urlscan.io logo urlscan.io
SecurityTrails logo

securityaffairs.co Open in urlscan Pro
2001:8d8:100f:f000::289  Public Scan

Go To Rescan Add Verdict Report
URL: https://securityaffairs.co/wordpress/133736/malware/dsirf-behind-subzero-malware.html
Submission: On August 23 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 87 IPs in 11 countries across 75 domains to perform 326 HTTP transactions. The main IP is 2001:8d8:100f:f000::289, located in Germany and belongs to IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE. The main domain is securityaffairs.co. The Cisco Umbrella rank of the primary domain is 329195.
TLS certificate: Issued by GeoTrust TLS DV RSA Mixed SHA256 2020... on March 24th 2022. Valid for: a year.
This is the only time securityaffairs.co was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
44 2001:8d8:100f... 8560 (IONOS-AS ...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2600:9000:225... 16509 (AMAZON-02)
1 18.66.15.29 16509 (AMAZON-02)
5 92.123.38.97 16625 (AKAMAI-AS)
18 68.183.31.14 14061 (DIGITALOC...)
9 192.0.77.2 2635 (AUTOMATTIC)
2 192.0.76.3 2635 (AUTOMATTIC)
2 52.28.233.190 16509 (AMAZON-02)
1 2600:9000:223... 16509 (AMAZON-02)
1 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
2 23.47.212.25 16625 (AKAMAI-AS)
4 2606:4700:20:... 13335 (CLOUDFLAR...)
1 2a04:fa87:fff... 2635 (AUTOMATTIC)
1 2 3.124.33.5 16509 (AMAZON-02)
1 2a00:1450:400... 15169 (GOOGLE)
1 2001:4860:480... 15169 (GOOGLE)
1 2 2a02:2638::1c 44788 (ASN-CRITE...)
2 4 185.89.210.244 29990 (ASN-APPNEX)
2 178.250.2.146 44788 (ASN-CRITE...)
1 141.95.98.69 16276 (OVH)
4 15.197.193.217 16509 (AMAZON-02)
6 137.184.242.150 14061 (DIGITALOC...)
4 2602:803:c003... 26667 (RUBICONPR...)
4 52.57.79.170 16509 (AMAZON-02)
1 14 185.89.210.122 29990 (ASN-APPNEX)
4 185.64.189.112 62713 (AS-PUBMATIC)
4 34.107.148.139 15169 (GOOGLE)
4 185.86.139.58 201081 (SMARTADSE...)
4 69.166.1.14 27630 (AS-XFERNET)
4 216.52.2.30 30282 (AS-INAPCD...)
3 35.157.194.177 16509 (AMAZON-02)
8 35.244.159.8 15169 (GOOGLE)
2 52.28.203.152 16509 (AMAZON-02)
1 2 46.249.52.249 50673 (SERVERIUS-AS)
1 34.200.207.25 14618 (AMAZON-AES)
3 46.249.52.248 50673 (SERVERIUS-AS)
1 34.232.108.54 14618 (AMAZON-AES)
1 1 23.7.197.114 16625 (AKAMAI-AS)
4 92.123.9.160 16625 (AKAMAI-AS)
1 1 104.18.18.126 13335 (CLOUDFLAR...)
1 6 104.18.19.126 13335 (CLOUDFLAR...)
1 205.234.175.175 30081 (CACHENETW...)
1 51.89.9.253 16276 (OVH)
14 2606:4700:10:... 13335 (CLOUDFLAR...)
3 6 142.250.185.66 15169 (GOOGLE)
2 3 35.227.248.159 15169 (GOOGLE)
2 3 37.157.3.30 198622 (ADFORM)
1 2a04:4e42::300 54113 (FASTLY)
1 2600:1f16:e61... 16509 (AMAZON-02)
2 198.47.127.19 62713 (AS-PUBMATIC)
2 2 2a05:d018:24:... 16509 (AMAZON-02)
2 2 34.250.101.124 16509 (AMAZON-02)
1 18.198.69.109 16509 (AMAZON-02)
1 1 151.1.205.165 3242 (ASN-ITNET)
1 1 85.114.159.118 24961 (MYLOC-AS ...)
2 2 34.111.131.239 15169 (GOOGLE)
1 185.15.245.82 24961 (MYLOC-AS ...)
2 3 54.216.202.57 16509 (AMAZON-02)
1 1 212.82.100.182 34010 (YAHOO-IRD)
2 54.73.80.98 16509 (AMAZON-02)
1 157.90.211.246 24940 (HETZNER-AS)
1 1 92.123.37.164 16625 (AKAMAI-AS)
1 1 35.173.74.115 14618 (AMAZON-AES)
1 2 52.95.115.255 16509 (AMAZON-02)
4 7 52.46.130.91 16509 (AMAZON-02)
1 23.7.201.234 16625 (AKAMAI-AS)
1 1 176.34.72.130 16509 (AMAZON-02)
1 1 70.42.32.255 13789 (INTERNAP-...)
2 2 135.125.160.77 16276 (OVH)
1 1 2a02:fa8:8806... 41041 (VCLK-EU-SE)
1 192.132.33.46 18568 (BIDTELLECT)
1 69.173.144.165 26667 (RUBICONPR...)
1 3 69.173.144.138 26667 (RUBICONPR...)
4 4 69.173.144.139 26667 (RUBICONPR...)
1 2a00:1288:f03... 10310 (YAHOO-1)
1 1 2a05:d018:d29... 16509 (AMAZON-02)
1 2620:1ec:21::14 8068 (MICROSOFT...)
1 35.244.174.68 15169 (GOOGLE)
2 5.178.65.253 50673 (SERVERIUS-AS)
1 2a02:6ea0:cb0... 60068 (CDN77 ^_^)
2 18.66.97.88 16509 (AMAZON-02)
1 51.15.145.115 12876 (Online SAS)
21 2a00:1450:400... 15169 (GOOGLE)
3 142.250.186.98 15169 (GOOGLE)
3 2a00:1450:400... 15169 (GOOGLE)
3 3 2a00:1450:400... 15169 (GOOGLE)
9 2a00:1450:400... 15169 (GOOGLE)
3 2a00:1450:400... 15169 (GOOGLE)
4 151.101.193.108 54113 (FASTLY)
4 23.47.208.212 16625 (AKAMAI-AS)
6 104.17.120.107 13335 (CLOUDFLAR...)
1 67.202.105.22 32748 (STEADFAST)
1 1 3.122.84.82 16509 (AMAZON-02)
4 37.157.2.234 198622 (ADFORM)
2 2 52.57.150.184 16509 (AMAZON-02)
1 1 3.127.182.213 16509 (AMAZON-02)
2 18.156.32.70 16509 (AMAZON-02)
1 1 3.73.146.93 16509 (AMAZON-02)
6 23.47.209.169 16625 (AKAMAI-AS)
2 37.157.6.236 198622 (ADFORM)
12 2606:4700:20:... 13335 (CLOUDFLAR...)
1 1 84.200.5.215 44066 (DE-FIRSTC...)
1 1 213.202.235.8 24961 (MYLOC-AS ...)
1 3.69.216.1 16509 (AMAZON-02)
1 1 145.239.193.130 16276 (OVH)
1 88.198.250.30 24940 (HETZNER-AS)
2 2 92.123.17.141 16625 (AKAMAI-AS)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 3.234.101.191 ()
326 87
44    2001:8d8:100f:f000::289 (Germany)

ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE)
securityaffairs.co
1    2606:4700::6812:bcf (United States)

ASN13335 (CLOUDFLARENET, US)
maxcdn.bootstrapcdn.com
1    2600:9000:225e:4600:3:c04e:c780:93a1 (United States)

ASN16509 (AMAZON-02, US)
ws.sharethis.com
1    18.66.15.29 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-15-29.vie50.r.cloudfront.net
platform-api.sharethis.com
5    92.123.38.97 (Vienna, Austria)

ASN16625 (AKAMAI-AS, US)
PTR: a92-123-38-97.deploy.static.akamaitechnologies.com
contextual.media.net
18    68.183.31.14 (North Bergen, United States)

ASN14061 (DIGITALOCEAN-ASN, US)
served-by.pixfuture.com
9    192.0.77.2 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)
PTR: i0.wp.com
i0.wp.com
2    192.0.76.3 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)
stats.wp.com
pixel.wp.com
2    52.28.233.190 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-28-233-190.eu-central-1.compute.amazonaws.com
l.sharethis.com
1    2600:9000:223c:e400:c:abe:f440:93a1 (United States)

ASN16509 (AMAZON-02, US)
buttons-config.sharethis.com
1    2a00:1450:4001:806::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
google-analytics.com
2    2a00:1450:4001:82b::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
2    23.47.212.25 (Vienna, Austria)

ASN16625 (AKAMAI-AS, US)
PTR: a23-47-212-25.deploy.static.akamaitechnologies.com
lg3.media.net
4    2606:4700:20::681a:744 (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.pixfuture.com
1    2a04:fa87:fffe::c000:4902 (Ireland)

ASN2635 (AUTOMATTIC, US)
secure.gravatar.com
2    3.124.33.5 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-124-33-5.eu-central-1.compute.amazonaws.com
aa.agkn.com
1    2a00:1450:4001:82a::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
1    2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)
region1.google-analytics.com
2    2a02:2638::1c (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
gum.criteo.com
4    185.89.210.244 (Frankfurt am Main, Germany)

ASN29990 (ASN-APPNEX, US)
PTR: 946.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
secure.adnxs.com
2    178.250.2.146 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
mug.criteo.com
1    141.95.98.69 (France)

ASN16276 (OVH, FR)
PTR: ns3216534.ip-141-95-98.eu
id5-sync.com
4    15.197.193.217 (United States)

ASN16509 (AMAZON-02, US)
PTR: a12b7a488abeaa9e4.awsglobalaccelerator.com
match.adsrvr.org
6    137.184.242.150 (North Bergen, United States)

ASN14061 (DIGITALOCEAN-ASN, US)
prebidserver.pixfuture.com
4    2602:803:c003:200::21 (Amsterdam, Netherlands)

ASN26667 (RUBICONPROJECT, US)
fastlane.rubiconproject.com
4    52.57.79.170 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-57-79-170.eu-central-1.compute.amazonaws.com
hb.emxdgt.com
14    185.89.210.122 (Frankfurt am Main, Germany)

ASN29990 (ASN-APPNEX, US)
PTR: 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
ib.adnxs.com
4    185.64.189.112 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)
hbopenbid.pubmatic.com
4    34.107.148.139 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 139.148.107.34.bc.googleusercontent.com
prebid.media.net
4    185.86.139.58 (France)

ASN201081 (SMARTADSERVER, FR)
prg.smartadserver.com
4    69.166.1.14 (United States)

ASN27630 (AS-XFERNET, US)
apex.go.sonobi.com
4    216.52.2.30 (United States)

ASN30282 (AS-INAPCDN-OCY, US)
ap.lijit.com
3    35.157.194.177 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-35-157-194-177.eu-central-1.compute.amazonaws.com
btlr.sharethrough.com
8    35.244.159.8 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 8.159.244.35.bc.googleusercontent.com
pixfuture2-d.openx.net
u.openx.net
2    52.28.203.152 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-28-203-152.eu-central-1.compute.amazonaws.com
c2shb.ssp.yahoo.com
2    46.249.52.249 (Amsterdam, Netherlands)

ASN50673 (SERVERIUS-AS, NL)
PTR: ads.us.e-planning.net
ads.us.e-planning.net
1    34.200.207.25 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-200-207-25.compute-1.amazonaws.com
a.audrte.com
3    46.249.52.248 (Amsterdam, Netherlands)

ASN50673 (SERVERIUS-AS, NL)
PTR: ads.us.e-planning.net
u-ams02.e-planning.net
1    34.232.108.54 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-232-108-54.compute-1.amazonaws.com
ssp.disqus.com
1    23.7.197.114 (Vienna, Austria)

ASN16625 (AKAMAI-AS, US)
PTR: a23-7-197-114.deploy.static.akamaitechnologies.com
secure-assets.rubiconproject.com
4    92.123.9.160 (Vienna, Austria)

ASN16625 (AKAMAI-AS, US)
PTR: a92-123-9-160.deploy.static.akamaitechnologies.com
eus.rubiconproject.com
1    104.18.18.126 (None, )

ASN13335 (CLOUDFLARENET, US)
ssum.casalemedia.com
6    104.18.19.126 (None, )

ASN13335 (CLOUDFLARENET, US)
r.casalemedia.com
dsum-sec.casalemedia.com
dsum.casalemedia.com
1    205.234.175.175 (United States)

ASN30081 (CACHENETWORKS, US)
PTR: vip1.G-anycast1.cachefly.net
i.e-planning.net
1    51.89.9.253 (London, United Kingdom)

ASN16276 (OVH, FR)
PTR: ip253.ip-51-89-9.eu
onetag-sys.com
14    2606:4700:10::6816:1957 (United States)

ASN13335 (CLOUDFLARENET, US)
spl.zeotap.com
mwzeom.zeotap.com
6    142.250.185.66 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s48-in-f2.1e100.net
cm.g.doubleclick.net
3    35.227.248.159 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 159.248.227.35.bc.googleusercontent.com
pixel.tapad.com
3    37.157.3.30 (Denmark)

ASN198622 (ADFORM, DK)
dmp.adform.net
c1.adform.net
1    2a04:4e42::300 (United States)

ASN54113 (FASTLY, US)
trc.taboola.com
1    2600:1f16:e61:3f01:ec47:44d4:778:a05a (Columbus, United States)

ASN16509 (AMAZON-02, US)
dmp.v.fwmrm.net
2    198.47.127.19 (United States)

ASN62713 (AS-PUBMATIC, US)
image6.pubmatic.com
2    2a05:d018:24:b001:c8ee:3b80:f7b4:fc56 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
sync.tidaltv.com
2    34.250.101.124 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-250-101-124.eu-west-1.compute.amazonaws.com
dpm.demdex.net
1    18.198.69.109 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-198-69-109.eu-central-1.compute.amazonaws.com
loadeu.exelator.com
1    151.1.205.165 (Rogeno, Italy)

ASN3242 (ASN-ITNET, IT)
bn01.er.bemail.it
1    85.114.159.118 (Waldshut-Tiengen, Germany)

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)
PTR: dsp.adfarm1.adition.com
dsp.adfarm1.adition.com
2    34.111.131.239 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 239.131.111.34.bc.googleusercontent.com
idsync.frontend.weborama.fr
1    185.15.245.82 (Germany)

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)
dmp.theadex.com
3    54.216.202.57 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-216-202-57.eu-west-1.compute.amazonaws.com
bcp.crwdcntrl.net
1    212.82.100.182 (Dublin, Ireland)

ASN34010 (YAHOO-IRD, GB)
PTR: spcms.pbp.vip.ir2.yahoo.com
cms.analytics.yahoo.com
2    54.73.80.98 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-73-80-98.eu-west-1.compute.amazonaws.com
beacon.krxd.net
1    157.90.211.246 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.246.211.90.157.clients.your-server.de
sync.richaudience.com
1    92.123.37.164 (Vienna, Austria)

ASN16625 (AKAMAI-AS, US)
PTR: a92-123-37-164.deploy.static.akamaitechnologies.com
pixel.mathtag.com
1    35.173.74.115 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-35-173-74-115.compute-1.amazonaws.com
usermatch.krxd.net
2    52.95.115.255 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
aax-eu.amazon-adsystem.com
7    52.46.130.91 (Ashburn, United States)

ASN16509 (AMAZON-02, US)
s.amazon-adsystem.com
1    23.7.201.234 (Vienna, Austria)

ASN16625 (AKAMAI-AS, US)
PTR: a23-7-201-234.deploy.static.akamaitechnologies.com
tags.bluekai.com
1    176.34.72.130 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-176-34-72-130.eu-west-1.compute.amazonaws.com
obgpm76tt0a0sgogzhdfe.redinuid.imrworldwide.com
1    70.42.32.255 (United States)

ASN13789 (INTERNAP-BLK3, US)
PTR: ny.outbrain.com
b1sync.zemanta.com
2    135.125.160.77 (France)

ASN16276 (OVH, FR)
PTR: ns3195934.ip-135-125-160.eu
gu.dyntrk.com
1    2a02:fa8:8806:16::1400 (Singapore)

ASN41041 (VCLK-EU-SE, US)
casale-match.dotomi.com
1    192.132.33.46 (United States)

ASN18568 (BIDTELLECT, US)
PTR: 46.bidtellect.com
bttrack.com
1    69.173.144.165 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)
pixel-eu.rubiconproject.com
3    69.173.144.138 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)
pixel.rubiconproject.com
4    69.173.144.139 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)
token.rubiconproject.com
1    2a00:1288:f03d:1fa::4000 (United Kingdom)

ASN10310 (YAHOO-1, US)
ads.yahoo.com
1    2a05:d018:d29:3605:9ff9:d907:aaf7:c9c8 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
pr-bh.ybp.yahoo.com
1    2620:1ec:21::14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
px.ads.linkedin.com
1    35.244.174.68 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 68.174.244.35.bc.googleusercontent.com
id.rlcdn.com
2    5.178.65.253 (Rijswijk, Netherlands)

ASN50673 (SERVERIUS-AS, NL)
PTR: i.e-planning.net
s.e-planning.net
1    2a02:6ea0:cb00::2 (United Kingdom)

ASN60068 (CDN77 ^_^, GB)
vid.vidoomy.com
2    18.66.97.88 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-97-88.fra56.r.cloudfront.net
tags.crwdcntrl.net
1    51.15.145.115 (Paris, France)

ASN12876 (Online SAS, FR)
PTR: 51-15-145-115.rev.poneytelecom.eu
js.cookieless-data.com
21    2a00:1450:4001:82b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
pagead2.googlesyndication.com
adservice.google.com
3    142.250.186.98 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s06-in-f2.1e100.net
partner.googleadservices.com
3    2a00:1450:4001:831::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
adservice.google.ru
3    2a00:1450:4001:80f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
googleads.g.doubleclick.net
9    2a00:1450:4001:830::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
tpc.googlesyndication.com
3    2a00:1450:4001:80e::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
4    151.101.193.108 (United States)

ASN54113 (FASTLY, US)
acdn.adnxs.com
4    23.47.208.212 (Vienna, Austria)

ASN16625 (AKAMAI-AS, US)
PTR: a23-47-208-212.deploy.static.akamaitechnologies.com
ads.pubmatic.com
6    104.17.120.107 (None, )

ASN13335 (CLOUDFLARENET, US)
biddr.brealtime.com
js.brealtime.com
1    67.202.105.22 (United States)

ASN32748 (STEADFAST, US)
PTR: ip22.67-202-105.static.steadfastdns.net
ssc-cms.33across.com
1    3.122.84.82 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-122-84-82.eu-central-1.compute.amazonaws.com
ghent-aws-fr.bidswitch.net
4    37.157.2.234 (Denmark)

ASN198622 (ADFORM, DK)
track.adform.net
2    52.57.150.184 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-57-150-184.eu-central-1.compute.amazonaws.com
aws-fr-sync.bidswitch.net
1    3.127.182.213 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-127-182-213.eu-central-1.compute.amazonaws.com
x.bidswitch.net
2    18.156.32.70 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-156-32-70.eu-central-1.compute.amazonaws.com
e1.emxdgt.com
1    3.73.146.93 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-73-146-93.eu-central-1.compute.amazonaws.com
imp-euro.emxdgt.com
6    23.47.209.169 (Vienna, Austria)

ASN16625 (AKAMAI-AS, US)
PTR: a23-47-209-169.deploy.static.akamaitechnologies.com
z.moatads.com
px.moatads.com
2    37.157.6.236 (Denmark)

ASN198622 (ADFORM, DK)
s1.adform.net
12    2606:4700:20::681a:bd1 (United States)

ASN13335 (CLOUDFLARENET, US)
ad4m.at
as.ad4m.at
assets.ad4m.at
1    84.200.5.215 (Germany)

ASN44066 (DE-FIRSTCOLO www.first-colo.net, DE)
private.vodafone-affiliate.de
1    213.202.235.8 (Germany)

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)
m.exactag.com
1    3.69.216.1 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-69-216-1.eu-central-1.compute.amazonaws.com
vfd2dyn.vodafone.de
1    145.239.193.130 (France)

ASN16276 (OVH, FR)
pv.medialead.de
1    88.198.250.30 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.88-198-250-30.clients.your-server.de
pb.media01.eu
2    92.123.17.141 (Vienna, Austria)

ASN16625 (AKAMAI-AS, US)
PTR: a92-123-17-141.deploy.static.akamaitechnologies.com
www.awin1.com
www.zenaps.com
1    2606:4700::6812:7e05 (United States)

ASN13335 (CLOUDFLARENET, US)
www.conrad.de
1    3.234.101.191 (None, )

