threatpost.com Open in urlscan Pro
35.173.160.135 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Submission: On May 19 via manual (May 19th 2022, 3:32:25 pm UTC) from GT — Scanned from DE

Summary HTTP 379 Redirects Links 8 Behaviour Indicators

Summary

This website contacted 95 IPs in 8 countries across 79 domains to perform 379 HTTP transactions. The main IP is 35.173.160.135, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is threatpost.com. The Cisco Umbrella rank of the primary domain is 180690.
TLS certificate: Issued by DigiCert TLS RSA SHA256 2020 CA1 on June 2nd 2021. Valid for: a year.

This is the only time threatpost.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
34	35.173.160.135 35.173.160.135	14618 (AMAZON-AES) (AMAZON-AES)
9	65.9.63.123 65.9.63.123	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:813::2002	15169 (GOOGLE) (GOOGLE)
7	2606:4700:303... 2606:4700:3030::ac43:cf70	13335 (CLOUDFLAR...) (CLOUDFLARENET)
13	2600:9000:205... 2600:9000:2057:6400:2:9275:3d40:93a1	16509 (AMAZON-02) (AMAZON-02)
14	2600:9000:214... 2600:9000:214f:c400:0:5c46:4f40:93a1	16509 (AMAZON-02) (AMAZON-02)
2 8	2a00:1450:400... 2a00:1450:4001:813::2004	15169 (GOOGLE) (GOOGLE)
1	185.85.15.23 185.85.15.23	200107 (KL-EXT) (KL-EXT)
5	65.9.66.173 65.9.66.173	16509 (AMAZON-02) (AMAZON-02)
1 9	151.101.2.137 151.101.2.137	54113 (FASTLY) (FASTLY)
5	2a00:1450:400... 2a00:1450:4001:829::2008	15169 (GOOGLE) (GOOGLE)
1	23.206.210.112 23.206.210.112	16625 (AKAMAI-AS) (AKAMAI-AS)
1	46.105.202.126 46.105.202.126	16276 (OVH) (OVH)
7	151.101.194.137 151.101.194.137	54113 (FASTLY) (FASTLY)
6	172.217.16.130 172.217.16.130	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:828::2003	15169 (GOOGLE) (GOOGLE)
2	52.31.67.18 52.31.67.18	16509 (AMAZON-02) (AMAZON-02)
8	3.18.237.195 3.18.237.195	16509 (AMAZON-02) (AMAZON-02)
4	2a00:1450:400... 2a00:1450:4001:809::200a	15169 (GOOGLE) (GOOGLE)
6	2a00:1450:400... 2a00:1450:4001:802::200e	15169 (GOOGLE) (GOOGLE)
3 5	2620:116:800d... 2620:116:800d:21:8c6e:cf2c:8d6:9fb5	16509 (AMAZON-02) (AMAZON-02)
1	199.232.136.157 199.232.136.157	54113 (FASTLY) (FASTLY)
1	52.210.138.219 52.210.138.219	16509 (AMAZON-02) (AMAZON-02)
2	13.36.218.177 13.36.218.177	16509 (AMAZON-02) (AMAZON-02)
1 1	52.51.122.227 52.51.122.227	16509 (AMAZON-02) (AMAZON-02)
2	2606:4700:20:... 2606:4700:20::ac43:4bf1	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2602:803:c003... 2602:803:c003:200::61	26667 (RUBICONPR...) (RUBICONPROJECT)
5	213.19.147.42 213.19.147.42	3356 (LEVEL3) (LEVEL3)
11	52.18.151.34 52.18.151.34	16509 (AMAZON-02) (AMAZON-02)
4	216.52.2.19 216.52.2.19	30282 (AS-INAPCD...) (AS-INAPCDN-OCY)
3	35.157.236.110 35.157.236.110	16509 (AMAZON-02) (AMAZON-02)
1	35.157.93.81 35.157.93.81	16509 (AMAZON-02) (AMAZON-02)
3	185.64.189.112 185.64.189.112	62713 (AS-PUBMATIC) (AS-PUBMATIC)
4	159.89.246.130 159.89.246.130	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
3	23.32.59.34 23.32.59.34	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2606:4700::68... 2606:4700::6812:372	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	35.157.246.167 35.157.246.167	16509 (AMAZON-02) (AMAZON-02)
1 15	34.98.64.218 34.98.64.218	15169 (GOOGLE) (GOOGLE)
1 3	145.40.89.200 145.40.89.200	54825 (PACKET) (PACKET)
6 17	185.33.220.100 185.33.220.100	29990 (ASN-APPNEX) (ASN-APPNEX)
1	104.244.42.67 104.244.42.67	13414 (TWITTER) (TWITTER)
1	104.244.42.133 104.244.42.133	13414 (TWITTER) (TWITTER)
1	2600:9000:206... 2600:9000:206f:da00:6:44e3:f8c0:93a1	16509 (AMAZON-02) (AMAZON-02)
1	141.95.98.66 141.95.98.66	16276 (OVH) (OVH)
1	64.140.160.2 64.140.160.2	18450 (WEBNX) (WEBNX)
2	2a00:1450:400... 2a00:1450:4001:829::2006	15169 (GOOGLE) (GOOGLE)
14	2a00:1450:400... 2a00:1450:4001:811::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:400c:c06::9d	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:831::2003	15169 (GOOGLE) (GOOGLE)
1	2a02:26f0:350... 2a02:26f0:3500:16::215:14a0	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2a00:1450:400... 2a00:1450:4001:80f::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:803::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:802::2001	15169 (GOOGLE) (GOOGLE)
3 4	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	13.107.43.14 13.107.43.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1 2	172.217.18.102 172.217.18.102	15169 (GOOGLE) (GOOGLE)
16	2a00:1450:400... 2a00:1450:4001:80e::2001	15169 (GOOGLE) (GOOGLE)
10	2a00:1450:400... 2a00:1450:4001:82a::2001	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:80e::2002	15169 (GOOGLE) (GOOGLE)
5 14	142.251.36.98 142.251.36.98	15169 (GOOGLE) (GOOGLE)
3 9	69.192.160.245 69.192.160.245	16625 (AKAMAI-AS) (AKAMAI-AS)
2	142.250.186.98 142.250.186.98	15169 (GOOGLE) (GOOGLE)
1 2	2a02:2638::1c 2a02:2638::1c	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2	178.250.2.146 178.250.2.146	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
6	69.192.160.199 69.192.160.199	16625 (AKAMAI-AS) (AKAMAI-AS)
3	151.101.193.108 151.101.193.108	54113 (FASTLY) (FASTLY)
3 3	185.29.132.241 185.29.132.241	30419 (MEDIAMATH...) (MEDIAMATH-INC)
4 4	37.157.2.237 37.157.2.237	198622 (ADFORM) (ADFORM)
7	52.223.40.198 52.223.40.198	16509 (AMAZON-02) (AMAZON-02)
1	2620:1ec:46::44 2620:1ec:46::44	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	99.86.7.95 99.86.7.95	16509 (AMAZON-02) (AMAZON-02)
3 5	76.223.111.18 76.223.111.18	16509 (AMAZON-02) (AMAZON-02)
4	23.205.235.133 23.205.235.133	16625 (AKAMAI-AS) (AKAMAI-AS)
2 3	18.195.155.181 18.195.155.181	16509 (AMAZON-02) (AMAZON-02)
2	178.162.133.149 178.162.133.149	60781 (LEASEWEB-...) (LEASEWEB-NL-AMS-01 Netherlands)
2 2	18.159.49.182 18.159.49.182	16509 (AMAZON-02) (AMAZON-02)
4 5	3.126.56.137 3.126.56.137	16509 (AMAZON-02) (AMAZON-02)
3	2a05:d018:d29... 2a05:d018:d29:3601:cc00:50b5:a5a9:66b7	16509 (AMAZON-02) (AMAZON-02)
3 4	18.185.246.45 18.185.246.45	16509 (AMAZON-02) (AMAZON-02)
4 7	209.54.177.54 209.54.177.54	() ()
3 4	64.202.112.127 64.202.112.127	() ()
1	34.241.55.221 34.241.55.221	16509 (AMAZON-02) (AMAZON-02)
1	67.202.105.23 67.202.105.23	() ()
1	51.89.9.252 51.89.9.252	16276 (OVH) (OVH)
2	185.86.137.122 185.86.137.122	201081 (SMARTADSE...) (SMARTADSERVER)
2 5	69.173.144.139 69.173.144.139	26667 (RUBICONPR...) (RUBICONPROJECT)
2 2	72.251.249.13 72.251.249.13	29791 (VOXEL-DOT...) (VOXEL-DOT-NET)
1 1	54.226.216.14 54.226.216.14	() ()
4 4	213.19.147.44 213.19.147.44	26120 (RHYTHMONE) (RHYTHMONE)
1 1	193.0.160.129 193.0.160.129	54312 (ROCKETFUEL) (ROCKETFUEL)
1	54.236.74.72 54.236.74.72	() ()
1	2606:4700:20:... 2606:4700:20::681a:ad1	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	66.155.71.149 66.155.71.149	13768 (COGECO-PEER1) (COGECO-PEER1)
1 10	34.247.205.196 34.247.205.196	() ()
2 2	3.121.250.45 3.121.250.45	() ()
6	34.248.76.8 34.248.76.8	() ()
3 3	70.42.32.191 70.42.32.191	() ()
1	192.132.33.46 192.132.33.46	() ()
1 1	54.81.207.173 54.81.207.173	() ()
1 1	54.159.94.231 54.159.94.231	() ()
1 1	193.122.128.135 193.122.128.135	() ()
1	38.91.45.7 38.91.45.7	() ()
1 1	104.111.215.191 104.111.215.191	() ()
2 2	34.249.126.234 34.249.126.234	() ()
1 1	198.148.27.140 198.148.27.140	() ()
1 1	151.101.2.49 151.101.2.49	54113 (FASTLY) (FASTLY)
1 1	124.146.215.49 124.146.215.49	() ()
2 2	185.184.8.90 185.184.8.90	204995 (RTB-HOUSE...) (RTB-HOUSE-AMS)
1 1	23.75.240.210 23.75.240.210	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2600:9000:205... 2600:9000:2057:1a00:1b:5138:8a40:93a1	() ()
1	185.86.137.132 185.86.137.132	() ()
3 3	69.173.144.165 69.173.144.165	() ()
2 3	52.95.115.255 52.95.115.255	() ()
1	35.244.174.68 35.244.174.68	() ()
1	2a00:1288:80:... 2a00:1288:80:807::1	() ()
379	95

34 35.173.160.135 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-35-173-160-135.compute-1.amazonaws.com

threatpost.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
kasperskycontenthub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 65.9.63.123 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-65-9-63-123.fra56.r.cloudfront.net

tagan.adlightning.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:813::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2606:4700:3030::ac43:cf70 (United States)

ASN13335 (CLOUDFLARENET, US)

qd.admetricspro.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 2600:9000:2057:6400:2:9275:3d40:93a1 (United States)

ASN16509 (AMAZON-02, US)

assets.threatpost.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 2600:9000:214f:c400:0:5c46:4f40:93a1 (United States)

ASN16509 (AMAZON-02, US)

media.threatpost.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:813::2004 (Frankfurt am Main, Germany) 2 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.85.15.23 (Germany)

ASN200107 (KL-EXT, CH)

media.kaspersky.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 65.9.66.173 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-65-9-66-173.fra56.r.cloudfront.net

c.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 151.101.2.137 (United States) 1 redirects

ASN54113 (FASTLY, US)

cd.connatix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cds.connatix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
capi.connatix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
img.connatix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:829::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.206.210.112 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-206-210-112.deploy.static.akamaitechnologies.com

secure.cdn.fastclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 46.105.202.126 (France)

ASN16276 (OVH, FR)

cdn.id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 151.101.194.137 (United States)

ASN54113 (FASTLY, US)

ins.connatix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
vid.connatix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 172.217.16.130 (United States)

ASN15169 (GOOGLE, US)
PTR: fra15s46-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:828::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.31.67.18 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-31-67-18.eu-west-1.compute.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 3.18.237.195 (Columbus, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-18-237-195.us-east-2.compute.amazonaws.com

capi-tier-1-us-east-2.connatix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:809::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

imasdk.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:802::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2620:116:800d:21:8c6e:cf2c:8d6:9fb5 (United States) 3 redirects

ASN16509 (AMAZON-02, US)

secure.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 199.232.136.157 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.210.138.219 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-210-138-219.eu-west-1.compute.amazonaws.com

kaspersky.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.36.218.177 (Paris, France)

ASN16509 (AMAZON-02, US)
PTR: ec2-13-36-218-177.eu-west-3.compute.amazonaws.com

kaspersky.d3.sc.omtrdc.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.51.122.227 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-51-122-227.eu-west-1.compute.amazonaws.com

cm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:20::ac43:4bf1 (United States)

ASN13335 (CLOUDFLARENET, US)

script.4dex.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2602:803:c003:200::61 (Amsterdam, Netherlands)

ASN26667 (RUBICONPROJECT, US)

fastlane.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 213.19.147.42 (Utrecht, Netherlands)

ASN3356 (LEVEL3, US)

tag.1rx.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 52.18.151.34 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-18-151-34.eu-west-1.compute.amazonaws.com

ads.servenobid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 216.52.2.19 (United States)

ASN30282 (AS-INAPCDN-OCY, US)

ap.lijit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.157.236.110 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-35-157-236-110.eu-central-1.compute.amazonaws.com

btlr.sharethrough.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.157.93.81 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-35-157-93-81.eu-central-1.compute.amazonaws.com

tlx.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.64.189.112 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

hbopenbid.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 159.89.246.130 (Clifton, United States)

ASN14061 (DIGITALOCEAN-ASN, US)

e.serverbid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
x.serverbid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 23.32.59.34 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-32-59-34.deploy.static.akamaitechnologies.com

htlb.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:372 (United States)

ASN13335 (CLOUDFLARENET, US)

mp.4dex.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 35.157.246.167 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-35-157-246-167.eu-central-1.compute.amazonaws.com

c2shb.ssp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c2shb.pubgw.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 34.98.64.218 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 218.64.98.34.bc.googleusercontent.com

teachingaids-d.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
eu-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 145.40.89.200 (Ashburn, United States) 1 redirects

ASN54825 (PACKET, US)

prebid.a-mo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 185.33.220.100 (Amsterdam, Netherlands) 6 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 399.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.67 (United States)

ASN13414 (TWITTER, US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.133 (United States)

ASN13414 (TWITTER, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:206f:da00:6:44e3:f8c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

rules.quantcount.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 141.95.98.66 (France)

ASN16276 (OVH, FR)
PTR: ns3216537.ip-141-95-98.eu

id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 64.140.160.2 (Ogden, United States)

ASN18450 (WEBNX, US)
PTR: threatintelligenceplatform.com

geo.ipify.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:829::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 2a00:1450:4001:811::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400c:c06::9d (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:831::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:3500:16::215:14a0 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:803::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:802::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

94694d7dfe1d753cb61d8d1ee7ab1d24.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2620:1ec:21::14 (United States) 3 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.107.43.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.217.18.102 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s42-in-f6.1e100.net

9582686.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 2a00:1450:4001:80e::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a00:1450:4001:82a::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

cdn.ampproject.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:80e::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 142.251.36.98 (United States) 5 redirects

ASN15169 (GOOGLE, US)
PTR: prg03s11-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 69.192.160.245 (Frankfurt am Main, Germany) 3 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a69-192-160-245.deploy.static.akamaitechnologies.com

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
js-sec.indexww.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ssum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.186.98 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s06-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:2638::1c (France) 1 redirects

ASN44788 (ASN-CRITEO-EUROPE, FR)

gum.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 178.250.2.146 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

mug.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 69.192.160.199 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a69-192-160-199.deploy.static.akamaitechnologies.com

ads.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 151.101.193.108 (United States)

ASN54113 (FASTLY, US)

acdn.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.29.132.241 (United Kingdom) 3 redirects

ASN30419 (MEDIAMATH-INC, US)

sync.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 37.157.2.237 (Denmark) 4 redirects

ASN198622 (ADFORM, DK)

c1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 52.223.40.198 (United States)

ASN16509 (AMAZON-02, US)
PTR: a6370ebea231e0c9a.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:46::44 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

public.servenobid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 99.86.7.95 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-86-7-95.fra6.r.cloudfront.net

sync.serverbid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 76.223.111.18 (United States) 3 redirects

ASN16509 (AMAZON-02, US)
PTR: a0f671730127a0812.awsglobalaccelerator.com

eb2.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 23.205.235.133 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-205-235-133.deploy.static.akamaitechnologies.com

eus.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 18.195.155.181 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-195-155-181.eu-central-1.compute.amazonaws.com

cs.emxdgt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 178.162.133.149 (Rijswijk, Netherlands)

ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)
PTR: ams-1-sync.go.sonobi.com

sync.go.sonobi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.159.49.182 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-159-49-182.eu-central-1.compute.amazonaws.com

pixel.advertising.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 3.126.56.137 (Frankfurt am Main, Germany) 4 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-126-56-137.eu-central-1.compute.amazonaws.com

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a05:d018:d29:3601:cc00:50b5:a5a9:66b7 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)

pr-bh.ybp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 18.185.246.45 (Frankfurt am Main, Germany) 3 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-185-246-45.eu-central-1.compute.amazonaws.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 209.54.177.54 (None, ) 4 redirects

ASN- ()

s.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 64.202.112.127 (None, ) 3 redirects

ASN- ()

b1sync.zemanta.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.241.55.221 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-241-55-221.eu-west-1.compute.amazonaws.com

g2.gumgum.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 67.202.105.23 (None, )

ASN- ()

pixel.33across.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 51.89.9.252 (London, United Kingdom)

ASN16276 (OVH, FR)
PTR: ip252.ip-51-89-9.eu

onetag-sys.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.86.137.122 (France)

ASN201081 (SMARTADSERVER, FR)

ssbsync.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 69.173.144.139 (Frankfurt am Main, Germany) 2 redirects

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 72.251.249.13 (Amsterdam, Netherlands) 2 redirects

ASN29791 (VOXEL-DOT-NET, US)

ce.lijit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.226.216.14 (None, ) 1 redirects

ASN- ()

x.yieldlift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 213.19.147.44 (Utrecht, Netherlands) 4 redirects

ASN26120 (RHYTHMONE, US)

sync.1rx.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 193.0.160.129 (United States) 1 redirects

ASN54312 (ROCKETFUEL, US)

p.rfihub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.236.74.72 (None, )

ASN- ()

rtb.adentifi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:20::681a:ad1 (United States)

ASN13335 (CLOUDFLARENET, US)

ad4m.at	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 66.155.71.149 (Portsmouth, United Kingdom)

ASN13768 (COGECO-PEER1, CA)

pixel-sync.sitescout.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 34.247.205.196 (None, ) 1 redirects

ASN- ()

usersync.gumgum.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.121.250.45 (None, ) 2 redirects

ASN- ()

a.sportradarserving.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 34.248.76.8 (None, )

ASN- ()

rtb.gumgum.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 70.42.32.191 (None, ) 3 redirects

ASN- ()

sync.outbrain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.132.33.46 (None, )

ASN- ()

bttrack.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.81.207.173 (None, ) 1 redirects

ASN- ()

sync.srv.stackadapt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.159.94.231 (None, ) 1 redirects

ASN- ()

sync.ipredictive.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 193.122.128.135 (None, ) 1 redirects

ASN- ()

sync.technoratimedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 38.91.45.7 (None, )

ASN- ()

match.deepintent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.111.215.191 (None, ) 1 redirects

ASN- ()

stags.bluekai.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.249.126.234 (None, ) 2 redirects

ASN- ()

ad.360yield.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 198.148.27.140 (None, ) 1 redirects

ASN- ()

bh.contextweb.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.2.49 (United States) 1 redirects

ASN54113 (FASTLY, US)

sync-tm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 124.146.215.49 (None, ) 1 redirects

ASN- ()

tg.socdm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.184.8.90 (Amsterdam, Netherlands) 2 redirects

ASN204995 (RTB-HOUSE-AMS, PL)
PTR: ip-185-184-8-90.rtbhouse.net

creativecdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.75.240.210 (Frankfurt am Main, Germany) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a23-75-240-210.deploy.static.akamaitechnologies.com

secure-assets.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2057:1a00:1b:5138:8a40:93a1 (None, )

ASN- ()

s.ad.smaato.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.86.137.132 (None, )

ASN- ()

rtb-csync.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 69.173.144.165 (None, ) 3 redirects

ASN- ()

token.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 52.95.115.255 (None, ) 2 redirects

ASN- ()

aax-eu.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.244.174.68 (None, )

ASN- ()

id.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1288:80:807::1 (None, )

ASN- ()

ads.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
59	threatpost.com threatpost.com — Cisco Umbrella Rank: 180690 assets.threatpost.com — Cisco Umbrella Rank: 679974 media.threatpost.com — Cisco Umbrella Rank: 497597	1 MB
32	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 95 94694d7dfe1d753cb61d8d1ee7ab1d24.safeframe.googlesyndication.com tpc.googlesyndication.com — Cisco Umbrella Rank: 130	300 KB
30	doubleclick.net 6 redirects securepubads.g.doubleclick.net — Cisco Umbrella Rank: 187 stats.g.doubleclick.net — Cisco Umbrella Rank: 92 9582686.fls.doubleclick.net — Cisco Umbrella Rank: 402608 googleads.g.doubleclick.net — Cisco Umbrella Rank: 44 cm.g.doubleclick.net — Cisco Umbrella Rank: 212 googleads4.g.doubleclick.net — Cisco Umbrella Rank: 284	207 KB
24	connatix.com 1 redirects cd.connatix.com — Cisco Umbrella Rank: 3462 cds.connatix.com — Cisco Umbrella Rank: 3527 capi.connatix.com — Cisco Umbrella Rank: 3859 ins.connatix.com — Cisco Umbrella Rank: 7431 capi-tier-1-us-east-2.connatix.com — Cisco Umbrella Rank: 4192 vid.connatix.com — Cisco Umbrella Rank: 4303 img.connatix.com — Cisco Umbrella Rank: 4210	2 MB
20	adnxs.com 6 redirects ib.adnxs.com — Cisco Umbrella Rank: 240 acdn.adnxs.com — Cisco Umbrella Rank: 596 secure.adnxs.com — Cisco Umbrella Rank: 424	64 KB
17	gumgum.com 1 redirects g2.gumgum.com — Cisco Umbrella Rank: 1459 usersync.gumgum.com rtb.gumgum.com	5 KB
17	rubiconproject.com 6 redirects fastlane.rubiconproject.com — Cisco Umbrella Rank: 471 eus.rubiconproject.com — Cisco Umbrella Rank: 556 pixel.rubiconproject.com — Cisco Umbrella Rank: 354 secure-assets.rubiconproject.com — Cisco Umbrella Rank: 1146 token.rubiconproject.com	28 KB
15	openx.net 1 redirects teachingaids-d.openx.net — Cisco Umbrella Rank: 24131 u.openx.net — Cisco Umbrella Rank: 756 eu-u.openx.net — Cisco Umbrella Rank: 1851 us-u.openx.net — Cisco Umbrella Rank: 399	3 KB
15	amazon-adsystem.com 6 redirects c.amazon-adsystem.com — Cisco Umbrella Rank: 288 s.amazon-adsystem.com aax-eu.amazon-adsystem.com	48 KB
14	yahoo.com 4 redirects c2shb.ssp.yahoo.com — Cisco Umbrella Rank: 870 c2shb.pubgw.yahoo.com — Cisco Umbrella Rank: 1063 ups.analytics.yahoo.com — Cisco Umbrella Rank: 297 pr-bh.ybp.yahoo.com — Cisco Umbrella Rank: 485 ads.yahoo.com	2 KB
12	servenobid.com ads.servenobid.com — Cisco Umbrella Rank: 1769 public.servenobid.com — Cisco Umbrella Rank: 3779	8 KB
10	ampproject.org cdn.ampproject.org — Cisco Umbrella Rank: 344	217 KB
10	google.com 2 redirects www.google.com — Cisco Umbrella Rank: 7 adservice.google.com — Cisco Umbrella Rank: 74	2 KB
9	casalemedia.com 3 redirects htlb.casalemedia.com — Cisco Umbrella Rank: 477 dsum-sec.casalemedia.com — Cisco Umbrella Rank: 557 ssum-sec.casalemedia.com — Cisco Umbrella Rank: 530	8 KB
9	pubmatic.com hbopenbid.pubmatic.com — Cisco Umbrella Rank: 446 ads.pubmatic.com — Cisco Umbrella Rank: 439	35 KB
9	1rx.io 4 redirects tag.1rx.io — Cisco Umbrella Rank: 1277 sync.1rx.io — Cisco Umbrella Rank: 520	2 KB
9	adlightning.com tagan.adlightning.com — Cisco Umbrella Rank: 1462	209 KB
7	adsrvr.org match.adsrvr.org — Cisco Umbrella Rank: 338	2 KB
7	admetricspro.com qd.admetricspro.com — Cisco Umbrella Rank: 24813	336 KB
6	3lift.com 3 redirects tlx.3lift.com — Cisco Umbrella Rank: 559 eb2.3lift.com — Cisco Umbrella Rank: 414	4 KB
6	lijit.com 2 redirects ap.lijit.com — Cisco Umbrella Rank: 615 ce.lijit.com — Cisco Umbrella Rank: 917	3 KB
6	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 37	40 KB
5	linkedin.com 3 redirects px.ads.linkedin.com — Cisco Umbrella Rank: 511 www.linkedin.com — Cisco Umbrella Rank: 616 px4.ads.linkedin.com — Cisco Umbrella Rank: 4745	4 KB
5	serverbid.com e.serverbid.com — Cisco Umbrella Rank: 3242 sync.serverbid.com — Cisco Umbrella Rank: 6484 x.serverbid.com — Cisco Umbrella Rank: 11599	2 KB
5	quantserve.com 3 redirects secure.quantserve.com — Cisco Umbrella Rank: 987 pixel.quantserve.com — Cisco Umbrella Rank: 427	11 KB
5	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 71	395 KB
4	zemanta.com 3 redirects b1sync.zemanta.com	2 KB
4	bidswitch.net 3 redirects x.bidswitch.net — Cisco Umbrella Rank: 287	2 KB
4	adform.net 4 redirects c1.adform.net — Cisco Umbrella Rank: 571	2 KB
4	criteo.com 1 redirects gum.criteo.com — Cisco Umbrella Rank: 393 mug.criteo.com — Cisco Umbrella Rank: 2669	1 KB
4	googleapis.com imasdk.googleapis.com — Cisco Umbrella Rank: 407	742 KB
3	outbrain.com 3 redirects sync.outbrain.com	1 KB
3	smartadserver.com ssbsync.smartadserver.com — Cisco Umbrella Rank: 1210 rtb-csync.smartadserver.com	1 KB
3	emxdgt.com 2 redirects cs.emxdgt.com — Cisco Umbrella Rank: 933	488 B
3	mathtag.com 3 redirects sync.mathtag.com — Cisco Umbrella Rank: 444	2 KB
3	indexww.com js-sec.indexww.com — Cisco Umbrella Rank: 658	5 KB
3	google.de www.google.de — Cisco Umbrella Rank: 5483 adservice.google.de — Cisco Umbrella Rank: 7678	1 KB
3	a-mo.net 1 redirects prebid.a-mo.net — Cisco Umbrella Rank: 1183	1 KB
3	sharethrough.com btlr.sharethrough.com — Cisco Umbrella Rank: 1057	337 B
3	4dex.io script.4dex.io — Cisco Umbrella Rank: 1842 mp.4dex.io — Cisco Umbrella Rank: 2444	24 KB
3	demdex.net dpm.demdex.net — Cisco Umbrella Rank: 214 kaspersky.demdex.net — Cisco Umbrella Rank: 324853	5 KB
2	creativecdn.com 2 redirects creativecdn.com — Cisco Umbrella Rank: 690	695 B
2	360yield.com 2 redirects ad.360yield.com	624 B
2	sportradarserving.com 2 redirects a.sportradarserving.com	1 KB
2	advertising.com 2 redirects pixel.advertising.com — Cisco Umbrella Rank: 435	624 B
2	sonobi.com sync.go.sonobi.com — Cisco Umbrella Rank: 1014	952 B
2	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 264	94 KB
2	everesttech.net 2 redirects cm.everesttech.net — Cisco Umbrella Rank: 1058 sync-tm.everesttech.net — Cisco Umbrella Rank: 572	748 B
2	omtrdc.net kaspersky.d3.sc.omtrdc.net — Cisco Umbrella Rank: 276375	561 B
2	id5-sync.com cdn.id5-sync.com — Cisco Umbrella Rank: 1573 id5-sync.com — Cisco Umbrella Rank: 663	12 KB
2	kasperskycontenthub.com kasperskycontenthub.com — Cisco Umbrella Rank: 509648	1 KB
2	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 175	70 KB
1	rlcdn.com id.rlcdn.com
1	smaato.net s.ad.smaato.net	239 B
1	socdm.com 1 redirects tg.socdm.com	688 B
1	contextweb.com 1 redirects bh.contextweb.com	388 B
1	bluekai.com 1 redirects stags.bluekai.com	1 KB
1	deepintent.com match.deepintent.com	44 B
1	technoratimedia.com 1 redirects sync.technoratimedia.com	339 B
1	ipredictive.com 1 redirects sync.ipredictive.com	433 B
1	stackadapt.com 1 redirects sync.srv.stackadapt.com	578 B
1	bttrack.com bttrack.com	380 B
1	sitescout.com pixel-sync.sitescout.com — Cisco Umbrella Rank: 594	191 B
1	ad4m.at ad4m.at — Cisco Umbrella Rank: 2091
1	adentifi.com rtb.adentifi.com	47 B
1	rfihub.com 1 redirects p.rfihub.com — Cisco Umbrella Rank: 728	755 B
1	yieldlift.com 1 redirects x.yieldlift.com	593 B
1	onetag-sys.com onetag-sys.com — Cisco Umbrella Rank: 809	814 B
1	33across.com pixel.33across.com
1	licdn.com snap.licdn.com — Cisco Umbrella Rank: 939	3 KB
1	ipify.org geo.ipify.org — Cisco Umbrella Rank: 68993	619 B
1	quantcount.com rules.quantcount.com — Cisco Umbrella Rank: 918	353 B
1	t.co t.co — Cisco Umbrella Rank: 495	337 B
1	twitter.com analytics.twitter.com — Cisco Umbrella Rank: 534	355 B
1	ads-twitter.com static.ads-twitter.com — Cisco Umbrella Rank: 638	14 KB
1	gstatic.com www.gstatic.com	144 KB
1	fastclick.net secure.cdn.fastclick.net — Cisco Umbrella Rank: 1561	17 KB
1	kaspersky.com media.kaspersky.com — Cisco Umbrella Rank: 145290	49 KB
0	adotmob.com Failed sync.adotmob.com Failed
379	79

	Domain	Requested by
32	threatpost.com	threatpost.com
16	tpc.googlesyndication.com	tagan.adlightning.com threatpost.com 94694d7dfe1d753cb61d8d1ee7ab1d24.safeframe.googlesyndication.com cdn.ampproject.org
15	ib.adnxs.com	5 redirects qd.admetricspro.com cds.connatix.com acdn.adnxs.com eb2.3lift.com
14	cm.g.doubleclick.net	5 redirects googleads.g.doubleclick.net u.openx.net eb2.3lift.com ssum-sec.casalemedia.com g2.gumgum.com
14	pagead2.googlesyndication.com	srcdoc securepubads.g.doubleclick.net 94694d7dfe1d753cb61d8d1ee7ab1d24.safeframe.googlesyndication.com tpc.googlesyndication.com tagan.adlightning.com www.googletagservices.com
14	media.threatpost.com	threatpost.com
13	assets.threatpost.com	threatpost.com assets.threatpost.com
11	ads.servenobid.com	qd.admetricspro.com public.servenobid.com ssum-sec.casalemedia.com g2.gumgum.com ssbsync.smartadserver.com
10	usersync.gumgum.com	1 redirects g2.gumgum.com
10	cdn.ampproject.org	threatpost.com
9	tagan.adlightning.com	threatpost.com tagan.adlightning.com 94694d7dfe1d753cb61d8d1ee7ab1d24.safeframe.googlesyndication.com
8	capi-tier-1-us-east-2.connatix.com	cd.connatix.com
8	www.google.com	2 redirects threatpost.com tagan.adlightning.com
7	s.amazon-adsystem.com	4 redirects eb2.3lift.com ssum-sec.casalemedia.com
7	match.adsrvr.org	u.openx.net eb2.3lift.com sync.serverbid.com ssum-sec.casalemedia.com g2.gumgum.com
7	qd.admetricspro.com	threatpost.com qd.admetricspro.com
6	rtb.gumgum.com	g2.gumgum.com
6	ads.pubmatic.com	cds.connatix.com qd.admetricspro.com sync.serverbid.com public.servenobid.com g2.gumgum.com
6	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com threatpost.com
6	vid.connatix.com	cd.connatix.com cds.connatix.com
6	securepubads.g.doubleclick.net	tagan.adlightning.com www.googletagservices.com securepubads.g.doubleclick.net threatpost.com
5	pixel.rubiconproject.com	2 redirects public.servenobid.com g2.gumgum.com
5	ups.analytics.yahoo.com	4 redirects ssum-sec.casalemedia.com
5	eb2.3lift.com	3 redirects qd.admetricspro.com eb2.3lift.com
5	us-u.openx.net	1 redirects u.openx.net
5	tag.1rx.io	qd.admetricspro.com cds.connatix.com
5	www.googletagmanager.com	threatpost.com www.googletagmanager.com
5	cds.connatix.com	threatpost.com cd.connatix.com
5	c.amazon-adsystem.com	qd.admetricspro.com c.amazon-adsystem.com
4	sync.1rx.io	4 redirects
4	b1sync.zemanta.com	3 redirects ssbsync.smartadserver.com
4	x.bidswitch.net	3 redirects eb2.3lift.com
4	eus.rubiconproject.com	qd.admetricspro.com eus.rubiconproject.com g2.gumgum.com
4	c1.adform.net	4 redirects
4	eu-u.openx.net	u.openx.net
4	dsum-sec.casalemedia.com	2 redirects googleads.g.doubleclick.net
4	googleads.g.doubleclick.net	94694d7dfe1d753cb61d8d1ee7ab1d24.safeframe.googlesyndication.com tagan.adlightning.com threatpost.com
4	pixel.quantserve.com	3 redirects threatpost.com
4	ap.lijit.com	qd.admetricspro.com sync.serverbid.com public.servenobid.com
4	fastlane.rubiconproject.com	qd.admetricspro.com
4	imasdk.googleapis.com	cd.connatix.com imasdk.googleapis.com
3	aax-eu.amazon-adsystem.com	2 redirects
3	token.rubiconproject.com	3 redirects
3	sync.outbrain.com	3 redirects
3	pr-bh.ybp.yahoo.com	eb2.3lift.com g2.gumgum.com
3	cs.emxdgt.com	2 redirects sync.serverbid.com
3	sync.mathtag.com	3 redirects
3	acdn.adnxs.com	cds.connatix.com qd.admetricspro.com
3	u.openx.net	cds.connatix.com qd.admetricspro.com
3	js-sec.indexww.com	cds.connatix.com qd.admetricspro.com
3	px.ads.linkedin.com	2 redirects eb2.3lift.com
3	prebid.a-mo.net	1 redirects qd.admetricspro.com cds.connatix.com
3	teachingaids-d.openx.net	qd.admetricspro.com cds.connatix.com
3	c2shb.ssp.yahoo.com	qd.admetricspro.com
3	htlb.casalemedia.com	qd.admetricspro.com cds.connatix.com
3	hbopenbid.pubmatic.com	qd.admetricspro.com cds.connatix.com
3	btlr.sharethrough.com	qd.admetricspro.com
2	creativecdn.com	2 redirects
2	ad.360yield.com	2 redirects
2	a.sportradarserving.com	2 redirects
2	secure.adnxs.com	1 redirects ssum-sec.casalemedia.com
2	ce.lijit.com	2 redirects
2	ssbsync.smartadserver.com	public.servenobid.com g2.gumgum.com
2	pixel.advertising.com	2 redirects
2	sync.go.sonobi.com	sync.serverbid.com public.servenobid.com
2	x.serverbid.com	sync.serverbid.com
2	ssum-sec.casalemedia.com	1 redirects public.servenobid.com
2	mug.criteo.com
2	gum.criteo.com	1 redirects
2	googleads4.g.doubleclick.net	googleads.g.doubleclick.net
2	9582686.fls.doubleclick.net	1 redirects www.googletagmanager.com
2	94694d7dfe1d753cb61d8d1ee7ab1d24.safeframe.googlesyndication.com	securepubads.g.doubleclick.net tagan.adlightning.com
2	adservice.google.com	tagan.adlightning.com 9582686.fls.doubleclick.net
2	c2shb.pubgw.yahoo.com	cds.connatix.com
2	www.google.de	threatpost.com
2	stats.g.doubleclick.net	www.google-analytics.com
2	s0.2mdn.net	imasdk.googleapis.com tagan.adlightning.com
2	e.serverbid.com	qd.admetricspro.com sync.serverbid.com
2	script.4dex.io	qd.admetricspro.com script.4dex.io
2	kaspersky.d3.sc.omtrdc.net	media.kaspersky.com
2	img.connatix.com	threatpost.com
2	dpm.demdex.net	media.kaspersky.com threatpost.com
2	kasperskycontenthub.com	threatpost.com
2	www.googletagservices.com	threatpost.com 94694d7dfe1d753cb61d8d1ee7ab1d24.safeframe.googlesyndication.com
1	ads.yahoo.com
1	id.rlcdn.com
1	rtb-csync.smartadserver.com	ssbsync.smartadserver.com
1	s.ad.smaato.net	ssbsync.smartadserver.com
1	secure-assets.rubiconproject.com	1 redirects
1	tg.socdm.com	1 redirects
1	sync-tm.everesttech.net	1 redirects
1	bh.contextweb.com	1 redirects
1	stags.bluekai.com	1 redirects
1	match.deepintent.com	g2.gumgum.com
1	sync.technoratimedia.com	1 redirects
1	sync.ipredictive.com	1 redirects
1	sync.srv.stackadapt.com	1 redirects
1	bttrack.com	g2.gumgum.com
1	pixel-sync.sitescout.com	ssum-sec.casalemedia.com
1	ad4m.at	ssum-sec.casalemedia.com
1	rtb.adentifi.com	ssum-sec.casalemedia.com
1	p.rfihub.com	1 redirects
1	x.yieldlift.com	1 redirects
1	onetag-sys.com	public.servenobid.com
1	pixel.33across.com	public.servenobid.com
1	g2.gumgum.com	public.servenobid.com
1	sync.serverbid.com	qd.admetricspro.com
1	public.servenobid.com	qd.admetricspro.com
1	px4.ads.linkedin.com
1	www.linkedin.com	1 redirects
1	adservice.google.de	tagan.adlightning.com
1	snap.licdn.com	www.googletagmanager.com
1	geo.ipify.org	qd.admetricspro.com
1	id5-sync.com	cdn.id5-sync.com
1	rules.quantcount.com	secure.quantserve.com
1	t.co	threatpost.com
1	analytics.twitter.com	threatpost.com
1	mp.4dex.io	qd.admetricspro.com
1	tlx.3lift.com	qd.admetricspro.com
1	cm.everesttech.net	1 redirects
1	kaspersky.demdex.net	tagan.adlightning.com
1	static.ads-twitter.com	www.googletagmanager.com
1	secure.quantserve.com	www.googletagmanager.com
1	www.gstatic.com	www.google.com
1	ins.connatix.com	cd.connatix.com
1	cdn.id5-sync.com	tagan.adlightning.com
1	secure.cdn.fastclick.net	tagan.adlightning.com
1	capi.connatix.com	cd.connatix.com
1	cd.connatix.com	1 redirects
1	media.kaspersky.com	threatpost.com
0	sync.adotmob.com Failed	ssbsync.smartadserver.com
379	131

This site contains links to these domains. Also see Links.

Domain
www.facebook.com
twitter.com
www.linkedin.com
www.youtube.com
feedly.com
www.instagram.com
www.greathorn.com
media.threatpost.com

Subject Issuer	Validity	Valid
threatpost.com DigiCert TLS RSA SHA256 2020 CA1	`2021-06-02` - `2022-07-03`	a year	crt.sh
*.adlightning.com Amazon	`2021-06-24` - `2022-07-23`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-04-25` - `2022-07-18`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-08-11` - `2022-08-10`	a year	crt.sh
assets.threatpost.com Amazon	`2022-01-05` - `2023-02-03`	a year	crt.sh
media.threatpost.com Amazon	`2022-01-05` - `2023-02-03`	a year	crt.sh
kasperskycontenthub.com DigiCert TLS RSA SHA256 2020 CA1	`2021-06-02` - `2022-07-03`	a year	crt.sh
www.google.com GTS CA 1C3	`2022-04-25` - `2022-07-18`	3 months	crt.sh
media.kaspersky.com DigiCert TLS RSA SHA256 2020 CA1	`2022-03-31` - `2023-03-31`	a year	crt.sh
c.amazon-adsystem.com Amazon	`2021-07-06` - `2022-06-27`	a year	crt.sh
*.connatix.com Go Daddy Secure Certificate Authority - G2	`2021-08-20` - `2022-09-21`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-05-04` - `2022-07-27`	3 months	crt.sh
secure.cdn.fastclick.net DigiCert SHA2 Secure Server CA	`2022-01-15` - `2023-01-17`	a year	crt.sh
cdn.id5-sync.com R3	`2022-04-13` - `2022-07-12`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2022-05-04` - `2022-07-27`	3 months	crt.sh
*.demdex.net DigiCert TLS RSA SHA256 2020 CA1	`2021-10-19` - `2022-11-19`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2022-04-25` - `2022-07-18`	3 months	crt.sh
*.quantserve.com DigiCert TLS RSA SHA256 2020 CA1	`2021-09-22` - `2022-09-21`	a year	crt.sh
ads-twitter.com DigiCert TLS RSA SHA256 2020 CA1	`2021-07-21` - `2022-07-26`	a year	crt.sh
*.d3.sc.omtrdc.net DigiCert TLS RSA SHA256 2020 CA1	`2022-02-17` - `2023-03-07`	a year	crt.sh
*.rubiconproject.com DigiCert TLS RSA SHA256 2020 CA1	`2022-03-08` - `2023-04-04`	a year	crt.sh
*.1rx.io Sectigo RSA Domain Validation Secure Server CA	`2021-06-01` - `2022-07-02`	a year	crt.sh
ads.servenobid.com Amazon	`2021-06-28` - `2022-07-27`	a year	crt.sh
*.lijit.com Go Daddy Secure Certificate Authority - G2	`2022-03-11` - `2023-04-12`	a year	crt.sh
*.sharethrough.com Amazon	`2021-08-13` - `2022-09-11`	a year	crt.sh
*.3lift.com Amazon	`2022-05-13` - `2023-06-11`	a year	crt.sh
*.pubmatic.com DigiCert Baltimore TLS RSA SHA256 2020 CA1	`2021-08-04` - `2022-09-04`	a year	crt.sh
*.consumableaudio.com R3	`2022-04-27` - `2022-07-26`	3 months	crt.sh
san.casalemedia.com GeoTrust RSA CA 2018	`2021-12-12` - `2022-12-13`	a year	crt.sh
web.ssp.yahoo.com DigiCert SHA2 High Assurance Server CA	`2022-03-08` - `2022-08-31`	6 months	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2021-07-08` - `2022-08-08`	a year	crt.sh
*.a-mo.net R3	`2022-04-19` - `2022-07-18`	3 months	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2022-02-11` - `2023-03-14`	a year	crt.sh
*.twitter.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-03-07` - `2023-03-06`	a year	crt.sh
t.co DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-03-07` - `2023-03-06`	a year	crt.sh
*.id5-sync.com R3	`2022-03-08` - `2022-06-06`	3 months	crt.sh
*.ipify.org Sectigo RSA Domain Validation Secure Server CA	`2022-02-07` - `2023-03-10`	a year	crt.sh
*.doubleclick.net GTS CA 1C3	`2022-05-04` - `2022-07-27`	3 months	crt.sh
*.google.com GTS CA 1C3	`2022-04-25` - `2022-07-18`	3 months	crt.sh
www.google.de GTS CA 1C3	`2022-05-04` - `2022-07-27`	3 months	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2022-03-01` - `2023-03-01`	a year	crt.sh
*.google.de GTS CA 1C3	`2022-05-04` - `2022-07-27`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2022-05-04` - `2022-07-27`	3 months	crt.sh
misc-sni.google.com GTS CA 1C3	`2022-04-25` - `2022-07-18`	3 months	crt.sh
*.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-04-11` - `2022-07-07`	3 months	crt.sh
cdn.adnxs.com GeoTrust TLS RSA CA G1	`2022-03-11` - `2023-04-11`	a year	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2022-03-31` - `2023-05-02`	a year	crt.sh
public.servenobid.com DigiCert TLS RSA SHA256 2020 CA1	`2022-02-17` - `2023-02-17`	a year	crt.sh
sync.serverbid.com Amazon	`2022-04-04` - `2023-05-03`	a year	crt.sh
*.emxdgt.com Go Daddy Secure Certificate Authority - G2	`2021-05-18` - `2022-06-19`	a year	crt.sh
*.go.sonobi.com Go Daddy Secure Certificate Authority - G2	`2021-12-08` - `2023-01-09`	a year	crt.sh
www.linkedin.com DigiCert SHA2 Secure Server CA	`2022-03-28` - `2022-09-28`	6 months	crt.sh
*.ybp.yahoo.com DigiCert SHA2 High Assurance Server CA	`2022-01-18` - `2022-07-13`	6 months	crt.sh
*.bidswitch.net Sectigo RSA Domain Validation Secure Server CA	`2022-04-05` - `2023-05-04`	a year	crt.sh
*.gumgum.com Amazon	`2022-05-06` - `2023-06-04`	a year	crt.sh
*.33across.com Sectigo RSA Domain Validation Secure Server CA	`2021-09-23` - `2022-09-30`	a year	crt.sh
*.onetag-sys.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-01-10` - `2023-01-03`	a year	crt.sh
*.smartadserver.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-01-25` - `2023-01-25`	a year	crt.sh
adentifi.com Amazon	`2021-09-04` - `2022-10-03`	a year	crt.sh
ups.analytics.yahoo.com DigiCert SHA2 High Assurance Server CA	`2022-01-11` - `2022-07-06`	6 months	crt.sh
*.sitescout.com GeoTrust TLS DV RSA Mixed SHA256 2020 CA-1	`2021-12-15` - `2023-01-15`	a year	crt.sh
*.deepintent.com Go Daddy Secure Certificate Authority - G2	`2022-05-02` - `2023-06-03`	a year	crt.sh
*.ad-server.k8s.ie.ggops.com Amazon	`2022-02-15` - `2023-03-16`	a year	crt.sh
s.ad.smaato.net Amazon	`2021-09-21` - `2022-10-20`	a year	crt.sh
*.zemanta.com DigiCert TLS RSA SHA256 2020 CA1	`2021-07-29` - `2022-08-29`	a year	crt.sh
*.rlcdn.com Sectigo RSA Domain Validation Secure Server CA	`2022-02-03` - `2023-02-25`	a year	crt.sh

This page contains 52 frames:

Primary Page: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Frame ID: CD2AC01745EB88866CF2919031BB6752
Requests: 148 HTTP requests in this frame

Frame: https://cds.connatix.com/p/163173/connatix.player.dc.js
Frame ID: 5A6351B46B5781AC35239D198270FDAA
Requests: 21 HTTP requests in this frame

Frame: https://kaspersky.demdex.net/dest5.html?d_nsid=0
Frame ID: FBF68F118DB7E113CF57E3AF1507F107
Requests: 1 HTTP requests in this frame

Frame: https://cds.connatix.com/p/plugins/prebid6.20.0.js
Frame ID: F1902240E2866CF959109D9F3A11074D
Requests: 16 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.516.0_en.html
Frame ID: C039D9116F1C59C01EC3478CE726A20A
Requests: 1 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.516.0_en.html
Frame ID: 35D276C15FFB820A8023D899EF69189F
Requests: 1 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.516.0_en.html
Frame ID: EA78AE4C482500B80936661C1835462E
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: 828DDB7FF5F4C986247596C791060278
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: D09868D3571016FD47C307B25F2C1977
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: 071C9751AACFA9F2D089CD7809A319CC
Requests: 1 HTTP requests in this frame

Frame: https://94694d7dfe1d753cb61d8d1ee7ab1d24.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: BC84442FC3E7AE6F6CB8312AF6EC71E9
Requests: 1 HTTP requests in this frame

Frame: https://9582686.fls.doubleclick.net/activityi;dc_pre=CI3dvaLx6_cCFdZDHQkdasQNEw;src=9582686;type=globalc;cat=globa0;ord=3682334307575;gtm=2od5b0;auiddc=1053594478.1652974339;u1=B2C;u2=no_locale;u4=threatpost.com;u5=%2Fmalformed-url-prefix-phishing-attacks-spike-6000%2F164132%2F;u6=;u7=07144512937268953731553571648394467026-831842569.1652974338;u9=_malformed-url-prefix-phishing-attacks-spike-6000_164132_;~oref=https%3A%2F%2Fthreatpost.com%2Fmalformed-url-prefix-phishing-attacks-spike-6000%2F164132%2F
Frame ID: 06B7CDB322E10DC14734671968B3A7AF
Requests: 2 HTTP requests in this frame

Frame: https://tagan.adlightning.com/math-aids-threatpost/bl-b318b8b-eb6591db.js
Frame ID: CE1CB92F465154D49E88DCFA0350F79D
Requests: 15 HTTP requests in this frame

Frame: https://94694d7dfe1d753cb61d8d1ee7ab1d24.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 4E1821B0E10AB6F5176F98C4F51461A9
Requests: 16 HTTP requests in this frame

Frame: https://tagan.adlightning.com/math-aids-threatpost/bl-b318b8b-eb6591db.js
Frame ID: 0D53CFE1161691CBB8B9A3AB3974EA7E
Requests: 17 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 701DD9868E1D21B65F9450BDA6C6DC32
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: AA41975F146C2083537F287FE8BE878B
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMr9xPwCEOXgtpkDGKq16MkBMAE&v=APEucNXghWpoa1uFjNhuxnpgemaYdoLcJnFVljLgZ95zN1rrN1kIh2_1tfEUgxpq0kl9yhOL3EtangXmE3406RGO3ONS_JHUMCcoZ3AZSIDIdOOP-XCTHi8
Frame ID: F8BB8FE66248D4086B751615B1AAC5F7
Requests: 4 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 56FF737554E7C8F7591BB9E1B445F176
Requests: 3 HTTP requests in this frame

Frame: https://js-sec.indexww.com/um/ixmatch.html
Frame ID: A56202DBAF59FCCB0F92C5A3ABB51731
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156858&gdpr=0&gdpr_consent=
Frame ID: AC76A5AAE802C08BA26013D987CB3BAB
Requests: 1 HTTP requests in this frame

Frame: https://u.openx.net/w/1.0/pd?gdpr=0&gdpr_consent=
Frame ID: 2AE38E6E7DC7403BD1C3CCC5F44A7B5D
Requests: 7 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: FE8E03C2180375B54F2A85E6A83FCE6C
Requests: 3 HTTP requests in this frame

Frame: https://js-sec.indexww.com/um/ixmatch.html
Frame ID: F260391EF18C3CECC5EE6545467953BD
Requests: 1 HTTP requests in this frame

Frame: https://u.openx.net/w/1.0/pd?gdpr=0&gdpr_consent=
Frame ID: 49254E932FA903955063C2C9116C222A
Requests: 7 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: 19680AF38560912277119CD12058F012
Requests: 3 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156858&gdpr=0&gdpr_consent=
Frame ID: 3BE4D0284C97C31653BCA59BCD3983D7
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156858
Frame ID: D29C0194FC0AFEC3F6E06717ADFFC806
Requests: 1 HTTP requests in this frame

Frame: https://public.servenobid.com/sync.html
Frame ID: 637430FDB5E17C8112F88204C8B4843A
Requests: 11 HTTP requests in this frame

Frame: https://js-sec.indexww.com/um/ixmatch.html
Frame ID: 7D641CFF62D5FF9BB199933A94298387
Requests: 1 HTTP requests in this frame

Frame: https://u.openx.net/w/1.0/pd
Frame ID: A965EFEC0AF6506F0523FDFF4B3B864A
Requests: 1 HTTP requests in this frame

Frame: https://ap.lijit.com/beacon?informer=13394437
Frame ID: 6A8083FB879B00FF5E23F967B62A197D
Requests: 1 HTTP requests in this frame

Frame: https://sync.serverbid.com/ss/2000891.html
Frame ID: E43B854EFBE92F81E27B5FD8F4B159EE
Requests: 8 HTTP requests in this frame

Frame: https://eb2.3lift.com/sync?&ld=1
Frame ID: 0B3B5A3C97BD1802DBDE830314C197D5
Requests: 11 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html
Frame ID: 29499DE1762967281585353AE2651B26
Requests: 10 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: 7292F6A873226F3F3E9557693E801763
Requests: 3 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156319&gdpr=0&predirect=https%3A%2F%2Fx.serverbid.com%2Fusersync%3Fttt%3D3%26src%3D2%26cspi%3D0%26cn%3D3%26spui%3D%26dpui%3D
Frame ID: 2ED4AF4034906FAB2877C1530AA21BFC
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Fx.yieldlift.com%2Fsetuid%3Fbidder%3Dpubmatic%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3D1YN-%26uid%3D
Frame ID: 0C1A53E14138F63D919B9071FC864CAE
Requests: 1 HTTP requests in this frame

Frame: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Frame ID: 4133F743F68696AF04C84E9AC13C2636
Requests: 16 HTTP requests in this frame

Frame: https://pixel.33across.com/ps?m=xch&rt=html&id=0010b00002Mq2FYAAZ&ru=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D304%26uid%3D33XUSERID33X
Frame ID: BABE40EFD064925C39C445726012D338
Requests: 1 HTTP requests in this frame

Frame: https://onetag-sys.com/usync/?pubId=694e68b73971b58&gdpr=0&gdpr_consent=&us_privacy=1YN-&https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D318%26uid%3D
Frame ID: 544ED9EABF633BEE51900BAAE8A5B018
Requests: 1 HTTP requests in this frame

Frame: https://ssbsync.smartadserver.com/api/sync?callerId=9&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D317%26uid%3D%24UID
Frame ID: 35E8A9EFA10EC9F949C5FADCE59F0923
Requests: 6 HTTP requests in this frame

Frame: https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D
Frame ID: 8CE5895011E522BD4DE92739512FC12C
Requests: 10 HTTP requests in this frame

Frame: https://usersync.gumgum.com/usersync?b=mmh&i=69836286-6304-4200-a654-13da65e66f4a&gdpr=0&gdpr_consent=
Frame ID: 33CE1E887360743DA11C40A47D6CB8EC
Requests: 1 HTTP requests in this frame

Frame: https://usersync.gumgum.com/usersync?b=atm&i=YoZjAQAAALEWpANn&gdpr=0&gdpr_consent=
Frame ID: AE243CDDA1894EEDDBB6E40635CFF926
Requests: 1 HTTP requests in this frame

Frame: https://cm.g.doubleclick.net/pixel?google_nid=gumgum_dbm&google_hm=ZV9kOTUwY2Y0NS1jODFlLTRkMTQtYTdhNC1lMDEyYjE1OGMwNzI=&gdpr=0&gdpr_consent=
Frame ID: BEEE0705309E15FA48EEF0ADC406DE33
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=0&gdprConsent=
Frame ID: 6473558CF0C1B675E280792F7E60A9AD
Requests: 1 HTTP requests in this frame

Frame: https://match.adsrvr.org/track/cmf/generic?ttd_pid=gumgum&ttd_tpi=1&gdpr=0&gdpr_consent=
Frame ID: CB2F7D0E09011AE340B1B3F7B34F0B48
Requests: 1 HTTP requests in this frame

Frame: https://usersync.gumgum.com/usersync?b=emx&uid=4428542190750113826brt289211652974343931273f1
Frame ID: 3311EEC859B3A283FDB0A22B9115709E
Requests: 1 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usersync?b=sus&i=YoZjCMCo8X4AAMKJrm4AAAAA
Frame ID: 921A38A770140F5456E8BF0C36EC419B
Requests: 1 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usersync?b=rth&i=MXU6CFn77sThbZKvmnVX&pi=gumgum&tc=1
Frame ID: 8383B49D41B75D132F4025567A57B8D6
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?p=gumgum
Frame ID: 3A01D7191AAC41539BAC352FA3BD3530
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Malformed URL Prefix Phishing Attacks Spike 6,000% | Threatpost

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
/wp-(?:content|includes)/

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

DoubleClick for Publishers (DFP) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googletagservices\.com/tag/js/gpt(?:_mobile)?\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

Prebid (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

/prebid\.js
adnxs\.com/[^"]*(?:prebid|/pb\.js)

PubMatic (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.pubmatic\.com

Quantcast Measure (Analytics) Expand

Overall confidence: 100%
Detected patterns

\.quantserve\.com/quant\.js

Rubicon Project (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.rubiconproject\.com

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

reCAPTCHA (Captchas) Expand

Overall confidence: 100%
Detected patterns

/recaptcha/api\.js

Page Statistics

379
Requests

85 %
HTTPS

28 %
IPv6

79
Domains

131
Subdomains

95
IPs

8
Countries

5826 kB
Transfer

13428 kB
Size

87
Cookies

8 Outgoing links

These are links going to different origins than the main page.

