:codebuild:eu-west-1:469675294282:build/GlobalCmpConsentTool-prod:417e39bd-029e-41e8-a838-7a23ded44720
x-cache
Hit from cloudfront
x-amz-meta-codebuild-content-md5
058e673791501a5e5fb3f26f6ba37243
access-control-allow-origin
*
last-modified
Wed, 09 Mar 2022 10:50:38 GMT
server
AmazonS3
date
Tue, 12 Apr 2022 13:37:47 GMT
vary
Accept-Encoding
access-control-allow-methods
GET
x-amz-meta-codebuild-content-sha256
3cbbe80bb7efaffc7ec0f7e868b65262b416ddfd69ae29c9404a4ea9befbd85c
via
1.1 efb4ddf9650598b987ef5db782c5b530.cloudfront.net (CloudFront)
cache-control
must-revalidate,public,max-age=604800
x-amz-cf-pop
FRA60-P3
content-type
application/x-javascript
x-amz-cf-id
gRK-AxRocv8utQWyNuabRpwcHnH9Btv2lyCpSnZBiXEKE9wN9O2dQA==
vendor.js
cmp-consent-tool.privacymanager.io/latest/ Frame 58F0 		612 KB
166 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cmp-consent-tool.privacymanager.io/latest/vendor.js
Requested by
Host: cmp-consent-tool.privacymanager.io
URL: https://cmp-consent-tool.privacymanager.io/latest/index.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.99.101 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-99-101.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
10d30e26ef1c7a25e4714259f231c7db8993fe4583537a2be5a3b1749443b726

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cmp-consent-tool.privacymanager.io/latest/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-amz-version-id
O99orZ_K2zx9fV4oTGPkd_TdwuCmK7zT
content-encoding
br
etag
W/"1e4853cd005029266b8a4a0bb471e3ee"
age
134375
x-amz-server-side-encryption
AES256
x-amz-meta-codebuild-buildarn
arn:aws:codebuild:eu-west-1:469675294282:build/GlobalCmpConsentTool-prod:417e39bd-029e-41e8-a838-7a23ded44720
x-cache
Hit from cloudfront
x-amz-meta-codebuild-content-md5
058e673791501a5e5fb3f26f6ba37243
access-control-allow-origin
*
last-modified
Wed, 09 Mar 2022 10:51:10 GMT
server
AmazonS3
date
Tue, 12 Apr 2022 13:37:47 GMT
vary
Accept-Encoding
access-control-allow-methods
GET
x-amz-meta-codebuild-content-sha256
3cbbe80bb7efaffc7ec0f7e868b65262b416ddfd69ae29c9404a4ea9befbd85c
via
1.1 efb4ddf9650598b987ef5db782c5b530.cloudfront.net (CloudFront)
cache-control
must-revalidate,public,max-age=604800
x-amz-cf-pop
FRA60-P3
content-type
application/x-javascript
x-amz-cf-id
1BfXjfjRMcxLPqZAJEiUsjfwJPAYATKqox7zOpaDWPy7MuxiAH42WQ==
main.js
cmp-consent-tool.privacymanager.io/latest/ Frame 58F0 		35 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cmp-consent-tool.privacymanager.io/latest/main.js
Requested by
Host: cmp-consent-tool.privacymanager.io
URL: https://cmp-consent-tool.privacymanager.io/latest/index.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.99.101 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-99-101.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
f136cd1a769c6d3253135282bd06d378a2a65edf1296e7cd163d2ab40f630669

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cmp-consent-tool.privacymanager.io/latest/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-amz-version-id
cp4WajBCryseSu7oY_DEyaOZVEPy6gs3
content-encoding
br
etag
W/"c7334ef61e184b879473415b97fef525"
age
57144
x-amz-server-side-encryption
AES256
x-amz-meta-codebuild-buildarn
arn:aws:codebuild:eu-west-1:469675294282:build/GlobalCmpConsentTool-prod:417e39bd-029e-41e8-a838-7a23ded44720
x-cache
Hit from cloudfront
x-amz-meta-codebuild-content-md5
058e673791501a5e5fb3f26f6ba37243
last-modified
Wed, 09 Mar 2022 10:51:04 GMT
server
AmazonS3
date
Tue, 12 Apr 2022 05:31:42 GMT
vary
Accept-Encoding
x-amz-meta-codebuild-content-sha256
3cbbe80bb7efaffc7ec0f7e868b65262b416ddfd69ae29c9404a4ea9befbd85c
via
1.1 efb4ddf9650598b987ef5db782c5b530.cloudfront.net (CloudFront)
cache-control
must-revalidate,public,max-age=604800
x-amz-cf-pop
FRA60-P3
content-type
application/x-javascript
x-amz-cf-id
iM3WVSH5taH3aoJ2bNWkm2kMThMbFSr2tFmUyTnlUplVy2E_5p3Yzg==
f1d333ab-1b4f-43c4-9e85-84c23b54d6c2.jpg
img.connatix.com/pid-31e6619b-4bfe-49be-9083-d8ec2c6b8340/dac1bb9b-6089-44e8-af28-ecbe13fbb532/ 		19 KB
19 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.connatix.com/pid-31e6619b-4bfe-49be-9083-d8ec2c6b8340/dac1bb9b-6089-44e8-af28-ecbe13fbb532/f1d333ab-1b4f-43c4-9e85-84c23b54d6c2.jpg?crop=580:326,smart&width=580&height=326&format=jpeg&quality=60&fit=crop
Requested by
Host: www.ibtimes.com
URL: https://www.ibtimes.com/beware-new-android-banking-malware-can-take-over-your-device-spread-through-fake-apps-3469028
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.2.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
019f05708e749d4e94812ea968da61d6a52d6241bc6c78d316a10c0b03a03ed7

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.ibtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 12 Apr 2022 21:23:41 GMT
content-encoding
br
age
20009
etag
"iXSTmWsEsuIFbTYWF+UfmvmYNQiUBIUkrGmnaGpLmiE"
access-control-max-age
86400
fastly-io-info
ifsz=114672 idim=1200x800 ifmt=jpeg ofsz=19910 odim=580x326 ofmt=jpeg
access-control-allow-origin
*
cache-control
max-age=2592000, public
fastly-stats
io=1
accept-ranges
bytes
content-type
image/jpeg
content-length
19550
adaded73-e612-4555-8b16-d0df38b8c50c.jpg
img.connatix.com/pid-31e6619b-4bfe-49be-9083-d8ec2c6b8340/dac1bb9b-6089-44e8-af28-ecbe13fbb532/ 		22 KB
22 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.connatix.com/pid-31e6619b-4bfe-49be-9083-d8ec2c6b8340/dac1bb9b-6089-44e8-af28-ecbe13fbb532/adaded73-e612-4555-8b16-d0df38b8c50c.jpg?crop=580:326,smart&width=580&height=326&format=jpeg&quality=60&fit=crop
Requested by
Host: www.ibtimes.com
URL: https://www.ibtimes.com/beware-new-android-banking-malware-can-take-over-your-device-spread-through-fake-apps-3469028
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.2.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
2fc6cce5268baeaf4891ef55f9ebd047990b725fe6a1099f0e808a828e2eb1b6

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.ibtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 12 Apr 2022 21:23:41 GMT
content-encoding
br
age
20009
etag
"ev8D+mVaJhOf+CLhvvccbm6O4knxfTJ7QnQYWnMv5b8"
access-control-max-age
86400
fastly-io-info
ifsz=53964 idim=768x506 ifmt=jpeg ofsz=22349 odim=580x326 ofmt=jpeg
access-control-allow-origin
*
cache-control
max-age=2592000, public
fastly-stats
io=1
accept-ranges
bytes
content-type
image/jpeg
content-length
21956
6726afcb-a268-4ba9-856f-61af00bffa19.jpg
img.connatix.com/pid-31e6619b-4bfe-49be-9083-d8ec2c6b8340/dac1bb9b-6089-44e8-af28-ecbe13fbb532/ 		14 KB
13 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.connatix.com/pid-31e6619b-4bfe-49be-9083-d8ec2c6b8340/dac1bb9b-6089-44e8-af28-ecbe13fbb532/6726afcb-a268-4ba9-856f-61af00bffa19.jpg?crop=580:326,smart&width=580&height=326&format=jpeg&quality=60&fit=crop
Requested by
Host: www.ibtimes.com
URL: https://www.ibtimes.com/beware-new-android-banking-malware-can-take-over-your-device-spread-through-fake-apps-3469028
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.2.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
c3184a200c88a30957164c2f12e9a5c36d699ff017dd3a96ee595a7c9fa2ce36

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.ibtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 12 Apr 2022 21:23:41 GMT
content-encoding
br
age
20009
etag
"qUt7vWFUu4p3o8QBFDxAEIQ1PywC2r/jdx6CkAON+h8"
access-control-max-age
86400
fastly-io-info
ifsz=86130 idim=1200x675 ifmt=jpeg ofsz=14643 odim=580x326 ofmt=jpeg
access-control-allow-origin
*
cache-control
max-age=2592000, public
fastly-stats
io=1
accept-ranges
bytes
content-type
image/jpeg
content-length
13558
c672d383-026e-40b1-8cf9-a89bee41c30a.jpg
img.connatix.com/pid-31e6619b-4bfe-49be-9083-d8ec2c6b8340/dac1bb9b-6089-44e8-af28-ecbe13fbb532/ 		33 KB
32 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.connatix.com/pid-31e6619b-4bfe-49be-9083-d8ec2c6b8340/dac1bb9b-6089-44e8-af28-ecbe13fbb532/c672d383-026e-40b1-8cf9-a89bee41c30a.jpg?crop=580:326,smart&width=580&height=326&format=jpeg&quality=60&fit=crop
Requested by
Host: www.ibtimes.com
URL: https://www.ibtimes.com/beware-new-android-banking-malware-can-take-over-your-device-spread-through-fake-apps-3469028
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.2.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
d778e7946d2bbda5e7d0491e71c705c6f5cd3b78928d52da622bf78e52f501ea

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.ibtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 12 Apr 2022 21:23:41 GMT
content-encoding
br
age
20009
etag
"sFgCE4mlL43SFkF3YN5TcvosIlGeL/ANuv0FZeMgQ0c"
access-control-max-age
86400
fastly-io-info
ifsz=81737 idim=768x512 ifmt=jpeg ofsz=33292 odim=580x326 ofmt=jpeg
access-control-allow-origin
*
cache-control
max-age=2592000, public
fastly-stats
io=1
accept-ranges
bytes
content-type
image/jpeg
content-length
32896
238130a6-3e2a-4647-a2fe-a2b08a8fa997.jpg
img.connatix.com/pid-31e6619b-4bfe-49be-9083-d8ec2c6b8340/dac1bb9b-6089-44e8-af28-ecbe13fbb532/ 		29 KB
29 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.connatix.com/pid-31e6619b-4bfe-49be-9083-d8ec2c6b8340/dac1bb9b-6089-44e8-af28-ecbe13fbb532/238130a6-3e2a-4647-a2fe-a2b08a8fa997.jpg?crop=580:326,smart&width=580&height=326&format=jpeg&quality=60&fit=crop
Requested by
Host: www.ibtimes.com
URL: https://www.ibtimes.com/beware-new-android-banking-malware-can-take-over-your-device-spread-through-fake-apps-3469028
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.2.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
0cdc7a6a8980c7dfa197efddb5be3d5c5d5d7ea90f4cbc5136ad9c2a618b1307

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.ibtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 12 Apr 2022 21:23:41 GMT
content-encoding
br
age
20009
etag
"PJ9RF0L/LjYbRYAqDZR+MQQIfbWq3qhVX0iMgJx61A4"
access-control-max-age
86400
fastly-io-info
ifsz=71845 idim=768x512 ifmt=jpeg ofsz=29531 odim=580x326 ofmt=jpeg
access-control-allow-origin
*
cache-control
max-age=2592000, public
fastly-stats
io=1
accept-ranges
bytes
content-type
image/jpeg
content-length
29123
omweb-v1.js
pagead2.googlesyndication.com/omsdk/releases/live/ Frame 390E 		37 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Requested by
Host: srcdoc
URL: about:srcdoc
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e2511b147f3cf95f742758d3e2062eac98f5265a859dc07959eb8a32f0a2f528
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.ibtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 12 Apr 2022 20:58:29 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
1512
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
12861
x-xss-protection
0
last-modified
Tue, 26 Oct 2021 20:08:54 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="omsdk-team-release-policy"
vary
Accept-Encoding
report-to
{"group":"omsdk-team-release-policy","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/omsdk-team-release-policy"}]}
content-type
text/javascript
cache-control
public, max-age=3600
accept-ranges
bytes
expires
Tue, 12 Apr 2022 21:58:29 GMT
defaultTheme.css
cmp-consent-tool.privacymanager.io/latest/ Frame 58F0 		0
6 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://cmp-consent-tool.privacymanager.io/latest/defaultTheme.css
Requested by
Host: cmp-consent-tool.privacymanager.io
URL: https://cmp-consent-tool.privacymanager.io/latest/index.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.99.101 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-99-101.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cmp-consent-tool.privacymanager.io/latest/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-amz-version-id
D9TDM3Fp7Hkuq6ctdAxR3NewvgFHeJX8
content-encoding
br
etag
W/"50acd4ebe93d23ec3ecd7464ebf645e4"
age
57144
x-amz-server-side-encryption
AES256
x-amz-meta-codebuild-buildarn
arn:aws:codebuild:eu-west-1:469675294282:build/GlobalCmpConsentTool-prod:417e39bd-029e-41e8-a838-7a23ded44720
x-cache
Hit from cloudfront
x-amz-meta-codebuild-content-md5
058e673791501a5e5fb3f26f6ba37243
last-modified
Wed, 09 Mar 2022 10:50:54 GMT
server
AmazonS3
date
Tue, 12 Apr 2022 05:31:28 GMT
vary
Accept-Encoding
x-amz-meta-codebuild-content-sha256
3cbbe80bb7efaffc7ec0f7e868b65262b416ddfd69ae29c9404a4ea9befbd85c
via
1.1 efb4ddf9650598b987ef5db782c5b530.cloudfront.net (CloudFront)
cache-control
must-revalidate,public,max-age=604800
x-amz-cf-pop
FRA60-P3
content-type
text/css
x-amz-cf-id
zcQ9K-w2Yg2iJmnMugRkvstP2XfCF2Y7x7Dp7jTl5bLMER4LdezcEw==
runtime.js
cmp-consent-tool.privacymanager.io/latest/ Frame 58F0 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cmp-consent-tool.privacymanager.io/latest/runtime.js
Requested by
Host: cmp-consent-tool.privacymanager.io
URL: https://cmp-consent-tool.privacymanager.io/latest/index.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.99.101 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-99-101.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
1357132a872bc3c79a758f8ee6bd845da8dd085917d3948fd9ea7eb5cbc8228d

Request headers

Referer
https://cmp-consent-tool.privacymanager.io/latest/index.html
Origin
https://cmp-consent-tool.privacymanager.io
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-amz-version-id
DVBk35MVilOkLxT1sOXWJnaJlBmWtHrm
content-encoding
br
etag
W/"a03d9881b932cb6ea8403f3d8fee84f2"
age
57144
x-amz-server-side-encryption
AES256
x-amz-meta-codebuild-buildarn
arn:aws:codebuild:eu-west-1:469675294282:build/GlobalCmpConsentTool-prod:417e39bd-029e-41e8-a838-7a23ded44720
x-cache
Hit from cloudfront
x-amz-meta-codebuild-content-md5
058e673791501a5e5fb3f26f6ba37243
last-modified
Wed, 09 Mar 2022 10:51:06 GMT
server
AmazonS3
date
Tue, 12 Apr 2022 05:31:28 GMT
vary
Accept-Encoding
x-amz-meta-codebuild-content-sha256
3cbbe80bb7efaffc7ec0f7e868b65262b416ddfd69ae29c9404a4ea9befbd85c
via
1.1 efb4ddf9650598b987ef5db782c5b530.cloudfront.net (CloudFront)
cache-control
must-revalidate,public,max-age=604800
x-amz-cf-pop
FRA60-P3
content-type
application/x-javascript
x-amz-cf-id
KeKGvV5Iw6n7aAeDFWn0vLTTd_jAf0NAbQjkeKxuEv6a2N9xuqNDQw==
polyfills.js
cmp-consent-tool.privacymanager.io/latest/ Frame 58F0 		36 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cmp-consent-tool.privacymanager.io/latest/polyfills.js
Requested by
Host: cmp-consent-tool.privacymanager.io
URL: https://cmp-consent-tool.privacymanager.io/latest/index.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.99.101 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-99-101.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
50166cea7ed05f882dff7f3496d076e8bc9defb23b487d64d6d4a7c21c325d1a

Request headers

Referer
https://cmp-consent-tool.privacymanager.io/latest/index.html
Origin
https://cmp-consent-tool.privacymanager.io
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-amz-version-id
U0FwliXRt76U5BXqiXUu4GWP3WWWFrCD
content-encoding
br
etag
W/"ebe9ec655a6443501377c61b7e89be52"
age
548295
x-amz-server-side-encryption
AES256
x-amz-meta-codebuild-buildarn
arn:aws:codebuild:eu-west-1:469675294282:build/GlobalCmpConsentTool-prod:417e39bd-029e-41e8-a838-7a23ded44720
x-cache
Hit from cloudfront
x-amz-meta-codebuild-content-md5
058e673791501a5e5fb3f26f6ba37243
access-control-allow-origin
*
last-modified
Wed, 09 Mar 2022 10:50:38 GMT
server
AmazonS3
date
Tue, 12 Apr 2022 13:37:47 GMT
vary
Accept-Encoding
access-control-allow-methods
GET
x-amz-meta-codebuild-content-sha256
3cbbe80bb7efaffc7ec0f7e868b65262b416ddfd69ae29c9404a4ea9befbd85c
via
1.1 efb4ddf9650598b987ef5db782c5b530.cloudfront.net (CloudFront)
cache-control
must-revalidate,public,max-age=604800
x-amz-cf-pop
FRA60-P3
content-type
application/x-javascript
x-amz-cf-id
NfEUzZWAGWGihhidF-338omEr4fsZs9SLSG7QIyz1KE08sLddGLljg==
vendor.js
cmp-consent-tool.privacymanager.io/latest/ Frame 58F0 		612 KB
166 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cmp-consent-tool.privacymanager.io/latest/vendor.js
Requested by
Host: cmp-consent-tool.privacymanager.io
URL: https://cmp-consent-tool.privacymanager.io/latest/index.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.99.101 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-99-101.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
10d30e26ef1c7a25e4714259f231c7db8993fe4583537a2be5a3b1749443b726

Request headers

Referer
https://cmp-consent-tool.privacymanager.io/latest/index.html
Origin
https://cmp-consent-tool.privacymanager.io
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-amz-version-id
O99orZ_K2zx9fV4oTGPkd_TdwuCmK7zT
content-encoding
br
etag
W/"1e4853cd005029266b8a4a0bb471e3ee"
age
134375
x-amz-server-side-encryption
AES256
x-amz-meta-codebuild-buildarn
arn:aws:codebuild:eu-west-1:469675294282:build/GlobalCmpConsentTool-prod:417e39bd-029e-41e8-a838-7a23ded44720
x-cache
Hit from cloudfront
x-amz-meta-codebuild-content-md5
058e673791501a5e5fb3f26f6ba37243
access-control-allow-origin
*
last-modified
Wed, 09 Mar 2022 10:51:10 GMT
server
AmazonS3
date
Tue, 12 Apr 2022 13:37:47 GMT
vary
Accept-Encoding
access-control-allow-methods
GET
x-amz-meta-codebuild-content-sha256
3cbbe80bb7efaffc7ec0f7e868b65262b416ddfd69ae29c9404a4ea9befbd85c
via
1.1 efb4ddf9650598b987ef5db782c5b530.cloudfront.net (CloudFront)
cache-control
must-revalidate,public,max-age=604800
x-amz-cf-pop
FRA60-P3
content-type
application/x-javascript
x-amz-cf-id
-ntO1Bfw6dxl0N08K-vm5ewe5ytYsGBTRFLRUuqpJy_GWrRY4INoxw==
main.js
cmp-consent-tool.privacymanager.io/latest/ Frame 58F0 		35 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cmp-consent-tool.privacymanager.io/latest/main.js
Requested by
Host: cmp-consent-tool.privacymanager.io
URL: https://cmp-consent-tool.privacymanager.io/latest/index.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.99.101 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-99-101.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
f136cd1a769c6d3253135282bd06d378a2a65edf1296e7cd163d2ab40f630669

Request headers

Referer
https://cmp-consent-tool.privacymanager.io/latest/index.html
Origin
https://cmp-consent-tool.privacymanager.io
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-amz-version-id
cp4WajBCryseSu7oY_DEyaOZVEPy6gs3
content-encoding
br
etag
W/"c7334ef61e184b879473415b97fef525"
age
57144
x-amz-server-side-encryption
AES256
x-amz-meta-codebuild-buildarn
arn:aws:codebuild:eu-west-1:469675294282:build/GlobalCmpConsentTool-prod:417e39bd-029e-41e8-a838-7a23ded44720
x-cache
Hit from cloudfront
x-amz-meta-codebuild-content-md5
058e673791501a5e5fb3f26f6ba37243
last-modified
Wed, 09 Mar 2022 10:51:04 GMT
server
AmazonS3
date
Tue, 12 Apr 2022 05:31:42 GMT
vary
Accept-Encoding
x-amz-meta-codebuild-content-sha256
3cbbe80bb7efaffc7ec0f7e868b65262b416ddfd69ae29c9404a4ea9befbd85c
via
1.1 efb4ddf9650598b987ef5db782c5b530.cloudfront.net (CloudFront)
cache-control
must-revalidate,public,max-age=604800
x-amz-cf-pop
FRA60-P3
content-type
application/x-javascript
x-amz-cf-id
maS39ME727hx9PWxtVFIREeGv_BKiZDH_YPMJZPbybygfh2PEjvDUg==
bridge3.510.0_en.html
imasdk.googleapis.com/js/core/ Frame 131E 		631 KB
205 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://imasdk.googleapis.com/js/core/bridge3.510.0_en.html
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
3f4ab73fcb25dfeb952f72dfba4b5bb1e58256b96b745936b9fe4d50e032287e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.ibtimes.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
353940
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
209820
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="ads-doubleclick-instream-static"
cross-origin-resource-policy
cross-origin
date
Fri, 08 Apr 2022 19:04:41 GMT
expires
Sat, 08 Apr 2023 19:04:41 GMT
last-modified
Fri, 08 Apr 2022 19:01:15 GMT
report-to
{"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
client.js
s0.2mdn.net/instream/video/ Frame CCE6 		44 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/instream/video/client.js
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
d0bffc7261df1454c5e05475cda7d9e6647318dc6c3936767e1252bfe8849c54
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 12 Apr 2022 21:23:41 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
16746
x-xss-protection
0
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Tue, 12 Apr 2022 21:23:41 GMT
bridge3.510.0_en.html
imasdk.googleapis.com/js/core/ Frame BCE0 		631 KB
205 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://imasdk.googleapis.com/js/core/bridge3.510.0_en.html
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
3f4ab73fcb25dfeb952f72dfba4b5bb1e58256b96b745936b9fe4d50e032287e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.ibtimes.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
353940
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
209820
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="ads-doubleclick-instream-static"
cross-origin-resource-policy
cross-origin
date
Fri, 08 Apr 2022 19:04:41 GMT
expires
Sat, 08 Apr 2023 19:04:41 GMT
last-modified
Fri, 08 Apr 2022 19:01:15 GMT
report-to
{"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
bridge3.510.0_en.html
imasdk.googleapis.com/js/core/ Frame BF5D 		631 KB
205 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://imasdk.googleapis.com/js/core/bridge3.510.0_en.html
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
3f4ab73fcb25dfeb952f72dfba4b5bb1e58256b96b745936b9fe4d50e032287e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.ibtimes.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
353940
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
209820
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="ads-doubleclick-instream-static"
cross-origin-resource-policy
cross-origin
date
Fri, 08 Apr 2022 19:04:41 GMT
expires
Sat, 08 Apr 2023 19:04:41 GMT
last-modified
Fri, 08 Apr 2022 19:01:15 GMT
report-to
{"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
omweb-v1.js
pagead2.googlesyndication.com/omsdk/releases/live/ Frame CDE8 		37 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Requested by
Host: srcdoc
URL: about:srcdoc
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e2511b147f3cf95f742758d3e2062eac98f5265a859dc07959eb8a32f0a2f528
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.ibtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 12 Apr 2022 20:58:29 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
1512
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
12861
x-xss-protection
0
last-modified
Tue, 26 Oct 2021 20:08:54 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="omsdk-team-release-policy"
vary
Accept-Encoding
report-to
{"group":"omsdk-team-release-policy","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/omsdk-team-release-policy"}]}
content-type
text/javascript
cache-control
public, max-age=3600
accept-ranges
bytes
expires
Tue, 12 Apr 2022 21:58:29 GMT
omweb-v1.js
pagead2.googlesyndication.com/omsdk/releases/live/ Frame FEE3 		37 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Requested by
Host: srcdoc
URL: about:srcdoc
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e2511b147f3cf95f742758d3e2062eac98f5265a859dc07959eb8a32f0a2f528
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.ibtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 12 Apr 2022 20:58:29 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
1512
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
12861
x-xss-protection
0
last-modified
Tue, 26 Oct 2021 20:08:54 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="omsdk-team-release-policy"
vary
Accept-Encoding
report-to
{"group":"omsdk-team-release-policy","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/omsdk-team-release-policy"}]}
content-type
text/javascript
cache-control
public, max-age=3600
accept-ranges
bytes
expires
Tue, 12 Apr 2022 21:58:29 GMT
d8dea3ae-8cb9-4d1a-b6d6-c5b504b03bfb
https://www.ibtimes.com/ 		63 KB
0 		Other
General
Check archive.org
Download Go to
Full URL
blob:https://www.ibtimes.com/d8dea3ae-8cb9-4d1a-b6d6-c5b504b03bfb
Requested by
Host: www.ibtimes.com
URL: https://www.ibtimes.com/beware-new-android-banking-malware-can-take-over-your-device-spread-through-fake-apps-3469028
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
9d07c544e1b669eebe21e2f13a72ba82541729fbb4aa73ad7869f801337fbb6c

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Content-Length
64899
Content-Type
application/javascript
omweb-v1.js
pagead2.googlesyndication.com/omsdk/releases/live/ Frame 526F 		37 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Requested by
Host: srcdoc
URL: about:srcdoc
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e2511b147f3cf95f742758d3e2062eac98f5265a859dc07959eb8a32f0a2f528
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.ibtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 12 Apr 2022 20:58:29 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
1512
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
12861
x-xss-protection
0
last-modified
Tue, 26 Oct 2021 20:08:54 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="omsdk-team-release-policy"
vary
Accept-Encoding
report-to
{"group":"omsdk-team-release-policy","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/omsdk-team-release-policy"}]}
content-type
text/javascript
cache-control
public, max-age=3600
accept-ranges
bytes
expires
Tue, 12 Apr 2022 21:58:29 GMT
gru-russia-153866609900000.ts
video.newsweek.com/transcoder/720hls/2534/ 		3 MB
3 MB 		XHR
General
Check archive.org
Download Go to
Full URL
https://video.newsweek.com/transcoder/720hls/2534/gru-russia-153866609900000.ts
Requested by
Host: s1.ibtimes.com
URL: https://s1.ibtimes.com/sites/www.ibtimes.com/files/advagg_js/js__K8ArvkXR4ILCClr7YJ4pnHFJpRuFieZm33dzKb4NAkk__TizRDfJUe6v58ZlgBKjytcGi9qGeQKc-URBlBCBasNk__BLfDMTfdyIpy-VJFGDnAh4bOQZnbFz8z57imDSXIqUw.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.139.128.11 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
941117ed94deb9222493706c86a1cfc7a4951cbb781c0d5f5be40580c3c4a4bc

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.ibtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 12 Apr 2022 21:23:41 GMT
last-modified
Thu, 03 Dec 2020 13:30:34 GMT
server
AmazonS3
x-amz-request-id
KZWNFDX3G400NX38
etag
"78a2e941c3b085f0e706110afc136e04"
x-hw
1649798621.cds253.fr8.hn,1649798621.cds002.fr8.c
content-type
video/MP2T
access-control-allow-origin
*
cache-control
max-age=5184000
accept-ranges
bytes
content-length
3518796
x-amz-id-2
4WTEVgn7veXAF64z0KCIGJHLA4qA6F1u4IQUcmvdhxErgJYUPQDbLGhUi1F/YK9LU54hmrHg5BE=
service-worker.js
www.ibtimes.com/ Frame 		0
0
track
trc.pushnami.com/api/push/ 		2 B
168 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://trc.pushnami.com/api/push/track
Requested by
Host: api.pushnami.com
URL: https://api.pushnami.com/scripts/v1/pushnami-adv/5eff8cfa4b5f601334e201d0
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.84.95.29 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-84-95-29.compute-1.amazonaws.com
Software
/
Resource Hash
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

accept
application/json, text/plain, */*
Referer
https://www.ibtimes.com/
key
5eff8cfa4b5f601334e201d0
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
content-type
application/x-www-form-urlencoded