ASN- ()
imp.emxdgt.com
Apex Domain
Subdomains		 Transfer
44 securityaffairs.co
securityaffairs.co — Cisco Umbrella Rank: 329195
1 MB
28 pixfuture.com
served-by.pixfuture.com — Cisco Umbrella Rank: 52506
cdn.pixfuture.com — Cisco Umbrella Rank: 63562
prebidserver.pixfuture.com — Cisco Umbrella Rank: 113191
551 KB
27 googlesyndication.com
pagead2.googlesyndication.com — Cisco Umbrella Rank: 123 Failed
tpc.googlesyndication.com — Cisco Umbrella Rank: 159
586 KB
22 adnxs.com
secure.adnxs.com — Cisco Umbrella Rank: 463
ib.adnxs.com — Cisco Umbrella Rank: 230
acdn.adnxs.com — Cisco Umbrella Rank: 604
83 KB
17 rubiconproject.com
fastlane.rubiconproject.com — Cisco Umbrella Rank: 519
secure-assets.rubiconproject.com — Cisco Umbrella Rank: 1015
eus.rubiconproject.com — Cisco Umbrella Rank: 582
pixel-eu.rubiconproject.com — Cisco Umbrella Rank: 2237
pixel.rubiconproject.com — Cisco Umbrella Rank: 327
token.rubiconproject.com — Cisco Umbrella Rank: 711
27 KB
14 zeotap.com
spl.zeotap.com — Cisco Umbrella Rank: 1891
mwzeom.zeotap.com — Cisco Umbrella Rank: 1478
4 KB
12 ad4m.at
ad4m.at — Cisco Umbrella Rank: 2302
as.ad4m.at — Cisco Umbrella Rank: 29608
assets.ad4m.at — Cisco Umbrella Rank: 38632
780 KB
11 wp.com
i0.wp.com — Cisco Umbrella Rank: 2991
stats.wp.com — Cisco Umbrella Rank: 2570
pixel.wp.com — Cisco Umbrella Rank: 2431
80 KB
11 media.net
contextual.media.net — Cisco Umbrella Rank: 537
lg3.media.net — Cisco Umbrella Rank: 3677
prebid.media.net — Cisco Umbrella Rank: 1269
37 KB
10 pubmatic.com
hbopenbid.pubmatic.com — Cisco Umbrella Rank: 493
image6.pubmatic.com — Cisco Umbrella Rank: 634
ads.pubmatic.com — Cisco Umbrella Rank: 492
24 KB
9 amazon-adsystem.com
aax-eu.amazon-adsystem.com — Cisco Umbrella Rank: 1260
s.amazon-adsystem.com — Cisco Umbrella Rank: 282
7 KB
9 adform.net
dmp.adform.net — Cisco Umbrella Rank: 5038
track.adform.net — Cisco Umbrella Rank: 4130
c1.adform.net — Cisco Umbrella Rank: 612
s1.adform.net — Cisco Umbrella Rank: 8434
37 KB
9 doubleclick.net
cm.g.doubleclick.net — Cisco Umbrella Rank: 214
googleads.g.doubleclick.net — Cisco Umbrella Rank: 52
1 KB
8 e-planning.net
ads.us.e-planning.net — Cisco Umbrella Rank: 5255
u-ams02.e-planning.net — Cisco Umbrella Rank: 85411
i.e-planning.net — Cisco Umbrella Rank: 7512
s.e-planning.net — Cisco Umbrella Rank: 7146
4 KB
8 openx.net
pixfuture2-d.openx.net — Cisco Umbrella Rank: 71579
u.openx.net — Cisco Umbrella Rank: 705
1 KB
8 emxdgt.com
hb.emxdgt.com — Cisco Umbrella Rank: 2636
e1.emxdgt.com — Cisco Umbrella Rank: 1258
imp-euro.emxdgt.com — Cisco Umbrella Rank: 49426
imp.emxdgt.com
8 KB
7 casalemedia.com
ssum.casalemedia.com — Cisco Umbrella Rank: 1324
r.casalemedia.com — Cisco Umbrella Rank: 778
dsum-sec.casalemedia.com — Cisco Umbrella Rank: 525
dsum.casalemedia.com — Cisco Umbrella Rank: 1387
7 KB
6 moatads.com
z.moatads.com — Cisco Umbrella Rank: 423
px.moatads.com — Cisco Umbrella Rank: 469
103 KB
6 brealtime.com
biddr.brealtime.com — Cisco Umbrella Rank: 2946
js.brealtime.com — Cisco Umbrella Rank: 4658
13 KB
6 google.com
adservice.google.com — Cisco Umbrella Rank: 88
www.google.com — Cisco Umbrella Rank: 9
3 KB
5 crwdcntrl.net
bcp.crwdcntrl.net — Cisco Umbrella Rank: 820
tags.crwdcntrl.net — Cisco Umbrella Rank: 1220
17 KB
5 yahoo.com
c2shb.ssp.yahoo.com — Cisco Umbrella Rank: 1019
cms.analytics.yahoo.com — Cisco Umbrella Rank: 796
ads.yahoo.com — Cisco Umbrella Rank: 2295
pr-bh.ybp.yahoo.com — Cisco Umbrella Rank: 488
2 KB
5 sharethis.com
ws.sharethis.com — Cisco Umbrella Rank: 8483
platform-api.sharethis.com — Cisco Umbrella Rank: 4580
l.sharethis.com — Cisco Umbrella Rank: 4476
buttons-config.sharethis.com — Cisco Umbrella Rank: 5510
57 KB
4 bidswitch.net
ghent-aws-fr.bidswitch.net — Cisco Umbrella Rank: 10357
aws-fr-sync.bidswitch.net — Cisco Umbrella Rank: 30642
x.bidswitch.net — Cisco Umbrella Rank: 292
3 KB
4 lijit.com
ap.lijit.com — Cisco Umbrella Rank: 654
3 KB
4 sonobi.com
apex.go.sonobi.com — Cisco Umbrella Rank: 1901
3 KB
4 smartadserver.com
prg.smartadserver.com — Cisco Umbrella Rank: 1497
1 KB
4 adsrvr.org
match.adsrvr.org — Cisco Umbrella Rank: 371
1 KB
4 criteo.com
gum.criteo.com — Cisco Umbrella Rank: 407
mug.criteo.com — Cisco Umbrella Rank: 2790
1 KB
3 google.ru
adservice.google.ru — Cisco Umbrella Rank: 39919
1 KB
3 googleadservices.com
partner.googleadservices.com — Cisco Umbrella Rank: 882
1 KB
3 krxd.net
beacon.krxd.net — Cisco Umbrella Rank: 515
usermatch.krxd.net — Cisco Umbrella Rank: 1240
942 B
3 tapad.com
pixel.tapad.com — Cisco Umbrella Rank: 464
767 B
3 sharethrough.com
btlr.sharethrough.com — Cisco Umbrella Rank: 1244
475 B
3 google-analytics.com
google-analytics.com — Cisco Umbrella Rank: 36
www.google-analytics.com — Cisco Umbrella Rank: 45
region1.google-analytics.com — Cisco Umbrella Rank: 3094
21 KB
2 dyntrk.com
gu.dyntrk.com — Cisco Umbrella Rank: 1307
850 B
2 weborama.fr
idsync.frontend.weborama.fr — Cisco Umbrella Rank: 25384
680 B
2 demdex.net
dpm.demdex.net — Cisco Umbrella Rank: 201
2 KB
2 tidaltv.com
sync.tidaltv.com — Cisco Umbrella Rank: 1122
751 B
2 agkn.com
aa.agkn.com — Cisco Umbrella Rank: 461
989 B
2 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 78
109 KB
1 conrad.de
www.conrad.de — Cisco Umbrella Rank: 83361
727 B
1 zenaps.com
www.zenaps.com — Cisco Umbrella Rank: 20337
696 B
1 awin1.com
www.awin1.com — Cisco Umbrella Rank: 15871
791 B
1 media01.eu
pb.media01.eu — Cisco Umbrella Rank: 46022
628 B
1 medialead.de
pv.medialead.de — Cisco Umbrella Rank: 47242
639 B
1 vodafone.de
vfd2dyn.vodafone.de — Cisco Umbrella Rank: 74236
1 exactag.com
m.exactag.com — Cisco Umbrella Rank: 13068
1 KB
1 vodafone-affiliate.de
private.vodafone-affiliate.de — Cisco Umbrella Rank: 140390
760 B
1 cookieless-data.com
js.cookieless-data.com — Cisco Umbrella Rank: 7261
535 B
1 vidoomy.com
vid.vidoomy.com — Cisco Umbrella Rank: 5036
17 KB
1 linkedin.com
px.ads.linkedin.com — Cisco Umbrella Rank: 370
704 B
1 bttrack.com
bttrack.com — Cisco Umbrella Rank: 745
380 B
1 dotomi.com
casale-match.dotomi.com — Cisco Umbrella Rank: 2647
187 B
1 zemanta.com
b1sync.zemanta.com — Cisco Umbrella Rank: 572
317 B
1 imrworldwide.com
obgpm76tt0a0sgogzhdfe.redinuid.imrworldwide.com — Cisco Umbrella Rank: 93873
214 B
1 bluekai.com
tags.bluekai.com — Cisco Umbrella Rank: 486
145 B
1 mathtag.com
pixel.mathtag.com — Cisco Umbrella Rank: 1005
770 B
1 richaudience.com
sync.richaudience.com — Cisco Umbrella Rank: 1918
361 B
1 theadex.com
dmp.theadex.com — Cisco Umbrella Rank: 20216
219 B
1 adition.com
dsp.adfarm1.adition.com — Cisco Umbrella Rank: 1558
596 B
1 bemail.it
bn01.er.bemail.it — Cisco Umbrella Rank: 117032
659 B
1 exelator.com
loadeu.exelator.com — Cisco Umbrella Rank: 7247
324 B
1 fwmrm.net
dmp.v.fwmrm.net — Cisco Umbrella Rank: 11716
411 B
1 taboola.com
trc.taboola.com — Cisco Umbrella Rank: 707
161 B
1 onetag-sys.com
onetag-sys.com — Cisco Umbrella Rank: 746
1 disqus.com
ssp.disqus.com — Cisco Umbrella Rank: 2420
217 B
1 audrte.com
a.audrte.com — Cisco Umbrella Rank: 2195
2 KB
1 33across.com
ssc.33across.com Failed
ssc-cms.33across.com — Cisco Umbrella Rank: 999
1 rlcdn.com
api.rlcdn.com Failed
id.rlcdn.com — Cisco Umbrella Rank: 592
98 B
1 id5-sync.com
id5-sync.com — Cisco Umbrella Rank: 508
625 B
1 gravatar.com
secure.gravatar.com — Cisco Umbrella Rank: 1543
1 KB
1 bootstrapcdn.com
maxcdn.bootstrapcdn.com — Cisco Umbrella Rank: 727
6 KB
0 everesttech.net Failed
sync-tm.everesttech.net Failed
0 googleapis.com Failed
fonts.googleapis.com Failed
326 75
Domain Requested by
44 securityaffairs.co securityaffairs.co
18 pagead2.googlesyndication.com cdn.pixfuture.com
pagead2.googlesyndication.com
tpc.googlesyndication.com
18 served-by.pixfuture.com securityaffairs.co
cdn.pixfuture.com
pagead2.googlesyndication.com
14 ib.adnxs.com 1 redirects cdn.pixfuture.com
spl.zeotap.com
acdn.adnxs.com
11 mwzeom.zeotap.com ads.us.e-planning.net
spl.zeotap.com
9 tpc.googlesyndication.com pagead2.googlesyndication.com
tpc.googlesyndication.com
9 i0.wp.com securityaffairs.co
7 s.amazon-adsystem.com 4 redirects ads.us.e-planning.net
r.casalemedia.com
eus.rubiconproject.com
6 assets.ad4m.at as.ad4m.at
6 cm.g.doubleclick.net 3 redirects spl.zeotap.com
r.casalemedia.com
eus.rubiconproject.com
6 prebidserver.pixfuture.com cdn.pixfuture.com
ads.us.e-planning.net
5 px.moatads.com
5 biddr.brealtime.com cdn.pixfuture.com
securityaffairs.co
5 contextual.media.net securityaffairs.co
cdn.pixfuture.com
4 ad4m.at s1.adform.net
ad4m.at
4 track.adform.net securityaffairs.co
s1.adform.net
4 u.openx.net cdn.pixfuture.com
4 ads.pubmatic.com cdn.pixfuture.com
4 acdn.adnxs.com cdn.pixfuture.com
4 token.rubiconproject.com 4 redirects
4 dsum-sec.casalemedia.com 1 redirects r.casalemedia.com
4 eus.rubiconproject.com ads.us.e-planning.net
eus.rubiconproject.com
cdn.pixfuture.com
4 pixfuture2-d.openx.net cdn.pixfuture.com
4 ap.lijit.com cdn.pixfuture.com
4 apex.go.sonobi.com cdn.pixfuture.com
4 prg.smartadserver.com cdn.pixfuture.com
4 prebid.media.net cdn.pixfuture.com
4 hbopenbid.pubmatic.com cdn.pixfuture.com
4 hb.emxdgt.com cdn.pixfuture.com
4 fastlane.rubiconproject.com cdn.pixfuture.com
4 match.adsrvr.org cdn.pixfuture.com
spl.zeotap.com
r.casalemedia.com
eus.rubiconproject.com
4 secure.adnxs.com 2 redirects
4 cdn.pixfuture.com served-by.pixfuture.com
cdn.pixfuture.com
securityaffairs.co
3 www.google.com tpc.googlesyndication.com
3 googleads.g.doubleclick.net 3 redirects
3 adservice.google.com pagead2.googlesyndication.com
3 adservice.google.ru pagead2.googlesyndication.com
3 partner.googleadservices.com pagead2.googlesyndication.com
3 pixel.rubiconproject.com 1 redirects eus.rubiconproject.com
3 bcp.crwdcntrl.net 2 redirects tags.crwdcntrl.net
3 pixel.tapad.com 2 redirects spl.zeotap.com
3 spl.zeotap.com ads.us.e-planning.net
spl.zeotap.com
3 u-ams02.e-planning.net ads.us.e-planning.net
r.casalemedia.com
vid.vidoomy.com
3 btlr.sharethrough.com cdn.pixfuture.com
2 as.ad4m.at ad4m.at
as.ad4m.at
2 s1.adform.net ghent-aws-fr.bidswitch.net
s1.adform.net
2 e1.emxdgt.com securityaffairs.co
imp-euro.emxdgt.com
2 c1.adform.net 2 redirects
2 aws-fr-sync.bidswitch.net 2 redirects
2 tags.crwdcntrl.net s.e-planning.net
tags.crwdcntrl.net
2 s.e-planning.net ads.us.e-planning.net
2 gu.dyntrk.com 2 redirects
2 aax-eu.amazon-adsystem.com 1 redirects ads.us.e-planning.net
2 beacon.krxd.net spl.zeotap.com
ads.us.e-planning.net
2 idsync.frontend.weborama.fr 2 redirects
2 dpm.demdex.net 2 redirects
2 sync.tidaltv.com 2 redirects
2 image6.pubmatic.com spl.zeotap.com
ads.pubmatic.com
2 ads.us.e-planning.net 1 redirects cdn.pixfuture.com
2 c2shb.ssp.yahoo.com cdn.pixfuture.com
2 mug.criteo.com
2 gum.criteo.com 1 redirects
2 aa.agkn.com 1 redirects cdn.pixfuture.com
2 lg3.media.net securityaffairs.co
2 www.googletagmanager.com securityaffairs.co
www.googletagmanager.com
2 l.sharethis.com ws.sharethis.com
securityaffairs.co
1 imp.emxdgt.com
1 www.conrad.de as.ad4m.at
1 www.zenaps.com 1 redirects
1 www.awin1.com 1 redirects
1 pb.media01.eu as.ad4m.at
1 pv.medialead.de 1 redirects
1 vfd2dyn.vodafone.de as.ad4m.at
1 m.exactag.com 1 redirects
1 private.vodafone-affiliate.de 1 redirects
1 js.brealtime.com cdn.pixfuture.com
1 z.moatads.com cdn.pixfuture.com
1 imp-euro.emxdgt.com 1 redirects
1 x.bidswitch.net 1 redirects
1 ghent-aws-fr.bidswitch.net 1 redirects
1 ssc-cms.33across.com cdn.pixfuture.com
1 js.cookieless-data.com s.e-planning.net
1 vid.vidoomy.com ads.us.e-planning.net
1 id.rlcdn.com eus.rubiconproject.com
1 px.ads.linkedin.com eus.rubiconproject.com
1 pr-bh.ybp.yahoo.com 1 redirects
1 ads.yahoo.com eus.rubiconproject.com
1 pixel-eu.rubiconproject.com eus.rubiconproject.com
1 bttrack.com r.casalemedia.com
1 dsum.casalemedia.com r.casalemedia.com
1 casale-match.dotomi.com 1 redirects
1 b1sync.zemanta.com 1 redirects
1 obgpm76tt0a0sgogzhdfe.redinuid.imrworldwide.com 1 redirects
1 tags.bluekai.com spl.zeotap.com
1 usermatch.krxd.net 1 redirects
1 pixel.mathtag.com 1 redirects
1 sync.richaudience.com spl.zeotap.com
1 cms.analytics.yahoo.com 1 redirects
1 dmp.theadex.com spl.zeotap.com
1 dsp.adfarm1.adition.com 1 redirects
1 bn01.er.bemail.it 1 redirects
1 loadeu.exelator.com spl.zeotap.com
1 dmp.v.fwmrm.net spl.zeotap.com
1 trc.taboola.com spl.zeotap.com
1 dmp.adform.net spl.zeotap.com
1 onetag-sys.com ads.us.e-planning.net
1 i.e-planning.net ads.us.e-planning.net
1 r.casalemedia.com ads.us.e-planning.net
1 ssum.casalemedia.com 1 redirects
1 secure-assets.rubiconproject.com 1 redirects
1 ssp.disqus.com ads.us.e-planning.net
1 a.audrte.com ads.us.e-planning.net
1 id5-sync.com cdn.pixfuture.com
1 region1.google-analytics.com www.googletagmanager.com
1 www.google-analytics.com google-analytics.com
1 pixel.wp.com securityaffairs.co
1 secure.gravatar.com securityaffairs.co
1 google-analytics.com securityaffairs.co
1 buttons-config.sharethis.com platform-api.sharethis.com
1 stats.wp.com securityaffairs.co
1 platform-api.sharethis.com securityaffairs.co
1 ws.sharethis.com securityaffairs.co
1 maxcdn.bootstrapcdn.com securityaffairs.co
0 sync-tm.everesttech.net Failed spl.zeotap.com
0 ssc.33across.com Failed cdn.pixfuture.com
0 api.rlcdn.com Failed cdn.pixfuture.com
0 fonts.googleapis.com Failed securityaffairs.co
326 127
Subject Issuer Validity Valid
www.securityaffairs.co
GeoTrust TLS DV RSA Mixed SHA256 2020 CA-1		 2022-03-24 -
2023-04-07		 a year crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2022-01-29 -
2023-01-29		 a year crt.sh
sharethis.com
Amazon		 2022-06-19 -
2023-07-18		 a year crt.sh
*.media.net
DigiCert SHA2 Secure Server CA		 2022-02-20 -
2023-02-22		 a year crt.sh
*.pixfuture.com
Sectigo RSA Domain Validation Secure Server CA		 2021-11-30 -
2022-12-03		 a year crt.sh
*.wp.com
Sectigo RSA Domain Validation Secure Server CA		 2022-06-11 -
2023-07-12		 a year crt.sh
*.google-analytics.com
GTS CA 1C3		 2022-08-01 -
2022-10-24		 3 months crt.sh
*.gravatar.com
Sectigo RSA Domain Validation Secure Server CA		 2020-08-14 -
2022-11-16		 2 years crt.sh
*.agkn.com
RapidSSL RSA CA 2018		 2020-07-25 -
2022-09-18		 2 years crt.sh
*.criteo.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2022-06-15 -
2022-09-18		 3 months crt.sh
*.id5-sync.com
R3		 2022-08-18 -
2022-11-16		 3 months crt.sh
*.adsrvr.org
GlobalSign GCC R3 DV TLS CA 2020		 2022-03-31 -
2023-05-02		 a year crt.sh
*.rubiconproject.com
DigiCert TLS RSA SHA256 2020 CA1		 2022-03-08 -
2023-04-04		 a year crt.sh
*.emxdgt.com
Amazon		 2022-06-02 -
2023-07-01		 a year crt.sh
*.adnxs.com
GeoTrust ECC CA 2018		 2022-02-11 -
2023-03-14		 a year crt.sh
*.pubmatic.com
DigiCert Baltimore TLS RSA SHA256 2020 CA1		 2022-06-13 -
2023-07-14		 a year crt.sh
*.smartadserver.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2022-01-25 -
2023-01-25		 a year crt.sh
*.go.sonobi.com
Go Daddy Secure Certificate Authority - G2		 2021-12-08 -
2023-01-09		 a year crt.sh
*.lijit.com
Go Daddy Secure Certificate Authority - G2		 2022-06-27 -
2023-06-05		 a year crt.sh
*.sharethrough.com
Amazon		 2022-07-14 -
2023-08-12		 a year crt.sh
*.openx.net
GeoTrust RSA CA 2018		 2022-07-21 -
2023-08-21		 a year crt.sh
web.ssp.yahoo.com
DigiCert SHA2 High Assurance Server CA		 2022-08-02 -
2023-01-25		 6 months crt.sh
ads.us.e-planning.net
R3		 2022-07-12 -
2022-10-10		 3 months crt.sh
*.audrte.com
Amazon		 2022-02-24 -
2023-03-24		 a year crt.sh
ssp.disqus.com
Amazon		 2021-12-20 -
2023-01-18		 a year crt.sh
i.e-planning.net
Sectigo RSA Domain Validation Secure Server CA		 2022-02-23 -
2023-02-03		 a year crt.sh
*.onetag-sys.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2022-01-10 -
2023-01-03		 a year crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2022-08-01 -
2022-10-24		 3 months crt.sh
track.adform.net
DigiCert TLS RSA SHA256 2020 CA1		 2021-09-06 -
2022-10-07		 a year crt.sh
*.taboola.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-11-28 -
2022-12-29		 a year crt.sh
*.v.fwmrm.net
DigiCert TLS RSA SHA256 2020 CA1		 2021-11-29 -
2022-12-30		 a year crt.sh
*.exelator.com
DigiCert TLS RSA SHA256 2020 CA1		 2022-06-08 -
2023-06-10		 a year crt.sh
*.tapad.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-09-13 -
2022-10-14		 a year crt.sh
dmp.theadex.com
R3		 2022-06-27 -
2022-09-25		 3 months crt.sh
beacon.krxd.net
DigiCert TLS RSA SHA256 2020 CA1		 2021-11-03 -
2022-11-02		 a year crt.sh
*.richaudience.com
RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1		 2022-03-11 -
2023-03-10		 a year crt.sh
odc-pixel-prod-01.oracle.com
DigiCert SHA2 Secure Server CA		 2022-02-26 -
2023-03-01		 a year crt.sh
*.bttrack.com
Sectigo RSA Domain Validation Secure Server CA		 2022-03-21 -
2023-04-20		 a year crt.sh
*.e-planning.net
R3		 2022-07-25 -
2022-10-23		 3 months crt.sh
*.rlcdn.com
Sectigo RSA Domain Validation Secure Server CA		 2022-02-03 -
2023-02-25		 a year crt.sh
*.vidoomy.com
Sectigo RSA Domain Validation Secure Server CA		 2021-08-06 -
2022-09-05		 a year crt.sh
*.crwdcntrl.net
Go Daddy Secure Certificate Authority - G2		 2022-05-01 -
2023-06-02		 a year crt.sh
*.cookieless-data.com
RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1		 2022-03-23 -
2023-03-22		 a year crt.sh
*.googleadservices.com
GTS CA 1C3		 2022-08-01 -
2022-10-24		 3 months crt.sh
*.google.com.ru
GTS CA 1C3		 2022-08-08 -
2022-10-31		 3 months crt.sh
*.google.com
GTS CA 1C3		 2022-08-01 -
2022-10-24		 3 months crt.sh
tpc.googlesyndication.com
GTS CA 1C3		 2022-08-01 -
2022-10-24		 3 months crt.sh
www.google.com
GTS CA 1C3		 2022-08-01 -
2022-10-24		 3 months crt.sh
cdn.adnxs.com
GeoTrust TLS RSA CA G1		 2022-03-11 -
2023-04-11		 a year crt.sh
*.brealtime.com
Go Daddy Secure Certificate Authority - G2		 2022-01-21 -
2023-02-22		 a year crt.sh
*.33across.com
Sectigo RSA Domain Validation Secure Server CA		 2021-09-23 -
2022-09-30		 a year crt.sh
moatads.com
DigiCert SHA2 Secure Server CA		 2021-11-27 -
2022-11-29		 a year crt.sh