URL: https://www.facebook.com/Threatpost/

Search URL Search Domain Scan URL

URL: https://twitter.com/threatpost/

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/threatpost/

Search URL Search Domain Scan URL

URL: https://www.youtube.com/user/threatpost

Search URL Search Domain Scan URL

URL: https://feedly.com/threatpost

Search URL Search Domain Scan URL

URL: https://www.instagram.com/Threatpost/

Search URL Search Domain Scan URL

URL: https://www.greathorn.com/blog-new-phishing-attack-identified-malformed-url-prefixes/
Title: malformed URL prefixes

Search URL Search Domain Scan URL

URL: https://media.threatpost.com/wp-content/uploads/sites/103/2021/12/09015533/ThreatpostMK_TEMPLATE.pdf
Title: Advertise With Us

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 44

https://cd.connatix.com/connatix.player.js HTTP 302
https://cds.connatix.com/p/163173/connatix.player.dc.js

Request Chain 97

https://cm.everesttech.net/cm/dd?d_uuid=05541802692311294312005650498476980360 HTTP 302
https://dpm.demdex.net/ibs:dpid=411&dpuuid=YoZjAQAAALEWpANn

Request Chain 180

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=39138&time=1652974338722&url=https%3A%2F%2Fthreatpost.com%2Fmalformed-url-prefix-phishing-attacks-spike-6000%2F164132%2F HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D39138%26time%3D1652974338722%26url%3Dhttps%253A%252F%252Fthreatpost.com%252Fmalformed-url-prefix-phishing-attacks-spike-6000%252F164132%252F%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=39138&time=1652974338722&url=https%3A%2F%2Fthreatpost.com%2Fmalformed-url-prefix-phishing-attacks-spike-6000%2F164132%2F&liSync=true HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=39138&time=1652974338722&url=https%3A%2F%2Fthreatpost.com%2Fmalformed-url-prefix-phishing-attacks-spike-6000%2F164132%2F&liSync=true&e_ipv6=AQJ4WF43cx-lWgAAAYDc8sS2Rlj5OHdYqhGGyRxQNgc1gOIQDKS_ed3SuUFOQaUcs5EBHvJE

Request Chain 185

https://9582686.fls.doubleclick.net/activityi;src=9582686;type=globalc;cat=globa0;ord=3682334307575;gtm=2od5b0;auiddc=1053594478.1652974339;u1=B2C;u2=no_locale;u4=threatpost.com;u5=%2Fmalformed-url-prefix-phishing-attacks-spike-6000%2F164132%2F;u6=;u7=07144512937268953731553571648394467026-831842569.1652974338;u9=_malformed-url-prefix-phishing-attacks-spike-6000_164132_;~oref=https%3A%2F%2Fthreatpost.com%2Fmalformed-url-prefix-phishing-attacks-spike-6000%2F164132%2F HTTP 302
https://9582686.fls.doubleclick.net/activityi;dc_pre=CI3dvaLx6_cCFdZDHQkdasQNEw;src=9582686;type=globalc;cat=globa0;ord=3682334307575;gtm=2od5b0;auiddc=1053594478.1652974339;u1=B2C;u2=no_locale;u4=threatpost.com;u5=%2Fmalformed-url-prefix-phishing-attacks-spike-6000%2F164132%2F;u6=;u7=07144512937268953731553571648394467026-831842569.1652974338;u9=_malformed-url-prefix-phishing-attacks-spike-6000_164132_;~oref=https%3A%2F%2Fthreatpost.com%2Fmalformed-url-prefix-phishing-attacks-spike-6000%2F164132%2F

Request Chain 229

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 231

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 236

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm&gdpr=0 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEiaC_JQ2frrLxWEJ-s2-H0&google_cver=1&gdpr=0

Request Chain 237

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&gdpr=0&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgdpr%3D0%26google_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&gdpr=0&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?gdpr=0&google_nid=casale_media2_dsp_secure&google_cm&google_hm=YoZjBB5Gz2Mr607LjzNzCQAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEiaC_JQ2frrLxWEJ-s2-H0&google_cver=1&gdpr=0

Request Chain 252

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fthreatpost.com%2F&domain=threatpost.com&cw=1&lsw=1 HTTP 302
https://mug.criteo.com/sid?cpp=t2UiJnx0ZDcxMVRHOVJZRTZ2akdPVTZTNVUvUHRBZUVreE5EbnFYSTQySmErcDJLdnB5Wjc2bC9YbWtjYWg2SVp2ajBJVktpN29JMGNuN2w4TklqYzFhbDJpUWNPbS9UeXdhM2ZXZ3RxVklMYXZhS1daTmdkRjR3SnhhL3pxRHloMm02Qnc5RUVPSE8yUE10azNXN2lxQWhXRXlvWnphZzl4T2E2MFpwWGV2TjlFSUFWNE5ER25VMkhBaXNrMFp5cUx1SkxMVlZPVzBHaXlNSGI0UEM3aU1BSjNNK2pCMnNLWkx2NEJFZjFDZ0Q2ZDhjPXw&cppv=2

Request Chain 262

https://sync.mathtag.com/sync/img?mt_exid=5&redir=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D536872786%26val%3D%5BMM_UUID%5D HTTP 302
https://eu-u.openx.net/w/1.0/sd?id=536872786&val=69836286-6304-4200-a654-13da65e66f4a

Request Chain 263

https://pixel.quantserve.com/pixel/p-25CIknq_eSg16.gif?idmatch=0&gdpr=0 HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072956&&val=V5oepVebFqFMmkeiWcoLoFCaE6BMnRegVJBX7nAa

Request Chain 264

https://c1.adform.net/serving/cookie/match?party=22 HTTP 302
https://c1.adform.net/serving/cookie/match?CC=1&party=22 HTTP 302
https://eu-u.openx.net/w/1.0/sd?id=537113484&val=7552591904104620069

Request Chain 267

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEPlYoazC6jevPF-Z785Vx-Q&google_cver=1

Request Chain 268

https://sync.mathtag.com/sync/img?mt_exid=5&redir=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D536872786%26val%3D%5BMM_UUID%5D HTTP 302
https://eu-u.openx.net/w/1.0/sd?id=536872786&val=b2de6286-6305-4700-a8e5-7fb8a8892237

Request Chain 269

https://pixel.quantserve.com/pixel/p-25CIknq_eSg16.gif?idmatch=0&gdpr=0 HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072956&&val=V5oepVebFqFMmkeiWcoLoFCaE6BMnRegVJBX7nAa

Request Chain 270

https://c1.adform.net/serving/cookie/match?party=22 HTTP 302
https://c1.adform.net/serving/cookie/match?CC=1&party=22 HTTP 302
https://eu-u.openx.net/w/1.0/sd?id=537113484&val=4740624511943531446

Request Chain 273

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEPlYoazC6jevPF-Z785Vx-Q&google_cver=1

Request Chain 274

https://ib.adnxs.com/async_usersync?cbfn=queuePixels HTTP 307
https://ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels

Request Chain 275

https://ib.adnxs.com/async_usersync?cbfn=queuePixels HTTP 307
https://ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels

Request Chain 286

https://eb2.3lift.com/sync HTTP 302
https://eb2.3lift.com/sync?&ld=1

Request Chain 292

https://ssum-sec.casalemedia.com/usermatchredir?s=185073&cb=https%3A%2F%2Fx.serverbid.com%2Fusersync%3Fttt%3D1%26src%3D2%26cspi%3D0%26cn%3D5528%26spui%3D%26dpui%3D HTTP 302
https://x.serverbid.com/usersync?ttt=1&src=2&cspi=0&cn=5528&spui=&dpui=YoZjBB5Gz2Mr607LjzNzCQAA%261111

Request Chain 295

https://ib.adnxs.com/getuid?https%3A%2F%2Fx.serverbid.com%2Fusersync%3Fttt%3D1%26src%3D2%26cspi%3D0%26cn%3D5551%26spui%3D%26dpui%3D%24UID HTTP 302
https://x.serverbid.com/usersync?ttt=1&src=2&cspi=0&cn=5551&spui=&dpui=4428542190750113826

Request Chain 296

https://pixel.advertising.com/ups/56621/occ HTTP 302
https://pixel.advertising.com/ups/56621/occ?verify=true HTTP 302
https://ups.analytics.yahoo.com/ups/56621/occ?apid=UPe15e7214-d788-11ec-a421-068f2ada2e5e HTTP 302
https://ups.analytics.yahoo.com/ups/56621/occ?apid=UPe15e7214-d788-11ec-a421-068f2ada2e5e&verify=true HTTP 302
https://e.serverbid.com/udb/9969/sync/i.gif?partnerId=29&userId=UPe15e7214-d788-11ec-a421-068f2ada2e5e

Request Chain 298

https://eb2.3lift.com/ebda?sync=1&gdpr=1&gdpr_consent= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=OTk0MzIwNTIyNTM4ODE4OTA1OTQ3

Request Chain 300

https://eb2.3lift.com/sync/google/demand?sync=1&gdpr=1&gdpr_consent= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=triplelift&gdpr=1&gdpr_consent=&us_privacy=&google_hm=OTk0MzIwNTIyNTM4ODE4OTA1OTQ3

Request Chain 304

https://s.amazon-adsystem.com/x/757c0557066e95cfd4c7?gdpr=1&gdpr_consent=&uid=994320522538818905947 HTTP 302
https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&dl=3lift&gdpr=1&gdpr_consent=&uid=994320522538818905947&dcc=t

Request Chain 305

https://b1sync.zemanta.com/usersync/triplelift?gdpr=1&gdpr_consent= HTTP 302
https://eb2.3lift.com/xuid?mid=2460&dongle=dba8&xuid=&gdpr=1

Request Chain 316

https://ib.adnxs.com/getuid?https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D312%26uid%3D%24UID HTTP 302
https://ads.servenobid.com/sync?pid=312&uid=4428542190750113826

Request Chain 317

https://ce.lijit.com/merge?pid=273657&3pid=273657&gdpr=0&gdpr_consent=&us_privacy=1YN-&&location=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D310%26uid%3D%5BSOVRNID%5D HTTP 302
https://ce.lijit.com/merge?pid=273657&3pid=273657&gdpr=0&gdpr_consent=&us_privacy=1YN-&location=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D310%26uid%3D%5BSOVRNID%5D&dnr=1 HTTP 302
https://ads.servenobid.com/sync?pid=310&uid=EqtEqRZHv1CWWl6EQey_Zr-v

Request Chain 319

https://x.yieldlift.com/getuid?r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D314%26uid%3D%24UID HTTP 301
https://ads.servenobid.com/sync?pid=314&uid=eyJ4dWlkIjoiNTZkYWM2NzAtZjM3Yi00YTEzLWFmZWEtMzA4YWNmMTk0ZThiIiwiZHAiOnt9LCJiZGF5IjoiMjAyMi0wNS0xOVQxNTozMjoyNC4xNzc5MzlaIn0=

Request Chain 320

https://sync.1rx.io/usersync2/rmpssp?sub=duration&redir=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D321%26uid%3D%5BRX_UUID%5D HTTP 302
https://sync.1rx.io/usersync2/rmpssp?sub=duration&zcc=1&redir=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D321%26uid%3D%5BRX_UUID%5D&cb=1652974343867 HTTP 302
https://ads.servenobid.com/sync?pid=321&uid=OPTOUT

Request Chain 321

https://p.rfihub.com/cm?pub=44007&in=1 HTTP 302
https://ads.servenobid.com/sync?pid=324&uid=5133329521251074453

Request Chain 323

https://prebid.a-mo.net/cchain/0?gdpr=0&gdpr_consent=&us_privacy=1YN-&&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D327%26uid%3D HTTP 302
https://ads.servenobid.com/sync?pid=327&uid=440bd644-5094-4cb1-80aa-73130f3c5a38&gdpr=0&gdpr_consent=&us_privacy=1YN-

Request Chain 324

https://ups.analytics.yahoo.com/ups/58559/occ HTTP 302
https://ups.analytics.yahoo.com/ups/58559/occ?verify=true HTTP 302
https://ads.servenobid.com/sync?pid=337&uid=y-QxUHxpJE2uHkaTGCjsXWXcOICgzYvO4T2VxxBoQ-~A

Request Chain 327

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YoZjBB5Gz2Mr607LjzNzCQAABFcAAAAB HTTP 302
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YoZjBB5Gz2Mr607LjzNzCQAABFcAAAAB&dcc=t

Request Chain 334

https://secure.adnxs.com/getuid?https://usersync.gumgum.com/usersync?b=apn&i=$UID HTTP 302
https://usersync.gumgum.com/usersync?b=apn&i=4428542190750113826

Request Chain 335

https://x.bidswitch.net/sync?ssp=gumgum2&user_id=e_d950cf45-c81e-4d14-a7a4-e012b158c072&gdpr=0&gdpr_consent=&us_privacy=1--- HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=gumgum2&user_id=e_d950cf45-c81e-4d14-a7a4-e012b158c072&gdpr=0&gdpr_consent=&us_privacy=1--- HTTP 302
https://a.sportradarserving.com/sync?ssp=bidswitch&bidswitch_ssp_id=gumgum2 HTTP 302
https://a.sportradarserving.com/ul_cb/sync?ssp=bidswitch&bidswitch_ssp_id=gumgum2 HTTP 302
https://x.bidswitch.net/sync?dsp_id=409&expires=14&user_group=1&user_id=a27a796e-9d3b-4a38-8de3-5487f708977d&ssp=gumgum2 HTTP 302
https://rtb.gumgum.com/usersync?b=bsw&i=4ba7c650-1e0f-4411-8e2f-ba7bf77b04bf

Request Chain 336

https://sync.outbrain.com/redirectObuid?platformId=GUMGU18H7EL9NI653I7DPEH51&gdpr=0&gdprConsent=&platformRdUrl=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dobn%26i%3D%7BOB_UID%7D%26r%3D%7BobRdUrl%7D HTTP 302
https://usersync.gumgum.com/usersync?b=obn&i=ENC%28i3XTXeE7GeJGZIzK97ld7Q_gIKoAhDrSVpue6-B1q3Eqzn6kfxJoE40fwbu4A8dq%29&r=https%3A%2F%2Fsync.outbrain.com%2FsyncUser%3FplatformId%3D%7Bplatform_id%7D%26platformUid%3D%7Bplatform_uid%7D%26obuid%3DENC%28i3XTXeE7GeJGZIzK97ld7Q_gIKoAhDrSVpue6-B1q3Eqzn6kfxJoE40fwbu4A8dq%29 HTTP 302
https://sync.outbrain.com/syncUser?platformId=GUMGU18H7EL9NI653I7DPEH51&platformUid=e_d950cf45-c81e-4d14-a7a4-e012b158c072&obuid=ENC(i3XTXeE7GeJGZIzK97ld7Q_gIKoAhDrSVpue6-B1q3Eqzn6kfxJoE40fwbu4A8dq) HTTP 302
https://sync.outbrain.com/syncPartner?platformId=GUMGU18H7EL9NI653I7DPEH51 HTTP 302
https://bttrack.com/Pixel/cookiesyncredir?rurl=https%3A%2F%2Fsync.outbrain.com%2Fcookie-sync%3Fp%3Dbidtellect%26uid%3D%7Bglobalid%7D%26obUid%3Di3XTXeE7GeJGZIzK97ld7Q_gIKoAhDrSVpue6-B1q3Eqzn6kfxJoE40fwbu4A8dq

Request Chain 337

https://us-u.openx.net/w/1.0/cm?_={CACHEBUSTER}&id=47f31213-389c-4904-aaa6-9b11aab9c211&gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dopx%26i%3D HTTP 302
https://usersync.gumgum.com/usersync?b=opx&i=7a4f3432-3b89-4ca8-bdb5-e18d5394f2a9

Request Chain 338

https://sync.srv.stackadapt.com/sync?nid=1&gdpr=0&gdpr_consent= HTTP 302
https://rtb.gumgum.com/usersync?b=sta&i=0-b461d99d-0837-43fc-52af-e49189bebf30$ip$185.213.155.162

Request Chain 340

https://sync.ipredictive.com/d/sync/cookie/generic?partner=gumgum&cspid=9&append=1&cb=${ADELPHIC_CACHE_BUSTER}&gdpr=0&gdpr_consent=&us_privacy=1---&redirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dvnt%26i%3D HTTP 302
https://usersync.gumgum.com/usersync?b=vnt&i=e1d724d6-d788-11ec-9ab9-6303bc30f4d1

Request Chain 341

https://sync.technoratimedia.com/services?srv=cs&pid=65&us_privacy=1---&cb=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dsnc%26i%3D%5BUSER_ID%5D HTTP 307
https://usersync.gumgum.com/usersync?b=snc&i=GDPR

Request Chain 343

https://b1sync.zemanta.com/usersync/gumgum/?puid=e_d950cf45-c81e-4d14-a7a4-e012b158c072&gdpr=0&gdpr_consent=&us_privacy=1--- HTTP 302
https://stags.bluekai.com/site/23178?id=9ugVZ5NallhAZUgfCKnz&redir=https%3A%2F%2Fb1sync.zemanta.com%2Fusersync%2Fbluekai%2Fcallback%2F%3Fd%3DNB2HI4DTHIXS64TUMIXGO5LNM52W2LTDN5WS65LTMVZHG6LOMM7WEPL2MVWSMZLYMNUGC3THMU6WO5LNM52W2JTHMRYHEPJQEZUT2OLVM5LFUNKOMFWGY2CBLJKWOZSDJNXHUJTVONPXA4TJOZQWG6J5GEWS2LI&gdpr=0&us_privacy=1--- HTTP 302
https://b1sync.zemanta.com/usersync/bluekai/callback/?d=NB2HI4DTHIXS64TUMIXGO5LNM52W2LTDN5WS65LTMVZHG6LOMM7WEPL2MVWSMZLYMNUGC3THMU6WO5LNM52W2JTHMRYHEPJQEZUT2OLVM5LFUNKOMFWGY2CBLJKWOZSDJNXHUJTVONPXA4TJOZQWG6J5GEWS2LI HTTP 302
https://rtb.gumgum.com/usersync?b=zem&gdpr=0&i=9ugVZ5NallhAZUgfCKnz&us_privacy=1---

Request Chain 344

https://ad.360yield.com/server_match?partner_id=N&r=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Didi%26i%3D%7BPUB_USER_ID%7D HTTP 302
https://ad.360yield.com/ul_cb/server_match?partner_id=N&r=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Didi%26i%3D%7BPUB_USER_ID%7D HTTP 302
https://usersync.gumgum.com/usersync?b=idi&i=89f917cc-dde4-449b-9d10-f4f57928626c

Request Chain 345

https://sync.1rx.io/usersync2/floor6&gdpr=0&gdpr_consent= HTTP 302
https://sync.1rx.io/usersync2/floor6?zcc=1&cb=1652974343930 HTTP 302
https://rtb.gumgum.com/usersync?b=rhy&i=OPTOUT

Request Chain 346

https://bh.contextweb.com/bh/rtset?pid=558355&ev=1&rurl=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dpln%26i%3D%25%25VGUID%25%25 HTTP 302
https://usersync.gumgum.com/usersync?b=pln&i=AlesviNFAPkv&ev=1&pid=558355

Request Chain 349

https://sync.mathtag.com/sync/img?mt_exid=71&gdpr=0&gdpr_consent=&redir=https%3a%2f%2fusersync.gumgum.com%2fusersync%3fb%3dmmh%26i%3d%5bMM_UUID%5d HTTP 302
https://usersync.gumgum.com/usersync?b=mmh&i=69836286-6304-4200-a654-13da65e66f4a&gdpr=0&gdpr_consent=

Request Chain 350

https://sync-tm.everesttech.net/upi/pid/URnmbSKM?redir=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Datm%26i%3D%24%7BTM_USER_ID%7D&gdpr=0&gdpr_consent= HTTP 302
https://usersync.gumgum.com/usersync?b=atm&i=YoZjAQAAALEWpANn&gdpr=0&gdpr_consent=

Request Chain 354

https://cs.emxdgt.com/um?redirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Demx%26i%3D%24UID&gdpr=0&gdpr_consent= HTTP 302
https://ib.adnxs.com/getuid?https://cs.emxdgt.com/umcheck?apnxid=$UID&redirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Demx%26i%3D%24EMXUID HTTP 302
https://cs.emxdgt.com/umcheck?apnxid=4428542190750113826&redirect=https://usersync.gumgum.com/usersync?b=emx&i=$EMXUID HTTP 302
https://usersync.gumgum.com/usersync?b=emx&uid=4428542190750113826brt289211652974343931273f1

Request Chain 355

https://tg.socdm.com/aux/idsync?proto=gumgum HTTP 302
https://rtb.gumgum.com/usersync?b=sus&i=YoZjCMCo8X4AAMKJrm4AAAAA

Request Chain 356

https://creativecdn.com/cm-notify?pi=gumgum HTTP 302
https://creativecdn.com/cm-notify?pi=gumgum&tc=1 HTTP 302
https://rtb.gumgum.com/usersync?b=rth&i=MXU6CFn77sThbZKvmnVX&pi=gumgum&tc=1

Request Chain 357

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=gumgum HTTP 301
https://eus.rubiconproject.com/usync.html?p=gumgum

Request Chain 362

https://pixel.quantserve.com/pixel/p-EtBqU4Lj3YbAv.gif?idmatch=0&gdpr=0&gdpr_consent= HTTP 302
https://rtb-csync.smartadserver.com/redir/?partnerid=80&&partneruserid=firrAH4r4wRlKrIHcHr-BXkq5gVlLeIFfSDqfTNH

Request Chain 364

https://token.rubiconproject.com/token?pid=25470 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDNENjhQWjctSi1FM1Ux

Request Chain 365

https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id= HTTP 302
https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=&dcc=t HTTP 302
https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=e1WO5yj6TJiaqwKRCsS-oQ&rk=usync-other HTTP 302
https://aax-eu.amazon-adsystem.com/s/ecm3?ex=rubiconprojectHMT&id=e1WO5yj6TJiaqwKRCsS-oQ

Request Chain 366

https://token.rubiconproject.com/token?pid=2974&pt=n&a=1 HTTP 302
https://pr-bh.ybp.yahoo.com/sync/rubicon/uS1XrwdxNlmirCOxRdQ46A?csrc=

Request Chain 368

https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc HTTP 302
https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEA-vxA33qiFyP7Msrr2d6O0&google_cver=1

Request Chain 370

https://token.rubiconproject.com/token?pid=26594 HTTP 302
https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=L3D68PZ7-J-E3U1&sigv=1&esig=2~7db51d16fcea296bf62361255bef3d0ccd2e8185

Request Chain 371

https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id= HTTP 302
https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=&dcc=t HTTP 302
https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=3sfqawbURzKCM0ffXxHZCg&rk=usync-na HTTP 302
https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=3sfqawbURzKCM0ffXxHZCg

379 HTTP transactions
-3 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/ 86 KB
22 KB 2622ms
2422ms Document
text/html 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-35-173-160-135.compute-1.amazonaws.com

Software

nginx /

Resource Hash

68c517dfcdaded08f308c9a19b2be3f967b7988e08ce0551cf974d3939b2b649

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Connection: close
Content-Encoding: gzip
Content-Type: text/html; charset=UTF-8
Date: Thu, 19 May 2022 15:32:15 GMT
Link: <https://threatpost.com/wp-json/>; rel="https://api.w.org/" <https://threatpost.com/wp-json/wp/v2/posts/164132>; rel="alternate"; type="application/json" <https://threatpost.com/?p=164132>; rel=shortlink
Server: nginx
Strict-Transport-Security: max-age=31536000; includeSubDomains
Transfer-Encoding: chunked
X-Content-Type-Options: nosniff
X-Debug-Auth: off
X-Frame-Options: SAMEORIGIN
X-Request-Host: threatpost.com
X-XSS-Protection: 1; mode=block
x-cache-hit: MISS

GET
H/1.1 200
OK museosans-900italic-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 15 KB
15 KB 382ms
190ms Font
font/woff2 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-900italic-webfont.woff2
Requested by: Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 8edaef698e025c37ba9e8d632a895d7252c62251df3f095d5cff17b6f3304854

Request headers

Referer: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Origin: https://threatpost.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date: Thu, 19 May 2022 15:32:16 GMT
Last-Modified: Fri, 13 May 2022 06:19:52 GMT
Server: nginx
ETag: "627df888-3ca8"
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Connection: close
Accept-Ranges: bytes
Content-Length: 15528

GET
H/1.1 200
OK museosans-900-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 20 KB
21 KB 387ms
196ms Font
font/woff2 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-900-webfont.woff2
Requested by: Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 4823c011e4b4cb4b7f35ced3ab09d57215ee243676d9bfcc24d10ec77d3db398

Request headers

Referer: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Origin: https://threatpost.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date: Thu, 19 May 2022 15:32:16 GMT
Last-Modified: Fri, 13 May 2022 06:19:53 GMT
Server: nginx
ETag: "627df889-5124"
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Connection: close
Accept-Ranges: bytes
Content-Length: 20772

GET
H/1.1 200
OK museosans-700italic-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 15 KB
16 KB 383ms
190ms Font
font/woff2 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-700italic-webfont.woff2
Requested by: Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 859faa9b9ed0990288b2f393a102b1fe2668ac79088b113b6f0beaee521221eb

Request headers

Referer: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Origin: https://threatpost.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date: Thu, 19 May 2022 15:32:16 GMT
Last-Modified: Fri, 13 May 2022 06:19:53 GMT
Server: nginx
ETag: "627df889-3dcc"
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Connection: close
Accept-Ranges: bytes
Content-Length: 15820

GET
H/1.1 200
OK museosans-700-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 20 KB
21 KB 383ms
190ms Font
font/woff2 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-700-webfont.woff2
Requested by: Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: ae00ae9c862bc8b8923efd1d9a18befa912678a869d4dd01179a59ed3de731be

Request headers

Referer: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Origin: https://threatpost.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date: Thu, 19 May 2022 15:32:16 GMT
Last-Modified: Fri, 13 May 2022 06:19:52 GMT
Server: nginx
ETag: "627df888-51a4"
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Connection: close
Accept-Ranges: bytes
Content-Length: 20900

GET
H/1.1 200
OK museosans-500italic-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 23 KB
23 KB 384ms
190ms Font
font/woff2 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-500italic-webfont.woff2
Requested by: Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 17aee1fe3d7d16e647b97f568230c2ff36c1855ce35ce930c26aec5d2c58eaf4

Request headers

Referer: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Origin: https://threatpost.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date: Thu, 19 May 2022 15:32:16 GMT
Last-Modified: Fri, 13 May 2022 06:19:52 GMT
Server: nginx
ETag: "627df888-5c74"
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Connection: close
Accept-Ranges: bytes
Content-Length: 23668

GET
H/1.1 200
OK museosans-500-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 20 KB
21 KB 386ms
191ms Font
font/woff2 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-500-webfont.woff2
Requested by: Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 2de77164bb9924542e1dea4ee4a0ff27d40b51a3d7939dac7db11a95045c9b7d

Request headers

Referer: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Origin: https://threatpost.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date: Thu, 19 May 2022 15:32:16 GMT
Last-Modified: Fri, 13 May 2022 06:19:52 GMT
Server: nginx
ETag: "627df888-5194"
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Connection: close
Accept-Ranges: bytes
Content-Length: 20884

GET
H/1.1 200
OK museosans-300italic-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 23 KB
23 KB 765ms
192ms Font
font/woff2 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-300italic-webfont.woff2
Requested by: Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: f8a2b5b62eb722c3379b30cf0cc58d3176ee6be48036d6ad2aa838d2029c4189

Request headers

Referer: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Origin: https://threatpost.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date: Thu, 19 May 2022 15:32:16 GMT
Last-Modified: Fri, 13 May 2022 06:19:52 GMT
Server: nginx
ETag: "627df888-5bac"
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Connection: close
Accept-Ranges: bytes
Content-Length: 23468

GET
H/1.1 200
OK museosans-300-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 20 KB
21 KB 768ms
194ms Font
font/woff2 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-300-webfont.woff2
Requested by: Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 45ddc09b0ad6ab916bd9a0282070b161045e186fc025303f4aa1aa821fc45ac7

Request headers

Referer: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Origin: https://threatpost.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date: Thu, 19 May 2022 15:32:16 GMT
Last-Modified: Fri, 13 May 2022 06:19:53 GMT
Server: nginx
ETag: "627df889-51b8"
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Connection: close
Accept-Ranges: bytes
Content-Length: 20920

GET
H/1.1 200
OK museosans-100italic-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 23 KB
23 KB 769ms
190ms Font
font/woff2 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-100italic-webfont.woff2
Requested by: Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 038fc4d49a9191d416d49841f371b6e0b06bb40f719124099d40fe8f393b9e2c

Request headers

Referer: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Origin: https://threatpost.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date: Thu, 19 May 2022 15:32:16 GMT
Last-Modified: Fri, 13 May 2022 06:19:52 GMT
Server: nginx
ETag: "627df888-5b34"
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Connection: close
Accept-Ranges: bytes
Content-Length: 23348

GET
H/1.1 200
OK museosans-100-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 20 KB
20 KB 769ms
191ms Font
font/woff2 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-100-webfont.woff2
Requested by: Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 06fc565587b8b700936a1677218cb269a6cc31ca5f701eb45461e86a3d54d5c7

Request headers

Referer: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Origin: https://threatpost.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date: Thu, 19 May 2022 15:32:16 GMT
Last-Modified: Fri, 13 May 2022 06:19:53 GMT
Server: nginx
ETag: "627df889-50c8"
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Connection: close
Accept-Ranges: bytes
Content-Length: 20680

GET
H2 200 op.js Show response
tagan.adlightning.com/math-aids-threatpost/ 45 KB
19 KB 94ms
9ms Script
application/javascript 65.9.63.123
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Requested by: Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.63.123 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-63-123.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: c209f49366106ec532e4626d9ec2b7f9e774a480fb5dd249d10b66ad256869f5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

x-amz-version-id: 1inqCqdroXvIHNjoOdGU0P6V8FF4ZouG
content-encoding: gzip
etag: "179bf9d1cc8395b29b1b959e2edc7e26"
age: 2114
x-cache: Hit from cloudfront
content-length: 18602
x-amz-meta-git_commit: 7b120a5
last-modified: Wed, 18 May 2022 18:21:03 GMT
server: AmazonS3
date: Thu, 19 May 2022 15:08:03 GMT
content-type: application/javascript
via: 1.1 b8fb5d47d5536b63dd25111404e6e2e4.cloudfront.net (CloudFront)
cache-control: max-age=3600
x-amz-cf-pop: FRA56-C1
accept-ranges: bytes
x-amz-cf-id: 9tUC71CQndkrg89t2uGxqwmgOwQX8Xdi66SohtKWb1Hm3yIc1iY1MA==

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ 82 KB
29 KB 133ms
48ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fa34ff64c1412b8fca238da1a4b3b30a7f4ca91e59039857d14606c27425e62f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 19 May 2022 15:32:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28970
x-xss-protection: 0
server: sffe
etag: "1219 / 433 of 1000 / last-modified: 1652958421"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Thu, 19 May 2022 15:32:17 GMT

GET
H2 200 ros-layout.js Show response
qd.admetricspro.com/js/threatpost/ 26 KB
4 KB 187ms
152ms Script
application/javascript 2606:4700:3030::ac43:cf70
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://qd.admetricspro.com/js/threatpost/ros-layout.js
Requested by: Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3030::ac43:cf70 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7a3fcd53b20a6fdf183b0340f596a6431a280459adb871f43e617cecd5d57681

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 19 May 2022 15:32:16 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Fri, 08 Apr 2022 16:11:01 GMT
server: cloudflare
etag: W/"679a-5dc26d73770fc-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NnLwBv7Z9qbn6hmEPf7vxhJjSmqaV0NvMcvK20oZG7V88LT0EGpCPdaAXuDWe6Z7o4Km6uNa6AwWNb%2BHcPO27wmnRhepMaN7xyKi0Y%2B7mU%2BxOgKVnWFNhoYJH62o%2F%2FiqvJljkWGcp51StBj7m1m9udw7"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=14400
cf-ray: 70dde2605b309004-FRA
expires: Thu, 19 May 2022 15:37:03 GMT

GET
H2 200 cmp.js Show response
qd.admetricspro.com/js/threatpost/ 310 KB
90 KB 332ms
330ms Script
application/javascript 2606:4700:3030::ac43:cf70
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://qd.admetricspro.com/js/threatpost/cmp.js
Requested by: Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3030::ac43:cf70 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 519815bc4a3dd9a571cb56f57c7c6abfbda2b4e2de8c4b884a7535a1705438f2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 19 May 2022 15:32:17 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Tue, 01 Jun 2021 14:47:10 GMT
server: cloudflare
etag: W/"4d957-5c3b56abf6028-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4ek8aFuBoi8x0IpkE7WLQIiAE6Op6vi9J2yG3ZImvboiyubV0H%2BccrZISr9XJbZC5UjjWZ6jovPgRb1lcXzT%2BqWt118uOSXCd%2F6jlFBWsum1%2FmDSnt%2Bjclq9Urzr14KXY1QhSjzbr75X9o%2BHnPBppgrD"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=14400
cf-ray: 70dde266c8ad9004-FRA
expires: Thu, 19 May 2022 15:37:06 GMT

GET
H2 200 uspcmp.js Show response
qd.admetricspro.com/js/threatpost/ 148 KB
58 KB 168ms
166ms Script
application/javascript 2606:4700:3030::ac43:cf70
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://qd.admetricspro.com/js/threatpost/uspcmp.js
Requested by: Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3030::ac43:cf70 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1ae61ed61290f9bf2619f52667aafa622c805072c75765025f0b61a23862005f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 19 May 2022 15:32:17 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Sat, 08 Aug 2020 22:40:07 GMT
server: cloudflare
etag: W/"24e50-5ac65673cef1c-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HWar%2B%2FAmg2tEsL29ht0FqADx6IJpZGAfORJoGv6jyNwhiy%2B1or%2Fj3m5wNhErPAGhk9fqcdZdb3N8iiSJbDHatR9Z31eromKkcjIuXX7KljQX7bXHi5RKVC1tdiTF1vIyHW74EtMmRcTep6GLgc3PACXR"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=14400
cf-ray: 70dde266c8b19004-FRA
expires: Thu, 19 May 2022 15:37:06 GMT

GET
H2 200 targeting.js Show response
qd.admetricspro.com/js/threatpost/ 393 B
555 B 154ms
152ms Script
application/javascript 2606:4700:3030::ac43:cf70
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://qd.admetricspro.com/js/threatpost/targeting.js
Requested by: Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3030::ac43:cf70 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 03cc687f0c8a2d1694e509b91fcd6c62c0fbdbdbdb850b8007b8052f649c7f77

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 19 May 2022 15:32:17 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Wed, 04 Aug 2021 21:50:12 GMT
server: cloudflare
etag: W/"189-5c8c2c96f96c7-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2vLoqUyHWpIu6yM3MXP9%2BEy236zsNPBcctGix96Qeqi%2BZhGCij1KhCFRD1WMj%2BBxraNFjA3VrXC3zhAFRvBk7oOqrMN%2BTCg7X%2B7bZzMraF%2BbFWh9s6xiID0ie7A%2FLEZGfUA22BalNOFDrXZWibyBXBsT"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=14400
cf-ray: 70dde266c8b39004-FRA
expires: Thu, 19 May 2022 15:37:06 GMT

GET
H2 200 prebid.js Show response
qd.admetricspro.com/js/threatpost/ 459 KB
131 KB 225ms
223ms Script
application/javascript 2606:4700:3030::ac43:cf70
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Requested by: Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3030::ac43:cf70 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9a7e2f2daef118825ab8bb58bc3cd9dbb3c83cb84772a08f6c5758d706fef173

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 19 May 2022 15:32:17 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Mon, 02 May 2022 16:56:40 GMT
server: cloudflare
etag: W/"72c32-5de0a46b45676-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IKm5aK88FKXyOtIWVgLhBLPbwSxYOyCnFq7N9RHHmGtjwbXLC4L1uWXtwkCoTY6qim89muCfBrubE5hCuIVSEscKqgu0eYQijSUXq%2Fuc1QNcPvcd%2F2PttM07pUDXNNNF%2FAAfq2S7miP7FkVvaVtCS9Bc"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=14400
cf-ray: 70dde266c8b79004-FRA
expires: Thu, 19 May 2022 15:37:06 GMT

GET
H2 200 engine.js Show response
qd.admetricspro.com/js/threatpost/ 35 KB
11 KB 187ms
153ms Script
application/javascript 2606:4700:3030::ac43:cf70
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://qd.admetricspro.com/js/threatpost/engine.js
Requested by: Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3030::ac43:cf70 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6e6377776a1104aed9b11142115b22dcaad3cf78ae76d255e454b04b7189af32

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 19 May 2022 15:32:16 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Mon, 24 Jan 2022 02:31:38 GMT
server: cloudflare
etag: W/"8cae-5d64ac49b9c1c-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eHTCzQYlZoeGvfNlHoP8Y%2BAfFofQIr0nk8V7ZO2%2FQBTweLrtjv9zdROyP5R7u9rwI8CJRg3zR%2FtMCfmRKhkhqgpquOXgaMUahfeRidO%2FFIMURLJDNijOLTwctgd10ebpS0CUvr6HlwUlrHronAg9zS6h"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=14400
cf-ray: 70dde2605b339004-FRA
expires: Thu, 19 May 2022 15:37:03 GMT

GET
H2 200 /
assets.threatpost.com/wp-content/plugins/bwp-minify/min/ 294 KB
42 KB 585ms
423ms Stylesheet
text/css 2600:9000:2057:6400:2:9275:3d40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=86144b34

Requested by

Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2057:6400:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

62cbf085d014439b719c84c3d2f3222fde66e299c2da1b41dfc4dbb315db0456

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 19 May 2022 15:32:16 GMT
content-encoding: gzip
x-amz-cf-pop: FRA6-C1
x-cache: Miss from cloudfront
content-length: 42696
x-cache-hit: HIT
last-modified: Fri, 13 May 2022 06:19:53 GMT
server: nginx
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/css; charset=utf-8
via: 1.1 25c6baf0a31a5ef699c1e219b25ce7b8.cloudfront.net (CloudFront)
cache-control: max-age=86400
x-debug-auth: off
x-request-host: assets.threatpost.com
x-amz-cf-id: 6Mopyexk0yDhKFfqpNivO7Oc2kjiL9ACX4Ft5LEZIARmxHxJ8o2SqQ==
expires: Fri, 20 May 2022 13:20:02 GMT

GET
H/1.1 200
OK jquery-1.12.4-wp.js Show response
threatpost.com/wp-content/plugins/kaspersky-enable-jquery-migrate-helper/js/jquery/ 95 KB
37 KB 769ms
191ms Script
application/x-javascript 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/plugins/kaspersky-enable-jquery-migrate-helper/js/jquery/jquery-1.12.4-wp.js?ver=1.12.4-wp
Requested by: Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 3bb2621a4c0c710f6e78404473aebff8e115a28f8d53f44339b867c63ad93b26

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Pragma: public
Date: Thu, 19 May 2022 15:32:16 GMT
Content-Encoding: gzip
Last-Modified: Fri, 13 May 2022 06:19:52 GMT
Server: nginx
ETag: W/"627df888-17a56"
Transfer-Encoding: chunked
Content-Type: application/x-javascript
Cache-Control: max-age=604800, public
Connection: close
Expires: Thu, 26 May 2022 15:32:16 GMT

GET
H/1.1 200
OK alert_text.js Show response
threatpost.com/wp-content/plugins/kaspersky-cookies-notification/scripts/ 107 B
461 B 674ms
96ms Script
application/x-javascript 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/plugins/kaspersky-cookies-notification/scripts/alert_text.js?ver=1652422792
Requested by: Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 68cdaaeccd079ab33df06d3e5fb47594a4458a6491d48a8ae2f394defb419eb5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Pragma: public
Date: Thu, 19 May 2022 15:32:16 GMT
Content-Encoding: gzip
Last-Modified: Fri, 13 May 2022 06:19:52 GMT
Server: nginx
ETag: W/"627df888-6b"
Transfer-Encoding: chunked
Content-Type: application/x-javascript
Cache-Control: max-age=604800, public
Connection: close
Expires: Thu, 26 May 2022 15:32:16 GMT

GET
H/1.1 200
OK alert.js Show response
threatpost.com/wp-content/plugins/kaspersky-cookies-notification/scripts/ 4 KB
2 KB 963ms
97ms Script
application/x-javascript 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/plugins/kaspersky-cookies-notification/scripts/alert.js?ver=1652422792
Requested by: Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 500288356853c7199a27a6a2cdcd14b217d18dd9c8103272d8e6def6acbe2580

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Pragma: public
Date: Thu, 19 May 2022 15:32:16 GMT
Content-Encoding: gzip
Last-Modified: Fri, 13 May 2022 06:19:52 GMT
Server: nginx
ETag: W/"627df888-104a"
Transfer-Encoding: chunked
Content-Type: application/x-javascript
Cache-Control: max-age=604800, public
Connection: close
Expires: Thu, 26 May 2022 15:32:16 GMT

GET
H/1.1 200
OK public.js Show response
threatpost.com/wp-content/plugins/honeypot-comments/public/assets/js/ 116 B
495 B 1051ms
97ms Script
application/x-javascript 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/plugins/honeypot-comments/public/assets/js/public.js?ver=1.0.0
Requested by: Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 931dc539e87db7f509be9c77dfcc9b2baee0b91e5236aa04580ab14ed81e2cc0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Pragma: public
Date: Thu, 19 May 2022 15:32:17 GMT
Content-Encoding: gzip
Last-Modified: Wed, 11 Jun 2014 19:20:42 GMT
Server: nginx
ETag: W/"5398ac0a-74"
Transfer-Encoding: chunked
Content-Type: application/x-javascript
Cache-Control: max-age=604800, public
Connection: close
Expires: Thu, 26 May 2022 15:32:17 GMT

GET
H/1.1 200
OK kaspersky-twitter-pullquote.js Show response
threatpost.com/wp-content/plugins/kspr_twitter_pullquote/js/ 599 B
713 B 1057ms
96ms Script
application/x-javascript 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/plugins/kspr_twitter_pullquote/js/kaspersky-twitter-pullquote.js?ver=1.0
Requested by: Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 1791bf831c158912a11ca40bcf5f3573fc54ec8f8343c37780dab679c0203d63

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Pragma: public
Date: Thu, 19 May 2022 15:32:17 GMT
Content-Encoding: gzip
Last-Modified: Fri, 13 May 2022 06:19:52 GMT
Server: nginx
ETag: W/"627df888-257"
Transfer-Encoding: chunked
Content-Type: application/x-javascript
Cache-Control: max-age=604800, public
Connection: close
Expires: Thu, 26 May 2022 15:32:17 GMT

GET
H/1.1 200
OK loadmore.js Show response
threatpost.com/wp-content/themes/threatpost-2018/assets/js/ 4 KB
2 KB 1057ms
96ms Script
application/x-javascript 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/js/loadmore.js?ver=5.9.3
Requested by: Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: e0f1df7af81fd8eb920863093c426fdafd241b8d9aeb6126fb2fd24f36c061b3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Pragma: public
Date: Thu, 19 May 2022 15:32:17 GMT
Content-Encoding: gzip
Last-Modified: Fri, 13 May 2022 06:19:52 GMT
Server: nginx
ETag: W/"627df888-11e7"
Transfer-Encoding: chunked
Content-Type: application/x-javascript
Cache-Control: max-age=604800, public
Connection: close
Expires: Thu, 26 May 2022 15:32:17 GMT

GET
H/1.1 200
OK social-share.js Show response
threatpost.com/wp-content/plugins/kaspersky-social-sharing/assets/js/ 18 KB
6 KB 1059ms
96ms Script
application/x-javascript 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/plugins/kaspersky-social-sharing/assets/js/social-share.js?ver=1.0.0
Requested by: Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 546be401414bcb20cdea07cdbcd806409b9629e4895737e214401948c40409f3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Pragma: public
Date: Thu, 19 May 2022 15:32:17 GMT
Content-Encoding: gzip
Last-Modified: Fri, 13 May 2022 06:19:52 GMT
Server: nginx
ETag: W/"627df888-484d"
Transfer-Encoding: chunked
Content-Type: application/x-javascript
Cache-Control: max-age=604800, public
Connection: close
Expires: Thu, 26 May 2022 15:32:17 GMT

GET
H2 200 phish-fish-e1591191632979.jpg
media.threatpost.com/wp-content/uploads/sites/103/2020/06/03094019/ 53 KB
54 KB 60ms
26ms Image
image/jpeg 2600:9000:214f:c400:0:5c46:4f40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.threatpost.com/wp-content/uploads/sites/103/2020/06/03094019/phish-fish-e1591191632979.jpg
Requested by: Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:214f:c400:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: a1267fb5f954298273455537282a988283137c3ebeb9bef9f99d653a0a7ccd71

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Sat, 14 May 2022 16:21:49 GMT
via: 1.1 cc77875ec7dfc885cffaa2ec6fa578f6.cloudfront.net (CloudFront), 1.1 18e87eada05046c231b7f49230fa6dc4.cloudfront.net (CloudFront)
last-modified: Wed, 03 Jun 2020 13:40:33 GMT
server: AmazonS3
age: 429029
etag: "26a41fc5fbb3f72019285056105bd717"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000
x-amz-cf-pop: FRA53-C1, FRA53-C1
accept-ranges: bytes
content-length: 54467
x-amz-cf-id: AawZmi0-DNn8SQFbrhjfbhX7xV3fU8ECZwKc649RynqkBlAG8wDgLQ==
expires: Thu, 03 Jun 2021 13:40:32 GMT

GET
H2 200 SMB-webinar-promo-article-b.jpg
media.threatpost.com/wp-content/uploads/sites/103/2021/02/17150450/ 157 KB
157 KB 54ms
20ms Image
image/jpeg 2600:9000:214f:c400:0:5c46:4f40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.threatpost.com/wp-content/uploads/sites/103/2021/02/17150450/SMB-webinar-promo-article-b.jpg
Requested by: Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:214f:c400:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 793c1fa20d428c9cc9f0af0179d9de217c124f5d19d31c6b36878ba793bbacd2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Fri, 25 Mar 2022 21:40:07 GMT
via: 1.1 1f0db25765b79d244ad1fa2184395c12.cloudfront.net (CloudFront), 1.1 18e87eada05046c231b7f49230fa6dc4.cloudfront.net (CloudFront)
last-modified: Wed, 17 Feb 2021 20:04:51 GMT
server: AmazonS3
age: 4729931
etag: "a2fa17a9d3c4987c5c58e2be2ebd9669"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000
x-amz-cf-pop: FRA56-P2, FRA53-C1
accept-ranges: bytes
content-length: 160257
x-amz-cf-id: -uq-5l9Ne8-_SBIwGoBKw91SFbuhQah3ycEKvj8tZaIX0MX4Jarhpg==
expires: Thu, 17 Feb 2022 20:04:50 GMT

GET
H/1.1 200
OK scripts.js Show response
kasperskycontenthub.com/threatpost-global/wp-content/plugins/kaspersky-embeds/js/ 2 KB
1 KB 300ms
98ms Script
application/x-javascript 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://kasperskycontenthub.com/threatpost-global/wp-content/plugins/kaspersky-embeds/js/scripts.js?ver=1.0
Requested by: Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: b1f863d13dbad7d5240f577a73b47b06227d218909259042da95301e2eb8be55

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Pragma: public
Date: Thu, 19 May 2022 15:32:17 GMT
Content-Encoding: gzip
Last-Modified: Fri, 13 May 2022 06:19:52 GMT
Server: nginx
ETag: W/"627df888-828"
Transfer-Encoding: chunked
Content-Type: application/x-javascript
Cache-Control: max-age=604800, public
Connection: close
Expires: Thu, 26 May 2022 15:32:17 GMT

GET
H2 200 api.js Show response
www.google.com/recaptcha/ 852 B
969 B 148ms
61ms Script
text/javascript 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js?render=explicit&ver=202124050927

Requested by

Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

0b6d64335ce4d54221edf2500663a9fca03081bfa7711e4dd4fa69b031255bd5

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 19 May 2022 15:32:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
content-security-policy: frame-ancestors 'self'
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 556
x-xss-protection: 1; mode=block
expires: Thu, 19 May 2022 15:32:17 GMT

GET
H/1.1 200
OK main.js Show response
threatpost.com/wp-content/plugins/kaspersky-gravity-forms-dynamic-recaptcha/assets/js/ 3 KB
1 KB 288ms
96ms Script
application/x-javascript 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/plugins/kaspersky-gravity-forms-dynamic-recaptcha/assets/js/main.js?ver=202124050927
Requested by: Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 4d52f37b83f70c5035632548c652508d793eec55e17f2ac19552f4fa19d323be

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Pragma: public
Date: Thu, 19 May 2022 15:32:17 GMT
Content-Encoding: gzip
Last-Modified: Fri, 13 May 2022 06:19:52 GMT
Server: nginx
ETag: W/"627df888-ab4"
Transfer-Encoding: chunked
Content-Type: application/x-javascript
Cache-Control: max-age=604800, public
Connection: close
Expires: Thu, 26 May 2022 15:32:17 GMT

GET
H2 200 s_code_single_suite.js Show response
media.kaspersky.com/tracking/omniture/ 173 KB
49 KB 98ms
11ms Script
application/javascript 185.85.15.23
KL-EXT

General

Check archive.org

Show headers Download Go to

Full URL

https://media.kaspersky.com/tracking/omniture/s_code_single_suite.js?ver=5.9.3

Requested by

Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/

Protocol

Security

TLS 1.3, , CHACHA20_POLY1305

Server

185.85.15.23 , Germany, ASN200107 (KL-EXT, CH),

Reverse DNS

Software

/ Kaspersky Labs, Kaspersky Labs

Resource Hash

5e28c84350d366bdfe2f975b140ff03da2914afad19d8d72f93626714bbee238

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
etag: "8064ef82ed4fd81:0"
x-powered-by: Kaspersky Labs, Kaspersky Labs
alt-svc: h3=":443"; ma=86400
content-length: 49335
x-xss-protection: 1; mode=block
last-modified: Thu, 14 Apr 2022 10:50:53 GMT
server
x-frame-options: SAMEORIGIN
date: Thu, 19 May 2022 15:32:16 GMT
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=3600
x-server: fr1/FRA3
accept-ranges: bytes
x-content-type-options: nosniff

GET
H/1.1 200
OK main.js Show response
threatpost.com/wp-content/themes/threatpost-2018/assets/js/ 114 KB
40 KB 388ms
195ms Script
application/x-javascript 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/js/main.js?ver=202107061113
Requested by: Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 4e0b5563ff1fc5175d65e11e1546bee1945486d65d76c9248bdd77487532dadf

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Pragma: public
Date: Thu, 19 May 2022 15:32:17 GMT
Content-Encoding: gzip
Last-Modified: Fri, 13 May 2022 06:19:53 GMT
Server: nginx
ETag: W/"627df889-1c643"
Transfer-Encoding: chunked
Content-Type: application/x-javascript
Cache-Control: max-age=604800, public
Connection: close
Expires: Thu, 26 May 2022 15:32:17 GMT

GET
H/1.1 200
OK regenerator-runtime.min.js Show response
threatpost.com/wp-includes/js/dist/vendor/ 6 KB
3 KB 294ms
99ms Script
application/x-javascript 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.13.9
Requested by: Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: a3e64300797e8078baa41dbc49e2affc1d2bedd04a470f0c929ed7fac698fbcd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Pragma: public
Date: Thu, 19 May 2022 15:32:17 GMT
Content-Encoding: gzip
Last-Modified: Tue, 05 Apr 2022 19:23:48 GMT
Server: nginx
ETag: W/"624c9744-195e"
Transfer-Encoding: chunked
Content-Type: application/x-javascript
Cache-Control: max-age=604800, public
Connection: close
Expires: Thu, 26 May 2022 15:32:17 GMT

GET
H/1.1 200
OK wp-polyfill.min.js Show response
threatpost.com/wp-includes/js/dist/vendor/ 19 KB
8 KB 291ms
97ms Script
application/x-javascript 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=3.15.0
Requested by: Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: e20ddb9ed1fa044cb624f0253bb06b13c92ed9915063bd63a5806440c6b1ce7c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Pragma: public
Date: Thu, 19 May 2022 15:32:17 GMT
Content-Encoding: gzip
Last-Modified: Tue, 05 Apr 2022 19:23:48 GMT
Server: nginx
ETag: W/"624c9744-4b3d"
Transfer-Encoding: chunked
Content-Type: application/x-javascript
Cache-Control: max-age=604800, public
Connection: close
Expires: Thu, 26 May 2022 15:32:17 GMT

GET
H/1.1 200
OK dom-ready.min.js Show response
threatpost.com/wp-includes/js/dist/ 1 KB
989 B 293ms
98ms Script
application/x-javascript 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-includes/js/dist/dom-ready.min.js?ver=ecda74de0221e1c2ce5c57cbb5af09d5
Requested by: Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: e127aead57cd6625f795f8c41d8b7c463c2c50158e3a3dc398424db2b16bd5db

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Pragma: public
Date: Thu, 19 May 2022 15:32:17 GMT
Content-Encoding: gzip
Last-Modified: Tue, 05 Apr 2022 19:23:48 GMT
Server: nginx
ETag: W/"624c9744-4e9"
Transfer-Encoding: chunked
Content-Type: application/x-javascript
Cache-Control: max-age=604800, public
Connection: close
Expires: Thu, 26 May 2022 15:32:17 GMT

GET
H/1.1 200
OK hooks.min.js Show response
threatpost.com/wp-includes/js/dist/ 6 KB
2 KB 295ms
99ms Script
application/x-javascript 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-includes/js/dist/hooks.min.js?ver=1e58c8c5a32b2e97491080c5b10dc71c
Requested by: Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: e5935466216a250bb06338805b32ffb19eeda9042ead790ebc6e5dda27820adb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Pragma: public
Date: Thu, 19 May 2022 15:32:17 GMT
Content-Encoding: gzip
Last-Modified: Tue, 05 Apr 2022 19:23:48 GMT
Server: nginx
ETag: W/"624c9744-163a"
Transfer-Encoding: chunked
Content-Type: application/x-javascript
Cache-Control: max-age=604800, public
Connection: close
Expires: Thu, 26 May 2022 15:32:17 GMT

GET
H/1.1 200
OK i18n.min.js Show response
threatpost.com/wp-includes/js/dist/ 10 KB
4 KB 290ms
98ms Script
application/x-javascript 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-includes/js/dist/i18n.min.js?ver=30fcecb428a0e8383d3776bcdd3a7834
Requested by: Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 22c90613db09ef65c964b143e6adbe584b42eae85c9b7a75fa27c22b25cccb90

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Pragma: public
Date: Thu, 19 May 2022 15:32:17 GMT
Content-Encoding: gzip
Last-Modified: Tue, 05 Apr 2022 19:23:48 GMT
Server: nginx
ETag: W/"624c9744-28a7"
Transfer-Encoding: chunked
Content-Type: application/x-javascript
Cache-Control: max-age=604800, public
Connection: close
Expires: Thu, 26 May 2022 15:32:17 GMT

GET
H/1.1 200
OK a11y.min.js Show response
threatpost.com/wp-includes/js/dist/ 3 KB
2 KB 287ms
96ms Script
application/x-javascript 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-includes/js/dist/a11y.min.js?ver=68e470cf840f69530e9db3be229ad4b6
Requested by: Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 927e16d837ac9f46ddb4a64c8fea1cbe39343902c91b14e11b484e9b01f98cdd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Pragma: public
Date: Thu, 19 May 2022 15:32:17 GMT
Content-Encoding: gzip
Last-Modified: Tue, 05 Apr 2022 19:23:48 GMT
Server: nginx
ETag: W/"624c9744-bfd"
Transfer-Encoding: chunked
Content-Type: application/x-javascript
Cache-Control: max-age=604800, public
Connection: close
Expires: Thu, 26 May 2022 15:32:17 GMT

GET
H/1.1 200
OK jquery.json.min.js Show response
threatpost.com/wp-content/plugins/gravityforms/js/ 2 KB
1 KB 290ms
98ms Script
application/x-javascript 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/plugins/gravityforms/js/jquery.json.min.js?ver=2.5.16.3
Requested by: Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 693c8b61667ac94847264924178702a190c5113b41b82085dad0641f89e3f864

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Pragma: public
Date: Thu, 19 May 2022 15:32:17 GMT
Content-Encoding: gzip
Last-Modified: Fri, 13 May 2022 06:19:53 GMT
Server: nginx
ETag: W/"627df889-730"
Transfer-Encoding: chunked
Content-Type: application/x-javascript
Cache-Control: max-age=604800, public
Connection: close
Expires: Thu, 26 May 2022 15:32:17 GMT

GET
H/1.1 200
OK gravityforms.min.js Show response
threatpost.com/wp-content/plugins/gravityforms/js/ 43 KB
15 KB 384ms
190ms Script
application/x-javascript 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/plugins/gravityforms/js/gravityforms.min.js?ver=2.5.16.3
Requested by: Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 69f0ade8cca67112ef495f707fb73c68fd5099a6cd9c51d9ba9ceda8dcca16f7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Pragma: public
Date: Thu, 19 May 2022 15:32:17 GMT
Content-Encoding: gzip
Last-Modified: Fri, 13 May 2022 06:19:53 GMT
Server: nginx
ETag: W/"627df889-abe0"
Transfer-Encoding: chunked
Content-Type: application/x-javascript
Cache-Control: max-age=604800, public
Connection: close
Expires: Thu, 26 May 2022 15:32:17 GMT

GET
H/1.1 200
OK conditional_logic.min.js Show response
threatpost.com/wp-content/plugins/gravityforms/js/ 8 KB
3 KB 291ms
99ms Script
application/x-javascript 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/plugins/gravityforms/js/conditional_logic.min.js?ver=2.5.16.3
Requested by: Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 7104f88840a420f1702717d900db98910deb6141ad639bb7338b88993e989c72

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Pragma: public
Date: Thu, 19 May 2022 15:32:17 GMT
Content-Encoding: gzip
Last-Modified: Fri, 13 May 2022 06:19:53 GMT
Server: nginx
ETag: W/"627df889-213f"
Transfer-Encoding: chunked
Content-Type: application/x-javascript
Cache-Control: max-age=604800, public
Connection: close
Expires: Thu, 26 May 2022 15:32:17 GMT

GET
H/1.1 200
OK placeholders.jquery.min.js Show response
threatpost.com/wp-content/plugins/gravityforms/js/ 5 KB
2 KB 293ms
99ms Script
application/x-javascript 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/plugins/gravityforms/js/placeholders.jquery.min.js?ver=2.5.16.3
Requested by: Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: d62a7b7ec5313469ebff5c006b9068dc44d6d1c122cf787ffa29a10113b34060

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Pragma: public
Date: Thu, 19 May 2022 15:32:17 GMT
Content-Encoding: gzip
Last-Modified: Fri, 13 May 2022 06:19:53 GMT
Server: nginx
ETag: W/"627df889-121f"
Transfer-Encoding: chunked
Content-Type: application/x-javascript
Cache-Control: max-age=604800, public
Connection: close
Expires: Thu, 26 May 2022 15:32:17 GMT