Response headers

access-control-allow-origin
*
date
Tue, 12 Apr 2022 21:23:42 GMT
cache-control
no-cache
content-type
text/html; charset=utf-8
content-length
2
access-control-expose-headers
WWW-Authenticate,Server-Authorization
track
trc.pushnami.com/api/push/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://trc.pushnami.com/api/push/track
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.84.95.29 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-84-95-29.compute-1.amazonaws.com
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
key
Access-Control-Request-Method
POST
Origin
https://www.ibtimes.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

access-control-allow-headers
Accept,Authorization,Content-Type,If-None-Match,key
access-control-allow-methods
POST
access-control-allow-origin
*
access-control-expose-headers
WWW-Authenticate,Server-Authorization
access-control-max-age
86400
cache-control
no-cache
date
Tue, 12 Apr 2022 21:23:42 GMT
linkid.js
www.google-analytics.com/plugins/ua/ 		2 KB
884 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/plugins/ua/linkid.js
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.ibtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 12 Apr 2022 20:56:52 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
1609
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
859
x-xss-protection
0
last-modified
Tue, 22 Oct 2019 18:15:00 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type
text/javascript
cache-control
public, max-age=3600
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="static-on-bigtable"
expires
Tue, 12 Apr 2022 21:56:52 GMT
an-msf-team-tended-to-patients-on-a.jpg
s1.ibtimes.com/sites/www.ibtimes.com/files/styles/thumbnail/public/2022/04/11/ 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s1.ibtimes.com/sites/www.ibtimes.com/files/styles/thumbnail/public/2022/04/11/an-msf-team-tended-to-patients-on-a.jpg
Requested by
Host: www.ibtimes.com
URL: https://www.ibtimes.com/beware-new-android-banking-malware-can-take-over-your-device-spread-through-fake-apps-3469028
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.139.128.11 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software
/
Resource Hash
99c01c002792415ba2c95b17273d071fa587187b9dcc911d90250dbceeaa05b3
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.ibtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 12 Apr 2022 21:23:41 GMT
x-content-type-options
nosniff
age
0
grace
none
x-cache
MISS
x-ua-device
pc
content-length
4662
last-modified
Mon, 11 Apr 2022 06:32:36 GMT
etag
"1236-5dc5b1c2b6069"
x-hw
1649798621.cds016.fr8.hn,1649798621.cds164.fr8.c
content-type
image/jpeg
access-control-allow-origin
*
x-geoip
CA
cache-control
max-age=1209600, public
accept-ranges
bytes
x-cache-hits
0
the-logo-of-robinhood-markets-inc-is-seen.jpg
s1.ibtimes.com/sites/www.ibtimes.com/files/styles/thumbnail/public/2022/03/22/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s1.ibtimes.com/sites/www.ibtimes.com/files/styles/thumbnail/public/2022/03/22/the-logo-of-robinhood-markets-inc-is-seen.jpg
Requested by
Host: www.ibtimes.com
URL: https://www.ibtimes.com/beware-new-android-banking-malware-can-take-over-your-device-spread-through-fake-apps-3469028
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.139.128.11 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software
/
Resource Hash
00e9f1a26819b43143335a11089cf49bf2c424c60bef794531acb39962564750
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.ibtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 12 Apr 2022 21:23:41 GMT
x-content-type-options
nosniff
age
0
grace
none
x-cache
MISS
x-ua-device
pc
content-length
2737
last-modified
Tue, 22 Mar 2022 13:20:12 GMT
etag
"ab1-5dace790afd00"
x-hw
1649798621.cds016.fr8.hn,1649798621.cds243.fr8.c
content-type
image/jpeg
access-control-allow-origin
*
x-geoip
DE
cache-control
max-age=1209600, public
accept-ranges
bytes
x-cache-hits
0
foreign-minister-pekka-haavisto-has-acknowledged-that-russia.jpg
s1.ibtimes.com/sites/www.ibtimes.com/files/styles/thumbnail/public/2022/04/09/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s1.ibtimes.com/sites/www.ibtimes.com/files/styles/thumbnail/public/2022/04/09/foreign-minister-pekka-haavisto-has-acknowledged-that-russia.jpg
Requested by
Host: www.ibtimes.com
URL: https://www.ibtimes.com/beware-new-android-banking-malware-can-take-over-your-device-spread-through-fake-apps-3469028
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.139.128.11 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software
/
Resource Hash
fa577574b0cd25df383cb7a48bcc59a3638d1e89d4673c46ccfcc00fb942ebd2
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.ibtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 12 Apr 2022 21:23:41 GMT
x-content-type-options
nosniff
age
0
grace
none
x-cache
MISS
x-ua-device
pc
content-length
3831
last-modified
Sun, 10 Apr 2022 03:41:40 GMT
etag
"ef7-5dc449b0a0df3"
x-hw
1649798621.cds016.fr8.hn,1649798621.cds055.fr8.c
content-type
image/jpeg
access-control-allow-origin
*
x-geoip
AT
cache-control
max-age=1209600, public
accept-ranges
bytes
x-cache-hits
0
nicola-peltz.jpg
s1.ibtimes.com/sites/www.ibtimes.com/files/styles/thumbnail/public/2014/07/20/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s1.ibtimes.com/sites/www.ibtimes.com/files/styles/thumbnail/public/2014/07/20/nicola-peltz.jpg
Requested by
Host: www.ibtimes.com
URL: https://www.ibtimes.com/beware-new-android-banking-malware-can-take-over-your-device-spread-through-fake-apps-3469028
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.139.128.11 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software
/
Resource Hash
7c38e8bd46038371165e08f610481dc073a386b25dd1f21fea6e77ff7b6a0c2a
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.ibtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 12 Apr 2022 21:23:41 GMT
x-content-type-options
nosniff
age
0
grace
none
x-cache
MISS
x-ua-device
pc
content-length
3060
last-modified
Fri, 11 Feb 2022 21:01:01 GMT
etag
"bf4-5d7c45d427512"
x-hw
1649798621.cds016.fr8.hn,1649798621.cds101.fr8.c
content-type
image/jpeg
access-control-allow-origin
*
x-geoip
NL
cache-control
max-age=1209600, public
accept-ranges
bytes
x-cache-hits
0
gettyimages-491847034.jpg
s1.ibtimes.com/sites/www.ibtimes.com/files/styles/thumbnail/public/2017/05/17/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s1.ibtimes.com/sites/www.ibtimes.com/files/styles/thumbnail/public/2017/05/17/gettyimages-491847034.jpg
Requested by
Host: www.ibtimes.com
URL: https://www.ibtimes.com/beware-new-android-banking-malware-can-take-over-your-device-spread-through-fake-apps-3469028
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.139.128.11 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software
/
Resource Hash
d16ba0d13fdc745f5f7ee4e22908cb3e39cdaffb0ae4e345f4ab8e9a9f79f7b6
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.ibtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 12 Apr 2022 21:23:41 GMT
x-content-type-options
nosniff
age
0
grace
none
x-cache
MISS
x-ua-device
pc
content-length
3681
last-modified
Sun, 27 Feb 2022 23:54:40 GMT
etag
"e61-5d908a7b725cd"
x-hw
1649798621.cds016.fr8.hn,1649798621.cds212.fr8.c
content-type
image/jpeg
access-control-allow-origin
*
x-geoip
DE
cache-control
max-age=1209600, public
accept-ranges
bytes
x-cache-hits
0
collect
www.google-analytics.com/g/ 		0
17 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/g/collect?v=2&tid=G-YGVZJQK0TD&gtm=2oe460&_p=1384500090&_z=ccd.NIB&cid=1536796330.1649798622&ul=en-us&sr=1600x1200&_s=1&sid=1649798621&sct=1&seg=0&dl=https%3A%2F%2Fwww.ibtimes.com%2Fbeware-new-android-banking-malware-can-take-over-your-device-spread-through-fake-apps-3469028&dt=Beware%3A%20New%20Android%20Banking%20Malware%20Can%20Take%20Over%20Your%20Device%2C%20Spread%20Through%20Fake%20Apps&en=page_view&_fv=1&_ss=1
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-YGVZJQK0TD&l=dataLayer&cx=c
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.ibtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 12 Apr 2022 21:23:41 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.ibtimes.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
rules-p-9FHQa04zD0f9Y.js
rules.quantcount.com/ 		2 B
354 B 		Script
General
Check archive.org
Download Go to
Full URL
https://rules.quantcount.com/rules-p-9FHQa04zD0f9Y.js
Requested by
Host: secure.quantserve.com
URL: https://secure.quantserve.com/quant.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223c:8e00:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.ibtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 12 Apr 2022 21:04:56 GMT
via
1.1 985c0b2ec44bdebc7f24f26d1e427d30.cloudfront.net (CloudFront)
server
AmazonS3
age
1125
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=3600
cross-origin-resource-policy
cross-origin
x-cache
Hit from cloudfront
x-amz-cf-pop
FRA56-P2
content-length
2
x-amz-cf-id
lS4JcTkPBNH3OrSfoC__zHmnwTcn0DlonU_lOPDNd15zMazgt69FfA==
GothamNarrow-Light.woff2
s1.ibtimes.com/sites/www.ibtimes.com/themes/us_ibtimes/fonts/ 		20 KB
20 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://s1.ibtimes.com/sites/www.ibtimes.com/themes/us_ibtimes/fonts/GothamNarrow-Light.woff2
Requested by
Host: www.ibtimes.com
URL: https://www.ibtimes.com/beware-new-android-banking-malware-can-take-over-your-device-spread-through-fake-apps-3469028
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.139.128.11 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software
/
Resource Hash
66fac9123cbd9a55edc7720629d1442277db52c4a3e3d2f42854905e52022c8c
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.ibtimes.com/
Origin
https://www.ibtimes.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 12 Apr 2022 21:23:41 GMT
x-content-type-options
nosniff
age
0
grace
none
x-cache
MISS
x-ua-device
bot
content-length
20496
last-modified
Mon, 09 Mar 2020 17:42:48 GMT
etag
"5010-56c0e692334d2"
x-hw
1649798621.cds002.fr8.hn,1649798621.cds220.fr8.c
content-type
application/octet-stream
access-control-allow-origin
*
x-geoip
FR
cache-control
max-age=1209600, public
accept-ranges
bytes
x-cache-hits
0
g
capi-tier-1-us-east-2.connatix.com/rtb/ Frame CCE6 		0
316 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://capi-tier-1-us-east-2.connatix.com/rtb/g?v=158503
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.playspace.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.130.124.226 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-130-124-226.us-east-2.compute.amazonaws.com
Software
Kestrel /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
multipart/form-data

Response headers

date
Tue, 12 Apr 2022 21:23:42 GMT
content-encoding
gzip
server
Kestrel
vary
Accept-Encoding
content-type
application/x-protobuf
access-control-allow-origin
https://www.ibtimes.com
access-control-allow-credentials
true
Connection
keep-alive
Content-Length
20
p
aux.fqtag.com/aux/ 		0
10 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://aux.fqtag.com/aux/p
Requested by
Host: cdn.fqtag.com
URL: https://cdn.fqtag.com/1.27.339-ccfb11a/pixel.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2600:1901:0:298e:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.ibtimes.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain; charset=UTF-8

Response headers

access-control-allow-origin
*
date
Tue, 12 Apr 2022 21:23:42 GMT
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
847.js
cmp-consent-tool.privacymanager.io/latest/ Frame 58F0 		56 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cmp-consent-tool.privacymanager.io/latest/847.js
Requested by
Host: cmp-consent-tool.privacymanager.io
URL: https://cmp-consent-tool.privacymanager.io/latest/runtime.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.99.101 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-99-101.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
20cd836805a1c2f92e21cf84debb5bacdb357fc8297f630322de3f0cfe7d20cf

Request headers

Referer
https://cmp-consent-tool.privacymanager.io/latest/index.html
Origin
https://cmp-consent-tool.privacymanager.io
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-amz-version-id
mAqEowXJerhLrRlwkpQb5n_GY3ZkPsqd
content-encoding
br
etag
W/"51f43cc73e936820c1997bae69b728dd"
age
134375
x-amz-server-side-encryption
AES256
x-amz-meta-codebuild-buildarn
arn:aws:codebuild:eu-west-1:469675294282:build/GlobalCmpConsentTool-prod:417e39bd-029e-41e8-a838-7a23ded44720
x-cache
Hit from cloudfront
x-amz-meta-codebuild-content-md5
058e673791501a5e5fb3f26f6ba37243
access-control-allow-origin
*
last-modified
Wed, 09 Mar 2022 10:50:45 GMT
server
AmazonS3
date
Tue, 12 Apr 2022 13:37:49 GMT
vary
Accept-Encoding
access-control-allow-methods
GET
x-amz-meta-codebuild-content-sha256
3cbbe80bb7efaffc7ec0f7e868b65262b416ddfd69ae29c9404a4ea9befbd85c
via
1.1 efb4ddf9650598b987ef5db782c5b530.cloudfront.net (CloudFront)
cache-control
must-revalidate,public,max-age=604800
x-amz-cf-pop
FRA60-P3
content-type
application/x-javascript
x-amz-cf-id
QUHr64CdAbc78V0EVNchNW3bgdTBt4YsQb-iR2o9dPXVYvFx1ZaOpg==
650.js
cmp-consent-tool.privacymanager.io/latest/ Frame 58F0 		22 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cmp-consent-tool.privacymanager.io/latest/650.js
Requested by
Host: cmp-consent-tool.privacymanager.io
URL: https://cmp-consent-tool.privacymanager.io/latest/runtime.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.99.101 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-99-101.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
c0c6ebceae3d1722e6da4ce408acb406787f11df1e1fb8696f33c5481e9b4b6f

Request headers

Referer
https://cmp-consent-tool.privacymanager.io/latest/index.html
Origin
https://cmp-consent-tool.privacymanager.io
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-amz-version-id
LDASX0_Xuk1_3OFzq26Kvp.F4Ebpa4Fm
content-encoding
br
etag
W/"f89cc2f22747329f2049f159f363a2db"
age
478171
x-amz-server-side-encryption
AES256
x-amz-meta-codebuild-buildarn
arn:aws:codebuild:eu-west-1:469675294282:build/GlobalCmpConsentTool-prod:417e39bd-029e-41e8-a838-7a23ded44720
x-cache
Hit from cloudfront
x-amz-meta-codebuild-content-md5
058e673791501a5e5fb3f26f6ba37243
access-control-allow-origin
*
last-modified
Wed, 09 Mar 2022 10:51:09 GMT
server
AmazonS3
date
Thu, 07 Apr 2022 08:34:12 GMT
access-control-allow-methods
GET
x-amz-meta-codebuild-content-sha256
3cbbe80bb7efaffc7ec0f7e868b65262b416ddfd69ae29c9404a4ea9befbd85c
via
1.1 efb4ddf9650598b987ef5db782c5b530.cloudfront.net (CloudFront)
cache-control
must-revalidate,public,max-age=604800
x-amz-cf-pop
FRA60-P3
content-type
application/x-javascript
x-amz-cf-id
xm3gMS7AXdPB3sD22Oh0AaY6rN9qRddhfLKs-dQ44TnRbnk-qnHqQA==
get_file_from_url.html
www.ibt-mail.com/ Frame F74A 		113 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.ibt-mail.com/get_file_from_url.html?url=https%3A%2F%2Ffonts.googleapis.com%2Fcss%3Ffamily%3DArvo%3A400%2C400i%2C700%2C700i%3Alatin%7CRoboto%3A100%2C100i%2C300%2C300i%2C400%2C400i%2C500%2C500i%2C700%2C700i%2C900%2C900i%3Alatin%2Clatin-ext%7CRoboto%2BSlab%3A100%2C300%2C400%2C700%3Alatin%2Clatin-ext%2Ccyrillic%2Ccyrillic-ext%2Cvietnamese%2Cgreek%2Cgreek-ext%7CRoboto%2BCondensed%3A300%2C300i%2C400%2C400i%2C700%2C700i%3Alatin%2Clatin-ext%2Ccyrillic%2Ccyrillic-ext%2Cvietnamese%2Cgreek%2Cgreek-ext%7CGrand%2BHotel%3A400%3Alatin%2Clatin-ext%7CMonoton%3A400%3Alatin%7CHanalei%3A400%3Alatin%2Clatin-ext%7CLobster%3A400%3Alatin%2Clatin-ext%2Ccyrillic%2Cvietnamese%7CLobster%2BTwo%3A400%2C400i%2C700%2C700i%3Alatin%7CChanga%2BOne%3A400%2C400i%3Alatin%2Clatin-ext%7CSpecial%2BElite%3A400%3Alatin%7CChewy%3A400%3Alatin%7CLuckiest%2BGuy%3A400%3Alatin%7CFredoka%2BOne%3A400%3Alatin%7CFugaz%2BOne%3A400%3Alatin%7CSansita%2BOne%3A400%3Alatin%7CPacifico%3A400%3Alatin%7CMerienda%2BOne%3A400%3Alatin%7CLato%3A100%2C100i%2C300%2C300i%2C400%2C400i%2C700%2C700i%2C900%2C900i%3Alatin%2Clatin-ext%7CSource%2BSans%2BPro%3A200%2C200i%2C300%2C300i%2C400%2C400i%2C600%2C600i%2C700%2C700i%2C900%2C900i%3Alatin%2Clatin-ext%2Cvietnamese%7CAmatic%2BSC%3A400%2C700%3Alatin%2Clatin-ext%7CArchivo%2BBlack%3A400%3Alatin%2Clatin-ext%7CAlfa%2BSlab%2BOne%3A400%3Alatin%7CBad%2BScript%3A400%3Alatin%2Ccyrillic%7CBevan%3A400%3Alatin%7CCabin%3A400%2C400i%2C500%2C500i%2C600%2C600i%2C700%2C700i%3Alatin%7CCrete%2BRound%3A400%2C400i%3Alatin%2Clatin-ext%7CDosis%3A200%2C300%2C400%2C500%2C600%2C700%2C800%3Alatin%2Clatin-ext
Requested by
Host: us-as.gr-cdn.com
URL: https://us-as.gr-cdn.com//javascripts/core/webforms/dist/show_webform_shared.chunk.e51c6b112972dd577bf9.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.160.77.202 , United States, ASN46469 (GETRESPONSE-IMPLIX, US),
Reverse DNS
mta-1.ibt-mail.com
Software
nginx /
Resource Hash
df14c80e02d3503b16a34ca1b805c81375a3fd491de3c5fb2683f08f63441f45
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.ibt-mail.com/site2/ibts_fast_start/?u=B&webforms_id=Z&v=0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date
Tue, 12 Apr 2022 21:23:42 GMT
Content-Encoding
gzip
Referrer-Policy
strict-origin-when-cross-origin
Server
nginx
X-Frame-Options
sameorigin
Content-Type
text/css; charset=utf-8
X-XSS-Protection
1; mode=block
Connection
keep-alive
Feature-Policy
accelerometer *; ambient-light-sensor *; autoplay *; camera *; encrypted-media *; fullscreen *; geolocation *; gyroscope *; magnetometer *; microphone *; midi *; payment *; picture-in-picture *; speaker *; sync-xhr *; usb *; vr *
Server-Timing
dtSInfo;desc="1"
Transfer-Encoding
chunked
X-Content-Type-Options
nosniff
get_file_from_url.html
www.ibt-mail.com/ Frame F74A 		112 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.ibt-mail.com/get_file_from_url.html?url=https%3A%2F%2Ffonts.googleapis.com%2Fcss%3Ffamily%3DDancing%2BScript%3A400%2C700%3Alatin%7CDroid%2BSans%3A400%2C700%3Alatin%7COpen%2BSans%3A300%2C300i%2C400%2C400i%2C600%2C600i%2C700%2C700i%2C800%2C800i%3Alatin%2Clatin-ext%2Ccyrillic%2Ccyrillic-ext%2Cvietnamese%2Cgreek%2Cgreek-ext%7COswald%3A300%2C400%2C700%3Alatin%2Clatin-ext%7CRaleway%3A100%2C200%2C300%2C400%2C500%2C600%2C700%2C800%2C900%3Alatin%7CGlegoo%3A400%2C700%3Alatin%2Clatin-ext%2Cdevanagari%7CGreat%2BVibes%3A400%3Alatin%2Clatin-ext%7CTenor%2BSans%3A400%3Alatin%2Clatin-ext%2Ccyrillic%7CTitillium%2BWeb%3A200%2C200i%2C300%2C300i%2C400%2C400i%2C600%2C600i%2C700%2C700i%2C900%3Alatin%2Clatin-ext%7CLora%3A400%2C400i%2C700%2C700i%3Alatin%2Clatin-ext%2Ccyrillic%7CAmaranth%3A400%2C400i%2C700%2C700i%3Alatin%2Clatin-ext%7COregano%3A400%2C400i%3Alatin%2Clatin-ext%7CQuicksand%3A300%2C400%2C700%3Alatin%7CExo%2B2%3A100%2C100i%2C200%2C200i%2C300%2C300i%2C400%2C400i%2C500%2C500i%2C600%2C600i%2C700%2C700i%2C900%2C900i%3Alatin%2Clatin-ext%2Ccyrillic%7CEnglebert%3A400%3Alatin%2Clatin-ext%7CGabriela%3A400%3Alatin%2Clatin-ext%7CYesteryear%3A400%3Alatin%7CJulius%2BSans%2BOne%3A400%3Alatin%2Clatin-ext%7CNeuton%3A200%2C300%2C400%2C400i%2C700%2C800%3Alatin%2Clatin-ext%7CNunito%3A300%2C400%2C700%3Alatin%7CMedula%2BOne%3A400%3Alatin%7CVarela%3A400%3Alatin%2Clatin-ext%7CPT%2BSans%3A400%2C400i%2C700%2C700i%3Alatin%2Ccyrillic%2Ccyrillic-ext%7CWalter%2BTurncoat%3A400%3Alatin
Requested by
Host: us-as.gr-cdn.com
URL: https://us-as.gr-cdn.com//javascripts/core/webforms/dist/show_webform_shared.chunk.e51c6b112972dd577bf9.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.160.77.202 , United States, ASN46469 (GETRESPONSE-IMPLIX, US),
Reverse DNS
mta-1.ibt-mail.com
Software
nginx /
Resource Hash
aced550859f4c5b7c0ecb52de56f234156136d4563ea0a53e3eaacecb49801c1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.ibt-mail.com/site2/ibts_fast_start/?u=B&webforms_id=Z&v=0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date
Tue, 12 Apr 2022 21:23:42 GMT
Content-Encoding
gzip
Referrer-Policy
strict-origin-when-cross-origin
Server
nginx
X-Frame-Options
sameorigin
Content-Type
text/css; charset=utf-8
X-XSS-Protection
1; mode=block
Connection
keep-alive
Feature-Policy
accelerometer *; ambient-light-sensor *; autoplay *; camera *; encrypted-media *; fullscreen *; geolocation *; gyroscope *; magnetometer *; microphone *; midi *; payment *; picture-in-picture *; speaker *; sync-xhr *; usb *; vr *
Server-Timing
dtSInfo;desc="1"
Transfer-Encoding
chunked
X-Content-Type-Options
nosniff
webforms_show_styles.9476b9eb2898975c0303.css
us-as.gr-cdn.com//javascripts/core/webforms/dist/ Frame F74A 		28 KB
7 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://us-as.gr-cdn.com//javascripts/core/webforms/dist/webforms_show_styles.9476b9eb2898975c0303.css
Requested by
Host: us-as.gr-cdn.com
URL: https://us-as.gr-cdn.com//javascripts/core/webforms/dist/show_webform_shared.chunk.e51c6b112972dd577bf9.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
205.185.216.42 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
map2.hwcdn.net
Software
/
Resource Hash
cc24fa24141812141e3862a2322934369461fef452d303cb79b922b1a2b670c5
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.ibt-mail.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 12 Apr 2022 21:23:42 GMT
content-encoding
gzip
last-modified
Sat, 26 Oct 1985 08:15:00 GMT
etag
W/"1dc09d84-6e8a"
strict-transport-security
max-age=63072000; includeSubDomains
x-hw
1649798622.dop234.fr8.t,1649798622.cds247.fr8.hn,1649798622.cds056.fr8.c
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=31536000, public
accept-ranges
bytes
content-length
6652
style.css
www.ibt-mail.com/images/common/templates/webform/109/5/ Frame F74A 		5 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.ibt-mail.com/images/common/templates/webform/109/5/style.css
Requested by
Host: us-as.gr-cdn.com
URL: https://us-as.gr-cdn.com//javascripts/core/webforms/dist/show_webform_shared.chunk.e51c6b112972dd577bf9.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.160.77.202 , United States, ASN46469 (GETRESPONSE-IMPLIX, US),
Reverse DNS
mta-1.ibt-mail.com
Software
nginx /
Resource Hash
5cce7c7f0dc31900c8320d0028cc0730d57d1b76a4a50fc831c8103eb0f3b558

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.ibt-mail.com/site2/ibts_fast_start/?u=B&webforms_id=Z&v=0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date
Tue, 12 Apr 2022 21:23:42 GMT
Content-Encoding
gzip
Last-Modified
Thu, 17 Mar 2022 18:54:16 GMT
Server
nginx
ETag
W/"623383d8-1363"
Transfer-Encoding
chunked
Content-Type
text/css
Cache-Control
max-age=86400
Server-Timing
dtSInfo;desc="1"
Connection
keep-alive
Expires
Wed, 13 Apr 2022 21:23:42 GMT
5e373759-92af-4c48-953e-059c7db110ca.png
multimedia.ibt-mail.com/ibt-B/photos/ Frame F74A 		14 KB
14 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://multimedia.ibt-mail.com/ibt-B/photos/5e373759-92af-4c48-953e-059c7db110ca.png
Requested by
Host: www.ibtimes.com
URL: https://www.ibtimes.com/beware-new-android-banking-malware-can-take-over-your-device-spread-through-fake-apps-3469028
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
69.16.175.42 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
hwcdn.net
Software
/
Resource Hash
38adabd09019884f9d25b4251048d2e510374f6cd996dd5a19f118b4414f8c52
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.ibt-mail.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 12 Apr 2022 21:23:42 GMT
x-unique-id
978B5673:E34E_68A04040:01BB_60AFB556_237D857:47A2
last-modified
Tue, 04 May 2021 06:11:59 GMT
x-amz-request-id
917738R5K0E6TN2M
etag
"e483ef493d91c7d82b1aa4234befbc75"
strict-transport-security
max-age=63072000; includeSubDomains
x-hw
1649798622.dop235.fr8.t,1649798622.cds207.fr8.hn,1649798622.cds276.fr8.c
content-type
image/png
cache-control
max-age=3865336
content-length
14317
accept-ranges
bytes
x-amz-version-id
K1zePmV90zPbuAxjYk0WBZd2.8rQ8MEU
x-amz-id-2
fQaFnc/MF+l4B0cI4OVHWgRszCIXdZXxsg0do2BptApFbVZ77MbDk+1s0YlNMd7sA9j5+6kDMag=
6849b256-5e6a-441c-9dca-0fc11e52f0c5.jpg
multimedia.ibt-mail.com/ibt-B/photos/ Frame F74A 		2 MB
2 MB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://multimedia.ibt-mail.com/ibt-B/photos/6849b256-5e6a-441c-9dca-0fc11e52f0c5.jpg
Requested by
Host: www.ibtimes.com
URL: https://www.ibtimes.com/beware-new-android-banking-malware-can-take-over-your-device-spread-through-fake-apps-3469028
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
69.16.175.42 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
hwcdn.net
Software
/
Resource Hash
084b4c07759cbb44f702d52816a773e8c562a6a287bc177a011519a852af4bb0
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.ibt-mail.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 12 Apr 2022 21:23:42 GMT
x-unique-id
978B5609:4026_68A04040:01BB_60AFB556_2848581:47A1
last-modified
Tue, 04 May 2021 06:12:38 GMT
x-amz-request-id
9174YWHWWNJ7JAAB
etag
"70a21c6e956e58702d2ae6ada39c76c1"
strict-transport-security
max-age=63072000; includeSubDomains
x-hw
1649798622.dop235.fr8.t,1649798622.cds207.fr8.hn,1649798622.cds207.fr8.c
content-type
image/jpeg
cache-control
max-age=3865336
content-length
2067940
accept-ranges
bytes
x-amz-version-id
.liRMQ.JWD3Wv..pnY7bDoUpWyBBrtE6
x-amz-id-2
88eNS+Cwq5wLONBkvpQ0Y1tqcKeRNakW1WaqjZrnPaGNU5tmJs5O1SG0IPa5UhPH4XtipJWXRAc=
collect
stats.g.doubleclick.net/j/ 		4 B
442 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-5652780-46&cid=1536796330.1649798622&jid=486138277&gjid=2098018582&_gid=879295986.1649798622&_u=aGBAgEAjAAAAAE~&z=713462423
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c00::9b Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.ibtimes.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
date
Tue, 12 Apr 2022 21:23:42 GMT
content-type
text/plain
access-control-allow-origin
https://www.ibtimes.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/ 		35 B
55 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google-analytics.com/collect?v=1&_v=j96&a=1384500090&t=pageview&_s=1&dl=https%3A%2F%2Fwww.ibtimes.com%2Fbeware-new-android-banking-malware-can-take-over-your-device-spread-through-fake-apps-3469028&ul=en-us&de=UTF-8&dt=Beware%3A%20New%20Android%20Banking%20Malware%20Can%20Take%20Over%20Your%20Device%2C%20Spread%20Through%20Fake%20Apps&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aGBAgEAj~&jid=486138277&gjid=2098018582&cid=1536796330.1649798622&tid=UA-5652780-46&_gid=879295986.1649798622&gtm=2wg4605F22G6&cd1=Nica%20Osorio&cd2=technology&cd3=IBTimes&cd4=us&cd5=en&cd6=article&cd7=3469028&cd8=20220410&cd9=202204&cd10=us.ibtimes%2Ftechnology%2Farticles&cd12=No&cd13=N&cd14=Y&cd15=Y&cd17=Business%2CInvesting%2CTechnology%2CConsumer%20Electronics&cd18=related&cd19=web&cd20=13&cd21=5&cd22=article&cd23=web&cd26=Y&cd27=nonpromoted&z=1852048189
Requested by
Host: www.ibtimes.com
URL: https://www.ibtimes.com/beware-new-android-banking-malware-can-take-over-your-device-spread-through-fake-apps-3469028
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.ibtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 12 Apr 2022 14:43:11 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
24031
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
defaultTheme.css
cmp-consent-tool.privacymanager.io/latest/ Frame 58F0 		32 KB
6 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cmp-consent-tool.privacymanager.io/latest/defaultTheme.css
Requested by
Host: cmp-consent-tool.privacymanager.io
URL: https://cmp-consent-tool.privacymanager.io/latest/main.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.99.101 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-99-101.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
1eae565e7f4ae4b87e5ffb96bf72fb3a58e4aeb73e73a00a5368c8cfe308aa2c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cmp-consent-tool.privacymanager.io/latest/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-amz-version-id
D9TDM3Fp7Hkuq6ctdAxR3NewvgFHeJX8
content-encoding
br
etag
W/"50acd4ebe93d23ec3ecd7464ebf645e4"
age
57145
x-amz-server-side-encryption
AES256
x-amz-meta-codebuild-buildarn
arn:aws:codebuild:eu-west-1:469675294282:build/GlobalCmpConsentTool-prod:417e39bd-029e-41e8-a838-7a23ded44720
x-cache
Hit from cloudfront
x-amz-meta-codebuild-content-md5
058e673791501a5e5fb3f26f6ba37243
last-modified
Wed, 09 Mar 2022 10:50:54 GMT
server
AmazonS3
date
Tue, 12 Apr 2022 05:31:28 GMT
vary
Accept-Encoding
x-amz-meta-codebuild-content-sha256
3cbbe80bb7efaffc7ec0f7e868b65262b416ddfd69ae29c9404a4ea9befbd85c
via
1.1 efb4ddf9650598b987ef5db782c5b530.cloudfront.net (CloudFront)
cache-control
must-revalidate,public,max-age=604800
x-amz-cf-pop
FRA60-P3
content-type
text/css
x-amz-cf-id
vSgfZNRQVndw_lXQz5tBSxai6MvOlVIlnGxbaqLt0V1w-tlTwO7khw==
605.js
cmp-consent-tool.privacymanager.io/latest/ Frame 58F0 		122 KB
22 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cmp-consent-tool.privacymanager.io/latest/605.js
Requested by
Host: cmp-consent-tool.privacymanager.io
URL: https://cmp-consent-tool.privacymanager.io/latest/runtime.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.99.101 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-99-101.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
1e8eb3143ae508bca0b46d3cc70e57d78c9c19b8b535a40498bad308428c65fb