This page contains 51 frames:

Primary Page: https://securityaffairs.co/wordpress/133736/malware/dsirf-behind-subzero-malware.html
Frame ID: B1C7857218BB4A8B9F8FB38BB65676BA
Requests: 153 HTTP requests in this frame

Frame: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Frame ID: F0039FB20F8463710C94D6D03259A6BC
Requests: 4 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?&p=eplanning_eu&endpoint=eu
Frame ID: 7352E5A4828F283D3642BEE90A35C92F
Requests: 11 HTTP requests in this frame

Frame: https://r.casalemedia.com/usermatch?cb=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3D1122cdfada7bf47f%26uid%3D&s=190243&C=1
Frame ID: 8A363C07CF3FBF403DF5479D3F3A902D
Requests: 10 HTTP requests in this frame

Frame: https://i.e-planning.net/esb/4/1/3fb8/2c3914c3ca0f7642/navegg_2022_01_br.html
Frame ID: 65BDEB2C0590F4959585740CCDC61BEB
Requests: 1 HTTP requests in this frame

Frame: https://onetag-sys.com/usync/?pubId=5927d926323dc2c
Frame ID: 74DEDC621D4E11DB94E5ABCC4E3F907D
Requests: 1 HTTP requests in this frame

Frame: https://spl.zeotap.com/cmp?env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=657abbc5-c17d-4d8c-74f1-339b1274ef87&reqId=f1a1bbda-0dfa-440c-7176-83ea04198e9a&zdid=1361&cmp=0
Frame ID: 50E7BDB60D0E8F82B27ACAC6411FBA97
Requests: 31 HTTP requests in this frame

Frame: https://s.e-planning.net/esb/4/0/1992d/823cbe91964ba8ec/lotame20220804.html
Frame ID: C305E8D502A50CBEEA3AE1EC31E97CFC
Requests: 4 HTTP requests in this frame

Frame: https://s.e-planning.net/esb/4/0/1992d/bb6e7a161f794f56/sirdata_03022021.html
Frame ID: C75C6409691D2812B086E1D58AA5EFC8
Requests: 2 HTTP requests in this frame

Frame: https://u-ams02.e-planning.net/um?dc=3ab023ac29ea5990&fi=1122cdfada7bf47f&uid=a6f37f0123013099a595be2217fc435a
Frame ID: 7A5D0283CC1EDA5E6314C3CF780A52DE
Requests: 2 HTTP requests in this frame

Frame: https://prebidserver.pixfuture.com/setuid?bidder=eplanning&gdpr=&gdpr_consent=&f=b&uid=AA6PiF2-OTdaFRH2
Frame ID: AD2911C1EFE1EBA7D61E53A18B017133
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/show_ads.js
Frame ID: 295F30764C6665593D6E293FF1877A75
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/show_ads.js
Frame ID: 2A1AE0FE39910AF96EB2F9C227009E4C
Requests: 8 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/show_ads.js
Frame ID: 51B773F47C4CC23ECE4BCA8D57820B84
Requests: 8 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/show_ads.js
Frame ID: 97599FAAC610CA67767025E03114EA13
Requests: 8 HTTP requests in this frame

Frame: https://served-by.pixfuture.com/www/delivery/afr.php
Frame ID: 99D802798684CF869BBCA5F91F99C65D
Requests: 1 HTTP requests in this frame

Frame: https://served-by.pixfuture.com/www/delivery/afr.php
Frame ID: 4FDAFE775D05F0D4580CF4C00FC20CFF
Requests: 1 HTTP requests in this frame

Frame: https://served-by.pixfuture.com/www/delivery/afr.php
Frame ID: B0D0E55C628ADEBE2635378DC4D77A53
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 36D3416F6FD4D316DAD1336DA11DE416
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 6AACDE3D5A75D547CD154AB81CF7989B
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 54D65296E57DB9B2DB0E3D55A9658D2A
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 4B0BA061C5CF90504D2980D2E8F36B6E
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: CCBE551FD634C32C48F4CFB2B4088C95
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 8FDF9399CB1E47B10B119496952136BF
Requests: 2 HTTP requests in this frame

Frame: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUIUMTP7&prvid=2034%2C2033%2C2031%2C2030%2C273%2C2029%2C233%2C2028%2C2027%2C236%2C2025%2C237%2C117%2C238%2C359%2C97%2C55%2C99%2C2045%2C3012%2C2043%2C3010%2C244%2C201%2C3007%2C246%2C4%2C203%2C9%2C2011%2C3022%2C172%2C3020%2C173%2C251%2C175%2C2009%2C178%2C3018%2C3017%2C214%2C3016%2C336%2C3014%2C337%2C338%2C70%2C77%2C38%2C261%2C141%2C222%2C301%2C225%2C10000%2C80%2C108%2C229&itype=PREBID&purpose1=1&gdprconsent=0&gdpr=1&coppa=0&usp_status=0&usp_consent=1
Frame ID: 6BECF3ABA16C29542FCE3E5D772457E5
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: A9B3A1AC3818AF0888C794417EBAF348
Requests: 3 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: 111800164DBA91A9C4AD50A17E04D273
Requests: 3 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Frame ID: 255396AE0F2EBF503B43215FBB51C7B6
Requests: 2 HTTP requests in this frame

Frame: https://u.openx.net/w/1.0/pd
Frame ID: 671F2A98474276803E360D037A3F4170
Requests: 1 HTTP requests in this frame

Frame: https://biddr.brealtime.com/check.html
Frame ID: B192245C28CC7928753212399D02A1EA
Requests: 1 HTTP requests in this frame

Frame: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUIUMTP7&prvid=2034%2C2033%2C2031%2C2030%2C273%2C2029%2C233%2C2028%2C2027%2C236%2C2025%2C237%2C117%2C238%2C359%2C97%2C55%2C99%2C2045%2C3012%2C2043%2C3010%2C244%2C201%2C3007%2C246%2C4%2C203%2C9%2C2011%2C3022%2C172%2C3020%2C173%2C251%2C175%2C2009%2C178%2C3018%2C3017%2C214%2C3016%2C336%2C3014%2C337%2C338%2C70%2C77%2C38%2C261%2C141%2C222%2C301%2C225%2C10000%2C80%2C108%2C229&itype=PREBID&purpose1=1&gdprconsent=0&gdpr=1&coppa=0&usp_status=0&usp_consent=1
Frame ID: 1938AD3858BC58E05A63262F2C398552
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Frame ID: F57646003DA468746505CC7B11567F84
Requests: 1 HTTP requests in this frame

Frame: https://biddr.brealtime.com/check.html
Frame ID: 887C84A28E98AD1C85299CF9F62CE251
Requests: 1 HTTP requests in this frame

Frame: https://ssc-cms.33across.com/ps/?m=xch&rt=html&ru=deb&id=azC7qard4r6OkMaKlId8sQ&gdpr_consent=undefined&us_privacy=undefined
Frame ID: D4BE17D846BECAFB4E3F2E486F61EBB2
Requests: 1 HTTP requests in this frame

Frame: https://biddr.brealtime.com/check.html
Frame ID: 43DB872E540DA670ABD6F6F9F96858C2
Requests: 1 HTTP requests in this frame

Frame: https://u.openx.net/w/1.0/pd
Frame ID: 48AB2C38C5BC5D02E1BADACEE6600E01
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: 0CE351FA3419F6E6ADE66E32BF41BC13
Requests: 3 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Frame ID: 393768A72D89BC0F8AE27510A1DB56C0
Requests: 1 HTTP requests in this frame

Frame: https://biddr.brealtime.com/check.html
Frame ID: 3157E60A48A304BC11E04642163C9267
Requests: 1 HTTP requests in this frame

Frame: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUIUMTP7&prvid=2034%2C2033%2C2031%2C2030%2C273%2C2029%2C233%2C2028%2C2027%2C236%2C2025%2C237%2C117%2C238%2C359%2C97%2C55%2C99%2C2045%2C3012%2C2043%2C3010%2C244%2C201%2C3007%2C246%2C4%2C203%2C9%2C2011%2C3022%2C172%2C3020%2C173%2C251%2C175%2C2009%2C178%2C3018%2C3017%2C214%2C3016%2C336%2C3014%2C337%2C338%2C70%2C77%2C38%2C261%2C141%2C222%2C301%2C225%2C10000%2C80%2C108%2C229&itype=PREBID&purpose1=1&gdprconsent=0&gdpr=1&coppa=0&usp_status=0&usp_consent=1
Frame ID: 3031540C495DB5AE7F160FF6D82F9F93
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Frame ID: 19A74695CCF1A001156AFFA52B67E0BB
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html
Frame ID: 58FBAC388723476C5F2299CCCECDD2B6
Requests: 2 HTTP requests in this frame

Frame: https://u.openx.net/w/1.0/pd
Frame ID: 84AF49AE2EA793482599326DD4702F8A
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: 62D154047B0BBFC7447BD599A90D7EF7
Requests: 3 HTTP requests in this frame

Frame: https://u.openx.net/w/1.0/pd
Frame ID: 9C549B287EC7EE9848E8763D7AD289DA
Requests: 1 HTTP requests in this frame

Frame: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUIUMTP7&prvid=2034%2C2033%2C2031%2C2030%2C273%2C2029%2C233%2C2028%2C2027%2C236%2C2025%2C237%2C117%2C238%2C359%2C97%2C55%2C99%2C2045%2C3012%2C2043%2C3010%2C244%2C201%2C3007%2C246%2C4%2C203%2C9%2C2011%2C3022%2C172%2C3020%2C173%2C251%2C175%2C2009%2C178%2C3018%2C3017%2C214%2C3016%2C336%2C3014%2C337%2C338%2C70%2C77%2C38%2C261%2C141%2C222%2C301%2C225%2C10000%2C80%2C108%2C229&itype=PREBID&purpose1=1&gdprconsent=0&gdpr=1&coppa=0&usp_status=0&usp_consent=1
Frame ID: 268326DA578FC68DD62331D09341F9F0
Requests: 1 HTTP requests in this frame

Frame: https://cdn.pixfuture.com/banners/320x50.png
Frame ID: F3E67E184750CE56E2FA5EE649AB9B4D
Requests: 1 HTTP requests in this frame

Frame: https://track.adform.net/adfscript/?bn=37104562;rtbwp=0.074838-uxdQnHF2lQEJAdULupjElawhbuXXKDvH0;rtbdata=M9-Z3hVKlYRKxUEL0ElfocjgRHedBHg2ef0GNRsc8peltd8aI1YbmGs5W22QUdBXMi95g1qXc7X4llom4nvcxIpm3AJPgcSSb3IRDH31pKk318h3KExEobsrkpnf8kPkGnhAt96TPb1EV3PoH3iK8-VcmtUnLZaG8GBQ6jzMNYga6vvGz7RJ9VK_XO0KT6NLigyuMOc5_7Qm0dcCNkpUTqqh1hsJb1lLHsUeW1F3wxGVOR-lTG9rcodX0EX7r43BWNxJ3JFWgHYWzpcFMu9_LWT0lQkXAT8x0;;OOBClickTrack=$%7BCLICK_URL_ENC%7D
Frame ID: 9CBFF99EF9C8B11E8761492DD2AAC8F1
Requests: 14 HTTP requests in this frame

Frame: https://cdn.pixfuture.com/banners/300x250.png
Frame ID: 850B02F8E4A21ED3E5E1FFFFE6F9B187
Requests: 1 HTTP requests in this frame

Frame: https://ad4m.at/frame.html
Frame ID: 1C9A80C6074503B7B3976EE3BA400F2D
Requests: 1 HTTP requests in this frame

Frame: https://as.ad4m.at/ad/rar?a=188906%2C15579%2C14019&b=4KZUEf5fA9rXCGH9HdtAtMmkzTbSpTVXUK%2Cj4YCEfGfbB2aYHEH2t6tWmGaZSzTMGS9%2CxM7tQfAfbRKtPHdHztQtRMWU7S6TgxaA&f=rBZFQf9f3PRZHAH7HjtJCVBdRFYS8TGdtd%2CxM7tQfAfMxpsPHdHztDCqWgS7S6TgxaA%2CY97Frf3f9GMfVH9HetgCRVeUkS1TbJUr&c=728&d=90&e=&g=56ea9913dbf08ee45efaabdfea351ea7%2F17948389842677730135&i=75451%2C26474%2C21596&j=22%2C41%2C16&k=0&l=0&m=0&n=&p=&q=&o=adf_Netmix_Reach09_Mweb_KreiselDeal&r=1661216568676&h=https%3A%2F%2Ftrack.adform.net%2FC%2F%3Fbn%3D37104562%3Bcrtbwp%3D0.074838-uxdQnHF2lQEJAdULupjElawhbuXXKDvH0%3Bcrtbdata%3DM9-Z3hVKlYRKxUEL0ElfocjgRHedBHg2ef0GNRsc8peltd8aI1YbmGs5W22QUdBXMi95g1qXc7X4llom4nvcxIpm3AJPgcSSb3IRDH31pKk318h3KExEobsrkpnf8kPkGnhAt96TPb1EV3PoH3iK8-VcmtUnLZaG8GBQ6jzMNYga6vvGz7RJ9VK_XO0KT6NLigyuMOc5_7Qm0dcCNkpUTqqh1hsJb1lLHsUeW1F3wxGVOR-lTG9rcodX0EX7r43BWNxJ3JFWgHYWzpcFMu9_LWT0lQkXAT8x0%3Badfibeg%3D0%3Bcdata%3DuTUMTIKLg7ASc5x_H_hRK9NsrEmeQv7dv2IhAEIHs8T2WUmd6gqM49-yQr5Uwg8bJyGcorp7hXsNoAr1I6LcPvtyo_bT1dqtHDiC3SsNMbT94cYkuPdDRa4WrCE8ovGnzIQIhGdsVEJholTa4zbQ2VA_gM4f-k2E-t0Sgi-O6BY6OsOKllYCzjuOiLq4yCDS0%3B%3BCREFURL%3Dhttps%253a%252f%252fsecurityaffairs.co%252fwordpress%252f133736%252fmalware%252fdsirf-behind-subzero-malware.html%3BC%3D1%3Bcpdir%3D&y=1&s=&z=0
Frame ID: BAF27951311A69CC72E9543A3AD702FA
Requests: 11 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

European firm DSIRF behind the attacks with Subzero surveillance malwareSecurity Affairs

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
  • /wp-(?:content|includes)/
Overall confidence: 100%
Detected patterns
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • <!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -
Overall confidence: 100%
Detected patterns
  • adnxs\.(?:net|com)
Overall confidence: 100%
Detected patterns
  • googlesyndication\.com/pagead/show_ads\.js
Overall confidence: 100%
Detected patterns
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Overall confidence: 100%
Detected patterns
  • googlesyndication\.com/
Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtm\.js
  • googletagmanager\.com/gtag/js
Overall confidence: 100%
Detected patterns
  • moatads\.com
Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.openx\.net
Overall confidence: 100%
Detected patterns
  • adnxs\.com/[^"]*(?:prebid|/pb\.js)
Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.pubmatic\.com
Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.rubiconproject\.com
Overall confidence: 100%
Detected patterns
  • tracker\.js
Overall confidence: 100%
Detected patterns
  • twemoji(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Overall confidence: 100%
Detected patterns
  • jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Page Statistics