GET
H2 200 apstag.js Show response
c.amazon-adsystem.com/aax2/ 135 KB
37 KB 43ms
7ms Script
application/javascript 65.9.66.173
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/aax2/apstag.js
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/engine.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.173 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-173.fra56.r.cloudfront.net
Software: Server /
Resource Hash: 1909b2a83fd41494d94862c4323944d9d0aa1f1e653f252ea5a73fc5944308b0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

x-amz-version-id: STlSjRvyyTgJyl_raxUeHIFBn6F5DqB3
content-encoding: gzip
etag: 4abd427e43cd6822329a2c05539e321f
age: 547
x-cache: Hit from cloudfront
server: Server
x-amz-rid: 10DBXATH0YXVA7ZBHB9J
date: Thu, 19 May 2022 15:23:10 GMT
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 120ade321ed0e3697c81eb1eb19b5f62.cloudfront.net (CloudFront)
cache-control: public, max-age=900
x-amz-cf-pop: FRA56-C1
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: aODOr3TovZ9gztHtqZjFk2TqQVDn5qcZVh957kivmWJEt_8DMjpdvw==

GET
H2

200

connatix.player.dc.js Show response
cds.connatix.com/p/163173/ Frame 5A63
Redirect Chain

https://cd.connatix.com/connatix.player.js
https://cds.connatix.com/p/163173/connatix.player.dc.js

890 KB
208 KB

13ms
6ms

Script
application/javascript

151.101.2.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cds.connatix.com/p/163173/connatix.player.dc.js
Requested by: Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol: H2
Server: 151.101.2.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 925485cf72cfee85c7d4314f248c2266bfaab77169e02abd39b1c0498236ba0b

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 19 May 2022 15:32:16 GMT
content-encoding: br
last-modified: Thu, 19 May 2022 12:48:43 GMT
age: 9733
etag: "6444bd168b1f569c4cbea91adb08efb0"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges: bytes
content-length: 212410

Redirect headers

location: https://cds.connatix.com/p/163173/connatix.player.dc.js
date: Thu, 19 May 2022 15:32:16 GMT
cache-control: no-cache, no-store, must-revalidate, max-age=0
accept-ranges: bytes
content-length: 0
access-control-max-age: 86400

GET
H2 200 hls.5b3b785f487abbe00eee.js
cds.connatix.com/p/163173/ Frame 5A63 0
47 KB 9ms
9ms Other
application/javascript 151.101.2.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cds.connatix.com/p/163173/hls.5b3b785f487abbe00eee.js
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.2.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 19 May 2022 15:32:16 GMT
content-encoding: br
last-modified: Thu, 19 May 2022 12:48:43 GMT
age: 9733
etag: "182f65d040bfb9544bd8f71472475672"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges: bytes
content-length: 48258

GET
H/1.1 200
OK / Show response
kasperskycontenthub.com/ 0
399 B 346ms
154ms Script
application/javascript 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://kasperskycontenthub.com/?dm=ed1f9e435dc885292eab65620c51f3fb&action=load&blogid=103&siteid=1&t=1660632660&back=https%3A%2F%2Fthreatpost.com%2Fmalformed-url-prefix-phishing-attacks-spike-6000%2F164132%2F

Requested by

Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-35-173-160-135.compute-1.amazonaws.com

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date: Thu, 19 May 2022 15:32:17 GMT
X-Content-Type-Options: nosniff
Server: nginx
X-Frame-Options: SAMEORIGIN
Connection: close
Content-Type: application/javascript
x-cache-hit: MISS
Transfer-Encoding: chunked
X-Debug-Auth: off
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Request-Host: kasperskycontenthub.com
X-XSS-Protection: 1; mode=block

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 185 KB
62 KB 140ms
57ms Script
application/javascript 2a00:1450:4001:829::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-PM29HLF

Requested by

Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

3dcf83db83d5857d4a1065397e57ce872deaa98188cf855f2a7a712a5fa509b2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 19 May 2022 15:32:17 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 63097
x-xss-protection: 0
last-modified: Thu, 19 May 2022 15:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 19 May 2022 15:32:17 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 485 KB
115 KB 200ms
122ms Script
application/javascript 2a00:1450:4001:829::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-WZ7LJ3

Requested by

Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

35710df3c9cf3ed611809bce437cce9674307cd6a1ae2027a0e3f30ec1008ddb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 19 May 2022 15:32:17 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 117641
x-xss-protection: 0
last-modified: Thu, 19 May 2022 15:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 19 May 2022 15:32:17 GMT

GET
H/1.1 200
OK icons.svg
threatpost.com/wp-content/themes/threatpost-2018//assets/sprite/ 13 KB
13 KB 291ms
98ms Other
image/svg+xml 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018//assets/sprite/icons.svg
Requested by: Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 97f5070aadd9475bb56a49a7bc1114e9fe1b992b55f2b227502f35f8bba71d74

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date: Thu, 19 May 2022 15:32:17 GMT
Last-Modified: Fri, 13 May 2022 06:19:53 GMT
Server: nginx
ETag: "627df889-328e"
Content-Type: image/svg+xml
Access-Control-Allow-Origin: *
Connection: close
Accept-Ranges: bytes
Content-Length: 12942

GET
H/1.1 200
OK icons.svg
threatpost.com/wp-content/themes/threatpost-2018/assets/sprite/ 13 KB
13 KB 289ms
96ms Other
image/svg+xml 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/sprite/icons.svg
Requested by: Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 97f5070aadd9475bb56a49a7bc1114e9fe1b992b55f2b227502f35f8bba71d74

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date: Thu, 19 May 2022 15:32:17 GMT
Last-Modified: Fri, 13 May 2022 06:19:52 GMT
Server: nginx
ETag: "627df888-328e"
Content-Type: image/svg+xml
Access-Control-Allow-Origin: *
Connection: close
Accept-Ranges: bytes
Content-Length: 12942

GET
H2 200 logo.png
assets.threatpost.com/wp-content/themes/threatpost-2018/assets/images/ 19 KB
19 KB 364ms
364ms Image
image/png 2600:9000:2057:6400:2:9275:3d40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.threatpost.com/wp-content/themes/threatpost-2018/assets/images/logo.png
Requested by: Host: assets.threatpost.com
URL: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=86144b34
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2057:6400:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 39af7c1116fb967a330e8770f775e6b5ee871add01ed45c98a1634911cebfb0a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=86144b34
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma: public
date: Thu, 19 May 2022 15:32:17 GMT
via: 1.1 25c6baf0a31a5ef699c1e219b25ce7b8.cloudfront.net (CloudFront)
last-modified: Fri, 13 May 2022 06:19:52 GMT
server: nginx
x-amz-cf-pop: FRA6-C1
etag: "627df888-4a32"
x-cache: Miss from cloudfront
content-type: image/png
cache-control: max-age=604800, public
accept-ranges: bytes
content-length: 18994
x-amz-cf-id: vq6oBrOn6BfJyCeBxjAoHmncOwKjrxqXN_NwO5Tbq60S3Cb_3Sv1ig==
expires: Thu, 26 May 2022 15:32:17 GMT

GET
H2 200 mail-plane-light.svg
assets.threatpost.com/wp-content/themes/threatpost-2018/assets/images/ 828 B
1 KB 276ms
274ms Image
image/svg+xml 2600:9000:2057:6400:2:9275:3d40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.threatpost.com/wp-content/themes/threatpost-2018/assets/images/mail-plane-light.svg
Requested by: Host: assets.threatpost.com
URL: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=86144b34
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2057:6400:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 5a7ed822968963e31d88424c96387ad9f4fd4f4b5a5b581a33f65e3784d162cf

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=86144b34
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 19 May 2022 15:32:17 GMT
via: 1.1 25c6baf0a31a5ef699c1e219b25ce7b8.cloudfront.net (CloudFront)
last-modified: Fri, 13 May 2022 06:19:52 GMT
server: nginx
x-amz-cf-pop: FRA6-C1
etag: "627df888-33c"
x-cache: Miss from cloudfront
content-type: image/svg+xml
access-control-allow-origin: *
accept-ranges: bytes
content-length: 828
x-amz-cf-id: 1pCTg1KKVI9auntt5y4F3npGuXN9Kq9nMb3_48JoIjIWGdDnLL5aBw==

GET
H2 200 museosans-700-webfont.woff2
assets.threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 20 KB
21 KB 421ms
401ms Font
font/woff2 2600:9000:2057:6400:2:9275:3d40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-700-webfont.woff2
Requested by: Host: assets.threatpost.com
URL: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=86144b34
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2057:6400:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: ae00ae9c862bc8b8923efd1d9a18befa912678a869d4dd01179a59ed3de731be

Request headers

Referer: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=86144b34
Origin: https://threatpost.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 19 May 2022 15:32:17 GMT
via: 1.1 b8e900270aa30d899882e71796feca9c.cloudfront.net (CloudFront)
last-modified: Fri, 13 May 2022 06:19:53 GMT
server: nginx
x-amz-cf-pop: FRA6-C1
etag: "627df889-51a4"
x-cache: Miss from cloudfront
content-type: font/woff2
access-control-allow-origin: *
accept-ranges: bytes
content-length: 20900
x-amz-cf-id: E0uqTpM283Czcnhs6oYtru8rgQW-dsg4yZwwwqW0UDJIMgBx8w2Lag==

GET
H2 200 museosans-100-webfont.woff2
assets.threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 20 KB
21 KB 407ms
388ms Font
font/woff2 2600:9000:2057:6400:2:9275:3d40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-100-webfont.woff2
Requested by: Host: assets.threatpost.com
URL: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=86144b34
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2057:6400:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 06fc565587b8b700936a1677218cb269a6cc31ca5f701eb45461e86a3d54d5c7

Request headers

Referer: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=86144b34
Origin: https://threatpost.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 19 May 2022 15:32:17 GMT
via: 1.1 b8e900270aa30d899882e71796feca9c.cloudfront.net (CloudFront)
last-modified: Fri, 13 May 2022 06:19:52 GMT
server: nginx
x-amz-cf-pop: FRA6-C1
etag: "627df888-50c8"
x-cache: Miss from cloudfront
content-type: font/woff2
access-control-allow-origin: *
accept-ranges: bytes
content-length: 20680
x-amz-cf-id: tjeESmvsluewhv1DCcRIlecfERwW4gX9fGyFL_sie8qQ0fpVEhFWAw==

GET
H2 200 museosans-300-webfont.woff2
assets.threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 20 KB
21 KB 415ms
396ms Font
font/woff2 2600:9000:2057:6400:2:9275:3d40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-300-webfont.woff2
Requested by: Host: assets.threatpost.com
URL: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=86144b34
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2057:6400:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 45ddc09b0ad6ab916bd9a0282070b161045e186fc025303f4aa1aa821fc45ac7

Request headers

Referer: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=86144b34
Origin: https://threatpost.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 19 May 2022 15:32:17 GMT
via: 1.1 b8e900270aa30d899882e71796feca9c.cloudfront.net (CloudFront)
last-modified: Fri, 13 May 2022 06:19:53 GMT
server: nginx
x-amz-cf-pop: FRA6-C1
etag: "627df889-51b8"
x-cache: Miss from cloudfront
content-type: font/woff2
access-control-allow-origin: *
accept-ranges: bytes
content-length: 20920
x-amz-cf-id: r4nBHzAdqrNLHzcORTrJywpwvKESKFaR3__8e_jtEJqbmjmx3mVfrA==

GET
H2 200 museosans-500-webfont.woff2
assets.threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 20 KB
21 KB 413ms
394ms Font
font/woff2 2600:9000:2057:6400:2:9275:3d40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-500-webfont.woff2
Requested by: Host: assets.threatpost.com
URL: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=86144b34
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2057:6400:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 2de77164bb9924542e1dea4ee4a0ff27d40b51a3d7939dac7db11a95045c9b7d

Request headers

Referer: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=86144b34
Origin: https://threatpost.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 19 May 2022 15:32:17 GMT
via: 1.1 b8e900270aa30d899882e71796feca9c.cloudfront.net (CloudFront)
last-modified: Fri, 13 May 2022 06:19:53 GMT
server: nginx
x-amz-cf-pop: FRA6-C1
etag: "627df889-5194"
x-cache: Miss from cloudfront
content-type: font/woff2
access-control-allow-origin: *
accept-ranges: bytes
content-length: 20884
x-amz-cf-id: FDNb-zljuvCRlAFcRQ0BsV03dz3rxIa5UNu9b5j-3DWZqgxbDg58qQ==

GET
H2 200 museosans-300italic-webfont.woff2
assets.threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 23 KB
23 KB 417ms
398ms Font
font/woff2 2600:9000:2057:6400:2:9275:3d40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-300italic-webfont.woff2
Requested by: Host: assets.threatpost.com
URL: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=86144b34
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2057:6400:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: f8a2b5b62eb722c3379b30cf0cc58d3176ee6be48036d6ad2aa838d2029c4189

Request headers

Referer: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=86144b34
Origin: https://threatpost.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 19 May 2022 15:32:17 GMT
via: 1.1 b8e900270aa30d899882e71796feca9c.cloudfront.net (CloudFront)
last-modified: Fri, 13 May 2022 06:19:53 GMT
server: nginx
x-amz-cf-pop: FRA6-C1
etag: "627df889-5bac"
x-cache: Miss from cloudfront
content-type: font/woff2
access-control-allow-origin: *
accept-ranges: bytes
content-length: 23468
x-amz-cf-id: dzpaeIAshjqwspGmGctrbcIwHOm5_P7FQ8GKKiJGW4oNjqrJmjfS3w==

GET
H2 200 museosans-700italic-webfont.woff2
assets.threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 15 KB
16 KB 408ms
389ms Font
font/woff2 2600:9000:2057:6400:2:9275:3d40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-700italic-webfont.woff2
Requested by: Host: assets.threatpost.com
URL: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=86144b34
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2057:6400:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 859faa9b9ed0990288b2f393a102b1fe2668ac79088b113b6f0beaee521221eb

Request headers

Referer: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=86144b34
Origin: https://threatpost.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 19 May 2022 15:32:17 GMT
via: 1.1 b8e900270aa30d899882e71796feca9c.cloudfront.net (CloudFront)
last-modified: Fri, 13 May 2022 06:19:52 GMT
server: nginx
x-amz-cf-pop: FRA6-C1
etag: "627df888-3dcc"
x-cache: Miss from cloudfront
content-type: font/woff2
access-control-allow-origin: *
accept-ranges: bytes
content-length: 15820
x-amz-cf-id: LDV8XfOsxsLKCpJ6MsOj6BL9FRwVA2g4bpRTlbNLl4qMx8LVd30bIg==

GET
H2 200 Becky-Bracken-pic.jpg
media.threatpost.com/wp-content/uploads/sites/103/2020/07/10041056/ 39 KB
39 KB 39ms
13ms Image
image/jpeg 2600:9000:214f:c400:0:5c46:4f40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.threatpost.com/wp-content/uploads/sites/103/2020/07/10041056/Becky-Bracken-pic.jpg
Requested by: Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:214f:c400:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 949ce08c8b86d6d986c1dd7043588e95515b6cd7f799575317d19705543d500c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 03 Feb 2022 09:15:17 GMT
via: 1.1 b9d2ce196c8a711fb15d92175d58476e.cloudfront.net (CloudFront), 1.1 18e87eada05046c231b7f49230fa6dc4.cloudfront.net (CloudFront)
last-modified: Mon, 17 Aug 2020 13:15:29 GMT
server: AmazonS3
age: 9094621
etag: "e1cab0c2364107ab6eae069ca14087d7"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000
x-amz-cf-pop: FRA56-P2, FRA53-C1
accept-ranges: bytes
content-length: 39625
x-amz-cf-id: LISdHLcbavVuB9K_tIqSH0kex-Pv_czBioLcqCG7XgVV8oxgD45UeQ==
expires: Tue, 17 Aug 2021 13:15:28 GMT

GET
H2 200 phishing-captcha-image-300x161.jpg
media.threatpost.com/wp-content/uploads/sites/103/2021/02/19160657/ 5 KB
5 KB 23ms
22ms Image
image/jpeg 2600:9000:214f:c400:0:5c46:4f40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.threatpost.com/wp-content/uploads/sites/103/2021/02/19160657/phishing-captcha-image-300x161.jpg
Requested by: Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:214f:c400:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: b713c4d60db13b6748f0e57674ff4a364c1ee805223c52786c9ce2ea8d07a8fa

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 14:55:58 GMT
via: 1.1 59d5785a1d012a54118141e7e216a492.cloudfront.net (CloudFront), 1.1 18e87eada05046c231b7f49230fa6dc4.cloudfront.net (CloudFront)
last-modified: Fri, 19 Feb 2021 21:06:59 GMT
server: AmazonS3
age: 174980
etag: "ede1a653b858bf57bdc048bbbecd1a20"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000
x-amz-cf-pop: FRA56-P2, FRA53-C1
accept-ranges: bytes
content-length: 4850
x-amz-cf-id: CL5GD9IUpr8B9Wg7_Is4TxmI3npr9HETjIJFlwwm4wIktPmDhpZ6hA==
expires: Sat, 19 Feb 2022 21:06:57 GMT

GET
H2 200 phishing-sign-in-page-300x161.jpg
media.threatpost.com/wp-content/uploads/sites/103/2021/02/19160718/ 7 KB
8 KB 34ms
33ms Image
image/jpeg 2600:9000:214f:c400:0:5c46:4f40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.threatpost.com/wp-content/uploads/sites/103/2021/02/19160718/phishing-sign-in-page-300x161.jpg
Requested by: Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:214f:c400:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 3e9eefb59277748bb91f68907a4ddbc3d5ff18307fb8af50285f925427145afd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 17 May 2022 14:55:58 GMT
via: 1.1 c5c25772c7f14e267596e0f8ce51d9bc.cloudfront.net (CloudFront), 1.1 18e87eada05046c231b7f49230fa6dc4.cloudfront.net (CloudFront)
last-modified: Fri, 19 Feb 2021 21:07:20 GMT
server: AmazonS3
age: 174980
etag: "d58d99202d89890c159ffefc908f5123"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000
x-amz-cf-pop: FRA53-C1, FRA53-C1
accept-ranges: bytes
content-length: 7490
x-amz-cf-id: D57F1YssfZxeo29TtrWPE5dQIdaC-z5nw2oWNmkCZ0d78cLUUB4wlA==
expires: Sat, 19 Feb 2022 21:07:18 GMT

GET
H2 200 phishing-email-example-300x222.jpg
media.threatpost.com/wp-content/uploads/sites/103/2021/02/19160706/ 12 KB
12 KB 21ms
20ms Image
image/jpeg 2600:9000:214f:c400:0:5c46:4f40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.threatpost.com/wp-content/uploads/sites/103/2021/02/19160706/phishing-email-example-300x222.jpg
Requested by: Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:214f:c400:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f0a4d16aad94ac27eb35c9707b8a74b3c383baaccac7d80fbd2822830c52cc18

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Wed, 18 May 2022 17:32:19 GMT
via: 1.1 d01ad8df731d3f120823f9e20df55146.cloudfront.net (CloudFront), 1.1 18e87eada05046c231b7f49230fa6dc4.cloudfront.net (CloudFront)
last-modified: Fri, 19 Feb 2021 21:07:07 GMT
server: AmazonS3
age: 79199
etag: "43cfb6a96f4a9bc4db7cefb691260490"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000
x-amz-cf-pop: FRA53-C1, FRA53-C1
accept-ranges: bytes
content-length: 12175
x-amz-cf-id: Yv_RYfDnZQWgr7FoQPEbCJlMS8jZ6fOo8XxtFVrCgpi-HmJxhggnmQ==
expires: Sat, 19 Feb 2022 21:07:06 GMT

GET
H2 200 WordPress-patch-dlya-XSS-700x412-540x270.jpg
media.threatpost.com/wp-content/uploads/sites/103/2019/04/12095249/ 37 KB
38 KB 10ms
9ms Image
image/jpeg 2600:9000:214f:c400:0:5c46:4f40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.threatpost.com/wp-content/uploads/sites/103/2019/04/12095249/WordPress-patch-dlya-XSS-700x412-540x270.jpg
Requested by: Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:214f:c400:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 0340e47a052358849c251cc81c5ba45672719b26527d3422c70fcc3336048124

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Sun, 17 Apr 2022 06:28:33 GMT
via: 1.1 83f1b8f73f37458f38e2ee1fc0b9e68c.cloudfront.net (CloudFront), 1.1 18e87eada05046c231b7f49230fa6dc4.cloudfront.net (CloudFront)
last-modified: Fri, 12 Apr 2019 13:52:52 GMT
server: AmazonS3
age: 2797425
etag: "3354e965a8c7ba1643cbb433a009cdf9"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000
x-amz-cf-pop: FRA56-P2, FRA53-C1
accept-ranges: bytes
content-length: 38116
x-amz-cf-id: yiccyak62yb2Xjn2AYZAOdC1SpPrTC6SaUH2szhTFlLrxxWqR5Qx9g==
expires: Sat, 11 Apr 2020 13:52:49 GMT

GET
H2 200 malware-540x270.jpg
media.threatpost.com/wp-content/uploads/sites/103/2021/02/02160341/ 36 KB
36 KB 11ms
10ms Image
image/jpeg 2600:9000:214f:c400:0:5c46:4f40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.threatpost.com/wp-content/uploads/sites/103/2021/02/02160341/malware-540x270.jpg
Requested by: Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:214f:c400:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 6071600aa19773525efd4442285dd47099627b02e78b66c993ba4fcef3a74a7d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Fri, 13 May 2022 12:06:44 GMT
via: 1.1 985c0b2ec44bdebc7f24f26d1e427d30.cloudfront.net (CloudFront), 1.1 18e87eada05046c231b7f49230fa6dc4.cloudfront.net (CloudFront)
last-modified: Tue, 02 Feb 2021 21:03:45 GMT
server: AmazonS3
age: 530734
etag: "dc548f30824ec0d472fc36e775b7739a"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000
x-amz-cf-pop: FRA56-P2, FRA53-C1
accept-ranges: bytes
content-length: 36473
x-amz-cf-id: DLOhtlN5i0CbivdhMSr8hXe0XTTcoG-h7rsoSfJ3YRlzr5Zep2AMdA==
expires: Wed, 02 Feb 2022 21:03:44 GMT

GET
H2 200 remote_desktop_abstract-540x270.jpg
media.threatpost.com/wp-content/uploads/sites/103/2022/05/05082831/ 35 KB
36 KB 12ms
12ms Image
image/jpeg 2600:9000:214f:c400:0:5c46:4f40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.threatpost.com/wp-content/uploads/sites/103/2022/05/05082831/remote_desktop_abstract-540x270.jpg
Requested by: Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:214f:c400:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 61a4a83ec405dc0c1f5d350301d60240ac9023d53d43749ec1a86cf34d482306

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 05 May 2022 12:29:37 GMT
via: 1.1 2af4ee189e50805a67bd62bbd51ad0dc.cloudfront.net (CloudFront), 1.1 18e87eada05046c231b7f49230fa6dc4.cloudfront.net (CloudFront)
last-modified: Thu, 05 May 2022 12:28:37 GMT
server: AmazonS3
age: 1220561
etag: "3e038735e465d9441c4ae4e87c448588"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000
x-amz-cf-pop: FRA56-P2, FRA53-C1
accept-ranges: bytes
content-length: 36029
x-amz-cf-id: TAlwhRjeEucqIdT9RjXmg7ypKBlIf2eXLM7_YAYmUUWImBzwBlTXQw==
expires: Fri, 05 May 2023 12:28:36 GMT

GET
H2 200 DDoS-64x64.jpg
media.threatpost.com/wp-content/uploads/sites/103/2021/09/10120505/ 2 KB
2 KB 39ms
12ms Image
image/jpeg 2600:9000:214f:c400:0:5c46:4f40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.threatpost.com/wp-content/uploads/sites/103/2021/09/10120505/DDoS-64x64.jpg
Requested by: Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:214f:c400:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: dc8ae1c2826f713cc3dff20cde6078ba57bec99397f4d61dae38cd82b0f5b48c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 11:59:29 GMT
via: 1.1 6faa38f38a1fee24a829fec7c748876c.cloudfront.net (CloudFront), 1.1 18e87eada05046c231b7f49230fa6dc4.cloudfront.net (CloudFront)
last-modified: Fri, 10 Sep 2021 16:05:09 GMT
server: AmazonS3
age: 617569
etag: "a5c5593abb184fca0fb91da48fe02ef6"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000
x-amz-cf-pop: FRA56-P2, FRA53-C1
accept-ranges: bytes
content-length: 1804
x-amz-cf-id: UqlOFDFxyvqHzIAuNjdG-wVpDWHK8WIaVlFDfGsCt48n2wEjXBw8Ag==
expires: Sat, 10 Sep 2022 16:05:08 GMT

GET
H2 200 cloud_web_app-64x64.jpg
media.threatpost.com/wp-content/uploads/sites/103/2021/01/05170820/ 3 KB
3 KB 39ms
12ms Image
image/jpeg 2600:9000:214f:c400:0:5c46:4f40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.threatpost.com/wp-content/uploads/sites/103/2021/01/05170820/cloud_web_app-64x64.jpg
Requested by: Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:214f:c400:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 7f8e26c6e3747211b9e868590efacffe3e5fda8c33df14ea69aeb09b0270064c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 05 May 2022 13:00:36 GMT
via: 1.1 6b4954a8411e7b2a232537f8000c5c9c.cloudfront.net (CloudFront), 1.1 18e87eada05046c231b7f49230fa6dc4.cloudfront.net (CloudFront)
last-modified: Tue, 05 Jan 2021 22:08:25 GMT
server: AmazonS3
age: 1218702
etag: "467b7391215e33f5cb19813268f1a4cd"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000
x-amz-cf-pop: FRA50-C1, FRA53-C1
accept-ranges: bytes
content-length: 2755
x-amz-cf-id: v3sZLVKKXOLtwFpR1RcBlK8pLVHmcHNp12EFlFDxdEJhm2etM26-NA==
expires: Wed, 05 Jan 2022 22:08:24 GMT

GET
H2 200 Work-from-Home-WFH-64x64.jpg
media.threatpost.com/wp-content/uploads/sites/103/2020/04/03174818/ 2 KB
2 KB 38ms
12ms Image
image/jpeg 2600:9000:214f:c400:0:5c46:4f40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.threatpost.com/wp-content/uploads/sites/103/2020/04/03174818/Work-from-Home-WFH-64x64.jpg
Requested by: Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:214f:c400:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 851913072ba36e6383ee40856fa3dea9ed4c5f03b4e3effb6a3841aab3840d26

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:41:42 GMT
via: 1.1 5d8c59c4e33ff30f6610982ac8ad0232.cloudfront.net (CloudFront), 1.1 18e87eada05046c231b7f49230fa6dc4.cloudfront.net (CloudFront)
last-modified: Fri, 03 Apr 2020 21:48:22 GMT
server: AmazonS3
age: 1479036
etag: "8935e353d0d7393d74a9d2a3c8feec32"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000
x-amz-cf-pop: FRA50-C1, FRA53-C1
accept-ranges: bytes
content-length: 2024
x-amz-cf-id: xa1NX5F2ozlVkz5uawJFs3mRM7Cd9oL_PVSxPo8CyyNPLCVTUjNn3w==
expires: Sat, 03 Apr 2021 21:48:21 GMT

GET
H2 200 bug-fix-64x64.jpg
media.threatpost.com/wp-content/uploads/sites/103/2019/05/14160018/ 2 KB
2 KB 38ms
12ms Image
image/jpeg 2600:9000:214f:c400:0:5c46:4f40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.threatpost.com/wp-content/uploads/sites/103/2019/05/14160018/bug-fix-64x64.jpg
Requested by: Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:214f:c400:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 5232056dc8a22734e95ac2a205b7ccdec0416eba47e4234cb9113f1443a6d33c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Fri, 22 Apr 2022 10:57:47 GMT
via: 1.1 84294257ed643a88ee54d2e3f7d7ccea.cloudfront.net (CloudFront), 1.1 18e87eada05046c231b7f49230fa6dc4.cloudfront.net (CloudFront)
last-modified: Tue, 14 May 2019 20:00:21 GMT
server: AmazonS3
age: 2349271
etag: "c443edcced46f1920f25254b3679e95a"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000
x-amz-cf-pop: FRA56-P2, FRA53-C1
accept-ranges: bytes
content-length: 1569
x-amz-cf-id: uahdarwJxcWC7rFAdxi7rvb10rFPjcFATG1gPY4-vuqtMVjDzbaLWQ==
expires: Wed, 13 May 2020 20:00:18 GMT

GET
H2 200 14_kaspersky_secure_futures_magazine_composable_infrastructure-64x64.jpg
media.threatpost.com/wp-content/uploads/sites/103/2022/03/01154703/ 2 KB
3 KB 38ms
12ms Image
image/jpeg 2600:9000:214f:c400:0:5c46:4f40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.threatpost.com/wp-content/uploads/sites/103/2022/03/01154703/14_kaspersky_secure_futures_magazine_composable_infrastructure-64x64.jpg
Requested by: Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:214f:c400:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 7e75ade51afcae47ec8dedc46bd50962ebb58b46638a69951f1f494c5052fe14

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 08 Mar 2022 15:57:05 GMT
via: 1.1 57d93b321db68494cc6755a0d3fb29cc.cloudfront.net (CloudFront), 1.1 18e87eada05046c231b7f49230fa6dc4.cloudfront.net (CloudFront)
last-modified: Tue, 01 Mar 2022 20:47:09 GMT
server: AmazonS3
age: 6219313
etag: "502f5a6c66ba05c0831f656eb6cc29dd"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000
x-amz-cf-pop: FRA2-C2, FRA53-C1
accept-ranges: bytes
content-length: 2476
x-amz-cf-id: doIBKS89lmu6Q6JLiYLzSI9yIuP2eQNLF-jFSCzTPU7hxZOG1oBp2w==
expires: Wed, 01 Mar 2023 20:47:08 GMT

GET
H2 200 player.css
cds.connatix.com/p/163173/ 57 KB
9 KB 7ms
7ms Stylesheet
text/css 151.101.2.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cds.connatix.com/p/163173/player.css
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.2.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: daf028afc101da7201cb211f9786b6a36f6bf60ad836dfe991306140efca2432

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 19 May 2022 15:32:17 GMT
content-encoding: br
last-modified: Thu, 19 May 2022 12:48:43 GMT
age: 9733
etag: "ea2f9ede807e1b050a71617a64dba818"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges: bytes
content-length: 8709

GET
H2 200 mail-plane-large-dark.svg
assets.threatpost.com/wp-content/themes/threatpost-2018/assets/images/ 812 B
1 KB 276ms
276ms Image
image/svg+xml 2600:9000:2057:6400:2:9275:3d40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.threatpost.com/wp-content/themes/threatpost-2018/assets/images/mail-plane-large-dark.svg
Requested by: Host: assets.threatpost.com
URL: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=86144b34
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2057:6400:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: a9d2b2df99c1a115d5394c70a898d8801092208dc582f8bd6fb01b35c30d6b22

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=86144b34
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 19 May 2022 15:32:17 GMT
via: 1.1 25c6baf0a31a5ef699c1e219b25ce7b8.cloudfront.net (CloudFront)
last-modified: Fri, 13 May 2022 06:19:52 GMT
server: nginx
x-amz-cf-pop: FRA6-C1
etag: "627df888-32c"
x-cache: Miss from cloudfront
content-type: image/svg+xml
access-control-allow-origin: *
accept-ranges: bytes
content-length: 812
x-amz-cf-id: SMXCleDFbSw51tABp8eTw9QlKe-5DKmUWTE6TWi9njMCAsaH3XC6tg==

GET
H2 200 logo-white.png
assets.threatpost.com/wp-content/themes/threatpost-2018/assets/images/ 10 KB
10 KB 277ms
277ms Image
image/png 2600:9000:2057:6400:2:9275:3d40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.threatpost.com/wp-content/themes/threatpost-2018/assets/images/logo-white.png
Requested by: Host: assets.threatpost.com
URL: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=86144b34
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2057:6400:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: e4058d4ee9da1ceaddfa91ddb63650ba67285f1bbfee487d9dfe648bced669a0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=86144b34
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma: public
date: Thu, 19 May 2022 15:32:17 GMT
via: 1.1 25c6baf0a31a5ef699c1e219b25ce7b8.cloudfront.net (CloudFront)
last-modified: Fri, 13 May 2022 06:19:53 GMT
server: nginx
x-amz-cf-pop: FRA6-C1
etag: "627df889-260a"
x-cache: Miss from cloudfront
content-type: image/png
cache-control: max-age=604800, public
accept-ranges: bytes
content-length: 9738
x-amz-cf-id: wcP7s8MHj2cvund0y7eUFrNjPm-f9KXDWOoKvXpCFIWrOu6h3wTuJw==
expires: Thu, 26 May 2022 15:32:17 GMT

POST
H2 200 pls Show response
capi.connatix.com/core/ Frame 5A63 9 KB
4 KB 149ms
142ms XHR
application/x-protobuf 151.101.2.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://capi.connatix.com/core/pls?v=163173
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.2.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 41b56530c0fd096b5fee847014b2c02531a999cb5a11a3aa82e578448ee06838

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type: multipart/form-data

Response headers

date: Thu, 19 May 2022 15:32:17 GMT
content-encoding: gzip
vary: Accept-Encoding
content-type: application/x-protobuf
access-control-allow-origin: https://threatpost.com
access-control-max-age: 86400
access-control-allow-credentials: true
accept-ranges: bytes
content-length: 3821

GET
H2 200 b-7b120a5-9b871d4e.js Show response
tagan.adlightning.com/math-aids-threatpost/ 73 KB
28 KB 8ms
8ms Script
application/javascript 65.9.63.123
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.63.123 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-63-123.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 4658e1122a2190db712f6731d3e8c14b027f0a42bd7c1333b11d272f8e9ea3fd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Fri, 01 Oct 2021 20:58:51 GMT
content-encoding: gzip
age: 19852407
x-cache: Hit from cloudfront
content-length: 28179
x-amz-meta-git_commit: 7b120a5
last-modified: Mon, 16 Aug 2021 17:49:31 GMT
server: AmazonS3
etag: "c42a7ac1ac405f3f0cad04305cad5553"
x-amz-version-id: HCJNSpgvHPkSF2.YDap.Qx6PnxOllH79
via: 1.1 b8fb5d47d5536b63dd25111404e6e2e4.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: FRA56-C1
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: x7BZwQ9Tzyowz81G3Trocvtz-aA30Ljkt_uHDEYKJD0rKc-RNjR8Fg==

GET
H2 200 bl-b318b8b-eb6591db.js Show response
tagan.adlightning.com/math-aids-threatpost/ 47 KB
20 KB 8ms
8ms Script
application/javascript 65.9.63.123
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/math-aids-threatpost/bl-b318b8b-eb6591db.js
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.63.123 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-63-123.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 774f2434b1fe7dd4390dc990faeac81493165957972002b126e0a4d14720a194

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Wed, 18 May 2022 18:38:07 GMT
content-encoding: gzip
age: 75251
x-cache: Hit from cloudfront
content-length: 19745
x-amz-meta-git_commit: b318b8b
last-modified: Wed, 18 May 2022 18:20:00 GMT
server: AmazonS3
etag: "9e4155727e5fcd7430fa89390a19b267"
x-amz-version-id: .qaRnGUeAvfTLcnXgCiu2MkvhXKhlmu8
via: 1.1 b8fb5d47d5536b63dd25111404e6e2e4.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: FRA56-C1
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: eSDr6ymTh24CHZ6kTf9IE9rIseybrb_VJPm1CkhF2G810YURIipfjA==

GET
H2 200 config Show response
c.amazon-adsystem.com/cdn/prod/ 662 B
1018 B 9ms
8ms XHR
application/json 65.9.66.173
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/cdn/prod/config?src=600&u=https%3A%2F%2Fthreatpost.com&pubid=cb8cfc89-e83e-44aa-a3a2-ff78eda781ef
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.173 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-173.fra56.r.cloudfront.net
Software: Server /
Resource Hash: 6493fe707262fb8d9bc0e4d487e319fc9ebe7de26ebe7e3b4f58a5d17f03a9ea

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 19 May 2022 10:13:52 GMT
via: 1.1 120ade321ed0e3697c81eb1eb19b5f62.cloudfront.net (CloudFront)
server: Server
age: 19105
x-cache: Hit from cloudfront
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://threatpost.com
cache-control: max-age=21550, s-maxage=21600
access-control-allow-credentials: true
x-amz-cf-pop: FRA56-C1
content-length: 662
x-amz-cf-id: Tk69iTOnsyDunBWf7cdlgAyam_o-9xMfAZmYIYEKfPyDqmmOBB510w==

GET
H2 200 aps_csm.js Show response
c.amazon-adsystem.com/bao-csm/aps-comm/ 6 KB
3 KB 24ms
8ms XHR
application/javascript 65.9.66.173
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.173 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-173.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 19 May 2022 05:30:38 GMT
content-encoding: gzip
vary: Accept-Encoding,Origin
age: 36100
x-cache: Hit from cloudfront
access-control-allow-origin: *
last-modified: Thu, 28 Apr 2022 01:41:20 GMT
server: AmazonS3
etag: W/"a4d296427fc806b21335359e398c025c"
access-control-max-age: 3000
access-control-allow-methods: GET
x-amz-version-id: aaJeHz3g2a7aWr9hYquBq.aDaObnNoK3
via: 1.1 afcdbc9d4d397c4a65e6b312552ff7ee.cloudfront.net (CloudFront)
cache-control: public, max-age=86400
x-amz-cf-pop: FRA56-C1
content-type: application/javascript
x-amz-cf-id: cAAV8uh1fcR4JMxGPjF123jZv94gJKbRprf1OXEmXNubU8SVq02ZZA==

GET
H2 200 pubcid.min.js Show response
secure.cdn.fastclick.net/js/pubcid/latest/ 53 KB
17 KB 40ms
9ms Script
application/javascript 23.206.210.112
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.cdn.fastclick.net/js/pubcid/latest/pubcid.min.js
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.206.210.112 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-206-210-112.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: a4350fed8ed92bbf4f462fc245028928ac33afa25d2231b28c334b91cd0d3952

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 19 May 2022 15:32:17 GMT
content-encoding: gzip
last-modified: Tue, 01 Jun 2021 17:06:57 GMT
server: Apache
etag: "d398-5c3b75e9ebb41-gzip"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=900
accept-ranges: bytes
content-length: 17087
expires: Thu, 19 May 2022 15:47:17 GMT

GET
H2 200 id5-api.js Show response
cdn.id5-sync.com/api/1.0/ 40 KB
11 KB 41ms
9ms Script
text/javascript 46.105.202.126
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.id5-sync.com/api/1.0/id5-api.js

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

46.105.202.126 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

Resource Hash

9476350068dbd8b61373906f6d9dba49ed31ed5d64d6ee2d48da082c44a447dc

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 19 May 2022 15:29:46 GMT
content-encoding: br
x-cacheable: Matched cache
x-cdn-pop-ip: 137.74.120.0/27
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
content-type: text/javascript;charset=utf-8
cache-control: max-age=3600
x-cdn-pop: sbg
content-disposition: attachment;filename="id5-api.js"
strict-transport-security: max-age=63072000; includeSubDomains; preload
accept-ranges: bytes
content-length: 11181
x-request-id: 629179981

GET
H2 200 insights.bin Show response
ins.connatix.com/f7f65e89a785dc99fc24f84b9dcad010/ Frame 5A63 216 B
395 B 33ms
7ms XHR
application/octet-stream 151.101.194.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://ins.connatix.com/f7f65e89a785dc99fc24f84b9dcad010/insights.bin
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.194.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 7311e76d0df711b21ef501b880bf5c372883d7f635a020637403b830fc68fd39

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 19 May 2022 15:32:17 GMT
content-encoding: gzip
last-modified: Thu, 12 May 2022 11:36:59 GMT
age: 193461
etag: "296986dfbb9bba4b6b1e4af0acdc16b6"
vary: Accept-Encoding
content-type: application/octet-stream
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges: bytes
content-length: 157

GET
H2 200 pubads_impl_2022051601.js Show response
securepubads.g.doubleclick.net/gpt/ 369 KB
126 KB 136ms
39ms Script
text/javascript 172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022051601.js?cb=31067627

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

sffe /

Resource Hash

65ac8994c1c17920b580a1d55d69bd021a3f35fba06c228f47733751a18d2a16

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 19 May 2022 12:00:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 12708
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 127938
x-xss-protection: 0
last-modified: Mon, 16 May 2022 08:38:01 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Fri, 19 May 2023 12:00:29 GMT

GET
H2 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 141 B
737 B 146ms
50ms XHR
application/json 172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=threatpost.com

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

cafe /

Resource Hash

d4c4215f41a4bb6f12e0d100854eecc6bc5c57ef23af0e945b8359d7727ae94e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 19 May 2022 15:32:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 101
x-xss-protection: 0
expires: Thu, 19 May 2022 15:32:17 GMT

GET
H2 200 recaptcha__de.js Show response
www.gstatic.com/recaptcha/releases/0aeEuuJmrVqDrEL39Fsg5-UJ/ 364 KB
144 KB 120ms
37ms Script
text/javascript 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/0aeEuuJmrVqDrEL39Fsg5-UJ/recaptcha__de.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?render=explicit&ver=202124050927

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

411a8ae4e9c823011e6f526f20d2b75f7df34203460c5af36470331dd3eda4bd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/
Origin: https://threatpost.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 19 May 2022 14:44:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2847
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 147159
x-xss-protection: 0
last-modified: Mon, 09 May 2022 19:02:03 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 19 May 2023 14:44:50 GMT

GET
H/1.1 200
OK id Show response
dpm.demdex.net/ 368 B
1 KB 139ms
34ms XHR
application/json 52.31.67.18
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://dpm.demdex.net/id?d_visid_ver=4.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=983502BE532960BE0A490D4C%40AdobeOrg&d_nsid=0&ts=1652974337536

Requested by

Host: media.kaspersky.com
URL: https://media.kaspersky.com/tracking/omniture/s_code_single_suite.js?ver=5.9.3

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.31.67.18 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-31-67-18.eu-west-1.compute.amazonaws.com

Software

Resource Hash

0e662837b334f92da2bc3e9a7e365807c4ffe3977beaa87d2b94aeec4956b09c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://threatpost.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

DCS: dcs-prod-irl1-2-v031-0267e2bef.edge-irl1.demdex.com UNKNOWN
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-TID: hzHe49QZRSk=
Vary: Origin
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin: https://threatpost.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json;charset=utf-8
Content-Length: 311
Expires: Thu, 01 Jan 1970 00:00:00 UTC

POST
H/1.1 200
OK sr Show response
capi-tier-1-us-east-2.connatix.com/tr/ Frame 5A63 0
315 B 433ms
107ms XHR
application/x-protobuf 3.18.237.195
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://capi-tier-1-us-east-2.connatix.com/tr/sr?v=163173
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.18.237.195 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-18-237-195.us-east-2.compute.amazonaws.com
Software: Kestrel /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type: multipart/form-data

Response headers

date: Thu, 19 May 2022 15:32:16 GMT
content-encoding: gzip
server: Kestrel
vary: Accept-Encoding
content-type: application/x-protobuf
access-control-allow-origin: https://threatpost.com
access-control-allow-credentials: true
Connection: keep-alive
Content-Length: 20

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 83 KB
29 KB 173ms
135ms Script
text/javascript 172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

sffe /

Resource Hash

e01af111d3c1bd301693897bf7772b4073a2ed1aa90740a5d0c3710a4f632e3a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 19 May 2022 15:32:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29035
x-xss-protection: 0
server: sffe
etag: "1219 / 546 of 1000 / last-modified: 1652958421"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Thu, 19 May 2022 15:32:17 GMT

GET
H2 200 2_media.bin Show response
vid.connatix.com/pid-c2ecd04f-0dca-4ffa-8761-d93b34717380/60764267-557e-410f-85cb-f102d92ee134/73011a9c-95f2-46c8-9a01-034555124893/ Frame 5A63 291 B
345 B 13ms
6ms XHR
application/octet-stream 151.101.194.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://vid.connatix.com/pid-c2ecd04f-0dca-4ffa-8761-d93b34717380/60764267-557e-410f-85cb-f102d92ee134/73011a9c-95f2-46c8-9a01-034555124893/2_media.bin
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.194.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 723318519bbf13a89e6092f0afb088abf00cc214a50f5f6dc221d9d816b6fa0f

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 19 May 2022 15:32:17 GMT
content-encoding: gzip
last-modified: Fri, 16 Apr 2021 16:56:43 GMT
age: 88202
etag: "6ba7d221640dc9edc659794d320b1e54"
vary: Accept-Encoding
content-type: application/octet-stream
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges: bytes
content-length: 255

GET
H2 200 ima3.js Show response
imasdk.googleapis.com/js/sdkloader/ Frame 5A63 377 KB
127 KB 165ms
51ms Script
text/javascript 2a00:1450:4001:809::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/sdkloader/ima3.js

Requested by

Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c92ee2460b4063f46ccd0ad0e0a68d212c6b756c4a0ef3a7fdf0afe0989781b1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 19 May 2022 15:32:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 128852
x-xss-protection: 0
expires: Thu, 19 May 2022 15:32:17 GMT

GET
H2 200 1.png
img.connatix.com/pid-c2ecd04f-0dca-4ffa-8761-d93b34717380/c2ecd04f-0dca-4ffa-8761-d93b34717380/ 6 KB
7 KB 14ms
7ms Image
image/png 151.101.2.137
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.connatix.com/pid-c2ecd04f-0dca-4ffa-8761-d93b34717380/c2ecd04f-0dca-4ffa-8761-d93b34717380/1.png
Requested by: Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.2.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 739ab1cbd5fc795c806cfbc012e937834a1d566f02ed72ff02af2700c0629eb4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 19 May 2022 15:32:17 GMT
content-encoding: br
age: 2606040
etag: "CDlq0wWU2N6Hha9Y1OkqKS7K/JyWAUvXYL5GlZ2se8g"
access-control-max-age: 86400
fastly-io-info: ifsz=8114 idim=288x42 ifmt=png ofsz=6487 odim=288x42 ofmt=png
access-control-allow-origin: *
cache-control: max-age=2592000, public
fastly-stats: io=1
accept-ranges: bytes
content-type: image/png
content-length: 6487

GET
H3 200 vendor-list.json Show response
qd.admetricspro.com/js/cmp2/ 318 KB
43 KB 187ms
166ms XHR
application/json 2606:4700:3030::ac43:cf70
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://qd.admetricspro.com/js/cmp2/vendor-list.json
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/cmp.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3030::ac43:cf70 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1030fc8851425c20e532acd288aa03d709507bcd3d55367f980d55de309ead68

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 19 May 2022 15:32:17 GMT
content-encoding: br
cf-cache-status: DYNAMIC
last-modified: Tue, 03 May 2022 16:25:12 GMT
server: cloudflare
etag: W/"4f6fe-5de1df3ffe732"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=x%2Fr3wgBj3JPDp9kkpp%2FqmHYBkCWIerEEHGFRKlnSwT%2BmJrUI9vx2CJcDQh3lwZWLzoTNonlgKs8Z5frJEe1SSkdSC3gzhOMVDrI0GksxBfDqxGypJXTp4LeyHAbAwyibs3WM6J6LWmXFbNetlyYeT3yy"}],"group":"cf-nel","max_age":604800}
content-type: application/json
access-control-allow-origin: *
cache-control: max-age=600
cf-ray: 70dde26a8dc4904e-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Thu, 19 May 2022 15:42:17 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 118ms
36ms Script
text/javascript 2a00:1450:4001:802::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PM29HLF

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 13 Apr 2022 21:02:38 GMT
server: Golfe2
age: 4389
date: Thu, 19 May 2022 14:19:08 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Thu, 19 May 2022 16:19:08 GMT

GET
H2 200 quant.js Show response
secure.quantserve.com/ 24 KB
10 KB 59ms
11ms Script
application/javascript 2620:116:800d:21:8c6e:cf2c:8d6:9fb5
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.quantserve.com/quant.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PM29HLF
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2620:116:800d:21:8c6e:cf2c:8d6:9fb5 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 8d6580af877387b05d9ffac3ebeacfe25a7728c77adef6d9b32fd72ccbe21468

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 19 May 2022 15:32:17 GMT
content-encoding: gzip
etag: "u2JtyZzqnTXwzBUswy2r+w=="
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, max-age=604800
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
expires: Thu, 26 May 2022 15:32:17 GMT

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ 48 KB
14 KB 37ms
7ms Script
application/javascript 199.232.136.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PM29HLF
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 199.232.136.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: d217d238f3f2648014fb12906dca5366954ffa6256d160726190d9e0e9c8376a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 19 May 2022 15:32:17 GMT
content-encoding: gzip
last-modified: Wed, 18 May 2022 16:49:30 GMT
etag: "39dd6daafb219ee61305f13521c2d060+gzip+gzip"
vary: Accept-Encoding,Host
x-tw-cdn: FT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
cache-control: no-cache
x-cache: HIT, HIT
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
content-length: 14051
x-served-by: cache-iad-kcgs7200034-IAD, cache-hhn11559-HHN

GET
H/1.1 200
OK dest5.html Show response
kaspersky.demdex.net/ Frame FBF6 7 KB
3 KB 122ms
29ms Document
text/html 52.210.138.219
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://kaspersky.demdex.net/dest5.html?d_nsid=0

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.210.138.219 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-210-138-219.eu-west-1.compute.amazonaws.com

Software

Resource Hash

7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://threatpost.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: text/html;charset=UTF-8
DCS: dcs-prod-irl1-1-v031-0e6e7a81c.edge-irl1.demdex.com UNKNOWN
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: OfVmY/oqTaY=
content-encoding: gzip
date: Thu, 19 May 2022 15:32:17 GMT
last-modified: Wed, 27 Apr 2022 09:29:57 GMT
transfer-encoding: chunked
vary: accept-encoding

GET
H2 200 id Show response
kaspersky.d3.sc.omtrdc.net/ 2 B
316 B 61ms
16ms XHR
application/x-javascript 13.36.218.177
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://kaspersky.d3.sc.omtrdc.net/id?d_visid_ver=4.4.0&d_fieldgroup=A&mcorgid=983502BE532960BE0A490D4C%40AdobeOrg&mid=07144512937268953731553571648394467026&ts=1652974337725

Requested by

Host: media.kaspersky.com
URL: https://media.kaspersky.com/tracking/omniture/s_code_single_suite.js?ver=5.9.3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.36.218.177 Paris, France, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-13-36-218-177.eu-west-3.compute.amazonaws.com

Software

jag /

Resource Hash

44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://threatpost.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Thu, 19 May 2022 15:32:17 GMT
x-content-type-options: nosniff
server: jag
xserver: anedge-df488f754-vxfnv
vary: Origin
x-c: main-1645.Id526ce.M0-571
p3p: CP="This is not a P3P policy"
access-control-allow-origin: https://threatpost.com
cache-control: no-cache, no-store, max-age=0, no-transform, private
access-control-allow-credentials: true
content-type: application/x-javascript;charset=utf-8
content-length: 2
x-xss-protection: 1; mode=block

GET
H/1.1

200
OK

ibs:dpid=411&dpuuid=YoZjAQAAALEWpANn
dpm.demdex.net/
Redirect Chain

https://cm.everesttech.net/cm/dd?d_uuid=05541802692311294312005650498476980360
https://dpm.demdex.net/ibs:dpid=411&dpuuid=YoZjAQAAALEWpANn

42 B
945 B

35ms
35ms

Image
image/gif

52.31.67.18
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=411&dpuuid=YoZjAQAAALEWpANn

Requested by

Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/

Protocol

HTTP/1.1

Server

52.31.67.18 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-31-67-18.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

DCS: dcs-prod-irl1-1-v031-096666b20.edge-irl1.demdex.com UNKNOWN
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: HZfk+lKKRJU=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

Location: https://dpm.demdex.net/ibs:dpid=411&dpuuid=YoZjAQAAALEWpANn
Date: Thu, 19 May 2022 15:32:17 GMT
Cache-Control: no-cache
Server: AMO-cookiemap/1.1
Connection: keep-alive
Content-Length: 0
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"

GET
H3 200 gtm.js Show response
www.googletagmanager.com/ 430 KB
112 KB 128ms
48ms Script
application/javascript 2a00:1450:4001:829::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-T45JW6B&l=dataLayer

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WZ7LJ3

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

9af5b83aa2ad1cb2666c5e3dfb7239193c9ce50e97735c594089d0b3646f3f90

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 19 May 2022 15:32:17 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 114306
x-xss-protection: 0
last-modified: Thu, 19 May 2022 15:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 19 May 2022 15:32:17 GMT

GET
H2 200 hls.5b3b785f487abbe00eee.js Show response
cds.connatix.com/p/163173/ Frame 5A63 162 KB
47 KB 7ms
6ms Script
application/javascript 151.101.2.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cds.connatix.com/p/163173/hls.5b3b785f487abbe00eee.js
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.2.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: e2c4332b6cd0fea250e89907921adaf7e597b52808cf19c995d6173ae0263f21

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 19 May 2022 15:32:17 GMT
content-encoding: br
last-modified: Thu, 19 May 2022 12:48:43 GMT
age: 9734
etag: "182f65d040bfb9544bd8f71472475672"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges: bytes
content-length: 48258

GET
H2 200 localstore.js Show response
script.4dex.io/ 483 B
937 B 74ms
29ms Script
application/javascript 2606:4700:20::ac43:4bf1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.4dex.io/localstore.js
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4bf1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e8fe64429e5900c16c7f8dd7861704e2f4d38e00cbb16bc18820b46d92461389

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 19 May 2022 15:32:17 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 797648
x-amz-request-id: tx868aa8ceaf494ff0b1336-00627a3731
x-amz-id-2: tx868aa8ceaf494ff0b1336-00627a3731
last-modified: Tue, 10 May 2022 09:57:32 GMT
server: cloudflare
etag: W/"922cffdd75f7192f75231d92684885aa"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LWPmZQiBsbj9iYSplck2tW%2F6A2Bpfm5UKl5moR2Tymrz4f4BbRQs1Ot5ZIcwgXHONM661OsBiE6N9hF2BuBR3iI91hePByigtmjzhV5OZnzyD2e9a1SoYpvjG%2BbWXEHw5vlVkWPtCI2v8Dp8"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=1800
x-amz-version-id: 1652176652152482
cf-ray: 70dde26b790a9957-FRA

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 542 B
1 KB 332ms
249ms XHR
application/json 2602:803:c003:200::61
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=19254&site_id=300372&zone_id=1509502&size_id=2&alt_size_ids=55%2C57&p_pos=atf&rp_schain=1.0,1!admetricspro.com,1005,1,,,&rf=https%3A%2F%2Fthreatpost.com%2Fmalformed-url-prefix-phishing-attacks-spike-6000%2F164132%2F&kw=Hacks%2CMalware%2CVulnerabilities%2CWebSecurity%2CMobileSecurity%2CPrivacy&tg_i.ref=https%3A%2F%2Fthreatpost.com%2Fmalformed-url-prefix-phishing-attacks-spike-6000%2F164132%2F&tg_i.page=https%3A%2F%2Fthreatpost.com%2Fmalformed-url-prefix-phishing-attacks-spike-6000%2F164132%2F&tg_i.domain=threatpost.com&tg_i.pbadslot=%2F22404337467%2C21707124336%2Fthreatpost-970x250-ATF&tk_flint=pbjs_lite_v6.22.0&x_source.tid=8721d562-0812-4f8f-b969-bbbe05ceacd4&l_pb_bid_id=275a03dc1a5247&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&p_gpid=%2F22404337467%2C21707124336%2Fthreatpost-970x250-ATF&slots=1&rand=0.10597504418613757
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 2602:803:c003:200::61 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: e3b2189a23d4a2d2342476bb7c25a5a989340d5118a99ccddecc65786a55ed17

Request headers

Referer: https://threatpost.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Thu, 19 May 2022 15:32:18 GMT
Server: nginx/1.21.4
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://threatpost.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Content-Length: 542
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 540 B
1 KB 323ms
238ms XHR
application/json 2602:803:c003:200::61
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=19254&site_id=300372&zone_id=1509502&size_id=15&alt_size_ids=16&p_pos=atf&rp_schain=1.0,1!admetricspro.com,1005,1,,,&rf=https%3A%2F%2Fthreatpost.com%2Fmalformed-url-prefix-phishing-attacks-spike-6000%2F164132%2F&kw=Hacks%2CMalware%2CVulnerabilities%2CWebSecurity%2CMobileSecurity%2CPrivacy&tg_i.ref=https%3A%2F%2Fthreatpost.com%2Fmalformed-url-prefix-phishing-attacks-spike-6000%2F164132%2F&tg_i.page=https%3A%2F%2Fthreatpost.com%2Fmalformed-url-prefix-phishing-attacks-spike-6000%2F164132%2F&tg_i.domain=threatpost.com&tg_i.pbadslot=%2F22404337467%2C21707124336%2Fthreatpost-300x250-ATF&tk_flint=pbjs_lite_v6.22.0&x_source.tid=8d9d336c-ea6d-4470-a180-be0b9b6c2f4e&l_pb_bid_id=34f22bbbe025df&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&p_gpid=%2F22404337467%2C21707124336%2Fthreatpost-300x250-ATF&slots=1&rand=0.9048668462187064
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 2602:803:c003:200::61 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: e00091305dc2ea169eb02f0d88a029a6a0c8fb03dd65055217a2125e55bb180c

Request headers

Referer: https://threatpost.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Thu, 19 May 2022 15:32:18 GMT
Server: nginx/1.21.4
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://threatpost.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Content-Length: 540
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 540 B
1 KB 333ms
247ms XHR
application/json 2602:803:c003:200::61
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=19254&site_id=300372&zone_id=1509506&size_id=15&alt_size_ids=10&p_pos=atf&rp_schain=1.0,1!admetricspro.com,1005,1,,,&rf=https%3A%2F%2Fthreatpost.com%2Fmalformed-url-prefix-phishing-attacks-spike-6000%2F164132%2F&kw=Hacks%2CMalware%2CVulnerabilities%2CWebSecurity%2CMobileSecurity%2CPrivacy&tg_i.ref=https%3A%2F%2Fthreatpost.com%2Fmalformed-url-prefix-phishing-attacks-spike-6000%2F164132%2F&tg_i.page=https%3A%2F%2Fthreatpost.com%2Fmalformed-url-prefix-phishing-attacks-spike-6000%2F164132%2F&tg_i.domain=threatpost.com&tg_i.pbadslot=%2F22404337467%2C21707124336%2Fthreatpost-300x600-ATF&tk_flint=pbjs_lite_v6.22.0&x_source.tid=62cee430-ffe7-410b-bba8-40e994e68b39&l_pb_bid_id=4d11c7bd73dc1f&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&p_gpid=%2F22404337467%2C21707124336%2Fthreatpost-300x600-ATF&slots=1&rand=0.09498153851881597
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 2602:803:c003:200::61 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: dd48bbc4984f3f1fe65461de12627b04af07cb0d4a05e74738cc17a8d6939f31