Request headers

Referer
https://cmp-consent-tool.privacymanager.io/latest/
Origin
https://cmp-consent-tool.privacymanager.io
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-amz-version-id
ytYbwVg9e702Iq3_SjaqDASMV9yowkPM
content-encoding
br
etag
W/"e072d3bb1e9ad89785f59ff83ebb6e60"
age
170319
x-amz-server-side-encryption
AES256
x-amz-meta-codebuild-buildarn
arn:aws:codebuild:eu-west-1:469675294282:build/GlobalCmpConsentTool-prod:417e39bd-029e-41e8-a838-7a23ded44720
x-cache
Hit from cloudfront
x-amz-meta-codebuild-content-md5
058e673791501a5e5fb3f26f6ba37243
access-control-allow-origin
*
last-modified
Wed, 09 Mar 2022 10:50:46 GMT
server
AmazonS3
date
Tue, 12 Apr 2022 13:37:50 GMT
vary
Accept-Encoding
access-control-allow-methods
GET
x-amz-meta-codebuild-content-sha256
3cbbe80bb7efaffc7ec0f7e868b65262b416ddfd69ae29c9404a4ea9befbd85c
via
1.1 efb4ddf9650598b987ef5db782c5b530.cloudfront.net (CloudFront)
cache-control
must-revalidate,public,max-age=604800
x-amz-cf-pop
FRA60-P3
content-type
application/x-javascript
x-amz-cf-id
g8wJWuZa5QYIEVJdgl5jAMwOxcuJ9pa6-QONG3eTIv9gijTr-FEzuQ==
open-sans-latin-400-normal.woff2
cmp-consent-tool.privacymanager.io/latest/ Frame 58F0 		16 KB
17 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://cmp-consent-tool.privacymanager.io/latest/open-sans-latin-400-normal.woff2
Requested by
Host: cmp-consent-tool.privacymanager.io
URL: https://cmp-consent-tool.privacymanager.io/latest/openSans.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.99.101 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-99-101.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
cce577471c2586f3e0c2518fff84a970d33f61491fb8c629341b86f238cf07c0

Request headers

Referer
https://cmp-consent-tool.privacymanager.io/latest/openSans.css
Origin
https://cmp-consent-tool.privacymanager.io
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-amz-version-id
JCDZodgMXoqFyevU.JBvCSRC7fpIH6ln
via
1.1 efb4ddf9650598b987ef5db782c5b530.cloudfront.net (CloudFront)
etag
"d65113b6da7ba4bd0a59dbda5a7e24d4"
age
548295
x-amz-server-side-encryption
AES256
x-amz-meta-codebuild-buildarn
arn:aws:codebuild:eu-west-1:469675294282:build/GlobalCmpConsentTool-prod:417e39bd-029e-41e8-a838-7a23ded44720
x-cache
Hit from cloudfront
x-amz-meta-codebuild-content-md5
058e673791501a5e5fb3f26f6ba37243
content-length
16692
last-modified
Wed, 09 Mar 2022 10:50:43 GMT
server
AmazonS3
date
Tue, 12 Apr 2022 08:13:49 GMT
x-amz-meta-codebuild-content-sha256
3cbbe80bb7efaffc7ec0f7e868b65262b416ddfd69ae29c9404a4ea9befbd85c
cache-control
must-revalidate,public,max-age=604800
x-amz-cf-pop
FRA60-P3
accept-ranges
bytes
content-type
application/octet-stream
x-amz-cf-id
b7lgErRY7JgCtEMtN8BzKoQ86ANWNVOdQOGtyl4oQLWnYnjmxmQVAQ==
ga-audiences
www.google.com/ads/ 		42 B
501 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-5652780-46&cid=1536796330.1649798622&jid=486138277&_u=aGBAgEAjAAAAAE~&z=134862271
Requested by
Host: www.ibtimes.com
URL: https://www.ibtimes.com/beware-new-android-banking-malware-can-take-over-your-device-spread-through-fake-apps-3469028
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.ibtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 12 Apr 2022 21:23:42 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/ 		42 B
501 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-5652780-46&cid=1536796330.1649798622&jid=486138277&_u=aGBAgEAjAAAAAE~&z=134862271
Requested by
Host: www.ibtimes.com
URL: https://www.ibtimes.com/beware-new-android-banking-malware-can-take-over-your-device-spread-through-fake-apps-3469028
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.ibtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 12 Apr 2022 21:23:42 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pm-logo-dark.svg
cmp-consent-tool.privacymanager.io/latest/assets/icons/ Frame 58F0 		7 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cmp-consent-tool.privacymanager.io/latest/assets/icons/pm-logo-dark.svg
Requested by
Host: cmp-consent-tool.privacymanager.io
URL: https://cmp-consent-tool.privacymanager.io/latest/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.99.101 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-99-101.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
dc424321de67dfef7aef1c8b7a97f8e8f82b5f97913e63174fa5d0d33deaf6b4

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cmp-consent-tool.privacymanager.io/latest/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-amz-version-id
_zRXt6aGxkAc53hVZrAkFDSyUkV3PC0u
content-encoding
br
etag
W/"55a8a06f2ee98e101314f22866aad41a"
age
75042
x-amz-server-side-encryption
AES256
x-amz-meta-codebuild-buildarn
arn:aws:codebuild:eu-west-1:469675294282:build/GlobalCmpConsentTool-prod:417e39bd-029e-41e8-a838-7a23ded44720
x-cache
Hit from cloudfront
x-amz-meta-codebuild-content-md5
058e673791501a5e5fb3f26f6ba37243
last-modified
Wed, 09 Mar 2022 10:50:37 GMT
server
AmazonS3
date
Tue, 12 Apr 2022 00:49:24 GMT
vary
Accept-Encoding
x-amz-meta-codebuild-content-sha256
3cbbe80bb7efaffc7ec0f7e868b65262b416ddfd69ae29c9404a4ea9befbd85c
via
1.1 efb4ddf9650598b987ef5db782c5b530.cloudfront.net (CloudFront)
cache-control
must-revalidate,public,max-age=604800
x-amz-cf-pop
FRA60-P3
content-type
image/svg+xml
x-amz-cf-id
1Hx1R_Kx5uxBJatgcwkK1lWPIAhwlXtmc7-pWtcqR9yJA1G9Rh8GJA==
icon-chevron-left.svg
cmp-consent-tool.privacymanager.io/latest/ Frame 58F0 		441 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cmp-consent-tool.privacymanager.io/latest/icon-chevron-left.svg
Requested by
Host: cmp-consent-tool.privacymanager.io
URL: https://cmp-consent-tool.privacymanager.io/latest/styles.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.99.101 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-99-101.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
9d0c64b5cb663056b6295f677fb794d23ae3999112515beecb7c6703723f493a

Request headers

Referer
https://cmp-consent-tool.privacymanager.io/latest/styles.css
Origin
https://cmp-consent-tool.privacymanager.io
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-amz-version-id
Jt4SlNX3o4WR8xI9Ju0ifKXhWhrKA72F
via
1.1 efb4ddf9650598b987ef5db782c5b530.cloudfront.net (CloudFront)
etag
"e2760515a843a0256b4b810489b5426b"
age
548295
x-amz-server-side-encryption
AES256
x-amz-meta-codebuild-buildarn
arn:aws:codebuild:eu-west-1:469675294282:build/GlobalCmpConsentTool-prod:417e39bd-029e-41e8-a838-7a23ded44720
x-cache
Hit from cloudfront
x-amz-meta-codebuild-content-md5
058e673791501a5e5fb3f26f6ba37243
content-length
441
last-modified
Wed, 09 Mar 2022 10:50:46 GMT
server
AmazonS3
date
Sat, 09 Apr 2022 21:46:53 GMT
access-control-allow-methods
GET
x-amz-meta-codebuild-content-sha256
3cbbe80bb7efaffc7ec0f7e868b65262b416ddfd69ae29c9404a4ea9befbd85c
access-control-allow-origin
*
cache-control
must-revalidate,public,max-age=604800
x-amz-cf-pop
FRA60-P3
accept-ranges
bytes
content-type
image/svg+xml
x-amz-cf-id
gJc-tf0ufOWucIEO9OlkdgKaW60lexBSKyCD6u7DgSnWffPtTwpR9A==
open-sans-latin-700-normal.woff2
cmp-consent-tool.privacymanager.io/latest/ Frame 58F0 		16 KB
17 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://cmp-consent-tool.privacymanager.io/latest/open-sans-latin-700-normal.woff2
Requested by
Host: cmp-consent-tool.privacymanager.io
URL: https://cmp-consent-tool.privacymanager.io/latest/openSans.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.99.101 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-99-101.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
a61d67250a5c36640e22099937af31613e68d6134439d5d4329efea0372aea79

Request headers

Referer
https://cmp-consent-tool.privacymanager.io/latest/openSans.css
Origin
https://cmp-consent-tool.privacymanager.io
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-amz-version-id
KAHXUzMU6h71EUcQnrPMH09_qONDSZgu
via
1.1 efb4ddf9650598b987ef5db782c5b530.cloudfront.net (CloudFront)
etag
"875ba54801f7cf83ea70abf613fab665"
age
182118
x-amz-server-side-encryption
AES256
x-amz-meta-codebuild-buildarn
arn:aws:codebuild:eu-west-1:469675294282:build/GlobalCmpConsentTool-prod:417e39bd-029e-41e8-a838-7a23ded44720
x-cache
Hit from cloudfront
x-amz-meta-codebuild-content-md5
058e673791501a5e5fb3f26f6ba37243
content-length
16408
last-modified
Wed, 09 Mar 2022 10:50:59 GMT
server
AmazonS3
date
Sun, 10 Apr 2022 18:48:25 GMT
x-amz-meta-codebuild-content-sha256
3cbbe80bb7efaffc7ec0f7e868b65262b416ddfd69ae29c9404a4ea9befbd85c
cache-control
must-revalidate,public,max-age=604800
x-amz-cf-pop
FRA60-P3
accept-ranges
bytes
content-type
application/octet-stream
x-amz-cf-id
2j8lFoIXYI5ku-wDqbV5ZqmfNtO0GglESEo4s0N2_Av6Yqv-GbTI0Q==
open-sans-latin-600-normal.woff2
cmp-consent-tool.privacymanager.io/latest/ Frame 58F0 		16 KB
17 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://cmp-consent-tool.privacymanager.io/latest/open-sans-latin-600-normal.woff2
Requested by
Host: cmp-consent-tool.privacymanager.io
URL: https://cmp-consent-tool.privacymanager.io/latest/openSans.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.99.101 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-99-101.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
578ea33c3a1daec87277cd626647c55f3e0abd72c0673cde0fe40d4fb8fd5579

Request headers

Referer
https://cmp-consent-tool.privacymanager.io/latest/openSans.css
Origin
https://cmp-consent-tool.privacymanager.io
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-amz-version-id
vR1DSkSEKbb4uMkLPpCqAo83MOz3lgPB
via
1.1 efb4ddf9650598b987ef5db782c5b530.cloudfront.net (CloudFront)
etag
"1f577b061e6e464e2c949faee6518469"
age
57144
x-amz-server-side-encryption
AES256
x-amz-meta-codebuild-buildarn
arn:aws:codebuild:eu-west-1:469675294282:build/GlobalCmpConsentTool-prod:417e39bd-029e-41e8-a838-7a23ded44720
x-cache
Hit from cloudfront
x-amz-meta-codebuild-content-md5
058e673791501a5e5fb3f26f6ba37243
content-length
16712
last-modified
Wed, 09 Mar 2022 10:50:48 GMT
server
AmazonS3
date
Tue, 12 Apr 2022 05:31:44 GMT
access-control-allow-methods
GET
x-amz-meta-codebuild-content-sha256
3cbbe80bb7efaffc7ec0f7e868b65262b416ddfd69ae29c9404a4ea9befbd85c
access-control-allow-origin
*
cache-control
must-revalidate,public,max-age=604800
x-amz-cf-pop
FRA60-P3
accept-ranges
bytes
content-type
application/octet-stream
x-amz-cf-id
pxdLIkJYjadCAbzX7UxjhPD6Dbmz2b0dGEh9oGxnTW-DoqTD3mw73g==
5154892.js
js-na1.hs-scripts.com/ 		964 B
644 B 		Script
General
Check archive.org
Download Go to
Full URL
https://js-na1.hs-scripts.com/5154892.js
Requested by
Host: js.hs-analytics.net
URL: https://js.hs-analytics.net/analytics/1649798400000/5154892.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:d5cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d0dd5b008e83d57829b76f5baa598a6f07c80978ca0b77c48fc1a9fa9c24a30e

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.ibtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 12 Apr 2022 21:23:42 GMT
content-encoding
br
cf-cache-status
EXPIRED
last-modified
Tue, 12 Apr 2022 21:21:55 GMT
server
cloudflare
x-hubspot-correlation-id
2318a6d7-8cdb-4b2b-8326-26257fa1a637
x-trace
2B16136FDF2A36F26FD0BB7759750BDDF30E9B4704000000000000000000
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript;charset=utf-8
access-control-allow-origin
https://www.ibtimes.com
access-control-max-age
3600
cache-control
public, max-age=30
access-control-allow-credentials
true
cf-ray
6faf064e98b291e4-FRA
__ptq.gif
track.hubspot.com/ 		45 B
966 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=1541009889&v=1.1&a=5154892&rcu=https%3A%2F%2Fwww.ibtimes.com%2Fbeware-new-android-banking-malware-can-take-over-your-device-spread-through-fake-apps-3469028&pu=https%3A%2F%2Fwww.ibtimes.com%2Fbeware-new-android-banking-malware-can-take-over-your-device-spread-through-fake-apps-3469028&t=Beware%3A+New+Android+Banking+Malware+Can+Take+Over+Your+Device%2C+Spread+Through+Fake+Apps&cts=1649798622480&vi=68694392c8b10528d94223211fc87fa0&nc=true&u=190406516.68694392c8b10528d94223211fc87fa0.1649798622477.1649798622477.1649798622477.1&b=190406516.1.1649798622477&cc=15
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.ibtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 12 Apr 2022 21:23:42 GMT
vary
Accept-Encoding
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id
44c6e909-0c82-4729-b703-ba381846cdb9
cf-ray
6faf064edb8d915f-FRA
p3p
CP="NOI CUR ADM OUR NOR STA NID"
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
45
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DdFrx6muaeghccAFC6SvKsrIxkiQFSjqZn8m4pJ59Of%2FZgxwr%2FtH6cy6i0vKzJY17Z3fxPme9oc4U4qSkXBTTTLFdwShycTx%2F3bEixuMcjCtTXt4wHF%2FBtMIqBX%2Bef2kHfI2J8RpmOSzrSaZ2BxE"}],"group":"cf-nel","max_age":604800}
content-type
image/gif
cache-control
no-cache, no-store, no-transform
access-control-allow-credentials
false
x-robots-tag
none
chartbeat.js
static.chartbeat.com/js/ 		36 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.chartbeat.com/js/chartbeat.js
Requested by
Host: www.ibtimes.com
URL: https://www.ibtimes.com/beware-new-android-banking-malware-can-take-over-your-device-spread-through-fake-apps-3469028
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223c:1600:18:1fcd:34f:cdc1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
e2c28f3e8b6a2e5170859e67cff3e8240e6b888d02005306ef3d2129f5cbd74c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.ibtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 12 Apr 2022 20:26:34 GMT
content-encoding
gzip
last-modified
Thu, 10 Mar 2022 04:15:35 GMT
server
nginx
age
3428
etag
W/"62297b67-8e96"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/x-javascript
via
1.1 e9101023ffbe04130b9d4cac0cf9eebc.cloudfront.net (CloudFront)
cache-control
max-age=7200
cross-origin-resource-policy
cross-origin
x-amz-cf-pop
FRA56-P2
x-amz-cf-id
LL7hTi8zO4YGSpiSCyUhi9eL1adWtXCdw7jeKxIElZ8dk5bF9DbiyA==
expires
Tue, 12 Apr 2022 22:26:34 GMT
hub
api.pushnami.com/scripts/v1/ Frame 6369 		2 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://api.pushnami.com/scripts/v1/hub
Requested by
Host: api.pushnami.com
URL: https://api.pushnami.com/scripts/v1/pushnami-adv/5eff8cfa4b5f601334e201d0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.99.22 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-99-22.fra60.r.cloudfront.net
Software
/
Resource Hash
2843128d287da3614565182de89a84deb0e43fd049be6a4ed4d3a682bdd186c4
Security Headers
Name Value
Content-Security-Policy default-src 'unsafe-inline' *
X-Content-Security-Policy default-src 'unsafe-inline' *

Request headers

Referer
https://www.ibtimes.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-headers
X-Requested-With
access-control-allow-methods
GET,PUT,POST,DELETE
access-control-allow-origin
*
age
505
cache-control
no-cache
content-encoding
gzip
content-security-policy
default-src 'unsafe-inline' *
content-type
text/html; charset=utf-8
date
Tue, 12 Apr 2022 21:15:17 GMT
vary
accept-encoding
via
1.1 5492e1c9a06f2320204e7fcc383cff5c.cloudfront.net (CloudFront)
x-amz-cf-id
G8z5RP2IwSV6OQiItU4QzJUwesnJYWAh6wXbKM_raIYSpdi4b0ocQw==
x-amz-cf-pop
FRA60-P3
x-cache
Hit from cloudfront
x-content-security-policy
default-src 'unsafe-inline' *
x-webkit-csp
default-src 'unsafe-inline' *
cs.js
sb.scorecardresearch.com/internal-c2/default/
Redirect Chain
  • https://sb.scorecardresearch.com/c2/7922264/cs.js
  • https://sb.scorecardresearch.com/internal-c2/default/cs.js
0
349 B 		Script
General
Check archive.org
Download Go to
Full URL
https://sb.scorecardresearch.com/internal-c2/default/cs.js
Protocol
H2
Server
13.32.121.72 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-121-72.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.ibtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 12 Apr 2022 21:14:51 GMT
via
1.1 ec85113c6ed859938b3fcfa19bc035f8.cloudfront.net (CloudFront)
etag
"d41d8cd98f00b204e9800998ecf8427e"
last-modified
Mon, 01 Mar 2021 20:42:20 GMT
server
AmazonS3
age
532
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-type
application/javascript
x-amz-cf-pop
FRA60-P1
accept-ranges
bytes
content-length
0
x-amz-cf-id
_TiedhL--4a_Lqdgy8lePxRfOVjtL4ZxR2Pff-f-1sDyRrc2C2DPTg==

Redirect headers

location
/internal-c2/default/cs.js
date
Tue, 12 Apr 2022 21:23:42 GMT
via
1.1 ec85113c6ed859938b3fcfa19bc035f8.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P1
content-length
0
x-amz-cf-id
ftMAYOBUgeIAIROxe-CrIQiY4A4yiPJhsF1-F1RNxws8ntROCscM5w==
x-cache
Miss from cloudfront
psp
psp.pushnami.com/api/ 		2 B
223 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://psp.pushnami.com/api/psp
Requested by
Host: api.pushnami.com
URL: https://api.pushnami.com/scripts/v1/pushnami-adv/5eff8cfa4b5f601334e201d0
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.233.53.19 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-233-53-19.compute-1.amazonaws.com
Software
/
Resource Hash
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

accept
application/json, text/plain, */*
Referer
https://www.ibtimes.com/
key
5eff8cfa4b5f601334e201d0
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
content-type
application/x-www-form-urlencoded

Response headers

access-control-allow-origin
https://www.ibtimes.com
date
Tue, 12 Apr 2022 21:23:42 GMT
cache-control
no-cache
access-control-allow-credentials
true
content-encoding
gzip
vary
accept-encoding
content-type
text/html; charset=utf-8
psp
psp.pushnami.com/api/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://psp.pushnami.com/api/psp
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.233.53.19 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-233-53-19.compute-1.amazonaws.com
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
key
Access-Control-Request-Method
POST
Origin
https://www.ibtimes.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
key
access-control-allow-methods
POST
access-control-allow-origin
https://www.ibtimes.com
access-control-expose-headers
content-type, content-length, etag
access-control-max-age
600
cache-control
no-cache
content-encoding
gzip
content-type
application/json; charset=utf-8
date
Tue, 12 Apr 2022 21:23:42 GMT
vary
accept-encoding
ping
ping.chartbeat.net/ 		43 B
201 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ping.chartbeat.net/ping?h=ibtimes.com&p=%2Fbeware-new-android-banking-malware-can-take-over-your-device-spread-through-fake-apps-3469028&u=C-ccjOMXQshDMNpVJ&d=ibtimes.com&g=23870&g0=technology&g1=Nica%20Osorio&n=1&f=00001&c=0&x=0&m=0&y=4885&o=1600&w=1200&j=45&R=1&W=0&I=0&E=0&e=0&r=&b=3704&t=eoXiFCff9UoBFhFxtB3yf2pzO3Ha&V=129&i=Beware%3A%20New%20Android%20Banking%20Malware%20Can%20Take%20Over%20Your%20Device%2C%20Spread%20Through%20Fake%20Apps&tz=0&sn=1&sv=_f7eOBK2_-mD8VZxpBg560pD8Np3D&sd=1&im=067b2ff0&_
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.153.152.203 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-153-152-203.compute-1.amazonaws.com
Software
/
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.ibtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 12 Apr 2022 21:23:42 GMT
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
content-length
43
expires
0
one-of-japans-top-dating-apps-has-warned.jpg
s1.ibtimes.com/sites/www.ibtimes.com/files/styles/embed/public/2021/05/24/ 		59 KB
59 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s1.ibtimes.com/sites/www.ibtimes.com/files/styles/embed/public/2021/05/24/one-of-japans-top-dating-apps-has-warned.jpg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.139.128.11 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software
/
Resource Hash
097b011d68299f6d50339c44cc0a17d1fcc134d6d2a40235601fe1778e6d202d
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.ibtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 12 Apr 2022 21:23:42 GMT
x-content-type-options
nosniff
age
0
grace
none
x-cache
MISS
x-ua-device
pc
content-length
60251
last-modified
Mon, 24 May 2021 09:04:15 GMT
etag
"eb5b-5c30fb197f125"
x-hw
1649798622.cds016.fr8.hn,1649798622.cds013.fr8.c
content-type
image/jpeg
access-control-allow-origin
*
x-geoip
OTHER
cache-control
max-age=1209600, public
accept-ranges
bytes
x-cache-hits
0
css
fonts.googleapis.com/ 		21 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Roboto:300,300i,400,400i,500,500i,700,700i,900,900i&display=swap&subset=cyrillic,greek,vietnamese
Requested by
Host: client
URL: about:client
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
8dfc0ae8ecca5b8d31b22274afd2d694f14a18cdaaaeae1808c51fd6f4abe91d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.ibtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Tue, 12 Apr 2022 20:19:54 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Tue, 12 Apr 2022 21:23:42 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Tue, 12 Apr 2022 21:23:42 GMT
css
fonts.googleapis.com/ 		3 KB
700 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Open+Sans
Requested by
Host: client
URL: about:client
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
d402b35e6e0d996cc57dfb1f40a87b672f1eb4dfe0744da6d9c40b0d26592815
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.ibtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Tue, 12 Apr 2022 20:09:19 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Tue, 12 Apr 2022 21:23:42 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Tue, 12 Apr 2022 21:23:42 GMT
/
c.mgid.com/pv/ 		0
44 B 		Script
General
Check archive.org
Download Go to
Full URL
https://c.mgid.com/pv/?tcfV2=1&tcfV1=1&pv=5&cbuster=1649798622668120079438&ogtitle=Beware%3A%20New%20Android%20Banking%20Malware%20Can%20Take%20Over%20Your%20Device%2C%20Spread%20Through%20Fake%20Apps&childs=725222,863739,947807,1086935&consentData=&gdprApplies=0&uspString=1---&lct=1649203200&niet=4g&nisd=false&jsv=es6&ref=&cxurl=https%3A%2F%2Fwww.ibtimes.com%2Fbeware-new-android-banking-malware-can-take-over-your-device-spread-through-fake-apps-3469028&lu=https%3A%2F%2Fwww.ibtimes.com%2Fbeware-new-android-banking-malware-can-take-over-your-device-spread-through-fake-apps-3469028&sessionId=6255eddf-0ccf6&pageView=1&pvid=1801fa92dcc915c0164&site=48526&implVersion=11&dpr=1
Requested by
Host: jsc.mgid.com
URL: https://jsc.mgid.com/i/b/ibtimes.com.307820.es6.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.19.136.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.ibtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 12 Apr 2022 21:23:42 GMT
cf-cache-status
DYNAMIC
server
cloudflare
cf-ray
6faf064fcde15bf1-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
0
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v29/ 		15 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:300,300i,400,400i,500,500i,700,700i,900,900i&display=swap&subset=cyrillic,greek,vietnamese
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://www.ibtimes.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 06 Apr 2022 17:56:19 GMT
x-content-type-options
nosniff
age
530843
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15828
x-xss-protection
0
last-modified
Wed, 22 Sep 2021 16:13:28 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Thu, 06 Apr 2023 17:56:19 GMT
mgid_ua.svg
cdn.mgid.com/images/mgid/ 		2 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.mgid.com/images/mgid/mgid_ua.svg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.19.136.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
70d5c4de881e718d0b7638959680ba86722d44eecbe4058d20dd77b8d0d97155