326
Requests

86 %
HTTPS

25 %
IPv6

75
Domains

127
Subdomains

87
IPs

11
Countries

3949 kB
Transfer

6112 kB
Size

80
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 82
  • https://secure.adnxs.com/seg?add=27578926%2C27578926&t=1 HTTP 307
  • https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D27578926%252C27578926%26t%3D1
Request Chain 83
  • https://secure.adnxs.com/seg?add=27578935%2C27578935&t=1 HTTP 307
  • https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D27578935%252C27578935%26t%3D1
Request Chain 84
  • https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fsecurityaffairs.co%2F&domain=securityaffairs.co&cw=1&lsw=1 HTTP 302
  • https://mug.criteo.com/sid?cpp=r0zAcHxRUFBCOEJHV0NFNWI4TUVvbmRLSUw0U1VuZ1dNeDV5a0hBdmtiWmNscjFvV2JVMUZzTkhsMURCeGhtNE8vRXFHaGZDajRDSFdmRjdob0FyZjMwSlZUMGE5UE5xdVpuVE90RjVXUmlqcGdMbjMzWVRRbnNDSU1KbWZGUWxSVHpiTUVPelN0ekdXK1dlcFdpSmtNSVMvR2Erb0tVZVRYc1FpUERZczR3WDlad1plZUFFSmx0aHhFdjNSdjlPSHByREcvMnQ5aGhVK29RVDRXaFJTQ1EydEhIeWhqSzN5UUFBcmZHU2k1TGJERXhFPXw&cppv=2
Request Chain 139
  • https://ads.us.e-planning.net/uspd/1/?du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID HTTP 302
  • https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Request Chain 141
  • https://ib.adnxs.com/getuid?https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D8103fa85295fbe60%26fi%3D1122cdfada7bf47f%26uid%3D%24UID HTTP 302
  • https://u-ams02.e-planning.net/um?dc=8103fa85295fbe60&fi=1122cdfada7bf47f&uid=7779825215707672497
Request Chain 143
  • https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?&p=eplanning_eu&endpoint=eu HTTP 301
  • https://eus.rubiconproject.com/usync.html?&p=eplanning_eu&endpoint=eu
Request Chain 144
  • https://ssum.casalemedia.com/usermatch?s=190243&cb=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3D1122cdfada7bf47f%26uid%3D HTTP 302
  • https://r.casalemedia.com/usermatch?cb=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3D1122cdfada7bf47f%26uid%3D&s=190243&C=1
Request Chain 150
  • https://pixel.tapad.com/idsync/ex/push?partner_url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BTA_DEVICE_ID%7D%26zpartnerid%3D5%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3D657abbc5-c17d-4d8c-74f1-339b1274ef87%26reqId%3Df1a1bbda-0dfa-440c-7176-83ea04198e9a%26zdid%3D1361 HTTP 302
  • https://pixel.tapad.com/idsync/ex/push/check?partner_url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BTA_DEVICE_ID%7D%26zpartnerid%3D5%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3D657abbc5-c17d-4d8c-74f1-339b1274ef87%26reqId%3Df1a1bbda-0dfa-440c-7176-83ea04198e9a%26zdid%3D1361 HTTP 302
  • https://mwzeom.zeotap.com/mw?cid=4415b4b3-bb77-4eb3-91b9-88b3940bd3c1&zpartnerid=5&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=657abbc5-c17d-4d8c-74f1-339b1274ef87&reqId=f1a1bbda-0dfa-440c-7176-83ea04198e9a&zdid=1361
Request Chain 156
  • https://sync.tidaltv.com/genericusersync.ashx?dpid=3169&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=657abbc5-c17d-4d8c-74f1-339b1274ef87&reqId=f1a1bbda-0dfa-440c-7176-83ea04198e9a&zdid=1361 HTTP 302
  • https://sync.tidaltv.com/genericusersync.ashx?dpid=3169&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=657abbc5-c17d-4d8c-74f1-339b1274ef87&reqId=f1a1bbda-0dfa-440c-7176-83ea04198e9a&zdid=1361&s_h=1 HTTP 302
  • https://mwzeom.zeotap.com/mw?cid=465c6e62-b2b2-41ac-9851-19665f6e0631&zpartnerid=317&gdpr=1&gdpr_consent=
Request Chain 157
  • https://dpm.demdex.net/ibs:dpid=199624&dpuuid=657abbc5-c17d-4d8c-74f1-339b1274ef87&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BDD_UUID%7D%26zpartnerid%3D314%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3D657abbc5-c17d-4d8c-74f1-339b1274ef87%26reqId%3Df1a1bbda-0dfa-440c-7176-83ea04198e9a%26zdid%3D1361 HTTP 302
  • https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=199624&dpuuid=657abbc5-c17d-4d8c-74f1-339b1274ef87&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BDD_UUID%7D%26zpartnerid%3D314%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3D657abbc5-c17d-4d8c-74f1-339b1274ef87%26reqId%3Df1a1bbda-0dfa-440c-7176-83ea04198e9a%26zdid%3D1361 HTTP 302
  • https://mwzeom.zeotap.com/mw?cid=39569792789410797180614719976620002799&zpartnerid=314&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=657abbc5-c17d-4d8c-74f1-339b1274ef87&reqId=f1a1bbda-0dfa-440c-7176-83ea04198e9a&zdid=1361
Request Chain 159
  • https://bn01.er.bemail.it/zeotap.php?_bid=657abbc5-c17d-4d8c-74f1-339b1274ef87&_from=Zeotap&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=657abbc5-c17d-4d8c-74f1-339b1274ef87&reqId=f1a1bbda-0dfa-440c-7176-83ea04198e9a&zdid=1361 HTTP 302
  • https://mwzeom.zeotap.com/mw?cid=BE1-2022082310-15991-0.713824001661242946-6a8ec3fe901478b5d9e8381aaa8e922c&zdid=533&env=mWeb
Request Chain 160
  • https://dsp.adfarm1.adition.com/cookie/?redirect=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%25%25COOKIE%25%25%26env%3DmWeb%26zpartnerid%3D563%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3D657abbc5-c17d-4d8c-74f1-339b1274ef87%26reqId%3Df1a1bbda-0dfa-440c-7176-83ea04198e9a%26zdid%3D1361 HTTP 302
  • https://mwzeom.zeotap.com/mw?cid=7134870809663699093&env=mWeb&zpartnerid=563&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=657abbc5-c17d-4d8c-74f1-339b1274ef87&reqId=f1a1bbda-0dfa-440c-7176-83ea04198e9a&zdid=1361
Request Chain 162
  • https://idsync.frontend.weborama.fr/ids?key=zeotap&value=657abbc5-c17d-4d8c-74f1-339b1274ef87&url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fwebouuid%3D%7BWEBO_CID%7D%26env%3DmWeb%26zpartnerid%3D431%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3D657abbc5-c17d-4d8c-74f1-339b1274ef87%26reqId%3Df1a1bbda-0dfa-440c-7176-83ea04198e9a%26zdid%3D1361 HTTP 302
  • https://idsync.frontend.weborama.fr/ids?key=zeotap&value=657abbc5-c17d-4d8c-74f1-339b1274ef87&url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fwebouuid%3D%7BWEBO_CID%7D%26env%3DmWeb%26zpartnerid%3D431%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3D657abbc5-c17d-4d8c-74f1-339b1274ef87%26reqId%3Df1a1bbda-0dfa-440c-7176-83ea04198e9a%26zdid%3D1361&bounce=1&random=562087590 HTTP 302
  • https://mwzeom.zeotap.com/mw?webouuid=917u33a5AJjt62AnIQjA6u&env=mWeb&zpartnerid=431&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=657abbc5-c17d-4d8c-74f1-339b1274ef87&reqId=f1a1bbda-0dfa-440c-7176-83ea04198e9a&zdid=1361
Request Chain 164
  • https://bcp.crwdcntrl.net/map/c=13620/tp=ZEOT/tpid=657abbc5-c17d-4d8c-74f1-339b1274ef87?https://mwzeom.zeotap.com/mw?pid=${profile_id}&zpartnerid=637&env=mWeb&gdpr=1&gdpr_consent=&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=657abbc5-c17d-4d8c-74f1-339b1274ef87&reqId=f1a1bbda-0dfa-440c-7176-83ea04198e9a&zdid=1361 HTTP 302
  • https://bcp.crwdcntrl.net/map/ct=y/c=13620/tp=ZEOT/tpid=657abbc5-c17d-4d8c-74f1-339b1274ef87?https://mwzeom.zeotap.com/mw?pid=${profile_id}&zpartnerid=637&env=mWeb&gdpr=1&gdpr_consent=&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=657abbc5-c17d-4d8c-74f1-339b1274ef87&reqId=f1a1bbda-0dfa-440c-7176-83ea04198e9a&zdid=1361 HTTP 302
  • https://mwzeom.zeotap.com/mw?pid=&zpartnerid=637&env=mWeb&gdpr=1&gdpr_consent=&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=657abbc5-c17d-4d8c-74f1-339b1274ef87&reqId=f1a1bbda-0dfa-440c-7176-83ea04198e9a&zdid=1361
Request Chain 165
  • https://cms.analytics.yahoo.com/cms?partner_id=ZTAP HTTP 302
  • https://mwzeom.zeotap.com/mw?cid=y-UKQzciRE2ooDiIkT_0J9vGHByhBzGSto0A--~A&zpartnerid=570&env=mWeb
Request Chain 166
  • https://aa.agkn.com/adscores/g.pixel?sid=9212299398&zctry=DEU&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=657abbc5-c17d-4d8c-74f1-339b1274ef87&reqId=f1a1bbda-0dfa-440c-7176-83ea04198e9a&zdid=1361 HTTP 302
  • https://mwzeom.zeotap.com/mw?zpartnerid=660&env=mWeb&zctry=DEU&zdid=1361&cid=lwS6x6TnrYpl3dfw4ANLBzQL3XqM1hb9%2BS41iYitP1U%3D
Request Chain 170
  • https://pixel.mathtag.com/sync/img?mt_exid=10092&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%5BMM_UUID%5D%26env%3DmWeb%26zpartnerid%3D979%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3D657abbc5-c17d-4d8c-74f1-339b1274ef87%26reqId%3Df1a1bbda-0dfa-440c-7176-83ea04198e9a%26zdid%3D1361 HTTP 302
  • https://mwzeom.zeotap.com/mw?cid=98066304-2733-4000-bf11-d38943c8bf93&env=mWeb&zpartnerid=979&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=657abbc5-c17d-4d8c-74f1-339b1274ef87&reqId=f1a1bbda-0dfa-440c-7176-83ea04198e9a&zdid=1361
Request Chain 171
  • https://usermatch.krxd.net/um/v2?partner=zeotap&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=657abbc5-c17d-4d8c-74f1-339b1274ef87&reqId=f1a1bbda-0dfa-440c-7176-83ea04198e9a&zdid=1361 HTTP 302
  • https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=zeotap&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=657abbc5-c17d-4d8c-74f1-339b1274ef87&reqId=f1a1bbda-0dfa-440c-7176-83ea04198e9a&zdid=1361
Request Chain 172
  • https://aax-eu.amazon-adsystem.com/s/dcm?pid=cda341cb-196c-4da8-897b-752ce4bb588d&id=657abbc5-c17d-4d8c-74f1-339b1274ef87&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=657abbc5-c17d-4d8c-74f1-339b1274ef87&reqId=f1a1bbda-0dfa-440c-7176-83ea04198e9a&zdid=1361 HTTP 302
  • https://aax-eu.amazon-adsystem.com/s/dcm?pid=cda341cb-196c-4da8-897b-752ce4bb588d&id=657abbc5-c17d-4d8c-74f1-339b1274ef87&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=657abbc5-c17d-4d8c-74f1-339b1274ef87&reqId=f1a1bbda-0dfa-440c-7176-83ea04198e9a&zdid=1361&dcc=t
Request Chain 173
  • https://s.amazon-adsystem.com/dcm?pid=39af290e-e48a-466a-ba7d-77872fa636b5&id=657abbc5-c17d-4d8c-74f1-339b1274ef87&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=657abbc5-c17d-4d8c-74f1-339b1274ef87&reqId=f1a1bbda-0dfa-440c-7176-83ea04198e9a&zdid=1361 HTTP 302
  • https://s.amazon-adsystem.com/dcm?pid=39af290e-e48a-466a-ba7d-77872fa636b5&id=657abbc5-c17d-4d8c-74f1-339b1274ef87&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=657abbc5-c17d-4d8c-74f1-339b1274ef87&reqId=f1a1bbda-0dfa-440c-7176-83ea04198e9a&zdid=1361&dcc=t
Request Chain 175
  • https://obgpm76tt0a0sgogzhdfe.redinuid.imrworldwide.com/zeo?url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D1395%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3D657abbc5-c17d-4d8c-74f1-339b1274ef87%26reqId%3Df1a1bbda-0dfa-440c-7176-83ea04198e9a%26zdid%3D1361 HTTP 302
  • https://mwzeom.zeotap.com/mw?zpartnerid=1395&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=657abbc5-c17d-4d8c-74f1-339b1274ef87&reqId=f1a1bbda-0dfa-440c-7176-83ea04198e9a&zdid=1361
Request Chain 178
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YwQnM2UlIhxPnAzDgoUIbAAABJgAAAIB HTTP 302
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YwQnM2UlIhxPnAzDgoUIbAAABJgAAAIB&dcc=t
Request Chain 181
  • https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D&gdpr=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=YwQnM2UlIhxPnAzDgoUIbAAA HTTP 302
  • https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=casale_media2_dbm&google_cm=&google_sc=&google_hm=YwQnM2UlIhxPnAzDgoUIbAAA&google_tc= HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEGWJEvTLMtZuembPqPci4mo&google_cver=1&gdpr=1
Request Chain 182
  • https://b1sync.zemanta.com/usersync/index/?us_privacy=&gdpr=1&gdpr_consent= HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=17&external_user_id=&gdpr=1
Request Chain 183
  • https://gu.dyntrk.com/adx/ie/us.php?dynk=1nd3xx6ch1&gdpr=1 HTTP 302
  • https://gu.dyntrk.com/adx/ie/us.php?dynk=1nd3xx6ch1&gdpr=1&prevuid=&knw=0 HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=196&external_user_id=
Request Chain 184
  • https://casale-match.dotomi.com/match/bounce/current?networkId=19998&version=1&gdpr=1 HTTP 302
  • https://dsum.casalemedia.com/rum?cm_dsp_id=65&external_user_id=&expiration=1661302963&gdpr=1
Request Chain 189
  • https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id= HTTP 302
  • https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=&dcc=t HTTP 302
  • https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=uBRfswtSRL6NbuzTpCRbTA&rk=usync-na HTTP 302
  • https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=uBRfswtSRL6NbuzTpCRbTA
Request Chain 190
  • https://token.rubiconproject.com/token?pid=26594 HTTP 302
  • https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=L75HG7F9-9-LNLQ&sigv=1&esig=2~14807bfde545df0a8e55a605f0c139e2d81df8ba
Request Chain 191
  • https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEKP0Pzmt4hZUKKC3WZ9L3-U&google_cver=1
Request Chain 192
  • https://token.rubiconproject.com/token?pid=2974&pt=n&a=1 HTTP 302
  • https://pr-bh.ybp.yahoo.com/sync/rubicon/8Qud58iiTOd2dL0J9OK_dw?csrc= HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=5092213599040779701
Request Chain 193
  • https://token.rubiconproject.com/token?pid=36584 HTTP 302
  • https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=L75HG7F9-9-LNLQ
Request Chain 195
  • https://token.rubiconproject.com/token?pid=2249&pt=n HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=OTBjZmI5MDE3MTE3MGU3Y2UzYmU5YjBkM2Q4NDM5NGI1NzEyZGY1OQ
Request Chain 220
  • https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=90&slotname=Internal_728x90_0.10&adk=1194620937&adf=1480696134&pi=t.ma~as.Internal_728x90_0.10&w=728&lmt=1661216565&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F133736%2Fmalware%2Fdsirf-behind-subzero-malware.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1661216565852&bpp=10&bdt=92&idt=74&shv=r20220818&mjsv=m202208160101&ptt=5&saldr=sa&correlator=5823018527274&frm=21&ife=1&pv=2&ga_vid=2030666481.1661216562&ga_sid=1661216566&ga_hid=618596873&ga_fc=1&nhd=1&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=520&biw=1600&bih=1200&isw=728&ish=90&ifk=553731815&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842&oid=2&pvsid=491855753043038&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&cms=2&fu=4&bc=31&ifi=1&uci=1.o2ipbk8tn9o6&fsb=1&xpc=W4oSFELnWW&p=https%3A//securityaffairs.co&dtd=86 HTTP 302
  • https://served-by.pixfuture.com/www/delivery/afr.php
Request Chain 224
  • https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=50&slotname=Internal_320x50_0.10&adk=468307373&adf=1480696135&pi=t.ma~as.Internal_320x50_0.10&w=320&lmt=1661216565&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F133736%2Fmalware%2Fdsirf-behind-subzero-malware.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1661216565879&bpp=13&bdt=57&idt=86&shv=r20220818&mjsv=m202208180101&ptt=5&saldr=sa&correlator=5823018527274&frm=21&ife=1&pv=1&ga_vid=2030666481.1661216562&ga_sid=1661216566&ga_hid=10863116&ga_fc=1&nhd=1&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=896&biw=1600&bih=1200&isw=320&ish=50&ifk=585449129&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31069050%2C44764001&oid=2&pvsid=1116817671410710&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.7at2rsrzf9iw&fsb=1&xpc=LrO2V7Mcft&p=https%3A//securityaffairs.co&dtd=99 HTTP 302
  • https://served-by.pixfuture.com/www/delivery/afr.php
Request Chain 228
  • https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=250&slotname=Internal_300x250_0.10&adk=1639670682&adf=1480696132&pi=t.ma~as.Internal_300x250_0._&w=300&lmt=1661216565&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F133736%2Fmalware%2Fdsirf-behind-subzero-malware.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1661216565902&bpp=16&bdt=66&idt=90&shv=r20220818&mjsv=m202208170101&ptt=5&saldr=sa&correlator=5823018527274&frm=21&ife=1&pv=1&ga_vid=2030666481.1661216562&ga_sid=1661216566&ga_hid=1273849955&ga_fc=1&nhd=1&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=3184&biw=1600&bih=1200&isw=300&ish=250&ifk=1077730157&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C31069049%2C44764001&oid=2&pvsid=419439792104956&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C250&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.5enf0sifjry6&btvi=1&fsb=1&xpc=ASXKkL5Ag5&p=https%3A//securityaffairs.co&dtd=101 HTTP 302
  • https://served-by.pixfuture.com/www/delivery/afr.php
Request Chain 285
  • https://ghent-aws-fr.bidswitch.net/imp/0.06960/BSWhttps_A_B_Btrack.adform.net_Badfscript_B_Cbn_R37104562_Qrtbwp_R_I_WAUCTION__PRICE_X-uxdQnHF2lQEJAdULupjElawhbuXXKDvH0_Qrtbdata_RM9-Z3hVKlYRKxUEL0ElfocjgRHedBHg2ef0GNRsc8peltd8aI1YbmGs5W22QUdBXMi95g1qXc7X4llom4nvcxIpm3AJPgcSSb3IRDH31pKk318h3KExEobsrkpnf8kPkGnhAt96TPb1EV3PoH3iK8-VcmtUnLZaG8GBQ6jzMNYga6vvGz7RJ9VK__XO0KT6NLigyuMOc5__7Qm0dcCNkpUTqqh1hsJb1lLHsUeW1F3wxGVOR-lTG9rcodX0EX7r43BWNxJ3JFWgHYWzpcFMu9__LWT0lQkXAT8x0_Q_QOOBClickTrack_R_I_WCLICK__URL_AURLENCODE_X/MfEgK2xOHRQIn6hAI-z7WQGSmzF0PXmiPo6iUyXsTsdVjgUBfGGn06-rpN1ov7mEEGkkWwqjuJQRGpSjcf4kJqnLojM2PbyOODJOGPef5QDxX4LZCDGe3gnS368paodUaB55Jlh8glZOBphz3UCmfdxfaSS3oW8bgZUWd7j-8UN8-LaTwZn9UgmXsXR7UbH1KpmKgRqf9AD-0f9_-o0J-ts1l62tOZ825eGZzf-9SIPZ4zj1d4FPlvEjmlXpvK4_L7EX6DLhHO5uget2qWXEbDo88QdhL5MpobuqjoSYKG6bSCmkEYLRD3x8lRPBpYSyHrQmGDeIbaHB76LuTi8tqJCel9fc1S2Omy3IDiDWcKAY9Xcgy3_NlBc41FXOdMfxer_KiF8RR6olncFJ_2eUOlniBQI8mUwxAG_jeHvKfmI6VZyy37Xr00pEzKo1wZOZwR9J3deT7bMrsI2QNZHcQD-gZjqO5-mSSGGrQl02KpDaJBnn7LbA7FEaPfVKb7lVZXWBqTs8X9BPaZ4sU_Yen2E6GSbi9BPPgLl2YJyYK6nJ8gqQzLCafYNTQ7Hale6bUMGuMi7uNw0Urfw0s1vkcIWGsmuYF63hFoyQ9z84NlIEYRO44afCV8KcA80SJL7o8E2ClJuuUZJ0WOZabtnvNZYQUeBVuvICrxzG3OgFeM6ppPSptUCXqEGzjYvpOypAp595EJuejlTPfhHPMLUJRjzgozzuDEUAhmCtn33NW8P4tWwQmNHRXl_XOupobi3JVT_dNTx8FlLOBrK3xIzJobFgaq6dMmOv4AmU7LOLPWdGlnl0JsLqlsWK7dYoskWIEBq23bCKb6ZmyXa5wg8f7je9rLr_DEFf8NY5V7ddUoaDh_ZjDuMw0bT51drQbeOqdwHLEao_iCJUYnMqles2xzLyS--d5_Z3SH1BSWSkDhkPZEedZQdBKQQXgJk/$%7BCLICK_URL_ENC%7D HTTP 302
  • https://track.adform.net/adfscript/?bn=37104562;rtbwp=0.074838-uxdQnHF2lQEJAdULupjElawhbuXXKDvH0;rtbdata=M9-Z3hVKlYRKxUEL0ElfocjgRHedBHg2ef0GNRsc8peltd8aI1YbmGs5W22QUdBXMi95g1qXc7X4llom4nvcxIpm3AJPgcSSb3IRDH31pKk318h3KExEobsrkpnf8kPkGnhAt96TPb1EV3PoH3iK8-VcmtUnLZaG8GBQ6jzMNYga6vvGz7RJ9VK_XO0KT6NLigyuMOc5_7Qm0dcCNkpUTqqh1hsJb1lLHsUeW1F3wxGVOR-lTG9rcodX0EX7r43BWNxJ3JFWgHYWzpcFMu9_LWT0lQkXAT8x0;;OOBClickTrack=$%7BCLICK_URL_ENC%7D
Request Chain 286
  • https://aws-fr-sync.bidswitch.net/sync?ssp=emxdigital&dsp_id=70&imp=1 HTTP 302
  • https://aws-fr-sync.bidswitch.net/ul_cb/sync?ssp=emxdigital&dsp_id=70&imp=1 HTTP 302
  • https://c1.adform.net/serving/cookie/match/?party=24&bidswitch_ssp_id=emxdigital HTTP 302
  • https://c1.adform.net/serving/cookie/match/?CC=1&party=24&bidswitch_ssp_id=emxdigital HTTP 302
  • https://x.bidswitch.net/sync?dsp_id=70&user_id=5811457281666223727&ssp=emxdigital HTTP 302
  • https://e1.emxdgt.com/put?d=d21&uid=ed9c7036-2a9a-4f52-9563-0ae1b4f690f6&gdpr=&gdpr_consent=
Request Chain 287
  • https://imp-euro.emxdgt.com/imp/?cp=0.06960&ts=1661216563&seat=70&w=728&h=90&pb=0.05568&sid=9508&tid=82818&pid=1323&uid=68411661216562783682f1&wid=21&dom=securityaffairs.co&tp=0.06960&mt=1&dt=2&st=1&os=&ip=81.95.5.37&sz=&country=DE&region=BY&city=Hof&zip=&dma=&agency_id=&cluster=euro-hb&browser=chrome&rf=securityaffairs.co&data_fee_type=&data_fee=0&clstr_nm=header-bidding-euro-4&ua=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/104.0.5112.101%20Safari/537.36&make=&ifa=&adom=ad4m.at&cat=3&gdpr=1&crid=70_37104562&burlv2=aHR0cHMlM0ElMkYlMkZnaGVudC1hd3MtZnIuYmlkc3dpdGNoLm5ldCUyRndpbl9ub3RpY2UlMkZlbXhkaWdpdGFsX2JpZCUzRnJpZCUzRE1mRWdLMnhPSFJRSW42aEFJLXo3V1FHU216RjBQWG1pUG82aVV5WHNUc2RWamdVQmZHR24wNi1ycE4xb3Y3bUVFR2trV3dxanVKUVJHcFNqY2Y0a0pxbkxvak0yUGJ5T09ESk9HUGVmNVFEeFg0TFpDREdlM2duUzM2OHBhb2RVYUI1NUpsaDhnbFpPQnBoejNVQ21mZHhmYVNTM29XOGJnWlVXZDdqLThVTjgtTGFUd1puOVVnbVhzWFI3VWJIMUtwbUtnUnFmOUFELTBmOV8tbzBKLXRzMWw2MnRPWjgyNWVHWnpmLTlTSVBaNHpqMWQ0RlBsdkVqbWxYcHZLNF9MN0VYNkRMaEhPNXVnZXQycVdYRWJEbzg4UWRoTDVNcG9idXFqb1NZS0c2YlNDbWtFWUxSRDN4OGxSUEJwWVN5SHJRbUdEZUliYUhCNzZMdVRpOHRxSkNlbDlmYzFTMk9teTNJRGlEV2NLQVk5WGNneTNfTmxCYzQxRlhPZE1meGVyX0tpRjhSUjZvbG5jRkpfMmVVT2xuaUJRSThtVXd4QUdfamVIdktmbUk2Vlp5eTM3WHIwMHBFektvMXdaT1p3UjlKM2RlVDdiTXJzSTJRTlpIY1FELWdaanFPNS1tU1NHR3JRbDAyS3BEYUpCbm43TGJBN0ZFYVBmVktiN2xWWlhXQnFUczhYOUJQYVo0c1VfWWVuMkU2R1NiaTlCUFBnTGwyWUp5WUs2bko4Z3FRekxDYWZZTlRRN0hhbGU2YlVNR3VNaTd1TncwVXJmdzBzMXZrY0lXR3NtdVlGNjNoRm95UTl6ODRObElFWVJPNDRhZkNWOEtjQTgwU0pMN284RTJDbEp1dVVaSjBXT1phYnRudk5aWVFVZUJWdXZJQ3J4ekczT2dGZU02cHBQU3B0VUNYcUVHempZdnBPeXBBcDU5NUVKdWVqbFRQZmhIUE1MVUpSanpnb3p6dURFVUFobUN0bjMzTlc4UDR0V3dRbU5IUlhsX1hPdXBvYmkzSlZUX2ROVHg4RmxMT0JySzN4SXpKb2JGZ2FxNmRNbU92NEFtVTdMT0xQV2RHbG5sMEpzTHFsc1dLN2RZb3NrV0lFQnEyM2JDS2I2Wm15WGE1d2c4ZjdqZTlyTHJfREVGZjhOWTVWN2RkVW9hRGhfWmpEdU13MGJUNTFkclFiZU9xZHdITEVhb19pQ0pVWW5NcWxlczJ4ekx5Uy0tZDVfWjNTSDFCU1dTa0Roa1BaRWVkWlFkQktRUVhnSmslMjZwJTNEJTI0JTdCRU1YX0JVUkwlN0QlMjZhaWQlM0Q= HTTP 302
  • https://biddr.brealtime.com/check_gdpr.js
Request Chain 311
  • https://private.vodafone-affiliate.de/tpv.php?t=112510V1175122964M&cons=&subid=oneid4KZUEf5fA9rXCGH9HdtAtMmkzTbSpTVXUKoneid__adf_Netmix_Reach09_Mweb_KreiselDeal&gdpr_consent=&gdpr=0&gdpr_pd=0 HTTP 302
  • https://m.exactag.com/ai.aspx?extCa=707&extTcm=AffDisPer12218C|NonCpoNon|fq0gen&url=http://vfd2dyn.vodafone.de/csp/csp.php?b_id=1744&r_id=htlp&aid=2022082303024875218107569X112510V1175122964MSoneid4KZUEf5fA9rXCGH9HdtAtMmkzTbSpTVXUKoneid__adf_Netmix_Reach09_Mweb_KreiselDeal&affiliate=112510&VFAffID=12218&pid=12218&extProvId=315&extProvApi=129048&extPu=12218&extLi=112510&extPm=112510&extCr=WWWWW HTTP 302
  • https://vfd2dyn.vodafone.de/csp/csp.php?b_id=1744&r_id=htlp&aid=2022082303024875218107569X112510V1175122964MSoneid4KZUEf5fA9rXCGH9HdtAtMmkzTbSpTVXUKoneid__adf_Netmix_Reach09_Mweb_KreiselDeal&affiliate=112510&VFAffID=12218&pid=12218&extProvId=315&extProvApi=129048&extPu=12218&extLi=112510&extPm=112510&extCr=WWWWW
Request Chain 314
  • https://pv.medialead.de/trck/epv/2aed39855b5f46b7d90f959867be60f8?t=htlp&subid=oneidj4YCEfGfbB2aYHEH2t6tWmGaZSzTMGS9oneid__adf_Netmix_Reach09_Mweb_KreiselDeal&gdpr_consent=&gdpr=0&gdpr_pd=0 HTTP 302
  • https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=57372&dt_subid2=oneidj4YCEfGfbB2aYHEH2t6tWmGaZSzTMGS9oneid__adf_Netmix_Reach09_Mweb_KreiselDeal&actionid=981741&produktid=&dt_url=
Request Chain 317
  • https://www.awin1.com/cshow.php?s=2470185&v=11354&q=377129&r=412871&pv=1&pref3=oneidxM7tQfAfbRKtPHdHztQtRMWU7S6TgxaAoneid__adf_Netmix_Reach09_Mweb_KreiselDeal&gdpr_consent=&gdpr=0&gdpr_pd=0 HTTP 302
  • https://www.zenaps.com/cshow.php?pvr=4e58b220-227f-11ed-89c6-2237875fe73c&v=11354&r=412871&q=377129&s=2470185&viewref3=oneidxM7tQfAfbRKtPHdHztQtRMWU7S6TgxaAoneid__adf_Netmix_Reach09_Mweb_KreiselDeal&pv=1&gdpr=0&gdpr_consent= HTTP 302
  • https://www.conrad.de/ztpv.php?awc=11354_412871_1661216568_4e58b220-227f-11ed-89c6-2237875fe73c&insert=AW&&gdpr=0&gdpr_consent=