Request headers

Referer: https://threatpost.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Thu, 19 May 2022 15:32:18 GMT
Server: nginx/1.21.4
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://threatpost.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Content-Length: 540
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 540 B
1 KB 356ms
247ms XHR
application/json 2602:803:c003:200::61
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=19254&site_id=300372&zone_id=1509502&size_id=15&alt_size_ids=10&p_pos=atf&rp_schain=1.0,1!admetricspro.com,1005,1,,,&rf=https%3A%2F%2Fthreatpost.com%2Fmalformed-url-prefix-phishing-attacks-spike-6000%2F164132%2F&kw=Hacks%2CMalware%2CVulnerabilities%2CWebSecurity%2CMobileSecurity%2CPrivacy&tg_i.ref=https%3A%2F%2Fthreatpost.com%2Fmalformed-url-prefix-phishing-attacks-spike-6000%2F164132%2F&tg_i.page=https%3A%2F%2Fthreatpost.com%2Fmalformed-url-prefix-phishing-attacks-spike-6000%2F164132%2F&tg_i.domain=threatpost.com&tg_i.pbadslot=%2F22404337467%2C21707124336%2Fthreatpost-300x600-ATF&tk_flint=pbjs_lite_v6.22.0&x_source.tid=62cee430-ffe7-410b-bba8-40e994e68b39&l_pb_bid_id=5c60bdeb06aa3e&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&p_gpid=%2F22404337467%2C21707124336%2Fthreatpost-300x600-ATF&slots=1&rand=0.9075993409751291
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 2602:803:c003:200::61 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: 3d0b7814cbba56477f913825cd66f1a73cb692b4fc3ded86383529ed8d3eb279

Request headers

Referer: https://threatpost.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Thu, 19 May 2022 15:32:18 GMT
Server: nginx/1.21.4
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://threatpost.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Content-Length: 540
Expires: Wed, 17 Sep 1975 21:32:10 GMT

POST
H2 204 mvo Show response
tag.1rx.io/rmp/216477/0/ 0
170 B 55ms
15ms XHR
text/plain 213.19.147.42
LEVEL3

General

Check archive.org

Show headers Download Go to

Full URL: https://tag.1rx.io/rmp/216477/0/mvo?z=1r&hbv=6.22,2.1
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 213.19.147.42 Utrecht, Netherlands, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Tengine /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatpost.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://threatpost.com
pragma: no-cache
date: Thu, 19 May 2022 15:32:17 GMT
cache-control: private, max-age=0, no-cache, no-store
access-control-allow-credentials: true
server: Tengine

POST
H2 200 adreq Show response
ads.servenobid.com/ 850 B
680 B 298ms
231ms XHR
application/json 52.18.151.34
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.servenobid.com/adreq?cb=1643
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.18.151.34 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-18-151-34.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: b055f87d9167caed4508e672273490e0f87e46da0f0ed563f40c0b1ffb04e880

Request headers

Referer: https://threatpost.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type: text/plain

Response headers

date: Thu, 19 May 2022 15:32:18 GMT
content-encoding: gzip
amp-access-control-allow-source-origin: *
vary: accept-encoding
content-type: application/json
access-control-allow-origin: https://threatpost.com
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials: true

POST
H/1.1 200
OK bid Show response
ap.lijit.com/rtb/ 94 B
747 B 241ms
166ms XHR
application/json 216.52.2.19
AS-INAPCDN-OCY

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/rtb/bid?src=prebid_prebid_6.22.0
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.19 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software: /
Resource Hash: 4b2db620bb70ef284e58c422a683839bf83d63a39851053bf5d873438b3c70dd

Request headers

Referer: https://threatpost.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type: text/plain

Response headers

Date: Thu, 19 May 2022 15:32:17 GMT
Content-Encoding: gzip
Vary: Accept-Encoding, User-Agent
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Content-Type: application/json
Access-Control-Allow-Origin: https://threatpost.com
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap4ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 100

POST
H2 204 v1 Show response
btlr.sharethrough.com/universal/ 0
112 B 298ms
269ms XHR
text/plain 35.157.236.110
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.157.236.110 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-157-236-110.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatpost.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://threatpost.com
date: Thu, 19 May 2022 15:32:18 GMT
access-control-allow-credentials: true
vary: Origin

POST
H2 204 v1 Show response
btlr.sharethrough.com/universal/ 0
112 B 41ms
12ms XHR
text/plain 35.157.236.110
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.157.236.110 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-157-236-110.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatpost.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://threatpost.com
date: Thu, 19 May 2022 15:32:17 GMT
access-control-allow-credentials: true
vary: Origin

POST
H2 204 v1 Show response
btlr.sharethrough.com/universal/ 0
113 B 40ms
11ms XHR
text/plain 35.157.236.110
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.157.236.110 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-157-236-110.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatpost.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://threatpost.com
date: Thu, 19 May 2022 15:32:17 GMT
access-control-allow-credentials: true
vary: Origin

POST
H2 200 auction Show response
tlx.3lift.com/header/ 4 KB
2 KB 150ms
128ms XHR
application/json 35.157.93.81
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://tlx.3lift.com/header/auction?lib=prebid&v=6.22.0&referrer=https%3A%2F%2Fthreatpost.com%2Fmalformed-url-prefix-phishing-attacks-spike-6000%2F164132%2F&tmax=1200

Requested by

Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.157.93.81 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-35-157-93-81.eu-central-1.compute.amazonaws.com

Software

Resource Hash

e41e8daa16281ffd29fd501798b3545ca0b061d07db73e4b87ad7a2bf2811a06

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 19 May 2022 15:32:17 GMT
content-encoding: gzip
accept-ch: sec-ch-downlink,sec-ch-ua-mobile,sec-ch-save-data,sec-ch-device-memory,sec-ch-dpr,sec-ch-ua-full-version,sec-ch-ua-model,sec-ch-ua-platform-version,sec-ch-viewport-width,sec-ch-ua-platform,sec-ch-viewport-height,sec-ch-rtt,sec-ch-ua-arch,sec-ch-ua,sec-ch-ua-bitness,sec-ch-prefers-color-scheme,sec-ch-width,sec-ch-ect,user-agent
content-type: application/json; charset=utf-8
access-control-allow-origin: https://threatpost.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 1700
x-xss-protection: 0
expires: Thu, 15 Oct 1992 20:10:00 GMT

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ 0
115 B 97ms
49ms XHR
text/plain 185.64.189.112
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatpost.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://threatpost.com
date: Thu, 19 May 2022 15:32:17 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

POST
H2 200 v2 Show response
e.serverbid.com/api/ 16 B
389 B 368ms
154ms XHR
application/json 159.89.246.130
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://e.serverbid.com/api/v2
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 159.89.246.130 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: /
Resource Hash: 903eb8f1cc364e01930ba03579f049a72794aa91d1a5842a2edb6365e436bb7c

Request headers

Referer: https://threatpost.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type: text/plain

Response headers

date: Thu, 19 May 2022 15:32:17 GMT
content-encoding: gzip
access-control-max-age: 10080
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/json
access-control-allow-origin: https://threatpost.com
access-control-allow-credentials: true
access-control-allow-headers: origin, content-type, accept
content-length: 42

GET
H2 200 cygnus Show response
htlb.casalemedia.com/ 37 B
331 B 123ms
95ms XHR
application/json 23.32.59.34
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://htlb.casalemedia.com/cygnus?s=438654&v=7.2&ac=j&sd=1&r=%7B%22id%22%3A%22379a05df56eccf4%22%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fthreatpost.com%2Fmalformed-url-prefix-phishing-attacks-spike-6000%2F164132%2F%22%2C%22ref%22%3A%22https%3A%2F%2Fthreatpost.com%2Fmalformed-url-prefix-phishing-attacks-spike-6000%2F164132%2F%22%2C%22domain%22%3A%22threatpost.com%22%2C%22publisher%22%3A%7B%22domain%22%3A%22threatpost.com%22%7D%2C%22keywords%22%3A%22Hacks%2CMalware%2CVulnerabilities%2CWebSecurity%2CMobileSecurity%2CPrivacy%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%2C%22ixdiag%22%3A%7B%22msd%22%3A4%2C%22msi%22%3A4%2C%22mfu%22%3A0%2C%22bu%22%3A3%2C%22iu%22%3A0%2C%22nu%22%3A0%2C%22ou%22%3A0%2C%22allu%22%3A3%2C%22ren%22%3Afalse%2C%22version%22%3A%226.22.0%22%2C%22userIds%22%3A%5B%5D%2C%22fpd%22%3Atrue%7D%7D%2C%22imp%22%3A%5B%7B%22id%22%3A%2238bb4a8c381b70d%22%2C%22banner%22%3A%7B%22topframe%22%3A1%2C%22format%22%3A%5B%7B%22w%22%3A728%2C%22h%22%3A90%2C%22ext%22%3A%7B%22siteID%22%3A%22438654%22%2C%22sid%22%3A%22728x90%22%7D%7D%2C%7B%22w%22%3A970%2C%22h%22%3A250%2C%22ext%22%3A%7B%22siteID%22%3A%22438654%22%2C%22sid%22%3A%22970x250%22%7D%7D%2C%7B%22w%22%3A970%2C%22h%22%3A90%2C%22ext%22%3A%7B%22siteID%22%3A%22438654%22%2C%22sid%22%3A%22970x90%22%7D%7D%5D%7D%2C%22ext%22%3A%7B%22dfp_ad_unit_code%22%3A%22%2F22404337467%2C21707124336%2Fthreatpost-970x250-ATF%22%2C%22gpid%22%3A%22%2F22404337467%2C21707124336%2Fthreatpost-970x250-ATF%22%7D%7D%2C%7B%22id%22%3A%223905cc7449066f5%22%2C%22banner%22%3A%7B%22topframe%22%3A1%2C%22format%22%3A%5B%7B%22w%22%3A300%2C%22h%22%3A250%2C%22ext%22%3A%7B%22siteID%22%3A%22438649%22%2C%22sid%22%3A%22300x250%22%7D%7D%2C%7B%22w%22%3A336%2C%22h%22%3A280%2C%22ext%22%3A%7B%22siteID%22%3A%22438649%22%2C%22sid%22%3A%22336x280%22%7D%7D%5D%7D%2C%22ext%22%3A%7B%22dfp_ad_unit_code%22%3A%22%2F22404337467%2C21707124336%2Fthreatpost-300x250-ATF%22%2C%22gpid%22%3A%22%2F22404337467%2C21707124336%2Fthreatpost-300x250-ATF%22%7D%7D%2C%7B%22id%22%3A%2240e5e36ab6cb9b%22%2C%22banner%22%3A%7B%22topframe%22%3A1%2C%22format%22%3A%5B%7B%22w%22%3A300%2C%22h%22%3A250%2C%22ext%22%3A%7B%22siteID%22%3A%22438650%22%2C%22sid%22%3A%22300x250%22%7D%7D%2C%7B%22w%22%3A300%2C%22h%22%3A600%2C%22ext%22%3A%7B%22siteID%22%3A%22438650%22%2C%22sid%22%3A%22300x600%22%7D%7D%5D%7D%2C%22ext%22%3A%7B%22dfp_ad_unit_code%22%3A%22%2F22404337467%2C21707124336%2Fthreatpost-300x600-ATF%22%2C%22gpid%22%3A%22%2F22404337467%2C21707124336%2Fthreatpost-300x600-ATF%22%7D%7D%5D%2C%22at%22%3A1%2C%22source%22%3A%7B%22ext%22%3A%7B%22schain%22%3A%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22admetricspro.com%22%2C%22sid%22%3A%221005%22%2C%22hp%22%3A1%7D%5D%7D%7D%7D%2C%22user%22%3A%7B%7D%7D
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.32.59.34 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-32-59-34.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 820da3cffc20ecb5e6415a9c8b9ad752d95f815cbd1bf91fa3b4a60b7f2db856

Request headers

Referer: https://threatpost.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 19 May 2022 15:32:17 GMT
x-ak-initial-geo: CC:[DE], RC:[HE], CN:[EU], CIP:[185.213.155.162], XFF:[]
server: Apache
content-type: application/json
access-control-allow-origin: https://threatpost.com
x-cs-client-geo: 12
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
content-length: 37
x-ak-client-geo: 12
expires: Thu, 19 May 2022 15:32:17 GMT

POST
H2 200 prebid Show response
mp.4dex.io/ 114 B
557 B 96ms
53ms XHR
application/json 2606:4700::6812:372
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mp.4dex.io/prebid
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:372 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0f01586ab1ad8c1dd226304cb96b08da97308247347865911da73bbbe90dabe2

Request headers

Referer: https://threatpost.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type: text/plain

Response headers

cf-ray: 70dde26b9a019055-FRA
pragma: no-cache
date: Thu, 19 May 2022 15:32:17 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
x-warn: Selecting bids. No selected bids
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin, Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://threatpost.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-encoding: gzip
server: cloudflare
expires: 0

GET
H2 200 bidRequest Show response
c2shb.ssp.yahoo.com/ 62 B
291 B 136ms
94ms XHR
application/json 35.157.246.167
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a9695ad017373d9b19cda6b03bc00b5&pos=threatpost.com_desktop_728x90-atf&cmd=bid&secure=1
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.157.246.167 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-157-246-167.eu-central-1.compute.amazonaws.com
Software: ATS/9.1.0.46 /
Resource Hash: 5b810f32637529eef8bf7d84d7bad34822bec2550fa43eae243eaaa6a2f54a01

Request headers

Referer: https://threatpost.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type: text/plain

Response headers

date: Thu, 19 May 2022 15:32:17 GMT
server: ATS/9.1.0.46
age: 0
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods: POST,GET,HEAD,OPTIONS
content-type: application/json;charset=utf-8
access-control-allow-origin: https://threatpost.com
access-control-allow-credentials: true
content-length: 62

GET
H2 200 bidRequest Show response
c2shb.ssp.yahoo.com/ 62 B
92 B 181ms
139ms XHR
application/json 35.157.246.167
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a9695ad017373d9b19cda6b03bc00b5&pos=threatpost.com_desktop_300x250-atf&cmd=bid&secure=1
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.157.246.167 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-157-246-167.eu-central-1.compute.amazonaws.com
Software: ATS/9.1.0.46 /
Resource Hash: a5c819177bac52f0a8144e0d76916ad0b9e957ffc078a8608196efe5e68f732e

Request headers

Referer: https://threatpost.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type: text/plain

Response headers

date: Thu, 19 May 2022 15:32:17 GMT
server: ATS/9.1.0.46
age: 0
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods: POST,GET,HEAD,OPTIONS
content-type: application/json;charset=utf-8
access-control-allow-origin: https://threatpost.com
access-control-allow-credentials: true
content-length: 62

GET
H2 200 bidRequest Show response
c2shb.ssp.yahoo.com/ 62 B
92 B 159ms
118ms XHR
application/json 35.157.246.167
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a9695ad017373d9b19cda6b03bc00b5&pos=threatpost.com_desktop_300x600-atf&cmd=bid&secure=1
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.157.246.167 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-157-246-167.eu-central-1.compute.amazonaws.com
Software: ATS/9.1.0.46 /
Resource Hash: c51561f7d4e0a1cb65c516b1b8eed711f365e550bd7ef176b4bb46648f276379

Request headers

Referer: https://threatpost.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type: text/plain

Response headers

date: Thu, 19 May 2022 15:32:17 GMT
server: ATS/9.1.0.46
age: 0
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods: POST,GET,HEAD,OPTIONS
content-type: application/json;charset=utf-8
access-control-allow-origin: https://threatpost.com
access-control-allow-credentials: true
content-length: 62

GET
H2 200 arj Show response
teachingaids-d.openx.net/w/1.0/ 73 B
377 B 70ms
30ms XHR
application/json 34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://teachingaids-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fthreatpost.com%2Fmalformed-url-prefix-phishing-attacks-spike-6000%2F164132%2F&ch=UTF-8&res=1600x1200x24&ifr=false&tz=0&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=8721d562-0812-4f8f-b969-bbbe05ceacd4%2C8721d562-0812-4f8f-b969-bbbe05ceacd4%2C8d9d336c-ea6d-4470-a180-be0b9b6c2f4e%2C62cee430-ffe7-410b-bba8-40e994e68b39%2C62cee430-ffe7-410b-bba8-40e994e68b39&nocache=1652974337812&schain=1.0%2C1!admetricspro.com%2C1005%2C1%2C%2C%2C&aus=728x90%2C970x250%2C970x90%7C728x90%2C970x250%2C970x90%7C300x250%2C336x280%7C300x250%2C300x600%7C300x250%2C300x600&divids=div-gpt-ad-6794670-2%2Cdiv-gpt-ad-6794670-2%2Cdiv-gpt-ad-6794670-3%2Cdiv-gpt-ad-6794670-5%2Cdiv-gpt-ad-6794670-5&aucs=%252F22404337467%252C21707124336%252Fthreatpost-970x250-ATF%2C%252F22404337467%252C21707124336%252Fthreatpost-970x250-ATF%2C%252F22404337467%252C21707124336%252Fthreatpost-300x250-ATF%2C%252F22404337467%252C21707124336%252Fthreatpost-300x600-ATF%2C%252F22404337467%252C21707124336%252Fthreatpost-300x600-ATF&auid=540932704%2C540932709%2C540932713%2C540932715%2C540932720
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/18.1.0 /
Resource Hash: 0008046080d169551ea7110d182ceabcaebe8c8e3a0eda405d809580d24ba06b

Request headers

Referer: https://threatpost.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 19 May 2022 15:32:17 GMT
content-encoding: gzip
server: OXGW/18.1.0
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: https://threatpost.com
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
content-type: application/json
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 78
via: 1.1 google
expires: Mon, 26 Jul 1997 05:00:00 GMT

POST
H2 204 c Show response
prebid.a-mo.net/a/ 0
325 B 841ms
639ms XHR
text/plain 145.40.89.200
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.a-mo.net/a/c
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 145.40.89.200 Ashburn, United States, ASN54825 (PACKET, US),
Reverse DNS
Software: envoy /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatpost.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://threatpost.com
date: Thu, 19 May 2022 15:32:18 GMT
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
server: envoy
x-envoy-upstream-service-time: 542
vary: origin, Accept-Encoding

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 361 B
1 KB 57ms
19ms XHR
application/json 185.33.220.100
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.220.100 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

399.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

f31e16965d5cd6d28512cff4278fc376f04b11db51b180693b290cb915ab6def

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Thu, 19 May 2022 15:32:17 GMT
X-Proxy-Origin: 185.213.155.162; 185.213.155.162; 399.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid: ca6db7bb-341d-4fb4-9cdc-ca53203b4781
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://threatpost.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 361
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 adsct
analytics.twitter.com/i/ 43 B
355 B 205ms
183ms Image
image/gif 104.244.42.67
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analytics.twitter.com/i/adsct?type=javascript&version=2.3.12&p_id=Twitter&p_user_id=0&txn_id=ntt0j&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&tw_order_quantity=0&tw_sale_amount=0&tw_iframe_status=0&event_id=b0aabe38-b6bc-4457-b293-99442609d7e8&tw_document_href=https%3A%2F%2Fthreatpost.com%2Fmalformed-url-prefix-phishing-attacks-spike-6000%2F164132%2F

Requested by

Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.67 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

x-response-time: 176
date: Thu, 19 May 2022 15:32:17 GMT
server: tsa_o
strict-transport-security: max-age=631138519
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, max-age=0
x-connection-hash: b4a024953ea4666b007fd89158df03200f1d3fccc395ce61ec901613c09764fe
content-length: 43

GET
H2 200 adsct
t.co/i/ 43 B
337 B 217ms
194ms Image
image/gif 104.244.42.133
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?type=javascript&version=2.3.12&p_id=Twitter&p_user_id=0&txn_id=ntt0j&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&tw_order_quantity=0&tw_sale_amount=0&tw_iframe_status=0&event_id=b0aabe38-b6bc-4457-b293-99442609d7e8&tw_document_href=https%3A%2F%2Fthreatpost.com%2Fmalformed-url-prefix-phishing-attacks-spike-6000%2F164132%2F

Requested by

Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.133 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

x-response-time: 188
date: Thu, 19 May 2022 15:32:17 GMT
server: tsa_o
strict-transport-security: max-age=0
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, max-age=0
x-connection-hash: ec0600f76f990ce944296e3cf7e6f5aee263936c051dcd06efb62ffdb89a3aa5
content-length: 43

GET
H2 200 rules-p-_7kVx0t9Jqj90.js Show response
rules.quantcount.com/ 2 B
353 B 35ms
8ms Script
application/javascript 2600:9000:206f:da00:6:44e3:f8c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rules.quantcount.com/rules-p-_7kVx0t9Jqj90.js
Requested by: Host: secure.quantserve.com
URL: https://secure.quantserve.com/quant.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:da00:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 19 May 2022 14:44:02 GMT
via: 1.1 58c21e16c9e093deb494fbb4de260efa.cloudfront.net (CloudFront)
server: AmazonS3
age: 2895
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=3600
cross-origin-resource-policy: cross-origin
x-cache: Hit from cloudfront
x-amz-cf-pop: FRA56-C1
content-length: 2
x-amz-cf-id: UIQpYX4slN-ikZ6AUh8O6Q0cHsrQFNs8AmeU0NjgdynfheeUgkAbCA==

POST
H/1.1 200 724.json Show response
id5-sync.com/g/v2/ 213 B
621 B 31ms
8ms XHR
application/json 141.95.98.66
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://id5-sync.com/g/v2/724.json

Requested by

Host: cdn.id5-sync.com
URL: https://cdn.id5-sync.com/api/1.0/id5-api.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

141.95.98.66 , France, ASN16276 (OVH, FR),

Reverse DNS

ns3216537.ip-141-95-98.eu

Software

Resource Hash

a1ebbff0b8e1de7facb36bb3311077538972139ab8170815bc2a22eef5cd7a92

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://threatpost.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://threatpost.com
date: Thu, 19 May 2022 15:32:17 GMT
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
transfer-encoding: chunked
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-type: application/json;charset=UTF-8

GET
H2 200 bid Show response
c.amazon-adsystem.com/e/dtb/ 64 B
533 B 49ms
48ms XHR
text/javascript 65.9.66.173
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fthreatpost.com%2Fmalformed-url-prefix-phishing-attacks-spike-6000%2F164132%2F&pid=QCqjeJ0oAfiXI&cb=0&ws=1600x1200&v=7.75.0&t=1200&slots=%5B%7B%22sd%22%3A%22div-gpt-ad-6794670-2%22%2C%22s%22%3A%5B%22728x90%22%2C%22970x250%22%2C%22970x90%22%5D%2C%22sn%22%3A%22%2F22404337467%2C21707124336%2Fthreatpost-970x250-ATF%22%7D%2C%7B%22sd%22%3A%22div-gpt-ad-6794670-3%22%2C%22s%22%3A%5B%22300x250%22%2C%22336x280%22%5D%2C%22sn%22%3A%22%2F22404337467%2C21707124336%2Fthreatpost-300x250-ATF%22%7D%2C%7B%22sd%22%3A%22div-gpt-ad-6794670-5%22%2C%22s%22%3A%5B%22300x250%22%2C%22300x600%22%5D%2C%22sn%22%3A%22%2F22404337467%2C21707124336%2Fthreatpost-300x600-ATF%22%7D%2C%7B%22sd%22%3A%22div-gpt-ad-6794670-1%22%2C%22s%22%3A%5B%222x2%22%5D%2C%22sn%22%3A%22%2F22404337467%2C21707124336%2Fthreatpost-2x2-Skin%22%7D%5D&pubid=cb8cfc89-e83e-44aa-a3a2-ff78eda781ef&gdpre=0&gdprl=%7B%22status%22%3A%22tcfv2-success%22%7D

Requested by

Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.66.173 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-66-173.fra56.r.cloudfront.net

Software

Server /

Resource Hash

d278491b1de51ad826d16be5ab27b1746999c02d45200f107218427e34eed798

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 19 May 2022 15:32:17 GMT
via: 1.1 120ade321ed0e3697c81eb1eb19b5f62.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: FRA56-C1
x-amz-rid: NAFJN1SWFMYE64D5Z61K
vary: Accept-Encoding,User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://threatpost.com
access-control-allow-credentials: true
permissions-policy: interest-cohort=()
strict-transport-security: max-age=47474747; includeSubDomains; preload
timing-allow-origin: *
content-length: 64
x-amz-cf-id: n0YYeLTl76_xzdh6PdChACHVBOZOxQrKEfNyNzkRKIx1FEkeSThMXg==

POST
H/1.1 200
OK ao Show response
capi-tier-1-us-east-2.connatix.com/tr/ Frame 5A63 0
315 B 180ms
107ms XHR
application/x-protobuf 3.18.237.195
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://capi-tier-1-us-east-2.connatix.com/tr/ao?v=163173
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.18.237.195 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-18-237-195.us-east-2.compute.amazonaws.com
Software: Kestrel /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type: multipart/form-data

Response headers

date: Thu, 19 May 2022 15:32:17 GMT
content-encoding: gzip
server: Kestrel
vary: Accept-Encoding
content-type: application/x-protobuf
access-control-allow-origin: https://threatpost.com
access-control-allow-credentials: true
Connection: keep-alive
Content-Length: 20

POST
H/1.1 200
OK g Show response
capi-tier-1-us-east-2.connatix.com/rtb/ Frame 5A63 128 B
415 B 440ms
120ms XHR
application/x-protobuf 3.18.237.195
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://capi-tier-1-us-east-2.connatix.com/rtb/g?v=163173
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.18.237.195 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-18-237-195.us-east-2.compute.amazonaws.com
Software: Kestrel /
Resource Hash: 4de8cdc3d2f5f0f4de8ff6608042b226d50eb30c26fea8bd3fb6e41aa0a3efd4

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type: multipart/form-data

Response headers

date: Thu, 19 May 2022 15:32:17 GMT
content-encoding: gzip
server: Kestrel
vary: Accept-Encoding
content-type: application/x-protobuf
access-control-allow-origin: https://threatpost.com
access-control-allow-credentials: true
Connection: keep-alive
Content-Length: 119

GET
H2 200 bid Show response
c.amazon-adsystem.com/e/dtb/ 64 B
530 B 45ms
43ms XHR
text/javascript 65.9.66.173
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.66.173 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-66-173.fra56.r.cloudfront.net

Software

Server /

Resource Hash

8db22950b3f47f686f4bad6b6d21386f03a4b0b24320c6715436424e41dcda09

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 19 May 2022 15:32:17 GMT
via: 1.1 120ade321ed0e3697c81eb1eb19b5f62.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: FRA56-C1
x-amz-rid: BN0G2PF8K98KX0XVSGE9
vary: Accept-Encoding,User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://threatpost.com
access-control-allow-credentials: true
permissions-policy: interest-cohort=()
strict-transport-security: max-age=47474747; includeSubDomains; preload
timing-allow-origin: *
content-length: 64
x-amz-cf-id: z93Py5Ya-Wjt4fy4S-VbBMmV1dAmsTAk1p3HbvliAdmTtsHF1c4jew==

POST
H/1.1 200
OK ps Show response
capi-tier-1-us-east-2.connatix.com/tr/ Frame 5A63 0
315 B 280ms
113ms XHR
application/x-protobuf 3.18.237.195
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://capi-tier-1-us-east-2.connatix.com/tr/ps?v=163173
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.18.237.195 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-18-237-195.us-east-2.compute.amazonaws.com
Software: Kestrel /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type: multipart/form-data

Response headers

date: Thu, 19 May 2022 15:32:18 GMT
content-encoding: gzip
server: Kestrel
vary: Accept-Encoding
content-type: application/x-protobuf
access-control-allow-origin: https://threatpost.com
access-control-allow-credentials: true
Connection: keep-alive
Content-Length: 20

GET
H2 200 1_th.jpg
img.connatix.com/pid-c2ecd04f-0dca-4ffa-8761-d93b34717380/60764267-557e-410f-85cb-f102d92ee134/73011a9c-95f2-46c8-9a01-034555124893/ 8 KB
8 KB 15ms
15ms Image
image/jpeg 151.101.2.137
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.connatix.com/pid-c2ecd04f-0dca-4ffa-8761-d93b34717380/60764267-557e-410f-85cb-f102d92ee134/73011a9c-95f2-46c8-9a01-034555124893/1_th.jpg?crop=400:225,smart&width=400&height=225&format=jpeg&quality=60&fit=crop
Requested by: Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.2.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: cb3ed48fe6e29dba4b3ed575ecd9622c4cf532cd804e4ca7670732196ef2dfa0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 19 May 2022 15:32:17 GMT
content-encoding: br
age: 99059
etag: "h+HTe/ikm+GrSkU4a1WHroWHyJm2kQLCSgVUBS1zh+o"
access-control-max-age: 86400
fastly-io-info: ifsz=93751 idim=2560x1440 ifmt=jpeg ofsz=8277 odim=400x225 ofmt=jpeg
access-control-allow-origin: *
cache-control: max-age=2592000, public
fastly-stats: io=1
accept-ranges: bytes
content-type: image/jpeg
content-length: 7851

GET
H2 200 flipboard.svg
assets.threatpost.com/wp-content/plugins/kaspersky-social-sharing/assets/img/ 236 B
562 B 278ms
277ms Image
image/svg+xml 2600:9000:2057:6400:2:9275:3d40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.threatpost.com/wp-content/plugins/kaspersky-social-sharing/assets/img/flipboard.svg
Requested by: Host: assets.threatpost.com
URL: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=86144b34
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2057:6400:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 506d565f94cecbb486394c545a96e8459217f8d045496b511e8c815142abfc70

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=86144b34
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 19 May 2022 15:32:18 GMT
via: 1.1 25c6baf0a31a5ef699c1e219b25ce7b8.cloudfront.net (CloudFront)
last-modified: Fri, 13 May 2022 06:19:53 GMT
server: nginx
x-amz-cf-pop: FRA6-C1
etag: "627df889-ec"
x-cache: Miss from cloudfront
content-type: image/svg+xml
access-control-allow-origin: *
accept-ranges: bytes
content-length: 236
x-amz-cf-id: 5IhehyGx0eCYBg9enm3g4igBwQE1Z6VKEYTb8AtHcvRA05lRbRIpPw==

GET
H2 200 fontawesome-webfont.woff2
assets.threatpost.com/wp-content/plugins/kaspersky-social-sharing/assets/fonts/ 75 KB
76 KB 365ms
365ms Font
font/woff2 2600:9000:2057:6400:2:9275:3d40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.threatpost.com/wp-content/plugins/kaspersky-social-sharing/assets/fonts/fontawesome-webfont.woff2?v=4.7.0
Requested by: Host: assets.threatpost.com
URL: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=86144b34
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2057:6400:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

Request headers

Referer: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=86144b34
Origin: https://threatpost.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 19 May 2022 15:32:18 GMT
via: 1.1 b8e900270aa30d899882e71796feca9c.cloudfront.net (CloudFront)
last-modified: Fri, 13 May 2022 06:19:52 GMT
server: nginx
x-amz-cf-pop: FRA6-C1
etag: "627df888-12d68"
x-cache: Miss from cloudfront
content-type: font/woff2
access-control-allow-origin: *
accept-ranges: bytes
content-length: 77160
x-amz-cf-id: 98XfU1gdyUOsWiu4hEtVN2hsQT5v9Hxt1m85xvlDilO-gZ_QC9rHAg==

GET
H/1.1 200
OK v1 Show response
geo.ipify.org/api/ 416 B
619 B 599ms
281ms XHR
application/json 64.140.160.2
WEBNX

General

Check archive.org

Show headers Download Go to

Full URL

https://geo.ipify.org/api/v1?apiKey=at_riPAQYz3EiQ6JhsH05bmtozma13RA

Requested by

Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/uspcmp.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

64.140.160.2 Ogden, United States, ASN18450 (WEBNX, US),

Reverse DNS

threatintelligenceplatform.com

Software

nginx /

Resource Hash

2762c6088c02311caab26761624e06702395069bcb2cd7dd7864fb0fa1c50d90

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date: Thu, 19 May 2022 15:32:18 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Server: nginx
X-Frame-Options: SAMEORIGIN
Content-Type: application/json
Access-Control-Allow-Origin: *
Cache-Control: no-cache, private
Transfer-Encoding: chunked
Connection: keep-alive

POST
H3 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 127ms
47ms XHR
text/plain 2a00:1450:4001:802::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&aip=1&a=315433760&t=pageview&_s=1&dl=https%3A%2F%2Fthreatpost.com%2Fmalformed-url-prefix-phishing-attacks-spike-6000%2F164132%2F&ul=en-us&de=UTF-8&dt=Malformed%20URL%20Prefix%20Phishing%20Attacks%20Spike%206%2C000%25%20%7C%20Threatpost&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEABAAAAAC~&jid=522085472&gjid=1224297866&cid=831842569.1652974338&tid=UA-35676203-21&_gid=856756243.1652974338&_r=1&gtm=2wg5b0PM29HLF&z=1817861869

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://threatpost.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 19 May 2022 15:32:18 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://threatpost.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 115ms
39ms Image
image/gif 2a00:1450:4001:802::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j96&aip=1&a=315433760&t=event&ni=0&_s=1&dl=https%3A%2F%2Fthreatpost.com%2Fmalformed-url-prefix-phishing-attacks-spike-6000%2F164132%2F&ul=en-us&de=UTF-8&dt=Malformed%20URL%20Prefix%20Phishing%20Attacks%20Spike%206%2C000%25%20%7C%20Threatpost&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=VISIBILITY&ea=elementVisibility%20%2F%20%5BHeader%5D%20%2F%20Social%20Networks%20View&_u=YEDAAEABAAAAAC~&jid=&gjid=&cid=831842569.1652974338&tid=UA-35676203-21&_gid=856756243.1652974338&gtm=2wg5b0PM29HLF&z=1334971006

Requested by

Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 18 May 2022 20:22:08 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 69010
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 prebid6.20.0.js Show response
cds.connatix.com/p/plugins/ Frame F190 427 KB
111 KB 7ms
7ms Script
application/javascript 151.101.2.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cds.connatix.com/p/plugins/prebid6.20.0.js
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.2.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: ae64c4fccf5c2dec69bcfa480b61f7a4b38af9c9effe8de5a86bd000ea88c74b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 19 May 2022 15:32:18 GMT
content-encoding: br
last-modified: Tue, 19 Apr 2022 11:11:32 GMT
age: 2512094
etag: "c749275a36a4a1eff60db7ff73bdc29a"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges: bytes
content-length: 113452

GET
H3 200 bridge3.516.0_en.html Show response
imasdk.googleapis.com/js/core/ Frame C039 634 KB
205 KB 117ms
43ms Document
text/html 2a00:1450:4001:809::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/core/bridge3.516.0_en.html

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

066fc3ce045361bba8240f583393178cdedced02f8d4bb917c2d3f0520032564

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 263043
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 210041
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
cross-origin-resource-policy: cross-origin
date: Mon, 16 May 2022 14:28:15 GMT
expires: Tue, 16 May 2023 14:28:15 GMT
last-modified: Tue, 10 May 2022 20:24:29 GMT
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 client.js Show response
s0.2mdn.net/instream/video/ Frame 5A63 44 KB
17 KB 169ms
57ms Script
text/javascript 2a00:1450:4001:829::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/instream/video/client.js

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d0bffc7261df1454c5e05475cda7d9e6647318dc6c3936767e1252bfe8849c54

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 19 May 2022 15:32:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16746
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 19 May 2022 15:32:18 GMT

GET
H3 200 bridge3.516.0_en.html Show response
imasdk.googleapis.com/js/core/ Frame 35D2 634 KB
205 KB 105ms
56ms Document
text/html 2a00:1450:4001:809::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/core/bridge3.516.0_en.html

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

066fc3ce045361bba8240f583393178cdedced02f8d4bb917c2d3f0520032564

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 263043
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 210041
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
cross-origin-resource-policy: cross-origin
date: Mon, 16 May 2022 14:28:15 GMT
expires: Tue, 16 May 2023 14:28:15 GMT
last-modified: Tue, 10 May 2022 20:24:29 GMT
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 bridge3.516.0_en.html Show response
imasdk.googleapis.com/js/core/ Frame EA78 634 KB
205 KB 73ms
38ms Document
text/html 2a00:1450:4001:809::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/core/bridge3.516.0_en.html

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

066fc3ce045361bba8240f583393178cdedced02f8d4bb917c2d3f0520032564

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 263043
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 210041
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
cross-origin-resource-policy: cross-origin
date: Mon, 16 May 2022 14:28:15 GMT
expires: Tue, 16 May 2023 14:28:15 GMT
last-modified: Tue, 10 May 2022 20:24:29 GMT
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 adagio.js Show response
script.4dex.io/ 72 KB
23 KB 41ms
26ms Fetch
application/javascript 2606:4700:20::ac43:4bf1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.4dex.io/adagio.js
Requested by: Host: script.4dex.io
URL: https://script.4dex.io/localstore.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4bf1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b55131eaef425cb84b957a28df5881c3c83eb11ca9c01e3abccb00baf0e377b6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 19 May 2022 15:32:18 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 797393
access-control-max-age: 3000
access-control-allow-methods: GET
x-amz-request-id: tx771af7c6665049f49deea-00627a3804
x-amz-id-2: tx771af7c6665049f49deea-00627a3804
last-modified: Tue, 10 May 2022 09:57:31 GMT
server: cloudflare
etag: W/"2430496689c00115831347992a974246"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iMUSGSP6KbNhx3KDmAcQHb9Ms5lMPQbtebtTN0PZ5tIrRtCTL%2BExyxzpYD5HFtjaB4SGKgZil6R8YxgS6dT5%2BHsU%2BP0o27R1POJ1GbBQYrpZTtgPEasLPX5mcXbXapFcnU0TR18KxeTJP3Vi"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=1800
access-control-allow-credentials: true
x-amz-version-id: 1652176651393042
cf-ray: 70dde26d48249b40-FRA
access-control-allow-headers: Authorization

GET
H2 200 omweb-v1.js Show response
pagead2.googlesyndication.com/omsdk/releases/live/ Frame 828D 37 KB
13 KB 131ms
39ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js

Requested by

Host: srcdoc
URL: about:srcdoc

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2511b147f3cf95f742758d3e2062eac98f5265a859dc07959eb8a32f0a2f528

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 19 May 2022 15:24:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 497
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12861
x-xss-protection: 0
last-modified: Tue, 26 Oct 2021 20:08:54 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="omsdk-team-release-policy"
vary: Accept-Encoding
report-to: {"group":"omsdk-team-release-policy","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/omsdk-team-release-policy"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Thu, 19 May 2022 16:24:01 GMT

GET
H2 200 omweb-v1.js Show response
pagead2.googlesyndication.com/omsdk/releases/live/ Frame D098 37 KB
13 KB 135ms
47ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js

Requested by

Host: srcdoc
URL: about:srcdoc

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2511b147f3cf95f742758d3e2062eac98f5265a859dc07959eb8a32f0a2f528

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 19 May 2022 15:24:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 497
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12861
x-xss-protection: 0
last-modified: Tue, 26 Oct 2021 20:08:54 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="omsdk-team-release-policy"
vary: Accept-Encoding
report-to: {"group":"omsdk-team-release-policy","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/omsdk-team-release-policy"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Thu, 19 May 2022 16:24:01 GMT

GET
H2 200 omweb-v1.js Show response
pagead2.googlesyndication.com/omsdk/releases/live/ Frame 071C 37 KB
13 KB 160ms
78ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js

Requested by

Host: srcdoc
URL: about:srcdoc

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2511b147f3cf95f742758d3e2062eac98f5265a859dc07959eb8a32f0a2f528

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 19 May 2022 15:24:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 497
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12861
x-xss-protection: 0
last-modified: Tue, 26 Oct 2021 20:08:54 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="omsdk-team-release-policy"
vary: Accept-Encoding
report-to: {"group":"omsdk-team-release-policy","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/omsdk-team-release-policy"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Thu, 19 May 2022 16:24:01 GMT

GET
H2 200 pixel;r=1737524012;source=gtm;rf=0;a=p-_7kVx0t9Jqj90;url=https%3A%2F%2Fthreatpost.com%2Fmalformed-url-prefix-phishing-attacks-spike-6000%2F164132%2F;uht=2;fpan=1;fpa=P0-811363546-1652974338152;pbc=...
pixel.quantserve.com/ 35 B
371 B 21ms
11ms Image
image/gif 2620:116:800d:21:8c6e:cf2c:8d6:9fb5
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.quantserve.com/pixel;r=1737524012;source=gtm;rf=0;a=p-_7kVx0t9Jqj90;url=https%3A%2F%2Fthreatpost.com%2Fmalformed-url-prefix-phishing-attacks-spike-6000%2F164132%2F;uht=2;fpan=1;fpa=P0-811363546-1652974338152;pbc=;ns=0;ce=1;qjs=1;qv=a98acd33-20220316110313;cm=;gdpr=0;us_privacy=1---;ref=;d=threatpost.com;je=0;sr=1600x1200x24;dst=0;et=1652974338152;tzo=0;ogl=image.https%3A%2F%2Fmedia%252Ethreatpost%252Ecom%2Fwp-content%2Fuploads%2Fsites%2F103%2F2020%2F06%2F03094019%2Fphish%2Ctype.article%2Ctitle.Malformed%20URL%20Prefix%20Phishing%20Attacks%20Spike%206%252C000%25%2Cdescription.Sneaky%20attackers%20are%20flipping%20backslashes%20in%20phishing%20email%20URLs%20to%20evade%20protec%2Curl.https%3A%2F%2Fthreatpost%252Ecom%2Fmalformed-url-prefix-phishing-attacks-spike-6000%2F164132%2F

Requested by

Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:8c6e:cf2c:8d6:9fb5 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 19 May 2022 15:32:18 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2 200 playlist.m3u8 Show response
vid.connatix.com/pid-c2ecd04f-0dca-4ffa-8761-d93b34717380/60764267-557e-410f-85cb-f102d92ee134/73011a9c-95f2-46c8-9a01-034555124893/ Frame 5A63 309 B
294 B 6ms
6ms XHR
application/x-mpegurl 151.101.194.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://vid.connatix.com/pid-c2ecd04f-0dca-4ffa-8761-d93b34717380/60764267-557e-410f-85cb-f102d92ee134/73011a9c-95f2-46c8-9a01-034555124893/playlist.m3u8
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/163173/hls.5b3b785f487abbe00eee.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.194.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 05a58707d25ec9885faf81f026410f37d3757c0689d56b7ec1fc8b2f9cffb9d1

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 19 May 2022 15:32:18 GMT
content-encoding: gzip
last-modified: Fri, 16 Apr 2021 16:56:42 GMT
age: 99053
etag: "8a966507b13615ecdc1330a4bc9dcfe1"
vary: Accept-Encoding
content-type: application/x-mpegURL
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges: bytes
content-length: 164

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
441 B 57ms
20ms XHR
text/plain 2a00:1450:400c:c06::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-35676203-21&cid=831842569.1652974338&jid=522085472&gjid=1224297866&_gid=856756243.1652974338&_u=YEBAAEAAAAAAAC~&z=1422341382

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c06::9d Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://threatpost.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Thu, 19 May 2022 15:32:18 GMT
content-type: text/plain
access-control-allow-origin: https://threatpost.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 0.m3u8 Show response
vid.connatix.com/pid-c2ecd04f-0dca-4ffa-8761-d93b34717380/60764267-557e-410f-85cb-f102d92ee134/73011a9c-95f2-46c8-9a01-034555124893/ Frame 5A63 550 B
303 B 7ms
6ms XHR
application/x-mpegurl 151.101.194.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://vid.connatix.com/pid-c2ecd04f-0dca-4ffa-8761-d93b34717380/60764267-557e-410f-85cb-f102d92ee134/73011a9c-95f2-46c8-9a01-034555124893/0.m3u8
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/163173/hls.5b3b785f487abbe00eee.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.194.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 0a2e01748ee79c6531172bb557d674888024e954cf08d8438310e08d24972ef1

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 19 May 2022 15:32:18 GMT
content-encoding: gzip
last-modified: Fri, 16 Apr 2021 16:56:42 GMT
age: 99053
etag: "8be2767c13763516a0fc5eb84403377b"
vary: Accept-Encoding
content-type: application/x-mpegURL
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges: bytes
content-length: 240

GET
H2 206 0.mp4 Show response
vid.connatix.com/pid-c2ecd04f-0dca-4ffa-8761-d93b34717380/60764267-557e-410f-85cb-f102d92ee134/73011a9c-95f2-46c8-9a01-034555124893/ Frame 5A63 1 KB
1 KB 8ms
8ms XHR
video/mp4 151.101.194.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://vid.connatix.com/pid-c2ecd04f-0dca-4ffa-8761-d93b34717380/60764267-557e-410f-85cb-f102d92ee134/73011a9c-95f2-46c8-9a01-034555124893/0.mp4
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/163173/hls.5b3b785f487abbe00eee.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.194.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 6d1dcc2ec20f1fcc4da721da7c0d3fdd5e26107bbe5712cef0482909d3573c8f

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Range: bytes=0-1361

Response headers

date: Thu, 19 May 2022 15:32:18 GMT
last-modified: Fri, 16 Apr 2021 16:56:42 GMT
age: 99033
etag: "2765fce7c127379623565a54077194cb"
access-control-max-age: 86400
content-type: video/mp4
Content-Range: bytes 0-1361/4164439
cache-control: public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges: bytes
access-control-allow-origin: *
Content-Length: 1362

GET
H3 200 ga-audiences
www.google.com/ads/ 42 B
63 B 148ms
64ms Image
image/gif 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-35676203-21&cid=831842569.1652974338&jid=522085472&_u=YEBAAEAAAAAAAC~&z=1477372552

Requested by

Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 19 May 2022 15:32:18 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
501 B 151ms
64ms Image
image/gif 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-35676203-21&cid=831842569.1652974338&jid=522085472&_u=YEBAAEAAAAAAAC~&z=1477372552

Requested by

Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 19 May 2022 15:32:18 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 cygnus Show response
htlb.casalemedia.com/ Frame F190 36 B
330 B 34ms
34ms XHR
application/json 23.32.59.34
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://htlb.casalemedia.com/cygnus?s=435870&v=8.1&ac=j&sd=1&nf=1&t=900&r=%7B%22id%22%3A%221859c717eb3ef2%22%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fthreatpost.com%2Fmalformed-url-prefix-phishing-attacks-spike-6000%2F164132%2F%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%2C%22ixdiag%22%3A%7B%22msd%22%3A0%2C%22msi%22%3A0%2C%22mfu%22%3A0%2C%22bu%22%3A0%2C%22iu%22%3A1%2C%22nu%22%3A0%2C%22ou%22%3A0%2C%22allu%22%3A1%2C%22ren%22%3Afalse%2C%22version%22%3A%226.20.0%22%2C%22userIds%22%3A%5B%5D%2C%22dms%22%3Atrue%7D%7D%2C%22imp%22%3A%5B%7B%22id%22%3A%2222dc5b2a87bbc8%22%2C%22ext%22%3A%7B%22siteID%22%3A%22435870%22%2C%22fl%22%3A%22p%22%7D%2C%22video%22%3A%7B%22mimes%22%3A%5B%22video%2Fmp4%22%2C%22video%2Fwebm%22%2C%22application%2Fjavascript%22%2C%22video%2Fogg%22%2C%22video%2Fmpeg%22%5D%2C%22minduration%22%3A0%2C%22maxduration%22%3A180%2C%22protocols%22%3A%5B1%2C2%2C3%2C4%2C5%2C6%2C7%2C8%5D%2C%22w%22%3A400%2C%22h%22%3A225%2C%22playerSize%22%3A%5B%5B400%2C225%5D%5D%2C%22linearity%22%3A1%2C%22api%22%3A%5B1%2C2%5D%2C%22skip%22%3A1%2C%22skipmin%22%3A31%2C%22skipafter%22%3A5%2C%22placement%22%3A3%7D%2C%22bidfloor%22%3A0.25%2C%22bidfloorcur%22%3A%22USD%22%7D%5D%2C%22at%22%3A1%2C%22source%22%3A%7B%22ext%22%3A%7B%22schain%22%3A%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22admetricspro.com%22%2C%22hp%22%3A1%2C%22sid%22%3A%221005%22%7D%5D%7D%7D%7D%2C%22user%22%3A%7B%22eids%22%3A%5B%7B%22source%22%3A%22pubcid.org%22%2C%22uids%22%3A%5B%7B%22id%22%3A%225edeaf1b-ba1b-4b09-8018-3988ffe3c012%22%7D%5D%7D%5D%2C%22ext%22%3A%7B%22consent%22%3A%22%22%7D%7D%2C%22regs%22%3A%7B%22ext%22%3A%7B%22gdpr%22%3A0%7D%7D%7D
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.20.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.32.59.34 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-32-59-34.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 7a407878faf9c03e40c9ff874c82cf89267b5ebb9a266b00ca42c9b7cc9b008e

Request headers

Referer: https://threatpost.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 19 May 2022 15:32:18 GMT
x-ak-initial-geo: CC:[DE], RC:[HE], CN:[EU], CIP:[185.213.155.162], XFF:[]
server: Apache
content-type: application/json
access-control-allow-origin: https://threatpost.com
x-cs-client-geo: 12
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
content-length: 36
x-ak-client-geo: 12
expires: Thu, 19 May 2022 15:32:18 GMT

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame F190 137 B
831 B 18ms
18ms XHR
application/json 185.33.220.100
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.20.0.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.220.100 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

399.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e31a152db5afe5794cdff25d67ae72d640c9cd07333604dd449c64e0dd3abde7

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Thu, 19 May 2022 15:32:18 GMT
X-Proxy-Origin: 185.213.155.162; 185.213.155.162; 399.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid: de89cbe6-4ce9-4dd1-9f3b-f60985549c7b
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://threatpost.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 137
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ Frame F190 0
59 B 20ms
20ms XHR
text/plain 185.64.189.112
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.20.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatpost.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://threatpost.com
date: Thu, 19 May 2022 15:32:17 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

POST
H2 204 c Show response
prebid.a-mo.net/a/ Frame F190 0
442 B 186ms
186ms XHR
text/plain 145.40.89.200
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.a-mo.net/a/c
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.20.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 145.40.89.200 Ashburn, United States, ASN54825 (PACKET, US),
Reverse DNS
Software: envoy /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatpost.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://threatpost.com
date: Thu, 19 May 2022 15:32:17 GMT
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
server: envoy
x-envoy-upstream-service-time: 89
vary: origin, Accept-Encoding

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ Frame F190 0
59 B 20ms
19ms XHR
text/plain 185.64.189.112
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.20.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatpost.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://threatpost.com
date: Thu, 19 May 2022 15:32:17 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

POST
H2 204 mvo Show response
tag.1rx.io/rmp/233098/0/ Frame F190 0
170 B 23ms
23ms XHR
text/plain 213.19.147.42
LEVEL3

General

Check archive.org

Show headers Download Go to

Full URL: https://tag.1rx.io/rmp/233098/0/mvo?z=1r&hbv=6.20,2.1
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.20.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 213.19.147.42 Utrecht, Netherlands, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Tengine /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatpost.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://threatpost.com
pragma: no-cache
date: Thu, 19 May 2022 15:32:18 GMT
cache-control: private, max-age=0, no-cache, no-store
access-control-allow-credentials: true
server: Tengine

POST
H2 204 mvo Show response
tag.1rx.io/rmp/233148/0/ Frame F190 0
170 B 18ms
18ms XHR
text/plain 213.19.147.42
LEVEL3

General

Check archive.org

Show headers Download Go to

Full URL: https://tag.1rx.io/rmp/233148/0/mvo?z=1r&hbv=6.20,2.1
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.20.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 213.19.147.42 Utrecht, Netherlands, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Tengine /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatpost.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://threatpost.com
pragma: no-cache
date: Thu, 19 May 2022 15:32:18 GMT
cache-control: private, max-age=0, no-cache, no-store
access-control-allow-credentials: true
server: Tengine

GET
H3 200 avjp Show response
teachingaids-d.openx.net/v/1.0/ Frame F190 106 B
127 B 217ms
200ms XHR
application/json 34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://teachingaids-d.openx.net/v/1.0/avjp?ju=https%3A%2F%2Fthreatpost.com%2Fmalformed-url-prefix-phishing-attacks-spike-6000%2F164132%2F&ch=UTF-8&res=1600x1200x24&ifr=true&tz=0&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=b02cb2ee-1457-4838-ad34-62165a0a2f3c&nocache=1652974338316&gdpr=0&pubcid=5edeaf1b-ba1b-4b09-8018-3988ffe3c012&schain=1.0%2C1!admetricspro.com%2C1005%2C1%2C%2C%2C&openrtb=%7B%22imp%22%3A%5B%7B%22video%22%3A%7B%22w%22%3A400%2C%22h%22%3A225%2C%22mimes%22%3A%5B%22video%2Fmp4%22%2C%22video%2Fwebm%22%2C%22application%2Fjavascript%22%2C%22video%2Fogg%22%2C%22video%2Fmpeg%22%5D%2C%22protocols%22%3A%5B2%2C3%2C5%2C6%5D%2C%22linearity%22%3A1%2C%22api%22%3A%5B1%2C2%5D%2C%22maxduration%22%3A180%2C%22minduration%22%3A0%2C%22skippable%22%3Atrue%2C%22placement%22%3A3%7D%7D%5D%7D&auid=540882779&vwd=400&vht=225&aumfs=250
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.20.0.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/18.1.0 /
Resource Hash: 730fa1f3e8b3c4a223c4e69f4a27e690a4552f96ab97dba05b943dff44967658

Request headers

Referer: https://threatpost.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 19 May 2022 15:32:18 GMT
via: 1.1 google
server: OXGW/18.1.0
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: https://threatpost.com
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
content-type: application/json
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 106
expires: Mon, 26 Jul 1997 05:00:00 GMT

POST
H2 204 mvo Show response
tag.1rx.io/rmp/216475/0/ Frame F190 0
170 B 19ms
18ms XHR
text/plain 213.19.147.42
LEVEL3

General

Check archive.org

Show headers Download Go to

Full URL: https://tag.1rx.io/rmp/216475/0/mvo?z=1r&hbv=6.20,2.1
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.20.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 213.19.147.42 Utrecht, Netherlands, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Tengine /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatpost.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://threatpost.com
pragma: no-cache
date: Thu, 19 May 2022 15:32:18 GMT
cache-control: private, max-age=0, no-cache, no-store
access-control-allow-credentials: true
server: Tengine

POST
H2 200 bidRequest Show response
c2shb.pubgw.yahoo.com/ Frame F190 66 B
122 B 75ms
75ms XHR
application/json 35.157.246.167
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.pubgw.yahoo.com/bidRequest
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.20.0.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.157.246.167 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-157-246-167.eu-central-1.compute.amazonaws.com
Software: ATS/9.1.0.46 /
Resource Hash: 138fecc510e20ba15dad7fdbb18831cf9dd3b0c791d7ba31e11a412711f61ee1

Request headers

Referer: https://threatpost.com/
x-openrtb-version: 2.5
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type: application/json

Response headers

date: Thu, 19 May 2022 15:32:18 GMT
server: ATS/9.1.0.46
age: 0
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods: POST,GET,HEAD,OPTIONS
content-type: application/json;charset=utf-8
access-control-allow-origin: https://threatpost.com
access-control-allow-credentials: true
content-length: 66

OPTIONS
H2 200 bidRequest
c2shb.pubgw.yahoo.com/ Frame 0
0 36ms
9ms Preflight 35.157.246.167
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.pubgw.yahoo.com/bidRequest
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.157.246.167 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-157-246-167.eu-central-1.compute.amazonaws.com
Software: ATS/9.1.0.46 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,x-openrtb-version
Access-Control-Request-Method: POST
Origin: https://threatpost.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: X-Requested-With,Content-Type,X-Openrtb-Version
access-control-allow-methods: GET,POST,OPTIONS
access-control-allow-origin: https://threatpost.com
access-control-max-age: 600
age: 0
content-length: 0
date: Thu, 19 May 2022 15:32:18 GMT
server: ATS/9.1.0.46

GET
H2 200 cygnus Show response
htlb.casalemedia.com/ Frame F190 37 B
331 B 40ms
39ms XHR
application/json 23.32.59.34
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://htlb.casalemedia.com/cygnus?s=435871&v=8.1&ac=j&sd=1&nf=1&t=900&r=%7B%22id%22%3A%222136bad1bd766e8%22%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fthreatpost.com%2Fmalformed-url-prefix-phishing-attacks-spike-6000%2F164132%2F%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%2C%22ixdiag%22%3A%7B%22msd%22%3A0%2C%22msi%22%3A0%2C%22mfu%22%3A0%2C%22bu%22%3A0%2C%22iu%22%3A1%2C%22nu%22%3A0%2C%22ou%22%3A0%2C%22allu%22%3A1%2C%22ren%22%3Afalse%2C%22version%22%3A%226.20.0%22%2C%22userIds%22%3A%5B%5D%2C%22dms%22%3Atrue%7D%7D%2C%22imp%22%3A%5B%7B%22id%22%3A%2222aac2d97d279ee%22%2C%22ext%22%3A%7B%22siteID%22%3A%22435871%22%2C%22fl%22%3A%22p%22%7D%2C%22video%22%3A%7B%22mimes%22%3A%5B%22video%2Fmp4%22%2C%22video%2Fwebm%22%2C%22application%2Fjavascript%22%2C%22video%2Fogg%22%2C%22video%2Fmpeg%22%5D%2C%22minduration%22%3A0%2C%22maxduration%22%3A180%2C%22protocols%22%3A%5B1%2C2%2C3%2C4%2C5%2C6%2C7%2C8%5D%2C%22w%22%3A400%2C%22h%22%3A225%2C%22playerSize%22%3A%5B%5B400%2C225%5D%5D%2C%22linearity%22%3A1%2C%22api%22%3A%5B1%2C2%5D%2C%22skip%22%3A1%2C%22skipmin%22%3A31%2C%22skipafter%22%3A5%2C%22placement%22%3A3%7D%2C%22bidfloor%22%3A0.25%2C%22bidfloorcur%22%3A%22USD%22%7D%5D%2C%22at%22%3A1%2C%22source%22%3A%7B%22ext%22%3A%7B%22schain%22%3A%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22admetricspro.com%22%2C%22hp%22%3A1%2C%22sid%22%3A%221005%22%2C%22rid%22%3A%22814ab2a5-6d59-4dd5-930b-62ebf1f2ece7%22%7D%5D%7D%7D%7D%2C%22user%22%3A%7B%22eids%22%3A%5B%7B%22source%22%3A%22pubcid.org%22%2C%22uids%22%3A%5B%7B%22id%22%3A%225edeaf1b-ba1b-4b09-8018-3988ffe3c012%22%7D%5D%7D%5D%2C%22ext%22%3A%7B%22consent%22%3A%22%22%7D%7D%2C%22regs%22%3A%7B%22ext%22%3A%7B%22gdpr%22%3A0%7D%7D%7D
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.20.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.32.59.34 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-32-59-34.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: e486d9d1ff08d6f0279dd749acbbcb702c068f32644eb7564446c51c79e9f992