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.ibtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 12 Apr 2022 21:23:42 GMT
content-encoding
br
cf-cache-status
HIT
age
4200
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id
FG3990ZGHWERAW28
x-amz-id-2
ht/HtSBJKSQOrGLlvZuaYqF6dJxITEY6JGRVTTiETq6SKu/tmGxMNYvDT2MzuZYZIs4qbDqnGZk=
last-modified
Tue, 08 Mar 2022 17:05:01 GMT
server
cloudflare
x-amz-meta-s3cmd-attrs
atime:1646759091/ctime:1646759091/gid:0/gname:root/md5:617c205137825561208ef7c1a2d8f319/mode:33206/mtime:1646759091/uid:0/uname:root
etag
W/"617c205137825561208ef7c1a2d8f319"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
public, max-age=86400
cf-ray
6faf06500e4c5bf1-FRA
expires
Wed, 13 Apr 2022 21:23:42 GMT
Adchoices.svg
cdn.mgid.com/images/logos/ 		836 B
812 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.mgid.com/images/logos/Adchoices.svg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.19.136.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7992a4430843ef8b4bbae534358be3193aa1ae9c78f273e8e8a70b6af1244ac5

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.ibtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 12 Apr 2022 21:23:42 GMT
content-encoding
br
cf-cache-status
HIT
age
5195
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id
FG38KV8M26FJED0H
x-amz-id-2
l3mAmuVjrUpypqS5VMdKU9TSK4C8/XeNHrmQdJJY1qaVIia26ovBa8AH+EEpwEVsS3UTtkQfoiM=
last-modified
Wed, 17 Feb 2021 18:15:53 GMT
server
cloudflare
x-amz-meta-s3cmd-attrs
atime:1613585745/ctime:1613585745/gid:0/gname:root/md5:7d59364b7ed2df3f02507c9f92560df9/mode:33206/mtime:1613585745/uid:0/uname:root
etag
W/"7d59364b7ed2df3f02507c9f92560df9"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
public, max-age=86400
cf-ray
6faf06500e4f5bf1-FRA
expires
Wed, 13 Apr 2022 21:23:42 GMT
1
servicer.mgid.com/307820/ 		13 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://servicer.mgid.com/307820/1?tcfV2=1&tcfV1=1&pv=5&cbuster=164979862276513002088&ogtitle=Beware%3A%20New%20Android%20Banking%20Malware%20Can%20Take%20Over%20Your%20Device%2C%20Spread%20Through%20Fake%20Apps&childs=725222,863739,947807,1086935&consentData=&gdprApplies=0&uspString=1---&lct=1649203200&niet=4g&nisd=false&jsv=es6&w=736&h=1641&maxw_7=364&maxh_7=273&cols=3&ref=&cxurl=https%3A%2F%2Fwww.ibtimes.com%2Fbeware-new-android-banking-malware-can-take-over-your-device-spread-through-fake-apps-3469028&lu=https%3A%2F%2Fwww.ibtimes.com%2Fbeware-new-android-banking-malware-can-take-over-your-device-spread-through-fake-apps-3469028&sessionId=6255eddf-0ccf6&pageView=1&pvid=1801fa92dcc915c0164&implVersion=11&dpr=1
Requested by
Host: jsc.mgid.com
URL: https://jsc.mgid.com/i/b/ibtimes.com.307820.es6.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.19.136.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c9d7d0e061ae3023822a600968cde900d60152657ea74b019df26af149087325

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.ibtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 12 Apr 2022 21:23:42 GMT
content-encoding
br
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
cf-ray
6faf06506eed5bf1-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
mgid_ua.svg
cdn.mgid.com/images/mgid/ 		2 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.mgid.com/images/mgid/mgid_ua.svg
Requested by
Host: jsc.mgid.com
URL: https://jsc.mgid.com/i/b/ibtimes.com.307820.es6.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.19.136.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
70d5c4de881e718d0b7638959680ba86722d44eecbe4058d20dd77b8d0d97155

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.ibtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 12 Apr 2022 21:23:42 GMT
content-encoding
br
cf-cache-status
HIT
age
6215
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id
FG34RV4K6FMDV6G1
x-amz-id-2
tEFXSmgkprG5Jw7iBcEcrDj5Gfr2Arr7AwwbY8NJ5BDjB4bRL9nehzAWxlrhvKW6ZW8KK7LheRI=
last-modified
Tue, 08 Mar 2022 17:05:01 GMT
server
cloudflare
x-amz-meta-s3cmd-attrs
atime:1646759091/ctime:1646759091/gid:0/gname:root/md5:617c205137825561208ef7c1a2d8f319/mode:33206/mtime:1646759091/uid:0/uname:root
etag
W/"617c205137825561208ef7c1a2d8f319"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
public, max-age=86400
cf-ray
6faf0650ba459177-FRA
expires
Wed, 13 Apr 2022 21:23:42 GMT
Adchoices.svg
cdn.mgid.com/images/logos/ 		836 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.mgid.com/images/logos/Adchoices.svg
Requested by
Host: jsc.mgid.com
URL: https://jsc.mgid.com/i/b/ibtimes.com.307820.es6.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.19.136.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7992a4430843ef8b4bbae534358be3193aa1ae9c78f273e8e8a70b6af1244ac5

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.ibtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 12 Apr 2022 21:23:42 GMT
content-encoding
br
cf-cache-status
HIT
age
51
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id
FG3F0R94819AK0XK
x-amz-id-2
7EhZ7v77SUBqZG4SmP3QHGaUmQNEvQoqbc8skzEQkltu7S81gkYpZZr/vAozukpnbKgCzFi8C08=
last-modified
Wed, 17 Feb 2021 18:15:53 GMT
server
cloudflare
x-amz-meta-s3cmd-attrs
atime:1613585745/ctime:1613585745/gid:0/gname:root/md5:7d59364b7ed2df3f02507c9f92560df9/mode:33206/mtime:1613585745/uid:0/uname:root
etag
W/"7d59364b7ed2df3f02507c9f92560df9"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
public, max-age=86400
cf-ray
6faf0650ba479177-FRA
expires
Wed, 13 Apr 2022 21:23:42 GMT
aHR0cDovL2ltZ2hvc3RzLmNvbS90ZW1wLzIwMTctMTAtMTEvMTAxOTI0LzJiNTlhYjQ1M2I3YTIxYjI3YTQwZGZlYWZhNTUxYWQ4LmpwZWc_dD0xNTA3NzM0ODcwMjM4.webp
s-img.mgid.com/g/8193510/492x277/0x0x753x502/ 		10 KB
10 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s-img.mgid.com/g/8193510/492x277/0x0x753x502/aHR0cDovL2ltZ2hvc3RzLmNvbS90ZW1wLzIwMTctMTAtMTEvMTAxOTI0LzJiNTlhYjQ1M2I3YTIxYjI3YTQwZGZlYWZhNTUxYWQ4LmpwZWc_dD0xNTA3NzM0ODcwMjM4.webp?v=1649798622-jwoETOPzPbSAAznNFNV2HzQ4zjO-sZiRpf2xuHifvT0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.19.132.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
867493575e175ffdce3a0172a462b531d435110624943a7da44fdd747711eeaf

Request headers

Referer
https://www.ibtimes.com/
Origin
https://www.ibtimes.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 12 Apr 2022 21:23:42 GMT
cf-cache-status
HIT
last-modified
Thu, 11 Nov 2021 15:53:13 GMT
x-mg-request-uuid
a410c1eb-5953-42de-afab-ea0a7a16d3e8
age
736590
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/webp
access-control-allow-origin
*
cache-control
immutable, max-age=31536000
accept-ranges
bytes
cf-ray
6faf06510d426913-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
9994
server
cloudflare
aHR0cDovL2ltZ2hvc3RzLmNvbS90LzIwMTktMDgvMTAxOTI0L2Y0NWRiNzdiOTEzYjUyNjA0YzM3MDU2ZDIyOTgxYjUyLmpwZw.webp
s-img.mgid.com/g/4045276/492x277/0x51x564x376/ 		23 KB
23 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s-img.mgid.com/g/4045276/492x277/0x51x564x376/aHR0cDovL2ltZ2hvc3RzLmNvbS90LzIwMTktMDgvMTAxOTI0L2Y0NWRiNzdiOTEzYjUyNjA0YzM3MDU2ZDIyOTgxYjUyLmpwZw.webp?v=1649798622-9nr0Rvtl4PUlLsLwIly4VSpDL6_5yKnfIkX-vkA8vWg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.19.132.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6914a7893a64c33816f496cffa3d40d7b3d89784e70271f402707de20f942c04

Request headers

Referer
https://www.ibtimes.com/
Origin
https://www.ibtimes.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 12 Apr 2022 21:23:42 GMT
cf-cache-status
HIT
last-modified
Thu, 11 Nov 2021 15:57:16 GMT
x-mg-request-uuid
46801de8-4715-4774-b56e-c420b78a7295
age
736585
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/webp
access-control-allow-origin
*
cache-control
immutable, max-age=31536000
accept-ranges
bytes
cf-ray
6faf06510d456913-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
23508
server
cloudflare
aHR0cDovL2NsLmltZ2hvc3RzLmNvbS9pbWdoL2ltYWdlL2ZldGNoL2FyXzE2OjksY19maWxsLGVfc2hhcnBlbjoxMDAsZl9qcGcsZ19mYWNlczphdXRvLHdfMTAyMC9odHRwOi8vaW1naG9zdHMuY29tL3QvMjAyMi0wMS8xMDE5MjQvMTAzMDlkZDk3NTc5YjI1M...
s-img.mgid.com/g/12581145/492x277/-/ 		12 KB
13 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s-img.mgid.com/g/12581145/492x277/-/aHR0cDovL2NsLmltZ2hvc3RzLmNvbS9pbWdoL2ltYWdlL2ZldGNoL2FyXzE2OjksY19maWxsLGVfc2hhcnBlbjoxMDAsZl9qcGcsZ19mYWNlczphdXRvLHdfMTAyMC9odHRwOi8vaW1naG9zdHMuY29tL3QvMjAyMi0wMS8xMDE5MjQvMTAzMDlkZDk3NTc5YjI1MzZjMGFmMDJhMGUzNGU0ZTYuanBlZw.webp?v=1649798622-92iHfxqyFz_SaTOKLtHpXfUlsvdWJeFALAyeHXgFWa4
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.19.132.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bc2e767c9d854b6bf59882d330d8454447932686f80a884ee31d5306bac3d8b0

Request headers

Referer
https://www.ibtimes.com/
Origin
https://www.ibtimes.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 12 Apr 2022 21:23:42 GMT
cf-cache-status
HIT
last-modified
Tue, 29 Mar 2022 09:36:17 GMT
x-mg-request-uuid
3d10d980-8f95-4ff3-917e-dedbcf66567a
age
736596
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/webp
access-control-allow-origin
*
cache-control
immutable, max-age=31536000
accept-ranges
bytes
cf-ray
6faf06510d4b6913-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
12504
server
cloudflare
aHR0cHM6Ly9zMS5pYnRpbWVzLmNvbS9zaXRlcy93d3cuaWJ0aW1lcy5jb20vZmlsZXMvc3R5bGVzL2Z1bGwvcHVibGljLzIwMjIvMDQvMTIvYXQtbGVhc3QtMTMtcGVvcGxlLXdlcmUtaW5qdXJlZC1pbi1hLmpwZw.webp
s-img.mgid.com/l/53115/492x277/-/ 		25 KB
25 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s-img.mgid.com/l/53115/492x277/-/aHR0cHM6Ly9zMS5pYnRpbWVzLmNvbS9zaXRlcy93d3cuaWJ0aW1lcy5jb20vZmlsZXMvc3R5bGVzL2Z1bGwvcHVibGljLzIwMjIvMDQvMTIvYXQtbGVhc3QtMTMtcGVvcGxlLXdlcmUtaW5qdXJlZC1pbi1hLmpwZw.webp?v=1649798622-InQ5IuM3BjDIky7KoANItmXNMZZHVO7IuQSpy8HhsHI
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.19.132.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cabdf7a3caf9045ff0a09627a16f22a04a82c5b6ed632f51571867762b0f8445

Request headers

Referer
https://www.ibtimes.com/
Origin
https://www.ibtimes.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 12 Apr 2022 21:23:42 GMT
cf-cache-status
HIT
last-modified
Tue, 12 Apr 2022 20:54:09 GMT
x-mg-request-uuid
8726ce22-2551-4cf5-9f92-b93a578addf2
age
1772
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/webp
access-control-allow-origin
*
cache-control
immutable, max-age=31536000
accept-ranges
bytes
cf-ray
6faf06510d4d6913-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
25218
server
cloudflare
aHR0cDovL2ltZ2hvc3RzLmNvbS90LzIwMTktMDcvMTAxOTI0LzBhZTA3NTNmNDk2MTc4OTFlNWQ0YTU4OTU5ZWFjMDI3LmpwZWc.webp
s-img.mgid.com/g/3885446/492x277/114x0x846x564/ 		9 KB
10 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s-img.mgid.com/g/3885446/492x277/114x0x846x564/aHR0cDovL2ltZ2hvc3RzLmNvbS90LzIwMTktMDcvMTAxOTI0LzBhZTA3NTNmNDk2MTc4OTFlNWQ0YTU4OTU5ZWFjMDI3LmpwZWc.webp?v=1649798622-YLsdcQwq5BhabcynJPkACkP6I6xzAmSBDw5qehtCynM
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.19.132.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
df4c43b9c88f5faab598e24d7573dc3b735e6084f8e605470e349b3f50f8bad3

Request headers

Referer
https://www.ibtimes.com/
Origin
https://www.ibtimes.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 12 Apr 2022 21:23:42 GMT
cf-cache-status
HIT
last-modified
Thu, 11 Nov 2021 15:56:27 GMT
x-mg-request-uuid
26897ab2-ef9e-4f25-8d32-b36de15fb68a
age
736614
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/webp
access-control-allow-origin
*
cache-control
immutable, max-age=31536000
accept-ranges
bytes
cf-ray
6faf06510d4e6913-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
9574
server
cloudflare
aHR0cDovL2ltZ2hvc3RzLmNvbS90ZW1wLzIwMTctMDYtMjIvMTAxOTI0LzBmNjE3MzQxMmZiMDJiOTMzMDdlYTVmMWJhMGMyZTExLnBuZz90PTE0OTgxNjEyNzI1NjE.webp
s-img.mgid.com/g/3805499/492x277/2x0x595x396/ 		14 KB
14 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s-img.mgid.com/g/3805499/492x277/2x0x595x396/aHR0cDovL2ltZ2hvc3RzLmNvbS90ZW1wLzIwMTctMDYtMjIvMTAxOTI0LzBmNjE3MzQxMmZiMDJiOTMzMDdlYTVmMWJhMGMyZTExLnBuZz90PTE0OTgxNjEyNzI1NjE.webp?v=1649798622-S2YHX-n8ZuIBeOhuaPBUgayFkrKq6iKC9KNVi7XAU54
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.19.132.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
719550f20344313c9f32f4fc6d9c4dee7ddf147eb9f8c9b75a32f9a024dba1da

Request headers

Referer
https://www.ibtimes.com/
Origin
https://www.ibtimes.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 12 Apr 2022 21:23:42 GMT
cf-cache-status
HIT
last-modified
Thu, 11 Nov 2021 15:57:35 GMT
x-mg-request-uuid
0a7e6cd0-d666-47d7-b385-5172e79db074
age
736591
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/webp
access-control-allow-origin
*
cache-control
immutable, max-age=31536000
accept-ranges
bytes
cf-ray
6faf06510d4f6913-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
14080
server
cloudflare
aHR0cDovL2NsLmltZ2hvc3RzLmNvbS9pbWdoL2ltYWdlL2ZldGNoL2FyXzE2OjksY19maWxsLGVfc2hhcnBlbjoxMDAsZl9qcGcsZ19mYWNlczphdXRvLHdfMTAyMC9odHRwOi8vaW1naG9zdHMuY29tL3QvMjAyMS0xMC8xMDE5MjQvN2ZiN2IwYjgwZmQyM2QwY...
s-img.mgid.com/g/11533294/492x277/-/ 		29 KB
29 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s-img.mgid.com/g/11533294/492x277/-/aHR0cDovL2NsLmltZ2hvc3RzLmNvbS9pbWdoL2ltYWdlL2ZldGNoL2FyXzE2OjksY19maWxsLGVfc2hhcnBlbjoxMDAsZl9qcGcsZ19mYWNlczphdXRvLHdfMTAyMC9odHRwOi8vaW1naG9zdHMuY29tL3QvMjAyMS0xMC8xMDE5MjQvN2ZiN2IwYjgwZmQyM2QwYjI5MTVhYTEyMDcxZjE1MGUuanBlZw.webp?v=1649798622-sbaLsm57-s79DlcztpCsI-ekTHesK9E4MAHYTLrYRIo
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.19.132.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3daaf850d14257687481c74f61386ff5e2bb7cc33bb46d92abfb1c69ade4057

Request headers

Referer
https://www.ibtimes.com/
Origin
https://www.ibtimes.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 12 Apr 2022 21:23:42 GMT
cf-cache-status
HIT
last-modified
Wed, 01 Dec 2021 12:24:04 GMT
x-mg-request-uuid
fcfad099-8341-4984-8512-c0822b496dbb
age
736587
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/webp
access-control-allow-origin
*
cache-control
immutable, max-age=31536000
accept-ranges
bytes
cf-ray
6faf06510d576913-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
29206
server
cloudflare
aHR0cDovL2ltZ2hvc3RzLmNvbS90LzIwMTktMDcvMTAxOTI0L2VhZWMxNzA1NjlkMDVhYzdhZjZkMjRkNDZlMWIyMDNjLmpwZWc.webp
s-img.mgid.com/g/3959819/492x277/0x86x1024x682/ 		8 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s-img.mgid.com/g/3959819/492x277/0x86x1024x682/aHR0cDovL2ltZ2hvc3RzLmNvbS90LzIwMTktMDcvMTAxOTI0L2VhZWMxNzA1NjlkMDVhYzdhZjZkMjRkNDZlMWIyMDNjLmpwZWc.webp?v=1649798622-JHs3yBPCBdKc3HXZxZyvsi3cKERiLW-pc99555f-igs
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.19.132.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4fbe550b77ee74326c037ac840193315da6af2ccd701865af574ee9194271486

Request headers

Referer
https://www.ibtimes.com/
Origin
https://www.ibtimes.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 12 Apr 2022 21:23:42 GMT
cf-cache-status
HIT
last-modified
Thu, 11 Nov 2021 16:00:15 GMT
x-mg-request-uuid
2a61c1cf-b752-4675-8d5c-1c6d63425d22
age
736575
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/webp
access-control-allow-origin
*
cache-control
immutable, max-age=31536000
accept-ranges
bytes
cf-ray
6faf06510d586913-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
7886
server
cloudflare
aHR0cHM6Ly9zMS5pYnRpbWVzLmNvbS9zaXRlcy93d3cuaWJ0aW1lcy5jb20vZmlsZXMvc3R5bGVzL2Z1bGwvcHVibGljLzIwMjIvMDIvMTIvd2l0aC1oaXMtc25vd3ktd2hpdGUtaGFpci1hbmQtcm91bmQtZ2xhc3Nlcy5qcGc.webp
s-img.mgid.com/l/53115/492x277/-/ 		7 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s-img.mgid.com/l/53115/492x277/-/aHR0cHM6Ly9zMS5pYnRpbWVzLmNvbS9zaXRlcy93d3cuaWJ0aW1lcy5jb20vZmlsZXMvc3R5bGVzL2Z1bGwvcHVibGljLzIwMjIvMDIvMTIvd2l0aC1oaXMtc25vd3ktd2hpdGUtaGFpci1hbmQtcm91bmQtZ2xhc3Nlcy5qcGc.webp?v=1649798622-Xm4PCa9Q3M-dP7awpH9HskAenvniOwS4cBGD4Ofx-sE
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.19.132.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dbfe380430767f6c1e9ff5852614ed99402f2fdbe02b3e83f29e4620edd3791f

Request headers

Referer
https://www.ibtimes.com/
Origin
https://www.ibtimes.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 12 Apr 2022 21:23:42 GMT
cf-cache-status
HIT
last-modified
Tue, 12 Apr 2022 20:54:10 GMT
x-mg-request-uuid
c1b3a6c0-ecbe-454d-a685-e6c3837b38a9
age
1772
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/webp
access-control-allow-origin
*
cache-control
immutable, max-age=31536000
accept-ranges
bytes
cf-ray
6faf06511d786913-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
7022
server
cloudflare
aHR0cDovL2ltZ2hvc3RzLmNvbS90LzIwMTktMTEvMTAxOTI0LzY3YjhjZTdmZTM4NjAzMzEwNjQxNDM4YTBhOGFjNGE4LmpwZWc.webp
s-img.mgid.com/g/4723168/492x277/0x0x2123x1415/ 		10 KB
10 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s-img.mgid.com/g/4723168/492x277/0x0x2123x1415/aHR0cDovL2ltZ2hvc3RzLmNvbS90LzIwMTktMTEvMTAxOTI0LzY3YjhjZTdmZTM4NjAzMzEwNjQxNDM4YTBhOGFjNGE4LmpwZWc.webp?v=1649798622-fM1HPGKvs9iuvtMHLVnhPkqIy_fWeAoF4F4CYy1uMIE
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.19.132.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3c1f0566bced65f5a341e8771aea4f0fbca483883b551c921a6f313c40f2371a

Request headers

Referer
https://www.ibtimes.com/
Origin
https://www.ibtimes.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 12 Apr 2022 21:23:42 GMT
cf-cache-status
HIT
last-modified
Thu, 11 Nov 2021 15:53:51 GMT
x-mg-request-uuid
dc6f0382-e8b9-4de1-bf86-5a9ecc0e93b7
age
736609
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/webp
access-control-allow-origin
*
cache-control
immutable, max-age=31536000
accept-ranges
bytes
cf-ray
6faf06511d7c6913-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
9738
server
cloudflare
aHR0cDovL2NsLmltZ2hvc3RzLmNvbS9pbWdoL2ltYWdlL2ZldGNoL2FyXzE2OjksY19maWxsLGVfc2hhcnBlbjoxMDAsZl9qcGcsZ19mYWNlczphdXRvLHdfMTAyMC9odHRwOi8vaW1naG9zdHMuY29tL3QvMjAyMS0xMC8xMDE5MjQvNzg5MWI1MzA3M2Q2OGUyO...
s-img.mgid.com/g/11533297/492x277/-/ 		12 KB
12 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s-img.mgid.com/g/11533297/492x277/-/aHR0cDovL2NsLmltZ2hvc3RzLmNvbS9pbWdoL2ltYWdlL2ZldGNoL2FyXzE2OjksY19maWxsLGVfc2hhcnBlbjoxMDAsZl9qcGcsZ19mYWNlczphdXRvLHdfMTAyMC9odHRwOi8vaW1naG9zdHMuY29tL3QvMjAyMS0xMC8xMDE5MjQvNzg5MWI1MzA3M2Q2OGUyODAzMGY1M2FhMjViNzhhOTEuanBlZw.webp?v=1649798622-Qe6XeJmpO-lc2Fmn4574Aw4R9craEUZ4Sedqcs3lgIE
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.19.132.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a747c61c2762926db3f5fb6b9018e2da640cad4f7bbb89aab50ec1632c9aeb78

Request headers

Referer
https://www.ibtimes.com/
Origin
https://www.ibtimes.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 12 Apr 2022 21:23:42 GMT
cf-cache-status
HIT
last-modified
Wed, 01 Dec 2021 12:23:50 GMT
x-mg-request-uuid
6bfc4de0-bed6-4a68-8f7e-c3f7256a272a
age
736614
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/webp
access-control-allow-origin
*
cache-control
immutable, max-age=31536000
accept-ranges
bytes
cf-ray
6faf06511d7e6913-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
11970
server
cloudflare
aHR0cDovL2ltZ2hvc3RzLmNvbS90ZW1wLzIwMTctMDMtMjEvMTAxOTI0LzlkOGQ4MjVjNTkxZGVkN2NmN2NhZjY3MDMwZWQyOGE3LmpwZz90PTE0OTAxMjQ3NDc5NDY.webp
s-img.mgid.com/g/3805572/492x277/0x0x492x328/ 		19 KB
19 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s-img.mgid.com/g/3805572/492x277/0x0x492x328/aHR0cDovL2ltZ2hvc3RzLmNvbS90ZW1wLzIwMTctMDMtMjEvMTAxOTI0LzlkOGQ4MjVjNTkxZGVkN2NmN2NhZjY3MDMwZWQyOGE3LmpwZz90PTE0OTAxMjQ3NDc5NDY.webp?v=1649798622-_wH4rzQdsNGGqjnxnXceypogo7SHKQiqKGIhM-HpM6o
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.19.132.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
470185b160d2eefe617771e3a008f8e9d637c268b36a73c2575807a431b75476

Request headers

Referer
https://www.ibtimes.com/
Origin
https://www.ibtimes.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 12 Apr 2022 21:23:42 GMT
cf-cache-status
HIT
last-modified
Thu, 11 Nov 2021 15:49:45 GMT
x-mg-request-uuid
8b9cc76f-ddce-43d0-b98b-663296b7a6c7
age
736609
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/webp
access-control-allow-origin
*
cache-control
immutable, max-age=31536000
accept-ranges
bytes
cf-ray
6faf06511d816913-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
19486
server
cloudflare
aHR0cDovL2NsLmltZ2hvc3RzLmNvbS9pbWdoL2ltYWdlL2ZldGNoL2FyXzE2OjksY19maWxsLGVfc2hhcnBlbjoxMDAsZl9qcGcsZ19mYWNlczphdXRvLHdfMTAyMC9odHRwOi8vaW1naG9zdHMuY29tL3QvMjAyMS0xMi8xMDE5MjQvNDU5YTg4OTFiODE0MmNhO...
s-img.mgid.com/g/12578210/492x277/-/ 		4 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s-img.mgid.com/g/12578210/492x277/-/aHR0cDovL2NsLmltZ2hvc3RzLmNvbS9pbWdoL2ltYWdlL2ZldGNoL2FyXzE2OjksY19maWxsLGVfc2hhcnBlbjoxMDAsZl9qcGcsZ19mYWNlczphdXRvLHdfMTAyMC9odHRwOi8vaW1naG9zdHMuY29tL3QvMjAyMS0xMi8xMDE5MjQvNDU5YTg4OTFiODE0MmNhODg2NjM1NGQ4MGUyMzRmMTgucG5n.webp?v=1649798622-gre0oPkdkTQQroT6UNy1DRyIPEOH0iNHZkhex_R-dHw
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.19.132.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
473deceb7eb2bffe40df5b6542546b9f193414f08416dcbfad263a793b569f46

Request headers

Referer
https://www.ibtimes.com/
Origin
https://www.ibtimes.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 12 Apr 2022 21:23:42 GMT
cf-cache-status
HIT
last-modified
Tue, 29 Mar 2022 06:54:43 GMT
x-mg-request-uuid
7ed8acd5-c28f-4094-ad01-6df8401737b9
age
736580
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/webp
access-control-allow-origin
*
cache-control
immutable, max-age=31536000
accept-ranges
bytes
cf-ray
6faf06511d836913-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
4502
server
cloudflare
aHR0cDovL2ltZ2hvc3RzLmNvbS90ZWFzZXIvMjAxOS0wMi0xOS8xMDE5MjQvZjAzZmVjNjI3Y2Y1YTQ5Yjc3YTQ4ODQzZjAxODU5M2MuanBlZz90PTE1NTA1ODU2Njg0NDk.webp
s-img.mgid.com/g/8193515/492x277/0x37x838x558/ 		11 KB
11 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s-img.mgid.com/g/8193515/492x277/0x37x838x558/aHR0cDovL2ltZ2hvc3RzLmNvbS90ZWFzZXIvMjAxOS0wMi0xOS8xMDE5MjQvZjAzZmVjNjI3Y2Y1YTQ5Yjc3YTQ4ODQzZjAxODU5M2MuanBlZz90PTE1NTA1ODU2Njg0NDk.webp?v=1649798622-uZiwMkuPZfti94Wxz0knpEIhfnHG5TU4EIEBcp5ckQo
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.19.132.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3711e6c00ac4b4dabd15b357da4c5612c3069122579bf94eecbc50d8774257f

Request headers

Referer
https://www.ibtimes.com/
Origin
https://www.ibtimes.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 12 Apr 2022 21:23:42 GMT
cf-cache-status
HIT
last-modified
Thu, 11 Nov 2021 15:50:19 GMT
x-mg-request-uuid
f4757f76-d14f-44c8-b8c7-7725823d904a
age
736593
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/webp
access-control-allow-origin
*
cache-control
immutable, max-age=31536000
accept-ranges
bytes
cf-ray
6faf06511d866913-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
11128
server
cloudflare
aHR0cDovL2ltZ2hvc3RzLmNvbS90LzIwMjAtMDgvMTAxOTI0Lzg2YTNkZjdmZjY4NjYyMDRhNDRjM2YyODkxNmFhYWQ5LnBuZw.webp
s-img.mgid.com/g/6946112/492x277/0x0x1025x683/ 		35 KB
35 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s-img.mgid.com/g/6946112/492x277/0x0x1025x683/aHR0cDovL2ltZ2hvc3RzLmNvbS90LzIwMjAtMDgvMTAxOTI0Lzg2YTNkZjdmZjY4NjYyMDRhNDRjM2YyODkxNmFhYWQ5LnBuZw.webp?v=1649798622-peZI5A-jHZpaGOO4uoaDdskDyNiqUDikdQRUtJs_kdo
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.19.132.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a5a893aa6033fdbfff1ee05417db7f6856987e871b519f8b833fd163d03c23f6