326 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request dsirf-behind-subzero-malware.html
securityaffairs.co/wordpress/133736/malware/ 		101 KB
27 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/133736/malware/dsirf-behind-subzero-malware.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
1dbf1a750e300830f25da7f805b4d3d4a1e0d2fc9b479b298cbb7ac7a7d1cd36

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Tue, 23 Aug 2022 01:02:39 GMT
link
<https://securityaffairs.co/wordpress/wp-json/>; rel="https://api.w.org/", <https://securityaffairs.co/wordpress/wp-json/wp/v2/posts/133736>; rel="alternate"; type="application/json", <https://securityaffairs.co/wordpress/?p=133736>; rel=shortlink
server
Apache
x-pingback
https://securityaffairs.co/wordpress/xmlrpc.php
style.css
securityaffairs.co/wordpress/wp-includes/css/dist/block-library/ 		101 KB
101 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-includes/css/dist/block-library/style.css?ver=a27a5f2dbcd76fca02b031770446541d
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/133736/malware/dsirf-behind-subzero-malware.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
6acaf1e28f06b9575940731ab904b18dde4d2bf52618c42fddb14d0d9b6c028c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/133736/malware/dsirf-behind-subzero-malware.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 01:02:41 GMT
last-modified
Tue, 12 Jul 2022 21:45:23 GMT
server
Apache
accept-ranges
bytes
etag
"193c1-5e3a295f4b1f7"
content-length
103361
content-type
text/css
mediaelementplayer-legacy.min.css
securityaffairs.co/wordpress/wp-includes/js/mediaelement/ 		11 KB
11 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css?ver=4.2.16
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/133736/malware/dsirf-behind-subzero-malware.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
b7908a015a567ec2363011df2475368dbff34360e9da3fdff50604d6395fb646

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/133736/malware/dsirf-behind-subzero-malware.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 01:02:41 GMT
last-modified
Wed, 09 Dec 2020 23:31:00 GMT
server
Apache
accept-ranges
bytes
etag
"2bf8-5b61073acf500"
content-length
11256
content-type
text/css
wp-mediaelement.css
securityaffairs.co/wordpress/wp-includes/js/mediaelement/ 		5 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-includes/js/mediaelement/wp-mediaelement.css?ver=a27a5f2dbcd76fca02b031770446541d
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/133736/malware/dsirf-behind-subzero-malware.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
6d9f061cba81145d9bab0964192d66cb2e13a71591482cdfaf5b718341171da1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/133736/malware/dsirf-behind-subzero-malware.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 01:02:41 GMT
last-modified
Wed, 13 Nov 2019 23:52:08 GMT
server
Apache
accept-ranges
bytes
etag
"1360-597430d761a00"
content-length
4960
content-type
text/css
cookie-law-info-public.css
securityaffairs.co/wordpress/wp-content/plugins/cookie-law-info/public/css/ 		3 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/plugins/cookie-law-info/public/css/cookie-law-info-public.css?ver=2.1.2
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/133736/malware/dsirf-behind-subzero-malware.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
fbe820b6140ad28e86f34ffae507d807cf591a22697a05b71958f2014e96a9e4

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/133736/malware/dsirf-behind-subzero-malware.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 01:02:41 GMT
last-modified
Mon, 09 May 2022 23:09:21 GMT
server
Apache
accept-ranges
bytes
etag
"c22-5de9c4c5f3471"
content-length
3106
content-type
text/css
cookie-law-info-gdpr.css
securityaffairs.co/wordpress/wp-content/plugins/cookie-law-info/public/css/ 		27 KB
27 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/plugins/cookie-law-info/public/css/cookie-law-info-gdpr.css?ver=2.1.2
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/133736/malware/dsirf-behind-subzero-malware.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
655ae452d922f501b62c7028fc35e238138de989387381cc1ed9cea9085864db

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/133736/malware/dsirf-behind-subzero-malware.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 01:02:41 GMT
last-modified
Mon, 09 May 2022 23:09:21 GMT
server
Apache
accept-ranges
bytes
etag
"6a71-5de9c4c5f3471"
content-length
27249
content-type
text/css
ssba.css
securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/css/ 		142 KB
142 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/css/ssba.css?ver=1654300135
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/133736/malware/dsirf-behind-subzero-malware.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
fdb60418f2e23b359b2ade2aca337dccf02e24215d1a77bb816ba1820e5bbff0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/133736/malware/dsirf-behind-subzero-malware.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 01:02:41 GMT
last-modified
Fri, 03 Jun 2022 23:48:55 GMT
server
Apache
accept-ranges
bytes
etag
"23809-5e093c3f1132e"
content-length
145417
content-type
text/css
font-awesome.min.css
maxcdn.bootstrapcdn.com/font-awesome/4.3.0/css/ 		23 KB
6 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://maxcdn.bootstrapcdn.com/font-awesome/4.3.0/css/font-awesome.min.css?ver=8.2.6
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/133736/malware/dsirf-behind-subzero-malware.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:bcf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
541ac58217a8ade1a5e292a65a0661dc9db7a49ae13654943817a4fbc6761afd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 01:02:41 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
cdn-edgestorageid
632, 617, 617
age
5248288
cdn-cachedat
2021-06-08 21:08:57
cdn-pullzone
252412
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
timing-allow-origin
*
access-control-allow-origin
*
last-modified
Mon, 25 Jan 2021 22:04:54 GMT
server
cloudflare
cdn-requestpullcode
200
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/css; charset=utf-8
cdn-cache
HIT
vary
Accept-Encoding
cache-control
public, max-age=31919000
cdn-uid
b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid
6c27480193430d6ea3ddfc5c9cf7f881
cf-ray
73efec9318199076-FRA
cdn-requestcountrycode
DE
cdn-status
200
cdn-requestpullsuccess
True
custom.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/jqueryui/ 		19 KB
20 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/jqueryui/custom.css?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/133736/malware/dsirf-behind-subzero-malware.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
e89bbc7723c5114f9cf138c6019bbca4e4f5e13f6b9febaa38c92c4c3584a964

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/133736/malware/dsirf-behind-subzero-malware.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 01:02:41 GMT
last-modified
Wed, 16 Dec 2015 13:54:59 GMT
server
Apache
accept-ranges
bytes
etag
"4d92-52704407f72c0"
content-length
19858
content-type
text/css
tipsy.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/ 		539 B
683 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/tipsy.css?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/133736/malware/dsirf-behind-subzero-malware.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
8d732b3483eb44546a848a82cc9d6a584c81860aae7255f7ac589dcb3f130535

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/133736/malware/dsirf-behind-subzero-malware.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 01:02:41 GMT
last-modified
Wed, 16 Dec 2015 06:58:04 GMT
server
Apache
accept-ranges
bytes
etag
"21b-526fe6d7cd700"
content-length
539
content-type
text/css
flexslider.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/flexslider/ 		6 KB
6 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/flexslider/flexslider.css?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/133736/malware/dsirf-behind-subzero-malware.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
759949fb0ffaa47eb3755d704adfee7be3ab4fd3d3fa2f37381ca6ea8b9506b1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/133736/malware/dsirf-behind-subzero-malware.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 01:02:41 GMT
last-modified
Wed, 16 Dec 2015 13:55:09 GMT
server
Apache
accept-ranges
bytes
etag
"1851-5270441180940"
content-length
6225
content-type
text/css
animation.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/ 		2 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/animation.css?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/133736/malware/dsirf-behind-subzero-malware.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
2333802e4a0c86b4cc4c71b376fc0aedc3b03039bfc777d96105f82231215732

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/133736/malware/dsirf-behind-subzero-malware.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 01:02:41 GMT
last-modified
Wed, 16 Dec 2015 06:58:02 GMT
server
Apache
accept-ranges
bytes
etag
"6b4-526fe6d5e5280"
content-length
1716
content-type
text/css
font-awesome.min.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/ 		17 KB
18 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/font-awesome.min.css?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/133736/malware/dsirf-behind-subzero-malware.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
b12c1cd811f54d11bfdcb5e235e73934a8b8a7a85eafb8529117f9a5bb64ccf8

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/133736/malware/dsirf-behind-subzero-malware.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 01:02:41 GMT
last-modified
Wed, 16 Dec 2015 06:58:02 GMT
server
Apache
accept-ranges
bytes
etag
"4574-526fe6d5e5280"
content-length
17780
content-type
text/css
swipebox.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 		4 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/swipebox.css?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/133736/malware/dsirf-behind-subzero-malware.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
9a47abcc220084cd32dd51bd76f84ff7839e2dbf1a132fb970e8a1437f03726b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/133736/malware/dsirf-behind-subzero-malware.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 01:02:41 GMT
last-modified
Wed, 16 Dec 2015 06:58:18 GMT
server
Apache
accept-ranges
bytes
etag
"118d-526fe6e527680"
content-length
4493
content-type
text/css
jquery.circliful.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/ 		334 B
478 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/jquery.circliful.css?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/133736/malware/dsirf-behind-subzero-malware.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
7478123ab457a28ecf9df78f2832fbdbefc205eaef0930b4f6666903e756be46

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/133736/malware/dsirf-behind-subzero-malware.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 01:02:41 GMT
last-modified
Wed, 16 Dec 2015 06:58:02 GMT
server
Apache
accept-ranges
bytes
etag
"14e-526fe6d5e5280"
content-length
334
content-type
text/css
screen.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/ 		110 KB
110 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/screen.css?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/133736/malware/dsirf-behind-subzero-malware.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
13b61826fde5b78966364a0bfe1f2309da1f0ccd75923528a5014978b7276742

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/133736/malware/dsirf-behind-subzero-malware.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 01:02:41 GMT
last-modified
Wed, 16 Dec 2015 06:58:04 GMT
server
Apache
accept-ranges
bytes
etag
"1b844-526fe6d7cd700"
content-length
112708
content-type
text/css
custom-css.php
securityaffairs.co/wordpress/wp-content/themes/rigel_old/templates/ 		12 KB
12 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/templates/custom-css.php?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/133736/malware/dsirf-behind-subzero-malware.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
18d61b5ee68a57bd7a4733f776f9f8aa5c353e7f35a420881523b6edbf7c6b19

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/133736/malware/dsirf-behind-subzero-malware.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 01:02:41 GMT
content-type
text/css; charset: UTF-8;charset=UTF-8
server
Apache
grid.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/ 		49 KB
50 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/grid.css?ver=a27a5f2dbcd76fca02b031770446541d
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/133736/malware/dsirf-behind-subzero-malware.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
00d534b6d1d7adf2faa7861ce9557403c3c08304e2791fd4301029b0e142c286

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/133736/malware/dsirf-behind-subzero-malware.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 01:02:41 GMT
last-modified
Wed, 16 Dec 2015 06:58:03 GMT
server
Apache
accept-ranges
bytes
etag
"c5f2-526fe6d6d94c0"
content-length
50674
content-type
text/css
sharing.css
securityaffairs.co/wordpress/wp-content/plugins/jetpack/modules/sharedaddy/ 		18 KB
19 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/plugins/jetpack/modules/sharedaddy/sharing.css?ver=11.2
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/133736/malware/dsirf-behind-subzero-malware.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
dda6ad33ac53197002b0e3c6c09f3714a6c79b73969d15666500689d8fc50d3c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/133736/malware/dsirf-behind-subzero-malware.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 01:02:41 GMT
last-modified
Thu, 04 Aug 2022 22:03:27 GMT
server
Apache
accept-ranges
bytes
etag
"4991-5e57184efbe91"
content-length
18833
content-type
text/css
social-logos.css
securityaffairs.co/wordpress/wp-content/plugins/jetpack/_inc/social-logos/ 		12 KB
12 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/plugins/jetpack/_inc/social-logos/social-logos.css?ver=11.2
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/133736/malware/dsirf-behind-subzero-malware.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
4cdecc62f5b2c8e9f7cf7b14b9fd42e0c4787d912c1b71426cdfbe0144cede46

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/133736/malware/dsirf-behind-subzero-malware.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 01:02:41 GMT
last-modified
Thu, 04 Aug 2022 22:03:25 GMT
server
Apache
accept-ranges
bytes
etag
"312f-5e57184c7d47c"
content-length
12591
content-type
text/css
jquery.js
securityaffairs.co/wordpress/wp-includes/js/jquery/ 		282 KB
282 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-includes/js/jquery/jquery.js?ver=3.6.0
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/133736/malware/dsirf-behind-subzero-malware.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
8c3010509fc7480b59413a90d69e9fafcb3d5aa202faf7862466f6bb8be1a335

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/133736/malware/dsirf-behind-subzero-malware.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 01:02:41 GMT
last-modified
Fri, 23 Jul 2021 22:11:53 GMT
server
Apache
accept-ranges
bytes
etag
"46758-5c7d1b0de3c40"
content-length
288600
content-type
application/javascript
jquery-migrate.js
securityaffairs.co/wordpress/wp-includes/js/jquery/ 		25 KB
25 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-includes/js/jquery/jquery-migrate.js?ver=3.3.2
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/133736/malware/dsirf-behind-subzero-malware.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
9c062d10663416484b5a59bb47a0308526bec56cc69e9f3499fa087d8eae5c7a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/133736/malware/dsirf-behind-subzero-malware.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 01:02:41 GMT
last-modified
Wed, 09 Dec 2020 23:31:00 GMT
server
Apache
accept-ranges
bytes
etag
"62d4-5b61073acf500"
content-length
25300
content-type
application/javascript
cookie-law-info-public.js
securityaffairs.co/wordpress/wp-content/plugins/cookie-law-info/public/js/ 		33 KB
34 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/plugins/cookie-law-info/public/js/cookie-law-info-public.js?ver=2.1.2
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/133736/malware/dsirf-behind-subzero-malware.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
6c52384c7b0641dd1ead85d079c22d39bcc6dc5f2537afb1e6396bb619771a3f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/133736/malware/dsirf-behind-subzero-malware.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 01:02:41 GMT
last-modified
Mon, 09 May 2022 23:09:21 GMT
server
Apache
accept-ranges
bytes
etag
"8583-5de9c4c5f53b0"
content-length
34179
content-type
application/javascript
medianetAdInjector.js
securityaffairs.co/wordpress/wp-content/plugins/media-net-ads-manager/js/ 		562 B
716 B 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/plugins/media-net-ads-manager/js/medianetAdInjector.js?ver=2.10.13
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/133736/malware/dsirf-behind-subzero-malware.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
37d925559381e9d5388c4a096fe1383570546b7b11548d7d6a7e560adcc24e5d

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/133736/malware/dsirf-behind-subzero-malware.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 01:02:41 GMT
last-modified
Sat, 08 May 2021 23:27:41 GMT
server
Apache
accept-ranges
bytes
etag
"232-5c1d9e402b540"
content-length
562
content-type
application/javascript
st_insights.js
ws.sharethis.com/button/ 		49 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ws.sharethis.com/button/st_insights.js?publisher=4d48b7c5-0ae3-43d4-bfbe-3ff8c17a8ae6&product=simpleshare&ver=8.2.6
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/133736/malware/dsirf-behind-subzero-malware.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:225e:4600:3:c04e:c780:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.20.1 /
Resource Hash
6eab47c17572a089ad9ceb4c9694a99d7f3ffccd5d1c778438016b1eccdc8f0a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Sat, 20 Aug 2022 03:54:09 GMT
content-encoding
gzip
vary
Accept-Encoding
age
248912
x-cache
Hit from cloudfront
content-length
12778
server
nginx/1.20.1
etag
W/"62bdf23a-c590"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript
via
1.1 ba67e20db38657ee5cb05d05b3da9d70.cloudfront.net (CloudFront)
cache-control
max-age=259200
x-amz-cf-pop
FRA60-P4
x-robots-tag
noindex, nofollow
x-amz-cf-id
zaMCC7GQn0H9atIi46jl-Y8lr8xYPfqJQ5unw_hLUjpymh-CHa63WQ==
expires
Tue, 23 Aug 2022 03:54:09 GMT
sharethis.js
platform-api.sharethis.com/js/ 		190 KB
43 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://platform-api.sharethis.com/js/sharethis.js
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/133736/malware/dsirf-behind-subzero-malware.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.15.29 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-15-29.vie50.r.cloudfront.net
Software
/
Resource Hash
2b02c99b94bd29097fd168548bea6dfc28c9ffd3c2d751c1f375c9da902d8f63
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 00:58:34 GMT
content-encoding
gzip
vary
Accept-Encoding
age
247
etag
W/"2f749-jZtDoLQECLv0cAmOiJJ6B61Kdic"
x-frame-options
SAMEORIGIN
x-cache
Hit from cloudfront
content-type
text/javascript; charset=utf-8
via
1.1 1c6954b6a2b349a78fb0daa669c3e984.cloudfront.net (CloudFront)
edge-control
cache-maxage=60m,downstream-ttl=60m
cache-control
max-age=600, public
x-amz-cf-pop
VIE50-P1
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-id
bArVthbH_0EiD0u3AXxEacBg1mJAjKLoX8XiNu0wJM9PUXIvJaQr7A==
dmedianet.js
contextual.media.net/ 		368 B
556 B 		Script
General
Check archive.org
Download Go to
Full URL
https://contextual.media.net/dmedianet.js?cid=8CU5BD6EW
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/133736/malware/dsirf-behind-subzero-malware.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
92.123.38.97 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a92-123-38-97.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
1ee43b9f0b9d04dbb343045c231271c35c917319b8d0ac01ec9c0b5cfc8f24e6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

x-mnt-h
22-rm2g
date
Tue, 23 Aug 2022 01:02:41 GMT
vary
Accept-Encoding
content-type
text/javascript; charset=utf-8
expires
Tue, 23 Aug 2022 01:07:41 GMT
cache-control
max-age=300
strict-transport-security
max-age=31536000
content-length
368
x-cache-hits
0
logo_SecurityAffairs.png
securityaffairs.co/wordpress/wp-content/uploads/2015/12/ 		44 KB
44 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://securityaffairs.co/wordpress/wp-content/uploads/2015/12/logo_SecurityAffairs.png
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/133736/malware/dsirf-behind-subzero-malware.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
00f28fdb987ce0f9edc935ffe381123a2e1f79fcc0f55759a7bb4a83b4a88584

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/133736/malware/dsirf-behind-subzero-malware.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 01:02:41 GMT
last-modified
Wed, 16 Dec 2015 17:30:42 GMT
server
Apache
accept-ranges
bytes
etag
"b0e9-5270743f5f480"
content-length
45289
content-type
image/png
headerbid.js
served-by.pixfuture.com/www/delivery/ 		973 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://served-by.pixfuture.com/www/delivery/headerbid.js
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/133736/malware/dsirf-behind-subzero-malware.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
d490f2efc64637640a21c5282a89dd22344e58974641bc7bbbfa4c7e4dc8648e

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 01:02:42 GMT
last-modified
Tue, 02 Mar 2021 20:36:48 GMT
server
nginx/1.10.3 (Ubuntu)
etag
"603ea1e0-3cd"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=172800, public, no-transform
access-control-allow-credentials
true
accept-ranges
bytes
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length
973
expires
Thu, 25 Aug 2022 01:02:42 GMT
Subzero-malware-Fig1-Valid-digital-signature-from-DSIRF.png
i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2022/07/ 		29 KB
29 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2022/07/Subzero-malware-Fig1-Valid-digital-signature-from-DSIRF.png?w=375&ssl=1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/133736/malware/dsirf-behind-subzero-malware.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i0.wp.com
Software
nginx /
Resource Hash
6c4bd366110b72757b6023d9749c0bca82568e79d29f95da657c1e4621e905ce
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

x-nc
HIT hhn 1
date
Tue, 23 Aug 2022 01:02:42 GMT
x-content-type-options
nosniff
last-modified
Thu, 28 Jul 2022 11:20:47 GMT
server
nginx
etag
"42024e4a4f712454"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<https://securityaffairs.co/wordpress/wp-content/uploads/2022/07/Subzero-malware-Fig1-Valid-digital-signature-from-DSIRF.png>; rel="canonical"
content-length
29484
expires
Sat, 27 Jul 2024 23:20:47 GMT
twemoji.js
securityaffairs.co/wordpress/wp-includes/js/ 		32 KB
32 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-includes/js/twemoji.js?ver=a27a5f2dbcd76fca02b031770446541d
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/133736/malware/dsirf-behind-subzero-malware.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
f1f9eda417444f06ef060dd832d8821c84f081a98cdf62acfe981f5554c894dc

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/133736/malware/dsirf-behind-subzero-malware.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 01:02:42 GMT
last-modified
Wed, 25 May 2022 22:59:02 GMT
server
Apache
accept-ranges
bytes
etag
"7e90-5dfde04f437ff"
content-length
32400
content-type
application/javascript
wp-emoji.js
securityaffairs.co/wordpress/wp-includes/js/ 		9 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-includes/js/wp-emoji.js?ver=a27a5f2dbcd76fca02b031770446541d
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/133736/malware/dsirf-behind-subzero-malware.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
e503c59c36fc19803b2e9572b10e7c06236bda692aebd97f29e2a5a96f9aa5b6