Request headers

Referer: https://threatpost.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 19 May 2022 15:32:18 GMT
x-ak-initial-geo: CC:[DE], RC:[HE], CN:[EU], CIP:[185.213.155.162], XFF:[]
server: Apache
content-type: application/json
access-control-allow-origin: https://threatpost.com
x-cs-client-geo: 12
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
content-length: 37
x-ak-client-geo: 12
expires: Thu, 19 May 2022 15:32:18 GMT

POST
H2 204 mvo Show response
tag.1rx.io/rmp/216476/0/ Frame F190 0
170 B 16ms
15ms XHR
text/plain 213.19.147.42
LEVEL3

General

Check archive.org

Show headers Download Go to

Full URL: https://tag.1rx.io/rmp/216476/0/mvo?z=1r&hbv=6.20,2.1
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.20.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 213.19.147.42 Utrecht, Netherlands, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Tengine /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatpost.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://threatpost.com
pragma: no-cache
date: Thu, 19 May 2022 15:32:18 GMT
cache-control: private, max-age=0, no-cache, no-store
access-control-allow-credentials: true
server: Tengine

GET
H3 200 avjp Show response
teachingaids-d.openx.net/v/1.0/ Frame F190 106 B
127 B 296ms
287ms XHR
application/json 34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://teachingaids-d.openx.net/v/1.0/avjp?ju=https%3A%2F%2Fthreatpost.com%2Fmalformed-url-prefix-phishing-attacks-spike-6000%2F164132%2F&ch=UTF-8&res=1600x1200x24&ifr=true&tz=0&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=b8c9864c-4c2a-41d9-a736-230a35c0dcc3&nocache=1652974338324&gdpr=0&pubcid=5edeaf1b-ba1b-4b09-8018-3988ffe3c012&schain=1.0%2C1!admetricspro.com%2C1005%2C1%2C814ab2a5-6d59-4dd5-930b-62ebf1f2ece7%2C%2C&openrtb=%7B%22imp%22%3A%5B%7B%22video%22%3A%7B%22w%22%3A400%2C%22h%22%3A225%2C%22mimes%22%3A%5B%22video%2Fmp4%22%2C%22video%2Fwebm%22%2C%22application%2Fjavascript%22%2C%22video%2Fogg%22%2C%22video%2Fmpeg%22%5D%2C%22protocols%22%3A%5B2%2C3%2C5%2C6%5D%2C%22linearity%22%3A1%2C%22api%22%3A%5B1%2C2%5D%2C%22maxduration%22%3A180%2C%22minduration%22%3A0%2C%22skippable%22%3Atrue%2C%22placement%22%3A3%7D%7D%5D%7D&auid=540882778&vwd=400&vht=225&aumfs=250
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.20.0.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/18.1.0 /
Resource Hash: 730fa1f3e8b3c4a223c4e69f4a27e690a4552f96ab97dba05b943dff44967658

Request headers

Referer: https://threatpost.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 19 May 2022 15:32:18 GMT
via: 1.1 google
server: OXGW/18.1.0
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: https://threatpost.com
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
content-type: application/json
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 106
expires: Mon, 26 Jul 1997 05:00:00 GMT

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame F190 139 B
833 B 53ms
53ms XHR
application/json 185.33.220.100
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.20.0.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.220.100 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

399.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

756994e8daab53b509f15a2571c7098c51bebe044a8d420d184c035a9fd30ba6

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Thu, 19 May 2022 15:32:18 GMT
X-Proxy-Origin: 185.213.155.162; 185.213.155.162; 399.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid: 2ab3306a-832d-403d-9c56-581298955a9d
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://threatpost.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 139
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 206 0.mp4 Show response
vid.connatix.com/pid-c2ecd04f-0dca-4ffa-8761-d93b34717380/60764267-557e-410f-85cb-f102d92ee134/73011a9c-95f2-46c8-9a01-034555124893/ Frame 5A63 642 KB
642 KB 11ms
11ms XHR
video/mp4 151.101.194.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://vid.connatix.com/pid-c2ecd04f-0dca-4ffa-8761-d93b34717380/60764267-557e-410f-85cb-f102d92ee134/73011a9c-95f2-46c8-9a01-034555124893/0.mp4
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/163173/hls.5b3b785f487abbe00eee.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.194.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: f3a6eebc7ff1d31a74d14dab4f193fc686e3a98aa7ff28c02f3c354ef1edddc9

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Range: bytes=1362-658295

Response headers

date: Thu, 19 May 2022 15:32:18 GMT
last-modified: Fri, 16 Apr 2021 16:56:42 GMT
age: 99033
etag: "2765fce7c127379623565a54077194cb"
access-control-max-age: 86400
content-type: video/mp4
Content-Range: bytes 1362-658295/4164439
cache-control: public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges: bytes
access-control-allow-origin: *
Content-Length: 656934

POST
H3 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 48ms
48ms XHR
text/plain 2a00:1450:4001:802::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&a=315433760&t=pageview&_s=1&dl=https%3A%2F%2Fthreatpost.com%2Fmalformed-url-prefix-phishing-attacks-spike-6000%2F164132%2F&dp=%2Fmalformed-url-prefix-phishing-attacks-spike-6000%2F164132%2F&ul=en-us&de=UTF-8&dt=Malformed%20URL%20Prefix%20Phishing%20Attacks%20Spike%206%2C000%25%20%7C%20Threatpost&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aEDAAEABAAAAAC~&jid=875315972&gjid=1467414750&cid=831842569.1652974338&uid=07144512937268953731553571648394467026&tid=UA-63997723-2&_gid=856756243.1652974338&_r=1&gtm=2wg5b0WZ7LJ3&cd14=no_locale&cd15=07144512937268953731553571648394467026&cd53=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F101.0.4951.64%20Safari%2F537.36&cd16=831842569.1652974338&z=391891964

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://threatpost.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 19 May 2022 15:32:18 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://threatpost.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 39ms
39ms Script
text/javascript 2a00:1450:4001:802::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WZ7LJ3

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 13 Apr 2022 21:02:38 GMT
server: Golfe2
age: 4390
date: Thu, 19 May 2022 14:19:08 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Thu, 19 May 2022 16:19:08 GMT

GET
H/1.1 200
OK insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 8 KB
3 KB 40ms
7ms Script
application/x-javascript 2a02:26f0:3500:16::215:14a0
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-T45JW6B&l=dataLayer
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:16::215:14a0 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 14f2ec002b176e0dee403cb7dd4ef2274a1353080e1e3e4084678770f4c15b9c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date: Thu, 19 May 2022 15:32:18 GMT
Content-Encoding: gzip
Last-Modified: Wed, 13 Apr 2022 23:25:22 GMT
X-CDN: AKAM
Vary: Accept-Encoding
Content-Type: application/x-javascript;charset=utf-8
Cache-Control: max-age=27597
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3085

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 95 KB
38 KB 47ms
47ms Script
application/javascript 2a00:1450:4001:829::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-9582686

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-T45JW6B&l=dataLayer

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

31cb9ddfefceef53f1de29fc79ec378b5b816eb60495eeb5476e02f379306116

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 19 May 2022 15:32:18 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38621
x-xss-protection: 0
last-modified: Thu, 19 May 2022 15:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 19 May 2022 15:32:18 GMT

POST
H3 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
25 B 56ms
19ms XHR
text/plain 2a00:1450:400c:c06::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-63997723-2&cid=831842569.1652974338&jid=875315972&uid=07144512937268953731553571648394467026&gjid=1467414750&_gid=856756243.1652974338&_u=aEDAAEABAAAAAC~&z=2064708912

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400c:c06::9d Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://threatpost.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Thu, 19 May 2022 15:32:18 GMT
content-type: text/plain
access-control-allow-origin: https://threatpost.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
792 B 171ms
51ms Script
application/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=threatpost.com

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 19 May 2022 15:32:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
549 B 129ms
46ms Script
application/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=threatpost.com

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 19 May 2022 15:32:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 98 KB
20 KB 512ms
437ms XHR
text/plain 172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2004210865176084&correlator=1149453361328285&eid=31067579%2C31067627%2C31060888&output=ldjh&gdfp_req=1&vrg=2022051601&ptt=17&impl=fifs&gdpr=0&us_privacy=1---&tfua=0&tfcd=0&iu_parts=22404337467%3A21707124336%2Cthreatpost-970x250-ATF%2Cthreatpost-300x250-ATF%2Cthreatpost-300x600-ATF%2Cthreatpost-2x2-Skin&enc_prev_ius=%2F0%2F1%2C%2F0%2F2%2C%2F0%2F3%2C%2F0%2F4&prev_iu_szs=728x90%7C970x250%7C970x90%2C300x250%7C336x280%2C300x250%7C300x600%2C2x2&ifi=1&adks=4166723991%2C1414505084%2C1356251026%2C3771495681&sfv=1-0-38&ecs=20220519&fsapi=false&prev_scp=amznbid%3D2%26amznp%3D2%26hb_adid_triplelift%3D64844fa13bb8258%26hb_bidder_triplelift%3Dtriplelift%26dyn_bids%3D0.13%26hb_adid%3D64844fa13bb8258%26hb_bidder%3Dtriplelift%7Camznbid%3D2%26amznp%3D2%26hb_adid_triplelift%3D657a2339313159%26hb_bidder_triplelift%3Dtriplelift%26dyn_bids%3D0.13%26hb_adid%3D657a2339313159%26hb_bidder%3Dtriplelift%7Camznbid%3D2%26amznp%3D2%7Camznbid%3D2%26amznp%3D2&eri=1&cust_params=urlhost%3Dhttps%253A%252F%252Fthreatpost.com%252F%26urlpath%3D%252Fmalformed-url-prefix-phishing-attacks-spike-6000%252F164132%252F%26urlquery%3Dgoogfc%26contentid%3D164132%26category%3Dmost-recent-threatlists%26contenttags%3D&sc=1&cookie_enabled=1&abxe=1&dt=1652974338683&lmt=1652974338&dlt=1652974335994&idt=1783&biw=1600&bih=1200&adxs=436%2C1082%2C1082%2C0&adys=8%2C166%2C899%2C8&ucis=1%7C2%7C3%7C4&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&nvt=1&url=https%3A%2F%2Fthreatpost.com%2Fmalformed-url-prefix-phishing-attacks-spike-6000%2F164132%2F&frm=20&vis=1&scr_x=0&scr_y=0&psz=728x0%7C300x0%7C300x0%7C1600x0&msz=728x0%7C300x0%7C300x0%7C1600x0&fws=0%2C0%2C0%2C0&ohw=0%2C0%2C0%2C0&ga_vid=831842569.1652974338&ga_sid=1652974339&ga_hid=315433760&ga_fc=true&btvi=0%7C0%7C0%7C0&topics=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022051601.js?cb=31067627

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

cafe /

Resource Hash

eaa9eff7e17fe08d2ea3348b440d635c2e7691570614a9d2b49cbe965e17bd28

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 19 May 2022 15:32:19 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20526
x-xss-protection: 0
google-lineitem-id: -1,-1,-1,-2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -1,-1,-1,-2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://threatpost.com
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 14 KB
10 KB 134ms
55ms XHR
application/json 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022051601&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022051601.js?cb=31067627

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

41c723ee718d6ebd761c45ec1764ba9f5d9408483af721b2218f79bca904d769

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 19 May 2022 15:32:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10556
x-xss-protection: 0

GET
H2 200 container.html Show response
94694d7dfe1d753cb61d8d1ee7ab1d24.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame BC84 6 KB
4 KB 172ms
44ms Document
text/html 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://94694d7dfe1d753cb61d8d1ee7ab1d24.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022051601.js?cb=31067627

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 19 May 2022 15:32:18 GMT
expires: Fri, 19 May 2023 15:32:18 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 189 KB
68 KB 48ms
48ms Script
application/javascript 2a00:1450:4001:829::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-YP1JLG57CH&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=DC-9582686

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

b50a9534df0f5e370e75b66b431cf97bd2513a6470ef7dbe4dfad00470b19017

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 19 May 2022 15:32:18 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 69641
x-xss-protection: 0
expires: Thu, 19 May 2022 15:32:18 GMT

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=39138&time=1652974338722&url=https%3A%2F%2Fthreatpost.com%2Fmalformed-url-prefix-phishing-attacks-spike-6000%2F164132%2F
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D39138%26time%3D1652974338722%26url%3Dhttps%253A%252F%252Fthreatpost.com%252Fmalfo...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=39138&time=1652974338722&url=https%3A%2F%2Fthreatpost.com%2Fmalformed-url-prefix-phishing-attacks-spike-6000%2F164132%2F&liSync=true
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=39138&time=1652974338722&url=https%3A%2F%2Fthreatpost.com%2Fmalformed-url-prefix-phishing-attacks-spike-6000%2F164132%2F&liSync=true&e_ipv6=AQJ4W...

0
483 B

262ms
207ms

Image
application/javascript

13.107.43.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=39138&time=1652974338722&url=https%3A%2F%2Fthreatpost.com%2Fmalformed-url-prefix-phishing-attacks-spike-6000%2F164132%2F&liSync=true&e_ipv6=AQJ4WF43cx-lWgAAAYDc8sS2Rlj5OHdYqhGGyRxQNgc1gOIQDKS_ed3SuUFOQaUcs5EBHvJE
Protocol: H2
Server: 13.107.43.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 19 May 2022 15:32:18 GMT
nel: {"report_to":"network-errors","max_age":1296000,"success_fraction":0.00066,"failure_fraction":1,"include_subdomains":true}
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: DE7D6CFB8FCD4DAEB1B3BED3943A2518 Ref B: VIEEDGE1213 Ref C: 2022-05-19T15:32:19Z
linkedin-action: 1
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin.com/li/rep"}],"include_subdomains":true}
content-type: application/javascript
x-li-proto: http/2
x-cache: CONFIG_NOCACHE
content-length: 0
x-li-uuid: AAXfXxRU+qBTGloK9ktQNg==
x-li-fabric: prod-lor1

Redirect headers

date: Thu, 19 May 2022 15:32:18 GMT
nel: {"report_to":"network-errors","max_age":1296000,"success_fraction":0.00066,"failure_fraction":1,"include_subdomains":true}
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: 17C61B94CDC045B6ACE1C2F03EFC8D1A Ref B: FRAEDGE1215 Ref C: 2022-05-19T15:32:19Z
linkedin-action: 1
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin.com/li/rep"}],"include_subdomains":true}
x-li-fabric: prod-lor1
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=39138&time=1652974338722&url=https%3A%2F%2Fthreatpost.com%2Fmalformed-url-prefix-phishing-attacks-spike-6000%2F164132%2F&liSync=true&e_ipv6=AQJ4WF43cx-lWgAAAYDc8sS2Rlj5OHdYqhGGyRxQNgc1gOIQDKS_ed3SuUFOQaUcs5EBHvJE
x-li-proto: http/2
x-cache: CONFIG_NOCACHE
content-length: 0
x-li-uuid: AAXfXxRQLeJhbqPACvrW8A==

GET
H2 206 0.mp4 Show response
vid.connatix.com/pid-c2ecd04f-0dca-4ffa-8761-d93b34717380/60764267-557e-410f-85cb-f102d92ee134/73011a9c-95f2-46c8-9a01-034555124893/ Frame 5A63 584 KB
584 KB 9ms
9ms XHR
video/mp4 151.101.194.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://vid.connatix.com/pid-c2ecd04f-0dca-4ffa-8761-d93b34717380/60764267-557e-410f-85cb-f102d92ee134/73011a9c-95f2-46c8-9a01-034555124893/0.mp4
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/163173/hls.5b3b785f487abbe00eee.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.194.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 5de89a6a87a2ad053db5b4f25a75dc7286b87ac559959e08f38dbc964fb0cd92

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Range: bytes=658296-1256353

Response headers

date: Thu, 19 May 2022 15:32:18 GMT
last-modified: Fri, 16 Apr 2021 16:56:42 GMT
age: 99034
etag: "2765fce7c127379623565a54077194cb"
access-control-max-age: 86400
content-type: video/mp4
Content-Range: bytes 658296-1256353/4164439
cache-control: public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges: bytes
access-control-allow-origin: *
Content-Length: 598058

GET
H3 200 ga-audiences
www.google.com/ads/ 42 B
63 B 63ms
63ms Image
image/gif 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-63997723-2&cid=831842569.1652974338&jid=875315972&_u=aEDAAEABAAAAAC~&z=466968431

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 19 May 2022 15:32:18 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ga-audiences
www.google.de/ads/ 42 B
63 B 143ms
62ms Image
image/gif 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-63997723-2&cid=831842569.1652974338&jid=875315972&_u=aEDAAEABAAAAAC~&z=466968431

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 19 May 2022 15:32:18 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H/1.1 200
OK mq Show response
capi-tier-1-us-east-2.connatix.com/tr/ Frame 5A63 0
315 B 108ms
107ms XHR
application/x-protobuf 3.18.237.195
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://capi-tier-1-us-east-2.connatix.com/tr/mq?v=163173
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.18.237.195 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-18-237-195.us-east-2.compute.amazonaws.com
Software: Kestrel /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type: multipart/form-data

Response headers

date: Thu, 19 May 2022 15:32:18 GMT
content-encoding: gzip
server: Kestrel
vary: Accept-Encoding
content-type: application/x-protobuf
access-control-allow-origin: https://threatpost.com
access-control-allow-credentials: true
Connection: keep-alive
Content-Length: 20

GET
H3

200

activityi;dc_pre=CI3dvaLx6_cCFdZDHQkdasQNEw;src=9582686;type=globalc;cat=globa0;ord=3682334307575;gtm=2od5b0;auiddc=1053594478.1652974339;u1=B2C;u2=no_locale;u4=threatpost.com;u5=%2Fmalformed-url-p... Show response
9582686.fls.doubleclick.net/ Frame 06B7
Redirect Chain

https://9582686.fls.doubleclick.net/activityi;src=9582686;type=globalc;cat=globa0;ord=3682334307575;gtm=2od5b0;auiddc=1053594478.1652974339;u1=B2C;u2=no_locale;u4=threatpost.com;u5=%2Fmalformed-url...
https://9582686.fls.doubleclick.net/activityi;dc_pre=CI3dvaLx6_cCFdZDHQkdasQNEw;src=9582686;type=globalc;cat=globa0;ord=3682334307575;gtm=2od5b0;auiddc=1053594478.1652974339;u1=B2C;u2=no_locale;u4=...

684 B
486 B

141ms
62ms

Document
text/html

172.217.18.102
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://9582686.fls.doubleclick.net/activityi;dc_pre=CI3dvaLx6_cCFdZDHQkdasQNEw;src=9582686;type=globalc;cat=globa0;ord=3682334307575;gtm=2od5b0;auiddc=1053594478.1652974339;u1=B2C;u2=no_locale;u4=threatpost.com;u5=%2Fmalformed-url-prefix-phishing-attacks-spike-6000%2F164132%2F;u6=;u7=07144512937268953731553571648394467026-831842569.1652974338;u9=_malformed-url-prefix-phishing-attacks-spike-6000_164132_;~oref=https%3A%2F%2Fthreatpost.com%2Fmalformed-url-prefix-phishing-attacks-spike-6000%2F164132%2F?

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=DC-9582686

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.102 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s42-in-f6.1e100.net

Software

cafe /

Resource Hash

90722426ba7a5ecf33f2834d120ba26f6a5fd310e562f4a6d4bfb800173305fd

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: about:blank
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=0
content-encoding: gzip
content-length: 461
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 19 May 2022 15:32:19 GMT
expires: Thu, 19 May 2022 15:32:19 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 19 May 2022 15:32:19 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown: 1
location: https://9582686.fls.doubleclick.net/activityi;dc_pre=CI3dvaLx6_cCFdZDHQkdasQNEw;src=9582686;type=globalc;cat=globa0;ord=3682334307575;gtm=2od5b0;auiddc=1053594478.1652974339;u1=B2C;u2=no_locale;u4=threatpost.com;u5=%2Fmalformed-url-prefix-phishing-attacks-spike-6000%2F164132%2F;u6=;u7=07144512937268953731553571648394467026-831842569.1652974338;u9=_malformed-url-prefix-phishing-attacks-spike-6000_164132_;~oref=https%3A%2F%2Fthreatpost.com%2Fmalformed-url-prefix-phishing-attacks-spike-6000%2F164132%2F?
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 386ms
48ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 19 May 2022 15:32:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 19 May 2022 15:32:19 GMT

POST
H3 204 collect
www.google-analytics.com/g/ 0
17 B 45ms
45ms Ping
text/plain 2a00:1450:4001:802::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google-analytics.com/g/collect?v=2&tid=G-YP1JLG57CH&gtm=2oe5b0&_p=315433760&_z=ccd.tbB&cid=831842569.1652974338&ul=en-us&sr=1600x1200&_s=1&sid=1652974338&sct=1&seg=0&dl=https%3A%2F%2Fthreatpost.com%2Fmalformed-url-prefix-phishing-attacks-spike-6000%2F164132%2F&dt=Malformed%20URL%20Prefix%20Phishing%20Attacks%20Spike%206%2C000%25%20%7C%20Threatpost&en=page_view&_fv=1&_ss=1&ep.pageType=other&ep.businessType=b2c&ep.siteType=Default&ep.siteClass=Websites&ep.siteLocale=%5BNULL%5D&ep.pageName=websites%20%3E%20malformed-url-prefix-phishing-attacks-spike-6000%2F164132&ep.campaign=&ep.acCampaignId=&ep.omnitureVisitorId=07144512937268953731553571648394467026
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-YP1JLG57CH&l=dataLayer&cx=c
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:802::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 19 May 2022 15:32:18 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://threatpost.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 s34310440165095
kaspersky.d3.sc.omtrdc.net/b/ss/kaspersky-single-suite/1/JS-2.22.3/ 43 B
245 B 17ms
17ms Image
image/gif 13.36.218.177
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://kaspersky.d3.sc.omtrdc.net/b/ss/kaspersky-single-suite/1/JS-2.22.3/s34310440165095?AQB=1&ndh=1&pf=1&t=19%2F4%2F2022%2015%3A32%3A18%204%200&mid=07144512937268953731553571648394467026&aamlh=6&ce=UTF-8&ns=kaspersky&cdp=2&pageName=websites%20%3E%20malformed-url-prefix-phishing-attacks-spike-6000%2F164132&g=https%3A%2F%2Fthreatpost.com%2Fmalformed-url-prefix-phishing-attacks-spike-6000%2F164132%2F&cc=USD&ch=websites&server=threatpost.com&aamb=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&c2=other&c3=b2c&v3=websites%20%3E%20malformed-url-prefix-phishing-attacks-spike-6000%2F164132&v9=https%3A%2F%2Fthreatpost.com%2Fmalformed-url-prefix-phishing-attacks-spike-6000%2F164132%2F&c20=url&c29=v1%3As_code_single_suite.js%3AtrackPageView%20%3E%20sng.t%3Ap&c30=v1%3A20220414%3A289%3ANextGen%3A%5BNULL%5D&c31=https%3A%2F%2Fthreatpost.com%2Fmalformed-url-prefix-phishing-attacks-spike-6000%2F164132%2F&v44=D%3Dv3&c47=Default&v47=D%3Dc47&c51=Websites&c57=%5BNULL%5D&v57=D%3Dc57&c58=Malformed%20URL%20Prefix%20Phishing%20Attacks%20Spike%206%2C000%25%20%7C%20Threatpost&v71=v1%3APage%20View%3A%5BNULL%5D&v113=07144512937268953731553571648394467026&v116=831842569.1652974338&v125=0.3646358988004579_1652974337538&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&mcorgid=983502BE532960BE0A490D4C%40AdobeOrg&AQE=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.36.218.177 Paris, France, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-13-36-218-177.eu-west-3.compute.amazonaws.com

Software

jag /

Resource Hash

a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 19 May 2022 15:32:19 GMT
x-content-type-options: nosniff
x-c: main-1645.Id526ce.M0-571
p3p: CP="This is not a P3P policy"
content-length: 43
x-xss-protection: 1; mode=block
pragma: no-cache
last-modified: Fri, 20 May 2022 15:32:19 GMT
server: jag
xserver: anedge-df488f754-g65hw
etag: 3549735364134535168-4619620617861092739
vary: *
content-type: image/gif;charset=utf-8
access-control-allow-origin: *
cache-control: no-cache, no-store, max-age=0, no-transform, private
expires: Wed, 18 May 2022 15:32:19 GMT

GET
H2 200 bl-b318b8b-eb6591db.js Show response
tagan.adlightning.com/math-aids-threatpost/ Frame CE1C 47 KB
20 KB 8ms
8ms Script
application/javascript 65.9.63.123
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/math-aids-threatpost/bl-b318b8b-eb6591db.js
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.63.123 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-63-123.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 774f2434b1fe7dd4390dc990faeac81493165957972002b126e0a4d14720a194

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Wed, 18 May 2022 18:38:07 GMT
content-encoding: gzip
age: 75253
x-cache: Hit from cloudfront
content-length: 19745
x-amz-meta-git_commit: b318b8b
last-modified: Wed, 18 May 2022 18:20:00 GMT
server: AmazonS3
etag: "9e4155727e5fcd7430fa89390a19b267"
x-amz-version-id: .qaRnGUeAvfTLcnXgCiu2MkvhXKhlmu8
via: 1.1 b8fb5d47d5536b63dd25111404e6e2e4.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: FRA56-C1
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: 9AT6Vg92WeFgYEViqjvRMrLj_UoS-hTtT-EwP23OZCQ2BhTM7acmHA==

GET
H2 200 b-7b120a5-9b871d4e.js Show response
tagan.adlightning.com/math-aids-threatpost/ Frame CE1C 73 KB
28 KB 10ms
10ms Script
application/javascript 65.9.63.123
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.63.123 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-63-123.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 4658e1122a2190db712f6731d3e8c14b027f0a42bd7c1333b11d272f8e9ea3fd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Fri, 01 Oct 2021 20:58:51 GMT
content-encoding: gzip
age: 19852409
x-cache: Hit from cloudfront
content-length: 28179
x-amz-meta-git_commit: 7b120a5
last-modified: Mon, 16 Aug 2021 17:49:31 GMT
server: AmazonS3
etag: "c42a7ac1ac405f3f0cad04305cad5553"
x-amz-version-id: HCJNSpgvHPkSF2.YDap.Qx6PnxOllH79
via: 1.1 b8fb5d47d5536b63dd25111404e6e2e4.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: FRA56-C1
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: Di3TzWOEh46BWCGS74oLSCbEoHRXutYZedfqBpy6WG0PhyntuJP0JQ==

GET
H3 200 container.html Show response
94694d7dfe1d753cb61d8d1ee7ab1d24.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 4E18 6 KB
3 KB 119ms
40ms Document
text/html 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://94694d7dfe1d753cb61d8d1ee7ab1d24.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 19 May 2022 15:32:18 GMT
expires: Fri, 19 May 2023 15:32:18 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 bl-b318b8b-eb6591db.js Show response
tagan.adlightning.com/math-aids-threatpost/ Frame 0D53 47 KB
20 KB 8ms
8ms Script
application/javascript 65.9.63.123
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/math-aids-threatpost/bl-b318b8b-eb6591db.js
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.63.123 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-63-123.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 774f2434b1fe7dd4390dc990faeac81493165957972002b126e0a4d14720a194

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Wed, 18 May 2022 18:38:07 GMT
content-encoding: gzip
age: 75253
x-cache: Hit from cloudfront
content-length: 19745
x-amz-meta-git_commit: b318b8b
last-modified: Wed, 18 May 2022 18:20:00 GMT
server: AmazonS3
etag: "9e4155727e5fcd7430fa89390a19b267"
x-amz-version-id: .qaRnGUeAvfTLcnXgCiu2MkvhXKhlmu8
via: 1.1 b8fb5d47d5536b63dd25111404e6e2e4.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: FRA56-C1
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: bxF2bqNveqqK66g4M8UIwJomzsmFpSs_TQ4KIn8rcFw7r7jhOAVFxg==

GET
H2 200 b-7b120a5-9b871d4e.js Show response
tagan.adlightning.com/math-aids-threatpost/ Frame 0D53 73 KB
28 KB 9ms
9ms Script
application/javascript 65.9.63.123
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.63.123 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-63-123.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 4658e1122a2190db712f6731d3e8c14b027f0a42bd7c1333b11d272f8e9ea3fd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Fri, 01 Oct 2021 20:58:51 GMT
content-encoding: gzip
age: 19852409
x-cache: Hit from cloudfront
content-length: 28179
x-amz-meta-git_commit: 7b120a5
last-modified: Mon, 16 Aug 2021 17:49:31 GMT
server: AmazonS3
etag: "c42a7ac1ac405f3f0cad04305cad5553"
x-amz-version-id: HCJNSpgvHPkSF2.YDap.Qx6PnxOllH79
via: 1.1 b8fb5d47d5536b63dd25111404e6e2e4.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: FRA56-C1
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: 61WRdv0ieAqLSkdCQgEP_TKjeQsjG-QWCDSvQ0BbT32MdBn7E2Ykag==

GET
H3 200 dc_pre=CI3dvaLx6_cCFdZDHQkdasQNEw;src=9582686;type=globalc;cat=globa0;ord=3682334307575;gtm=2od5b0;auiddc=*;u1=B2C;u2=no_locale;u4=threatpost.com;u5=%2Fmalformed-url-prefix-phishing-attacks-spike-6...
adservice.google.com/ddm/fls/z/ Frame 06B7 42 B
63 B 150ms
76ms Image
image/gif 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=CI3dvaLx6_cCFdZDHQkdasQNEw;src=9582686;type=globalc;cat=globa0;ord=3682334307575;gtm=2od5b0;auiddc=*;u1=B2C;u2=no_locale;u4=threatpost.com;u5=%2Fmalformed-url-prefix-phishing-attacks-spike-6000%2F164132%2F;u6=;u7=07144512937268953731553571648394467026-831842569.1652974338;u9=_malformed-url-prefix-phishing-attacks-spike-6000_164132_;~oref=https%3A%2F%2Fthreatpost.com%2Fmalformed-url-prefix-phishing-attacks-spike-6000%2F164132%2F

Requested by

Host: 9582686.fls.doubleclick.net
URL: https://9582686.fls.doubleclick.net/activityi;dc_pre=CI3dvaLx6_cCFdZDHQkdasQNEw;src=9582686;type=globalc;cat=globa0;ord=3682334307575;gtm=2od5b0;auiddc=1053594478.1652974339;u1=B2C;u2=no_locale;u4=threatpost.com;u5=%2Fmalformed-url-prefix-phishing-attacks-spike-6000%2F164132%2F;u6=;u7=07144512937268953731553571648394467026-831842569.1652974338;u9=_malformed-url-prefix-phishing-attacks-spike-6000_164132_;~oref=https%3A%2F%2Fthreatpost.com%2Fmalformed-url-prefix-phishing-attacks-spike-6000%2F164132%2F?

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9582686.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 19 May 2022 15:32:19 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 701D 13 KB
5 KB 121ms
39ms Document
text/html 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 5786
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 19 May 2022 13:55:53 GMT
expires: Fri, 19 May 2023 13:55:53 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame AA41 783 B
534 B 50ms
50ms Document
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

30b37635a5c22e5edf4ed8e71b422183a8d682d975bba08a197b5f48227f8487

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-8hZpYy5XI-UdhPhJh8cA9g' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://threatpost.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=300
content-encoding: gzip
content-length: 512
content-security-policy: script-src 'report-sample' 'nonce-8hZpYy5XI-UdhPhJh8cA9g' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Thu, 19 May 2022 15:32:19 GMT
expires: Thu, 19 May 2022 15:32:19 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H2 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/012204292129000/ Frame CE1C 220 KB
61 KB 153ms
39ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012204292129000/amp4ads-v0.mjs

Requested by

Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8438fcae135714383f2e8b95e9a173d7dae352e433c16c07ab158e6c88c489d0

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 280031
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 61295
x-xss-protection: 0
server: sffe
date: Mon, 16 May 2022 09:45:08 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "c00c4adb72e5cb7f"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 16 May 2023 09:45:08 GMT

GET
H2 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/012204292129000/v0/ Frame CE1C 14 KB
5 KB 218ms
105ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012204292129000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

42bd99c9d9c85bebd6419be0bc7cab4bbdd98f3743d9c0bf7e3e62cd627cb581

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 280031
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5188
x-xss-protection: 0
server: sffe
date: Mon, 16 May 2022 09:45:08 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "176361d496ccc411"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 16 May 2023 09:45:08 GMT

GET
H2 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/012204292129000/v0/ Frame CE1C 94 KB
28 KB 226ms
112ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012204292129000/v0/amp-analytics-0.1.mjs

Requested by

Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a05fdfb3e658a59c3b08dc4d5787cf76826988866a1be0bac3710c7753640d1f

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 280031
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28840
x-xss-protection: 0
server: sffe
date: Mon, 16 May 2022 09:45:08 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "4b15b3c971f95798"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 16 May 2023 09:45:08 GMT

GET
H2 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/012204292129000/v0/ Frame CE1C 5 KB
2 KB 240ms
127ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012204292129000/v0/amp-fit-text-0.1.mjs

Requested by

Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

742106aba0be6db1086baa20c675ca18298baf0eecf4f0ad7a99111be6796446

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 273180
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1906
x-xss-protection: 0
server: sffe
date: Mon, 16 May 2022 11:39:19 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "a2652581fdabc981"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 16 May 2023 11:39:19 GMT

GET
H2 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/012204292129000/v0/ Frame CE1C 40 KB
13 KB 241ms
128ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012204292129000/v0/amp-form-0.1.mjs

Requested by

Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

151ca0dbdad0610cbb5b206a106dd32b5a5915325c96ec690652e0e47abf8465

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 280031
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12953
x-xss-protection: 0
server: sffe
date: Mon, 16 May 2022 09:45:08 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "8a2450dae6a66803"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 16 May 2023 09:45:08 GMT

GET
H3 200 17275517015290395079
tpc.googlesyndication.com/simgad/ Frame CE1C 20 KB
21 KB 46ms
43ms Image
image/png 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/17275517015290395079?sqp=4sqPyQQ7QjkqNxABHQAAtEIgASgBMAk4A0DwkwlYAWBfcAKAAQGIAQGdAQAAgD-oAQGwAYCt4gS4AV_FAS2ynT4&rs=AOga4qn10d4Bny8v_E8HLdn4ajb44FrIBg

Requested by

Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1bb584045b2dcfac0d456cc2f2fafb51e7538a1cadf025b20c350dc73617b4cc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Mon, 16 May 2022 23:18:24 GMT
x-content-type-options: nosniff
age: 231235
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20970
x-xss-protection: 0
last-modified: Tue, 28 Sep 2021 19:08:47 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Tue, 16 May 2023 23:18:24 GMT

GET
H3 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame CE1C 2 KB
2 KB 44ms
42ms Image
image/png 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Wed, 18 May 2022 18:59:48 GMT
x-content-type-options: nosniff
server: cafe
age: 73951
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
etag: 14819457070020093239
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Thu, 19 May 2022 18:59:48 GMT

GET
H3 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame CE1C 295 B
319 B 43ms
41ms Image
image/png 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 19 May 2022 05:43:34 GMT
x-content-type-options: nosniff
server: cafe
age: 35325
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
etag: 426692510519060060
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Fri, 20 May 2022 05:43:34 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame CE1C 0
0 47ms
47ms Image
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRJSyZ5a4LFAi2Fv9pxUVKoJJcjlT9cgj1vYHEoofmn1of33CkL06QV5PSH5Tgq79Z0TALodxNn4cAHF6ryWeKAkgM_nA
Requested by: Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame CE1C 0
0 82ms
81ms Image
text/html 172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CNJ7bAmOGYqyEMuThx_APvv-ZSOHB_rdo1YvR6J4PuLD5uNUIEAEg-ZvxhAFgleKQgqAHoAGzqLL7AcgBAuACAKgDAcgDCKoEqwJP0Pn5B52v-09a7wQrdpYJhQRWffs3_30B5n-_GbZpYkzVu5JvxmHNqAvZ2X5hr26bVDj___XpZcDnfFJEJbjhbo83T4qzjDqi-NTME5PYPPXBEZRJ1hOJvYtRuXkpEMO50wQ-EyS-jEF5LgzI5s_T_QFjU7pAFawO7pqqGH7dgXJLafd3sQ1YFcMYNQk-CsmxmTKLKsOijd_EY6ZPtFNQAafftnPINjvHpcyVjLgM6kIkJaENGiPWzt9VrL9Bk0jMN3jRDgQm6H4dXsLq8gArdAiepZo3gBTd0Jw5LbJ3ERHUSmS9YR38eMzz_aUpCEgkS_zpgVfz-2OMNXwZR-5shqz-w8KoVPUvSuVPEqnzXQMpPLVsaakMAHNlBHwUk9m6qEzWlqDU11US6sAErv6w8_ED4AQBkgUECAQYAZIFBAgFGASgBgKAB7XXzYQCqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhvYBwHyBwQQ3e1d0ggHCIhhEAEYHYAKA8gLAdgTDdAVAZgWAYAXAbIXHgocCAASFHB1Yi00MTEzNjgxODgyMzExNDU1GITbew&sigh=d-ir44ujXuU&uach_m=[UACH]
Requested by: Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.217.16.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra15s46-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

GET
DATA 200
OK truncated
/ Frame CE1C 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 75362920484d3a761605cafe6487770e20074acbae9bbd4c64d4a65b51cbd583

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/012204292129000/ Frame 0D53 220 KB
60 KB 114ms
113ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012204292129000/amp4ads-v0.mjs

Requested by

Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8438fcae135714383f2e8b95e9a173d7dae352e433c16c07ab158e6c88c489d0

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 280031
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 61295
x-xss-protection: 0
server: sffe
date: Mon, 16 May 2022 09:45:08 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "c00c4adb72e5cb7f"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 16 May 2023 09:45:08 GMT

GET
H2 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/012204292129000/v0/ Frame 0D53 14 KB
5 KB 138ms
137ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012204292129000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

42bd99c9d9c85bebd6419be0bc7cab4bbdd98f3743d9c0bf7e3e62cd627cb581

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 280031
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5188
x-xss-protection: 0
server: sffe
date: Mon, 16 May 2022 09:45:08 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "176361d496ccc411"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 16 May 2023 09:45:08 GMT

GET
H2 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/012204292129000/v0/ Frame 0D53 94 KB
28 KB 139ms
138ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012204292129000/v0/amp-analytics-0.1.mjs

Requested by

Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a05fdfb3e658a59c3b08dc4d5787cf76826988866a1be0bac3710c7753640d1f

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 280031
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28840
x-xss-protection: 0
server: sffe
date: Mon, 16 May 2022 09:45:08 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "4b15b3c971f95798"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 16 May 2023 09:45:08 GMT

GET
H2 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/012204292129000/v0/ Frame 0D53 5 KB
2 KB 146ms
145ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012204292129000/v0/amp-fit-text-0.1.mjs

Requested by

Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

742106aba0be6db1086baa20c675ca18298baf0eecf4f0ad7a99111be6796446

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 273180
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1906
x-xss-protection: 0
server: sffe
date: Mon, 16 May 2022 11:39:19 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "a2652581fdabc981"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 16 May 2023 11:39:19 GMT

GET
H2 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/012204292129000/v0/ Frame 0D53 40 KB
13 KB 146ms
145ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012204292129000/v0/amp-form-0.1.mjs

Requested by

Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

151ca0dbdad0610cbb5b206a106dd32b5a5915325c96ec690652e0e47abf8465

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 280031
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12953
x-xss-protection: 0
server: sffe
date: Mon, 16 May 2022 09:45:08 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "8a2450dae6a66803"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 16 May 2023 09:45:08 GMT

GET
H3 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 0D53 2 KB
2 KB 39ms
38ms Image
image/png 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Wed, 18 May 2022 18:59:48 GMT
x-content-type-options: nosniff
server: cafe
age: 73951
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
etag: 14819457070020093239
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Thu, 19 May 2022 18:59:48 GMT

GET
H3 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 0D53 295 B
319 B 39ms
39ms Image
image/png 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 19 May 2022 05:43:34 GMT
x-content-type-options: nosniff
server: cafe
age: 35325
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
etag: 426692510519060060
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Fri, 20 May 2022 05:43:34 GMT

GET
H3 200 12292965368575836593
tpc.googlesyndication.com/simgad/ Frame 0D53 66 KB
66 KB 41ms
40ms Image
image/jpeg 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/12292965368575836593?sqp=4sqPyQQ7QjkqNxABHQAAtEIgASgBMAk4A0DwkwlYAWBfcAKAAQGIAQGdAQAAgD-oAQGwAYCt4gS4AV_FAS2ynT4&rs=AOga4qms813sT0Epg_A-hxkWXTAjJyRC7Q

Requested by

Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c43dcf156cbf8999aad6ccc1e0d5b9b39a7675ccd02679daa1aca4503205773a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Sun, 15 May 2022 08:20:03 GMT
x-content-type-options: nosniff
age: 371536
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 67564
x-xss-protection: 0
last-modified: Tue, 09 Mar 2021 23:57:40 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Mon, 15 May 2023 08:20:03 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 0D53 0
0 47ms
47ms Image
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQpdHrp8RElWgpdun90cSsCyPQ1okb_DrukaZqkcD9HDWTR-VSysBG1_0iH_pa-2HawCtJsKKUkAS6pehDcSuZUM_ADcQ
Requested by: Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 0D53 0
0 79ms
78ms Image
text/html 172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=COCNnAmOGYq6EMuThx_APvv-ZSKjOg9RoiKbFyIoPuLD5uNUIEAEg-ZvxhAFgleKQgqAHoAGzqLL7AcgBAuACAKgDAcgDCKoErgJP0PunQQ7yT4_OlvwAVwoWT2wJY7cckDG8aqg8pACHt_tanfwxr_4L5B4pKFgocfWnpy1XXpS-befkCMg0yN8F0rjdpsys6G62i-SN8PtewvM9EdNuAF7eiLXJ1XWY0tsDre3h9CSaMiAZpwI4dk0xhyajvVgQdDS7CnAq4lQUavFAfDrkL8ZgtEU0ckoV5XKuIDQRbrjZTPNdJFnT93vv71c7sMiG_mfk4yivTBcxwgMpPd_gvVDjFA01-QWYKpcS9935RBvEa7g_JtUgqMKDEupTcEPNZKp4qrOzR89BazCqoB8-fIZGd1wgN02gK_FqBo2RLStx9fRqkmqUWVAADL3AxSrF3Nosw4gk9fvM1St0tO-HVHAHetLOHMom4pmYZhLe714qdFjCjMYW4cAE6vXt8ewD4AQBkgUECAQYAZIFBAgFGASgBgKAB7XXzYQCqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhvYBwHyBwQQvusm0ggHCIhhEAEYHYAKA8gLAdgTDdAVAZgWAYAXAbIXHgocCAASFHB1Yi00MTEzNjgxODgyMzExNDU1GITbew&sigh=LXl2p9MKO4E&uach_m=[UACH]
Requested by: Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.217.16.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra15s46-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

GET
DATA 200
OK truncated
/ Frame 0D53 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2bbfaded57d0e8461b1093cdf7d054ea70737cc246729db66f153d7f73c9522f

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 bl-b318b8b-eb6591db.js Show response
tagan.adlightning.com/math-aids-threatpost/ Frame 4E18 47 KB
20 KB 8ms
7ms Script
application/javascript 65.9.63.123
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/math-aids-threatpost/bl-b318b8b-eb6591db.js
Requested by: Host: 94694d7dfe1d753cb61d8d1ee7ab1d24.safeframe.googlesyndication.com
URL: https://94694d7dfe1d753cb61d8d1ee7ab1d24.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.63.123 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-63-123.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 774f2434b1fe7dd4390dc990faeac81493165957972002b126e0a4d14720a194

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://94694d7dfe1d753cb61d8d1ee7ab1d24.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Wed, 18 May 2022 18:38:07 GMT
content-encoding: gzip
age: 75253
x-cache: Hit from cloudfront
content-length: 19745
x-amz-meta-git_commit: b318b8b
last-modified: Wed, 18 May 2022 18:20:00 GMT
server: AmazonS3
etag: "9e4155727e5fcd7430fa89390a19b267"
x-amz-version-id: .qaRnGUeAvfTLcnXgCiu2MkvhXKhlmu8
via: 1.1 b8fb5d47d5536b63dd25111404e6e2e4.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: FRA56-C1
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: VP5iKF8PpJdIPLcfFk_MzbbRkKnQee5L4rUg3Fzg2IsDy1HkCsEbYw==

GET
H2 200 b-7b120a5-9b871d4e.js Show response
tagan.adlightning.com/math-aids-threatpost/ Frame 4E18 73 KB
28 KB 9ms
8ms Script
application/javascript 65.9.63.123
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js
Requested by: Host: 94694d7dfe1d753cb61d8d1ee7ab1d24.safeframe.googlesyndication.com
URL: https://94694d7dfe1d753cb61d8d1ee7ab1d24.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.63.123 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-63-123.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 4658e1122a2190db712f6731d3e8c14b027f0a42bd7c1333b11d272f8e9ea3fd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://94694d7dfe1d753cb61d8d1ee7ab1d24.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Fri, 01 Oct 2021 20:58:51 GMT
content-encoding: gzip
age: 19852409
x-cache: Hit from cloudfront
content-length: 28179
x-amz-meta-git_commit: 7b120a5
last-modified: Mon, 16 Aug 2021 17:49:31 GMT
server: AmazonS3
etag: "c42a7ac1ac405f3f0cad04305cad5553"
x-amz-version-id: HCJNSpgvHPkSF2.YDap.Qx6PnxOllH79
via: 1.1 b8fb5d47d5536b63dd25111404e6e2e4.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: FRA56-C1
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: x_t84MLZb_95SxoXhEDz_C6eQK_8f3U4DIEU20Y4OH9wmj9v5lHe_A==

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 4E18 42 B
63 B 69ms
68ms Image
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-An55JY335gxceCMc4DniU6z5lC1iUREwkSdAzqN21W9NXJ2_1sNyKqHq0ixDdiKJvh1B92KuG1W4ES0rc2IeLndZ6ZZ-5655DGFIycyhjUe08c7VE

Requested by

Host: 94694d7dfe1d753cb61d8d1ee7ab1d24.safeframe.googlesyndication.com
URL: https://94694d7dfe1d753cb61d8d1ee7ab1d24.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://94694d7dfe1d753cb61d8d1ee7ab1d24.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 19 May 2022 15:32:19 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220516/r20110914/client/ Frame 4E18 3 KB
1 KB 39ms
38ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220516/r20110914/client/window_focus_fy2019.js

Requested by

Host: 94694d7dfe1d753cb61d8d1ee7ab1d24.safeframe.googlesyndication.com
URL: https://94694d7dfe1d753cb61d8d1ee7ab1d24.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://94694d7dfe1d753cb61d8d1ee7ab1d24.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 19 May 2022 15:26:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 345
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 02 Jun 2022 15:26:34 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220516/r20110914/client/ Frame 4E18 16 KB
7 KB 39ms
38ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220516/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 94694d7dfe1d753cb61d8d1ee7ab1d24.safeframe.googlesyndication.com
URL: https://94694d7dfe1d753cb61d8d1ee7ab1d24.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0351eef55e48244d3adae2b701dc82e6696074e872889aa2b4587448a2339671

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://94694d7dfe1d753cb61d8d1ee7ab1d24.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 19 May 2022 15:23:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 535
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7048
x-xss-protection: 0
server: cafe
etag: 17289513661582941094
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 02 Jun 2022 15:23:24 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 4E18 135 KB
41 KB 379ms
299ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 94694d7dfe1d753cb61d8d1ee7ab1d24.safeframe.googlesyndication.com
URL: https://94694d7dfe1d753cb61d8d1ee7ab1d24.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

35d962f44b1208c783395315f2793914f30a7df4aed795e62885e30675532830

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://94694d7dfe1d753cb61d8d1ee7ab1d24.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 19 May 2022 15:32:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42375
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1652873336749811"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 19 May 2022 15:32:20 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame AA41 0
0 207ms
133ms Image
text/html 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022051601&jk=2004210865176084&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

GET
H3 200 Yd3cEgPtLOfKcy7GxWkHziCM9jl-6RVWGk-YTJsF5Kc.js Show response
pagead2.googlesyndication.com/bg/ Frame 701D 35 KB
13 KB 109ms
36ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Yd3cEgPtLOfKcy7GxWkHziCM9jl-6RVWGk-YTJsF5Kc.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61dddc1203ed2ce7ca732ec6c56907ce208cf6397ee915561a4f984c9b05e4a7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 19 May 2022 15:30:58 GMT
content-encoding: br
x-content-type-options: nosniff
age: 81
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13574
x-xss-protection: 0
last-modified: Mon, 09 May 2022 12:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 19 May 2023 15:30:58 GMT

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame F8BB 499 B
694 B 145ms
50ms Document
text/html 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CMr9xPwCEOXgtpkDGKq16MkBMAE&v=APEucNXghWpoa1uFjNhuxnpgemaYdoLcJnFVljLgZ95zN1rrN1kIh2_1tfEUgxpq0kl9yhOL3EtangXmE3406RGO3ONS_JHUMCcoZ3AZSIDIdOOP-XCTHi8

Requested by

Host: 94694d7dfe1d753cb61d8d1ee7ab1d24.safeframe.googlesyndication.com
URL: https://94694d7dfe1d753cb61d8d1ee7ab1d24.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5ee2a16d4f8f9629ae75e0f94473f8601a4e0bf9527ba4467a094926e0947505

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://94694d7dfe1d753cb61d8d1ee7ab1d24.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: gzip
content-length: 237
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 19 May 2022 15:32:20 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 4E18 56 KB
27 KB 197ms
133ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DlkHiOifx1IOcCCQsBxL9-qQNVVsuUxNsb9wKHm_9NZ0qBMihyujPa5M51V0_4Aww3zY8j2hgBmPBkCyvYcXukS4jLzg&cry=1&dbm_d=AKAmf-Bb3CWgQdZvOEaUhGR-2U7JHjGbwaqmyu9ty9wbXDOBXNMvxw9qQUSlnUNEOp0ma53TvCOTN5VXUmqm-0T3ALn0gimBD1Af04amZWJiaPBItJUrVEopJF4qWK5V5BchmotFXrCGOrOMkrnJmQ_uJ_HDRZXXIxtSu8Ax6OUP6sOo0rKuGJ-0e9W0QrU_9F7Pj4WZtc93N0NeDKJ2-0VQ974o8-dqy3DL_Ware-_QfB1X8fJup8fuGyK_syOQB_EjVbVXwyIKp6TgF9THlAbiSkyBvxuyrYw11ev9AoITjiA51ybnR300eRRKfXtmfFDgUPxiqgjcdlUnS3BKHmv-h5-3EXSfyO-qiOygvHzhpLX0Wm0JFvRkXyXaDFSVle6Bu1EU9BuKHtqK4G3nrHtffwoQZkmOnC45TfuunnAtLL45CrAVwPk9gNz8IPzxsc4hL1XMf43abZdS3EFgq75qKjd-tTu3Z4xtMxsuBMfmmACe_mwU8IdpEf8dgB1IcsOL4VHkdXXgFVfqGtYBRKCXDBz9mDXojmVEYq_HQR4ujXqVXS258AEiJm_U035IqZZLPYiWCrjbwpu3P9pnJ1jOdjmjkwM6ZYHxBDxSbCDi87K9Hv1I1RshYPP69LtZQ4FrI5Z5dIJYhc7RMGiqyL66IjBQI4mME2VgHaaLhDFO7qn0v3fjRMLjEMi_vdkh_NqNVavUDZz6ijMYluRQjVXB0glahiEEFbBFtBfKCgPDtmTGaJGl3wn5aYrccIqcSktsZlQQ8Ogn3fKlomnQv5UOb5Y_0C9LH4d4sbuGqYv0YUaOyerspA6a9lML-y0Suu0HALaC4VogUIh9FZOjqykMJn-QMCYP6UrwS7CoewNVQdTxXHgNnxtVL3_hUTK_kmdz_kS5T_RowCn_bVvooQgPAruTYcCCnXmAKiKvZ9faMOXvvx78TVGi9179oP2AAZF1U18_yTfKhnFjtDTIgPhISqK6O2sZgDAs6jxqQAD6RxdjhZhZk9DpStGnUSL11g9GP7lK9VhMce4IEhnmYNtu1Iv00KD9ZpOQvGmS65EMrMqGC3okAnjqfSMdyHYNT6ATSTHZvdCbgZzQkKful48JBoNyWZt8JuNWCQPkhXABBpHLRNWI-3zxCByxjaJLtedcN1qgsxMFz8DEKMNn3OcYUy5UjRaCgIRjErotJeMMUVYfX-lADBPvgjsvnGiBrVDoQ3Hdf6mz2TejvbVA-g_AlqcxFQ3_qUGRVawo6uFVV7wP13qR-TDKq7i7ZJ4XwPRctAHBAAyAiQBZIGSkAv0qDvRXzZMdKkXhNF9SP8gsPfcZbt0IzndwZxDvL8DMBv4VaCM6Rr0TOEk0ATJifbNfEdeckJ2EAo6eVt4EWEspQGSoftw_H6fJTO73AgsumAzn9Ss6Y8vwJkMJeT-7A0gjJae1ameXLQ3WxEgdHLGezvWeCBwFLKYl3YhvIgr1v8m9CwIFnNuvwPNRoowea4uIhPOyNz2IyDCDrIqG1sny_X0zu4f05Kg9gJqtv2OVe9H9VerPxwm9djjysljlx_p4ub7NRhrjmSDTNvAxeapxD3WOvuEXel0YIXApl-a46P92wmL9QBgzQSMrt4b5CuCXygTaaMjzmFdyn3T7FKUaCIct6dWZ3JWMYxKSCk_HQNs-pHeM6Bb4b66U5gFJEcoB3IYX-SAjhw_nJ9y5VD6ZMT5ZalVDALGW7YnfTsrY4zSE9H2cFpRy9eXG1egq5ilthf6PuBCnan0Y3ll8-14pkLMoV_BltAFYCFcEqNmo20RSD7SpmiFIjMtcX35PyN3pgJzmKmyV2H5xLQM9caWT-_lv3uXCTOvayLyEu7bWCyEvqphMDoKxLMjpFg3bMlRN0yzJ6HPUpr3BCR70B_I4mlb0ZUwLt6lt3Wwc4w_KHSm4NGMk0lY555Q57evIfqSVUrzYQzDbCPnYXIZJuzxMJ71y9p1ixCOI3oj4wzPrjlDCqgNBUtrnbkkgtYXf_aFvXvZIekYprcKJae_i1Mtc4gRk_lPUjLw3VZ05G7uuotaIJPAca_jaRgmTu3ZqYMCyw2irvJ6tu7P-XKEBBX1rUoWNwDLSenlt-8R_FffBECvW1RjcFM41O8gS6nhHXNPPZDEm7bcD4vVXV1BPLQTNecU14p8jSSxOT5uhhPMZdo39pZgbQHQlrDONqMow22afRKLfyl-G5JfU6PBhfvhmRL0dBg8UpYj_xIc9cEFSfovJwlxgOaDLe7pz2npPGKAQo4IoQMIA2aTMcNT71UWIE7cYZpOZwUWrg8xSprAOWOKIOhNjAFHiI4QRV7xo-80Gomewy3IBNsogi7pH_PnBvkH7pUZt1F5Dw36eVwocWChFEjWUkBmot8xweYiLHLQnT9aL0ZpzBtkHKqoF84dioUMpCB0Y6jJUrW7qyDtq_Z6ENzb5IdOTtEgHhUkHp1db9LtgR3JMXcFiFSrsRmc_AuzocahZi4zMJELE1zvnP93Dcr6Gk1vGvbi-xEHWU2bg0RC4pwV3-ESbsFaCBjg4P_mBFNd-zRX2IJnMN9QS--db78n3DY6ku1A85JzDf5-JOHJkybbuyNPX-CPNhEdtqG8WjnE07zU9cwEMYK7LVgVp6qLupaDo3De5N_x8TnPHJsQBXU2UVSy-r5xI2g9IlnXkbRMePdfD8V725qVX4aX6ueJF8sBoyJis9UZCULgw1pHAS0RygLEqXua5ynQrrC78IMlK_JhOlIQLdzYmpo5ZgTeUPx-RmmylX2SiLAKM75mnU24B6w8pk7xvGePkhcrPRVpe8UjXHN2Mwq0C6SpZh-AmbDcDzxVOB6aCz13QovU5AKzFwefRe3K84a9MzsEd0WMdxzYRHYOLefu7nCLaSxudelt87jahRGU52iLhYFB3HO_87tKPM4z74kptPnDFAEiFGbklIYuVK4sPuqMNTK5owy9pIrrP_wXj7lL8xqdrA1TD98Pm9GjnBxkIE9qIv4UazxXYusvFowOlB_wa_xVGX97NBEySJvaSAjZsHSyKZo8rXUM2ZzCQOygEL46U7eK7CZKhwkme56WGyMPpkK4jYDKuzbKL77-7DharZhbvrNK5GVZAeF6so34-N7OKgxTJp-ZG1pv0WSgm2vpbHC_g4_KiDEOJEQnPAFbu4i2-p9tZUg&cid=CAASJ-Ro-Hfxzjcye8kAEA02X84S0X2QRZ9zdEwFg_52lF2PVHRK3BPkRg&rfl=1%2Chttps%253A%252F%252Fthreatpost.com%252F%240