Request headers

Referer
https://www.ibtimes.com/
Origin
https://www.ibtimes.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 12 Apr 2022 21:23:42 GMT
cf-cache-status
HIT
last-modified
Thu, 11 Nov 2021 15:54:16 GMT
x-mg-request-uuid
80bfa83f-ce5a-4848-a0b0-a9e5b711b193
age
736597
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/webp
access-control-allow-origin
*
cache-control
immutable, max-age=31536000
accept-ranges
bytes
cf-ray
6faf06511d886913-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
35508
server
cloudflare
int_exchange_wages_ad.svg
cdn.mgid.com/images/mgid/ 		1 KB
991 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.mgid.com/images/mgid/int_exchange_wages_ad.svg
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.19.136.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
096a4bb9d7f8588a8520d57f103bdf0dae273af88fc0265371124c048bff7b05

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.ibtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 12 Apr 2022 21:23:42 GMT
content-encoding
br
cf-cache-status
HIT
age
3686
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id
FG314FBY34F9SQT3
x-amz-id-2
w3XE/4rB52NECD1R1i6L6dnogE7JQ9PyovEAeQWlEmnQO1kyIT/DwzXhDMk33l3ZDZyz+7AFLSU=
last-modified
Mon, 04 May 2020 12:16:53 GMT
server
cloudflare
etag
W/"37346cd2daeeec771e8ffe3a34ef43ea"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
public, max-age=86400
cf-ray
6faf0650da889177-FRA
expires
Wed, 13 Apr 2022 21:23:42 GMT
i.js
cm.mgid.com/ 		1 KB
767 B 		Script
General
Check archive.org
Download Go to
Full URL
https://cm.mgid.com/i.js?&cbuster=1649798622864219529393&consentData=&gdprApplies=0&uspString=1---
Requested by
Host: jsc.mgid.com
URL: https://jsc.mgid.com/i/b/ibtimes.com.307820.es6.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.19.136.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
01fd695e0d1d62b6f6965f4f45a0eb8a69d1a503987e646fb7021d8c8e981f57

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.ibtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 12 Apr 2022 21:23:42 GMT
content-encoding
br
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
cache-control
no-store, no-cache, must-revalidate, max-age=0
cf-ray
6faf06510ffe5bf1-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
i-noref.js
cm.mgid.com/ Frame 1FA6 		0
36 B 		Script
General
Check archive.org
Download Go to
Full URL
https://cm.mgid.com/i-noref.js?cbuster=1649798622881220408442&consentData=&gdprApplies=0&uspString=1---
Requested by
Host: jsc.mgid.com
URL: https://jsc.mgid.com/i/b/ibtimes.com.307820.es6.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.19.136.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 12 Apr 2022 21:23:42 GMT
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cache-control
no-store, no-cache, must-revalidate, max-age=0
cf-ray
6faf0651080b5bf1-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
a
aux.fqtag.com/aux/ 		0
10 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://aux.fqtag.com/aux/a
Requested by
Host: cdn.fqtag.com
URL: https://cdn.fqtag.com/1.27.339-ccfb11a/pixel.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2600:1901:0:298e:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.ibtimes.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain; charset=UTF-8

Response headers

access-control-allow-origin
*
date
Tue, 12 Apr 2022 21:23:42 GMT
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
match
s.pubmine.com/
Redirect Chain
  • https://x.bidswitch.net/sync?dsp_id=303&user_id=m3cGwraYNZne
  • https://x.bidswitch.net/ul_cb/sync?dsp_id=303&user_id=m3cGwraYNZne
  • https://s.pubmine.com/match?bidder_id=1&external_user_id=1d7650e5-2594-4528-8498-907c7bb0560f&ssp_data=&gdpr=&gdpr_consent=
43 B
286 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.pubmine.com/match?bidder_id=1&external_user_id=1d7650e5-2594-4528-8498-907c7bb0560f&ssp_data=&gdpr=&gdpr_consent=
Protocol
HTTP/1.1
Server
63.33.106.135 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-63-33-106-135.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.ibtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date
Tue, 12 Apr 2022 21:23:43 GMT
Cache-Control
no-cache, no-store, must-revalidate
Server
nginx
Connection
keep-alive
Content-Encoding
gzip
Transfer-Encoding
chunked
Content-Type
image/gif

Redirect headers

Location
//s.pubmine.com/match?bidder_id=1&external_user_id=1d7650e5-2594-4528-8498-907c7bb0560f&ssp_data=&gdpr=&gdpr_consent=
Date
Tue, 12 Apr 2022 21:23:43 GMT
Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Content-Length
0
m
cm.mgid.com/
Redirect Chain
  • https://ad.360yield.com/server_match?partner_id=1944&r=https%3A%2F%2Fcm.mgid.com%2Fm%3Fcdsp%3D665953%26c%3D%7BPUB_USER_ID%7D
  • https://ad.360yield.com/ul_cb/server_match?partner_id=1944&r=https%3A%2F%2Fcm.mgid.com%2Fm%3Fcdsp%3D665953%26c%3D%7BPUB_USER_ID%7D
  • https://cm.mgid.com/m?cdsp=665953&c=365d1e09-e9cc-44d7-b79e-c025be1b0687
43 B
414 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.mgid.com/m?cdsp=665953&c=365d1e09-e9cc-44d7-b79e-c025be1b0687
Protocol
H3
Server
104.19.136.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.ibtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 12 Apr 2022 21:23:43 GMT
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type
image/gif
cache-control
no-store, no-cache, must-revalidate, max-age=0
cf-ray
6faf0652df709177-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
43

Redirect headers

location
https://cm.mgid.com/m?cdsp=665953&c=365d1e09-e9cc-44d7-b79e-c025be1b0687
date
Tue, 12 Apr 2022 21:23:43 GMT
access-control-allow-origin
*
content-type
text/plain
content-length
0
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
google
cm.mgid.com/
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=marketgid&google_cm=&google_ula={guid}&google_hm=bTNjR3dyYVlOWm5l&muidn=m3cGwraYNZne
  • https://cm.g.doubleclick.net/pixel?google_nid=marketgid&google_cm=&google_ula={guid}&google_hm=bTNjR3dyYVlOWm5l&muidn=m3cGwraYNZne&google_tc=
  • https://cm.mgid.com/google?muidn=m3cGwraYNZne&google_ula={guid},5&google_gid=CAESEHh0lAwN08dOWb4-jhr_0RA&google_cver=1
0
187 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.mgid.com/google?muidn=m3cGwraYNZne&google_ula={guid},5&google_gid=CAESEHh0lAwN08dOWb4-jhr_0RA&google_cver=1
Protocol
H3
Server
104.19.136.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.ibtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 12 Apr 2022 21:23:43 GMT
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type
text/plain
cf-ray
6faf06545aa69177-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
0

Redirect headers

pragma
no-cache
date
Tue, 12 Apr 2022 21:23:43 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://cm.mgid.com/google?muidn=m3cGwraYNZne&google_ula={guid},5&google_gid=CAESEHh0lAwN08dOWb4-jhr_0RA&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
327
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
sync.php
pixel.rubiconproject.com/exchange/ 		0
239 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.rubiconproject.com/exchange/sync.php?p=mgid
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
69.173.144.165 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.ibtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost
a66cbf3142c6ef39e3614b84a34262cf
Content-Type
image/gif
m
cm.mgid.com/
Redirect Chain
  • https://creativecdn.com/cm-notify?pi=mgid
  • https://creativecdn.com/cm-notify?pi=mgid&tc=1
  • https://cm.mgid.com/m?cdsp=501037&c=CDGpYeKQOSY9UXYiIIDN&pi=mgid&tc=1
43 B
414 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.mgid.com/m?cdsp=501037&c=CDGpYeKQOSY9UXYiIIDN&pi=mgid&tc=1
Protocol
H3
Server
104.19.136.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.ibtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 12 Apr 2022 21:23:43 GMT
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type
image/gif
cache-control
no-store, no-cache, must-revalidate, max-age=0
cf-ray
6faf06526e5e9177-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
43

Redirect headers

location
https://cm.mgid.com/m?cdsp=501037&c=CDGpYeKQOSY9UXYiIIDN&pi=mgid&tc=1
pragma
no-cache
date
Tue, 12 Apr 2022 21:23:43 GMT, Tue, 12 Apr 2022 21:23:43 GMT
cache-control
no-cache, no-store, must-revalidate, private, max-age=0
content-length
0
expires
Thu, 01 Jan 1970 00:00:00 GMT
m
cm.mgid.com/
Redirect Chain
  • https://x.bidswitch.net/sync?ssp=mgid
  • https://x.bidswitch.net/ul_cb/sync?ssp=mgid
  • https://sonata-notifications.taptapnetworks.com/web/cookie/bidswitch/sync?bidswitch_ssp_id=mgid&bsw_custom_parameter=1d7650e5-2594-4528-8498-907c7bb0560f&gdpr=&gdpr_consent=&gdpr_pd=
  • https://x.bidswitch.net/sync?dsp_id=413&ssp=mgid&user_id=csonata_99e4ec82-0a24-4f92-9417-59f855fb4e38&bsw_param=1d7650e5-2594-4528-8498-907c7bb0560f&expires=10
  • https://cm.mgid.com/m?cdsp=433145&c=1d7650e5-2594-4528-8498-907c7bb0560f&gdpr=&gdpr_consent=&us_privacy=
43 B
446 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.mgid.com/m?cdsp=433145&c=1d7650e5-2594-4528-8498-907c7bb0560f&gdpr=&gdpr_consent=&us_privacy=
Protocol
H3
Server
104.19.136.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.ibtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 12 Apr 2022 21:23:44 GMT
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type
image/gif
cache-control
no-store, no-cache, must-revalidate, max-age=0
cf-ray
6faf0658cced9177-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
43

Redirect headers

Location
//cm.mgid.com/m?cdsp=433145&c=1d7650e5-2594-4528-8498-907c7bb0560f&gdpr=&gdpr_consent=&us_privacy=
Date
Tue, 12 Apr 2022 21:23:44 GMT
Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Content-Length
0
sync.php
pixel.rubiconproject.com/exchange/
Redirect Chain
  • https://sync.e-volution.ai/34b9aae5baa016b251b9fc488f4a97cd.gif?puid=m3cGwraYNZne
  • https://ssbsync.smartadserver.com/api/sync?callerId=24&gdpr=0&gdpr_consent=&us_privacy=
  • https://sync.e-volution.ai/a02d62607dea0c97e41ff36ebd422945.gif?puid=2672647737883558751&gdpr=0&gdpr_consent=
  • https://pixel.rubiconproject.com/exchange/sync.php?p=pbs-pashadv&gdpr=0&gdpr_consent=&us_privacy=
0
239 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.rubiconproject.com/exchange/sync.php?p=pbs-pashadv&gdpr=0&gdpr_consent=&us_privacy=
Protocol
HTTP/1.1
Server
69.173.144.165 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.ibtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost
a66cbf3142c6ef39e3614b84a34262cf
Content-Type
image/gif

Redirect headers

Pragma
no-cache
Date
Tue, 12 Apr 2022 21:23:43 GMT
Server
nginx
Transfer-Encoding
chunked
Location
https://pixel.rubiconproject.com/exchange/sync.php?p=pbs-pashadv&gdpr=0&gdpr_consent=&us_privacy=
Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Expires
0
m
cm.mgid.com/
Redirect Chain
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=omn67hl&ttd_tpi=1
  • https://match.adsrvr.org/track/cmb/generic?ttd_pid=omn67hl&ttd_tpi=1
  • https://cm.mgid.com/m?cdsp=371158&c=e66d38a0-d6a9-4685-b8ac-ad4c862a2a6f&ttl=1652390623
43 B
414 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.mgid.com/m?cdsp=371158&c=e66d38a0-d6a9-4685-b8ac-ad4c862a2a6f&ttl=1652390623
Protocol
H3
Server
104.19.136.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.ibtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 12 Apr 2022 21:23:43 GMT
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type
image/gif
cache-control
no-store, no-cache, must-revalidate, max-age=0
cf-ray
6faf0652df719177-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
43

Redirect headers

pragma
no-cache
date
Tue, 12 Apr 2022 21:23:43 GMT
x-aspnet-version
4.0.30319
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location
https://cm.mgid.com/m?cdsp=371158&c=e66d38a0-d6a9-4685-b8ac-ad4c862a2a6f&ttl=1652390623
cache-control
private,no-cache, must-revalidate
content-type
text/html
content-length
205
m
cm.mgid.com/
Redirect Chain
  • https://t.adx.opera.com/pub/sync?pubid=pub6103523253312
  • https://ib.adnxs.com/getuid?https%3A%2F%2Ft.adx.opera.com%2Fsync%3Fvendor%3D60141%26uid%3D%24UID
  • https://t.adx.opera.com/sync?vendor=60141&uid=6406053966499447073
  • https://creativecdn.com/cm-notify?pi=opera
  • https://t.adx.opera.com/sync?vendor=60039&uid=CDGpYeKQOSY9UXYiIIDN&pi=opera
  • https://eb2.3lift.com/getuid?redir=https%3A%2F%2Ft.adx.opera.com%2Fsync%3Fvendor%3D60124%26uid%3D$UID
  • https://eb2.3lift.com/getuid?ld=1&gdpr=1&cmp_cs=&us_privacy=&redir=https%3A%2F%2Ft.adx.opera.com%2Fsync%3Fvendor%3D60124%26uid%3D%24UID
  • https://t.adx.opera.com/sync?vendor=60124&uid=3341262232987407313122
  • https://an.yandex.ru/mapuid/operacom/
  • https://an.yandex.ru/mapuid/operacom/?redir-setuniq=1
  • https://t.adx.opera.com/sync?vendor=60143&uid=2D6F6294C28E58A9
  • https://ups.analytics.yahoo.com/ups/58484/occ
  • https://ups.analytics.yahoo.com/ups/58484/occ?verify=true
  • https://t.adx.opera.com/sync?vendor=60112&uid=y-A7krQz5E2uEwKDvnePlcTIRwg7DuykDfmQbatGc-~A
  • https://cm.mgid.com/m?cdsp=528163&c=bcc1df01936740e697673c4500f022ef
43 B
430 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.mgid.com/m?cdsp=528163&c=bcc1df01936740e697673c4500f022ef
Protocol
H3
Server
104.19.136.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.ibtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 12 Apr 2022 21:23:43 GMT
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type
image/gif
cache-control
no-store, no-cache, must-revalidate, max-age=0
cf-ray
6faf0657396e9177-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
43

Redirect headers

pragma
no-cache
date
Tue, 12 Apr 2022 21:23:43 GMT
server
Tengine
access-control-allow-origin
*
access-control-allow-methods
POST, GET
content-type
text/html; charset=utf-8
location
https://cm.mgid.com/m?cdsp=528163&c=bcc1df01936740e697673c4500f022ef
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
access-control-allow-headers
Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, accept, origin, Cache-Control, X-Requested-With
content-length
95
expires
Mon, 01 Jan 1990 00:00:00 GMT
mw
mwzeom.zeotap.com/ 		95 B
456 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mwzeom.zeotap.com/mw?cid=m3cGwraYNZne&zpartnerid=1532&zdid=1532
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:db6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.ibtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 12 Apr 2022 21:23:43 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin
content-type
image/png
access-control-allow-origin
https://www.ibtimes.com
access-control-allow-credentials
true
cf-ray
6faf06522c069a3c-FRA
access-control-allow-headers
*
content-length
95
/
cm.idealmedia.io/setmuidn/ 		0
173 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.idealmedia.io/setmuidn/?muidf=m3cGwraYNZne
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.221.74 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.ibtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 12 Apr 2022 21:23:43 GMT
cf-cache-status
DYNAMIC
server
cloudflare
cf-ray
6faf06534d089bf2-FRA
content-length
0
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type
image/gif
m
cm.mgid.com/
Redirect Chain
  • https://rtb-usw.mfadsrvr.com/sync?ssp=mgid
  • https://rtb-usw.mfadsrvr.com/ul_cb/sync?ssp=mgid
  • https://cm.mgid.com/m?cdsp=287839&c=0c9e0ff7-3912-4830-9ded-4b9435c97638
43 B
462 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.mgid.com/m?cdsp=287839&c=0c9e0ff7-3912-4830-9ded-4b9435c97638
Protocol
H3
Server
104.19.136.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.ibtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 12 Apr 2022 21:23:44 GMT
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type
image/gif
cache-control
no-store, no-cache, must-revalidate, max-age=0
cf-ray
6faf065aa9209177-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
43

Redirect headers

location
//cm.mgid.com/m?cdsp=287839&c=0c9e0ff7-3912-4830-9ded-4b9435c97638
date
Tue, 12 Apr 2022 21:23:44 GMT
cache-control
no-cache, no-store, must-revalidate
alt-svc
clear
content-length
0
via
1.1 google
rb_bf70638ctp
www.ibt-mail.com/ Frame F74A 		146 B
461 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.ibt-mail.com/rb_bf70638ctp?type=js3&flavor=post&vi=RPTHCPAWDOKEVHPCSRPFGKBRKHEIMHNM-0&modifiedSince=1649335271446&rf=https%3A%2F%2Fwww.ibt-mail.com%2Fsite2%2Fibts_fast_start%2F%3Fu%3DB%26webforms_id%3DZ%26v%3D0&bp=3&app=ea7c4b59f27d43eb&crc=2908681285&en=rd0m6seg&end=1
Requested by
Host: www.ibt-mail.com
URL: https://www.ibt-mail.com/ruxitagentjs_ICA27QVfgjqrux_10237220328075400.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.160.77.202 , United States, ASN46469 (GETRESPONSE-IMPLIX, US),
Reverse DNS
mta-1.ibt-mail.com
Software
nginx /
Resource Hash
6facdabef48b535013f3d249c98cff445e7e23c2936e6bccbf18219c916f8cd2

Request headers

Referer
https://www.ibt-mail.com/site2/ibts_fast_start/?u=B&webforms_id=Z&v=0
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

Date
Tue, 12 Apr 2022 21:23:43 GMT
Server
nginx
Connection
keep-alive
Content-Length
146
Content-Type
text/plain; charset=utf-8
56
check.analytics.rlcdn.com/check/ 		25 B
383 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://check.analytics.rlcdn.com/check/56
Requested by
Host: s1.ibtimes.com
URL: https://s1.ibtimes.com/sites/all/modules/modules-custom/fusion/fusion_ads/js/prebid.min.js?v=6.3
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.7.24 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-7-24.fra56.r.cloudfront.net
Software
/
Resource Hash
8a9ba7bbc88ec23d81a2d63845638a3b6603de473261872f301803cef84ef335

Request headers

Referer
https://www.ibtimes.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain

Response headers

date
Tue, 12 Apr 2022 21:23:43 GMT
via
1.1 fb5610ec56d3f427bcbcfdd851770614.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P6
x-amzn-requestid
42ce5d6a-2b86-4331-9883-e52f710ccf5f
x-cache
Miss from cloudfront
content-type
application/json
access-control-allow-origin
*
x-amzn-trace-id
Root=1-6255eddf-17ec86ac1a90cbc63106d84c
x-amz-apigw-id
QfIbAFXPjoEFmoQ=
content-length
25
x-amz-cf-id
ccG-fcwI5I-1DRbYZBnt3zXAXjKc0AH95Ue2V-LcMK_EHf_Vvy0Utg==
truncated
/ Frame F74A 		347 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
e9d1f6190914eae46fb2b3bc704dfe6a078c00105f7a13c757d8a53ef3e34040

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Content-Type
image/svg+xml
5e373759-92af-4c48-953e-059c7db110ca.png
multimedia.ibt-mail.com/ibt-B/photos/ Frame F74A 		14 KB
14 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://multimedia.ibt-mail.com/ibt-B/photos/5e373759-92af-4c48-953e-059c7db110ca.png
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
69.16.175.42 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
hwcdn.net
Software
/
Resource Hash
38adabd09019884f9d25b4251048d2e510374f6cd996dd5a19f118b4414f8c52
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.ibt-mail.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 12 Apr 2022 21:23:43 GMT
x-unique-id
978B5673:E34E_68A04040:01BB_60AFB556_237D857:47A2
last-modified
Tue, 04 May 2021 06:11:59 GMT
x-amz-request-id
917738R5K0E6TN2M
etag
"e483ef493d91c7d82b1aa4234befbc75"
strict-transport-security
max-age=63072000; includeSubDomains
x-hw
1649798623.dop235.fr8.t,1649798623.cds207.fr8.hn,1649798623.cds276.fr8.c
content-type
image/png
cache-control
max-age=3865335
content-length
14317
accept-ranges
bytes
x-amz-version-id
K1zePmV90zPbuAxjYk0WBZd2.8rQ8MEU
x-amz-id-2
fQaFnc/MF+l4B0cI4OVHWgRszCIXdZXxsg0do2BptApFbVZ77MbDk+1s0YlNMd7sA9j5+6kDMag=
6849b256-5e6a-441c-9dca-0fc11e52f0c5.jpg
multimedia.ibt-mail.com/ibt-B/photos/ Frame F74A 		2 MB
2 MB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://multimedia.ibt-mail.com/ibt-B/photos/6849b256-5e6a-441c-9dca-0fc11e52f0c5.jpg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
69.16.175.42 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
hwcdn.net
Software
/
Resource Hash
084b4c07759cbb44f702d52816a773e8c562a6a287bc177a011519a852af4bb0
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.ibt-mail.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 12 Apr 2022 21:23:43 GMT
x-unique-id
978B5609:4026_68A04040:01BB_60AFB556_2848581:47A1
last-modified
Tue, 04 May 2021 06:12:38 GMT
x-amz-request-id
9174YWHWWNJ7JAAB
etag
"70a21c6e956e58702d2ae6ada39c76c1"
strict-transport-security
max-age=63072000; includeSubDomains
x-hw
1649798623.dop235.fr8.t,1649798623.cds207.fr8.hn,1649798623.cds207.fr8.c
content-type
image/jpeg
cache-control
max-age=3865335
content-length
2067940
accept-ranges
bytes
x-amz-version-id
.liRMQ.JWD3Wv..pnY7bDoUpWyBBrtE6
x-amz-id-2
88eNS+Cwq5wLONBkvpQ0Y1tqcKeRNakW1WaqjZrnPaGNU5tmJs5O1SG0IPa5UhPH4XtipJWXRAc=
envelope
api.rlcdn.com/api/identity/ 		44 B
328 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.rlcdn.com/api/identity/envelope?pid=56
Requested by
Host: s1.ibtimes.com
URL: https://s1.ibtimes.com/sites/all/modules/modules-custom/fusion/fusion_ads/js/prebid.min.js?v=6.3
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.133.55 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
55.133.120.34.bc.googleusercontent.com
Software
/
Resource Hash
da45962a1fb4a049c9367ebe9b1b628f071d7a4c9997ee807c01d23f4866e19c
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.ibtimes.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain

Response headers

date
Tue, 12 Apr 2022 21:23:44 GMT
via
1.1 google
x-content-type-options
nosniff
access-control-allow-headers
Accept, Authorization, Content-Type, Cookie, Origin, X-Requested-With
access-control-allow-methods
GET, OPTIONS
content-type
text/plain; charset=utf-8
access-control-allow-origin
https://www.ibtimes.com
access-control-allow-credentials
true
alt-svc
clear
content-length
44
check.html
biddr.brealtime.com/ Frame FAAA 		926 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://biddr.brealtime.com/check.html
Requested by
Host: s1.ibtimes.com
URL: https://s1.ibtimes.com/sites/all/modules/modules-custom/fusion/fusion_ads/js/prebid.min.js?v=6.3
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.17.120.107 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
868a78df4f3d0a21f89c48ccc709df44d3875f5fb33e22bf51ca8b5c28be4202

Request headers

Referer
https://www.ibtimes.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Age
3239
CF-Cache-Status
HIT
CF-RAY
6faf065d2ecf9b49-FRA
Cache-Control
public, max-age=3600
Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html
Date
Tue, 12 Apr 2022 21:23:44 GMT
Expect-CT
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Expires
Tue, 12 Apr 2022 22:23:44 GMT
Last-Modified
Tue, 08 Sep 2020 13:51:51 GMT
Server
cloudflare
Transfer-Encoding
chunked
Vary
Accept-Encoding
x-amz-id-2
D8bCfiUfQmFaOPGY9GG00VqkPR8LyxoPPUMDv8kTzcs2w4+RBsqydpo2MRUbL19ONaisLRL7BCw=
x-amz-request-id
AGCHCGNC05GTWZVJ
ixmatch.html
js-sec.indexww.com/um/ Frame 0DA5 		3 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://js-sec.indexww.com/um/ixmatch.html
Requested by
Host: s1.ibtimes.com
URL: https://s1.ibtimes.com/sites/all/modules/modules-custom/fusion/fusion_ads/js/prebid.min.js?v=6.3
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.35.236.247 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-236-247.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
7c3b96f238042f73d0bedf5877fa02eb834e89649bbd122e2f10cc35238173cf

Request headers

Referer
https://www.ibtimes.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Connection
keep-alive
Content-Encoding
gzip
Content-Length
1388
Content-Type
text/html; charset=UTF-8
Date
Tue, 12 Apr 2022 21:23:44 GMT
ETag
"e20015-b6b-5d84d0db0c30a"
Last-Modified
Fri, 18 Feb 2022 16:05:37 GMT
P3P
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Server
Apache
Vary
Accept-Encoding
usync.html
eus.rubiconproject.com/ Frame 3B7A 		281 B
554 B 		Document
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.html
Requested by
Host: s1.ibtimes.com
URL: https://s1.ibtimes.com/sites/all/modules/modules-custom/fusion/fusion_ads/js/prebid.min.js?v=6.3
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.205.235.133 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-205-235-133.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer
https://www.ibtimes.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Connection
keep-alive
Content-Encoding
gzip
Content-Length
233
Content-Type
text/html; charset=UTF-8
Date
Tue, 12 Apr 2022 21:23:44 GMT
ETag
"402b2-119-5d32342a551c0"
Last-Modified
Tue, 14 Dec 2021 23:07:59 GMT
Server
Apache/2.2.15 (CentOS)
Vary
Accept-Encoding
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 5D0C 		15 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158003
Requested by
Host: s1.ibtimes.com
URL: https://s1.ibtimes.com/sites/all/modules/modules-custom/fusion/fusion_ads/js/prebid.min.js?v=6.3
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.35.236.201 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-236-201.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152

Request headers

Referer
https://www.ibtimes.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
cache-control
max-age=104218
content-encoding
gzip
content-length
5549
content-type
text/html; charset=UTF-8
date
Tue, 12 Apr 2022 21:23:44 GMT
etag
"1300708-3de4-5d6ef246ef4cf"
expires
Thu, 14 Apr 2022 02:20:42 GMT
last-modified
Tue, 01 Feb 2022 06:38:00 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
Apache/2.2.15 (CentOS)
vary
Accept-Encoding
async_usersync.html
acdn.adnxs.com/dmp/ Frame 7894 		52 KB
17 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://acdn.adnxs.com/dmp/async_usersync.html
Requested by
Host: s1.ibtimes.com
URL: https://s1.ibtimes.com/sites/all/modules/modules-custom/fusion/fusion_ads/js/prebid.min.js?v=6.3
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.1.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Referer
https://www.ibtimes.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Access-Control-Allow-Origin
*
Age
57731
Cache-Control
max-age=86402
Connection
keep-alive
Content-Encoding
gzip
Content-Length
17053
Content-Type
text/html
Date
Tue, 12 Apr 2022 21:23:44 GMT
ETag
W/"623de86a-cf34"
Expires
Thu, 07 Apr 2022 05:21:24 GMT
Last-Modified
Fri, 25 Mar 2022 16:06:02 GMT
Server
nginx/1.18.0 (Ubuntu)
Vary
Accept-Encoding
Via
1.1 varnish, 1.1 varnish
X-Cache
HIT, HIT
X-Cache-Hits
3, 1101409
X-Served-By
cache-lga21973-LGA, cache-hhn4042-HHN
X-Timer
S1649798625.816579,VS0,VE0
pd
u.openx.net/w/1.0/ Frame 803B 		0
35 B 		Document
General
Check archive.org
Download Go to
Full URL
https://u.openx.net/w/1.0/pd
Requested by
Host: s1.ibtimes.com
URL: https://s1.ibtimes.com/sites/all/modules/modules-custom/fusion/fusion_ads/js/prebid.min.js?v=6.3
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
8.159.244.35.bc.googleusercontent.com
Software
OXGW/18.0.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.ibtimes.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding
gzip
content-length
20
content-type
text/html
date
Tue, 12 Apr 2022 21:23:44 GMT
server
OXGW/18.0.0
vary
Accept, Accept-Encoding
via
1.1 google
sync_iframe
sync.bfmio.com/ Frame 21AA 		217 B
548 B 		Document
General
Check archive.org
Download Go to
Full URL
https://sync.bfmio.com/sync_iframe?ifg=1&id=9950dc87-e457-40ab-84d2-0662b604390c&gdpr=0&gc=&gce=1&us_privacy=
Requested by
Host: s1.ibtimes.com
URL: https://s1.ibtimes.com/sites/all/modules/modules-custom/fusion/fusion_ads/js/prebid.min.js?v=6.3
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.216.159.172 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-216-159-172.compute-1.amazonaws.com
Software
/
Resource Hash
f09593a5c4b13894ea7f0a65c055c35d2acd4a3168573d6566627cfc48bf1c0a