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/133736/malware/dsirf-behind-subzero-malware.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 01:02:42 GMT
last-modified
Tue, 31 Mar 2020 22:49:14 GMT
server
Apache
accept-ranges
bytes
etag
"231d-5a22e60748e80"
content-length
8989
content-type
application/javascript
css
fonts.googleapis.com/ 		0
0
css
fonts.googleapis.com/ 		0
0
css
fonts.googleapis.com/ 		0
0
css
fonts.googleapis.com/ 		0
0
facebook.png
i0.wp.com/securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/ 		830 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i0.wp.com/securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/facebook.png?ssl=1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/133736/malware/dsirf-behind-subzero-malware.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i0.wp.com
Software
nginx /
Resource Hash
4c6b4ef22f4c5dd8fd6e17ab6706d8c55d236824c20b3d8dcd310f7de744def6
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

x-nc
HIT hhn 1
date
Tue, 23 Aug 2022 01:02:42 GMT
x-content-type-options
nosniff
last-modified
Wed, 10 Jun 2020 20:34:29 GMT
server
nginx
etag
"509a053c355d6394"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<https://securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/facebook.png>; rel="canonical"
content-length
830
expires
Sat, 11 Jun 2022 08:34:29 GMT
twitter.png
i0.wp.com/securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i0.wp.com/securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/twitter.png?ssl=1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/133736/malware/dsirf-behind-subzero-malware.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i0.wp.com
Software
nginx /
Resource Hash
650868ebc4c00b2ea4ea72747f655f8a0552ba53c9b5b55defd9457be75f1aa9
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

x-nc
HIT hhn 4
date
Tue, 23 Aug 2022 01:02:42 GMT
x-content-type-options
nosniff
last-modified
Thu, 05 Nov 2020 08:12:40 GMT
server
nginx
etag
"fbafb4fa36d9fc66"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<https://securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/twitter.png>; rel="canonical"
content-length
1082
expires
Sat, 05 Nov 2022 20:12:40 GMT
linkedin.png
i0.wp.com/securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i0.wp.com/securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/linkedin.png?ssl=1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/133736/malware/dsirf-behind-subzero-malware.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i0.wp.com
Software
nginx /
Resource Hash
b97d80b9eedfeb29936f0d7f89afbdd425ef8d930d09fa1f98030ceb8b26cabd
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

x-nc
HIT hhn 4
date
Tue, 23 Aug 2022 01:02:42 GMT
x-content-type-options
nosniff
last-modified
Thu, 05 Nov 2020 08:12:40 GMT
server
nginx
etag
"8daaaf021369fdba"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<https://securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/linkedin.png>; rel="canonical"
content-length
1184
expires
Sat, 05 Nov 2022 20:12:40 GMT
entrust.jpg
securityaffairs.co/wordpress/wp-content/uploads/2022/08/ 		102 KB
102 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://securityaffairs.co/wordpress/wp-content/uploads/2022/08/entrust.jpg
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/133736/malware/dsirf-behind-subzero-malware.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
78a76283c052e7521a90068d1fd670ac68396a6210276f8285581622adf95b20

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/133736/malware/dsirf-behind-subzero-malware.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 01:02:42 GMT
last-modified
Mon, 22 Aug 2022 08:21:20 GMT
server
Apache
accept-ranges
bytes
etag
"197fc-5e6d021f6d161"
content-length
104444
content-type
image/jpeg
US-Government-cybersecurity.jpg
securityaffairs.co/wordpress/wp-content/uploads/2014/02/ 		39 KB
40 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://securityaffairs.co/wordpress/wp-content/uploads/2014/02/US-Government-cybersecurity.jpg
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/133736/malware/dsirf-behind-subzero-malware.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
9c4ac725c395d8cef3ca43823fdbb4221641e26ec4ccb27020c809760c83653a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/133736/malware/dsirf-behind-subzero-malware.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 01:02:42 GMT
last-modified
Wed, 16 Dec 2015 09:09:28 GMT
server
Apache
accept-ranges
bytes
etag
"9d71-5270043692200"
content-length
40305
content-type
image/jpeg
radioactivity-alert-network-RAR.jpg
i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2022/07/ 		10 KB
11 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2022/07/radioactivity-alert-network-RAR.jpg?resize=300%2C300&ssl=1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/133736/malware/dsirf-behind-subzero-malware.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i0.wp.com
Software
nginx /
Resource Hash
18bab6cb803a8316f2f422a84a0b2f24179d5407e42481dc1c816aa056727393
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

x-nc
HIT hhn 1
date
Tue, 23 Aug 2022 01:02:42 GMT
x-content-type-options
nosniff
last-modified
Thu, 28 Jul 2022 08:37:37 GMT
server
nginx
etag
"fe7f19b624257f25"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<https://securityaffairs.co/wordpress/wp-content/uploads/2022/07/radioactivity-alert-network-RAR.jpg>; rel="canonical"
content-length
10574
expires
Sat, 27 Jul 2024 20:37:37 GMT
photon.js
securityaffairs.co/wordpress/wp-content/plugins/jetpack/modules/photon/ 		2 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/plugins/jetpack/modules/photon/photon.js?ver=20191001
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/133736/malware/dsirf-behind-subzero-malware.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
e2dc35b0dbaa16b45d96eb3691927df48e091f4983ed2cc079568b789f9559da

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/133736/malware/dsirf-behind-subzero-malware.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 01:02:41 GMT
last-modified
Thu, 04 Aug 2022 22:03:27 GMT
server
Apache
accept-ranges
bytes
etag
"6e0-5e57184ec6340"
content-length
1760
content-type
application/javascript
jquery.adrotate.clicktracker.js
securityaffairs.co/wordpress/wp-content/plugins/adrotate/library/ 		365 B
519 B 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/plugins/adrotate/library/jquery.adrotate.clicktracker.js
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/133736/malware/dsirf-behind-subzero-malware.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
65cfa6801a0886fab249b224e8a6982b4740fe7879fce99ff13ddaac9aaca01a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/133736/malware/dsirf-behind-subzero-malware.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 01:02:41 GMT
last-modified
Wed, 20 Jul 2022 22:10:23 GMT
server
Apache
accept-ranges
bytes
etag
"16d-5e443de11a895"
content-length
365
content-type
application/javascript
ssba.js
securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/js/ 		2 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/js/ssba.js?ver=1654300135
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/133736/malware/dsirf-behind-subzero-malware.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
9b978821f78e7bd3a48e5ae8fd7121a291eec506579406745800ca0590f0907c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/133736/malware/dsirf-behind-subzero-malware.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 01:02:41 GMT
last-modified
Fri, 03 Jun 2022 23:48:55 GMT
server
Apache
accept-ranges
bytes
etag
"7c3-5e093c3f23c09"
content-length
1987
content-type
application/javascript
hint.js
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 		987 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/hint.js?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/133736/malware/dsirf-behind-subzero-malware.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
d99ea9db1da8549489666d36c9e3fb717842550eed1554e96860af8d30c3b008

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/133736/malware/dsirf-behind-subzero-malware.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 01:02:41 GMT
last-modified
Wed, 16 Dec 2015 06:58:17 GMT
server
Apache
accept-ranges
bytes
etag
"3db-526fe6e433440"
content-length
987
content-type
application/javascript
jquery.tipsy.js
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 		4 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/jquery.tipsy.js?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/133736/malware/dsirf-behind-subzero-malware.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
0e53466218d7ff174e0a083ecce89b1c090c67ccbe55775eddca03e930ff9e35

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/133736/malware/dsirf-behind-subzero-malware.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 01:02:41 GMT
last-modified
Wed, 16 Dec 2015 06:58:17 GMT
server
Apache
accept-ranges
bytes
etag
"1113-526fe6e433440"
content-length
4371
content-type
application/javascript
jquery.easing.js
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 		8 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/jquery.easing.js?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/133736/malware/dsirf-behind-subzero-malware.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
0757f7ff6e5f6a581922a5e2d42c5e0cf7475d880885a9802e8bdd5e4188dd34

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/133736/malware/dsirf-behind-subzero-malware.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 01:02:41 GMT
last-modified
Wed, 16 Dec 2015 06:58:17 GMT
server
Apache
accept-ranges
bytes
etag
"1fa1-526fe6e433440"
content-length
8097
content-type
application/javascript
browser.js
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 		3 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/browser.js?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/133736/malware/dsirf-behind-subzero-malware.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
1aaab3c3d6f974416ae34893cebe3a544aea17931439b2449ec392061d11ec82

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/133736/malware/dsirf-behind-subzero-malware.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 01:02:41 GMT
last-modified
Wed, 16 Dec 2015 06:58:16 GMT
server
Apache
accept-ranges
bytes
etag
"a36-526fe6e33f200"
content-length
2614
content-type
application/javascript
jquery.flexslider-min.js
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/flexslider/ 		21 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/flexslider/jquery.flexslider-min.js?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/133736/malware/dsirf-behind-subzero-malware.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
45185c8f6cd2f9b42e3a02b78af40edc7d61328fac3167a0490c9c69bbecaaa6

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/133736/malware/dsirf-behind-subzero-malware.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 01:02:41 GMT
last-modified
Wed, 16 Dec 2015 13:55:10 GMT
server
Apache
accept-ranges
bytes
etag
"53ae-5270441274b80"
content-length
21422
content-type
application/javascript
waypoints.min.js
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 		8 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/waypoints.min.js?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/133736/malware/dsirf-behind-subzero-malware.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
a0fded691aed767f851011cd3185b928619298a21a0fbdad4808a9e88b490833

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/133736/malware/dsirf-behind-subzero-malware.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 01:02:41 GMT
last-modified
Wed, 16 Dec 2015 06:58:18 GMT
server
Apache
accept-ranges
bytes
etag
"1f6c-526fe6e527680"
content-length
8044
content-type
application/javascript
mediaelement-and-player.min.js
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/mediaelement/ 		69 KB
70 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/mediaelement/mediaelement-and-player.min.js?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/133736/malware/dsirf-behind-subzero-malware.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
f0c6d2d27de284102b03e30cd74be808801ec53ca49f30b4d15620ee84ea39f5

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/133736/malware/dsirf-behind-subzero-malware.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 01:02:41 GMT
last-modified
Wed, 16 Dec 2015 13:55:14 GMT
server
Apache
accept-ranges
bytes
etag
"11571-5270441645480"
content-length
71025
content-type
application/javascript
jquery.swipebox.min.js
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 		11 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/jquery.swipebox.min.js?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/133736/malware/dsirf-behind-subzero-malware.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
2199990352edbb7ec586e01d26e2f6a7010a2fce1517711019b614dcec353ba3

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/133736/malware/dsirf-behind-subzero-malware.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 01:02:41 GMT
last-modified
Wed, 16 Dec 2015 06:58:17 GMT
server
Apache
accept-ranges
bytes
etag
"2a67-526fe6e433440"
content-length
10855
content-type
application/javascript
jquery.circliful.min.js
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 		3 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/jquery.circliful.min.js?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/133736/malware/dsirf-behind-subzero-malware.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
1832a6ee34745b08b1fcae42c24468086358b43071d7679a738951aa7dc243ea

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/133736/malware/dsirf-behind-subzero-malware.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 01:02:41 GMT
last-modified
Wed, 16 Dec 2015 06:58:17 GMT
server
Apache
accept-ranges
bytes
etag
"c18-526fe6e433440"
content-length
3096
content-type
application/javascript
jquery.smarticker.min.js
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 		13 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/jquery.smarticker.min.js?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/133736/malware/dsirf-behind-subzero-malware.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
5525d57ced576560de8777ea78e4bc0c9d55396c0b668a7563b354de9c165aee

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/133736/malware/dsirf-behind-subzero-malware.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 01:02:41 GMT
last-modified
Wed, 16 Dec 2015 06:58:17 GMT
server
Apache
accept-ranges
bytes
etag
"3225-526fe6e433440"
content-length
12837
content-type
application/javascript
custom.js
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 		12 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/custom.js?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/133736/malware/dsirf-behind-subzero-malware.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
0c27a9c1aee9eacb73655f930a6bbf9ec721006695e5c38405296081cdbcb878

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/133736/malware/dsirf-behind-subzero-malware.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 01:02:41 GMT
last-modified
Wed, 16 Dec 2015 06:58:16 GMT
server
Apache
accept-ranges
bytes
etag
"31d4-526fe6e33f200"
content-length
12756
content-type
application/javascript
sharing.js
securityaffairs.co/wordpress/wp-content/plugins/jetpack/modules/sharedaddy/ 		17 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/plugins/jetpack/modules/sharedaddy/sharing.js?ver=11.2
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/133736/malware/dsirf-behind-subzero-malware.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
c09fa9679fb13cb821998f533f0f3b51a4a1756bbc05004aef91f8f217c54712

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/133736/malware/dsirf-behind-subzero-malware.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 01:02:41 GMT
last-modified
Thu, 04 Aug 2022 22:03:27 GMT
server
Apache
accept-ranges
bytes
etag
"45a7-5e57184efbe91"
content-length
17831
content-type
application/javascript
e-202234.js
stats.wp.com/ 		9 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://stats.wp.com/e-202234.js
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/133736/malware/dsirf-behind-subzero-malware.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
82d0aae1e7b8cfc0574d6548d1f35096f5e4310321aa964ff3fdb46c4d12e302

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

x-nc
HIT hhn
date
Tue, 23 Aug 2022 01:02:42 GMT
content-encoding
br
server
nginx
etag
W/"62f6b688-3508"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=31536000
expires
Sun, 13 Aug 2023 23:03:42 GMT
pview
l.sharethis.com/ 		0
405 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://l.sharethis.com/pview?event=pview&version=st_insights.js&lang=en&sessionID=1661216562137.65405&hostname=securityaffairs.co&location=%2Fwordpress%2F133736%2Fmalware%2Fdsirf-behind-subzero-malware.html&product=simpleshare&fcmp=false&fcmpv2=false&publisher=4d48b7c5-0ae3-43d4-bfbe-3ff8c17a8ae6&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F133736%2Fmalware%2Fdsirf-behind-subzero-malware.html&title=European%20firm%20DSIRF%20behind%20the%20attacks%20with%20Subzero%20surveillance%20malwareSecurity%20Affairs&sop=false&description=Microsoft%20linked%20a%20private-sector%20offensive%20actor%20(PSOA)%20to%20attacks%20using%20multiple%20zero-day%20exploits%20for%20its%20Subzero%20malware.%20The%20Microsoft%20Threat%20Intelligence%20Center%20(MSTIC)%20and%20the%20Microsoft%20Security%20Response%20Center%20(MSRC)%20researchers%20linked%20a%20threat%20group%20known%20as%20Knotweed%20to%20an%20Austrian%20surveillance%20firm%20named%20DSIRF%2C%20known%20for%20using%20multiple%20Windows%20and%20Adobe%20zero-day%20exploits.%20The%20%5B%E2%80%A6%5D
Requested by
Host: ws.sharethis.com
URL: https://ws.sharethis.com/button/st_insights.js?publisher=4d48b7c5-0ae3-43d4-bfbe-3ff8c17a8ae6&product=simpleshare&ver=8.2.6
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.28.233.190 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-28-233-190.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Date
Tue, 23 Aug 2022 01:02:42 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains;
Access-Control-Allow-Origin
https://securityaffairs.co
Access-Control-Expose-Headers
stid
Cache-Control
no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials
true
Access-Control-Max-Age
1728000
Connection
keep-alive
Access-Control-Allow-Headers
*
5b71b64b04b9a500117b1015.js
buttons-config.sharethis.com/js/ 		30 B
443 B 		Script
General
Check archive.org
Download Go to
Full URL
https://buttons-config.sharethis.com/js/5b71b64b04b9a500117b1015.js
Requested by
Host: platform-api.sharethis.com
URL: https://platform-api.sharethis.com/js/sharethis.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223c:e400:c:abe:f440:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
2c29defe29114d0e8b948e78d50ebb281035df53a9167089deb1e77e801bbd2f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 01:02:43 GMT
via
1.1 367a4718be97a49df7ac0500a986437a.cloudfront.net (CloudFront)
last-modified
Mon, 13 Aug 2018 16:48:12 GMT
server
AmazonS3
x-amz-cf-pop
FRA56-P2
etag
"e6e1643313740711175f51662a65b42f"
vary
Accept-Encoding
x-cache
RefreshHit from cloudfront
content-type
text/javascript
cache-control
max-age=60,public
strict-transport-security
max-age=31536000; includeSubDomains
accept-ranges
bytes
content-length
30
x-amz-cf-id
SjYdftl-bAEm3HqIEBB42sDW6EYx_CpyZQgPISFJjrE7toJRskq1ng==
analytics.js
google-analytics.com/ 		49 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://google-analytics.com/analytics.js
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/133736/malware/dsirf-behind-subzero-malware.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 13 Apr 2022 21:02:38 GMT
server
Golfe2
age
6968
date
Mon, 22 Aug 2022 23:06:34 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
20006
expires
Tue, 23 Aug 2022 01:06:34 GMT
gtm.js
www.googletagmanager.com/ 		96 KB
37 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-PLPJ653
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/133736/malware/dsirf-behind-subzero-malware.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
1c3b03e5926994e506da800bf0eb0258ef86249a50101ddcfa55b012fc297d14
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 01:02:42 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
37910
x-xss-protection
0
last-modified
Tue, 23 Aug 2022 00:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Tue, 23 Aug 2022 01:02:42 GMT
flping.php
lg3.media.net/ 		15 B
15 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lg3.media.net/flping.php?reason=0&action=16&pid=8PO4A4J48&gdpr=1&cid=8CU5BD6EW&crid=
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/133736/malware/dsirf-behind-subzero-malware.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.47.212.25 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-47-212-25.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=21600

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Strict-Transport-Security
max-age=21600
Server
Apache
Date
Tue, 23 Aug 2022 01:02:42 GMT
ntCoent-Length
15
Vary
Accept-Encoding
Content-Type
text/html; charset=UTF-8
Cache-Control
max-age=47748
Connection
keep-alive
Content-Length
15
hb_v2.js
cdn.pixfuture.com/ 		33 KB
34 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.pixfuture.com/hb_v2.js
Requested by
Host: served-by.pixfuture.com
URL: https://served-by.pixfuture.com/www/delivery/headerbid.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:744 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9c2388c40345a8c9a09e8eb634a72240123f49f4c2b15df11dc05c2982f52f32

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 01:02:42 GMT
cf-cache-status
HIT
last-modified
Wed, 10 Aug 2022 15:56:37 GMT
server
cloudflare
age
32747
etag
W/"62f3d535-84bc"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OAb6H%2BJ7%2F%2F5rD%2FQH%2BcoogEiyGqJXoB7s5u6djeBqxSBJTIg%2FnJczSc%2BPRL%2BWtHt8jtbiVOyvVcvWUbAu75IQ0KZSxLFU5HaIsE9nYWi8qD3sGONhtFXg1s4MoxwtSUt1EI2UQN5%2FTF6pHmKWCaMP"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
expires
Wed, 24 Aug 2022 15:56:50 GMT
cache-control
public, max-age=172800, no-transform
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
73efec99ab929a12-FRA
cf-bgj
minify
fontawesome-webfont.woff
securityaffairs.co/wordpress/wp-content/themes/rigel_old/fonts/ 		43 KB
44 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/fonts/fontawesome-webfont.woff?v=4.0.3
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/font-awesome.min.css?ver=1.4.1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
0fd28fece9ebd606b8b071460ebd3fc2ed7bc7a66ef91c8834f11dfacab4a849

Request headers

Referer
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/font-awesome.min.css?ver=1.4.1
Origin
https://securityaffairs.co
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 01:02:42 GMT
last-modified
Wed, 16 Dec 2015 06:58:09 GMT
server
Apache
accept-ranges
bytes
etag
"ad90-526fe6dc92240"
content-length
44432
content-type
application/font-woff
f00db26378ef7df7c440a8ee60ead62b
secure.gravatar.com/avatar/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://secure.gravatar.com/avatar/f00db26378ef7df7c440a8ee60ead62b?s=60&d=mm&r=g
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/133736/malware/dsirf-behind-subzero-malware.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:fa87:fffe::c000:4902 , Ireland, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
5cbf31f01d7d1ce4853bcd6cc64dbfd103d412ec14d8bcc4ebca3b35dc3f3b74