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bc14e6a1c4bc1ec5812fdd9e39afd24de372ef4bfa195e754999309553a5ad3f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://94694d7dfe1d753cb61d8d1ee7ab1d24.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 19 May 2022 15:32:20 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27284
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

si
googleads.g.doubleclick.net/pagead/drt/ Frame CE1C
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
0

213ms
133ms

Image
text/html

2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Requested by: Host: threatpost.com
URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/
Protocol: H3
Server: 2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Redirect headers

date: Thu, 19 May 2022 15:32:20 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control: private
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

POST
H/1.1 200
OK sv Show response
capi-tier-1-us-east-2.connatix.com/tr/ Frame 5A63 0
315 B 107ms
107ms XHR
application/x-protobuf 3.18.237.195
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://capi-tier-1-us-east-2.connatix.com/tr/sv?v=163173
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.18.237.195 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-18-237-195.us-east-2.compute.amazonaws.com
Software: Kestrel /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type: multipart/form-data

Response headers

date: Thu, 19 May 2022 15:32:19 GMT
content-encoding: gzip
server: Kestrel
vary: Accept-Encoding
content-type: application/x-protobuf
access-control-allow-origin: https://threatpost.com
access-control-allow-credentials: true
Connection: keep-alive
Content-Length: 20

GET
H3

200

si
googleads.g.doubleclick.net/pagead/drt/ Frame 0D53
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
0

146ms
132ms

Image
text/html

2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Protocol: H3
Server: 2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Redirect headers

date: Thu, 19 May 2022 15:32:20 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control: private
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3 200 12292965368575836593
tpc.googlesyndication.com/simgad/ Frame 0D53 66 KB
66 KB 39ms
39ms Image
image/jpeg 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/12292965368575836593?sqp=4sqPyQQ7QjkqNxABHQAAtEIgASgBMAk4A0DwkwlYAWBfcAKAAQGIAQGdAQAAgD-oAQGwAYCt4gS4AV_FAS2ynT4&rs=AOga4qms813sT0Epg_A-hxkWXTAjJyRC7Q

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012204292129000/amp4ads-v0.mjs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c43dcf156cbf8999aad6ccc1e0d5b9b39a7675ccd02679daa1aca4503205773a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Sun, 15 May 2022 08:20:03 GMT
x-content-type-options: nosniff
age: 371537
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 67564
x-xss-protection: 0
last-modified: Tue, 09 Mar 2021 23:57:40 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Mon, 15 May 2023 08:20:03 GMT

GET
H3 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 0D53 2 KB
2 KB 45ms
45ms Image
image/png 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012204292129000/amp4ads-v0.mjs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Wed, 18 May 2022 18:59:48 GMT
x-content-type-options: nosniff
server: cafe
age: 73952
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
etag: 14819457070020093239
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Thu, 19 May 2022 18:59:48 GMT

GET
H3 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 0D53 295 B
319 B 45ms
45ms Image
image/png 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012204292129000/amp4ads-v0.mjs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 19 May 2022 05:43:34 GMT
x-content-type-options: nosniff
server: cafe
age: 35326
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
etag: 426692510519060060
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Fri, 20 May 2022 05:43:34 GMT

GET
H2 200 pixel
cm.g.doubleclick.net/ Frame F8BB 170 B
243 B 81ms
31ms Image
image/png 142.251.36.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=adscale&google_cm&google_dbm&gdpr=0

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMr9xPwCEOXgtpkDGKq16MkBMAE&v=APEucNXghWpoa1uFjNhuxnpgemaYdoLcJnFVljLgZ95zN1rrN1kIh2_1tfEUgxpq0kl9yhOL3EtangXmE3406RGO3ONS_JHUMCcoZ3AZSIDIdOOP-XCTHi8

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.36.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

prg03s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 19 May 2022 15:32:20 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame F8BB
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm&gdpr=0
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEiaC_JQ2frrLxWEJ-s2-H0&google_cver=1&gdpr=0

43 B
894 B

14ms
13ms

Image
image/gif

69.192.160.245
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEiaC_JQ2frrLxWEJ-s2-H0&google_cver=1&gdpr=0
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMr9xPwCEOXgtpkDGKq16MkBMAE&v=APEucNXghWpoa1uFjNhuxnpgemaYdoLcJnFVljLgZ95zN1rrN1kIh2_1tfEUgxpq0kl9yhOL3EtangXmE3406RGO3ONS_JHUMCcoZ3AZSIDIdOOP-XCTHi8
Protocol: HTTP/1.1
Server: 69.192.160.245 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a69-192-160-245.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 19 May 2022 15:32:20 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 19 May 2022 15:32:20 GMT

Redirect headers

pragma: no-cache
date: Thu, 19 May 2022 15:32:20 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEiaC_JQ2frrLxWEJ-s2-H0&google_cver=1&gdpr=0
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 324
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame F8BB
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&gdpr=0&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgdpr%3D0%26google_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&gdpr=0&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?gdpr=0&google_nid=casale_media2_dsp_secure&google_cm&google_hm=YoZjBB5Gz2Mr607LjzNzCQAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEiaC_JQ2frrLxWEJ-s2-H0&google_cver=1&gdpr=0

43 B
894 B

12ms
12ms

Image
image/gif

69.192.160.245
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEiaC_JQ2frrLxWEJ-s2-H0&google_cver=1&gdpr=0
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMr9xPwCEOXgtpkDGKq16MkBMAE&v=APEucNXghWpoa1uFjNhuxnpgemaYdoLcJnFVljLgZ95zN1rrN1kIh2_1tfEUgxpq0kl9yhOL3EtangXmE3406RGO3ONS_JHUMCcoZ3AZSIDIdOOP-XCTHi8
Protocol: HTTP/1.1
Server: 69.192.160.245 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a69-192-160-245.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 19 May 2022 15:32:20 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 19 May 2022 15:32:20 GMT

Redirect headers

pragma: no-cache
date: Thu, 19 May 2022 15:32:20 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEiaC_JQ2frrLxWEJ-s2-H0&google_cver=1&gdpr=0
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 324
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20220516/r20110914/ Frame 4E18 27 KB
10 KB 36ms
36ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220516/r20110914/abg_lite.js

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

562a8a15e1881723d0fa7826cbaf1ca561428ab33b7ef214b6894449e9a76a34

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://94694d7dfe1d753cb61d8d1ee7ab1d24.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 19 May 2022 15:31:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 26
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10462
x-xss-protection: 0
server: cafe
etag: 108952690031844284
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 02 Jun 2022 15:31:54 GMT

GET
H3 200 95421915590139360
s0.2mdn.net/simgad/ Frame 4E18 78 KB
78 KB 122ms
42ms Image
image/png 2a00:1450:4001:829::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/95421915590139360

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

222993cdf8e48181408c34eba8f3a4402d1b8cc978c018e21838606275d59df0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://94694d7dfe1d753cb61d8d1ee7ab1d24.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Sun, 15 May 2022 23:45:40 GMT
x-content-type-options: nosniff
age: 316000
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 79385
x-xss-protection: 0
last-modified: Thu, 05 May 2022 11:43:01 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 15 May 2023 23:45:40 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20220516/r20110914/elements/html/ Frame 4E18 8 KB
3 KB 36ms
36ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220516/r20110914/elements/html/omrhp.js

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

28f18d39406a4b70dfa6cd479fe03f7ed918ca5c05cee26b87d9e1626cea1ed9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://94694d7dfe1d753cb61d8d1ee7ab1d24.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 19 May 2022 15:28:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 211
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3159
x-xss-protection: 0
server: cafe
etag: 1394524276809619753
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 02 Jun 2022 15:28:49 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 4E18 41 KB
15 KB 39ms
38ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://94694d7dfe1d753cb61d8d1ee7ab1d24.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Wed, 18 May 2022 11:48:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 99828
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 18 May 2023 11:48:32 GMT

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 4E18 0
622 B 159ms
76ms Ping
image/gif 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsur2vxbRDajFuDwz0GzzFiJDuD7R-zfz8dnbu1JvqkywrsoTDACk8HHnlIOVrzN0D5yEGhKBHBmlXSvTdtx62xG2dPz3PxQrUun1S43x9rw2nMpgELki_5oOzElauYnY3PSiMHzM7A7zdYQUqufxDlPnfzcFoGFv41ouUFOGlcSmJnk9hir_Ny11KHGPhQrcRKp7OBGz62xUKGLDbhd-zcB7AWY-uTSOHpPZID38vYLM4HPgiTuH9Hm2qoRYdmdBLwsSLr9XjNUObsKjEGv1bLff-jzSNQI2WSUotpb9S1lkIjeojMKghJw4OV3CxRJpMr2hAMg8-STqYJMcgjUaCeqv4tgyel27Y2ndhOmPG_-srokIpAXXu3aaekqD09EMd2dcfrG_j5fmCwSyO9ObIh_pH8gQ6djdkXbg1dIMMVvXaODjIuO58uTnKTBTfXWodlnV-T0dFQ86EUa8uZ868EIEpsv2ef9HYvcEyK6A8cMjBgzz4BY5FOWCEBDhSv9DlQLFdSHft7vdk3Oy8vPBoLPWssO5PWrSb-vqJfNEDrrASHTqiPNL-Zy8t8s5vRi8WviRs6rcyfZYNO58z3KhOL1jS-AGEEG0Jo9op4LfDe8XOnham2F4sdym6BEEs6QPaLYAaXMWeMZfYeoDsONSMQrG4rhGdk55pg5IKheinLnYpzgJknZnKzl4b10sVqjKY6s5BRYIYYOTJ05WxQfidLo8Vsz1m-nIF7O7dwsPhXsWqV-LHoIjzgMJWLxzI88hrYHmd_kxSdYENXNUxicNoIgAkOiQU9GyzgLap4yzMuVN5s91ePNMmCoUlD8H_iwSmn1tGH5UpOpfluH2dJ67POCJUCZtLQysAho3UjzFG_yI880IEkHVEq26NOH111hJN_kPKTJz26rseHirmfWD6i1uq4W1ehyRvAtsQdZGl5oxBqTZG8b82t_1Emg8Nad7COGW8OhFGXw0jI_U8j0XjZQEKJ649CRyBqsyvcRREhoMQPmaavd-Fye-hnehas_zSJoKJ2uPPn9PQE-JKTAgq3q2ep6HhOUKHVhXBCvZhHw-2lUwYbCHhIsZW_wf4KltNpoVKJuZ-94j8DEFBvyY9c7GJdfCiV75at2b87QI80NXM-k1IruW1kUwPb35pg51Qy19IQ&sai=AMfl-YSMYhwJQglnxjUy5nQb8kn0m50nO7FMW3mmS_WJVxC7v6f3aMj22DcRxxG3bQuzreKx0EIqup-aNkxLUB5ai8PD_T3SG0IcGq_DYRjHyzPlAXY6-8sM8ntl8i4e1ve8cL2zlHnPajZJS9Di6OxqR2LXKpQSdvg7C-dPuOYDO9gftpSmGS-s7Y9Q9nGUhYrpYBgFUllfgOlCmIgb85t1Tve223apMvE&sig=Cg0ArKJSzB5ngdbZzR1hEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=12&cbvp=1&cstd=0&cisv=r20220516.19322&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&adurl=

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DlkHiOifx1IOcCCQsBxL9-qQNVVsuUxNsb9wKHm_9NZ0qBMihyujPa5M51V0_4Aww3zY8j2hgBmPBkCyvYcXukS4jLzg&cry=1&dbm_d=AKAmf-Bb3CWgQdZvOEaUhGR-2U7JHjGbwaqmyu9ty9wbXDOBXNMvxw9qQUSlnUNEOp0ma53TvCOTN5VXUmqm-0T3ALn0gimBD1Af04amZWJiaPBItJUrVEopJF4qWK5V5BchmotFXrCGOrOMkrnJmQ_uJ_HDRZXXIxtSu8Ax6OUP6sOo0rKuGJ-0e9W0QrU_9F7Pj4WZtc93N0NeDKJ2-0VQ974o8-dqy3DL_Ware-_QfB1X8fJup8fuGyK_syOQB_EjVbVXwyIKp6TgF9THlAbiSkyBvxuyrYw11ev9AoITjiA51ybnR300eRRKfXtmfFDgUPxiqgjcdlUnS3BKHmv-h5-3EXSfyO-qiOygvHzhpLX0Wm0JFvRkXyXaDFSVle6Bu1EU9BuKHtqK4G3nrHtffwoQZkmOnC45TfuunnAtLL45CrAVwPk9gNz8IPzxsc4hL1XMf43abZdS3EFgq75qKjd-tTu3Z4xtMxsuBMfmmACe_mwU8IdpEf8dgB1IcsOL4VHkdXXgFVfqGtYBRKCXDBz9mDXojmVEYq_HQR4ujXqVXS258AEiJm_U035IqZZLPYiWCrjbwpu3P9pnJ1jOdjmjkwM6ZYHxBDxSbCDi87K9Hv1I1RshYPP69LtZQ4FrI5Z5dIJYhc7RMGiqyL66IjBQI4mME2VgHaaLhDFO7qn0v3fjRMLjEMi_vdkh_NqNVavUDZz6ijMYluRQjVXB0glahiEEFbBFtBfKCgPDtmTGaJGl3wn5aYrccIqcSktsZlQQ8Ogn3fKlomnQv5UOb5Y_0C9LH4d4sbuGqYv0YUaOyerspA6a9lML-y0Suu0HALaC4VogUIh9FZOjqykMJn-QMCYP6UrwS7CoewNVQdTxXHgNnxtVL3_hUTK_kmdz_kS5T_RowCn_bVvooQgPAruTYcCCnXmAKiKvZ9faMOXvvx78TVGi9179oP2AAZF1U18_yTfKhnFjtDTIgPhISqK6O2sZgDAs6jxqQAD6RxdjhZhZk9DpStGnUSL11g9GP7lK9VhMce4IEhnmYNtu1Iv00KD9ZpOQvGmS65EMrMqGC3okAnjqfSMdyHYNT6ATSTHZvdCbgZzQkKful48JBoNyWZt8JuNWCQPkhXABBpHLRNWI-3zxCByxjaJLtedcN1qgsxMFz8DEKMNn3OcYUy5UjRaCgIRjErotJeMMUVYfX-lADBPvgjsvnGiBrVDoQ3Hdf6mz2TejvbVA-g_AlqcxFQ3_qUGRVawo6uFVV7wP13qR-TDKq7i7ZJ4XwPRctAHBAAyAiQBZIGSkAv0qDvRXzZMdKkXhNF9SP8gsPfcZbt0IzndwZxDvL8DMBv4VaCM6Rr0TOEk0ATJifbNfEdeckJ2EAo6eVt4EWEspQGSoftw_H6fJTO73AgsumAzn9Ss6Y8vwJkMJeT-7A0gjJae1ameXLQ3WxEgdHLGezvWeCBwFLKYl3YhvIgr1v8m9CwIFnNuvwPNRoowea4uIhPOyNz2IyDCDrIqG1sny_X0zu4f05Kg9gJqtv2OVe9H9VerPxwm9djjysljlx_p4ub7NRhrjmSDTNvAxeapxD3WOvuEXel0YIXApl-a46P92wmL9QBgzQSMrt4b5CuCXygTaaMjzmFdyn3T7FKUaCIct6dWZ3JWMYxKSCk_HQNs-pHeM6Bb4b66U5gFJEcoB3IYX-SAjhw_nJ9y5VD6ZMT5ZalVDALGW7YnfTsrY4zSE9H2cFpRy9eXG1egq5ilthf6PuBCnan0Y3ll8-14pkLMoV_BltAFYCFcEqNmo20RSD7SpmiFIjMtcX35PyN3pgJzmKmyV2H5xLQM9caWT-_lv3uXCTOvayLyEu7bWCyEvqphMDoKxLMjpFg3bMlRN0yzJ6HPUpr3BCR70B_I4mlb0ZUwLt6lt3Wwc4w_KHSm4NGMk0lY555Q57evIfqSVUrzYQzDbCPnYXIZJuzxMJ71y9p1ixCOI3oj4wzPrjlDCqgNBUtrnbkkgtYXf_aFvXvZIekYprcKJae_i1Mtc4gRk_lPUjLw3VZ05G7uuotaIJPAca_jaRgmTu3ZqYMCyw2irvJ6tu7P-XKEBBX1rUoWNwDLSenlt-8R_FffBECvW1RjcFM41O8gS6nhHXNPPZDEm7bcD4vVXV1BPLQTNecU14p8jSSxOT5uhhPMZdo39pZgbQHQlrDONqMow22afRKLfyl-G5JfU6PBhfvhmRL0dBg8UpYj_xIc9cEFSfovJwlxgOaDLe7pz2npPGKAQo4IoQMIA2aTMcNT71UWIE7cYZpOZwUWrg8xSprAOWOKIOhNjAFHiI4QRV7xo-80Gomewy3IBNsogi7pH_PnBvkH7pUZt1F5Dw36eVwocWChFEjWUkBmot8xweYiLHLQnT9aL0ZpzBtkHKqoF84dioUMpCB0Y6jJUrW7qyDtq_Z6ENzb5IdOTtEgHhUkHp1db9LtgR3JMXcFiFSrsRmc_AuzocahZi4zMJELE1zvnP93Dcr6Gk1vGvbi-xEHWU2bg0RC4pwV3-ESbsFaCBjg4P_mBFNd-zRX2IJnMN9QS--db78n3DY6ku1A85JzDf5-JOHJkybbuyNPX-CPNhEdtqG8WjnE07zU9cwEMYK7LVgVp6qLupaDo3De5N_x8TnPHJsQBXU2UVSy-r5xI2g9IlnXkbRMePdfD8V725qVX4aX6ueJF8sBoyJis9UZCULgw1pHAS0RygLEqXua5ynQrrC78IMlK_JhOlIQLdzYmpo5ZgTeUPx-RmmylX2SiLAKM75mnU24B6w8pk7xvGePkhcrPRVpe8UjXHN2Mwq0C6SpZh-AmbDcDzxVOB6aCz13QovU5AKzFwefRe3K84a9MzsEd0WMdxzYRHYOLefu7nCLaSxudelt87jahRGU52iLhYFB3HO_87tKPM4z74kptPnDFAEiFGbklIYuVK4sPuqMNTK5owy9pIrrP_wXj7lL8xqdrA1TD98Pm9GjnBxkIE9qIv4UazxXYusvFowOlB_wa_xVGX97NBEySJvaSAjZsHSyKZo8rXUM2ZzCQOygEL46U7eK7CZKhwkme56WGyMPpkK4jYDKuzbKL77-7DharZhbvrNK5GVZAeF6so34-N7OKgxTJp-ZG1pv0WSgm2vpbHC_g4_KiDEOJEQnPAFbu4i2-p9tZUg&cid=CAASJ-Ro-Hfxzjcye8kAEA02X84S0X2QRZ9zdEwFg_52lF2PVHRK3BPkRg&rfl=1%2Chttps%253A%252F%252Fthreatpost.com%252F%240

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://94694d7dfe1d753cb61d8d1ee7ab1d24.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
date: Thu, 19 May 2022 15:32:20 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
DATA 200
OK truncated
/ Frame 4E18 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 84679c97a2a832dd7376e931ab630d1ada748daecb36380e2cc6157ac3a2b677

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 701D 0
9 B 45ms
45ms Image
text/plain 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?PcCltQ
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 19 May 2022 15:32:20 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 56FF 22 KB
8 KB 41ms
40ms Document
text/html 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://94694d7dfe1d753cb61d8d1ee7ab1d24.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 99827
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 18 May 2022 11:48:33 GMT
expires: Thu, 18 May 2023 11:48:33 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 Yd3cEgPtLOfKcy7GxWkHziCM9jl-6RVWGk-YTJsF5Kc.js Show response
pagead2.googlesyndication.com/bg/ Frame 56FF 35 KB
13 KB 36ms
36ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Yd3cEgPtLOfKcy7GxWkHziCM9jl-6RVWGk-YTJsF5Kc.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61dddc1203ed2ce7ca732ec6c56907ce208cf6397ee915561a4f984c9b05e4a7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 19 May 2022 15:30:58 GMT
content-encoding: br
x-content-type-options: nosniff
age: 82
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13574
x-xss-protection: 0
last-modified: Mon, 09 May 2022 12:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 19 May 2023 15:30:58 GMT

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 4E18 0
26 B 131ms
67ms Ping
image/gif 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsur2vxbRDajFuDwz0GzzFiJDuD7R-zfz8dnbu1JvqkywrsoTDACk8HHnlIOVrzN0D5yEGhKBHBmlXSvTdtx62xG2dPz3PxQrUun1S43x9rw2nMpgELki_5oOzElauYnY3PSiMHzM7A7zdYQUqufxDlPnfzcFoGFv41ouUFOGlcSmJnk9hir_Ny11KHGPhQrcRKp7OBGz62xUKGLDbhd-zcB7AWY-uTSOHpPZID38vYLM4HPgiTuH9Hm2qoRYdmdBLwsSLr9XjNUObsKjEGv1bLff-jzSNQI2WSUotpb9S1lkIjeojMKghJw4OV3CxRJpMr2hAMg8-STqYJMcgjUaCeqv4tgyel27Y2ndhOmPG_-srokIpAXXu3aaekqD09EMd2dcfrG_j5fmCwSyO9ObIh_pH8gQ6djdkXbg1dIMMVvXaODjIuO58uTnKTBTfXWodlnV-T0dFQ86EUa8uZ868EIEpsv2ef9HYvcEyK6A8cMjBgzz4BY5FOWCEBDhSv9DlQLFdSHft7vdk3Oy8vPBoLPWssO5PWrSb-vqJfNEDrrASHTqiPNL-Zy8t8s5vRi8WviRs6rcyfZYNO58z3KhOL1jS-AGEEG0Jo9op4LfDe8XOnham2F4sdym6BEEs6QPaLYAaXMWeMZfYeoDsONSMQrG4rhGdk55pg5IKheinLnYpzgJknZnKzl4b10sVqjKY6s5BRYIYYOTJ05WxQfidLo8Vsz1m-nIF7O7dwsPhXsWqV-LHoIjzgMJWLxzI88hrYHmd_kxSdYENXNUxicNoIgAkOiQU9GyzgLap4yzMuVN5s91ePNMmCoUlD8H_iwSmn1tGH5UpOpfluH2dJ67POCJUCZtLQysAho3UjzFG_yI880IEkHVEq26NOH111hJN_kPKTJz26rseHirmfWD6i1uq4W1ehyRvAtsQdZGl5oxBqTZG8b82t_1Emg8Nad7COGW8OhFGXw0jI_U8j0XjZQEKJ649CRyBqsyvcRREhoMQPmaavd-Fye-hnehas_zSJoKJ2uPPn9PQE-JKTAgq3q2ep6HhOUKHVhXBCvZhHw-2lUwYbCHhIsZW_wf4KltNpoVKJuZ-94j8DEFBvyY9c7GJdfCiV75at2b87QI80NXM-k1IruW1kUwPb35pg51Qy19IQ&sai=AMfl-YSMYhwJQglnxjUy5nQb8kn0m50nO7FMW3mmS_WJVxC7v6f3aMj22DcRxxG3bQuzreKx0EIqup-aNkxLUB5ai8PD_T3SG0IcGq_DYRjHyzPlAXY6-8sM8ntl8i4e1ve8cL2zlHnPajZJS9Di6OxqR2LXKpQSdvg7C-dPuOYDO9gftpSmGS-s7Y9Q9nGUhYrpYBgFUllfgOlCmIgb85t1Tve223apMvE&sig=Cg0ArKJSzB5ngdbZzR1hEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=174&vt=11&dtpt=162&dett=2&cstd=0&cisv=r20220516.19322&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&adurl=

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://94694d7dfe1d753cb61d8d1ee7ab1d24.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 19 May 2022 15:32:20 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 56FF 0
20 B 72ms
72ms Image
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=B0TQuBGOGYqDZAoq03gOhvICYCwAAAAA4AeAEAg&bg=!2Nul25_NAAZL3OSAa9w7ACkAdvg8WuFIvWgPMij0vBLDxRXhOeXkRRWR5mAyYUb0YnWB3aB9swl6YgIAAABXUgAAAAJoAQeZAvuZyInpq1xKhViLUDLcCR8mOQDvfQO7szZdiCh_SjEwO5gmBDL8x8KwcGcdIEZNTKWKRL2VEtZsD60UjjiP8UqGCSrOBRiCIUmnOpaakPy5e6fRq_uN-CjHRaxiRQAa-9IC_jY-9h6YaeGZZ9JQFLXjes4qfYNIk8gDkvgBjfUra1cDT4j0s9MaeddxzUHdEcBm3UQCIw_FKudsFNCwQ9S5FDQ7l24Z-IyXSjmsX-9tkVA6ZwNES-dk72fA0x0GeWPD6y01KmLbW8EyzY4d5jqUB_TRwGHC56nTFWC7jxtbmkTwouXFCUVZ82XEcvQSNaddeJ0dR4WfGqKap8ZmbEzMsB6d7McFPaZJW6gz95p7_zAysRagcu2uZg_GV-cXSWYrCzG3f7c7RPyY18S5dj_5WKYT4eb8GidYoXZsBOv3ezWzw0WggVJ5fZY094hKdjtSGWqf-JB3MOHR1_tGmxkA8TejRYOE4XfpFPsIny6JPeGBOhDnLPTJMkBOouzuCv6M1nKxXZWpcInTSkdIV7OF4Fxfr6-cRIX28_a0KdfJo16rakIF-KCzs-VLIntn59VIcwreCGvOxToc0ezzoGosv9lhc1ctx59ggc6t9KaZ_ehyBVGmI5Zy-zHt3ovny3iylQOi1sCg58-snpDzd9fDEbRdO6BwHi2Lwq4M26F94UQx7JCVnEfLCnnTI0VIe5ZXvJHUdI0lHVsOQpXp43a5kmiP8qKgoW3v5a0lty_6WgOrI9psmLWMoXgesSz-p9rm2gKBRxOM_7UmkEagNaLx7rj5HO_-8-AovLFqLw7TuleSQjA176z21WYhOpqWTSH5m3kwiDsnNmIZB2tGlaZYPuLTiPEpZSEpqGqhVzhVmQ8kGh7Evtibbl3NdTYKJxqfLBZC3QXYcZjiFa_JibG75jOa4EiHEXdGwBxXukJc6OLgDm5vShb43jz1OKe5d6QOKYiST1OQQIiPoUQZCOOefnDPcnclKxxCUUQv5siLZk2KESe4LHoNH8p-

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 19 May 2022 15:32:20 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 103ms
103ms Image
text/html 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_2022051601&jk=2004210865176084&bg=!JiWlJWHNAAZL3OSAa9w7ACkAdvg8Wuc3oReYJkFm3bMFklypsrW1j7kSK7VCHytZawGTIWBMRRHRYwIAAAFBUgAAAAloAQcKAAcFdYKJmuxImQKc_COwpSkt4fAweiYt5byEkr4So1Qxruwjk9XSiBttPmo3eeuWLS3OA47MnDMRjzfcagT-CZGcBkrF53SrSvDpQCY10YkuTXxmjHdv_vnq4mFDdgHtiJ5943qYngU8Sa57dRcYYkIgGMFtVDXYptHloEcfIxakP5cabRXchvfGIUV8t6q2pgt3qN0j_3Bi8Av5U85X9rX6MmaExod5r8ZuOCgsrSAjI5G4WwAMpiyPOWz6zPhZ0BUV0mu1cGvq3BQL8lMULttkD3452SI_JSENqRMfGDjVc0DXofcFxJeDLpQkkqaJO0dvLUPbBov9kUC9fKDEd_Z5D5aa0KjeDPUHVTYsg_hNkKD64GxjcbOm2bvt57yRzFT9vjTHWrVCElTUJyeZ4xoymWQzcq3V6NLfhiCnvozN7oc_AfB27n97M7cK2kUQ4iC__sF_Adz8-H5fBJ29VTTQJg-Qo0Q2yPW1lkCKC3wMANHeYJEEMODKWtPjQd5n-v9__N9vnDaozjj7YlBEX66X5n6ChauVWl8nskYsiAPlzBQ375CHLH0F_yY-YyvhqPkoLCXu_QfaoPjkAvZju7VkvPp6cn6dtVv7wrbkD9Q2T0BUBOtw5Er8viMzcWN_vW8vzq-u-NaebonApmtcxUZ_JQZNryfUFXmoMY-0CyA7oHoI1ryYyRuW_NKvV2LO6AGGUo4Lhfgq4ix2Qpb2gnQo2dU0-FDwfbmrBiTD3o0pxiuGHPb38XpSPtOMC9InwPRh540KxYMzIFmt1NbSqz5lmSN30wL5lILlLi28CdkxHgRGwwxY6mAkg9ZNSver0rVFqBugg_mdfWiZ7a2sOg8kY5jnlvUrxxRJF2cldjbzWtwEZ5EcreMSMK-kPIPdbOT7GoM-yB8
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

GET
H3 200 activeview
pagead2.googlesyndication.com/pcs/ Frame CE1C 42 B
64 B 71ms
70ms Image
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvcDklSS57IERx32S3PVsjyd9qytcM8LcLxXClaPsFOT85ZXpCP5XHNcw_upBNqRYp_a716S5n3_zkcr5BjZKhR4XOwAqYzvLvJHtCAE1erLQMTwpzN2aRfuw&sai=AMfl-YQE9n-9MXpfrqTklQ6iMNyOV7hC0oYavFh3cOx5G2-y7FdsRmghC_nUL4TWNufAjjAx7VyeKC2_wBySfGTib69JzyB1oJIt5HT6yD3KsO6wB457X46m4zc7tlkiQHU&sig=Cg0ArKJSzAaCGgAXNjiNEAE&id=ampim&o=315,8&d=970,120&ss=1600,1200&bs=1600,1200&mcvt=1000&mtos=0,0,1000,1000,1000&tos=0,0,1000,0,0&tfs=953&tls=1953&g=100&h=100&tt=1954&r=v&avms=ampa&uap=&uapv=&uaa=&uam=&uafv=&uab=&uafvl=%5B%5D&uaw=false&adk=0

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 19 May 2022 15:32:21 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

OPTIONS
H2 200 json
gum.criteo.com/sid/ Frame 0
0 49ms
16ms Preflight
application/json 2a02:2638::1c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fthreatpost.com%2F&domain=threatpost.com&cw=1&lsw=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::1c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: https://threatpost.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET
access-control-allow-origin: https://threatpost.com
cache-control: no-cache, no-store, must-revalidate
content-encoding: gzip
content-type: application/json; charset=utf-8
date: Thu, 19 May 2022 15:32:20 GMT
expires: 0
pragma: no-cache
server-processing-duration-in-ticks: 1227
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H2

200

sid Show response
mug.criteo.com/ Frame F190
Redirect Chain

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fthreatpost.com%2F&domain=threatpost.com&cw=1&lsw=1
https://mug.criteo.com/sid?cpp=t2UiJnx0ZDcxMVRHOVJZRTZ2akdPVTZTNVUvUHRBZUVreE5EbnFYSTQySmErcDJLdnB5Wjc2bC9YbWtjYWg2SVp2ajBJVktpN29JMGNuN2w4TklqYzFhbDJpUWNPbS9UeXdhM2ZXZ3RxVklMYXZhS1daTmdkRjR3SnhhL3...

340 B
614 B

46ms
16ms

XHR
application/json

178.250.2.146
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=t2UiJnx0ZDcxMVRHOVJZRTZ2akdPVTZTNVUvUHRBZUVreE5EbnFYSTQySmErcDJLdnB5Wjc2bC9YbWtjYWg2SVp2ajBJVktpN29JMGNuN2w4TklqYzFhbDJpUWNPbS9UeXdhM2ZXZ3RxVklMYXZhS1daTmdkRjR3SnhhL3pxRHloMm02Qnc5RUVPSE8yUE10azNXN2lxQWhXRXlvWnphZzl4T2E2MFpwWGV2TjlFSUFWNE5ER25VMkhBaXNrMFp5cUx1SkxMVlZPVzBHaXlNSGI0UEM3aU1BSjNNK2pCMnNLWkx2NEJFZjFDZ0Q2ZDhjPXw&cppv=2

Protocol

Server

178.250.2.146 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

8462fa9a2573c3706c5d7d25a5c1dd7c33fa1fbe4f61f71d9e0b824144ca33a7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 19 May 2022 15:32:21 GMT
content-encoding: gzip
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: null
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 3285
strict-transport-security: max-age=31536000; preload;
expires: 0

Redirect headers

pragma: no-cache
date: Thu, 19 May 2022 15:32:20 GMT
location: https://mug.criteo.com/sid?cpp=t2UiJnx0ZDcxMVRHOVJZRTZ2akdPVTZTNVUvUHRBZUVreE5EbnFYSTQySmErcDJLdnB5Wjc2bC9YbWtjYWg2SVp2ajBJVktpN29JMGNuN2w4TklqYzFhbDJpUWNPbS9UeXdhM2ZXZ3RxVklMYXZhS1daTmdkRjR3SnhhL3pxRHloMm02Qnc5RUVPSE8yUE10azNXN2lxQWhXRXlvWnphZzl4T2E2MFpwWGV2TjlFSUFWNE5ER25VMkhBaXNrMFp5cUx1SkxMVlZPVzBHaXlNSGI0UEM3aU1BSjNNK2pCMnNLWkx2NEJFZjFDZ0Q2ZDhjPXw&cppv=2
strict-transport-security: max-age=31536000; preload;
access-control-allow-methods: GET
content-type: text/html; charset=utf-8
access-control-allow-origin: https://threatpost.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 1358
content-length: 482
expires: 0

GET
H/1.1 200
OK ixmatch.html Show response
js-sec.indexww.com/um/ Frame A562 3 KB
2 KB 27ms
6ms Document
text/html 69.192.160.245
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://js-sec.indexww.com/um/ixmatch.html
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.20.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 69.192.160.245 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a69-192-160-245.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 7c3b96f238042f73d0bedf5877fa02eb834e89649bbd122e2f10cc35238173cf

Request headers

Referer: https://threatpost.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 1388
Content-Type: text/html; charset=UTF-8
Date: Thu, 19 May 2022 15:32:21 GMT
ETag: "e20015-b6b-5d84d0db0c30a"
Last-Modified: Fri, 18 Feb 2022 16:05:37 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Server: Apache
Vary: Accept-Encoding

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame AC76 15 KB
6 KB 39ms
7ms Document
text/html 69.192.160.199
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156858&gdpr=0&gdpr_consent=
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.20.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 69.192.160.199 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a69-192-160-199.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152

Request headers

Referer: https://threatpost.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
cache-control: max-age=21126
content-encoding: gzip
content-length: 5549
content-type: text/html; charset=UTF-8
date: Thu, 19 May 2022 15:32:21 GMT
etag: "1300708-3de4-5d6ef246ef4cf"
expires: Thu, 19 May 2022 21:24:27 GMT
last-modified: Tue, 01 Feb 2022 06:38:00 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: Apache/2.2.15 (CentOS)
vary: Accept-Encoding

GET
H2 200 pd Show response
u.openx.net/w/1.0/ Frame 2AE3 668 B
732 B 36ms
30ms Document
text/html 34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://u.openx.net/w/1.0/pd?gdpr=0&gdpr_consent=
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.20.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/18.1.0 /
Resource Hash: 324ec5e0c3d51fb0e8a612ec7e14c57f22f52f293fc0d10eac04f800d7b6d326

Request headers

Referer: https://threatpost.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: gzip
content-length: 421
content-type: text/html
date: Thu, 19 May 2022 15:32:21 GMT
p3p: CP="CUR ADM OUR NOR STA NID"
server: OXGW/18.1.0
vary: Accept, Accept-Encoding
via: 1.1 google

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame FE8E 52 KB
17 KB 35ms
6ms Document
text/html 151.101.193.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.20.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.193.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Referer: https://threatpost.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Age: 39941
Cache-Control: max-age=86402
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 17053
Content-Type: text/html
Date: Thu, 19 May 2022 15:32:21 GMT
ETag: W/"623de86a-cf34"
Expires: Mon, 09 May 2022 04:26:20 GMT
Last-Modified: Fri, 25 Mar 2022 16:06:02 GMT
Server: nginx/1.18.0 (Ubuntu)
Vary: Accept-Encoding
Via: 1.1 varnish, 1.1 varnish
X-Cache: HIT, HIT
X-Cache-Hits: 1, 578109
X-Served-By: cache-lga13628-LGA, cache-hhn4062-HHN
X-Timer: S1652974341.416719,VS0,VE0

GET
H/1.1 200
OK ixmatch.html Show response
js-sec.indexww.com/um/ Frame F260 3 KB
2 KB 25ms
7ms Document
text/html 69.192.160.245
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://js-sec.indexww.com/um/ixmatch.html
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.20.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 69.192.160.245 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a69-192-160-245.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 7c3b96f238042f73d0bedf5877fa02eb834e89649bbd122e2f10cc35238173cf

Request headers

Referer: https://threatpost.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 1388
Content-Type: text/html; charset=UTF-8
Date: Thu, 19 May 2022 15:32:21 GMT
ETag: "e20015-b6b-5d84d0db0c30a"
Last-Modified: Fri, 18 Feb 2022 16:05:37 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Server: Apache
Vary: Accept-Encoding

GET
H2 200 pd Show response
u.openx.net/w/1.0/ Frame 4925 668 B
721 B 32ms
30ms Document
text/html 34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://u.openx.net/w/1.0/pd?gdpr=0&gdpr_consent=
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.20.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/18.1.0 /
Resource Hash: 324ec5e0c3d51fb0e8a612ec7e14c57f22f52f293fc0d10eac04f800d7b6d326

Request headers

Referer: https://threatpost.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: gzip
content-length: 421
content-type: text/html
date: Thu, 19 May 2022 15:32:21 GMT
p3p: CP="CUR ADM OUR NOR STA NID"
server: OXGW/18.1.0
vary: Accept, Accept-Encoding
via: 1.1 google

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame 1968 52 KB
17 KB 33ms
7ms Document
text/html 151.101.193.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.20.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.193.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Referer: https://threatpost.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Age: 39941
Cache-Control: max-age=86402
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 17053
Content-Type: text/html
Date: Thu, 19 May 2022 15:32:21 GMT
ETag: W/"623de86a-cf34"
Expires: Mon, 09 May 2022 04:26:20 GMT
Last-Modified: Fri, 25 Mar 2022 16:06:02 GMT
Server: nginx/1.18.0 (Ubuntu)
Vary: Accept-Encoding
Via: 1.1 varnish, 1.1 varnish
X-Cache: HIT, HIT
X-Cache-Hits: 1, 578481
X-Served-By: cache-lga13628-LGA, cache-hhn4027-HHN
X-Timer: S1652974341.416644,VS0,VE0

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame 3BE4 15 KB
6 KB 33ms
8ms Document
text/html 69.192.160.199
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156858&gdpr=0&gdpr_consent=
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.20.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 69.192.160.199 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a69-192-160-199.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152

Request headers

Referer: https://threatpost.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
cache-control: max-age=21126
content-encoding: gzip
content-length: 5549
content-type: text/html; charset=UTF-8
date: Thu, 19 May 2022 15:32:21 GMT
etag: "1300708-3de4-5d6ef246ef4cf"
expires: Thu, 19 May 2022 21:24:27 GMT
last-modified: Tue, 01 Feb 2022 06:38:00 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: Apache/2.2.15 (CentOS)
vary: Accept-Encoding

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 4E18 42 B
64 B 74ms
74ms Fetch
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssldty5r_ppY13oHVfOmCRBE2cYCLTnjopiK_vOPMgsGCDlPZrjN6WYikLU13wl0R6rDUQdg2CYZS_ARzjOqJ7I7yOXFxa2Co-EL1rUJGxE&sai=AMfl-YQpMUvxcZg2eITpA0NNCIG1uhbof1yQRmMYR6Yp75xw1-wB25jEr0OPiAx-YTn0oamAmdFWbE3qSEbsCDkK2Db1mq65raIbjtN7bKMhUVIJBXqcUyWH8FdeqUACckc&sig=Cg0ArKJSzAj-94XiVGHoEAE&cid=CAASJ-Ro-Hfxzjcye8kAEA02X84S0X2QRZ9zdEwFg_52lF2PVHRK3BPkRg&id=lidar2&mcvt=1001&p=286,1082,536,1382&mtos=1001,1001,1001,1001,1001&tos=1001,0,0,0,0&v=20220518&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=1414505084&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0%3D&vs=4&r=v&rst=1652974339344&rpt=1048&isd=0&lsd=0&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://94694d7dfe1d753cb61d8d1ee7ab1d24.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 19 May 2022 15:32:21 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

sd
eu-u.openx.net/w/1.0/ Frame 2AE3
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=5&redir=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D536872786%26val%3D%5BMM_UUID%5D
https://eu-u.openx.net/w/1.0/sd?id=536872786&val=69836286-6304-4200-a654-13da65e66f4a

43 B
106 B

35ms
31ms

Image
image/gif

34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eu-u.openx.net/w/1.0/sd?id=536872786&val=69836286-6304-4200-a654-13da65e66f4a
Requested by: Host: u.openx.net
URL: https://u.openx.net/w/1.0/pd?gdpr=0&gdpr_consent=
Protocol: H2
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/18.1.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 19 May 2022 15:32:21 GMT
via: 1.1 google
server: OXGW/18.1.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

Date: Thu, 19 May 2022 15:32:21 GMT
Server: MT3 4419 e1034d5 master zrh-pixel-x5 config:1.0.0
Access-Control-Allow-Origin: *
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://eu-u.openx.net/w/1.0/sd?id=536872786&val=69836286-6304-4200-a654-13da65e66f4a
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Thu, 19 May 2022 15:32:20 GMT

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame 2AE3
Redirect Chain

https://pixel.quantserve.com/pixel/p-25CIknq_eSg16.gif?idmatch=0&gdpr=0
https://us-u.openx.net/w/1.0/sd?id=537072956&&val=V5oepVebFqFMmkeiWcoLoFCaE6BMnRegVJBX7nAa

43 B
106 B

34ms
27ms

Image
image/gif

34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072956&&val=V5oepVebFqFMmkeiWcoLoFCaE6BMnRegVJBX7nAa
Requested by: Host: u.openx.net
URL: https://u.openx.net/w/1.0/pd?gdpr=0&gdpr_consent=
Protocol: H2
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/18.1.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 19 May 2022 15:32:21 GMT
via: 1.1 google
server: OXGW/18.1.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 19 May 2022 15:32:21 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
location: https://us-u.openx.net/w/1.0/sd?id=537072956&&val=V5oepVebFqFMmkeiWcoLoFCaE6BMnRegVJBX7nAa
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 0
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3

200

sd
eu-u.openx.net/w/1.0/ Frame 2AE3
Redirect Chain

https://c1.adform.net/serving/cookie/match?party=22
https://c1.adform.net/serving/cookie/match?CC=1&party=22
https://eu-u.openx.net/w/1.0/sd?id=537113484&val=7552591904104620069

43 B
61 B

29ms
29ms

Image
image/gif

34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eu-u.openx.net/w/1.0/sd?id=537113484&val=7552591904104620069
Requested by: Host: u.openx.net
URL: https://u.openx.net/w/1.0/pd?gdpr=0&gdpr_consent=
Protocol: H3
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/18.1.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 19 May 2022 15:32:21 GMT
via: 1.1 google
server: OXGW/18.1.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 19 May 2022 15:32:21 GMT
server: nginx
location: https://eu-u.openx.net/w/1.0/sd?id=537113484&val=7552591904104620069
access-control-max-age: 86400
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H2 200 openx
match.adsrvr.org/track/cmf/ Frame 2AE3 70 B
264 B 101ms
32ms Image
image/gif 52.223.40.198
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/openx?oxid=8d729042-139c-74fe-dace-f1609bc4f3ef&gdpr=0
Requested by: Host: u.openx.net
URL: https://u.openx.net/w/1.0/pd?gdpr=0&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.223.40.198 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 19 May 2022 15:32:21 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H3 200 pixel
cm.g.doubleclick.net/ Frame 2AE3 170 B
188 B 45ms
45ms Image
image/png 142.251.36.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=YTExZDQzODgtZGFlYi0yYTVhLWNmMmUtYWJkOTUxMjYzZDhm

Requested by

Host: u.openx.net
URL: https://u.openx.net/w/1.0/pd?gdpr=0&gdpr_consent=

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.36.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

prg03s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 19 May 2022 15:32:21 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

sd
us-u.openx.net/w/1.0/ Frame 2AE3
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEPlYoazC6jevPF-Z785Vx-Q&google_cver=1

43 B
61 B

27ms
27ms

Image
image/gif

34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEPlYoazC6jevPF-Z785Vx-Q&google_cver=1
Requested by: Host: u.openx.net
URL: https://u.openx.net/w/1.0/pd?gdpr=0&gdpr_consent=
Protocol: H3
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/18.1.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 19 May 2022 15:32:21 GMT
via: 1.1 google
server: OXGW/18.1.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 19 May 2022 15:32:21 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEPlYoazC6jevPF-Z785Vx-Q&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

sd
eu-u.openx.net/w/1.0/ Frame 4925
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=5&redir=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D536872786%26val%3D%5BMM_UUID%5D
https://eu-u.openx.net/w/1.0/sd?id=536872786&val=b2de6286-6305-4700-a8e5-7fb8a8892237

43 B
106 B

34ms
27ms

Image
image/gif

34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eu-u.openx.net/w/1.0/sd?id=536872786&val=b2de6286-6305-4700-a8e5-7fb8a8892237
Requested by: Host: u.openx.net
URL: https://u.openx.net/w/1.0/pd?gdpr=0&gdpr_consent=
Protocol: H2
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/18.1.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 19 May 2022 15:32:21 GMT
via: 1.1 google
server: OXGW/18.1.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

Date: Thu, 19 May 2022 15:32:21 GMT
Server: MT3 4419 e1034d5 master zrh-pixel-x4 config:1.0.0
Access-Control-Allow-Origin: *
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://eu-u.openx.net/w/1.0/sd?id=536872786&val=b2de6286-6305-4700-a8e5-7fb8a8892237
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Thu, 19 May 2022 15:32:20 GMT

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame 4925
Redirect Chain

https://pixel.quantserve.com/pixel/p-25CIknq_eSg16.gif?idmatch=0&gdpr=0
https://us-u.openx.net/w/1.0/sd?id=537072956&&val=V5oepVebFqFMmkeiWcoLoFCaE6BMnRegVJBX7nAa

43 B
122 B

33ms
27ms

Image
image/gif

34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072956&&val=V5oepVebFqFMmkeiWcoLoFCaE6BMnRegVJBX7nAa
Requested by: Host: u.openx.net
URL: https://u.openx.net/w/1.0/pd?gdpr=0&gdpr_consent=
Protocol: H2
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/18.1.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 19 May 2022 15:32:21 GMT
via: 1.1 google
server: OXGW/18.1.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 19 May 2022 15:32:21 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
location: https://us-u.openx.net/w/1.0/sd?id=537072956&&val=V5oepVebFqFMmkeiWcoLoFCaE6BMnRegVJBX7nAa
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 0
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3

200

sd
eu-u.openx.net/w/1.0/ Frame 4925
Redirect Chain

https://c1.adform.net/serving/cookie/match?party=22
https://c1.adform.net/serving/cookie/match?CC=1&party=22
https://eu-u.openx.net/w/1.0/sd?id=537113484&val=4740624511943531446

43 B
61 B

28ms
28ms

Image
image/gif

34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eu-u.openx.net/w/1.0/sd?id=537113484&val=4740624511943531446
Requested by: Host: u.openx.net
URL: https://u.openx.net/w/1.0/pd?gdpr=0&gdpr_consent=
Protocol: H3
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/18.1.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 19 May 2022 15:32:21 GMT
via: 1.1 google
server: OXGW/18.1.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 19 May 2022 15:32:21 GMT
server: nginx
location: https://eu-u.openx.net/w/1.0/sd?id=537113484&val=4740624511943531446
access-control-max-age: 86400
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H2 200 openx
match.adsrvr.org/track/cmf/ Frame 4925 70 B
265 B 99ms
31ms Image
image/gif 52.223.40.198
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/openx?oxid=8d729042-139c-74fe-dace-f1609bc4f3ef&gdpr=0
Requested by: Host: u.openx.net
URL: https://u.openx.net/w/1.0/pd?gdpr=0&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.223.40.198 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 19 May 2022 15:32:21 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H3 200 pixel
cm.g.doubleclick.net/ Frame 4925 170 B
188 B 45ms
45ms Image
image/png 142.251.36.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=YTExZDQzODgtZGFlYi0yYTVhLWNmMmUtYWJkOTUxMjYzZDhm

Requested by

Host: u.openx.net
URL: https://u.openx.net/w/1.0/pd?gdpr=0&gdpr_consent=

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.36.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

prg03s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 19 May 2022 15:32:21 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

sd
us-u.openx.net/w/1.0/ Frame 4925
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEPlYoazC6jevPF-Z785Vx-Q&google_cver=1

43 B
61 B

28ms
27ms

Image
image/gif

34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEPlYoazC6jevPF-Z785Vx-Q&google_cver=1
Requested by: Host: u.openx.net
URL: https://u.openx.net/w/1.0/pd?gdpr=0&gdpr_consent=
Protocol: H3
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/18.1.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 19 May 2022 15:32:21 GMT
via: 1.1 google
server: OXGW/18.1.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 19 May 2022 15:32:21 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEPlYoazC6jevPF-Z785Vx-Q&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

bounce Show response
ib.adnxs.com/ Frame FE8E
Redirect Chain

https://ib.adnxs.com/async_usersync?cbfn=queuePixels
https://ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels

0
819 B

35ms
25ms

Script
text/html

185.33.220.100
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Server

185.33.220.100 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

399.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 19 May 2022 15:32:21 GMT
X-Proxy-Origin: 185.213.155.162; 185.213.155.162; 399.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid: 0aeb5b2e-60ae-4cf3-9795-bd9349eba1be
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 19 May 2022 15:32:21 GMT
X-Proxy-Origin: 185.213.155.162; 185.213.155.162; 399.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid: 84fea2ce-f3db-4d5d-80c7-18a760fdcb1e
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

bounce Show response
ib.adnxs.com/ Frame 1968
Redirect Chain

https://ib.adnxs.com/async_usersync?cbfn=queuePixels
https://ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels

0
819 B

24ms
24ms

Script
text/html

185.33.220.100
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Server

185.33.220.100 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

399.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 19 May 2022 15:32:21 GMT
X-Proxy-Origin: 185.213.155.162; 185.213.155.162; 399.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid: 196529f9-bfd5-43a9-b811-1c186b2473fc
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 19 May 2022 15:32:21 GMT
X-Proxy-Origin: 185.213.155.162; 185.213.155.162; 399.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid: fdca2820-48d5-4eb5-82a9-b04daaa8d6b6
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

OPTIONS
H2 200 sid
mug.criteo.com/ Frame 0
0 58ms
15ms Preflight
application/json 178.250.2.146
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.146 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: null
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET
access-control-allow-origin: null
cache-control: no-cache, no-store, must-revalidate
content-encoding: gzip
content-type: application/json; charset=utf-8
date: Thu, 19 May 2022 15:32:21 GMT
expires: 0
pragma: no-cache
server-processing-duration-in-ticks: 1350
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame FE8E 0
747 B 61ms
60ms Script
text/html 185.33.220.100
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.220.100 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

399.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 19 May 2022 15:32:22 GMT
X-Proxy-Origin: 185.213.155.162; 185.213.155.162; 399.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid: 997d1cde-3213-458d-baf8-c22d978c7a9d
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame 1968 0
747 B 27ms
27ms Script
text/html 185.33.220.100
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.220.100 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

399.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 19 May 2022 15:32:22 GMT
X-Proxy-Origin: 185.213.155.162; 185.213.155.162; 399.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid: 3b8019f0-e465-4523-9cac-92a9fb58ff57
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H/1.1 200
OK abt Show response
capi-tier-1-us-east-2.connatix.com/tr/ Frame 5A63 0
315 B 110ms
109ms XHR
application/x-protobuf 3.18.237.195
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://capi-tier-1-us-east-2.connatix.com/tr/abt?v=163173
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.18.237.195 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-18-237-195.us-east-2.compute.amazonaws.com
Software: Kestrel /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type: multipart/form-data

Response headers

date: Thu, 19 May 2022 15:32:21 GMT
content-encoding: gzip
server: Kestrel
vary: Accept-Encoding
content-type: application/x-protobuf
access-control-allow-origin: https://threatpost.com
access-control-allow-credentials: true
Connection: keep-alive
Content-Length: 20

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame D29C 15 KB
6 KB 8ms
7ms Document
text/html 69.192.160.199
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156858
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 69.192.160.199 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a69-192-160-199.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152

Request headers

Referer: https://threatpost.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
cache-control: max-age=21124
content-encoding: gzip
content-length: 5549
content-type: text/html; charset=UTF-8
date: Thu, 19 May 2022 15:32:23 GMT
etag: "1300708-3de4-5d6ef246ef4cf"
expires: Thu, 19 May 2022 21:24:27 GMT
last-modified: Tue, 01 Feb 2022 06:38:00 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: Apache/2.2.15 (CentOS)
vary: Accept-Encoding

GET
H2 200 sync.html Show response
public.servenobid.com/ Frame 6374 7 KB
3 KB 106ms
8ms Document
text/html 2620:1ec:46::44
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://public.servenobid.com/sync.html
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:46::44 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 5ba644f0fddbedd145f222319852b63c370c3cb827de34c21e5f0823e6d33057

Request headers

Referer: https://threatpost.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
cache-control: max-age=86400
content-encoding: br
content-type: text/html
date: Thu, 19 May 2022 15:32:23 GMT
etag: "a067ca1c11975e052149fcb5fac5e2d3"
last-modified: Tue, 26 Apr 2022 01:37:54 GMT
server: AmazonS3
x-amz-id-2: AI7BfYQtWNpZhNLRpdXaoaaoTts/908ffxMaP573gZNcXrZ9DTAbwETm/3eC4fqO4fS7YAAmhg0=
x-amz-meta-codebuild-buildarn: arn:aws:codebuild:us-east-1:559734745816:build/adserver-public-prod:5eb96107-ea8e-4447-a80a-9b951732aaca
x-amz-meta-codebuild-content-md5: e5441cba1c83e44c16f2d792acc1823c
x-amz-meta-codebuild-content-sha256: 3b14aefb08d603d224cbf56f0ff34e70ebd576659dc2557c0629a8ec6943dc55
x-amz-request-id: M7F9YH9PFFH975ZC
x-azure-ref: 0B2OGYgAAAAAeYO4Q0BgyQYZbrf1dePeORlJBRURHRTEwMDkAODRlN2RmYTItMTQ0Mi00MzM0LWIzNGYtZTQyZDNmN2RkYWQ5
x-azure-ref-originshield: 0sZGFYgAAAADOlsFmBh85R43ja4ZwivBOQU1TMDRFREdFMTgwOQA4NGU3ZGZhMi0xNDQyLTQzMzQtYjM0Zi1lNDJkM2Y3ZGRhZDk=
x-cache: TCP_HIT

GET
H/1.1 200
OK ixmatch.html Show response
js-sec.indexww.com/um/ Frame 7D64 3 KB
2 KB 12ms
10ms Document
text/html 69.192.160.245
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://js-sec.indexww.com/um/ixmatch.html
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 69.192.160.245 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a69-192-160-245.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 7c3b96f238042f73d0bedf5877fa02eb834e89649bbd122e2f10cc35238173cf

Request headers

Referer: https://threatpost.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 1388
Content-Type: text/html; charset=UTF-8
Date: Thu, 19 May 2022 15:32:23 GMT
ETag: "e20015-b6b-5d84d0db0c30a"
Last-Modified: Fri, 18 Feb 2022 16:05:37 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Server: Apache
Vary: Accept-Encoding

GET
H3 200 pd Show response
u.openx.net/w/1.0/ Frame A965 0
35 B 35ms
34ms Document
text/html 34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://u.openx.net/w/1.0/pd
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/18.1.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatpost.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: gzip
content-length: 20
content-type: text/html
date: Thu, 19 May 2022 15:32:23 GMT
server: OXGW/18.1.0
vary: Accept, Accept-Encoding
via: 1.1 google

GET
H/1.1 204
No Content beacon
ap.lijit.com/ Frame 6A80 0
0 33ms
33ms Document
text/plain 216.52.2.19
AS-INAPCDN-OCY

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/beacon?informer=13394437
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.19 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://threatpost.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
Date: Thu, 19 May 2022 15:32:23 GMT
Expires: Fri, 20 Mar 2009 00:00:00 GMT
P3P: CP="CUR ADM OUR NOR STA NID"
Pragma: no-cache
X-Sovrn-Pod: ad_ap4ams1

GET
H2 200 2000891.html Show response
sync.serverbid.com/ss/ Frame E43B 2 KB
913 B 64ms
12ms Document
text/html 99.86.7.95
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://sync.serverbid.com/ss/2000891.html
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.7.95 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-7-95.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 91b7f480847d8b7abc803bf66cc1b9b08bb3c55ea6452a82f4f89f6420e5a754

Request headers

Referer: https://threatpost.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 44371
content-encoding: br
content-type: text/html
date: Thu, 19 May 2022 03:13:17 GMT
etag: W/"f5a2c7d7295897fb33b30d2de6ba0735"
last-modified: Tue, 17 May 2022 13:45:34 GMT
server: AmazonS3
vary: Accept-Encoding
via: 1.1 d8e97d2c28917e4c41ab79bb1e94b844.cloudfront.net (CloudFront)
x-amz-cf-id: EXDb1JJAd3zxTi_xMnzmzkjUKrr118cYKtGvbdXwkdsOXRallf1Q9g==
x-amz-cf-pop: FRA6-C1
x-cache: Hit from cloudfront

GET
H2

200

sync Show response
eb2.3lift.com/ Frame 0B3B
Redirect Chain

https://eb2.3lift.com/sync?
https://eb2.3lift.com/sync?&ld=1

1 KB
1023 B

9ms
8ms

Document
text/html

76.223.111.18
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://eb2.3lift.com/sync?&ld=1
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 76.223.111.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a0f671730127a0812.awsglobalaccelerator.com
Software: /
Resource Hash: 2e9f9acb9fcd7462c27a0ae34a0270b1c59e8120302a11bbfbe607ca0359c7d1