Request headers

Referer
https://www.ibtimes.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Access-Control-Allow-Origin
*
Connection
keep-alive
Content-Length
217
Content-Type
text/html
Date
Tue, 12 Apr 2022 21:23:44 GMT
sync
eb2.3lift.com/ Frame 0587 		1 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://eb2.3lift.com/sync?
Requested by
Host: s1.ibtimes.com
URL: https://s1.ibtimes.com/sites/all/modules/modules-custom/fusion/fusion_ads/js/prebid.min.js?v=6.3
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.248.245.213 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a0f671730127a0812.awsglobalaccelerator.com
Software
/
Resource Hash
0ea46bdd04b6458f475489328c07d8a924ee714762e9542edc685106d1257343

Request headers

Referer
https://www.ibtimes.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-cache, no-store, must-revalidate
content-encoding
gzip
content-length
462
content-type
text/html; charset=utf-8
date
Tue, 12 Apr 2022 21:23:44 GMT
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
sync
ups.analytics.yahoo.com/ups/55953/
Redirect Chain
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=adaptv&ttd_tpi=1
  • https://ups.analytics.yahoo.com/ups/55953/sync?uid=e66d38a0-d6a9-4685-b8ac-ad4c862a2a6f&_origin=1&gdpr=1&gdpr_consent=
0
38 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ups.analytics.yahoo.com/ups/55953/sync?uid=e66d38a0-d6a9-4685-b8ac-ad4c862a2a6f&_origin=1&gdpr=1&gdpr_consent=
Protocol
H2
Server
18.156.0.31 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-156-0-31.eu-central-1.compute.amazonaws.com
Software
ATS/9.1.0.46 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.ibtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 12 Apr 2022 21:23:44 GMT
server
ATS/9.1.0.46
age
0
strict-transport-security
max-age=31536000
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

Redirect headers

pragma
no-cache
date
Tue, 12 Apr 2022 21:23:44 GMT
x-aspnet-version
4.0.30319
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location
https://ups.analytics.yahoo.com/ups/55953/sync?uid=e66d38a0-d6a9-4685-b8ac-ad4c862a2a6f&_origin=1&gdpr=1&gdpr_consent=
cache-control
private,no-cache, must-revalidate
content-type
text/html
content-length
267
sync
ups.analytics.yahoo.com/ups/55986/
Redirect Chain
  • https://sync-tm.everesttech.net/upi/pid/m7y5t93k?gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fpixel.advertising.com%2Fups%2F55986%2Fsync%3Fuid%3D%24%7BUSER_ID%7D%26_origin%3D0&gdpr=0&gdpr_consent=
  • https://sync-tm.everesttech.net/ct/upi/pid/m7y5t93k?gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fpixel.advertising.com%2Fups%2F55986%2Fsync%3Fuid%3D%24%7BUSER_ID%7D%26_origin%3D0&gdpr=0&gdpr_consent=&_...
  • https://pixel.advertising.com/ups/55986/sync?uid=YlXt4AABhYp_UgAZ&_origin=0&gdpr=0&gdpr_consent=&_test=YlXt4AABhYp_UgAZ
  • https://ups.analytics.yahoo.com/ups/55986/sync?uid=YlXt4AABhYp_UgAZ&_origin=0&gdpr=0&gdpr_consent=&_test=YlXt4AABhYp_UgAZ&apid=UPd5583de5-baa6-11ec-bde6-063271c60a24
0
140 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ups.analytics.yahoo.com/ups/55986/sync?uid=YlXt4AABhYp_UgAZ&_origin=0&gdpr=0&gdpr_consent=&_test=YlXt4AABhYp_UgAZ&apid=UPd5583de5-baa6-11ec-bde6-063271c60a24
Protocol
H2
Server
18.156.0.31 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-156-0-31.eu-central-1.compute.amazonaws.com
Software
ATS/9.1.0.46 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.ibtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 12 Apr 2022 21:23:45 GMT
server
ATS/9.1.0.46
age
0
strict-transport-security
max-age=31536000
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

Redirect headers

location
https://ups.analytics.yahoo.com/ups/55986/sync?uid=YlXt4AABhYp_UgAZ&_origin=0&gdpr=0&gdpr_consent=&_test=YlXt4AABhYp_UgAZ&apid=UPd5583de5-baa6-11ec-bde6-063271c60a24
date
Tue, 12 Apr 2022 21:23:44 GMT
content-length
0
strict-transport-security
max-age=31536000
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
sync
ups.analytics.yahoo.com/ups/57304/
Redirect Chain
  • https://pixel.advertising.com/ups/57304/sync?gdpr=&gdpr_consent=&_origin=0&redir=true
  • https://pixel.advertising.com/ups/57304/sync?gdpr=&gdpr_consent=&_origin=0&redir=true&verify=true
  • https://ups.analytics.yahoo.com/ups/57304/sync?gdpr=&gdpr_consent=&_origin=0&redir=true&apid=UPd5583de5-baa6-11ec-bde6-063271c60a24
  • https://cm.g.doubleclick.net/pixel?google_nid=adaptv_dbm&google_cm&google_hm=VVBkNTU4M2RlNS1iYWE2LTExZWMtYmRlNi0wNjMyNzFjNjBhMjQ%3D
  • https://pixel.advertising.com/ups/57304/sync?uid=CAESEFoM8juKbxeKwi6c2VfyMY4&google_cver=1
  • https://ups.analytics.yahoo.com/ups/57304/sync?uid=CAESEFoM8juKbxeKwi6c2VfyMY4&google_cver=1&apid=UPd5583de5-baa6-11ec-bde6-063271c60a24
0
407 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ups.analytics.yahoo.com/ups/57304/sync?uid=CAESEFoM8juKbxeKwi6c2VfyMY4&google_cver=1&apid=UPd5583de5-baa6-11ec-bde6-063271c60a24
Protocol
H2
Server
18.156.0.31 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-156-0-31.eu-central-1.compute.amazonaws.com
Software
ATS/9.1.0.46 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.ibtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 12 Apr 2022 21:23:45 GMT
server
ATS/9.1.0.46
age
0
strict-transport-security
max-age=31536000
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

Redirect headers

location
https://ups.analytics.yahoo.com/ups/57304/sync?uid=CAESEFoM8juKbxeKwi6c2VfyMY4&google_cver=1&apid=UPd5583de5-baa6-11ec-bde6-063271c60a24
date
Tue, 12 Apr 2022 21:23:44 GMT
content-length
0
strict-transport-security
max-age=31536000
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
generic
match.adsrvr.org/track/cmf/ Frame 0587 		70 B
264 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.adsrvr.org/track/cmf/generic?ttd_pid=svx9t50&ttd_tpi=1&gdpr=1&gdpr_consent=
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.33.220.150 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a12b7a488abeaa9e4.awsglobalaccelerator.com
Software
/
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 12 Apr 2022 21:23:44 GMT
cache-control
private,no-cache, must-revalidate
x-aspnet-version
4.0.30319
content-type
image/gif
content-length
70
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
pixel
cm.g.doubleclick.net/ Frame 0587
Redirect Chain
  • https://eb2.3lift.com/ebda?sync=1&gdpr=1&cmp_cs=
  • https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MzM0MTI2MjIzMjk4NzQwNzMxMzEyMg%3D%3D
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MzM0MTI2MjIzMjk4NzQwNzMxMzEyMg%3D%3D
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?
Protocol
H3
Server
142.250.184.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s11-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 12 Apr 2022 21:23:44 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MzM0MTI2MjIzMjk4NzQwNzMxMzEyMg%3D%3D
date
Tue, 12 Apr 2022 21:23:44 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
0
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
pixel
cm.g.doubleclick.net/ Frame 0587 		170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=triplelift&google_cm&google_sc&gdpr=1&gdpr_consent=
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.184.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s11-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 12 Apr 2022 21:23:44 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame 0587
Redirect Chain
  • https://eb2.3lift.com/sync/google/demand?sync=1&gdpr=1&gdpr_consent=
  • https://cm.g.doubleclick.net/pixel?google_nid=triplelift&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MzM0MTI2MjIzMjk4NzQwNzMxMzEyMg%3D%3D
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=triplelift&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MzM0MTI2MjIzMjk4NzQwNzMxMzEyMg%3D%3D
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?
Protocol
H3
Server
142.250.184.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s11-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 12 Apr 2022 21:23:44 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location
https://cm.g.doubleclick.net/pixel?google_nid=triplelift&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MzM0MTI2MjIzMjk4NzQwNzMxMzEyMg%3D%3D
date
Tue, 12 Apr 2022 21:23:44 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
0
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
setuid
px.ads.linkedin.com/ Frame 0587 		0
704 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.ads.linkedin.com/setuid?partner=tripleliftdbredirect&tlUid=3341262232987407313122&dbredirect=true&gdpr=1&consent=
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 12 Apr 2022 21:23:44 GMT
x-li-pop
afd-prod-ltx1-x
x-msedge-ref
Ref A: 1E890F18407A406B96E8192906DD572E Ref B: FRAEDGE1207 Ref C: 2022-04-12T21:23:44Z
linkedin-action
1
x-cache
CONFIG_NOCACHE
x-li-fabric
prod-ltx1
x-li-proto
http/2
content-length
0
x-li-uuid
AAXce6z9LMWMLVSC7p5dLQ==
xuid
eb2.3lift.com/ Frame 0587
Redirect Chain
  • https://pr-bh.ybp.yahoo.com/sync/triplelift/3341262232987407313122?gdpr=1&gdpr_consent=
  • https://eb2.3lift.com/xuid?mid=2662&xuid=y-be29IYhE2oRBm3f7O.w8FNsFSgmCm724tG.WPA8f8g--~A&dongle=0883
37 B
354 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://eb2.3lift.com/xuid?mid=2662&xuid=y-be29IYhE2oRBm3f7O.w8FNsFSgmCm724tG.WPA8f8g--~A&dongle=0883
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?
Protocol
H2
Server
13.248.245.213 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a0f671730127a0812.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 12 Apr 2022 21:23:44 GMT
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif
content-length
37
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

date
Tue, 12 Apr 2022 21:23:44 GMT
referrer-policy
strict-origin-when-cross-origin
server
ATS
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security
max-age=31536000
location
https://eb2.3lift.com/xuid?mid=2662&xuid=y-be29IYhE2oRBm3f7O.w8FNsFSgmCm724tG.WPA8f8g--~A&dongle=0883
x-xss-protection
1; mode=block
content-length
0
x-content-type-options
nosniff
sync
x.bidswitch.net/ Frame 0587 		43 B
220 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://x.bidswitch.net/sync?ssp=triplelift&user_id=3341262232987407313122&gdpr=1&gdpr_consent=
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.122.58.191 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-122-58-191.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date
Tue, 12 Apr 2022 21:23:44 GMT
Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Content-Length
43
Content-Type
image/gif
c.gif
c.bing.com/ Frame 0587 		42 B
596 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://c.bing.com/c.gif?xid=3341262232987407313122&Red3=TLMS_pd
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/ ASP.NET
Resource Hash
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 12 Apr 2022 21:23:44 GMT
etag
"8120eaf0ff3ad81:0"
last-modified
Fri, 18 Mar 2022 19:39:54 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: 7083AE75E88D4CFEA8EAD9BA871CFF9A Ref B: FRAEDGE1510 Ref C: 2022-04-12T21:23:44Z
x-powered-by
ASP.NET
x-cache
CONFIG_NOCACHE
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control
private, no-cache, proxy-revalidate, no-store
accept-ranges
bytes
content-type
image/gif
content-length
42
iu3
s.amazon-adsystem.com/ Frame 0587
Redirect Chain
  • https://s.amazon-adsystem.com/x/757c0557066e95cfd4c7?gdpr=1&gdpr_consent=&uid=3341262232987407313122
  • https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&dl=3lift&gdpr=1&gdpr_consent=&uid=3341262232987407313122&dcc=t
0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&dl=3lift&gdpr=1&gdpr_consent=&uid=3341262232987407313122&dcc=t
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?
Protocol
HTTP/1.1
Server
209.54.177.54 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Redirect headers

Pragma
no-cache
Date
Tue, 12 Apr 2022 21:23:45 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
X64M06E4WFYXR3VPWBQ0
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location
https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&dl=3lift&gdpr=1&gdpr_consent=&uid=3341262232987407313122&dcc=t
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Length
0
Expires
Thu, 01 Jan 1970 00:00:00 GMT
xuid
eb2.3lift.com/ Frame 0587
Redirect Chain
  • https://b1sync.zemanta.com/usersync/triplelift?gdpr=1&gdpr_consent=
  • https://eb2.3lift.com/xuid?mid=2460&dongle=dba8&xuid=&gdpr=1
37 B
139 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://eb2.3lift.com/xuid?mid=2460&dongle=dba8&xuid=&gdpr=1
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?
Protocol
H2
Server
13.248.245.213 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a0f671730127a0812.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 12 Apr 2022 21:23:45 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
37
content-type
image/gif

Redirect headers

Location
https://eb2.3lift.com/xuid?mid=2460&dongle=dba8&xuid=&gdpr=1
Pragma
no-cache
Date
Tue, 12 Apr 2022 21:23:45 GMT
Cache-Control
no-cache, no-store, must-revalidate
Expires
Thu, 01 Dec 1994 16:00:00 GMT
Content-Length
95
Content-Type
text/html; charset=utf-8
usync.js
eus.rubiconproject.com/ Frame 3B7A 		32 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.js
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.205.235.133 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-205-235-133.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash
92db40d16cb8ca6e243d000bc0a2f249aeb503b3109c6ea0d5892f531204c078

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/usync.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date
Tue, 12 Apr 2022 21:23:44 GMT
Content-Encoding
gzip
Last-Modified
Wed, 02 Mar 2022 16:28:01 GMT
Server
Apache/2.2.15 (CentOS)
X-Powered-By
PHP/5.3.3
Vary
Accept-Encoding
p3p
CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control
max-age=85219
Connection
keep-alive
Content-Type
text/html; charset=UTF-8
Content-Length
9542
Expires
Wed, 13 Apr 2022 21:04:03 GMT
PugMaster
image6.pubmatic.com/AdServer/ Frame 5D0C 		2 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=2512177&p=158003&s=0&a=0&ptask=ALL&np=0&fp=0&rp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=1---
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158003
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
198.47.127.19 , United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software
/
Resource Hash
6177c2c2d6508abe2150d423604c8bb1f02b1f9c5d352cf72aa307559349c7c1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 12 Apr 2022 21:23:45 GMT
content-type
text/html; charset=UTF-8
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
match
c1.adform.net/serving/cookie/ Frame 7E96
Redirect Chain
  • https://c1.adform.net/serving/cookie/match?party=14&cid=BF0C64D4-C496-4DDE-8558-30D8A01BA999
  • https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=BF0C64D4-C496-4DDE-8558-30D8A01BA999
35 B
467 B 		Document
General
Check archive.org
Download Go to
Full URL
https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=BF0C64D4-C496-4DDE-8558-30D8A01BA999
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158003
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.3.29 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods
GET
access-control-allow-origin
*
access-control-max-age
86400
cache-control
no-cache, no-store, must-revalidate, no-transform
content-type
image/gif
date
Tue, 12 Apr 2022 21:23:45 GMT
expires
-1
pragma
no-cache
server
nginx
strict-transport-security
max-age=31536000; includeSubDomains

Redirect headers

access-control-allow-credentials
true
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods
GET
access-control-allow-origin
*
access-control-max-age
86400
cache-control
no-cache, no-store, must-revalidate, no-transform
content-length
0
date
Tue, 12 Apr 2022 21:23:45 GMT
expires
-1
location
https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=BF0C64D4-C496-4DDE-8558-30D8A01BA999
pragma
no-cache
server
nginx
strict-transport-security
max-age=31536000; includeSubDomains
Pug
simage2.pubmatic.com/AdServer/ Frame 74A8
Redirect Chain
  • https://sync.mathtag.com/sync/img?mt_exid=3&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA%3D%3D%26piggybackCookie%...
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA==&piggybackCookie=uid:3cde6255-ede1-4a00-9d80-cbac0a89c5e5&gdpr=0&gdpr_consent=
42 B
359 B 		Document
General
Check archive.org
Download Go to
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA==&piggybackCookie=uid:3cde6255-ede1-4a00-9d80-cbac0a89c5e5&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158003
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-store, no-cache, private
content-length
42
content-type
image/gif; charset=utf-8
date
Tue, 12 Apr 2022 21:23:45 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
nginx
x-lat
lhrpug011:0:372

Redirect headers

Access-Control-Allow-Origin
*
Cache-Control
no-cache
Connection
keep-alive
Content-Length
0
Content-Type
image/gif
Date
Tue, 12 Apr 2022 21:23:45 GMT
Expires
Tue, 12 Apr 2022 21:23:44 GMT
Keep-Alive
timeout=360
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Server
MT3 4335 2c68c00 master ord-pixel-x14 config:1.0.0
location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA==&piggybackCookie=uid:3cde6255-ede1-4a00-9d80-cbac0a89c5e5&gdpr=0&gdpr_consent=
Pug
image2.pubmatic.com/AdServer/ Frame 7CED
Redirect Chain
  • https://d5p.de17a.com/getuid/pubmatic?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID
  • https://d5p.de17a.com/getuid/pubmatic;c?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=6539567528254966003
42 B
211 B 		Document
General
Check archive.org
Download Go to
Full URL
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=6539567528254966003
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158003
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-store, no-cache, private
content-length
42
content-type
image/gif; charset=utf-8
date
Tue, 12 Apr 2022 21:23:45 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
nginx
x-lat
lhrpug016:0:599

Redirect headers

content-length
0
location
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=6539567528254966003
p3p
CP=NON CURa ADMa DEVa TAIa OUR STP IND UNI COM NAV
usersync.aspx
dis.criteo.com/dis/ Frame 74D6 		43 B
363 B 		Document
General
Check archive.org
Download Go to
Full URL
https://dis.criteo.com/dis/usersync.aspx?r=3&p=4&cp=pubmaticUS&cu=1&&gdpr=0&gdpr_consent=&url=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:@@CRITEO_USERID@@
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158003
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.2.151 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-cache
content-type
image/gif
cross-origin-resource-policy
cross-origin
date
Tue, 12 Apr 2022 21:23:44 GMT
expires
Tue, 12 Apr 2022 00:00:00 GMT
p3p
CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
pragma
no-cache
server
Kestrel
server-processing-duration-in-ticks
463553
strict-transport-security
max-age=31536000; preload;
x-errorlevel
0
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 5D0C
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=vwxk1MSWTd6FWDDYoBupmQ%3D%3D
  • https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=
14 KB
14 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=
Protocol
H2
Server
23.35.236.201 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-236-201.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 12 Apr 2022 21:23:45 GMT
content-encoding
gzip
last-modified
Tue, 01 Feb 2022 06:38:00 GMT
server
Apache/2.2.15 (CentOS)
etag
"1300708-3de4-5d6ef246ef4cf"
vary
Accept-Encoding
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control
max-age=104217
accept-ranges
bytes
content-type
text/html; charset=UTF-8
content-length
5549
expires
Thu, 14 Apr 2022 02:20:42 GMT

Redirect headers

pragma
no-cache
date
Tue, 12 Apr 2022 21:23:45 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
272
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
SPug
image4.pubmatic.com/AdServer/ Frame 5D0C
Redirect Chain
  • https://sync.mathtag.com/sync/img?mt_exid=3&redir=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3FpartnerID%3D27%26partnerUID%3D%5BMM_UUID%5D
  • https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=bad66255-ede1-4400-a8df-bd50102c1262
0
260 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=bad66255-ede1-4400-a8df-bd50102c1262
Protocol
H2
Server
198.47.127.20 , United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 12 Apr 2022 21:23:43 GMT
cache-control
no-store, no-cache, private
server
nginx
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Date
Tue, 12 Apr 2022 21:23:45 GMT
Server
MT3 4335 2c68c00 master ord-pixel-x26 config:1.0.0
Access-Control-Allow-Origin
*
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location
https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=bad66255-ede1-4400-a8df-bd50102c1262
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Keep-Alive
timeout=360
Content-Length
0
Expires
Tue, 12 Apr 2022 21:23:44 GMT
pixel
ps.eyeota.net/ Frame 5D0C
Redirect Chain
  • https://pixel.onaudience.com/?partner=214&mapped=BF0C64D4-C496-4DDE-8558-30D8A01BA999
  • https://loada.exelator.com/load/?p=1164&g=1&j=r&ru=https%3A%2F%2Fpixel.onaudience.com%2F%3Fpartner%3D161%26icm%26cver%26mapped%3D%25%25UID%25%25%26gdpr%3D1
  • https://loada.exelator.com/load/?p=1164&g=1&j=r&ru=https%3A%2F%2Fpixel.onaudience.com%2F%3Fpartner%3D161%26icm%26cver%26mapped%3D%25%25UID%25%25%26gdpr%3D1&xl8blockcheck=1
  • https://pixel.onaudience.com/?partner=161&icm&cver&mapped=0799eb96609287efb057f61466323f27&gdpr=1
  • https://sync.crwdcntrl.net/map/c=8587/tp=CLOD/tpid=e4d5a380a656836c/gdpr=1/gdpr_consent=?https%3A%2F%2Fpixel.onaudience.com%2F%3Fpartner%3D104%26icm%26cver%26mapped%3D%24%7Bprofile_id%7D%26gdpr%3D%...
  • https://sync.crwdcntrl.net/map/ct=y/c=8587/tp=CLOD/tpid=e4d5a380a656836c/gdpr=1/gdpr_consent=?https%3A%2F%2Fpixel.onaudience.com%2F%3Fpartner%3D104%26icm%26cver%26mapped%3D%24%7Bprofile_id%7D%26gdp...
  • https://pixel.onaudience.com/?partner=104&icm&cver&mapped=7fe135f2a2b15bbebf70152ef1974165&gdpr=1&gdpr_consent=${gdpr_consent}
  • https://pixel.onaudience.com/?partner=162&icm&cver&gdpr=1&gdpr_consent=${gdpr_consent}&smartmap=1&redirect=ps.eyeota.net%2Fpixel%3Fgdpr%3D1%26gdpr_consent%3D${gdpr_consent}%26pid%3Ddn5h51u%26t%3Dgi...
  • https://ps.eyeota.net/pixel?gdpr=1&gdpr_consent=${gdpr_consent}&pid=dn5h51u&t=gif&uid=10ea2cbff71608f7
0
344 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ps.eyeota.net/pixel?gdpr=1&gdpr_consent=${gdpr_consent}&pid=dn5h51u&t=gif&uid=10ea2cbff71608f7
Protocol
HTTP/1.1
Server
3.127.178.105 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-127-178-105.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date
Tue, 12 Apr 2022 21:23:45 GMT
Content-Length
0
P3P
CP="CURa ADMa DEVa TAIo PSAo PSDo OUR SAMo BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR", policyref="http://ps.eyeota.net/w3c/p3p.xml"

Redirect headers

location
https://ps.eyeota.net/pixel?gdpr=1&gdpr_consent=${gdpr_consent}&pid=dn5h51u&t=gif&uid=10ea2cbff71608f7
content-length
0
Pug
image2.pubmatic.com/AdServer/ Frame 5D0C
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=QkYwQzY0RDQtQzQ5Ni00RERFLTg1NTgtMzBEOEEwMUJBOTk5&gdpr=0&gdpr_consent=
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
42 B
110 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
Protocol
H2
Server
185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 12 Apr 2022 21:23:45 GMT
cache-control
no-store, no-cache, private
x-lat
lhrpug028:0:500
server
nginx
content-type
image/gif; charset=utf-8
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma
no-cache
date
Tue, 12 Apr 2022 21:23:45 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
313
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
Pug
image2.pubmatic.com/AdServer/ Frame 5D0C
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent=
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEJYeGg-SMNab-Xf5ZZssIpc&google_cver=1
42 B
282 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEJYeGg-SMNab-Xf5ZZssIpc&google_cver=1
Protocol
H2
Server
185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 12 Apr 2022 21:23:45 GMT
cache-control
no-store, no-cache, private
x-lat
lhrpug018:0:904
server
nginx
content-type
image/gif; charset=utf-8
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma
no-cache
date
Tue, 12 Apr 2022 21:23:45 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEJYeGg-SMNab-Xf5ZZssIpc&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
379
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pubmatic
um.simpli.fi/ Frame 5D0C 		43 B
610 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://um.simpli.fi/pubmatic?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODA2JnRsPTUxODQwMA==&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
159.122.14.34 , United States, ASN36351 (SOFTLAYER, US),
Reverse DNS
22.0e.7a9f.ip4.static.sl-reverse.com
Software
/
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 12 Apr 2022 21:23:45 GMT
x-content-type-options
nosniff
last-modified
Mon, 28 Sep 1970 06:00:00 GMT
strict-transport-security
max-age=63072000; includeSubdomains; preload
access-control-allow-methods
GET, POST, OPTIONS
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length
43
expires
Mon, 11 Apr 2022 21:23:45 GMT
Pug
simage2.pubmatic.com/AdServer/ Frame 5D0C
Redirect Chain
  • https://c1.adform.net/serving/cookie/match?party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COO...
  • https://c1.adform.net/serving/cookie/match?CC=1&party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%...
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=3525668781184695540
42 B
235 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=3525668781184695540
Protocol
H2
Server
185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 12 Apr 2022 21:23:45 GMT
cache-control
no-store, no-cache, private
x-lat
lhrpug013:0:594
server
nginx
content-type
image/gif; charset=utf-8
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma
no-cache
date
Tue, 12 Apr 2022 21:23:45 GMT
server
nginx
location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=3525668781184695540
access-control-max-age
86400
access-control-allow-methods
GET
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length
0
expires
-1
Pug
simage2.pubmatic.com/AdServer/ Frame 5D0C
Redirect Chain
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent=
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=e66d38a0-d6a9-4685-b8ac-ad4c862a2a6f
42 B
603 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=e66d38a0-d6a9-4685-b8ac-ad4c862a2a6f
Protocol
H2
Server
185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 12 Apr 2022 21:23:45 GMT
cache-control
no-store, no-cache, private
x-lat
lhrpug019:0:409
server
nginx
content-type
image/gif; charset=utf-8
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma
no-cache
date
Tue, 12 Apr 2022 21:23:45 GMT
x-aspnet-version
4.0.30319
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=e66d38a0-d6a9-4685-b8ac-ad4c862a2a6f
cache-control
private,no-cache, must-revalidate
content-type
text/html
content-length
313
Pug
image2.pubmatic.com/AdServer/ Frame 5D0C
Redirect Chain
  • https://ib.adnxs.com/getuid?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=$UID&gdpr=0&gdpr_consent=
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=6406053966499447073&gdpr=0&gdpr_consent=
42 B
544 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=6406053966499447073&gdpr=0&gdpr_consent=
Protocol
H2
Server
185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 12 Apr 2022 21:23:45 GMT
cache-control
no-store, no-cache, private
x-lat
lhrpug012:0:444
server
nginx
content-type
image/gif; charset=utf-8
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Pragma
no-cache
Date
Tue, 12 Apr 2022 21:23:45 GMT
X-Proxy-Origin
217.114.215.131; 217.114.215.131; 728.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid
7e05895d-bcff-4878-9d01-1e40c3e793f6
Server
nginx/1.21.3
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=6406053966499447073&gdpr=0&gdpr_consent=
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
Pug
image2.pubmatic.com/AdServer/ Frame 5D0C
Redirect Chain
  • https://pixel.quantserve.com/pixel/p-5aWVS_roA1dVM.gif?idmatch=0&gdpr=0&gdpr_consent=
  • https://image2.pubmatic.com/AdServer/Pug?&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=jI3Utt_bhLKXjta2iNzM4tncguCXi9Owg4ior2jT
42 B
309 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://image2.pubmatic.com/AdServer/Pug?&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=jI3Utt_bhLKXjta2iNzM4tncguCXi9Owg4ior2jT
Protocol
H2
Server
185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 12 Apr 2022 21:23:45 GMT
cache-control
no-store, no-cache, private
x-lat
lhrpug027:0:520
server
nginx
content-type
image/gif; charset=utf-8
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma
no-cache
date
Tue, 12 Apr 2022 21:23:45 GMT
strict-transport-security
max-age=86400
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
location
https://image2.pubmatic.com/AdServer/Pug?&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=jI3Utt_bhLKXjta2iNzM4tncguCXi9Owg4ior2jT
cache-control
private, no-cache, no-store, proxy-revalidate
content-length
0
expires
Fri, 04 Aug 1978 12:00:00 GMT
sync
sync.bfmio.com/ Frame 21AA
Redirect Chain
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=rwuq9ny&ttd_tpi=1
  • https://sync.bfmio.com/sync?pid=106&uid=e66d38a0-d6a9-4685-b8ac-ad4c862a2a6f
0
589 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.bfmio.com/sync?pid=106&uid=e66d38a0-d6a9-4685-b8ac-ad4c862a2a6f
Requested by
Host: sync.bfmio.com
URL: https://sync.bfmio.com/sync_iframe?ifg=1&id=9950dc87-e457-40ab-84d2-0662b604390c&gdpr=0&gc=&gce=1&us_privacy=
Protocol
HTTP/1.1
Server
3.216.159.172 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-216-159-172.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://sync.bfmio.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Connection
keep-alive
Date
Tue, 12 Apr 2022 21:23:44 GMT