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

x-nc
HIT hhn 2
date
Tue, 23 Aug 2022 01:02:42 GMT
last-modified
Wed, 11 Jan 1984 08:00:00 GMT
server
nginx
content-type
image/jpeg
access-control-allow-origin
*
cache-control
max-age=300
content-disposition
inline; filename="f00db26378ef7df7c440a8ee60ead62b.png"
accept-ranges
bytes
link
<https://www.gravatar.com/avatar/f00db26378ef7df7c440a8ee60ead62b?s=60&d=mm&r=g>; rel="canonical"
content-length
1186
expires
Tue, 23 Aug 2022 01:07:42 GMT
Digging-The-Deep-Web.png
i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2018/03/ 		6 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2018/03/Digging-The-Deep-Web.png?resize=236%2C300&ssl=1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/133736/malware/dsirf-behind-subzero-malware.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i0.wp.com
Software
nginx /
Resource Hash
ba716187f8cc8c54806f5b9de46d1d94bec574ddf31c82f68532cd181e242b7f
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

x-nc
HIT hhn 3
date
Tue, 23 Aug 2022 01:02:42 GMT
x-content-type-options
nosniff
last-modified
Thu, 05 Nov 2020 08:12:40 GMT
server
nginx
etag
"156244085faab7d3"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<https://securityaffairs.co/wordpress/wp-content/uploads/2018/03/Digging-The-Deep-Web.png>; rel="canonical"
content-length
6414
expires
Sat, 05 Nov 2022 20:12:40 GMT
logo-center-for-cybersecurity.jpg
i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2020/10/ 		7 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2020/10/logo-center-for-cybersecurity.jpg?resize=290%2C300&ssl=1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/133736/malware/dsirf-behind-subzero-malware.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i0.wp.com
Software
nginx /
Resource Hash
73cadf4725483d9a9290b8ea3ad87fe2afc746de5f70e89f088a3df9996bd8dd
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

x-nc
HIT hhn 2
date
Tue, 23 Aug 2022 01:02:42 GMT
x-content-type-options
nosniff
last-modified
Thu, 05 Nov 2020 08:12:40 GMT
server
nginx
etag
"312ff21e46f29f3d"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<https://securityaffairs.co/wordpress/wp-content/uploads/2020/10/logo-center-for-cybersecurity.jpg>; rel="canonical"
content-length
7482
expires
Sat, 05 Nov 2022 20:12:40 GMT
newsletter.png
i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2015/03/ 		6 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2015/03/newsletter.png?resize=300%2C207&ssl=1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/133736/malware/dsirf-behind-subzero-malware.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i0.wp.com
Software
nginx /
Resource Hash
40bc46248d8f8d5fbea7678bd0c0031327e206daaf99f3bf6723b9a70f665f7f
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

x-nc
HIT hhn 4
date
Tue, 23 Aug 2022 01:02:42 GMT
x-content-type-options
nosniff
last-modified
Tue, 15 Dec 2020 07:29:12 GMT
server
nginx
etag
"a6fb49f7a00a0498"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<https://securityaffairs.co/wordpress/wp-content/uploads/2015/03/newsletter.png>; rel="canonical"
content-length
6336
expires
Thu, 15 Dec 2022 19:29:12 GMT
EU-Blog-e.jpg
i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2022/06/ 		13 KB
13 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2022/06/EU-Blog-e.jpg?resize=300%2C251&ssl=1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/133736/malware/dsirf-behind-subzero-malware.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i0.wp.com
Software
nginx /
Resource Hash
ceb6d0c8321627007c1ca8f7de8f5fafc5a7140cceabe7d8adce562fc4885de7
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

x-nc
HIT hhn 4
date
Tue, 23 Aug 2022 01:02:42 GMT
x-content-type-options
nosniff
last-modified
Wed, 22 Jun 2022 21:28:00 GMT
server
nginx
etag
"89e5fea0740da8de"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<https://securityaffairs.co/wordpress/wp-content/uploads/2022/06/EU-Blog-e.jpg>; rel="canonical"
content-length
13098
expires
Sat, 22 Jun 2024 09:28:00 GMT
pview
l.sharethis.com/ 		0
380 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://l.sharethis.com/pview?event=pview&version=st_insights.js&lang=en&sessionID=1661216562137.65405&hostname=securityaffairs.co&location=%2Fwordpress%2F133736%2Fmalware%2Fdsirf-behind-subzero-malware.html&product=simpleshare&fcmp=false&fcmpv2=false&publisher=4d48b7c5-0ae3-43d4-bfbe-3ff8c17a8ae6&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F133736%2Fmalware%2Fdsirf-behind-subzero-malware.html&title=European%20firm%20DSIRF%20behind%20the%20attacks%20with%20Subzero%20surveillance%20malwareSecurity%20Affairs&sop=false&description=Microsoft%20linked%20a%20private-sector%20offensive%20actor%20(PSOA)%20to%20attacks%20using%20multiple%20zero-day%20exploits%20for%20its%20Subzero%20malware.%20The%20Microsoft%20Threat%20Intelligence%20Center%20(MSTIC)%20and%20the%20Microsoft%20Security%20Response%20Center%20(MSRC)%20researchers%20linked%20a%20threat%20group%20known%20as%20Knotweed%20to%20an%20Austrian%20surveillance%20firm%20named%20DSIRF%2C%20known%20for%20using%20multiple%20Windows%20and%20Adobe%20zero-day%20exploits.%20The%20%5B%E2%80%A6%5D&description=Microsoft%20linked%20a%20private-sector%20offensive%20actor%20(PSOA)%20to%20attacks%20using%20multiple%20zero-day%20exploits%20for%20its%20Subzero%20malware.%20The%20Microsoft%20Threat%20Intelligence%20Center%20(MSTIC)%20and%20the%20Microsoft%20Security%20Response%20Center%20(MSRC)%20researchers%20linked%20a%20threat%20group%20known%20as%20Knotweed%20to%20an%20Austrian%20surveillance%20firm%20named%20DSIRF%2C%20known%20for%20using%20multiple%20Windows%20and%20Adobe%20zero-day%20exploits.%20The%20%5B%E2%80%A6%5D&img_pview=true
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/133736/malware/dsirf-behind-subzero-malware.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.28.233.190 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-28-233-190.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Date
Tue, 23 Aug 2022 01:02:42 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains;
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
stid
Cache-Control
no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials
true
Access-Control-Max-Age
1728000
Connection
keep-alive
Access-Control-Allow-Headers
*
g.gif
pixel.wp.com/ 		50 B
93 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.wp.com/g.gif?v=ext&j=1%3A11.2&blog=29506073&post=133736&tz=0&srv=securityaffairs.co&host=securityaffairs.co&ref=&fcp=0&rand=0.40781743463348663
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/133736/malware/dsirf-behind-subzero-malware.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

access-control-allow-origin
*
date
Tue, 23 Aug 2022 01:02:42 GMT
cache-control
no-cache
server
nginx
content-length
50
content-type
image/gif
pbix.js
cdn.pixfuture.com/ 		401 KB
402 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.pixfuture.com/pbix.js
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:744 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
43ec4073d62958c460872f86b38f583f3187995f0147e29144340e6826e05cb9

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 01:02:42 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
133850
cf-polished
origSize=410578
cf-bgj
minify
last-modified
Wed, 18 May 2022 15:53:44 GMT
server
cloudflare
etag
W/"62851688-643d2"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qCBdom%2BhOPe9FCECuuLHFrO6EuPXem3uGDLnKwtJh8fLVKZytBzv1prRaBqQmmAm4YLmdDwrmNjGi4l2jbH29S0RtHndIkcAa%2FLTvN8TapPmU1iWa1XxFba%2FKJheUe3YEbbP3ULZp6exje%2F6OfDD"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=172800, no-transform
cf-ray
73efec9a5bf69a12-FRA
expires
Tue, 23 Aug 2022 11:51:27 GMT
r.js
aa.agkn.com/adscores/ 		0
461 B 		Script
General
Check archive.org
Download Go to
Full URL
https://aa.agkn.com/adscores/r.js?sid=9112309848
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.124.33.5 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-124-33-5.eu-central-1.compute.amazonaws.com
Software
AAWebServer /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 23 Aug 2022 01:02:42 GMT
server
AAWebServer
access-control-allow-methods
GET, POST, OPTIONS
p3p
policyref="https://www.agkn.com/p3p/p3p.xml",CP="NOI NID"
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
content-type
application/javascript;charset=iso-8859-1
access-control-allow-headers
accept, cache-control, origin, x-requested-with, x-file-name, content-type
content-length
0
expires
0
hb_v2.php
served-by.pixfuture.com/www/delivery/ 		11 KB
12 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://served-by.pixfuture.com/www/delivery/hb_v2.php?dat=24274x728x90x4142x_ADSLOT1&keywords=european,firm,dsirf,behind,attacks,subzero,surveillance,malwaresecurity,affairs&refUrl=&refresh=false&innerWidth=1600
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
35997cd3caa22192f92391515f9e0f5e517a30ccc1e9c60c1ef4758ace6fce87

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 23 Aug 2022 01:02:42 GMT
server
nginx/1.10.3 (Ubuntu)
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
*
cache-control
max-age=172800, public, no-transform
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
expires
Thu, 25 Aug 2022 01:02:42 GMT
hb_v2.php
served-by.pixfuture.com/www/delivery/ 		9 KB
9 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://served-by.pixfuture.com/www/delivery/hb_v2.php?dat=24272x320x50x4142x_ADSLOT1&keywords=european,firm,dsirf,behind,attacks,subzero,surveillance,malwaresecurity,affairs&refUrl=&refresh=false&innerWidth=1600
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
ce6957a819011ecc4e63652b3a92ccde4a3f15d2149136c18d7fbb4a48434550

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 23 Aug 2022 01:02:42 GMT
server
nginx/1.10.3 (Ubuntu)
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
*
cache-control
max-age=172800, public, no-transform
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
expires
Thu, 25 Aug 2022 01:02:42 GMT
hb_v2.php
served-by.pixfuture.com/www/delivery/ 		9 KB
9 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://served-by.pixfuture.com/www/delivery/hb_v2.php?dat=24272x320x50x4142x_ADSLOT1&keywords=european,firm,dsirf,behind,attacks,subzero,surveillance,malwaresecurity,affairs&refUrl=&refresh=false&innerWidth=1600
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
ce6957a819011ecc4e63652b3a92ccde4a3f15d2149136c18d7fbb4a48434550

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 23 Aug 2022 01:02:42 GMT
server
nginx/1.10.3 (Ubuntu)
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
*
cache-control
max-age=172800, public, no-transform
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
expires
Thu, 25 Aug 2022 01:02:42 GMT
hb_v2.php
served-by.pixfuture.com/www/delivery/ 		9 KB
9 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://served-by.pixfuture.com/www/delivery/hb_v2.php?dat=24270x300x250x4142x_ADSLOT1&keywords=european,firm,dsirf,behind,attacks,subzero,surveillance,malwaresecurity,affairs&refUrl=&refresh=false&innerWidth=1600
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
ab666175aef84b70aaad5fa6cc4ea1b6879a8dad8576f11667206ecf885a5262

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 23 Aug 2022 01:02:42 GMT
server
nginx/1.10.3 (Ubuntu)
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
*
cache-control
max-age=172800, public, no-transform
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
expires
Thu, 25 Aug 2022 01:02:42 GMT
collect
www.google-analytics.com/j/ 		2 B
407 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j96&a=273154817&t=pageview&_s=1&dl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F133736%2Fmalware%2Fdsirf-behind-subzero-malware.html&ul=en-us&de=UTF-8&dt=European%20firm%20DSIRF%20behind%20the%20attacks%20with%20Subzero%20surveillance%20malwareSecurity%20Affairs&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAAC~&jid=68233959&gjid=1662612206&cid=2030666481.1661216562&tid=UA-59069958-1&_gid=1776779863.1661216562&_r=1&_slc=1&z=2095765770
Requested by
Host: google-analytics.com
URL: https://google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Tue, 23 Aug 2022 01:02:42 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://securityaffairs.co
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2
expires
Fri, 01 Jan 1990 00:00:00 GMT
js
www.googletagmanager.com/gtag/ 		199 KB
71 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-P62M3QN974&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PLPJ653
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
93a8cf4884da5c8a1de74f632e86d62d54ac1be48cd6df10a937e9e0f8e905dc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 01:02:42 GMT
content-encoding
br
server
Google Tag Manager
access-control-allow-headers
Cache-Control
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; includeSubDomains
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
72747
x-xss-protection
0
expires
Tue, 23 Aug 2022 01:02:42 GMT
collect
region1.google-analytics.com/g/ 		0
348 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://region1.google-analytics.com/g/collect?v=2&tid=G-P62M3QN974&gtm=2oe8m0&_p=273154817&cid=2030666481.1661216562&ul=en-us&sr=1600x1200&_z=ccd.v9B&_s=1&sid=1661216562&sct=1&seg=0&dl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F133736%2Fmalware%2Fdsirf-behind-subzero-malware.html&dt=European%20firm%20DSIRF%20behind%20the%20attacks%20with%20Subzero%20surveillance%20malwareSecurity%20Affairs&en=page_view&_fv=1&_ss=1
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-P62M3QN974&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 23 Aug 2022 01:02:42 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://securityaffairs.co
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
flping.php
lg3.media.net/ 		15 B
15 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lg3.media.net/flping.php?reason=0&action=16&pid=8PO4A4J48&gdpr=1&cid=8CU5BD6EW&crid=
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.47.212.25 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-47-212-25.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=21600

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Strict-Transport-Security
max-age=21600
Server
Apache
Date
Tue, 23 Aug 2022 01:02:42 GMT
ntCoent-Length
15
Vary
Accept-Encoding
Content-Type
text/html; charset=UTF-8
Cache-Control
max-age=47748
Connection
keep-alive
Content-Length
15
json
gum.criteo.com/sid/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fsecurityaffairs.co%2F&domain=securityaffairs.co&cw=1&lsw=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638::1c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
GET
Origin
https://securityaffairs.co
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type
access-control-allow-methods
GET
access-control-allow-origin
https://securityaffairs.co
cache-control
no-cache, no-store, must-revalidate
content-encoding
gzip
content-type
application/json; charset=utf-8
date
Tue, 23 Aug 2022 01:02:42 GMT
expires
0
pragma
no-cache
server-processing-duration-in-ticks
1217
strict-transport-security
max-age=31536000; preload;
vary
Accept-Encoding
bounce
secure.adnxs.com/
Redirect Chain
  • https://secure.adnxs.com/seg?add=27578926%2C27578926&t=1
  • https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D27578926%252C27578926%26t%3D1
0
1011 B 		Script
General
Check archive.org
Download Go to
Full URL
https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D27578926%252C27578926%26t%3D1
Protocol
HTTP/1.1
Server
185.89.210.244 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
946.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 23 Aug 2022 01:02:42 GMT
X-Proxy-Origin
81.95.5.37; 81.95.5.37; 946.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid
60194536-0a14-4c01-bed5-75ecd1b5eb2a
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
*
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/javascript; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Tue, 23 Aug 2022 01:02:42 GMT
X-Proxy-Origin
81.95.5.37; 81.95.5.37; 946.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid
ef80f944-03d9-4b2b-b0c5-10bf23d84d1f
Server
nginx/1.21.3
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D27578926%252C27578926%26t%3D1
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
bounce
secure.adnxs.com/
Redirect Chain
  • https://secure.adnxs.com/seg?add=27578935%2C27578935&t=1
  • https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D27578935%252C27578935%26t%3D1
0
1011 B 		Script
General
Check archive.org
Download Go to
Full URL
https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D27578935%252C27578935%26t%3D1
Protocol
HTTP/1.1
Server
185.89.210.244 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
946.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 23 Aug 2022 01:02:42 GMT
X-Proxy-Origin
81.95.5.37; 81.95.5.37; 946.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid
7f758cd1-e842-4fc5-995c-c8813f1511a5
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
*
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/javascript; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Tue, 23 Aug 2022 01:02:42 GMT
X-Proxy-Origin
81.95.5.37; 81.95.5.37; 946.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid
36561568-6a53-49f5-b5fa-5f281e7b0852
Server
nginx/1.21.3
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D27578935%252C27578935%26t%3D1
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
sid
mug.criteo.com/
Redirect Chain
  • https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fsecurityaffairs.co%2F&domain=securityaffairs.co&cw=1&lsw=1
  • https://mug.criteo.com/sid?cpp=r0zAcHxRUFBCOEJHV0NFNWI4TUVvbmRLSUw0U1VuZ1dNeDV5a0hBdmtiWmNscjFvV2JVMUZzTkhsMURCeGhtNE8vRXFHaGZDajRDSFdmRjdob0FyZjMwSlZUMGE5UE5xdVpuVE90RjVXUmlqcGdMbjMzWVRRbnNDSU1KbW...
347 B
617 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://mug.criteo.com/sid?cpp=r0zAcHxRUFBCOEJHV0NFNWI4TUVvbmRLSUw0U1VuZ1dNeDV5a0hBdmtiWmNscjFvV2JVMUZzTkhsMURCeGhtNE8vRXFHaGZDajRDSFdmRjdob0FyZjMwSlZUMGE5UE5xdVpuVE90RjVXUmlqcGdMbjMzWVRRbnNDSU1KbWZGUWxSVHpiTUVPelN0ekdXK1dlcFdpSmtNSVMvR2Erb0tVZVRYc1FpUERZczR3WDlad1plZUFFSmx0aHhFdjNSdjlPSHByREcvMnQ5aGhVK29RVDRXaFJTQ1EydEhIeWhqSzN5UUFBcmZHU2k1TGJERXhFPXw&cppv=2
Protocol
H2
Server
178.250.2.146 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
/
Resource Hash
76b100bc7a91aa3f8b9740d92ca82af21c52daed2ddd9cf3659bfee0c193b1eb
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 23 Aug 2022 01:02:42 GMT
content-encoding
gzip
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/json; charset=utf-8
access-control-allow-origin
null
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
server-processing-duration-in-ticks
2945
strict-transport-security
max-age=31536000; preload;
expires
0

Redirect headers

pragma
no-cache
date
Tue, 23 Aug 2022 01:02:42 GMT
location
https://mug.criteo.com/sid?cpp=r0zAcHxRUFBCOEJHV0NFNWI4TUVvbmRLSUw0U1VuZ1dNeDV5a0hBdmtiWmNscjFvV2JVMUZzTkhsMURCeGhtNE8vRXFHaGZDajRDSFdmRjdob0FyZjMwSlZUMGE5UE5xdVpuVE90RjVXUmlqcGdMbjMzWVRRbnNDSU1KbWZGUWxSVHpiTUVPelN0ekdXK1dlcFdpSmtNSVMvR2Erb0tVZVRYc1FpUERZczR3WDlad1plZUFFSmx0aHhFdjNSdjlPSHByREcvMnQ5aGhVK29RVDRXaFJTQ1EydEhIeWhqSzN5UUFBcmZHU2k1TGJERXhFPXw&cppv=2
strict-transport-security
max-age=31536000; preload;
access-control-allow-methods
GET
content-type
text/html; charset=utf-8
access-control-allow-origin
https://securityaffairs.co
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
server-processing-duration-in-ticks
1479
content-length
482
expires
0
529.json
id5-sync.com/g/v2/ 		213 B
625 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://id5-sync.com/g/v2/529.json
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
141.95.98.69 , France, ASN16276 (OVH, FR),
Reverse DNS
ns3216534.ip-141-95-98.eu
Software
/
Resource Hash
71be00d8bb9f7eb68c8d091780ce24b914e5b439a216d40340f7f730ac739a3e
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://securityaffairs.co
date
Tue, 23 Aug 2022 01:02:41 GMT
access-control-allow-credentials
true
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
transfer-encoding
chunked
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-type
application/json;charset=UTF-8
envelope
api.rlcdn.com/api/identity/ 		0
0
rid
match.adsrvr.org/track/ 		63 B
391 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://match.adsrvr.org/track/rid?ttd_pid=yoni5uv&fmt=json
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
15.197.193.217 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a12b7a488abeaa9e4.awsglobalaccelerator.com
Software
/
Resource Hash
e36d1b915da74311b07e823ef1fb5042554cfa7b3e42d0aabaf3e2af1e195298

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain

Response headers

date
Tue, 23 Aug 2022 01:02:42 GMT
x-aspnet-version
4.0.30319
vary
Origin
content-type
application/json; charset=utf-8
access-control-allow-origin
https://securityaffairs.co
cache-control
private
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Content-Length, Content-Encoding, Vary, Cache-Control, Accept
content-length
63
expires
Thu, 22 Sep 2022 01:02:42 GMT
cookie_sync
prebidserver.pixfuture.com/ 		281 B
598 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebidserver.pixfuture.com/cookie_sync
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
137.184.242.150 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
/
Resource Hash
1709cd39402d83321f6aa7bf2c23e28ed5bf67e2e7528ef1114973731e0d9b4b

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Tue, 23 Aug 2022 01:02:42 GMT
vary
Origin
content-type
application/json; charset=utf-8
access-control-allow-origin
https://securityaffairs.co
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-length
281
expires
0
auction
prebidserver.pixfuture.com/openrtb2/ 		153 B
481 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebidserver.pixfuture.com/openrtb2/auction
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
137.184.242.150 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
/
Resource Hash
2353720088a332b63b77eba41fde88c9896e55bbe73c06283d4b0e6cd47a7f38

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Tue, 23 Aug 2022 01:02:42 GMT
x-prebid
pbs-go/unknown
vary
Origin
content-type
application/json
access-control-allow-origin
https://securityaffairs.co
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-length
153
expires
0
fastlane.json
fastlane.rubiconproject.com/a/api/ 		284 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=23564&site_id=378734&zone_id=2094440&size_id=43&p_pos=atf&rp_schain=1.0,1!pixfuture.com,4142,1,,,&eid_id5-sync.com=0%5E1%5E&eid_pubcid.org=9afbc73b-f7d5-4dfc-bc4e-8b08e51d6dd6%5E1&rf=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F133736%2Fmalware%2Fdsirf-behind-subzero-malware.html&tk_flint=pbjs_lite_v6.24.0-pre&x_source.tid=7a574ece-ade3-47ac-ac44-7cdfc62fe083&l_pb_bid_id=4957daee0e987d&p_screen_res=1600x1200&rp_floor=0.1&rp_secure=1&rp_maxbids=1&slots=1&rand=0.8466336918234934
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
2602:803:c003:200::21 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.21.4 /
Resource Hash
28670e1e4ce70b354f7433130f6b505fcae5329dfce85a08d44e170de64783f2

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Tue, 23 Aug 2022 01:02:42 GMT
Server
nginx/1.21.4
Vary
Accept-Encoding
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
https://securityaffairs.co
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json
Content-Length
284
Expires
Wed, 17 Sep 1975 21:32:10 GMT
/
hb.emxdgt.com/ 		0
160 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://hb.emxdgt.com/?t=3000&ts=1661216562747&src=pbjs
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.57.79.170 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-57-79-170.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://securityaffairs.co
date
Tue, 23 Aug 2022 01:02:42 GMT
cache-control
no-cache
access-control-allow-credentials
true
access-control-allow-headers
security, Content-Type
prebid
ib.adnxs.com/ut/v3/ 		19 B
861 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.89.210.122 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
0c09c070833c786cb25be38bc30992b30bad578f817dbc9e34beacd8b8ea44c5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Tue, 23 Aug 2022 01:02:42 GMT
X-Proxy-Origin
81.95.5.37; 81.95.5.37; 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid
42a16d5a-924e-4c73-a755-3dd29fa3076a
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
https://securityaffairs.co
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json; charset=utf-8
Content-Length
19
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
translator
hbopenbid.pubmatic.com/ 		0
117 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://securityaffairs.co
date
Tue, 23 Aug 2022 01:02:43 GMT
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
prebid
prebid.media.net/rtb/ 		1 KB
915 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebid.media.net/rtb/prebid?cid=8CUIUMTP7
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.107.148.139 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
139.148.107.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
e087b94795fc057d189e4f0a024594d45586752b7d32c4aab0750b083a8843a3

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Tue, 23 Aug 2022 01:02:42 GMT
content-encoding
gzip
server
nginx
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://securityaffairs.co
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
alt-svc
clear
via
1.1 google
v1
prg.smartadserver.com/prebid/ 		0
340 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prg.smartadserver.com/prebid/v1
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.86.139.58 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Tue, 23 Aug 2022 01:02:42 GMT
vary
Origin
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
access-control-allow-origin
https://securityaffairs.co
cache-control
no-cache,no-store
access-control-allow-credentials
true
content-type
application/json; charset=UTF-8
content-length
0
trinity.json
apex.go.sonobi.com/ 		95 B
847 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://apex.go.sonobi.com/trinity.json?key_maker=%7B%2216334735cd1f05f%22%3A%22277a716b3c3b01668abf%7C320x50%7Cf%3D0.3%22%7D&ref=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F133736%2Fmalware%2Fdsirf-behind-subzero-malware.html&s=43ced275-7710-4d4a-8aee-fb2a264f4752&pv=d8e33f8c-3de7-41bf-8991-a2bd0cefd085&vp=desktop&lib_name=prebid&lib_v=6.24.0-pre&us=0&ius=1&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22pixfuture.com%22%2C%22sid%22%3A%224142%22%2C%22hp%22%3A1%7D%5D%7D&userid=%7B%22id5id%22%3A%220%22%2C%22pubcid%22%3A%229afbc73b-f7d5-4dfc-bc4e-8b08e51d6dd6%22%7D&eids=%5B%7B%22source%22%3A%22id5-sync.com%22%2C%22uids%22%3A%5B%7B%22id%22%3A%220%22%2C%22atype%22%3A1%2C%22ext%22%3A%7B%22linkType%22%3A0%7D%7D%5D%7D%2C%7B%22source%22%3A%22pubcid.org%22%2C%22uids%22%3A%5B%7B%22id%22%3A%229afbc73b-f7d5-4dfc-bc4e-8b08e51d6dd6%22%2C%22atype%22%3A1%7D%5D%7D%5D&kw=european%2Cfirm%2Cdsirf%2Cbehind%2Cattacks%2Csubzero%2Csurveillance%2Cmalwaresecurity%2Caffairs&coppa=0
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
69.166.1.14 , United States, ASN27630 (AS-XFERNET, US),
Reverse DNS
Software
sonobi-go /
Resource Hash
115e1f8fa4a1fc831d1ac9780657852c7d1a9f73ea9dc2c8122926f6524fa657
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Tue, 23 Aug 2022 01:02:43 GMT
Content-Encoding
gzip
Server
sonobi-go
Vary
negotiate,Accept-Encoding
X-Go-Server
go-iad-2-5-29
P3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin
https://securityaffairs.co
Cache-Control
no-cache, no-store, private
Access-Control-Allow-Credentials
true
Tcn
Choice
Content-Type
application/json
Content-Length
120
X-Xss-Protection
0
Expires
Sat, 26 Jul 1997 05:00:00 GMT
bid
ap.lijit.com/rtb/ 		24 B
655 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ap.lijit.com/rtb/bid?src=prebid_prebid_6.24.0-pre
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
216.52.2.30 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software
/
Resource Hash
b723228fb61c104c9c0038570c74403c8f435269502e43c4fffeb8b4c63de1e1