Request headers

Referer: https://threatpost.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-cache, no-store, must-revalidate
content-encoding: gzip
content-length: 455
content-type: text/html; charset=utf-8
date: Thu, 19 May 2022 15:32:23 GMT
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

cache-control: no-cache, no-store, must-revalidate
content-length: 0
date: Thu, 19 May 2022 15:32:23 GMT
location: /sync?&ld=1
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H/1.1 200
OK usync.html Show response
eus.rubiconproject.com/ Frame 2949 281 B
554 B 53ms
6ms Document
text/html 23.205.235.133
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.205.235.133 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-205-235-133.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer: https://threatpost.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Thu, 19 May 2022 15:32:23 GMT
ETag: "40014-119-5d32342a551c0"
Last-Modified: Tue, 14 Dec 2021 23:07:59 GMT
Server: Apache/2.2.15 (CentOS)
Vary: Accept-Encoding

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame 7292 52 KB
17 KB 12ms
6ms Document
text/html 151.101.193.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.193.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Referer: https://threatpost.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Age: 39944
Cache-Control: max-age=86402
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 17053
Content-Type: text/html
Date: Thu, 19 May 2022 15:32:23 GMT
ETag: W/"623de86a-cf34"
Expires: Mon, 09 May 2022 04:26:20 GMT
Last-Modified: Fri, 25 Mar 2022 16:06:02 GMT
Server: nginx/1.18.0 (Ubuntu)
Vary: Accept-Encoding
Via: 1.1 varnish, 1.1 varnish
X-Cache: HIT, HIT
X-Cache-Hits: 1, 578503
X-Served-By: cache-lga13628-LGA, cache-hhn4027-HHN
X-Timer: S1652974344.696036,VS0,VE0

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame 7292 0
747 B 23ms
22ms Script
text/html 185.33.220.100
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.220.100 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

399.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 19 May 2022 15:32:23 GMT
X-Proxy-Origin: 185.213.155.162; 185.213.155.162; 399.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid: d09334ab-9c08-402a-b43b-056900b350f5
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame 2949 32 KB
10 KB 8ms
7ms Script
text/html 23.205.235.133
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.205.235.133 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-205-235-133.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: f5c7dd74dcf677e5151bce045e5ebe6e61d0740b3c03f4a7828702ac65b5723f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/usync.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date: Thu, 19 May 2022 15:32:23 GMT
Content-Encoding: gzip
Last-Modified: Wed, 18 May 2022 19:08:11 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=43395
Connection: keep-alive
Content-Type: text/html; charset=UTF-8
Content-Length: 9500
Expires: Fri, 20 May 2022 03:35:38 GMT

GET
H2 204 um
cs.emxdgt.com/ Frame E43B 0
59 B 111ms
20ms Image
text/html 18.195.155.181
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cs.emxdgt.com/um?ssp=pbs&redirect=https%3A%2F%2Fx.serverbid.com%2Fusersync%3Fttt%3D1%26src%3D2%26cspi%3D0%26cn%3D9%26spui%3D%26dpui%3D%24UID
Requested by: Host: sync.serverbid.com
URL: https://sync.serverbid.com/ss/2000891.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.195.155.181 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-155-181.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sync.serverbid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 19 May 2022 15:32:23 GMT
content-length: 0
content-type: text/html

GET
H2

200

usersync
x.serverbid.com/ Frame E43B
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=185073&cb=https%3A%2F%2Fx.serverbid.com%2Fusersync%3Fttt%3D1%26src%3D2%26cspi%3D0%26cn%3D5528%26spui%3D%26dpui%3D
https://x.serverbid.com/usersync?ttt=1&src=2&cspi=0&cn=5528&spui=&dpui=YoZjBB5Gz2Mr607LjzNzCQAA%261111

35 B
217 B

93ms
92ms

Image
image/gif

159.89.246.130
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.serverbid.com/usersync?ttt=1&src=2&cspi=0&cn=5528&spui=&dpui=YoZjBB5Gz2Mr607LjzNzCQAA%261111
Requested by: Host: sync.serverbid.com
URL: https://sync.serverbid.com/ss/2000891.html
Protocol: H2
Server: 159.89.246.130 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sync.serverbid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 19 May 2022 15:32:23 GMT
content-encoding: gzip
access-control-max-age: 10080
access-control-allow-methods: GET, POST, OPTIONS
content-type: image/gif
access-control-allow-origin: *
access-control-allow-headers: origin, content-type, accept
content-length: 58

Redirect headers

Pragma: no-cache
Date: Thu, 19 May 2022 15:32:23 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://x.serverbid.com/usersync?ttt=1&src=2&cspi=0&cn=5528&spui=&dpui=YoZjBB5Gz2Mr607LjzNzCQAA%261111
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Content-Length: 306
Expires: Thu, 19 May 2022 15:32:23 GMT

GET
H/1.1 200
OK usa
sync.go.sonobi.com/ Frame E43B 0
474 B 72ms
14ms Image
text/plain 178.162.133.149
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sync.go.sonobi.com/usa?loc=https%3A%2F%2Fx.serverbid.com%2Fusersync%3Fttt%3D1%26src%3D2%26cspi%3D0%26cn%3D5444%26spui%3D%26dpui%3D

Requested by

Host: sync.serverbid.com
URL: https://sync.serverbid.com/ss/2000891.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.149 Rijswijk, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

ams-1-sync.go.sonobi.com

Software

sonobi-go /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sync.serverbid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 19 May 2022 15:32:23 GMT
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: xcp-ams-1-7-9
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache, no-store, private
Tcn: Choice
Content-Type: text/plain; charset=utf8
Content-Length: 0
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

GET
H/1.1 204
No Content pixel
ap.lijit.com/ Frame E43B 0
277 B 30ms
26ms Image
text/plain 216.52.2.19
AS-INAPCDN-OCY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ap.lijit.com/pixel?redir=https%3A%2F%2Fx.serverbid.com%2Fusersync%3Fttt%3D1%26src%3D2%26cspi%3D0%26cn%3D4%26spui%3D%26dpui%3D%24UID
Requested by: Host: sync.serverbid.com
URL: https://sync.serverbid.com/ss/2000891.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.19 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sync.serverbid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Thu, 19 May 2022 15:32:23 GMT
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap4ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Access-Control-Allow-Methods: GET, POST, DELETE, PUT

GET
H2

200

usersync
x.serverbid.com/ Frame E43B
Redirect Chain

https://ib.adnxs.com/getuid?https%3A%2F%2Fx.serverbid.com%2Fusersync%3Fttt%3D1%26src%3D2%26cspi%3D0%26cn%3D5551%26spui%3D%26dpui%3D%24UID
https://x.serverbid.com/usersync?ttt=1&src=2&cspi=0&cn=5551&spui=&dpui=4428542190750113826

35 B
250 B

93ms
92ms

Image
image/gif

159.89.246.130
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.serverbid.com/usersync?ttt=1&src=2&cspi=0&cn=5551&spui=&dpui=4428542190750113826
Requested by: Host: sync.serverbid.com
URL: https://sync.serverbid.com/ss/2000891.html
Protocol: H2
Server: 159.89.246.130 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sync.serverbid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 19 May 2022 15:32:23 GMT
content-encoding: gzip
access-control-max-age: 10080
access-control-allow-methods: GET, POST, OPTIONS
content-type: image/gif
access-control-allow-origin: *
access-control-allow-headers: origin, content-type, accept
content-length: 58

Redirect headers

Pragma: no-cache
Date: Thu, 19 May 2022 15:32:23 GMT
X-Proxy-Origin: 185.213.155.162; 185.213.155.162; 399.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid: 919f512d-ce7a-42d2-a7c5-fe564ef44951
Server: nginx/1.21.3
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://x.serverbid.com/usersync?ttt=1&src=2&cspi=0&cn=5551&spui=&dpui=4428542190750113826
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

i.gif
e.serverbid.com/udb/9969/sync/ Frame E43B
Redirect Chain

https://pixel.advertising.com/ups/56621/occ
https://pixel.advertising.com/ups/56621/occ?verify=true
https://ups.analytics.yahoo.com/ups/56621/occ?apid=UPe15e7214-d788-11ec-a421-068f2ada2e5e
https://ups.analytics.yahoo.com/ups/56621/occ?apid=UPe15e7214-d788-11ec-a421-068f2ada2e5e&verify=true
https://e.serverbid.com/udb/9969/sync/i.gif?partnerId=29&userId=UPe15e7214-d788-11ec-a421-068f2ada2e5e

35 B
98 B

104ms
103ms

Image
image/gif

159.89.246.130
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://e.serverbid.com/udb/9969/sync/i.gif?partnerId=29&userId=UPe15e7214-d788-11ec-a421-068f2ada2e5e
Requested by: Host: sync.serverbid.com
URL: https://sync.serverbid.com/ss/2000891.html
Protocol: H2
Server: 159.89.246.130 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sync.serverbid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 19 May 2022 15:32:23 GMT
content-encoding: gzip
access-control-max-age: 10080
access-control-allow-methods: GET, POST, OPTIONS
content-type: image/gif
access-control-allow-origin: *
access-control-allow-headers: origin, content-type, accept
content-length: 58

Redirect headers

location: https://e.serverbid.com/udb/9969/sync/i.gif?partnerId=29&userId=UPe15e7214-d788-11ec-a421-068f2ada2e5e
date: Thu, 19 May 2022 15:32:23 GMT
server: ATS/9.1.0.46
age: 0
content-length: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H2 200 generic
match.adsrvr.org/track/cmf/ Frame 0B3B 70 B
264 B 38ms
30ms Image
image/gif 52.223.40.198
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/generic?ttd_pid=svx9t50&ttd_tpi=1&gdpr=1&gdpr_consent=
Requested by: Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?&ld=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.223.40.198 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eb2.3lift.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 19 May 2022 15:32:23 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 0B3B
Redirect Chain

https://eb2.3lift.com/ebda?sync=1&gdpr=1&gdpr_consent=
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=OTk0MzIwNTIyNTM4ODE4OTA1OTQ3

170 B
188 B

33ms
33ms

Image
image/png

142.251.36.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=OTk0MzIwNTIyNTM4ODE4OTA1OTQ3

Requested by

Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?&ld=1

Protocol

Server

142.251.36.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

prg03s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eb2.3lift.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 19 May 2022 15:32:23 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=OTk0MzIwNTIyNTM4ODE4OTA1OTQ3
date: Thu, 19 May 2022 15:32:23 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H3 200 pixel
cm.g.doubleclick.net/ Frame 0B3B 170 B
188 B 33ms
31ms Image
image/png 142.251.36.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=triplelift&google_cm&google_sc&gdpr=1&gdpr_consent=

Requested by

Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?&ld=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.36.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

prg03s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eb2.3lift.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 19 May 2022 15:32:23 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 0B3B
Redirect Chain

https://eb2.3lift.com/sync/google/demand?sync=1&gdpr=1&gdpr_consent=
https://cm.g.doubleclick.net/pixel?google_nid=triplelift&gdpr=1&gdpr_consent=&us_privacy=&google_hm=OTk0MzIwNTIyNTM4ODE4OTA1OTQ3

170 B
188 B

32ms
32ms

Image
image/png

142.251.36.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=triplelift&gdpr=1&gdpr_consent=&us_privacy=&google_hm=OTk0MzIwNTIyNTM4ODE4OTA1OTQ3

Requested by

Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?&ld=1

Protocol

Server

142.251.36.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

prg03s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eb2.3lift.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 19 May 2022 15:32:23 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=triplelift&gdpr=1&gdpr_consent=&us_privacy=&google_hm=OTk0MzIwNTIyNTM4ODE4OTA1OTQ3
date: Thu, 19 May 2022 15:32:23 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H2 200 setuid
px.ads.linkedin.com/ Frame 0B3B 0
143 B 204ms
201ms Image
text/plain 2620:1ec:21::14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.ads.linkedin.com/setuid?partner=tripleliftdbredirect&tlUid=994320522538818905947&dbredirect=true&gdpr=1&consent=
Requested by: Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?&ld=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eb2.3lift.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 19 May 2022 15:32:23 GMT
nel: {"report_to":"network-errors","max_age":1296000,"success_fraction":0.00066,"failure_fraction":1,"include_subdomains":true}
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: 272015640244441A8889CE6C63C40F6B Ref B: FRAEDGE1215 Ref C: 2022-05-19T15:32:23Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-lor1
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin.com/li/rep"}],"include_subdomains":true}
x-li-proto: http/2
content-length: 0
x-li-uuid: AAXfXxSWupRnpg2pKYafWg==

GET
H2 502 994320522538818905947
pr-bh.ybp.yahoo.com/sync/triplelift/ Frame 0B3B 0
0 110ms
32ms Image
text/html 2a05:d018:d29:3601:cc00:50b5:a5a9:66b7
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pr-bh.ybp.yahoo.com/sync/triplelift/994320522538818905947?gdpr=1&gdpr_consent=
Requested by: Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?&ld=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a05:d018:d29:3601:cc00:50b5:a5a9:66b7 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eb2.3lift.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

GET
H/1.1 200
OK sync
x.bidswitch.net/ Frame 0B3B 43 B
220 B 70ms
9ms Image
image/gif 18.185.246.45
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/sync?ssp=triplelift&user_id=994320522538818905947&gdpr=1&gdpr_consent=
Requested by: Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?&ld=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.185.246.45 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-185-246-45.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eb2.3lift.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date: Thu, 19 May 2022 15:32:23 GMT
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif

GET
H/1.1

200
OK

iu3
s.amazon-adsystem.com/ Frame 0B3B
Redirect Chain

https://s.amazon-adsystem.com/x/757c0557066e95cfd4c7?gdpr=1&gdpr_consent=&uid=994320522538818905947
https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&dl=3lift&gdpr=1&gdpr_consent=&uid=994320522538818905947&dcc=t

0
0

106ms
101ms

Image
text/html

209.54.177.54

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&dl=3lift&gdpr=1&gdpr_consent=&uid=994320522538818905947&dcc=t
Requested by: Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?&ld=1
Protocol: HTTP/1.1
Server: 209.54.177.54 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eb2.3lift.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Redirect headers

Pragma: no-cache
Date: Thu, 19 May 2022 15:32:24 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: 79MQ7PTP5HXFDVRH2TJ6
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location: https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&dl=3lift&gdpr=1&gdpr_consent=&uid=994320522538818905947&dcc=t
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2

200

xuid
eb2.3lift.com/ Frame 0B3B
Redirect Chain

https://b1sync.zemanta.com/usersync/triplelift?gdpr=1&gdpr_consent=
https://eb2.3lift.com/xuid?mid=2460&dongle=dba8&xuid=&gdpr=1

37 B
139 B

9ms
8ms

Image
image/gif

76.223.111.18
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eb2.3lift.com/xuid?mid=2460&dongle=dba8&xuid=&gdpr=1
Requested by: Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?&ld=1
Protocol: H2
Server: 76.223.111.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a0f671730127a0812.awsglobalaccelerator.com
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eb2.3lift.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 19 May 2022 15:32:24 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 37
content-type: image/gif

Redirect headers

Location: https://eb2.3lift.com/xuid?mid=2460&dongle=dba8&xuid=&gdpr=1
Pragma: no-cache
Date: Thu, 19 May 2022 15:32:24 GMT
Cache-Control: no-cache, no-store, must-revalidate
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Content-Length: 95
Content-Type: text/html; charset=utf-8

GET
H/1.1 400
Request failed due to privacy signals setuid
ib.adnxs.com/prebid/ Frame 0B3B 0
0 15ms
13ms Image
text/html 185.33.220.100
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ib.adnxs.com/prebid/setuid?bidder=triplelift_native&gdpr=1&gdpr_consent=&uid=994320522538818905947
Requested by: Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?&ld=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 185.33.220.100 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS: 399.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eb2.3lift.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame 2ED4 15 KB
6 KB 12ms
7ms Document
text/html 69.192.160.199
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156319&gdpr=0&predirect=https%3A%2F%2Fx.serverbid.com%2Fusersync%3Fttt%3D3%26src%3D2%26cspi%3D0%26cn%3D3%26spui%3D%26dpui%3D
Requested by: Host: sync.serverbid.com
URL: https://sync.serverbid.com/ss/2000891.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 69.192.160.199 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a69-192-160-199.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152

Request headers

Referer: https://sync.serverbid.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
cache-control: max-age=21124
content-encoding: gzip
content-length: 5549
content-type: text/html; charset=UTF-8
date: Thu, 19 May 2022 15:32:23 GMT
etag: "1300708-3de4-5d6ef246ef4cf"
expires: Thu, 19 May 2022 21:24:27 GMT
last-modified: Tue, 01 Feb 2022 06:38:00 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: Apache/2.2.15 (CentOS)
vary: Accept-Encoding

GET
H2 200 rid Show response
match.adsrvr.org/track/ Frame E43B 63 B
392 B 93ms
30ms Fetch
application/json 52.223.40.198
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://match.adsrvr.org/track/rid?ttd_pid=prebid&fmt=json
Requested by: Host: sync.serverbid.com
URL: https://sync.serverbid.com/ss/2000891.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.223.40.198 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: /
Resource Hash: f27f21797eb8f26ca0fd7136119d27f44082ebd32eb95f1af44ca1e371cf511c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sync.serverbid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 19 May 2022 15:32:23 GMT
x-aspnet-version: 4.0.30319
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://sync.serverbid.com
cache-control: private
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Content-Length, Content-Encoding, Vary, Cache-Control, Accept
content-length: 63
expires: Sat, 18 Jun 2022 15:32:23 GMT

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame 0C1A 15 KB
6 KB 8ms
6ms Document
text/html 69.192.160.199
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Fx.yieldlift.com%2Fsetuid%3Fbidder%3Dpubmatic%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3D1YN-%26uid%3D
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 69.192.160.199 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a69-192-160-199.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152

Request headers

Referer: https://public.servenobid.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
cache-control: max-age=21124
content-encoding: gzip
content-length: 5549
content-type: text/html; charset=UTF-8
date: Thu, 19 May 2022 15:32:23 GMT
etag: "1300708-3de4-5d6ef246ef4cf"
expires: Thu, 19 May 2022 21:24:27 GMT
last-modified: Tue, 01 Feb 2022 06:38:00 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: Apache/2.2.15 (CentOS)
vary: Accept-Encoding

GET
H2 200 13926 Show response
g2.gumgum.com/usync/ Frame 4133 4 KB
1 KB 97ms
29ms Document
text/html 34.241.55.221
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.241.55.221 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-241-55-221.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 27e6e3335c696a746bd9a6af65d59507d9861ac0b9a48675a387256c27c1ca73

Request headers

Referer: https://public.servenobid.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-encoding: gzip
content-type: text/html;charset=UTF-8
date: Thu, 19 May 2022 15:32:23 GMT
etag: W/"00e9dfc13dad713f3e42529542a195107"
server: nginx
timing-allow-origin: *

GET
H2 204 ps
pixel.33across.com/ Frame BABE 0
0 326ms
104ms Document
text/plain 67.202.105.23

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel.33across.com/ps?m=xch&rt=html&id=0010b00002Mq2FYAAZ&ru=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D304%26uid%3D33XUSERID33X
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.202.105.23 -, , ASN (),
Reverse DNS
Software: 33XP002 /
Resource Hash

Request headers

Referer: https://public.servenobid.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

date: Thu, 19 May 2022 15:32:23 GMT
server: 33XP002
x-33x-status: 2000208

GET
H2 200 / Show response
onetag-sys.com/usync/ Frame 544E 2 KB
814 B 33ms
8ms Document
text/html 51.89.9.252
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://onetag-sys.com/usync/?pubId=694e68b73971b58&gdpr=0&gdpr_consent=&us_privacy=1YN-&https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D318%26uid%3D

Requested by

Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.89.9.252 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip252.ip-51-89-9.eu

Software

Resource Hash

37a31642af0a7fe695ed0fd68a06a55af44e854d083dc7f5d0e70535f0189ae0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://public.servenobid.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-transform, no-cache
content-encoding: gzip
content-length: 731
content-type: text/html
strict-transport-security: max-age=15552000

GET
H/1.1 200
OK sync Show response
ssbsync.smartadserver.com/api/ Frame 35E8 802 B
1 KB 154ms
80ms Document
text/html 185.86.137.122
SMARTADSERVER

General

Check archive.org

Show headers Download Go to

Full URL: https://ssbsync.smartadserver.com/api/sync?callerId=9&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D317%26uid%3D%24UID
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.137.122 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: c7414f8c05b9e18aab7e75a57e892004f4055aab16d56d794795f64041405429

Request headers

Referer: https://public.servenobid.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-length: 802
content-type: text/html
date: Thu, 19 May 2022 15:32:22 GMT

GET
H/1.1 200
OK usermatch Show response
ssum-sec.casalemedia.com/ Frame 8CE5 1 KB
3 KB 23ms
17ms Document
text/html 69.192.160.245
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 69.192.160.245 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a69-192-160-245.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: f46b5bc59570c71d0e2fedf570e2f818372c5abfaf6c9e44a8e649e581bcaa29

Request headers

Referer: https://public.servenobid.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 1501
Content-Type: text/html
Date: Thu, 19 May 2022 15:32:23 GMT
Dropped-Udsids: 39|230|241|46|188|5|206|64
Expires: Thu, 19 May 2022 15:32:23 GMT
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Pragma: no-cache
Server: Apache
Vary: Is-Traffic-Usersync

GET
H/1.1 204
No Content sync.php
pixel.rubiconproject.com/exchange/ Frame 6374 0
239 B 71ms
8ms Image
image/gif 69.173.144.139
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/exchange/sync.php?p=13702&gdpr=0&gdpr_consent=&us_privacy=1YN-&
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 69.173.144.139 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://public.servenobid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: 611afce88997db6fdd35eb213e662871
Content-Type: image/gif

GET
H2

200

sync
ads.servenobid.com/ Frame 6374
Redirect Chain

https://ib.adnxs.com/getuid?https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D312%26uid%3D%24UID
https://ads.servenobid.com/sync?pid=312&uid=4428542190750113826

0
344 B

28ms
28ms

Image
image/avif

52.18.151.34
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.servenobid.com/sync?pid=312&uid=4428542190750113826
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: H2
Server: 52.18.151.34 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-18-151-34.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://public.servenobid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 19 May 2022 15:32:23 GMT
amp-access-control-allow-source-origin: *
content-type: image/avif;charset=ISO-8859-1
access-control-allow-origin: *
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 0

Redirect headers

Pragma: no-cache
Date: Thu, 19 May 2022 15:32:23 GMT
X-Proxy-Origin: 185.213.155.162; 185.213.155.162; 399.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid: e6c05ad4-6025-421c-abef-01d9e095ecd9
Server: nginx/1.21.3
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://ads.servenobid.com/sync?pid=312&uid=4428542190750113826
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

sync
ads.servenobid.com/ Frame 6374
Redirect Chain

https://ce.lijit.com/merge?pid=273657&3pid=273657&gdpr=0&gdpr_consent=&us_privacy=1YN-&&location=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D310%26uid%3D%5BSOVRNID%5D
https://ce.lijit.com/merge?pid=273657&3pid=273657&gdpr=0&gdpr_consent=&us_privacy=1YN-&location=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D310%26uid%3D%5BSOVRNID%5D&dnr=1
https://ads.servenobid.com/sync?pid=310&uid=EqtEqRZHv1CWWl6EQey_Zr-v

0
351 B

29ms
29ms

Image
image/avif

52.18.151.34
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.servenobid.com/sync?pid=310&uid=EqtEqRZHv1CWWl6EQey_Zr-v
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: H2
Server: 52.18.151.34 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-18-151-34.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://public.servenobid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 19 May 2022 15:32:23 GMT
amp-access-control-allow-source-origin: *
content-type: image/avif;charset=ISO-8859-1
access-control-allow-origin: *
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 0

Redirect headers

Pragma: no-cache
Date: Thu, 19 May 2022 15:32:23 GMT
P3P: CP="CUR ADM OUR NOR STA NID"
Location: https://ads.servenobid.com/sync?pid=310&uid=EqtEqRZHv1CWWl6EQey_Zr-v
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod: ad_ap2ams1
Content-Length: 0
Expires: Fri, 20 Mar 2009 00:00:00 GMT

GET
H/1.1 204
No Content pixel
ap.lijit.com/ Frame 6374 0
277 B 30ms
26ms Image
text/plain 216.52.2.19
AS-INAPCDN-OCY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ap.lijit.com/pixel?pid=273657&3pid=273657&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redir=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D310%26uid%3D%24UID
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.19 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://public.servenobid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Thu, 19 May 2022 15:32:23 GMT
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap4ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Access-Control-Allow-Methods: GET, POST, DELETE, PUT

GET
H2

200

sync
ads.servenobid.com/ Frame 6374
Redirect Chain

https://x.yieldlift.com/getuid?r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D314%26uid%3D%24UID
https://ads.servenobid.com/sync?pid=314&uid=eyJ4dWlkIjoiNTZkYWM2NzAtZjM3Yi00YTEzLWFmZWEtMzA4YWNmMTk0ZThiIiwiZHAiOnt9LCJiZGF5IjoiMjAyMi0wNS0xOVQxNTozMjoyNC4xNzc5MzlaIn0=

0
432 B

28ms
28ms

Image
image/avif

52.18.151.34
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.servenobid.com/sync?pid=314&uid=eyJ4dWlkIjoiNTZkYWM2NzAtZjM3Yi00YTEzLWFmZWEtMzA4YWNmMTk0ZThiIiwiZHAiOnt9LCJiZGF5IjoiMjAyMi0wNS0xOVQxNTozMjoyNC4xNzc5MzlaIn0=
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: H2
Server: 52.18.151.34 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-18-151-34.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://public.servenobid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 19 May 2022 15:32:24 GMT
amp-access-control-allow-source-origin: *
content-type: image/avif;charset=ISO-8859-1
access-control-allow-origin: *
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 0

Redirect headers

Location: https://ads.servenobid.com/sync?pid=314&uid=eyJ4dWlkIjoiNTZkYWM2NzAtZjM3Yi00YTEzLWFmZWEtMzA4YWNmMTk0ZThiIiwiZHAiOnt9LCJiZGF5IjoiMjAyMi0wNS0xOVQxNTozMjoyNC4xNzc5MzlaIn0=
Pragma: no-cache
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: 0

GET
H2

200

sync
ads.servenobid.com/ Frame 6374
Redirect Chain

https://sync.1rx.io/usersync2/rmpssp?sub=duration&redir=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D321%26uid%3D%5BRX_UUID%5D
https://sync.1rx.io/usersync2/rmpssp?sub=duration&zcc=1&redir=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D321%26uid%3D%5BRX_UUID%5D&cb=1652974343867
https://ads.servenobid.com/sync?pid=321&uid=OPTOUT

0
336 B

38ms
37ms

Image
image/avif

52.18.151.34
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.servenobid.com/sync?pid=321&uid=OPTOUT
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: H2
Server: 52.18.151.34 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-18-151-34.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://public.servenobid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 19 May 2022 15:32:23 GMT
amp-access-control-allow-source-origin: *
content-type: image/avif;charset=ISO-8859-1
access-control-allow-origin: *
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 0

Redirect headers

pragma: no-cache
date: Thu, 19 May 2022 15:32:23 GMT
server: Tengine
etag: OPTOUT
content-type: text/html
location: https://ads.servenobid.com/sync?pid=321&uid=OPTOUT
cache-control: no-store, no-cache, must-revalidate
expires: 0

GET
H2

200

sync
ads.servenobid.com/ Frame 6374
Redirect Chain

https://p.rfihub.com/cm?pub=44007&in=1
https://ads.servenobid.com/sync?pid=324&uid=5133329521251074453

0
344 B

29ms
29ms

Image
image/avif

52.18.151.34
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.servenobid.com/sync?pid=324&uid=5133329521251074453
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: H2
Server: 52.18.151.34 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-18-151-34.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://public.servenobid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 19 May 2022 15:32:23 GMT
amp-access-control-allow-source-origin: *
content-type: image/avif;charset=ISO-8859-1
access-control-allow-origin: *
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 0

Redirect headers

Location: https://ads.servenobid.com/sync?pid=324&uid=5133329521251074453
Date: Thu, 19 May 2022 15:32:23 GMT
Server: Jetty(9.3.29.v20201019)
Content-Length: 0
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H/1.1 200
OK usa
sync.go.sonobi.com/ Frame 6374 0
478 B 49ms
16ms Image
text/plain 178.162.133.149
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sync.go.sonobi.com/usa?loc=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D332%26uid%3D

Requested by

Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.149 Rijswijk, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

ams-1-sync.go.sonobi.com

Software

sonobi-go /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://public.servenobid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 19 May 2022 15:32:23 GMT
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: xcp-ams-1-7-129
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache, no-store, private
Tcn: Choice
Content-Type: text/plain; charset=utf8
Content-Length: 0
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

GET
H2

200

sync
ads.servenobid.com/ Frame 6374
Redirect Chain

https://prebid.a-mo.net/cchain/0?gdpr=0&gdpr_consent=&us_privacy=1YN-&&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D327%26uid%3D
https://ads.servenobid.com/sync?pid=327&uid=440bd644-5094-4cb1-80aa-73130f3c5a38&gdpr=0&gdpr_consent=&us_privacy=1YN-

0
356 B

28ms
27ms

Image
image/avif

52.18.151.34
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.servenobid.com/sync?pid=327&uid=440bd644-5094-4cb1-80aa-73130f3c5a38&gdpr=0&gdpr_consent=&us_privacy=1YN-
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: H2
Server: 52.18.151.34 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-18-151-34.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://public.servenobid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 19 May 2022 15:32:23 GMT
amp-access-control-allow-source-origin: *
content-type: image/avif;charset=ISO-8859-1
access-control-allow-origin: *
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 0

Redirect headers

location: https://ads.servenobid.com/sync?pid=327&uid=440bd644-5094-4cb1-80aa-73130f3c5a38&gdpr=0&gdpr_consent=&us_privacy=1YN-
date: Thu, 19 May 2022 15:32:23 GMT
cache-control: max-age=0, private, must-revalidate
x-envoy-upstream-service-time: 1
server: envoy
content-length: 0

GET
H2

200

sync
ads.servenobid.com/ Frame 6374
Redirect Chain

https://ups.analytics.yahoo.com/ups/58559/occ
https://ups.analytics.yahoo.com/ups/58559/occ?verify=true
https://ads.servenobid.com/sync?pid=337&uid=y-QxUHxpJE2uHkaTGCjsXWXcOICgzYvO4T2VxxBoQ-~A

0
368 B

28ms
28ms

Image
image/avif

52.18.151.34
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.servenobid.com/sync?pid=337&uid=y-QxUHxpJE2uHkaTGCjsXWXcOICgzYvO4T2VxxBoQ-~A
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: H2
Server: 52.18.151.34 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-18-151-34.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://public.servenobid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 19 May 2022 15:32:23 GMT
amp-access-control-allow-source-origin: *
content-type: image/avif;charset=ISO-8859-1
access-control-allow-origin: *
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 0

Redirect headers

location: https://ads.servenobid.com/sync?pid=337&uid=y-QxUHxpJE2uHkaTGCjsXWXcOICgzYvO4T2VxxBoQ-~A
date: Thu, 19 May 2022 15:32:23 GMT
server: ATS/9.1.0.46
age: 0
content-length: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H2 200 casale
match.adsrvr.org/track/cmf/ Frame 8CE5 70 B
264 B 33ms
29ms Image
image/gif 52.223.40.198
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/casale?gdpr=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.223.40.198 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 19 May 2022 15:32:23 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H3 200 pixel
cm.g.doubleclick.net/ Frame 8CE5 170 B
188 B 31ms
30ms Image
image/png 142.251.36.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=YoZjBB5Gz2Mr607LjzNzCQAABFcAAAAB&gdpr_consent=&us_privacy=&gdpr=1

Requested by

Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.36.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

prg03s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 19 May 2022 15:32:23 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

dcm
s.amazon-adsystem.com/ Frame 8CE5
Redirect Chain

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YoZjBB5Gz2Mr607LjzNzCQAABFcAAAAB
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YoZjBB5Gz2Mr607LjzNzCQAABFcAAAAB&dcc=t

43 B
645 B

102ms
102ms

Image
image/gif

209.54.177.54

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YoZjBB5Gz2Mr607LjzNzCQAABFcAAAAB&dcc=t

Requested by

Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D

Protocol

HTTP/1.1

Server

209.54.177.54 -, , ASN (),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 19 May 2022 15:32:24 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: WFQTMT1R42CVF1KBVPWE
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 19 May 2022 15:32:24 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: PXQXND9K82K46FJ9731Z
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location: https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YoZjBB5Gz2Mr607LjzNzCQAABFcAAAAB&dcc=t
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 400
Request failed due to privacy signals getuid
secure.adnxs.com/ Frame 8CE5 0
0 99ms
64ms Image
text/html 185.33.220.100
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure.adnxs.com/getuid?https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=$UID&gdpr=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 185.33.220.100 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS: 399.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

GET
H2 200 CookieIndex
rtb.adentifi.com/ Frame 8CE5 0
47 B 315ms
101ms Image
text/plain 54.236.74.72

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.adentifi.com/CookieIndex
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.236.74.72 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 19 May 2022 15:32:24 GMT
content-length: 0
content-type: text/plain

GET
H2 200 ix
ad4m.at/ad/sim/ Frame 8CE5 0
0 55ms
21ms Image
text/html 2606:4700:20::681a:ad1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad4m.at/ad/sim/ix?gdpr=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:ad1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

GET
H2 204 sync
ups.analytics.yahoo.com/ups/55940/ Frame 8CE5 0
15 B 13ms
10ms Image
text/plain 3.126.56.137
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ups.analytics.yahoo.com/ups/55940/sync?_origin=1&redir2=true&uid=YoZjBB5Gz2Mr607LjzNzCQAABFcAAAAB&gdpr_consent=&us_privacy=&gdpr=1

Requested by

Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

3.126.56.137 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-126-56-137.eu-central-1.compute.amazonaws.com

Software

ATS/9.1.0.46 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 19 May 2022 15:32:23 GMT
server: ATS/9.1.0.46
age: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H2 204 pixelSync
pixel-sync.sitescout.com/dmp/ Frame 8CE5 0
191 B 73ms
20ms Image
text/plain 66.155.71.149
COGECO-PEER1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel-sync.sitescout.com/dmp/pixelSync?nid=48&gdpr=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 66.155.71.149 Portsmouth, United Kingdom, ASN13768 (COGECO-PEER1, CA),
Reverse DNS
Software: AC1.1 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 19 May 2022 15:32:23 GMT
cache-control: max-age=0,no-cache,no-store
server: AC1.1
p3p: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
expires: Tue, 11 Oct 1977 12:34:56 GMT

GET
H2 200 sync
ads.servenobid.com/ Frame 8CE5 0
357 B 30ms
29ms Image
image/avif 52.18.151.34
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.servenobid.com/sync?pid=333&uid=YoZjBB5Gz2Mr607LjzNzCQAABFcAAAAB
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.18.151.34 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-18-151-34.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 19 May 2022 15:32:23 GMT
amp-access-control-allow-source-origin: *
content-type: image/avif;charset=ISO-8859-1
access-control-allow-origin: *
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 0

GET
H/1.1

200

usersync
usersync.gumgum.com/ Frame 4133
Redirect Chain

https://secure.adnxs.com/getuid?https://usersync.gumgum.com/usersync?b=apn&i=$UID
https://usersync.gumgum.com/usersync?b=apn&i=4428542190750113826

35 B
250 B

118ms
30ms

Image
image/gif

34.247.205.196

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://usersync.gumgum.com/usersync?b=apn&i=4428542190750113826
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: HTTP/1.1
Server: 34.247.205.196 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://g2.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 19 May 2022 15:32:24 GMT
Cache-Control: private, no-store, must-revalidate, max-age=0
Connection: keep-alive
Content-Type: image/gif
Content-Length: 35
Expires: 0

Redirect headers

Pragma: no-cache
Date: Thu, 19 May 2022 15:32:23 GMT
X-Proxy-Origin: 185.213.155.162; 185.213.155.162; 399.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid: de6267ef-4292-435e-b3c7-0bf2ef9e1fc0
Server: nginx/1.21.3
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://usersync.gumgum.com/usersync?b=apn&i=4428542190750113826
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

usersync
rtb.gumgum.com/ Frame 4133
Redirect Chain

https://x.bidswitch.net/sync?ssp=gumgum2&user_id=e_d950cf45-c81e-4d14-a7a4-e012b158c072&gdpr=0&gdpr_consent=&us_privacy=1---
https://x.bidswitch.net/ul_cb/sync?ssp=gumgum2&user_id=e_d950cf45-c81e-4d14-a7a4-e012b158c072&gdpr=0&gdpr_consent=&us_privacy=1---
https://a.sportradarserving.com/sync?ssp=bidswitch&bidswitch_ssp_id=gumgum2
https://a.sportradarserving.com/ul_cb/sync?ssp=bidswitch&bidswitch_ssp_id=gumgum2
https://x.bidswitch.net/sync?dsp_id=409&expires=14&user_group=1&user_id=a27a796e-9d3b-4a38-8de3-5487f708977d&ssp=gumgum2
https://rtb.gumgum.com/usersync?b=bsw&i=4ba7c650-1e0f-4411-8e2f-ba7bf77b04bf

35 B
208 B

37ms
37ms

Image
image/gif

34.248.76.8

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.gumgum.com/usersync?b=bsw&i=4ba7c650-1e0f-4411-8e2f-ba7bf77b04bf
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Server: 34.248.76.8 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://g2.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 19 May 2022 15:32:24 GMT
server: nginx
content-type: image/gif;charset=UTF-8
cache-control: private, no-store, must-revalidate, max-age=0
timing-allow-origin: *
content-length: 35
expires: 0

Redirect headers

Location: //rtb.gumgum.com/usersync?b=bsw&i=4ba7c650-1e0f-4411-8e2f-ba7bf77b04bf
Date: Thu, 19 May 2022 15:32:24 GMT
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 0

GET
H/1.1

200
OK

cookiesyncredir
bttrack.com/Pixel/ Frame 4133
Redirect Chain

https://sync.outbrain.com/redirectObuid?platformId=GUMGU18H7EL9NI653I7DPEH51&gdpr=0&gdprConsent=&platformRdUrl=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dobn%26i%3D%7BOB_UID%7D%26r%3D%7BobR...
https://usersync.gumgum.com/usersync?b=obn&i=ENC%28i3XTXeE7GeJGZIzK97ld7Q_gIKoAhDrSVpue6-B1q3Eqzn6kfxJoE40fwbu4A8dq%29&r=https%3A%2F%2Fsync.outbrain.com%2FsyncUser%3FplatformId%3D%7Bplatform_id%7D%...
https://sync.outbrain.com/syncUser?platformId=GUMGU18H7EL9NI653I7DPEH51&platformUid=e_d950cf45-c81e-4d14-a7a4-e012b158c072&obuid=ENC(i3XTXeE7GeJGZIzK97ld7Q_gIKoAhDrSVpue6-B1q3Eqzn6kfxJoE40fwbu4A8dq)
https://sync.outbrain.com/syncPartner?platformId=GUMGU18H7EL9NI653I7DPEH51
https://bttrack.com/Pixel/cookiesyncredir?rurl=https%3A%2F%2Fsync.outbrain.com%2Fcookie-sync%3Fp%3Dbidtellect%26uid%3D%7Bglobalid%7D%26obUid%3Di3XTXeE7GeJGZIzK97ld7Q_gIKoAhDrSVpue6-B1q3Eqzn6kfxJoE4...

35 B
380 B

499ms
96ms

Image
image/gif

192.132.33.46

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bttrack.com/Pixel/cookiesyncredir?rurl=https%3A%2F%2Fsync.outbrain.com%2Fcookie-sync%3Fp%3Dbidtellect%26uid%3D%7Bglobalid%7D%26obUid%3Di3XTXeE7GeJGZIzK97ld7Q_gIKoAhDrSVpue6-B1q3Eqzn6kfxJoE40fwbu4A8dq
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: HTTP/1.1
Server: 192.132.33.46 -, , ASN (),
Reverse DNS
Software: Microsoft-IIS/8.5 /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://g2.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

X-ServerName: Track002-iad
Pragma: no-cache
Date: Thu, 19 May 2022 15:32:09 GMT
X-AspNetMvc-Version: 5.2
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
P3P: CP="CAO DSP COR ADMo DEVo PSAo PSDo HISo IVAo IVDo OUR IND OTC"
Cache-Control: private,no-cache
Content-Type: image/gif
Content-Length: 35
Expires: -1

Redirect headers

Location: https://bttrack.com/Pixel/cookiesyncredir?rurl=https%3A%2F%2Fsync.outbrain.com%2Fcookie-sync%3Fp%3Dbidtellect%26uid%3D%7Bglobalid%7D%26obUid%3Di3XTXeE7GeJGZIzK97ld7Q_gIKoAhDrSVpue6-B1q3Eqzn6kfxJoE40fwbu4A8dq
Date: Thu, 19 May 2022 15:32:24 GMT
X-TraceId: 0ab6ef79aae43313e2efcfd205d77e4c
Content-Length: 0

GET
H/1.1

200

usersync
usersync.gumgum.com/ Frame 4133
Redirect Chain

https://us-u.openx.net/w/1.0/cm?_={CACHEBUSTER}&id=47f31213-389c-4904-aaa6-9b11aab9c211&gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dopx%26i%3D
https://usersync.gumgum.com/usersync?b=opx&i=7a4f3432-3b89-4ca8-bdb5-e18d5394f2a9

35 B
250 B

142ms
30ms

Image
image/gif

34.247.205.196

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://usersync.gumgum.com/usersync?b=opx&i=7a4f3432-3b89-4ca8-bdb5-e18d5394f2a9
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: HTTP/1.1
Server: 34.247.205.196 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://g2.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 19 May 2022 15:32:24 GMT
Cache-Control: private, no-store, must-revalidate, max-age=0
Connection: keep-alive
Content-Type: image/gif
Content-Length: 35
Expires: 0

Redirect headers

date: Thu, 19 May 2022 15:32:23 GMT
content-encoding: gzip
server: OXGW/18.1.0
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://usersync.gumgum.com/usersync?b=opx&i=7a4f3432-3b89-4ca8-bdb5-e18d5394f2a9
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
via: 1.1 google

GET
H2

200

usersync
rtb.gumgum.com/ Frame 4133
Redirect Chain

https://sync.srv.stackadapt.com/sync?nid=1&gdpr=0&gdpr_consent=
https://rtb.gumgum.com/usersync?b=sta&i=0-b461d99d-0837-43fc-52af-e49189bebf30$ip$185.213.155.162

35 B
208 B

36ms
35ms

Image
image/gif

34.248.76.8

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.gumgum.com/usersync?b=sta&i=0-b461d99d-0837-43fc-52af-e49189bebf30$ip$185.213.155.162
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Server: 34.248.76.8 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://g2.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 19 May 2022 15:32:24 GMT
server: nginx
content-type: image/gif;charset=UTF-8
cache-control: private, no-store, must-revalidate, max-age=0
timing-allow-origin: *
content-length: 35
expires: 0

Redirect headers

Location: https://rtb.gumgum.com/usersync?b=sta&i=0-b461d99d-0837-43fc-52af-e49189bebf30$ip$185.213.155.162
Date: Thu, 19 May 2022 15:32:24 GMT
Connection: keep-alive
Content-Length: 124
Content-Type: text/html; charset=utf-8

GET
H2 502 gumgum
pr-bh.ybp.yahoo.com/sync/ Frame 4133 0
0 36ms
31ms Image
text/html 2a05:d018:d29:3601:cc00:50b5:a5a9:66b7
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pr-bh.ybp.yahoo.com/sync/gumgum?gdpr=0&gdpr_consent=
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a05:d018:d29:3601:cc00:50b5:a5a9:66b7 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://g2.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

GET
H/1.1

200

usersync
usersync.gumgum.com/ Frame 4133
Redirect Chain

https://sync.ipredictive.com/d/sync/cookie/generic?partner=gumgum&cspid=9&append=1&cb=${ADELPHIC_CACHE_BUSTER}&gdpr=0&gdpr_consent=&us_privacy=1---&redirect=https%3A%2F%2Fusersync.gumgum.com%2Fuser...
https://usersync.gumgum.com/usersync?b=vnt&i=e1d724d6-d788-11ec-9ab9-6303bc30f4d1

35 B
250 B

30ms
30ms

Image
image/gif

34.247.205.196

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://usersync.gumgum.com/usersync?b=vnt&i=e1d724d6-d788-11ec-9ab9-6303bc30f4d1
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: HTTP/1.1
Server: 34.247.205.196 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://g2.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 19 May 2022 15:32:24 GMT
Cache-Control: private, no-store, must-revalidate, max-age=0
Connection: keep-alive
Content-Type: image/gif
Content-Length: 35
Expires: 0

Redirect headers

Location: https://usersync.gumgum.com/usersync?b=vnt&i=e1d724d6-d788-11ec-9ab9-6303bc30f4d1
Date: Thu, 19 May 2022 15:32:23 GMT
Server: Apache-Coyote/1.1
Connection: keep-alive
Content-Length: 0
X-CI-RTID: e1d724d7-d788-11ec-9ab9-6303bc30f4d1

GET
H/1.1

200

usersync
usersync.gumgum.com/ Frame 4133
Redirect Chain

https://sync.technoratimedia.com/services?srv=cs&pid=65&us_privacy=1---&cb=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dsnc%26i%3D%5BUSER_ID%5D
https://usersync.gumgum.com/usersync?b=snc&i=GDPR

35 B
250 B

28ms
27ms

Image
image/gif

34.247.205.196

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://usersync.gumgum.com/usersync?b=snc&i=GDPR
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: HTTP/1.1
Server: 34.247.205.196 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://g2.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 19 May 2022 15:32:24 GMT
Cache-Control: private, no-store, must-revalidate, max-age=0
Connection: keep-alive
Content-Type: image/gif
Content-Length: 35
Expires: 0

Redirect headers

date: Thu, 19 May 2022 15:32:24 GMT
via: 1.1 varnish
server: nginx
age: 0
location: https://usersync.gumgum.com/usersync?b=snc&i=GDPR
access-control-allow-methods: POST,GET,HEAD,OPTIONS
x-varnish: 241537262
access-control-allow-origin: https://g2.gumgum.com/
access-control-allow-credentials: true
content-length: 0

GET
H2 200 142
match.deepintent.com/usersync/ Frame 4133 0
44 B 287ms
92ms Image
text/plain 38.91.45.7

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.deepintent.com/usersync/142
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 38.91.45.7 -, , ASN (),
Reverse DNS
Software: a /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://g2.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 19 May 2022 15:32:23 GMT
content-length: 0
server: a

GET
H2

200

usersync
rtb.gumgum.com/ Frame 4133
Redirect Chain

https://b1sync.zemanta.com/usersync/gumgum/?puid=e_d950cf45-c81e-4d14-a7a4-e012b158c072&gdpr=0&gdpr_consent=&us_privacy=1---
https://stags.bluekai.com/site/23178?id=9ugVZ5NallhAZUgfCKnz&redir=https%3A%2F%2Fb1sync.zemanta.com%2Fusersync%2Fbluekai%2Fcallback%2F%3Fd%3DNB2HI4DTHIXS64TUMIXGO5LNM52W2LTDN5WS65LTMVZHG6LOMM7WEPL2...
https://b1sync.zemanta.com/usersync/bluekai/callback/?d=NB2HI4DTHIXS64TUMIXGO5LNM52W2LTDN5WS65LTMVZHG6LOMM7WEPL2MVWSMZLYMNUGC3THMU6WO5LNM52W2JTHMRYHEPJQEZUT2OLVM5LFUNKOMFWGY2CBLJKWOZSDJNXHUJTVONPXA...
https://rtb.gumgum.com/usersync?b=zem&gdpr=0&i=9ugVZ5NallhAZUgfCKnz&us_privacy=1---

35 B
208 B

35ms
35ms

Image
image/gif

34.248.76.8

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.gumgum.com/usersync?b=zem&gdpr=0&i=9ugVZ5NallhAZUgfCKnz&us_privacy=1---
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Server: 34.248.76.8 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://g2.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 19 May 2022 15:32:24 GMT
server: nginx
content-type: image/gif;charset=UTF-8
cache-control: private, no-store, must-revalidate, max-age=0
timing-allow-origin: *
content-length: 35
expires: 0

Redirect headers

Pragma: no-cache
Date: Thu, 19 May 2022 15:32:24 GMT
P3p: CP="We do not support P3P header."
Location: https://rtb.gumgum.com/usersync?b=zem&gdpr=0&i=9ugVZ5NallhAZUgfCKnz&us_privacy=1---
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=utf-8
Content-Length: 118
Expires: Thu, 01 Dec 1994 16:00:00 GMT

GET
H/1.1

200

usersync
usersync.gumgum.com/ Frame 4133
Redirect Chain

https://ad.360yield.com/server_match?partner_id=N&r=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Didi%26i%3D%7BPUB_USER_ID%7D
https://ad.360yield.com/ul_cb/server_match?partner_id=N&r=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Didi%26i%3D%7BPUB_USER_ID%7D
https://usersync.gumgum.com/usersync?b=idi&i=89f917cc-dde4-449b-9d10-f4f57928626c

35 B
250 B

40ms
28ms

Image
image/gif

34.247.205.196

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://usersync.gumgum.com/usersync?b=idi&i=89f917cc-dde4-449b-9d10-f4f57928626c
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: HTTP/1.1
Server: 34.247.205.196 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://g2.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 19 May 2022 15:32:24 GMT
Cache-Control: private, no-store, must-revalidate, max-age=0
Connection: keep-alive
Content-Type: image/gif
Content-Length: 35
Expires: 0

Redirect headers

location: https://usersync.gumgum.com/usersync?b=idi&i=89f917cc-dde4-449b-9d10-f4f57928626c
date: Thu, 19 May 2022 15:32:24 GMT
access-control-allow-origin: *
content-type: text/plain
content-length: 0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

GET
H2

200

usersync
rtb.gumgum.com/ Frame 4133
Redirect Chain

https://sync.1rx.io/usersync2/floor6&gdpr=0&gdpr_consent=
https://sync.1rx.io/usersync2/floor6?zcc=1&cb=1652974343930
https://rtb.gumgum.com/usersync?b=rhy&i=OPTOUT

35 B
209 B

108ms
35ms

Image
image/gif

34.248.76.8

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.gumgum.com/usersync?b=rhy&i=OPTOUT
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Server: 34.248.76.8 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://g2.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 19 May 2022 15:32:24 GMT
server: nginx
content-type: image/gif;charset=UTF-8
cache-control: private, no-store, must-revalidate, max-age=0
timing-allow-origin: *
content-length: 35
expires: 0

Redirect headers

pragma: no-cache
date: Thu, 19 May 2022 15:32:23 GMT
server: Tengine
etag: OPTOUT
content-type: text/html
location: https://rtb.gumgum.com/usersync?b=rhy&i=OPTOUT
cache-control: no-store, no-cache, must-revalidate
expires: 0

GET
H/1.1

200

usersync
usersync.gumgum.com/ Frame 4133
Redirect Chain

https://bh.contextweb.com/bh/rtset?pid=558355&ev=1&rurl=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dpln%26i%3D%25%25VGUID%25%25
https://usersync.gumgum.com/usersync?b=pln&i=AlesviNFAPkv&ev=1&pid=558355

35 B
250 B

30ms
30ms

Image
image/gif

34.247.205.196

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://usersync.gumgum.com/usersync?b=pln&i=AlesviNFAPkv&ev=1&pid=558355
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: HTTP/1.1
Server: 34.247.205.196 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://g2.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 19 May 2022 15:32:24 GMT
Cache-Control: private, no-store, must-revalidate, max-age=0
Connection: keep-alive
Content-Type: image/gif
Content-Length: 35
Expires: 0

Redirect headers

strict-transport-security: max-age=15768000
server: Jetty(9.4.14.v20181114)
p3p: policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
content-language: de-DE
location: https://usersync.gumgum.com/usersync?b=pln&i=AlesviNFAPkv&ev=1&pid=558355
cache-control: private, max-age=0, no-cache, no-store
cw-server: bh-deployment-686468cdff-qt6lp
expires: -1

GET
H/1.1 200
OK sync
ssbsync.smartadserver.com/api/ Frame 4133 0
75 B 16ms
16ms Image
text/plain 185.86.137.122
SMARTADSERVER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ssbsync.smartadserver.com/api/sync?callerId=15
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.137.122 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://g2.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 19 May 2022 15:32:23 GMT
content-length: 0

GET
H2 200 sync
ads.servenobid.com/ Frame 4133 0
357 B 31ms
27ms Image
image/avif 52.18.151.34
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.servenobid.com/sync?pid=309&uid=e_d950cf45-c81e-4d14-a7a4-e012b158c072
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.18.151.34 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-18-151-34.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://g2.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 19 May 2022 15:32:23 GMT
amp-access-control-allow-source-origin: *
content-type: image/avif;charset=ISO-8859-1
access-control-allow-origin: *
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 0

GET
H/1.1

200

usersync Show response
usersync.gumgum.com/ Frame 33CE
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=71&gdpr=0&gdpr_consent=&redir=https%3a%2f%2fusersync.gumgum.com%2fusersync%3fb%3dmmh%26i%3d%5bMM_UUID%5d
https://usersync.gumgum.com/usersync?b=mmh&i=69836286-6304-4200-a654-13da65e66f4a&gdpr=0&gdpr_consent=

35 B
250 B

120ms
28ms

Document
image/gif

34.247.205.196

General

Check archive.org

Show headers Download Go to

Full URL: https://usersync.gumgum.com/usersync?b=mmh&i=69836286-6304-4200-a654-13da65e66f4a&gdpr=0&gdpr_consent=
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.247.205.196 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://g2.gumgum.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: private, no-store, must-revalidate, max-age=0
Connection: keep-alive
Content-Length: 35
Content-Type: image/gif
Date: Thu, 19 May 2022 15:32:24 GMT
Expires: 0
Pragma: no-cache

Redirect headers

Access-Control-Allow-Origin: *
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 0
Content-Type: image/gif
Date: Thu, 19 May 2022 15:32:23 GMT
Expires: Thu, 19 May 2022 15:32:22 GMT
Keep-Alive: timeout=360
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Server: MT3 4419 e1034d5 master zrh-pixel-x4 config:1.0.0
location: https://usersync.gumgum.com/usersync?b=mmh&i=69836286-6304-4200-a654-13da65e66f4a&gdpr=0&gdpr_consent=

GET
H/1.1

200

usersync Show response
usersync.gumgum.com/ Frame AE24
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/URnmbSKM?redir=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Datm%26i%3D%24%7BTM_USER_ID%7D&gdpr=0&gdpr_consent=
https://usersync.gumgum.com/usersync?b=atm&i=YoZjAQAAALEWpANn&gdpr=0&gdpr_consent=

35 B
250 B

102ms
28ms

Document
image/gif

34.247.205.196

General

Check archive.org

Show headers Download Go to

Full URL: https://usersync.gumgum.com/usersync?b=atm&i=YoZjAQAAALEWpANn&gdpr=0&gdpr_consent=
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.247.205.196 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://g2.gumgum.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: private, no-store, must-revalidate, max-age=0
Connection: keep-alive
Content-Length: 35
Content-Type: image/gif
Date: Thu, 19 May 2022 15:32:24 GMT
Expires: 0
Pragma: no-cache

Redirect headers

accept-ranges: bytes
cache-control: no-cache
content-length: 0
date: Thu, 19 May 2022 15:32:23 GMT
location: https://usersync.gumgum.com/usersync?b=atm&i=YoZjAQAAALEWpANn&gdpr=0&gdpr_consent=
pragma: no-cache
retry-after: 0
server: Varnish
via: 1.1 varnish
x-cache: HIT
x-cache-hits: 0
x-served-by: cache-hhn4068-HHN
x-timer: S1652974344.982448,VS0,VE0

GET
H3 200 pixel Show response
cm.g.doubleclick.net/ Frame BEEE 170 B
188 B 34ms
33ms Document
image/png 142.251.36.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=gumgum_dbm&google_hm=ZV9kOTUwY2Y0NS1jODFlLTRkMTQtYTdhNC1lMDEyYjE1OGMwNzI=&gdpr=0&gdpr_consent=

Requested by

Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.36.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

prg03s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://g2.gumgum.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: no-cache, must-revalidate
content-length: 170
content-type: image/png
cross-origin-resource-policy: cross-origin
date: Thu, 19 May 2022 15:32:23 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
server: HTTP server (unknown)
x-xss-protection: 0

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame 6473 15 KB
6 KB 10ms
9ms Document
text/html 69.192.160.199
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=0&gdprConsent=
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 69.192.160.199 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a69-192-160-199.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152

Request headers

Referer: https://g2.gumgum.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
cache-control: max-age=21124
content-encoding: gzip
content-length: 5549
content-type: text/html; charset=UTF-8
date: Thu, 19 May 2022 15:32:23 GMT
etag: "1300708-3de4-5d6ef246ef4cf"
expires: Thu, 19 May 2022 21:24:27 GMT
last-modified: Tue, 01 Feb 2022 06:38:00 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: Apache/2.2.15 (CentOS)
vary: Accept-Encoding

GET
H2 200 generic Show response
match.adsrvr.org/track/cmf/ Frame CB2F 70 B
264 B 32ms
32ms Document
image/gif 52.223.40.198
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://match.adsrvr.org/track/cmf/generic?ttd_pid=gumgum&ttd_tpi=1&gdpr=0&gdpr_consent=
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.223.40.198 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Referer: https://g2.gumgum.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: private,no-cache, must-revalidate
content-length: 70
content-type: image/gif
date: Thu, 19 May 2022 15:32:23 GMT
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
pragma: no-cache
x-aspnet-version: 4.0.30319

GET
H/1.1

200

usersync Show response
usersync.gumgum.com/ Frame 3311
Redirect Chain

https://cs.emxdgt.com/um?redirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Demx%26i%3D%24UID&gdpr=0&gdpr_consent=
https://ib.adnxs.com/getuid?https://cs.emxdgt.com/umcheck?apnxid=$UID&redirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Demx%26i%3D%24EMXUID
https://cs.emxdgt.com/umcheck?apnxid=4428542190750113826&redirect=https://usersync.gumgum.com/usersync?b=emx&i=$EMXUID
https://usersync.gumgum.com/usersync?b=emx&uid=4428542190750113826brt289211652974343931273f1