Redirect headers

pragma
no-cache
date
Tue, 12 Apr 2022 21:23:45 GMT
x-aspnet-version
4.0.30319
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location
https://sync.bfmio.com/sync?pid=106&uid=e66d38a0-d6a9-4685-b8ac-ad4c862a2a6f
cache-control
private,no-cache, must-revalidate
content-type
text/html
content-length
183
tap.php
pixel.rubiconproject.com/ Frame 3B7A
Redirect Chain
  • https://token.rubiconproject.com/token?pid=2974&pt=n&a=1&us_privacy=1---
  • https://pr-bh.ybp.yahoo.com/sync/rubicon/6-pZrmsVNAt64Fgb5n3U-A?csrc=&us_privacy=1---
  • https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=4144688919164354826
0
239 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=4144688919164354826
Protocol
HTTP/1.1
Server
69.173.144.165 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost
a66cbf3142c6ef39e3614b84a34262cf
Content-Type
image/gif

Redirect headers

date
Tue, 12 Apr 2022 21:23:45 GMT
referrer-policy
strict-origin-when-cross-origin
server
ATS
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security
max-age=31536000
location
https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=4144688919164354826
x-xss-protection
1; mode=block
content-length
0
x-content-type-options
nosniff
709414.gif
id.rlcdn.com/ Frame 3B7A 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://id.rlcdn.com/709414.gif?us_privacy=1---
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
68.174.244.35.bc.googleusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers
ecm3
aax-eu.amazon-adsystem.com/s/ Frame 3B7A
Redirect Chain
  • https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=&us_privacy=1---
  • https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=&us_privacy=1---&dcc=t
  • https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=G2NLbN00T-qYCeO2exHdGg&rk=usync-other
  • https://aax-eu.amazon-adsystem.com/s/ecm3?ex=rubiconprojectHMT&id=G2NLbN00T-qYCeO2exHdGg
43 B
556 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aax-eu.amazon-adsystem.com/s/ecm3?ex=rubiconprojectHMT&id=G2NLbN00T-qYCeO2exHdGg
Protocol
HTTP/1.1
Server
52.95.125.22 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 12 Apr 2022 21:23:46 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
S351TAKVXTS2QQS009KH
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Location
https://aax-eu.amazon-adsystem.com/s/ecm3?ex=rubiconprojectHMT&id=G2NLbN00T-qYCeO2exHdGg
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
a66cbf3142c6ef39e3614b84a34262cf
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
tap.php
pixel.rubiconproject.com/ Frame 3B7A
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc&us_privacy=1---
  • https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEJblA2QrVm2xCtKnTC1qBdE&google_cver=1
0
239 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEJblA2QrVm2xCtKnTC1qBdE&google_cver=1
Protocol
HTTP/1.1
Server
69.173.144.165 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost
a66cbf3142c6ef39e3614b84a34262cf
Content-Type
image/gif

Redirect headers

pragma
no-cache
date
Tue, 12 Apr 2022 21:23:45 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEJblA2QrVm2xCtKnTC1qBdE&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
326
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
sync.php
pixel.rubiconproject.com/exchange/ Frame 3B7A 		0
239 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.rubiconproject.com/exchange/sync.php?p=a9us&us_privacy=1---
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
69.173.144.165 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost
a66cbf3142c6ef39e3614b84a34262cf
Content-Type
image/gif
pixel
cm.g.doubleclick.net/ Frame 3B7A
Redirect Chain
  • https://token.rubiconproject.com/token?pid=25470&us_privacy=1---
  • https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDFXTkkyWkYtMy03NFVP&us_privacy=1---
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDFXTkkyWkYtMy03NFVP&us_privacy=1---
Protocol
H3
Server
142.250.184.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s11-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 12 Apr 2022 21:23:45 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDFXTkkyWkYtMy03NFVP&us_privacy=1---
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
37b22a0c36bd84993dd2cda4a5e04b1d
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
rubicon
match.adsrvr.org/track/cmf/ Frame 3B7A 		70 B
264 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.adsrvr.org/track/cmf/rubicon?us_privacy=1---
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.33.220.150 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a12b7a488abeaa9e4.awsglobalaccelerator.com
Software
/
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 12 Apr 2022 21:23:45 GMT
cache-control
private,no-cache, must-revalidate
x-aspnet-version
4.0.30319
content-type
image/gif
content-length
70
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
pixel
cm.g.doubleclick.net/ Frame 3B7A
Redirect Chain
  • https://token.rubiconproject.com/token?pid=2249&pt=n&us_privacy=1---
  • https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=MDZhY2FiMTFkZjVmZWYxZmIwNmEyMTBhYTc1OWU3NGU4Y2MxMjZlMg&us_privacy=1---
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=MDZhY2FiMTFkZjVmZWYxZmIwNmEyMTBhYTc1OWU3NGU4Y2MxMjZlMg&us_privacy=1---
Protocol
H3
Server
142.250.184.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s11-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 12 Apr 2022 21:23:45 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=MDZhY2FiMTFkZjVmZWYxZmIwNmEyMTBhYTc1OWU3NGU4Y2MxMjZlMg&us_privacy=1---
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
37b22a0c36bd84993dd2cda4a5e04b1d
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
SPug
simage4.pubmatic.com/AdServer/ Frame 5D0C 		0
128 B 		Script
General
Check archive.org
Download Go to
Full URL
https://simage4.pubmatic.com/AdServer/SPug?partnerID=158003&gdpr=0&gdpr_consent=&us_privacy=1---
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158003
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
198.47.127.20 , United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 12 Apr 2022 21:23:46 GMT
cache-control
no-store, no-cache, private
server
nginx
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
st
capi-tier-1-us-east-2.connatix.com/tr/ Frame CCE6 		0
316 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://capi-tier-1-us-east-2.connatix.com/tr/st?v=158503
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.playspace.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.130.124.226 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-130-124-226.us-east-2.compute.amazonaws.com
Software
Kestrel /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
multipart/form-data

Response headers

date
Tue, 12 Apr 2022 21:23:47 GMT
content-encoding
gzip
server
Kestrel
vary
Accept-Encoding
content-type
application/x-protobuf
access-control-allow-origin
https://www.ibtimes.com
access-control-allow-credentials
true
Connection
keep-alive
Content-Length
20
g
capi-tier-1-us-east-2.connatix.com/rtb/ Frame CCE6 		0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
hbopenbid.pubmatic.com
URL
https://hbopenbid.pubmatic.com/translator?source=prebid-client
Domain
gdpr-wrapper.privacymanager.io
URL
https://gdpr-wrapper.privacymanager.io/gdpr/93872cc6-8fc9-44b6-9bbe-081c7bd04dc4/vendor-list.json
Domain
www.ibtimes.com
URL
https://www.ibtimes.com/service-worker.js
Domain
capi-tier-1-us-east-2.connatix.com
URL
https://capi-tier-1-us-east-2.connatix.com/rtb/g?v=158503

Verdicts & Comments Add Verdict or Comment

406 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| 6 object| 7 object| 8 object| 9 object| 10 object| 11 object| 12 object| 13 object| 14 object| 15 object| 16 object| 17 object| 18 object| 19 object| 20 object| 21 object| 22 object| 23 object| 24 object| 25 object| 26 object| 27 object| 28 object| 29 object| 30 object| 31 object| 32 function| structuredClone object| oncontextlost object| oncontextrestored function| getScreenDetails number| _sf_startpt object| dataLayer object| cmp object| ccpaConfiguration object| node function| __ccpa function| __uspapi object| gdprConfiguration function| __tcfapi number| timerStart boolean| gdprAppliesGlobally function| __cmp function| ibtGetCookie number| hb_debug function| nw_log object| xuaInfo string| site_name string| site_id string| site_domain string| ibtmedia_device string| is_uxab string| is_video_embed string| ibp1 string| ibp2 string| is_slideshow string| s_layout string| is_slideshow_firstpage string| s_player string| enable_sponsor_logo string| sponsor_logo_slot string| is_prod number| numPr number| rf string| dfp_cat string| group_cat string| excl_label string| amzn_video_bid number| amzn_video_bid_flag string| prebid_video_bid string| prebid_cust_param string| NoPassFQ string| fbprom string| fbpromoc string| otherpromoc string| sponsored object| keyEx string| keyExC number| wo_on string| gdpr_video string| npa_consent string| consent_string number| is_gdpr boolean| ccpa_status object| dfpSlots boolean| fl string| fls string| w1200 string| referrer function| nwsetCookie string| pageRefresh number| fqv string| ts function| parseQueryString string| urlToParse object| utm_result string| utm_source number| nonPersonalizedAds function| getBrowser function| setDfpRefreshKV function| setDfpRefreshKey function| clearDfpRefreshKey number| win_w number| win_h string| wo_browser string| wo_pageurl string| win_size string| wo_placement string| wo_section string| wo_layout string| wo_pagetype string| fq_pagetype string| wo_devicetype string| wo_domint string| wo_adblock string| ic11_morph undefined| il_geo string| wo_geocode string| wo_ip string| pageFocus function| TrafficSource string| trsource string| dfp_adunit boolean| fqs_loaded boolean| fqsp_loaded boolean| fqs_load_timeout boolean| pbjs_loaded boolean| amznads2_loaded boolean| is_bot number| abt_rand string| abt string| purlen string| fq_ref function| extractHostname string| fq_ref_source string| doc_hostname string| fq_source string| pb_videos object| dfpEx object| fqtag object| PWT object| googletag function| fq_callback object| fqs function| amznVideoAPS function| amznVideoAPS_refresh number| PREBID_TIMEOUT number| FAILSAFE_TIMEOUT object| pbjs function| initAdserver number| hb_timeout_var function| verification_callback object| adUnits function| prebidVideoAd_refresh object| videoAdUnit object| apstag object| fonts object| font number| pos number| current_time undefined| key function| cnxps string| s1 object| VUUKLE_CONFIG object| VUUKLE_nid_3469028 function| $lvpl function| vuukleLogin function| newVuukleWidgets object| webpackChunk number| VUUKLE_PLATFORM function| removeVuukleWidgets function| generateVuukleAds function| advagg_run_check function| advagg_run_check_inner function| advagg_font_add_font_classes_on_load function| advagg_font_check object| __twttrll object| twttr object| __twttr object| _hsp function| pbjsChunk object| _pbjsGlobals object| ggeac object| google_tag_data object| google_js_reporting_queue boolean| apstagLOADED object| _vuukleGeo object| wpJsonpLiverampCcpaCmp function| setImmediate function| clearImmediate object| core boolean| _hspb_loaded object| _mgIntExchangeNews object| MarketGidInfC307820 function| MarketGidCContextBlock307820 function| MarketGidCMainBlock307820 function| MarketGidCInternalExchangeBlock307820 function| MarketGidCRejectBlock307820 function| MarketGidCInternalExchangeLoggerBlock307820 function| MarketGidCObserverBlock307820 function| MarketGidCSendDimensionsBlock307820 function| MarketGidCRtbBlock307820 function| MarketGidCContentPreviewBlock307820 function| MarketGidCResponsiveBlock307820 boolean| mg_loaded_48526_307820 object| _hsq object| _paq function| sanitizeKey boolean| _hstc_loaded object| cnx_usr_storage undefined| google_measure_js_timing function| GRAPP function| CE object| GRWF2 object| DATAFILE object| webformId_Z function| fqPixel function| init_drupal_core_settings function| advagg_mod_2 function| advagg_mod_2_check undefined| $ function| jQuery object| Drupal object| jQuery17207259066472110658 function| DataLayerHelper function| ibtmediaDfp string| adblock_status function| socialnewsletterValidateEmail function| Swipe undefined| ie function| analyticsEvent function| BlockAdBlock object| blockAdBlock function| FontFaceObserver object| lazySizesConfig object| lazySizes function| getCookie function| setCookieHours function| ivdow function| ivhow number| retv number| rfrsh string| ref number| yref number| fromibt number| refset number| vad number| idow number| ihow string| fqvp string| dfpid string| adunit boolean| isSafari boolean| isChrome object| vjsima object| vadcmd number| geo_eng function| loadScript string| videoTargs function| amznAdsResponse_refresh boolean| mobile_device object| doWLoad object| ibtUrlParameter function| getUrlParameters function| getLineItemTargeting function| getFrameDocument function| removeUnwantedCreative function| detect360 function| pauseOtherPlayer function| showIbtimesTv function| showIbtimesTv_360 function| showIbtimesTv_nextStage function| showIbtimesTvArticle function| extra_do_video object| vttjs function| WebVTT function| videojs object| _utm_result string| _utm_src string| _utm_cpn number| incognito number| p boolean| moved object| cnxEnfStorage function| cnxsetTimeout function| cnxsetInterval object| cnxPlugins string| videoad_bid_request object| adslider object| adsliderlv object| seekBar object| FB object| default_ContributorServingResponseClientJs object| __googlefc string| __fcInvoked string| __fcexpdef string| MzI0YWQ4Nzc3YWIyYWE3NmxvYWRlcl9qcw== string| MzI0YWQ4Nzc3YWIyYWE3NmNhY2hlZF9qcw== object| googlefc object| __fcInternalApiManager boolean| __fcInternalApiPostMessageReady object| google_tag_manager object| _google_rum_ns_ object| google_persistent_state_async number| google_global_correlator number| google_srt function| mb function| Goog_AdSense_Lidar_sendVastEvent function| Goog_AdSense_Lidar_getViewability function| Goog_AdSense_Lidar_getUrlSignalsArray function| Goog_AdSense_Lidar_getUrlSignalsList object| module$contents$ima$CompanionAdSelectionSettings_CompanionAdSelectionSettings object| module$contents$ima$AdsRenderingSettings_AdsRenderingSettings object| ima object| module$contents$ima$AdCuePoints_AdCuePoints object| module$contents$ima$AdError_AdError object| module$contents$ima$AdErrorEvent_AdErrorEvent object| module$contents$ima$AdEvent_AdEvent object| module$contents$ima$AdsManagerLoadedEvent_AdsManagerLoadedEvent object| google undefined| exe object| closure_lm_328315 boolean| gaLoaded boolean| domLoaded function| analyticsSocial function| analyticsVPV function| analyticsClearVPV function| analyticsForm string| GoogleAnalyticsObject function| ga object| _qevents object| _sf_async_config object| gascrolldepth object| default_ContributorIabTcfV2ClientJs function| __g78fHfh446__ object| pushWrap function| showFbChkOptIn object| mailnamiPromptModule boolean| isOSXSafari undefined| safariScript undefined| o object| mailnami object| Pushnami object| closure_lm_226461 object| gaplugins object| gaGlobal object| gaData function| onYouTubeIframeAPIReady function| quantserve function| __qc object| ezt object| _qoptions function| qtrack object| closure_lm_339882 boolean| _hspb_ran boolean| _hstc_ran string| __hsUserToken number| expireDateTime object| e number| _sf_endpt function| CrossStorageClient object| pushnamiStorage function| uuid object| __cmpBuffer object| _cb_shared object| pSUPERFLY_mab object| _cbq object| pSUPERFLY object| onClickExcludes function| mgReject307820 function| mgLoadAds307820 function| MarketGidCReject307820 function| MarketGidLoadGoods307820 function| mgReject725222 function| mgLoadAds725222 function| MarketGidCReject725222 function| MarketGidLoadGoods725222 function| mgReject863739 function| mgLoadAds863739 function| MarketGidCReject863739 function| MarketGidLoadGoods863739 function| mgReject947807 function| mgLoadAds947807 function| MarketGidCReject947807 function| MarketGidLoadGoods947807 function| mgReject1086935 function| mgLoadAds1086935 function| MarketGidCReject1086935 function| MarketGidLoadGoods1086935 object| _mgq function| _mgqp number| _mgqt number| _mgqi string| _mgCanonicalUri boolean| _mgPageViewEndPoint48526 string| _mgPvid boolean| _mgPageView48526 boolean| i.js.loaded boolean| i-noref.js.loaded function| cnxAddEventListener

98 Cookies

Domain/Path Name / Value
.3lift.com/sync Name: sync
Value: CgoIoQEQg-yk_YEwCgoIgQIQg-yk_YEwCgoI4gEQg-yk_YEwCgoI5gEQg-yk_YEwCgoIhwIQg-yk_YEwCgkICRCD7KT9gTAKCQg6EIPspP2BMAoJCAsQg-yk_YEwCgoIjAIQg-yk_YEwCgkIXxCD7KT9gTA=
.mgid.com/ Name: __cf_bm
Value: gC8tRaNdWs.QWOzTtHGE1rzAOcjUx34wUEhnE8OjclU-1649798620-0-Ab5WcqP1koXVfbe9AAY9cvW5C3eJDOINXNcCaGOai25WNC2Cd7ywqgmRB0lfr/a8RtNmiAuupUo3tI9Cr16AGYM=
www.ibtimes.com/ Name: _pbjs_userid_consent_data
Value: 3524755945110770
.adnxs.com/ Name: icu
Value: ChgIkvRXEAoYASABKAEw3NvXkgY4AUABSAEQ3NvXkgYYAA..
.adnxs.com/ Name: uuid2
Value: 6406053966499447073
.rubiconproject.com/ Name: khaos
Value: L1WNI2ZF-3-74UO
.rubiconproject.com/ Name: audit
Value: 1|naVuGyos1qqWiPyzd6Ui0szzH/SUMvpGs1wMD2ZZQDIcPxm3GZEWzD6k3xWZMfxnhti785KzIA8EFu8OcGkBbMxuhZpbWKLtqsy+/cdkAcs=
www.ibtimes.com/ Name: geo-location
Value: {"country":"DE","region":""}
www.ibtimes.com/ Name: has_js
Value: 1
prebid.a-mo.net/ Name: __amc
Value: 1_1649798620_1649798620
.scorecardresearch.com/ Name: UID
Value: 12D1736c3917070ba2a77a91649798621
www.ibtimes.com/ Name: ccpa-dau
Value: true
.ibtimes.com/ Name: _gid
Value: GA1.2.879295986.1649798622
.ibtimes.com/ Name: _ga_YGVZJQK0TD
Value: GS1.1.1649798621.1.0.1649798621.0
.ibtimes.com/ Name: _ga
Value: GA1.1.1536796330.1649798622
www.ibtimes.com/ Name: usprivacy
Value: 1---
.ibtimes.com/ Name: _dc_gtm_UA-5652780-46
Value: 1
.ibtimes.com/ Name: __hstc
Value: 190406516.68694392c8b10528d94223211fc87fa0.1649798622477.1649798622477.1649798622477.1
.ibtimes.com/ Name: hubspotutk
Value: 68694392c8b10528d94223211fc87fa0
.ibtimes.com/ Name: __hssrc
Value: 1
.ibtimes.com/ Name: __hssc
Value: 190406516.1.1649798622477
www.ibtimes.com/ Name: _cb_ls
Value: 1
www.ibtimes.com/ Name: _cb
Value: C-ccjOMXQshDMNpVJ
www.ibtimes.com/ Name: _chartbeat2
Value: .1649798622578.1649798622578.1._f7eOBK2_-mD8VZxpBg560pD8Np3D.1
www.ibtimes.com/ Name: _cb_svref
Value: null
.hubspot.com/ Name: __cf_bm
Value: 6s5xCuAaDI5PQTDiXmC5xincnOEz.DP_44fBi4mY_jI-1649798622-0-AXqOAqhE/1M1zCMSL3NOdPJjZGQkBaYSzXOG4VQ4yH/rcgY4mfsylfHOLC+GUPplYN2szYunLvFVBHmFnSouFd4=
.mgid.com/ Name: muidn
Value: m3cGwraYNZne
www.ibtimes.com/ Name: MarketGidStorage
Value: %7B%220%22%3A%7B%22svspr%22%3A%22%22%2C%22svsds%22%3A1%2C%22TejndEEDj%22%3A%22WH06sllSB%22%7D%2C%22C307820%22%3A%7B%22page%22%3A1%2C%22time%22%3A1649798622827%7D%7D
.e-volution.ai/ Name: v_usr
Value: ab3e0f0b-3176-4821-9656-be8a4f15b8a9
.creativecdn.com/ Name: u
Value: CDGpYeKQOSY9UXYiIIDN
.creativecdn.com/ Name: ts
Value: 1649798623
.zeotap.com/ Name: zc
Value: 43486c43-d681-44a8-5d91-c7b0d959943e
.bidswitch.net/ Name: c
Value: 1649798623
.bidswitch.net/ Name: tuuid_lu
Value: 1649798623
.bidswitch.net/ Name: tuuid
Value: 1d7650e5-2594-4528-8498-907c7bb0560f
.adx.opera.com/ Name: UID
Value: bcc1df01936740e697673c4500f022ef
.360yield.com/ Name: tuuid
Value: 365d1e09-e9cc-44d7-b79e-c025be1b0687
.360yield.com/ Name: tuuid_lu
Value: 1649798623
.adsrvr.org/ Name: TDID
Value: e66d38a0-d6a9-4685-b8ac-ad4c862a2a6f
.smartadserver.com/ Name: pid
Value: 2672647737883558751
.3lift.com/ Name: tluid
Value: 3341262232987407313122
.doubleclick.net/ Name: IDE
Value: AHWqTUnmKwqEpiOu49Vzh-SSF02ZGZXIhMh_Z4QSYtpRPRcjJrh2eXGX1xO4aL5Wc28
.yandex.ru/ Name: yuidss
Value: 9583940761649798623
.yandex.ru/ Name: yandexuid
Value: 9583940761649798623
www.ibtimes.com/ Name: grwf2_Z
Value: lock
.yahoo.com/ Name: A3
Value: d=AQABBN_tVWICEAblQ4zL1xuCvg3CEKLWUg8FEgEBAQE_V2JfYgAAAAAA_eMAAA&S=AQAAAl-J_LkKHqCRNxjX-XWTreA
www.ibtimes.com/ Name: _lr_sampling_rate
Value: 100
.taptapnetworks.com/ Name: SONATA_ID
Value: csonata_99e4ec82-0a24-4f92-9417-59f855fb4e38
.mfadsrvr.com/ Name: tuuid
Value: 0c9e0ff7-3912-4830-9ded-4b9435c97638
.mfadsrvr.com/ Name: c
Value: 1649798624
.mfadsrvr.com/ Name: tuuid_lu
Value: 1649798624
.mfadsrvr.com/ Name: ssh
Value: !mgid,1649798624
cm.mgid.com/ Name: mg_sync
Value: {"0":1649798622,"10":1649798622,"2":1649798622,"287839":1649798624,"433145":1649798624,"528163":1649798623,"6":1649798622,"665953":1649798623,"9":1649798622}
www.ibtimes.com/ Name: _lr_retry_request
Value: true
www.ibtimes.com/ Name: _lr_env_src_ats
Value: false
.advertising.com/ Name: APID
Value: UPd5583de5-baa6-11ec-bde6-063271c60a24
.bing.com/ Name: MUID
Value: 0486291FA78E6F583B70389BA6E56E5D
.everesttech.net/ Name: everest_g_v2
Value: g_surferid~YlXt4AABhYp_UgAZ
.ads.linkedin.com/ Name: lang
Value: v=2&lang=en-us
.linkedin.com/ Name: bcookie
Value: "v=2&881faf21-27b1-48b0-8dc6-35cd31129fa3"
.linkedin.com/ Name: li_gc
Value: MTswOzE2NDk3OTg2MjQ7MjswMjECu6fBnaSRq3P3C263rt7oPoTnrQwN38xnlEAh8/QiXQ==
.linkedin.com/ Name: lidc
Value: "b=TGST05:s=T:r=T:a=T:p=T:g=2512:u=1:x=1:i=1649798624:t=1649885024:v=2:sig=AQE_qVcvswZ10MJSIojccwEwQ7qQhUWu"
.analytics.yahoo.com/ Name: IDSYNC
Value: "194k~24al:187s~24al:1776~24al"
.pubmatic.com/ Name: KADUSERCOOKIE
Value: BF0C64D4-C496-4DDE-8558-30D8A01BA999
.pubmatic.com/ Name: chkChromeAb67Sec
Value: 1
.pubmatic.com/ Name: pi
Value: 158003:2
.pubmatic.com/ Name: DPSync3
Value: 1650931200%3A197_219_201%7C1649808000%3A174
.pubmatic.com/ Name: SyncRTB3
Value: 1650931200%3A220_21_7_56_3_8_13_161_54%7C1651017600%3A35
.quantserve.com/ Name: d
Value: EJQBCwHxJfijAA
.quantserve.com/ Name: mc
Value: 6255ede1-1752c-acccc-42397
.onaudience.com/ Name: cookie
Value: e4d5a380a656836c
.onaudience.com/ Name: done_redirects161
Value: 1
.simpli.fi/ Name: suid
Value: 3F5F603990A042E0A92F3947EA25226F
.de17a.com/ Name: guid2
Value: 1.6539567528254966003
.adform.net/ Name: C
Value: 1
.adsrvr.org/ Name: TDCPM
Value: CAESFwoIcHVibWF0aWMSCwim7JqgmLXOOhAFGAEgASgCMgsImq6dzq61zjoQBTgBWgdyd3VxOW55YAI.
.adform.net/ Name: uid
Value: 3525668781184695540
.pubmatic.com/ Name: KRTBCOOKIE_57
Value: 22776-6406053966499447073&KRTB&23339-6406053966499447073
.pubmatic.com/ Name: PugT
Value: 1649798625
.pubmatic.com/ Name: PUBMDCID
Value: 3
.pubmatic.com/ Name: KRTBCOOKIE_153
Value: 1923-jI3Utt_bhLKXjta2iNzM4tncguCXi9Owg4ior2jT&KRTB&19420-jI3Utt_bhLKXjta2iNzM4tncguCXi9Owg4ior2jT&KRTB&22979-jI3Utt_bhLKXjta2iNzM4tncguCXi9Owg4ior2jT
.pubmatic.com/ Name: KRTBCOOKIE_80
Value: 22987-CAESEJYeGg-SMNab-Xf5ZZssIpc&KRTB&16514-CAESEJYeGg-SMNab-Xf5ZZssIpc&KRTB&23025-CAESEJYeGg-SMNab-Xf5ZZssIpc
.pubmatic.com/ Name: KRTBCOOKIE_377
Value: 6810-e66d38a0-d6a9-4685-b8ac-ad4c862a2a6f&KRTB&22918-e66d38a0-d6a9-4685-b8ac-ad4c862a2a6f&KRTB&23031-e66d38a0-d6a9-4685-b8ac-ad4c862a2a6f
.pubmatic.com/ Name: KRTBCOOKIE_336
Value: 5844-6539567528254966003
.pubmatic.com/ Name: KRTBCOOKIE_391
Value: 22924-3525668781184695540&KRTB&23263-3525668781184695540
.bfmio.com/ Name: __106_cid
Value: e66d38a0-d6a9-4685-b8ac-ad4c862a2a6f
.bfmio.com/ Name: __bfio_sync
Value: 5B20180E6F1A10E7BF07D09C20415F68
.bfmio.com/ Name: __io_cid
Value: e66d38a0-d6a9-4685-b8ac-ad4c862a2a6f
.onaudience.com/ Name: done_redirects104
Value: 1
.mathtag.com/ Name: uuid
Value: 3cde6255-ede1-4a00-9d80-cbac0a89c5e5
.pubmatic.com/ Name: KRTBCOOKIE_27
Value: 16735-uid:3cde6255-ede1-4a00-9d80-cbac0a89c5e5&KRTB&16736-uid:3cde6255-ede1-4a00-9d80-cbac0a89c5e5&KRTB&23019-uid:3cde6255-ede1-4a00-9d80-cbac0a89c5e5&KRTB&23208-uid:3cde6255-ede1-4a00-9d80-cbac0a89c5e5
.crwdcntrl.net/ Name: _cc_dc
Value: 1
.crwdcntrl.net/ Name: _cc_id
Value: 7fe135f2a2b15bbebf70152ef1974165
.onaudience.com/ Name: done_redirects162
Value: 1
.eyeota.net/ Name: SERVERID
Value: 24524~DM
.amazon-adsystem.com/ Name: ad-id
Value: A3ttKXRwr09hnWJUhoArRkA
.amazon-adsystem.com/ Name: ad-privacy
Value: 0
.pubmatic.com/ Name: SPugT
Value: 1649798626

17 Console Messages

Source Level URL
Text
network error URL: https://ads.adaptv.advertising.com/rtb/openrtb?ext_id=IBTimes
Message:
Failed to load resource: the server responded with a status of 403 (Forbidden)
javascript error URL: https://www.ibtimes.com/beware-new-android-banking-malware-can-take-over-your-device-spread-through-fake-apps-3469028
Message:
Access to fetch at 'https://gdpr-wrapper.privacymanager.io/gdpr/93872cc6-8fc9-44b6-9bbe-081c7bd04dc4/vendor-list.json' from origin 'https://www.ibtimes.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
network error URL: https://gdpr-wrapper.privacymanager.io/gdpr/93872cc6-8fc9-44b6-9bbe-081c7bd04dc4/vendor-list.json
Message:
Failed to load resource: net::ERR_FAILED
security warning
Message:
Error with Feature-Policy header: Unrecognized feature: 'ambient-light-sensor'.
security warning
Message:
Error with Feature-Policy header: Unrecognized feature: 'speaker'.
security warning
Message:
Error with Feature-Policy header: Unrecognized feature: 'vr'.
other warning URL: https://cmp-consent-tool.privacymanager.io/latest/index.html#/notice?theme=defaultTheme&useSystemFonts=false&cmpType=tcf
Message:
A preload for 'https://cmp-consent-tool.privacymanager.io/latest/runtime.js' is found, but is not used because the request credentials mode does not match. Consider taking a look at crossorigin attribute.
other warning URL: https://cmp-consent-tool.privacymanager.io/latest/index.html#/notice?theme=defaultTheme&useSystemFonts=false&cmpType=tcf
Message:
A preload for 'https://cmp-consent-tool.privacymanager.io/latest/polyfills.js' is found, but is not used because the request credentials mode does not match. Consider taking a look at crossorigin attribute.
other warning URL: https://cmp-consent-tool.privacymanager.io/latest/index.html#/notice?theme=defaultTheme&useSystemFonts=false&cmpType=tcf
Message:
A preload for 'https://cmp-consent-tool.privacymanager.io/latest/vendor.js' is found, but is not used because the request credentials mode does not match. Consider taking a look at crossorigin attribute.
other warning URL: https://cmp-consent-tool.privacymanager.io/latest/index.html#/notice?theme=defaultTheme&useSystemFonts=false&cmpType=tcf
Message:
A preload for 'https://cmp-consent-tool.privacymanager.io/latest/main.js' is found, but is not used because the request credentials mode does not match. Consider taking a look at crossorigin attribute.
other error URL: https://www.ibtimes.com/beware-new-android-banking-malware-can-take-over-your-device-spread-through-fake-apps-3469028
Message:
Chrome currently does not support the Push API in incognito mode (https://crbug.com/401439). There is deliberately no way to feature-detect this, since incognito mode needs to be undetectable by websites.
network error URL: https://api.rlcdn.com/api/identity/envelope?pid=56
Message:
Failed to load resource: the server responded with a status of 451 ()
javascript warning URL: https://cmp-consent-tool.privacymanager.io/latest/#/notice?theme=defaultTheme&useSystemFonts=false&cmpType=tcf
Message:
The resource https://cmp-consent-tool.privacymanager.io/latest/runtime.js was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript warning URL: https://cmp-consent-tool.privacymanager.io/latest/#/notice?theme=defaultTheme&useSystemFonts=false&cmpType=tcf
Message:
The resource https://cmp-consent-tool.privacymanager.io/latest/main.js was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript warning URL: https://cmp-consent-tool.privacymanager.io/latest/#/notice?theme=defaultTheme&useSystemFonts=false&cmpType=tcf
Message:
The resource https://cmp-consent-tool.privacymanager.io/latest/vendor.js was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript warning URL: https://cmp-consent-tool.privacymanager.io/latest/#/notice?theme=defaultTheme&useSystemFonts=false&cmpType=tcf
Message:
The resource https://cmp-consent-tool.privacymanager.io/latest/polyfills.js was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
network error URL: https://id.rlcdn.com/709414.gif?us_privacy=1---
Message:
Failed to load resource: the server responded with a status of 451 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=1000; includeSubDomains
X-Content-Type-Options nosniff nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a5b4v2r5.stackpathcdn.com
aax-eu.amazon-adsystem.com
acdn.adnxs.com
ad.360yield.com
adops.ibt.com
ads.adaptv.advertising.com
ads.pubmatic.com
ajax.googleapis.com
an.yandex.ru
api.pushnami.com
api.rlcdn.com
aux.fqtag.com
b1sync.zemanta.com
biddr.brealtime.com
c.amazon-adsystem.com
c.bing.com
c.mgid.com
c1.adform.net
capi-tier-1-us-east-2.connatix.com
capi.connatix.com
ccpa-wrapper.privacymanager.io
ccpa.privacymanager.io
cd.connatix.com
cdn.feeds.ibt.com
cdn.fqtag.com
cdn.mgid.com
cdn.vuukle.com
cds.connatix.com
check.analytics.rlcdn.com
cm.g.doubleclick.net
cm.idealmedia.io
cm.mgid.com
cmp-consent-tool.privacymanager.io
connect.facebook.net
creativecdn.com
d1.spcdn.ibt.com
d5p.de17a.com
dau-prod.launch.liveramp.com
dc.newsweek.com
dis.criteo.com
eb2.3lift.com
eus.rubiconproject.com
fastlane.rubiconproject.com
feeds.ibt.com
fonts.googleapis.com
fonts.gstatic.com
fqtag.com
fundingchoicesmessages.google.com
gdpr-wrapper.privacymanager.io
gdpr.privacymanager.io
geo.privacymanager.io
hb.emxdgt.com
hbopenbid.pubmatic.com
htlb.casalemedia.com
ib.adnxs.com
id.rlcdn.com
image2.pubmatic.com
image4.pubmatic.com
image6.pubmatic.com
imasdk.googleapis.com
img.connatix.com
ins.connatix.com
js-na1.hs-scripts.com
js-sec.indexww.com
js.hs-analytics.net
js.hs-banner.com
js.hs-scripts.com
jsc.mgid.com
loada.exelator.com
match.adsrvr.org
multimedia.ibt-mail.com
mwzeom.zeotap.com
pagead2.googlesyndication.com
ping.chartbeat.net
pixel.advertising.com
pixel.onaudience.com
pixel.quantserve.com
pixel.rubiconproject.com
platform.twitter.com
playlist.ibtimes.com
pr-bh.ybp.yahoo.com
prebid-server.rubiconproject.com
prebid.a-mo.net
ps.eyeota.net
psp.pushnami.com
px.ads.linkedin.com
query.fqtag.com
reachms.bfmio.com
rtb-usw.mfadsrvr.com
rules.quantcount.com
s-img.mgid.com
s.amazon-adsystem.com
s.pubmine.com
s0.2mdn.net
s1.ibtimes.com
sb.scorecardresearch.com
secure.quantserve.com
securepubads.g.doubleclick.net
servicer.mgid.com
simage2.pubmatic.com
simage4.pubmatic.com
sonata-notifications.taptapnetworks.com
ssbsync.smartadserver.com
static.chartbeat.com
stats.g.doubleclick.net
sync-tm.everesttech.net
sync.bfmio.com
sync.crwdcntrl.net
sync.e-volution.ai
sync.mathtag.com
syndication.twitter.com
t.adx.opera.com
tlx.3lift.com
token.rubiconproject.com
track.hubspot.com
trc.pushnami.com
u.openx.net
um.simpli.fi
ups.analytics.yahoo.com
us-as.gr-cdn.com
vendors.privacymanager.io
vid.connatix.com
video.newsweek.com
vuukle.com
web.hb.ad.cpe.dotomi.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.googletagservices.com
www.ibt-mail.com
www.ibtimes.com
x.bidswitch.net
capi-tier-1-us-east-2.connatix.com
gdpr-wrapper.privacymanager.io
hbopenbid.pubmatic.com
www.ibtimes.com
104.16.221.74
104.160.77.202
104.17.120.107
104.19.132.78
104.19.136.78
104.244.42.200
108.138.7.24
109.206.161.21
13.248.245.213
13.32.121.72
13.32.99.101
13.32.99.22
13.32.99.59
141.94.170.64
142.250.184.194
142.250.186.162
145.40.89.200
151.101.1.108
151.101.130.49
151.101.2.137
151.139.128.11
159.122.14.34
178.250.2.151
18.156.0.31
18.184.69.62
18.66.109.174
185.184.8.90
185.33.221.50
185.64.190.80
185.86.137.108
198.47.127.19
198.47.127.20
199.232.136.157
205.185.216.42
209.54.177.54
213.155.156.180
216.200.232.249
23.205.235.133
23.32.59.34
23.35.236.201
23.35.236.247
2600:1901:0:298e::
2600:9000:223c:1600:18:1fcd:34f:cdc1
2600:9000:223c:8e00:6:44e3:f8c0:93a1
2600:9000:223e:c600:17:1429:b980:93a1
2600:9000:223f:7400:3:f9b0:4040:93a1
2600:9000:2250:ae00:16:f82a:8600:93a1
2600:9000:2251:1200:1b:d3ea:d40:93a1
2600:9000:236e:3000:9:dc53:cc00:93a1
2600:9000:2491:1000:11:2a6a:9480:93a1
2602:803:c003:200::21
2606:4700:10::ac43:1695
2606:4700:10::ac43:db6
2606:4700::6811:46b0
2606:4700::6811:d5cc
2606:4700::6812:15bf
2606:4700::6813:9a53
2620:116:800d:21:51e4:db4b:4436:b305
2620:1ec:21::14
2620:1ec:c11::200
2a00:1450:4001:802::2003
2a00:1450:4001:808::200a
2a00:1450:4001:809::200e
2a00:1450:4001:80e::2006
2a00:1450:4001:80f::2003
2a00:1450:4001:812::2002
2a00:1450:4001:812::200a
2a00:1450:4001:813::200a
2a00:1450:4001:828::2002
2a00:1450:4001:829::2004
2a00:1450:4001:82a::2008
2a00:1450:4001:82a::200e
2a00:1450:400c:c00::9b
2a02:6b8::90
2a02:fa8:8806:20::2100
2a03:2880:f02d:100:face:b00c:0:3
2a05:d018:d29:3605:f0a6:34d:3817:a391
3.122.58.191
3.127.178.105
3.130.124.226
3.214.80.58
3.216.159.172
3.33.220.150
3.66.2.206
3.67.111.41
34.120.133.55
34.196.188.175
34.204.162.123
34.224.160.147
34.233.53.19
34.254.143.3
35.153.152.203
35.157.83.195
35.186.195.222
35.190.36.172
35.190.72.161
35.212.212.222
35.244.159.8
35.244.174.68
37.157.3.29
52.222.214.80
52.50.215.59
52.58.101.33
52.59.17.14
52.95.125.22
54.84.95.29
63.33.104.96
63.33.106.135
64.74.236.159
69.16.175.42
69.173.144.165
82.145.213.8
00e9f1a26819b43143335a11089cf49bf2c424c60bef794531acb39962564750
019f05708e749d4e94812ea968da61d6a52d6241bc6c78d316a10c0b03a03ed7
01fd695e0d1d62b6f6965f4f45a0eb8a69d1a503987e646fb7021d8c8e981f57
02c045b5a38b1e9a01bf15ab6d48d526dc60a726bf041fe32d153b4ffd71e761
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
076abde997977392f0f6e4ea468d6f4648659fd000b7fafa9cc3dcca6c334f0e
07bcb0cc8d8e4837f96c19f8b5ea32585a406111f153fbfd3c5e79fa457960b5
084b4c07759cbb44f702d52816a773e8c562a6a287bc177a011519a852af4bb0
096a4bb9d7f8588a8520d57f103bdf0dae273af88fc0265371124c048bff7b05
097b011d68299f6d50339c44cc0a17d1fcc134d6d2a40235601fe1778e6d202d
0b5735b14f45d2be0b5aa6c83855e88d323751ee3855d87aea82c81c501c0731
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0bf095b71113f5dce2d2fc47d5d8ae5ead9299bfd4ef43245fcd07b5de85a2a9
0c9ac233a87095c82fb409d77e1e8214461f3cffad4ddf119072b3f37caff6b1
0cdc7a6a8980c7dfa197efddb5be3d5c5d5d7ea90f4cbc5136ad9c2a618b1307
0ea46bdd04b6458f475489328c07d8a924ee714762e9542edc685106d1257343
0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9
0f32bd9fcaec4e8368737ae90d1c161c3cf144d1f4ff1249fa68b3d9669ebcb1
107c3c8d58a4b471627bcbdb06e10ec2cbd670a02c29458fea8383c1f9d7ddb9
10d30e26ef1c7a25e4714259f231c7db8993fe4583537a2be5a3b1749443b726
123ff4ecb2beb9d9b5d1ebded092bbba81532fd7cad794a5574d106fbb2151e1
1357132a872bc3c79a758f8ee6bd845da8dd085917d3948fd9ea7eb5cbc8228d
14378a8aabe974f976f24811edeace63bcef66de85648388eb84604afcc94ca2
14bf8292ae1e1ac698da2f2155f00ab24d5eda73e0c3e1e25e368a905759283b
15377398f026b4beb337db55bf9021fb3090d44db1786fec179955ef3b14c2d7
16681d2db4a981cc18f92c35241cf94cf76fa588f3e6c64126fbdc927c776fdb
1739f970cb33878df9ccb80f19f3bc861a3498a8e48694563f07f01a67bc63f2
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002
1ab4d11e4be1262265f4b25e1de3c40be59cd957a43bf290860b27cc8896eecc
1df3b6e55ee9219d7e8edd63f06bd31ff7b22216da133e7a24d4feb9c8c349b2
1e8eb3143ae508bca0b46d3cc70e57d78c9c19b8b535a40498bad308428c65fb
1eae565e7f4ae4b87e5ffb96bf72fb3a58e4aeb73e73a00a5368c8cfe308aa2c
1fb2b2c8c5a064fd488dd784b811ab63b41c2667ba8671937339dfeaaf7fce47
20a652841cdbc369bb0ba40e1c6f6705826b2989df58b6c35385b942631e1792
20cd836805a1c2f92e21cf84debb5bacdb357fc8297f630322de3f0cfe7d20cf
2485bfaae063e63f6f5344d1919745d64b7bb409f5fb5dde10e6e2b9dc95b3d5
2704a9ed1c5c19792cd904b747a6fd9d6aa0da0d2ae57531adad20666468e80f
2843128d287da3614565182de89a84deb0e43fd049be6a4ed4d3a682bdd186c4
2966f3a32b707aca8e2f41738ea6394f6378a2721785fb718e4912317d7d53a8
29b7f78db08d77ff1943d06b6a5f1ebf24843b1fb8cd40da79d576101f5f0b5e
2cf773555b435d7bab830a66563feb69e680b5fc2d2a0fc4b147275b694ba142
2e351a4112ed4e41b027d99fad22b8b897f52667a2d59569fb594d43305b0fc0
2e91e2bd6a52d19af42ffde53abe566521ba206270cef9fd6adb26da84f6cf4c
2fa5e807560d4a8a216d98dcda836199b9fb6d565712daf652c458863ad65721
2fc6cce5268baeaf4891ef55f9ebd047990b725fe6a1099f0e808a828e2eb1b6
2feb0d57534b67637bc58ef69272d4c3d57f94191443b85345176463c81043a1
31cfdb3b5650179106b4e2e5114fc69a73da92170cb88da211c0afbf5d29031f
36f2c6b8e584a14a957869048f1e3c1814f7e63ef78b6b4dbadfc5fd4a75dcca
38adabd09019884f9d25b4251048d2e510374f6cd996dd5a19f118b4414f8c52
39d630dfd93b5463b82c0e08411aec3cd41b0ffb1a8fc07e8b46ca6f96021945
3b3ed4b191fdd529075b8e099f5daefd684e80acd4c9514a70b6ad746e949544
3bad50438d4a6ef70f91a61bb343967bb3f12863e971f6d522dc054ecca233b2
3c1f0566bced65f5a341e8771aea4f0fbca483883b551c921a6f313c40f2371a
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
3ef5bfd224e0baa902eb88c94979cfaeccf2169a996c601fa3de4c3f3b33da01
3f4ab73fcb25dfeb952f72dfba4b5bb1e58256b96b745936b9fe4d50e032287e
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390
3fe4cc563195e9e74c0e8ca99af0bd54640b3cef999fe1f0ce9a7724bbd76a6c
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
4656f09df0d74b1c7bd89ccd8f70d3b3795b03fe98e5916368ffe62f036ad567
46a59812d335a0fa3971f7218d179aa6a8c692c31e1a37a676f7e5d8b89f0f99
470185b160d2eefe617771e3a008f8e9d637c268b36a73c2575807a431b75476
473deceb7eb2bffe40df5b6542546b9f193414f08416dcbfad263a793b569f46
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4eba10304f45a9ca7d6b3b882e564a5dd00d3900dc515fbe6137765ed0fb45a3
4fbe550b77ee74326c037ac840193315da6af2ccd701865af574ee9194271486
50166cea7ed05f882dff7f3496d076e8bc9defb23b487d64d6d4a7c21c325d1a
53f98bb0b288d162a288ce2caf8406c00c1fd474f0c73a58b5893098271621a9
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
578ea33c3a1daec87277cd626647c55f3e0abd72c0673cde0fe40d4fb8fd5579
5a11f8b9530d1f1819b3815018fc1cf7f7d676ac082123cabd4c200bc5d70c76
5cce7c7f0dc31900c8320d0028cc0730d57d1b76a4a50fc831c8103eb0f3b558
5de3fca87819121a6e01c096f05541696a0b71ed66e6755c1af798b80181e570
5fd811628575c59ea4501cbacd7fee7ffcb6eac53994664438bf006142eb0e0e
60942e4a79890462530dfdb44eceb9bbe5f1a3ac298035118359a27a93272284
6177c2c2d6508abe2150d423604c8bb1f02b1f9c5d352cf72aa307559349c7c1
62c3a4f78334221a29592245d0d3cda9fb3a850afc658bc7010682c0b723cb72
63bd3822c82eaa5f4977ced76317ee353ca73d99f83c2167262ca841b6a95873
66fac9123cbd9a55edc7720629d1442277db52c4a3e3d2f42854905e52022c8c
675c6f677b3cb70247991150c36e460ccbaf94546161828f759d11a0709c2d2a
678925226ce923d5062fbd209e2c72f1f8c20285164ceebe69f957b965d99e90
681306be297e72ea2d197fa951c8f9d4a9f4529fd88b14a96b26cef3125ada9e
6914a7893a64c33816f496cffa3d40d7b3d89784e70271f402707de20f942c04
69b116c12bbdb23eab4b5600fb5e071a12c5d47494c7a600ffacc4ffa4cd44aa
6f2babf2cc23ba3832aa3c62c2d5f37e5ad0442c67d70405833112839dbb981a
6facdabef48b535013f3d249c98cff445e7e23c2936e6bccbf18219c916f8cd2
7000a28fe2a5e49e7a2966feaa44c0858d9627ac2cb4f9c7b2fe966cda1e4149
700177688a55939a67df2d0e821e5cb148ff8da549b1f9ca53ffac3ef93941c8
70d5c4de881e718d0b7638959680ba86722d44eecbe4058d20dd77b8d0d97155
719550f20344313c9f32f4fc6d9c4dee7ddf147eb9f8c9b75a32f9a024dba1da
730fa1f3e8b3c4a223c4e69f4a27e690a4552f96ab97dba05b943dff44967658
745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8
76d338ca99491f36c314e9fe400eaa2cbfa90e31865d65dfefdf45534a5d86e4
7725538fe2f71147bffeba7452b434c826aef9009666cb4360c605d0b2a91d1d
784a8fabaaf06f69a98c9a16a46f62ac8aa1e68eef09cbd6d2fb442d7ebb9a6a
791995af533e2ac5bd3bfeb9344684013d5cd30b77bb86f35c64517a210346ea
7992a4430843ef8b4bbae534358be3193aa1ae9c78f273e8e8a70b6af1244ac5
7b870538630062086ea9ac7bbb22077e204847ad6013e8d12d1544778ab29885
7c11c036147d9cffca097d35be11c2411d4a043431a7dcea186ca1253266fb8d
7c38e8bd46038371165e08f610481dc073a386b25dd1f21fea6e77ff7b6a0c2a
7c3b96f238042f73d0bedf5877fa02eb834e89649bbd122e2f10cc35238173cf
7d844e4ddc4bd12d3d34ca74a580e2da84643e08a0e73c7740dbfdedfa5a1e0a
7f9eb5fa35909b7d48955c315ecf4d83c50c5f4ef629925329b105c4d80db1f8
810dc8f22bec624a718f95172b324c8704f63668451997e74eb2a86a8e4e9d13
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
867493575e175ffdce3a0172a462b531d435110624943a7da44fdd747711eeaf
868a78df4f3d0a21f89c48ccc709df44d3875f5fb33e22bf51ca8b5c28be4202
87106a6db13151afb9eedfc55dd216bf1d05f45164673030778e55867d382f7f
874cc1315f35963fb2488576f0c83489e22edfe22f6ce355e7e87e65063bbf7c
87dc6e1d6c6aea1ea22cbb5d4deab9eeac40d2c9d2f27fd551b72b968dda187b
8a9ba7bbc88ec23d81a2d63845638a3b6603de473261872f301803cef84ef335
8d6580af877387b05d9ffac3ebeacfe25a7728c77adef6d9b32fd72ccbe21468
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8dfc0ae8ecca5b8d31b22274afd2d694f14a18cdaaaeae1808c51fd6f4abe91d
8f7fb89d1e3057f044d785adec915f2bb1f6dfed2a9ae2431f4cc4e059676438
918a84b6c1200fe1c8f438c72eb92b0ed499c274896e2241d3bcb14bfdc1fb3c
92db40d16cb8ca6e243d000bc0a2f249aeb503b3109c6ea0d5892f531204c078
92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54
9322512e96eb29c7d82a4d55d58cb5d6886aa235c4ba1c0ebfe815240cb3ba6d
941117ed94deb9222493706c86a1cfc7a4951cbb781c0d5f5be40580c3c4a4bc
970a3fa15876d16dcc0fd70eb7c9ab44d733108b3ddca1a449edd0356c1b79a7
981203fbc5e29def332af5fb04b94ad8e5f7aa6f4a42fc71041e5fab5e7e358f
9902411324cce1b336828d828b76672453bfc512d2b32a4d912c4ba09e53d8cd
99c01c002792415ba2c95b17273d071fa587187b9dcc911d90250dbceeaa05b3
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
9c963a33a9c2cb053945df36c0368e88ae3f52d0c6770399428504f4f8a48e40
9d07c544e1b669eebe21e2f13a72ba82541729fbb4aa73ad7869f801337fbb6c
9d0c64b5cb663056b6295f677fb794d23ae3999112515beecb7c6703723f493a
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a5a893aa6033fdbfff1ee05417db7f6856987e871b519f8b833fd163d03c23f6
a6175d081940061cb96a2e8c9c90887b6f603361fe584bb053761581a36cb908
a61d67250a5c36640e22099937af31613e68d6134439d5d4329efea0372aea79
a747c61c2762926db3f5fb6b9018e2da640cad4f7bbb89aab50ec1632c9aeb78
aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22
aa5b6cc2a93399bd2d249c3bcd11c98e5b8295daf6bedeb62064dd5d0af75a72
aced550859f4c5b7c0ecb52de56f234156136d4563ea0a53e3eaacecb49801c1
b084db932250bef32d7a16a7add7642cf727f023137cc4ca669cdf3643b3deb4
b22651855d24a663f57b81ad347cf67385aab5a8ee23c98e5b33fabfe12a0464
b3d1267f470c1399da3788f58fc567a3d51893463ef29a9f1ea406f15bcb8226
b3e2992d1f2544fb9ab995d215bc479084d910759b62ea5f4c8b787884c8c688
b497bc9501b97fa4033afcdce1685e9a249ac7dd85a65d555996219f3f23ea35
b64b337de4b21c74d0b3992dd9322d4df35591ec49b044dde8dff9cbe8452e9d
b896263dd16c4f5f4009a72b04489499dcd90ce9658086dcb3eb4b01409f088b
b9375bafa005d10382a0b9bd1a333423ce9e6383e34c7f492611323510306cb8
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bc2e767c9d854b6bf59882d330d8454447932686f80a884ee31d5306bac3d8b0
bf8c52fac4387f2c2892a116d6cd08de6c64061e88200df7ca256b1918db8a23
c0c6ebceae3d1722e6da4ce408acb406787f11df1e1fb8696f33c5481e9b4b6f
c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
c3184a200c88a30957164c2f12e9a5c36d699ff017dd3a96ee595a7c9fa2ce36
c6d03b7a5561687268e57b13d9d4a6a4c71ee570ea74718040ce9227676e3e5e
c8a3a9835637bc02abf5a602931cb7f0f56023bb524ddd8367f61d7922789058
c9d7d0e061ae3023822a600968cde900d60152657ea74b019df26af149087325
cabdf7a3caf9045ff0a09627a16f22a04a82c5b6ed632f51571867762b0f8445
cbd4d5023330712fc2b290e91eb7d59b545f5f1f44a058b5b58eaf07fc4d5ac2
cc24fa24141812141e3862a2322934369461fef452d303cb79b922b1a2b670c5
cce577471c2586f3e0c2518fff84a970d33f61491fb8c629341b86f238cf07c0
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d081fa6efbc795a2e616a72a97c8573b05485da894a1164ebbc3b8dce3d0c811
d0bffc7261df1454c5e05475cda7d9e6647318dc6c3936767e1252bfe8849c54
d0dd5b008e83d57829b76f5baa598a6f07c80978ca0b77c48fc1a9fa9c24a30e
d16ba0d13fdc745f5f7ee4e22908cb3e39cdaffb0ae4e345f4ab8e9a9f79f7b6
d297ed5bc864561563c23526a7e616c5aa859c02eb00845dfae4439f83f09354
d402b35e6e0d996cc57dfb1f40a87b672f1eb4dfe0744da6d9c40b0d26592815
d4f3517ea3c20d09738dd2edf360156ab67b04c0f92404edc3840f5011d19878
d6399f40da7440ed94b7c7c752c0bae42d4e9ed158241429f33d68bbc7c1cdac
d778e7946d2bbda5e7d0491e71c705c6f5cd3b78928d52da622bf78e52f501ea
da45962a1fb4a049c9367ebe9b1b628f071d7a4c9997ee807c01d23f4866e19c
daafa49c00ad71ec3477d7da2e14be1b14807f8d3178349239219e612e9dcecf
dbfe380430767f6c1e9ff5852614ed99402f2fdbe02b3e83f29e4620edd3791f
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
dc14eb23bfb6635cc0f3b447ad1e138b275606b9ba1d52b1845f784e6da024a2
dc424321de67dfef7aef1c8b7a97f8e8f82b5f97913e63174fa5d0d33deaf6b4
df14c80e02d3503b16a34ca1b805c81375a3fd491de3c5fb2683f08f63441f45
df4c43b9c88f5faab598e24d7573dc3b735e6084f8e605470e349b3f50f8bad3
e2511b147f3cf95f742758d3e2062eac98f5265a859dc07959eb8a32f0a2f528
e2c28f3e8b6a2e5170859e67cff3e8240e6b888d02005306ef3d2129f5cbd74c
e33ae6eea61c15f311f9ae646cb9e4b6307db2224052a0b39d5dc41ecc15cd8b
e3711e6c00ac4b4dabd15b357da4c5612c3069122579bf94eecbc50d8774257f
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3daaf850d14257687481c74f61386ff5e2bb7cc33bb46d92abfb1c69ade4057
e427df3488f9dcd7746135443309a83d1c21cce883931f4cd10a0c46a8409a4c
e63dbae11648adafe4c4e0e66c5fd33bbada00c55308643b55e585118e024163
e660409d9d38f3b0eb3f3a7a6fee086ffcc6963ef7ce1cc34c0e0914a5711e9b
e70a34c5f232fa80328a361630a994cf847c54deb926f13d40be4807291b657b
e9d1f6190914eae46fb2b3bc704dfe6a078c00105f7a13c757d8a53ef3e34040
eb589db5e1e50139d9e502bcce55ff3e3ece5da0cdd1ad223e6e317385eee141
ebd64d93ca0b09134a84000f78e4bd0d0b4fe3d1e30a3c2063a0be8eb2bddf08
ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152
ecf1849e7d5964d9a43da98f03ced2fe94f6fe7ffea9b3de8f5ac65c31956f48
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
efa977023c6486f558af30e428480972817e39f602b5ac0307f1e64f5fad5e91
f09593a5c4b13894ea7f0a65c055c35d2acd4a3168573d6566627cfc48bf1c0a
f136cd1a769c6d3253135282bd06d378a2a65edf1296e7cd163d2ab40f630669
f6269f2b649529a84e5cb5845acebfa005268d16b13c259c609e6efb8fc6f438
f94a1d9791bb36519ed10151a31b8011f194689aa9f275a485d491e755d743ad
fa577574b0cd25df383cb7a48bcc59a3638d1e89d4673c46ccfcc00fb942ebd2
fa9d0382df6ffc1160364daa89169e6635cb1198d0ea46c5edbc483dba4f3024
fed1530ad405c5acbfac41806aa4a45569e0cbdc98cfb3d70475c5eaaf202675