35 B
250 B

114ms
35ms

Document
image/gif

34.247.205.196

General

Check archive.org

Show headers Download Go to

Full URL: https://usersync.gumgum.com/usersync?b=emx&uid=4428542190750113826brt289211652974343931273f1
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.247.205.196 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://g2.gumgum.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: private, no-store, must-revalidate, max-age=0
Connection: keep-alive
Content-Length: 35
Content-Type: image/gif
Date: Thu, 19 May 2022 15:32:24 GMT
Expires: 0
Pragma: no-cache

Redirect headers

content-length: 0
content-type: text/html
date: Thu, 19 May 2022 15:32:23 GMT
location: https://usersync.gumgum.com/usersync?b=emx&uid=4428542190750113826brt289211652974343931273f1

GET
H2

200

usersync Show response
rtb.gumgum.com/ Frame 921A
Redirect Chain

https://tg.socdm.com/aux/idsync?proto=gumgum
https://rtb.gumgum.com/usersync?b=sus&i=YoZjCMCo8X4AAMKJrm4AAAAA

35 B
208 B

35ms
35ms

Document
image/gif

34.248.76.8

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb.gumgum.com/usersync?b=sus&i=YoZjCMCo8X4AAMKJrm4AAAAA
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.248.76.8 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: 1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

Referer: https://g2.gumgum.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: private, no-store, must-revalidate, max-age=0
content-length: 35
content-type: image/gif;charset=UTF-8
date: Thu, 19 May 2022 15:32:25 GMT
expires: 0
pragma: no-cache
server: nginx
timing-allow-origin: *

Redirect headers

Cache-Control: private
Connection: keep-alive
Content-Length: 0
Date: Thu, 19 May 2022 15:32:24 GMT
Location: https://rtb.gumgum.com/usersync?b=sus&i=YoZjCMCo8X4AAMKJrm4AAAAA
P3P: CP="See also http://www.scaleout.jp/privacy/"
Server: nginx
X-SO-Ads-Time: 3
X-SO-Cluster-ID: 61
X-SO-HostName: m-ad89.dc4p.scaleout.jp
X-SO-IP: 185.213.155.162
X-SO-Key: YoZjCMCo8X4AAMKJrm4AAAAA
X-SO-LB-Data: {"ban":false,"clean_query":"\/aux\/idsync?proto=gumgum","cluster_id":61,"gdpr":true,"ipv4":"0.0.0.0","key":"YoZjCMCo8X4AAMKJrm4AAAAA","privacy_sensitive":true,"uid":"","upstream_id":"m-ad89"}
X-SO-LB-Hostname: m-tgng26.dc4p.scaleout.jp
X-SO-Upstream-ID: m-ad89

GET
H2

200

usersync Show response
rtb.gumgum.com/ Frame 8383
Redirect Chain

https://creativecdn.com/cm-notify?pi=gumgum
https://creativecdn.com/cm-notify?pi=gumgum&tc=1
https://rtb.gumgum.com/usersync?b=rth&i=MXU6CFn77sThbZKvmnVX&pi=gumgum&tc=1

35 B
208 B

72ms
36ms

Document
image/gif

34.248.76.8

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb.gumgum.com/usersync?b=rth&i=MXU6CFn77sThbZKvmnVX&pi=gumgum&tc=1
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.248.76.8 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: 1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

Referer: https://g2.gumgum.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: private, no-store, must-revalidate, max-age=0
content-length: 35
content-type: image/gif;charset=UTF-8
date: Thu, 19 May 2022 15:32:24 GMT
expires: 0
pragma: no-cache
server: nginx
timing-allow-origin: *

Redirect headers

cache-control: no-cache, no-store, must-revalidate, private, max-age=0
content-length: 0
date: Thu, 19 May 2022 15:32:23 GMT Thu, 19 May 2022 15:32:23 GMT
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://rtb.gumgum.com/usersync?b=rth&i=MXU6CFn77sThbZKvmnVX&pi=gumgum&tc=1
pragma: no-cache

GET
H/1.1

200
OK

usync.html Show response
eus.rubiconproject.com/ Frame 3A01
Redirect Chain

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=gumgum
https://eus.rubiconproject.com/usync.html?p=gumgum

281 B
554 B

7ms
6ms

Document
text/html

23.205.235.133
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html?p=gumgum
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.205.235.133 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-205-235-133.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer: https://g2.gumgum.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Thu, 19 May 2022 15:32:23 GMT
ETag: "40014-119-5d32342a551c0"
Last-Modified: Tue, 14 Dec 2021 23:07:59 GMT
Server: Apache/2.2.15 (CentOS)
Vary: Accept-Encoding

Redirect headers

access-control-allow-credentials: true
access-control-allow-origin: *
content-length: 0
date: Thu, 19 May 2022 15:32:23 GMT
location: https://eus.rubiconproject.com/usync.html?p=gumgum
server: AkamaiGHost

GET
H2 200 sync
ads.servenobid.com/ Frame 35E8 0
344 B 28ms
28ms Image
image/avif 52.18.151.34
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.servenobid.com/sync?pid=317&uid=9034727109210916018&gdpr=0&gdpr_consent=
Requested by: Host: ssbsync.smartadserver.com
URL: https://ssbsync.smartadserver.com/api/sync?callerId=9&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D317%26uid%3D%24UID
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.18.151.34 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-18-151-34.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ssbsync.smartadserver.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 19 May 2022 15:32:24 GMT
amp-access-control-allow-source-origin: *
content-type: image/avif;charset=ISO-8859-1
access-control-allow-origin: *
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 0

GET smart
sync.adotmob.com/cookie/ Frame 35E8 0
0

GET
H2 204 /
s.ad.smaato.net/c/ Frame 35E8 0
239 B 36ms
8ms Image
text/plain 2600:9000:2057:1a00:1b:5138:8a40:93a1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.ad.smaato.net/c/?adExInit=sas&redir=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D133%26partneruserid%3D$UID&gdpr=0&gdpr_consent=
Requested by: Host: ssbsync.smartadserver.com
URL: https://ssbsync.smartadserver.com/api/sync?callerId=9&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D317%26uid%3D%24UID
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2057:1a00:1b:5138:8a40:93a1 -, , ASN (),
Reverse DNS
Software: CloudFront /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ssbsync.smartadserver.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 19 May 2022 15:32:24 GMT
via: 1.1 d3039ad83798b26ecb9f9f1e666afe26.cloudfront.net (CloudFront)
server: CloudFront
cache-control: no-cache, must-revalidate
x-amz-cf-pop: FRA6-C1
x-amz-cf-id: 8E5ClQVKyTBwar-uNcB7N93BD_NP77QB6ZpUfmuxsUFUKpSEuvoipg==
x-cache: FunctionGeneratedResponse from cloudfront

GET
H/1.1 204
No Content /
b1sync.zemanta.com/usersync/smart/ Frame 35E8 0
64 B 260ms
83ms Image
text/plain 64.202.112.127

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://b1sync.zemanta.com/usersync/smart/?cb=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D116%26partneruserid%3D__ZUID__&gdpr=0&gdpr_consent=
Requested by: Host: ssbsync.smartadserver.com
URL: https://ssbsync.smartadserver.com/api/sync?callerId=9&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D317%26uid%3D%24UID
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 64.202.112.127 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ssbsync.smartadserver.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date: Thu, 19 May 2022 15:32:24 GMT

GET
H/1.1

200
OK

/
rtb-csync.smartadserver.com/redir/ Frame 35E8
Redirect Chain

https://pixel.quantserve.com/pixel/p-EtBqU4Lj3YbAv.gif?idmatch=0&gdpr=0&gdpr_consent=
https://rtb-csync.smartadserver.com/redir/?partnerid=80&&partneruserid=firrAH4r4wRlKrIHcHr-BXkq5gVlLeIFfSDqfTNH

43 B
163 B

70ms
16ms

Image
image/gif

185.86.137.132

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb-csync.smartadserver.com/redir/?partnerid=80&&partneruserid=firrAH4r4wRlKrIHcHr-BXkq5gVlLeIFfSDqfTNH
Requested by: Host: ssbsync.smartadserver.com
URL: https://ssbsync.smartadserver.com/api/sync?callerId=9&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D317%26uid%3D%24UID
Protocol: HTTP/1.1
Server: 185.86.137.132 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ssbsync.smartadserver.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 19 May 2022 15:32:23 GMT
transfer-encoding: chunked
content-type: image/gif

Redirect headers

pragma: no-cache
date: Thu, 19 May 2022 15:32:24 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
location: https://rtb-csync.smartadserver.com/redir/?partnerid=80&&partneruserid=firrAH4r4wRlKrIHcHr-BXkq5gVlLeIFfSDqfTNH
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 0
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame 3A01 32 KB
10 KB 8ms
7ms Script
text/html 23.205.235.133
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=gumgum
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.205.235.133 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-205-235-133.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: f5c7dd74dcf677e5151bce045e5ebe6e61d0740b3c03f4a7828702ac65b5723f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/usync.html?p=gumgum
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date: Thu, 19 May 2022 15:32:23 GMT
Content-Encoding: gzip
Last-Modified: Wed, 18 May 2022 19:08:11 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=43395
Connection: keep-alive
Content-Type: text/html; charset=UTF-8
Content-Length: 9500
Expires: Fri, 20 May 2022 03:35:38 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 2949
Redirect Chain

https://token.rubiconproject.com/token?pid=25470
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDNENjhQWjctSi1FM1Ux

170 B
188 B

33ms
31ms

Image
image/png

142.251.36.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDNENjhQWjctSi1FM1Ux

Protocol

Server

142.251.36.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

prg03s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 19 May 2022 15:32:24 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDNENjhQWjctSi1FM1Ux
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 6f9fd0201ed801884e5299d5aabca094
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H/1.1

200
OK

ecm3
aax-eu.amazon-adsystem.com/s/ Frame 2949
Redirect Chain

https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=
https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=&dcc=t
https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=e1WO5yj6TJiaqwKRCsS-oQ&rk=usync-other
https://aax-eu.amazon-adsystem.com/s/ecm3?ex=rubiconprojectHMT&id=e1WO5yj6TJiaqwKRCsS-oQ

43 B
556 B

35ms
35ms

Image
image/gif

52.95.115.255

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://aax-eu.amazon-adsystem.com/s/ecm3?ex=rubiconprojectHMT&id=e1WO5yj6TJiaqwKRCsS-oQ

Protocol

HTTP/1.1

Server

52.95.115.255 -, , ASN (),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 19 May 2022 15:32:24 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: T3HQVDG4Y91YGRQKMZWZ
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Location: https://aax-eu.amazon-adsystem.com/s/ecm3?ex=rubiconprojectHMT&id=e1WO5yj6TJiaqwKRCsS-oQ
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 611afce88997db6fdd35eb213e662871
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H2

502

uS1XrwdxNlmirCOxRdQ46A
pr-bh.ybp.yahoo.com/sync/rubicon/ Frame 2949
Redirect Chain

https://token.rubiconproject.com/token?pid=2974&pt=n&a=1
https://pr-bh.ybp.yahoo.com/sync/rubicon/uS1XrwdxNlmirCOxRdQ46A?csrc=

0
0

34ms
31ms

Image
text/html

2a05:d018:d29:3601:cc00:50b5:a5a9:66b7
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pr-bh.ybp.yahoo.com/sync/rubicon/uS1XrwdxNlmirCOxRdQ46A?csrc=
Protocol: H2
Server: 2a05:d018:d29:3601:cc00:50b5:a5a9:66b7 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Redirect headers

Location: https://pr-bh.ybp.yahoo.com/sync/rubicon/uS1XrwdxNlmirCOxRdQ46A?csrc=
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 78e3bdce5107450057bade54d54a0a7e
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H2 200 rubicon
match.adsrvr.org/track/cmf/ Frame 2949 70 B
264 B 32ms
30ms Image
image/gif 52.223.40.198
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/rubicon
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.223.40.198 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 19 May 2022 15:32:24 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H/1.1

204
No Content

tap.php
pixel.rubiconproject.com/ Frame 2949
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc
https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEA-vxA33qiFyP7Msrr2d6O0&google_cver=1

0
239 B

10ms
9ms

Image
image/gif

69.173.144.139
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEA-vxA33qiFyP7Msrr2d6O0&google_cver=1
Protocol: HTTP/1.1
Server: 69.173.144.139 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: 611afce88997db6fdd35eb213e662871
Content-Type: image/gif

Redirect headers

pragma: no-cache
date: Thu, 19 May 2022 15:32:24 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEA-vxA33qiFyP7Msrr2d6O0&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 326
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 451 709414.gif
id.rlcdn.com/ Frame 2949 0
0 109ms
39ms Image
text/plain 35.244.174.68

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://id.rlcdn.com/709414.gif
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.174.68 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

GET
H2

204

v1
ads.yahoo.com/cms/ Frame 2949
Redirect Chain

https://token.rubiconproject.com/token?pid=26594
https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=L3D68PZ7-J-E3U1&sigv=1&esig=2~7db51d16fcea296bf62361255bef3d0ccd2e8185

0
194 B

73ms
20ms

Image
text/plain

2a00:1288:80:807::1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=L3D68PZ7-J-E3U1&sigv=1&esig=2~7db51d16fcea296bf62361255bef3d0ccd2e8185

Protocol

Server

2a00:1288:80:807::1 -, , ASN (),

Reverse DNS

Software

ATS /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 19 May 2022 15:32:24 GMT
cache-control: no-store
x-content-type-options: nosniff
server: ATS
strict-transport-security: max-age=15552000
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-xss-protection: 1; mode=block

Redirect headers

Location: https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=L3D68PZ7-J-E3U1&sigv=1&esig=2~7db51d16fcea296bf62361255bef3d0ccd2e8185
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 78e3bdce5107450057bade54d54a0a7e
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H/1.1

200
OK

ecm3
s.amazon-adsystem.com/ Frame 2949
Redirect Chain

https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=
https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=&dcc=t
https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=3sfqawbURzKCM0ffXxHZCg&rk=usync-na
https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=3sfqawbURzKCM0ffXxHZCg

43 B
556 B

105ms
105ms

Image
image/gif

209.54.177.54

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=3sfqawbURzKCM0ffXxHZCg

Protocol

HTTP/1.1

Server

209.54.177.54 -, , ASN (),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 19 May 2022 15:32:24 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: XQH5P1ZTM5T5SAD6DJ8Q
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Location: https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=3sfqawbURzKCM0ffXxHZCg
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 611afce88997db6fdd35eb213e662871
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H/1.1 204
No Content sync.php
pixel.rubiconproject.com/exchange/ Frame 3A01 0
239 B 8ms
7ms Image
image/gif 69.173.144.139
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/exchange/sync.php?p=gumgum&khaos=L3D68PZ7-J-E3U1
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 69.173.144.139 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: 611afce88997db6fdd35eb213e662871
Content-Type: image/gif

POST
H/1.1 200
OK st Show response
capi-tier-1-us-east-2.connatix.com/tr/ Frame 5A63 0
315 B 107ms
107ms XHR
application/x-protobuf 3.18.237.195
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://capi-tier-1-us-east-2.connatix.com/tr/st?v=163173
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.18.237.195 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-18-237-195.us-east-2.compute.amazonaws.com
Software: Kestrel /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type: multipart/form-data

Response headers

date: Thu, 19 May 2022 15:32:23 GMT
content-encoding: gzip
server: Kestrel
vary: Accept-Encoding
content-type: application/x-protobuf
access-control-allow-origin: https://threatpost.com
access-control-allow-credentials: true
Connection: keep-alive
Content-Length: 20

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame 7292 0
747 B 13ms
13ms Script
text/html 185.33.220.100
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.220.100 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

399.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 19 May 2022 15:32:24 GMT
X-Proxy-Origin: 185.213.155.162; 185.213.155.162; 399.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid: e0837835-6ec2-44dc-82bf-b4d419fe6382
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: sync.adotmob.com
URL: https://sync.adotmob.com/cookie/smart?r=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D66%26partneruserid%3D%7Bamob_user_id%7D&gdpr=0&gdpr_consent=

Verdicts & Comments Add Verdict or Comment

417 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

87 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.3lift.com/sync	1970-01-20 05:19:10	Name: sync Value: CgoIoQEQy6zL540wCgoIgQIQy6zL540wCgoIkQIQy6zL540wCgoI5gEQy6zL540wCgoIhwIQy6zL540wCgkICRDLrMvnjTAKCQg6EMusy-eNMAoJCAsQy6zL540wCgoIjAIQy6zL540wCgkIXxDLrMvnjTA=
.threatpost.com/	1970-01-20 03:09:36	Name: _cs_mk Value: 0.3646358988004579_1652974337538
.demdex.net/	1970-01-20 07:28:46	Name: demdex Value: 05541802692311294312005650498476980360
.threatpost.com/	1969-12-31 23:59:59	Name: AMCVS_983502BE532960BE0A490D4C%40AdobeOrg Value: 1
.everesttech.net/	1970-01-20 11:55:10	Name: everest_g_v2 Value: g_surferid~YoZjAQAAALEWpANn
.dpm.demdex.net/	1970-01-20 07:28:46	Name: dpm Value: 05541802692311294312005650498476980360
.threatpost.com/	1970-01-20 03:11:00	Name: _gid Value: GA1.2.856756243.1652974338
.threatpost.com/	1970-01-20 03:09:34	Name: _gat_UA-35676203-21 Value: 1
.twitter.com/	1970-01-20 20:40:46	Name: personalization_id Value: "v1_lzVO0VA7o6Tu2PL3r5H9Hg=="
.t.co/	1970-01-20 20:40:46	Name: muc_ads Value: 903fd96c-987b-44ca-a476-a23d00c81a6e
.threatpost.com/	1970-01-20 20:42:12	Name: AMCV_983502BE532960BE0A490D4C%40AdobeOrg Value: 1585540135%7CMCIDTS%7C19132%7CMCMID%7C07144512937268953731553571648394467026%7CMCAAMLH-1653579137%7C6%7CMCAAMB-1653579137%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1652981537s%7CNONE%7CMCAID%7CNONE%7CMCSYNCSOP%7C411-19139%7CvVersion%7C4.4.0
.rubiconproject.com/	1970-01-20 11:55:10	Name: khaos Value: L3D68PZ7-J-E3U1
.rubiconproject.com/	1970-01-20 11:55:10	Name: audit Value: 1\|naVuGyos1qrdRYF4L++qyz5APvdogVCbaTd6KyMQnau0RTcz8e+19QCemmpNo85/b05ecXDiI+jhlI2uKWkDtsxuhZpbWKLtINWY3Pa16NE=
.serverbid.com/	1970-01-20 03:31:10	Name: CONSUMABLEID Value: 7f6a115ebf8c4d4baa115ebf8ccd4b6b
.quantserve.com/	1970-01-20 12:39:48	Name: mc Value: 62866302-2a18b-31253-51358
threatpost.com/	1970-01-20 03:52:46	Name: _pbjs_userid_consent_data Value: 6683316680106290
.threatpost.com/	1970-01-20 07:28:46	Name: _pubcid Value: 5edeaf1b-ba1b-4b09-8018-3988ffe3c012
.threatpost.com/	1970-01-20 12:34:03	Name: __qca Value: P0-811363546-1652974338152
prebid.a-mo.net/	1970-01-20 11:55:10	Name: __amc Value: 1_1652974338_1652974338
.openx.net/	1970-01-20 11:55:10	Name: i Value: 5edeaf1b-ba1b-4b09-8018-3988ffe3c012\|1652974338
.threatpost.com/	1970-01-20 03:09:34	Name: _gat_UA-63997723-2 Value: 1
threatpost.com/	1970-01-21 03:09:34	Name: CookieConsent Value: {stamp:229926106=='\|Cnecessary:true\|Cpreferences:true\|Cstatistics:true\|Cmarketing:true\|Cver:1\|Cutc:1882834892\|Cregion:'not_gdpr'}
threatpost.com/	1970-01-20 11:55:10	Name: usprivacy Value: 1---
.threatpost.com/	1970-01-20 05:19:10	Name: _gcl_au Value: 1.1.1053594478.1652974339
.threatpost.com/	1970-01-20 20:40:46	Name: _ga_YP1JLG57CH Value: GS1.1.1652974338.1.0.1652974338.0
.threatpost.com/	1970-01-20 20:40:46	Name: _ga Value: GA1.1.831842569.1652974338
.linkedin.com/	1970-01-20 03:52:46	Name: UserMatchHistory Value: AQLjS3wgLNUqhgAAAYDc8sMtzLD3gOTj7x1jBaDTeMH-PxTNDnx2glrfvbU4f8YnHnOR-T-CHFPtbw
.linkedin.com/	1970-01-20 03:52:46	Name: AnalyticsSyncHistory Value: AQIXa1FW1Va1KgAAAYDc8sMtEKm3fNyfr6nDrvNwO-zC7IhdrSXeSGFDD9WPrj7Ee1vzGd8kM3pVdL333LV45A
.ads.linkedin.com/	1969-12-31 23:59:59	Name: lang Value: v=2&lang=en-us
.linkedin.com/	1970-01-20 20:41:28	Name: bcookie Value: "v=2&25c3653c-b731-4638-8eb6-4cfa05897953"
.linkedin.com/	1970-01-20 03:11:00	Name: lidc Value: "b=OGST02:s=O:r=O:a=O:p=O:g=2674:u=1:x=1:i=1652974338:t=1653060738:v=2:sig=AQENK-NM-te9pF8a0hQkHb1QIXGYTxn7"
.threatpost.com/	1969-12-31 23:59:59	Name: s_cc Value: true
.linkedin.com/	1969-12-31 23:59:59	Name: lang Value: v=2&lang=de-de
.www.linkedin.com/	1970-01-20 20:41:28	Name: bscookie Value: "v=1&20220519153219a1f62442-6d4c-4dd5-8505-9ab50ec26906AQFay-WUaC2IFvkjA-wX3W1exx9qOlSt"
.linkedin.com/	1970-01-20 20:30:47	Name: li_gc Value: MTswOzE2NTI5NzQzMzk7MjswMjGkpTwGPRUye3BzJc6X9N3XNaJCirF/cKR7SM/9OKaHQA==
.threatpost.com/	1970-01-20 12:31:10	Name: __gads Value: ID=08c70077808715af-2260c7e798cd00af:T=1652974338:S=ALNI_Mby-6_C-QmfUFgy4OTCiEQRceeLqw
.doubleclick.net/	1970-01-20 12:31:10	Name: IDE Value: AHWqTUkZbWgfWaTiXHBKAP_XRSM_45AABh3DMpkLiVhNIOVFhgYdJnQ_wrRe-rIr9W0
.casalemedia.com/	1970-01-20 11:55:10	Name: CMID Value: YoZjBB5Gz2Mr607LjzNzCQAA
.casalemedia.com/	1970-01-20 05:19:10	Name: CMPS Value: 3267
.casalemedia.com/	1970-01-20 05:19:10	Name: CMPRO Value: 1111
.doubleclick.net/	1970-01-20 03:09:37	Name: DSID Value: NO_DATA
.openx.net/	1970-01-20 03:31:10	Name: pd Value: v2\|1652974341\|gekin0vNiygu
.mathtag.com/	1970-01-20 12:35:29	Name: uuid Value: 69836286-6304-4200-a654-13da65e66f4a
.adform.net/	1970-01-20 03:54:12	Name: C Value: 1
.adnxs.com/	1970-01-20 05:19:10	Name: uuid2 Value: 4428542190750113826
.threatpost.com/	1970-01-20 12:31:10	Name: cto_bundle Value: L26HYF82Z3B3NiUyRlc1eVBpbEo4a1Y5Wm0xZDhmRDBSdndyNXhiVmR1Y1VpOGVaTDYySkdDTDJ1QVAxJTJCV1FDS3lPT3ROQTlHUmlXVk5LOUZBNXNadzhrUjhlcVRPSDclMkI5OWUwSHBad1NFekcxZTdaTDk5Q2ZYMDg0NWkzTkhRdGJUT3k1bQ
.threatpost.com/	1970-01-20 12:31:10	Name: cto_bidid Value: XpgEj19qenpmenlXMGh1aHZHeG9GQzV5N1RGRmN5dXFsaVZIYzFQeGRJRnkxb0JjS3NaM3AwdmhoSUp3dUpNSW9nTVIzSXdTOHZENGlXb0tjWFFQNlgyMGxRZyUzRCUzRA
.adform.net/	1970-01-20 04:35:58	Name: uid Value: 4740624511943531446
.3lift.com/	1970-01-20 05:19:10	Name: tluid Value: 994320522538818905947
.casalemedia.com/	1970-01-20 03:11:00	Name: CMST Value: YoZjBGKGYwcA
.advertising.com/	1970-01-20 11:56:36	Name: APID Value: UPe15e7214-d788-11ec-a421-068f2ada2e5e
.casalemedia.com/	1970-01-20 11:55:10	Name: CMRUM3 Value: 056286630705a0&406286630705a0&ce6286630705a0&27628663070b40&2e6286630705a0&e6628663072760&bc6286630705a00&f16286630705a0&2d6286630405a0CAESEEiaC_JQ2frrLxWEJ-s2-H0
.yahoo.com/	1970-01-20 11:55:31	Name: A3 Value: d=AQABBAdjhmICEFTYN2qPMfH68e3ZC34qAkQFEgEBAQG0h2KQYgAAAAAA_eMAAA&S=AQAAApQuUqfnn8-Tf7pj4hiZDdQ
.servenobid.com/	1970-01-20 03:19:39	Name: pid_312 Value: 4428542190750113826
.analytics.yahoo.com/	1970-01-20 11:55:10	Name: IDSYNC Value: 196n~24z3
.servenobid.com/	1970-01-20 03:19:39	Name: pid_333 Value: YoZjBB5Gz2Mr607LjzNzCQAABFcAAAAB
.rfihub.com/	1970-01-20 12:31:10	Name: rud Value: H4sIAAAAAAAAAOMSNjU0NjY2sjQ1MjQyNTQwNzExNRbiM9QNSo53C8woMsw2KnSW4jU0MzWyNDcxNjG2sDAHALKXoVE0AAAA
.rfihub.com/	1970-01-20 12:31:10	Name: eud Value: H4sIAAAAAAAAADslzmtoZmpkaW5ibGJsYWEOABYk7_YQAAAA
.rfihub.com/	1969-12-31 23:59:59	Name: ruds Value: H4sIAAAAAAAAAOMSNjU0NjY2sjQ1MjQyNTQwNzExNRbiM9QNSo53C8woMsw2KnQGAF6QyvQlAAAA
.lijit.com/	1970-01-20 11:55:10	Name: ljt_reader Value: EqtEqRZHv1CWWl6EQey_Zr-v
.gumgum.com/	1970-01-20 11:55:10	Name: vst Value: e_d950cf45-c81e-4d14-a7a4-e012b158c072
.servenobid.com/	1970-01-20 03:19:39	Name: pid_337 Value: y-QxUHxpJE2uHkaTGCjsXWXcOICgzYvO4T2VxxBoQ-~A
.a-mo.net/	1970-01-20 11:55:10	Name: amuid2 Value: 440bd644-5094-4cb1-80aa-73130f3c5a38
.prebid.a-mo.net/	1970-01-20 11:55:10	Name: sd_amuid2 Value: 440bd644-5094-4cb1-80aa-73130f3c5a38
.servenobid.com/	1970-01-20 03:19:39	Name: pid_324 Value: 5133329521251074453
.bidswitch.net/	1970-01-20 11:55:10	Name: tuuid Value: 4ba7c650-1e0f-4411-8e2f-ba7bf77b04bf
.bidswitch.net/	1970-01-20 11:55:10	Name: c Value: 1652974343
.bidswitch.net/	1970-01-20 11:55:10	Name: tuuid_lu Value: 1652974343
.servenobid.com/	1970-01-20 03:19:39	Name: pid_321 Value: OPTOUT
.lijit.com/	1970-01-20 11:55:10	Name: _ljtrtb_273657 Value: 273657
.emxdgt.com/	1970-01-20 03:52:46	Name: euid Value: 289211652974343931273f1
.servenobid.com/	1970-01-20 03:19:39	Name: pid_309 Value: e_d950cf45-c81e-4d14-a7a4-e012b158c072
.servenobid.com/	1970-01-20 03:19:39	Name: pid_327 Value: 440bd644-5094-4cb1-80aa-73130f3c5a38
.servenobid.com/	1970-01-20 03:19:39	Name: pid_310 Value: EqtEqRZHv1CWWl6EQey_Zr-v
.smartadserver.com/	1970-01-20 12:39:48	Name: pid Value: 9034727109210916018
.emxdgt.com/	1970-01-20 03:52:46	Name: eapn_id Value: 4428542190750113826
.creativecdn.com/	1970-01-20 11:55:10	Name: u Value: MXU6CFn77sThbZKvmnVX
.creativecdn.com/	1970-01-20 11:55:10	Name: ts Value: 1652974343
.quantserve.com/	1970-01-20 05:19:10	Name: d Value: EDcBEwGWJoqsMP3-kQA
.servenobid.com/	1970-01-20 03:19:39	Name: pid_317 Value: 9034727109210916018
.sportradarserving.com/	1970-01-20 11:55:10	Name: zuuid Value: a27a796e-9d3b-4a38-8de3-5487f708977d
.sportradarserving.com/	1970-01-20 11:55:10	Name: c Value: 1652974344
.sportradarserving.com/	1970-01-20 11:55:10	Name: zuuid_lu Value: 1652974344
.360yield.com/	1970-01-20 05:19:10	Name: tuuid Value: 89f917cc-dde4-449b-9d10-f4f57928626c
.360yield.com/	1970-01-20 05:19:10	Name: tuuid_lu Value: 1652974344
.sportradarserving.com/	1970-01-20 11:55:10	Name: zuuid_k Value: 1
.sportradarserving.com/	1970-01-20 11:55:10	Name: zuuid_k_lu Value: 1652974344

29 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	warning	URL: https://cdn.ampproject.org/rtv/012204292129000/v0/amp-ad-exit-0.1.mjs(Line 1) Message: Unrecognized feature: 'attribution-reporting'.
other	warning	URL: https://cdn.ampproject.org/rtv/012204292129000/v0/amp-ad-exit-0.1.mjs(Line 1) Message: Unrecognized feature: 'attribution-reporting'.
security	error	URL: https://qd.admetricspro.com/js/threatpost/uspcmp.js(Line 7) Message: Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://threatpost.com') does not match the recipient window's origin ('https://js-sec.indexww.com').
security	error	URL: https://qd.admetricspro.com/js/threatpost/uspcmp.js(Line 7) Message: Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://threatpost.com') does not match the recipient window's origin ('https://js-sec.indexww.com').
security	error	URL: https://qd.admetricspro.com/js/threatpost/uspcmp.js(Line 7) Message: Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://threatpost.com') does not match the recipient window's origin ('https://ads.pubmatic.com').
security	error	URL: https://qd.admetricspro.com/js/threatpost/uspcmp.js(Line 7) Message: Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://threatpost.com') does not match the recipient window's origin ('https://ads.pubmatic.com').
security	error	URL: https://qd.admetricspro.com/js/threatpost/uspcmp.js(Line 7) Message: Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://threatpost.com') does not match the recipient window's origin ('https://ads.pubmatic.com').
security	error	URL: https://qd.admetricspro.com/js/threatpost/uspcmp.js(Line 7) Message: Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://threatpost.com') does not match the recipient window's origin ('https://js-sec.indexww.com').
security	error	URL: https://qd.admetricspro.com/js/threatpost/uspcmp.js(Line 7) Message: Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://threatpost.com') does not match the recipient window's origin ('https://eus.rubiconproject.com').
network	error	URL: https://ib.adnxs.com/prebid/setuid?bidder=triplelift_native&gdpr=1&gdpr_consent=&uid=994320522538818905947 Message: Failed to load resource: the server responded with a status of 400 (Request failed due to privacy signals)
security	error	URL: https://qd.admetricspro.com/js/threatpost/uspcmp.js(Line 7) Message: Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://threatpost.com') does not match the recipient window's origin ('https://ads.pubmatic.com').
security	error	URL: https://qd.admetricspro.com/js/threatpost/uspcmp.js(Line 7) Message: Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://threatpost.com') does not match the recipient window's origin ('https://ads.pubmatic.com').
network	error	URL: https://pr-bh.ybp.yahoo.com/sync/triplelift/994320522538818905947?gdpr=1&gdpr_consent= Message: Failed to load resource: the server responded with a status of 502 ()
security	error	URL: https://qd.admetricspro.com/js/threatpost/uspcmp.js(Line 7) Message: Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://threatpost.com') does not match the recipient window's origin ('https://ads.pubmatic.com').
network	error	URL: https://pr-bh.ybp.yahoo.com/sync/gumgum?gdpr=0&gdpr_consent= Message: Failed to load resource: the server responded with a status of 502 ()
network	error	URL: https://secure.adnxs.com/getuid?https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=$UID&gdpr=1 Message: Failed to load resource: the server responded with a status of 400 (Request failed due to privacy signals)
security	error	URL: https://qd.admetricspro.com/js/threatpost/uspcmp.js(Line 7) Message: Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://threatpost.com') does not match the recipient window's origin ('https://eus.rubiconproject.com').
network	error	URL: https://pr-bh.ybp.yahoo.com/sync/rubicon/uS1XrwdxNlmirCOxRdQ46A?csrc= Message: Failed to load resource: the server responded with a status of 502 ()
network	error	URL: https://id.rlcdn.com/709414.gif Message: Failed to load resource: the server responded with a status of 451 ()
javascript	warning	URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/ Message: The resource https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-500italic-webfont.woff2 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript	warning	URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/ Message: The resource https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-900-webfont.woff2 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript	warning	URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/ Message: The resource https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-100italic-webfont.woff2 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript	warning	URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/ Message: The resource https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-700-webfont.woff2 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript	warning	URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/ Message: The resource https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-700italic-webfont.woff2 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript	warning	URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/ Message: The resource https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-500-webfont.woff2 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript	warning	URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/ Message: The resource https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-100-webfont.woff2 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript	warning	URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/ Message: The resource https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-900italic-webfont.woff2 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript	warning	URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/ Message: The resource https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-300italic-webfont.woff2 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript	warning	URL: https://threatpost.com/malformed-url-prefix-phishing-attacks-spike-6000/164132/ Message: The resource https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-300-webfont.woff2 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

94694d7dfe1d753cb61d8d1ee7ab1d24.safeframe.googlesyndication.com
9582686.fls.doubleclick.net
a.sportradarserving.com
aax-eu.amazon-adsystem.com
acdn.adnxs.com
ad.360yield.com
ad4m.at
ads.pubmatic.com
ads.servenobid.com
ads.yahoo.com
adservice.google.com
adservice.google.de
analytics.twitter.com
ap.lijit.com
assets.threatpost.com
b1sync.zemanta.com
bh.contextweb.com
btlr.sharethrough.com
bttrack.com
c.amazon-adsystem.com
c1.adform.net
c2shb.pubgw.yahoo.com
c2shb.ssp.yahoo.com
capi-tier-1-us-east-2.connatix.com
capi.connatix.com
cd.connatix.com
cdn.ampproject.org
cdn.id5-sync.com
cds.connatix.com
ce.lijit.com
cm.everesttech.net
cm.g.doubleclick.net
creativecdn.com
cs.emxdgt.com
dpm.demdex.net
dsum-sec.casalemedia.com
e.serverbid.com
eb2.3lift.com
eu-u.openx.net
eus.rubiconproject.com
fastlane.rubiconproject.com
g2.gumgum.com
geo.ipify.org
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
gum.criteo.com
hbopenbid.pubmatic.com
htlb.casalemedia.com
ib.adnxs.com
id.rlcdn.com
id5-sync.com
imasdk.googleapis.com
img.connatix.com
ins.connatix.com
js-sec.indexww.com
kaspersky.d3.sc.omtrdc.net
kaspersky.demdex.net
kasperskycontenthub.com
match.adsrvr.org
match.deepintent.com
media.kaspersky.com
media.threatpost.com
mp.4dex.io
mug.criteo.com
onetag-sys.com
p.rfihub.com
pagead2.googlesyndication.com
pixel-sync.sitescout.com
pixel.33across.com
pixel.advertising.com
pixel.quantserve.com
pixel.rubiconproject.com
pr-bh.ybp.yahoo.com
prebid.a-mo.net
public.servenobid.com
px.ads.linkedin.com
px4.ads.linkedin.com
qd.admetricspro.com
rtb-csync.smartadserver.com
rtb.adentifi.com
rtb.gumgum.com
rules.quantcount.com
s.ad.smaato.net
s.amazon-adsystem.com
s0.2mdn.net
script.4dex.io
secure-assets.rubiconproject.com
secure.adnxs.com
secure.cdn.fastclick.net
secure.quantserve.com
securepubads.g.doubleclick.net
snap.licdn.com
ssbsync.smartadserver.com
ssum-sec.casalemedia.com
stags.bluekai.com
static.ads-twitter.com
stats.g.doubleclick.net
sync-tm.everesttech.net
sync.1rx.io
sync.adotmob.com
sync.go.sonobi.com
sync.ipredictive.com
sync.mathtag.com
sync.outbrain.com
sync.serverbid.com
sync.srv.stackadapt.com
sync.technoratimedia.com
t.co
tag.1rx.io
tagan.adlightning.com
teachingaids-d.openx.net
tg.socdm.com
threatpost.com
tlx.3lift.com
token.rubiconproject.com
tpc.googlesyndication.com
u.openx.net
ups.analytics.yahoo.com
us-u.openx.net
usersync.gumgum.com
vid.connatix.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
www.linkedin.com
x.bidswitch.net
x.serverbid.com
x.yieldlift.com
sync.adotmob.com
104.111.215.191
104.244.42.133
104.244.42.67
124.146.215.49
13.107.43.14
13.36.218.177
141.95.98.66
142.250.186.98
142.251.36.98
145.40.89.200
151.101.193.108
151.101.194.137
151.101.2.137
151.101.2.49
159.89.246.130
172.217.16.130
172.217.18.102
178.162.133.149
178.250.2.146
18.159.49.182
18.185.246.45
18.195.155.181
185.184.8.90
185.29.132.241
185.33.220.100
185.64.189.112
185.85.15.23
185.86.137.122
185.86.137.132
192.132.33.46
193.0.160.129
193.122.128.135
198.148.27.140
199.232.136.157
209.54.177.54
213.19.147.42
213.19.147.44
216.52.2.19
23.205.235.133
23.206.210.112
23.32.59.34
23.75.240.210
2600:9000:2057:1a00:1b:5138:8a40:93a1
2600:9000:2057:6400:2:9275:3d40:93a1
2600:9000:206f:da00:6:44e3:f8c0:93a1
2600:9000:214f:c400:0:5c46:4f40:93a1
2602:803:c003:200::61
2606:4700:20::681a:ad1
2606:4700:20::ac43:4bf1
2606:4700:3030::ac43:cf70
2606:4700::6812:372
2620:116:800d:21:8c6e:cf2c:8d6:9fb5
2620:1ec:21::14
2620:1ec:46::44
2a00:1288:80:807::1
2a00:1450:4001:802::2001
2a00:1450:4001:802::200e
2a00:1450:4001:803::2002
2a00:1450:4001:809::200a
2a00:1450:4001:80e::2001
2a00:1450:4001:80e::2002
2a00:1450:4001:80f::2002
2a00:1450:4001:811::2002
2a00:1450:4001:813::2002
2a00:1450:4001:813::2004
2a00:1450:4001:828::2003
2a00:1450:4001:829::2006
2a00:1450:4001:829::2008
2a00:1450:4001:82a::2001
2a00:1450:4001:831::2003
2a00:1450:400c:c06::9d
2a02:2638::1c
2a02:26f0:3500:16::215:14a0
2a05:d018:d29:3601:cc00:50b5:a5a9:66b7
3.121.250.45
3.126.56.137
3.18.237.195
34.241.55.221
34.247.205.196
34.248.76.8
34.249.126.234
34.98.64.218
35.157.236.110
35.157.246.167
35.157.93.81
35.173.160.135
35.244.174.68
37.157.2.237
38.91.45.7
46.105.202.126
51.89.9.252
52.18.151.34
52.210.138.219
52.223.40.198
52.31.67.18
52.51.122.227
52.95.115.255
54.159.94.231
54.226.216.14
54.236.74.72
54.81.207.173
64.140.160.2
64.202.112.127
65.9.63.123
65.9.66.173
66.155.71.149
67.202.105.23
69.173.144.139
69.173.144.165
69.192.160.199
69.192.160.245
70.42.32.191
72.251.249.13
76.223.111.18
99.86.7.95
0008046080d169551ea7110d182ceabcaebe8c8e3a0eda405d809580d24ba06b
0340e47a052358849c251cc81c5ba45672719b26527d3422c70fcc3336048124
0351eef55e48244d3adae2b701dc82e6696074e872889aa2b4587448a2339671
038fc4d49a9191d416d49841f371b6e0b06bb40f719124099d40fe8f393b9e2c
03cc687f0c8a2d1694e509b91fcd6c62c0fbdbdbdb850b8007b8052f649c7f77
05a58707d25ec9885faf81f026410f37d3757c0689d56b7ec1fc8b2f9cffb9d1
066fc3ce045361bba8240f583393178cdedced02f8d4bb917c2d3f0520032564
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
06fc565587b8b700936a1677218cb269a6cc31ca5f701eb45461e86a3d54d5c7
0a2e01748ee79c6531172bb557d674888024e954cf08d8438310e08d24972ef1
0b6d64335ce4d54221edf2500663a9fca03081bfa7711e4dd4fa69b031255bd5
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0e662837b334f92da2bc3e9a7e365807c4ffe3977beaa87d2b94aeec4956b09c
0f01586ab1ad8c1dd226304cb96b08da97308247347865911da73bbbe90dabe2
1030fc8851425c20e532acd288aa03d709507bcd3d55367f980d55de309ead68
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
138fecc510e20ba15dad7fdbb18831cf9dd3b0c791d7ba31e11a412711f61ee1
14f2ec002b176e0dee403cb7dd4ef2274a1353080e1e3e4084678770f4c15b9c
151ca0dbdad0610cbb5b206a106dd32b5a5915325c96ec690652e0e47abf8465
1791bf831c158912a11ca40bcf5f3573fc54ec8f8343c37780dab679c0203d63
17aee1fe3d7d16e647b97f568230c2ff36c1855ce35ce930c26aec5d2c58eaf4
1909b2a83fd41494d94862c4323944d9d0aa1f1e653f252ea5a73fc5944308b0
1ae61ed61290f9bf2619f52667aafa622c805072c75765025f0b61a23862005f
1bb584045b2dcfac0d456cc2f2fafb51e7538a1cadf025b20c350dc73617b4cc
1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4
222993cdf8e48181408c34eba8f3a4402d1b8cc978c018e21838606275d59df0
22c90613db09ef65c964b143e6adbe584b42eae85c9b7a75fa27c22b25cccb90
2762c6088c02311caab26761624e06702395069bcb2cd7dd7864fb0fa1c50d90
27e6e3335c696a746bd9a6af65d59507d9861ac0b9a48675a387256c27c1ca73
28f18d39406a4b70dfa6cd479fe03f7ed918ca5c05cee26b87d9e1626cea1ed9
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
2bbfaded57d0e8461b1093cdf7d054ea70737cc246729db66f153d7f73c9522f
2de77164bb9924542e1dea4ee4a0ff27d40b51a3d7939dac7db11a95045c9b7d
2e9f9acb9fcd7462c27a0ae34a0270b1c59e8120302a11bbfbe607ca0359c7d1
30b37635a5c22e5edf4ed8e71b422183a8d682d975bba08a197b5f48227f8487
31cb9ddfefceef53f1de29fc79ec378b5b816eb60495eeb5476e02f379306116
324ec5e0c3d51fb0e8a612ec7e14c57f22f52f293fc0d10eac04f800d7b6d326
35710df3c9cf3ed611809bce437cce9674307cd6a1ae2027a0e3f30ec1008ddb
35d962f44b1208c783395315f2793914f30a7df4aed795e62885e30675532830
36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1
37a31642af0a7fe695ed0fd68a06a55af44e854d083dc7f5d0e70535f0189ae0
39af7c1116fb967a330e8770f775e6b5ee871add01ed45c98a1634911cebfb0a
3bb2621a4c0c710f6e78404473aebff8e115a28f8d53f44339b867c63ad93b26
3d0b7814cbba56477f913825cd66f1a73cb692b4fc3ded86383529ed8d3eb279
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd
3dcf83db83d5857d4a1065397e57ce872deaa98188cf855f2a7a712a5fa509b2
3e9eefb59277748bb91f68907a4ddbc3d5ff18307fb8af50285f925427145afd
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390
411a8ae4e9c823011e6f526f20d2b75f7df34203460c5af36470331dd3eda4bd
41b56530c0fd096b5fee847014b2c02531a999cb5a11a3aa82e578448ee06838
41c723ee718d6ebd761c45ec1764ba9f5d9408483af721b2218f79bca904d769
42bd99c9d9c85bebd6419be0bc7cab4bbdd98f3743d9c0bf7e3e62cd627cb581
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
45ddc09b0ad6ab916bd9a0282070b161045e186fc025303f4aa1aa821fc45ac7
4658e1122a2190db712f6731d3e8c14b027f0a42bd7c1333b11d272f8e9ea3fd
4823c011e4b4cb4b7f35ced3ab09d57215ee243676d9bfcc24d10ec77d3db398
4b2db620bb70ef284e58c422a683839bf83d63a39851053bf5d873438b3c70dd
4d52f37b83f70c5035632548c652508d793eec55e17f2ac19552f4fa19d323be
4de8cdc3d2f5f0f4de8ff6608042b226d50eb30c26fea8bd3fb6e41aa0a3efd4
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4e0b5563ff1fc5175d65e11e1546bee1945486d65d76c9248bdd77487532dadf
500288356853c7199a27a6a2cdcd14b217d18dd9c8103272d8e6def6acbe2580
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
506d565f94cecbb486394c545a96e8459217f8d045496b511e8c815142abfc70
519815bc4a3dd9a571cb56f57c7c6abfbda2b4e2de8c4b884a7535a1705438f2
5232056dc8a22734e95ac2a205b7ccdec0416eba47e4234cb9113f1443a6d33c
546be401414bcb20cdea07cdbcd806409b9629e4895737e214401948c40409f3
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
562a8a15e1881723d0fa7826cbaf1ca561428ab33b7ef214b6894449e9a76a34
5a7ed822968963e31d88424c96387ad9f4fd4f4b5a5b581a33f65e3784d162cf
5b810f32637529eef8bf7d84d7bad34822bec2550fa43eae243eaaa6a2f54a01
5ba644f0fddbedd145f222319852b63c370c3cb827de34c21e5f0823e6d33057
5de89a6a87a2ad053db5b4f25a75dc7286b87ac559959e08f38dbc964fb0cd92
5e28c84350d366bdfe2f975b140ff03da2914afad19d8d72f93626714bbee238
5ee2a16d4f8f9629ae75e0f94473f8601a4e0bf9527ba4467a094926e0947505
6071600aa19773525efd4442285dd47099627b02e78b66c993ba4fcef3a74a7d
61a4a83ec405dc0c1f5d350301d60240ac9023d53d43749ec1a86cf34d482306
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
61dddc1203ed2ce7ca732ec6c56907ce208cf6397ee915561a4f984c9b05e4a7
62cbf085d014439b719c84c3d2f3222fde66e299c2da1b41dfc4dbb315db0456
6493fe707262fb8d9bc0e4d487e319fc9ebe7de26ebe7e3b4f58a5d17f03a9ea
65ac8994c1c17920b580a1d55d69bd021a3f35fba06c228f47733751a18d2a16
68c517dfcdaded08f308c9a19b2be3f967b7988e08ce0551cf974d3939b2b649
68cdaaeccd079ab33df06d3e5fb47594a4458a6491d48a8ae2f394defb419eb5
693c8b61667ac94847264924178702a190c5113b41b82085dad0641f89e3f864
69f0ade8cca67112ef495f707fb73c68fd5099a6cd9c51d9ba9ceda8dcca16f7
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6d1dcc2ec20f1fcc4da721da7c0d3fdd5e26107bbe5712cef0482909d3573c8f
6e6377776a1104aed9b11142115b22dcaad3cf78ae76d255e454b04b7189af32
7104f88840a420f1702717d900db98910deb6141ad639bb7338b88993e989c72
723318519bbf13a89e6092f0afb088abf00cc214a50f5f6dc221d9d816b6fa0f
730fa1f3e8b3c4a223c4e69f4a27e690a4552f96ab97dba05b943dff44967658
7311e76d0df711b21ef501b880bf5c372883d7f635a020637403b830fc68fd39
739ab1cbd5fc795c806cfbc012e937834a1d566f02ed72ff02af2700c0629eb4
742106aba0be6db1086baa20c675ca18298baf0eecf4f0ad7a99111be6796446
75362920484d3a761605cafe6487770e20074acbae9bbd4c64d4a65b51cbd583
756994e8daab53b509f15a2571c7098c51bebe044a8d420d184c035a9fd30ba6
774f2434b1fe7dd4390dc990faeac81493165957972002b126e0a4d14720a194
793c1fa20d428c9cc9f0af0179d9de217c124f5d19d31c6b36878ba793bbacd2
7a3fcd53b20a6fdf183b0340f596a6431a280459adb871f43e617cecd5d57681
7a407878faf9c03e40c9ff874c82cf89267b5ebb9a266b00ca42c9b7cc9b008e
7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8
7c3b96f238042f73d0bedf5877fa02eb834e89649bbd122e2f10cc35238173cf
7e75ade51afcae47ec8dedc46bd50962ebb58b46638a69951f1f494c5052fe14
7f8e26c6e3747211b9e868590efacffe3e5fda8c33df14ea69aeb09b0270064c
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
820da3cffc20ecb5e6415a9c8b9ad752d95f815cbd1bf91fa3b4a60b7f2db856
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
8438fcae135714383f2e8b95e9a173d7dae352e433c16c07ab158e6c88c489d0
8462fa9a2573c3706c5d7d25a5c1dd7c33fa1fbe4f61f71d9e0b824144ca33a7
84679c97a2a832dd7376e931ab630d1ada748daecb36380e2cc6157ac3a2b677
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
851913072ba36e6383ee40856fa3dea9ed4c5f03b4e3effb6a3841aab3840d26
859faa9b9ed0990288b2f393a102b1fe2668ac79088b113b6f0beaee521221eb
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14
8d6580af877387b05d9ffac3ebeacfe25a7728c77adef6d9b32fd72ccbe21468
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8db22950b3f47f686f4bad6b6d21386f03a4b0b24320c6715436424e41dcda09
8edaef698e025c37ba9e8d632a895d7252c62251df3f095d5cff17b6f3304854
903eb8f1cc364e01930ba03579f049a72794aa91d1a5842a2edb6365e436bb7c
90722426ba7a5ecf33f2834d120ba26f6a5fd310e562f4a6d4bfb800173305fd
91b7f480847d8b7abc803bf66cc1b9b08bb3c55ea6452a82f4f89f6420e5a754
925485cf72cfee85c7d4314f248c2266bfaab77169e02abd39b1c0498236ba0b
927e16d837ac9f46ddb4a64c8fea1cbe39343902c91b14e11b484e9b01f98cdd
931dc539e87db7f509be9c77dfcc9b2baee0b91e5236aa04580ab14ed81e2cc0
9476350068dbd8b61373906f6d9dba49ed31ed5d64d6ee2d48da082c44a447dc
949ce08c8b86d6d986c1dd7043588e95515b6cd7f799575317d19705543d500c
97f5070aadd9475bb56a49a7bc1114e9fe1b992b55f2b227502f35f8bba71d74
9a7e2f2daef118825ab8bb58bc3cd9dbb3c83cb84772a08f6c5758d706fef173
9af5b83aa2ad1cb2666c5e3dfb7239193c9ce50e97735c594089d0b3646f3f90
a05fdfb3e658a59c3b08dc4d5787cf76826988866a1be0bac3710c7753640d1f
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a1267fb5f954298273455537282a988283137c3ebeb9bef9f99d653a0a7ccd71
a177feb9ccff0a1fc19ec94c7c7e830e5821be2ee7f231288445ceb5cef27339
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a1ebbff0b8e1de7facb36bb3311077538972139ab8170815bc2a22eef5cd7a92
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
a3e64300797e8078baa41dbc49e2affc1d2bedd04a470f0c929ed7fac698fbcd
a4350fed8ed92bbf4f462fc245028928ac33afa25d2231b28c334b91cd0d3952
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a5c819177bac52f0a8144e0d76916ad0b9e957ffc078a8608196efe5e68f732e
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
a9d2b2df99c1a115d5394c70a898d8801092208dc582f8bd6fb01b35c30d6b22
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
ae00ae9c862bc8b8923efd1d9a18befa912678a869d4dd01179a59ed3de731be
ae64c4fccf5c2dec69bcfa480b61f7a4b38af9c9effe8de5a86bd000ea88c74b
b055f87d9167caed4508e672273490e0f87e46da0f0ed563f40c0b1ffb04e880
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b1f863d13dbad7d5240f577a73b47b06227d218909259042da95301e2eb8be55
b50a9534df0f5e370e75b66b431cf97bd2513a6470ef7dbe4dfad00470b19017
b55131eaef425cb84b957a28df5881c3c83eb11ca9c01e3abccb00baf0e377b6
b713c4d60db13b6748f0e57674ff4a364c1ee805223c52786c9ce2ea8d07a8fa
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bba6d3dc344806e96f1cd26e2ef0f8cd4915dbcf17b81ec92e07e2f4e929ba78
bc14e6a1c4bc1ec5812fdd9e39afd24de372ef4bfa195e754999309553a5ad3f
c209f49366106ec532e4626d9ec2b7f9e774a480fb5dd249d10b66ad256869f5
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
c43dcf156cbf8999aad6ccc1e0d5b9b39a7675ccd02679daa1aca4503205773a
c51561f7d4e0a1cb65c516b1b8eed711f365e550bd7ef176b4bb46648f276379
c7414f8c05b9e18aab7e75a57e892004f4055aab16d56d794795f64041405429
c92ee2460b4063f46ccd0ad0e0a68d212c6b756c4a0ef3a7fdf0afe0989781b1
cb3ed48fe6e29dba4b3ed575ecd9622c4cf532cd804e4ca7670732196ef2dfa0
d0bffc7261df1454c5e05475cda7d9e6647318dc6c3936767e1252bfe8849c54
d217d238f3f2648014fb12906dca5366954ffa6256d160726190d9e0e9c8376a
d278491b1de51ad826d16be5ab27b1746999c02d45200f107218427e34eed798
d4c4215f41a4bb6f12e0d100854eecc6bc5c57ef23af0e945b8359d7727ae94e
d62a7b7ec5313469ebff5c006b9068dc44d6d1c122cf787ffa29a10113b34060
daf028afc101da7201cb211f9786b6a36f6bf60ad836dfe991306140efca2432
db18ed4dba4bf6c9e32205190da914f41205ec748f3449f4576fd85151f7ecab
dc8ae1c2826f713cc3dff20cde6078ba57bec99397f4d61dae38cd82b0f5b48c
dd48bbc4984f3f1fe65461de12627b04af07cb0d4a05e74738cc17a8d6939f31
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
e00091305dc2ea169eb02f0d88a029a6a0c8fb03dd65055217a2125e55bb180c
e01af111d3c1bd301693897bf7772b4073a2ed1aa90740a5d0c3710a4f632e3a
e0f1df7af81fd8eb920863093c426fdafd241b8d9aeb6126fb2fd24f36c061b3
e127aead57cd6625f795f8c41d8b7c463c2c50158e3a3dc398424db2b16bd5db
e20ddb9ed1fa044cb624f0253bb06b13c92ed9915063bd63a5806440c6b1ce7c
e2511b147f3cf95f742758d3e2062eac98f5265a859dc07959eb8a32f0a2f528
e2c4332b6cd0fea250e89907921adaf7e597b52808cf19c995d6173ae0263f21
e31a152db5afe5794cdff25d67ae72d640c9cd07333604dd449c64e0dd3abde7
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3b2189a23d4a2d2342476bb7c25a5a989340d5118a99ccddecc65786a55ed17
e4058d4ee9da1ceaddfa91ddb63650ba67285f1bbfee487d9dfe648bced669a0
e41e8daa16281ffd29fd501798b3545ca0b061d07db73e4b87ad7a2bf2811a06
e486d9d1ff08d6f0279dd749acbbcb702c068f32644eb7564446c51c79e9f992
e5935466216a250bb06338805b32ffb19eeda9042ead790ebc6e5dda27820adb
e8fe64429e5900c16c7f8dd7861704e2f4d38e00cbb16bc18820b46d92461389
eaa9eff7e17fe08d2ea3348b440d635c2e7691570614a9d2b49cbe965e17bd28
ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f0a4d16aad94ac27eb35c9707b8a74b3c383baaccac7d80fbd2822830c52cc18
f27f21797eb8f26ca0fd7136119d27f44082ebd32eb95f1af44ca1e371cf511c
f31e16965d5cd6d28512cff4278fc376f04b11db51b180693b290cb915ab6def
f3a6eebc7ff1d31a74d14dab4f193fc686e3a98aa7ff28c02f3c354ef1edddc9
f46b5bc59570c71d0e2fedf570e2f818372c5abfaf6c9e44a8e649e581bcaa29
f5c7dd74dcf677e5151bce045e5ebe6e61d0740b3c03f4a7828702ac65b5723f
f8a2b5b62eb722c3379b30cf0cc58d3176ee6be48036d6ad2aa838d2029c4189
fa34ff64c1412b8fca238da1a4b3b30a7f4ca91e59039857d14606c27425e62f

threatpost.com Open in urlscan Pro 35.173.160.135 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

379 Requests

85 %HTTPS

28 %IPv6

79 Domains

131 Subdomains

95 IPs

8 Countries

5826 kBTransfer

13428 kBSize

87 Cookies

8 Outgoing links

Redirected requests

379 HTTP transactions Everything HTML Script AJAX CSS Image Expand all -3 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

threatpost.com Open in urlscan Pro
35.173.160.135 Public Scan

Screenshot
Live screenshot

Full Image

379
Requests

85 %
HTTPS

28 %
IPv6

79
Domains

131
Subdomains

95
IPs

8
Countries

5826 kB
Transfer

13428 kB
Size

87
Cookies

379 HTTP transactions
-3 data transactions