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain

Response headers

date
Tue, 23 Aug 2022 01:02:42 GMT
pod
X-Sovrn-Pod: ad_ap6ams1
vary
Accept-Encoding, User-Agent
access-control-allow-methods
GET, POST, DELETE, PUT
content-type
application/json
access-control-allow-origin
https://securityaffairs.co
access-control-allow-credentials
true
access-control-allow-headers
X-Requested-With, Content-Type
content-length
24
v1
btlr.sharethrough.com/universal/ 		0
159 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.157.194.177 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-157-194-177.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://securityaffairs.co
date
Tue, 23 Aug 2022 01:02:42 GMT
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
vary
Origin
hb
ssc.33across.com/api/v1/ 		0
0
arj
pixfuture2-d.openx.net/w/1.0/ 		73 B
145 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://pixfuture2-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F133736%2Fmalware%2Fdsirf-behind-subzero-malware.html&ch=UTF-8&res=1600x1200x24&ifr=false&tz=0&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=7a574ece-ade3-47ac-ac44-7cdfc62fe083&nocache=1661216562756&id5id=0&pubcid=9afbc73b-f7d5-4dfc-bc4e-8b08e51d6dd6&schain=1.0%2C1!pixfuture.com%2C4142%2C1%2C%2C%2C&aus=320x50&divids=24272x320x50x4142x_ADSLOT1&aucs=&auid=540580841&tps=bXlrZXl3b3JkPWV1cm9wZWFuLGZpcm0sZHNpcmYsYmVoaW5kLGF0dGFja3Msc3ViemVybyxzdXJ2ZWlsbGFuY2UsbWFsd2FyZXNlY3VyaXR5LGFmZmFpcnMmbXlvdGhlcmtleXdvcmQ9ZXVyb3BlYW4sZmlybSxkc2lyZixiZWhpbmQsYXR0YWNrcyxzdWJ6ZXJvLHN1cnZlaWxsYW5jZSxtYWx3YXJlc2VjdXJpdHksYWZmYWlycw%3D%3D
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
8.159.244.35.bc.googleusercontent.com
Software
OXGW/0.0.0 /
Resource Hash
cc1599a104cfe5f19fbd56f2dc73b4570a97acbea0b9521a5e7dc89a39c5d6d0

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Tue, 23 Aug 2022 01:02:42 GMT
content-encoding
gzip
server
OXGW/0.0.0
vary
Accept, Accept-Encoding
p3p
CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin
https://securityaffairs.co
cache-control
private, max-age=0, no-cache
access-control-allow-credentials
true
content-type
application/json
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
79
via
1.1 google
expires
Mon, 26 Jul 1997 05:00:00 GMT
auction
prebidserver.pixfuture.com/openrtb2/ 		153 B
481 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebidserver.pixfuture.com/openrtb2/auction
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
137.184.242.150 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
/
Resource Hash
8e45beb02e31d880817d7d27c126ae92c7c56ab84615c9f9277ee56b9d3128aa

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Tue, 23 Aug 2022 01:02:42 GMT
x-prebid
pbs-go/unknown
vary
Origin
content-type
application/json
access-control-allow-origin
https://securityaffairs.co
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-length
153
expires
0
translator
hbopenbid.pubmatic.com/ 		0
61 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://securityaffairs.co
date
Tue, 23 Aug 2022 01:02:43 GMT
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
fastlane.json
fastlane.rubiconproject.com/a/api/ 		283 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=23564&site_id=378734&zone_id=2094440&size_id=2&p_pos=atf&rp_schain=1.0,1!pixfuture.com,4142,1,,,&eid_id5-sync.com=0%5E1%5E&eid_pubcid.org=9afbc73b-f7d5-4dfc-bc4e-8b08e51d6dd6%5E1&rf=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F133736%2Fmalware%2Fdsirf-behind-subzero-malware.html&tk_flint=pbjs_lite_v6.24.0-pre&x_source.tid=9c33bd42-f286-482d-8d9f-89a99da6ba11&l_pb_bid_id=31b9cea3087b118&p_screen_res=1600x1200&rp_floor=0.1&rp_secure=1&rp_maxbids=1&slots=1&rand=0.9587206126761527
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
2602:803:c003:200::21 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.21.4 /
Resource Hash
4c0288102f5b97dce4d066f0de73765677a05ec9ccf28dcfbe481b087b5e2c7e

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Tue, 23 Aug 2022 01:02:42 GMT
Server
nginx/1.21.4
Vary
Accept-Encoding
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
https://securityaffairs.co
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json
Content-Length
283
Expires
Wed, 17 Sep 1975 21:32:10 GMT
v1
prg.smartadserver.com/prebid/ 		0
340 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prg.smartadserver.com/prebid/v1
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.86.139.58 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Tue, 23 Aug 2022 01:02:42 GMT
vary
Origin
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
access-control-allow-origin
https://securityaffairs.co
cache-control
no-cache,no-store
access-control-allow-credentials
true
content-type
application/json; charset=UTF-8
content-length
0
/
hb.emxdgt.com/ 		7 KB
7 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://hb.emxdgt.com/?t=3000&ts=1661216562762&src=pbjs
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.57.79.170 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-57-79-170.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
01ae52edde002949eea644b646f484b13d151a8a9416afaa678b112b3b47a80e

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://securityaffairs.co
date
Tue, 23 Aug 2022 01:02:42 GMT
cache-control
no-cache
access-control-allow-credentials
true
access-control-allow-headers
security, Content-Type
content-length
7045
content-type
application/json
bidRequest
c2shb.ssp.yahoo.com/ 		62 B
294 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a969105017575db4f32dc2eda5c0067&pos=pixfuture_network_news_728x90&cmd=bid&eidid5-sync.com=0&secure=1
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.28.203.152 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-28-203-152.eu-central-1.compute.amazonaws.com
Software
ATS/9.1.10.25 /
Resource Hash
f6c04b0274fe3b9afaf6a834aba6585d4b5c8f197831183cf2acdff796dfb0d9

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain

Response headers

date
Tue, 23 Aug 2022 01:02:42 GMT
server
ATS/9.1.10.25
age
0
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods
POST,GET,HEAD,OPTIONS
content-type
application/json;charset=utf-8
access-control-allow-origin
https://securityaffairs.co
access-control-allow-credentials
true
content-length
62
bid
ap.lijit.com/rtb/ 		24 B
655 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ap.lijit.com/rtb/bid?src=prebid_prebid_6.24.0-pre
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
216.52.2.30 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software
/
Resource Hash
a555d376b8e93adce928f60b413685a95fbb16b195147960ba97fe9f99c17f53

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain

Response headers

date
Tue, 23 Aug 2022 01:02:42 GMT
pod
X-Sovrn-Pod: ad_ap6ams1
vary
Accept-Encoding, User-Agent
access-control-allow-methods
GET, POST, DELETE, PUT
content-type
application/json
access-control-allow-origin
https://securityaffairs.co
access-control-allow-credentials
true
access-control-allow-headers
X-Requested-With, Content-Type
content-length
24
hb
ssc.33across.com/api/v1/ 		0
0
trinity.json
apex.go.sonobi.com/ 		30 B
618 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://apex.go.sonobi.com/trinity.json?key_maker=%7B%22431d42355238718%22%3A%22951d83dd852c9348161e%7C728x90%7Cf%3D0.3%22%7D&ref=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F133736%2Fmalware%2Fdsirf-behind-subzero-malware.html&s=01a4626a-3ec0-496e-aaa2-0c65bc531813&pv=d8e33f8c-3de7-41bf-8991-a2bd0cefd085&vp=desktop&lib_name=prebid&lib_v=6.24.0-pre&us=0&ius=1&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22pixfuture.com%22%2C%22sid%22%3A%224142%22%2C%22hp%22%3A1%7D%5D%7D&userid=%7B%22id5id%22%3A%220%22%2C%22pubcid%22%3A%229afbc73b-f7d5-4dfc-bc4e-8b08e51d6dd6%22%7D&eids=%5B%7B%22source%22%3A%22id5-sync.com%22%2C%22uids%22%3A%5B%7B%22id%22%3A%220%22%2C%22atype%22%3A1%2C%22ext%22%3A%7B%22linkType%22%3A0%7D%7D%5D%7D%2C%7B%22source%22%3A%22pubcid.org%22%2C%22uids%22%3A%5B%7B%22id%22%3A%229afbc73b-f7d5-4dfc-bc4e-8b08e51d6dd6%22%2C%22atype%22%3A1%7D%5D%7D%5D&kw=european%2Cfirm%2Cdsirf%2Cbehind%2Cattacks%2Csubzero%2Csurveillance%2Cmalwaresecurity%2Caffairs&coppa=0
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
69.166.1.14 , United States, ASN27630 (AS-XFERNET, US),
Reverse DNS
Software
sonobi-go /
Resource Hash
bb836331fe0a3d9389f632440a016296ae78df6a82a201728cb8d77d268bdb38
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Tue, 23 Aug 2022 01:02:43 GMT
Server
sonobi-go
Vary
negotiate,Accept-Encoding
X-Go-Server
go-iad-2-5-60
P3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin
https://securityaffairs.co
Cache-Control
no-cache, no-store, private
Access-Control-Allow-Credentials
true
Tcn
Choice
Content-Type
application/json
Content-Length
30
X-Xss-Protection
0
Expires
Sat, 26 Jul 1997 05:00:00 GMT
prebid
prebid.media.net/rtb/ 		1 KB
774 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebid.media.net/rtb/prebid?cid=8CUIUMTP7
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.107.148.139 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
139.148.107.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
54e2d0f9b05ccacea68c9b4f158aeaa51e0158205575d4e3d9c423c58f3d29fc

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Tue, 23 Aug 2022 01:02:42 GMT
content-encoding
gzip
server
nginx
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://securityaffairs.co
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
alt-svc
clear
via
1.1 google
arj
pixfuture2-d.openx.net/w/1.0/ 		73 B
145 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://pixfuture2-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F133736%2Fmalware%2Fdsirf-behind-subzero-malware.html&ch=UTF-8&res=1600x1200x24&ifr=false&tz=0&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=9c33bd42-f286-482d-8d9f-89a99da6ba11&nocache=1661216562764&id5id=0&pubcid=9afbc73b-f7d5-4dfc-bc4e-8b08e51d6dd6&schain=1.0%2C1!pixfuture.com%2C4142%2C1%2C%2C%2C&aus=728x90&divids=24274x728x90x4142x_ADSLOT1&aucs=&auid=540580842&tps=bXlrZXl3b3JkPWV1cm9wZWFuLGZpcm0sZHNpcmYsYmVoaW5kLGF0dGFja3Msc3ViemVybyxzdXJ2ZWlsbGFuY2UsbWFsd2FyZXNlY3VyaXR5LGFmZmFpcnMmbXlvdGhlcmtleXdvcmQ9ZXVyb3BlYW4sZmlybSxkc2lyZixiZWhpbmQsYXR0YWNrcyxzdWJ6ZXJvLHN1cnZlaWxsYW5jZSxtYWx3YXJlc2VjdXJpdHksYWZmYWlycw%3D%3D
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
8.159.244.35.bc.googleusercontent.com
Software
OXGW/0.0.0 /
Resource Hash
dd8b6ed7e8427914194b1ec8b82b2a789721149a5cfaea15fc9b3f4dc09a9198

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Tue, 23 Aug 2022 01:02:42 GMT
content-encoding
gzip
server
OXGW/0.0.0
vary
Accept, Accept-Encoding
p3p
CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin
https://securityaffairs.co
cache-control
private, max-age=0, no-cache
access-control-allow-credentials
true
content-type
application/json
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
79
via
1.1 google
expires
Mon, 26 Jul 1997 05:00:00 GMT
prebid
ib.adnxs.com/ut/v3/ 		19 B
861 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.89.210.122 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
0c09c070833c786cb25be38bc30992b30bad578f817dbc9e34beacd8b8ea44c5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Tue, 23 Aug 2022 01:02:42 GMT
X-Proxy-Origin
81.95.5.37; 81.95.5.37; 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid
af8a7959-4922-4759-b361-8d42ac3c5469
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
https://securityaffairs.co
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json; charset=utf-8
Content-Length
19
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
sid
mug.criteo.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://mug.criteo.com/sid?cpp=r0zAcHxRUFBCOEJHV0NFNWI4TUVvbmRLSUw0U1VuZ1dNeDV5a0hBdmtiWmNscjFvV2JVMUZzTkhsMURCeGhtNE8vRXFHaGZDajRDSFdmRjdob0FyZjMwSlZUMGE5UE5xdVpuVE90RjVXUmlqcGdMbjMzWVRRbnNDSU1KbWZGUWxSVHpiTUVPelN0ekdXK1dlcFdpSmtNSVMvR2Erb0tVZVRYc1FpUERZczR3WDlad1plZUFFSmx0aHhFdjNSdjlPSHByREcvMnQ5aGhVK29RVDRXaFJTQ1EydEhIeWhqSzN5UUFBcmZHU2k1TGJERXhFPXw&cppv=2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.2.146 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
GET
Origin
null
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type
access-control-allow-methods
GET
access-control-allow-origin
null
cache-control
no-cache, no-store, must-revalidate
content-encoding
gzip
content-type
application/json; charset=utf-8
date
Tue, 23 Aug 2022 01:02:42 GMT
expires
0
pragma
no-cache
server-processing-duration-in-ticks
1149
strict-transport-security
max-age=31536000; preload;
vary
Accept-Encoding
auction
prebidserver.pixfuture.com/openrtb2/ 		153 B
481 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebidserver.pixfuture.com/openrtb2/auction
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
137.184.242.150 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
/
Resource Hash
a23329b767b748b1e61022539d5179f9c9c70c56e1cc378cddc41c57cf64c08b

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Tue, 23 Aug 2022 01:02:43 GMT
x-prebid
pbs-go/unknown
vary
Origin
content-type
application/json
access-control-allow-origin
https://securityaffairs.co
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-length
153
expires
0
fastlane.json
fastlane.rubiconproject.com/a/api/ 		284 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=23564&site_id=378734&zone_id=2094440&size_id=43&p_pos=atf&rp_schain=1.0,1!pixfuture.com,4142,1,,,&eid_id5-sync.com=0%5E1%5E&eid_pubcid.org=9afbc73b-f7d5-4dfc-bc4e-8b08e51d6dd6%5E1&rf=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F133736%2Fmalware%2Fdsirf-behind-subzero-malware.html&tk_flint=pbjs_lite_v6.24.0-pre&x_source.tid=0d7c077f-81d0-4322-bcb4-360b1720de53&l_pb_bid_id=5453956c62b5d9c&p_screen_res=1600x1200&rp_floor=0.1&rp_secure=1&rp_maxbids=1&slots=1&rand=0.8984229315854093
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
2602:803:c003:200::21 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.21.4 /
Resource Hash
1063bee0008a93ea8babdc11081152953bc1830049eff6ff7ca98c2682b508ef

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Tue, 23 Aug 2022 01:02:42 GMT
Server
nginx/1.21.4
Vary
Accept-Encoding
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
https://securityaffairs.co
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json
Content-Length
284
Expires
Wed, 17 Sep 1975 21:32:10 GMT
trinity.json
apex.go.sonobi.com/ 		30 B
618 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://apex.go.sonobi.com/trinity.json?key_maker=%7B%225664cfa2488023a%22%3A%22277a716b3c3b01668abf%7C320x50%7Cf%3D0.3%22%7D&ref=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F133736%2Fmalware%2Fdsirf-behind-subzero-malware.html&s=98a115c6-9cc4-465b-aaf4-c80861edcecf&pv=d8e33f8c-3de7-41bf-8991-a2bd0cefd085&vp=desktop&lib_name=prebid&lib_v=6.24.0-pre&us=0&ius=1&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22pixfuture.com%22%2C%22sid%22%3A%224142%22%2C%22hp%22%3A1%7D%5D%7D&userid=%7B%22id5id%22%3A%220%22%2C%22pubcid%22%3A%229afbc73b-f7d5-4dfc-bc4e-8b08e51d6dd6%22%7D&eids=%5B%7B%22source%22%3A%22id5-sync.com%22%2C%22uids%22%3A%5B%7B%22id%22%3A%220%22%2C%22atype%22%3A1%2C%22ext%22%3A%7B%22linkType%22%3A0%7D%7D%5D%7D%2C%7B%22source%22%3A%22pubcid.org%22%2C%22uids%22%3A%5B%7B%22id%22%3A%229afbc73b-f7d5-4dfc-bc4e-8b08e51d6dd6%22%2C%22atype%22%3A1%7D%5D%7D%5D&kw=european%2Cfirm%2Cdsirf%2Cbehind%2Cattacks%2Csubzero%2Csurveillance%2Cmalwaresecurity%2Caffairs&coppa=0
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
69.166.1.14 , United States, ASN27630 (AS-XFERNET, US),
Reverse DNS
Software
sonobi-go /
Resource Hash
bb836331fe0a3d9389f632440a016296ae78df6a82a201728cb8d77d268bdb38
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Tue, 23 Aug 2022 01:02:43 GMT
Server
sonobi-go
Vary
negotiate,Accept-Encoding
X-Go-Server
go-iad-2-5-60
P3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin
https://securityaffairs.co
Cache-Control
no-cache, no-store, private
Access-Control-Allow-Credentials
true
Tcn
Choice
Content-Type
application/json
Content-Length
30
X-Xss-Protection
0
Expires
Sat, 26 Jul 1997 05:00:00 GMT
translator
hbopenbid.pubmatic.com/ 		0
61 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://securityaffairs.co
date
Tue, 23 Aug 2022 01:02:42 GMT
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
arj
pixfuture2-d.openx.net/w/1.0/ 		73 B
379 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://pixfuture2-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F133736%2Fmalware%2Fdsirf-behind-subzero-malware.html&ch=UTF-8&res=1600x1200x24&ifr=false&tz=0&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=0d7c077f-81d0-4322-bcb4-360b1720de53&nocache=1661216562825&id5id=0&pubcid=9afbc73b-f7d5-4dfc-bc4e-8b08e51d6dd6&schain=1.0%2C1!pixfuture.com%2C4142%2C1%2C%2C%2C&aus=320x50&divids=24272x320x50x4142x_ADSLOT1&aucs=&auid=540580841&tps=bXlrZXl3b3JkPWV1cm9wZWFuLGZpcm0sZHNpcmYsYmVoaW5kLGF0dGFja3Msc3ViemVybyxzdXJ2ZWlsbGFuY2UsbWFsd2FyZXNlY3VyaXR5LGFmZmFpcnMmbXlvdGhlcmtleXdvcmQ9ZXVyb3BlYW4sZmlybSxkc2lyZixiZWhpbmQsYXR0YWNrcyxzdWJ6ZXJvLHN1cnZlaWxsYW5jZSxtYWx3YXJlc2VjdXJpdHksYWZmYWlycw%3D%3D
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
8.159.244.35.bc.googleusercontent.com
Software
OXGW/0.0.0 /
Resource Hash
521b009c22f71b3c9e6010779a783f6e7b493cd987a316a202bbd4787da7e491

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Tue, 23 Aug 2022 01:02:42 GMT
content-encoding
gzip
server
OXGW/0.0.0
vary
Accept, Accept-Encoding
p3p
CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin
https://securityaffairs.co
cache-control
private, max-age=0, no-cache
access-control-allow-credentials
true
content-type
application/json
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
79
via
1.1 google
expires
Mon, 26 Jul 1997 05:00:00 GMT
prebid
prebid.media.net/rtb/ 		1 KB
775 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebid.media.net/rtb/prebid?cid=8CUIUMTP7
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.107.148.139 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
139.148.107.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
823a363cf39047e9cd6ae2ca8164185c5d70016958afd6cc1e424b8047fcc0a4

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Tue, 23 Aug 2022 01:02:42 GMT
content-encoding
gzip
server
nginx
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://securityaffairs.co
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
alt-svc
clear
via
1.1 google
bid
ap.lijit.com/rtb/ 		23 B
654 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ap.lijit.com/rtb/bid?src=prebid_prebid_6.24.0-pre
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
216.52.2.30 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software
/
Resource Hash
1d102b1ba499ea892a728bd28a23eaecb292b5700cd3f42ace831571977469cc

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain

Response headers

date
Tue, 23 Aug 2022 01:02:42 GMT
pod
X-Sovrn-Pod: ad_ap6ams1
vary
Accept-Encoding, User-Agent
access-control-allow-methods
GET, POST, DELETE, PUT
content-type
application/json
access-control-allow-origin
https://securityaffairs.co
access-control-allow-credentials
true
access-control-allow-headers
X-Requested-With, Content-Type
content-length
23
v1
btlr.sharethrough.com/universal/ 		0
158 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.157.194.177 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-157-194-177.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://securityaffairs.co
date
Tue, 23 Aug 2022 01:02:42 GMT
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
vary
Origin
hb
ssc.33across.com/api/v1/ 		0
0
prebid
ib.adnxs.com/ut/v3/ 		19 B
861 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.89.210.122 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
0c09c070833c786cb25be38bc30992b30bad578f817dbc9e34beacd8b8ea44c5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Tue, 23 Aug 2022 01:02:42 GMT
X-Proxy-Origin
81.95.5.37; 81.95.5.37; 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid
8e11675f-c030-4cdd-be97-e001b874f75b
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
https://securityaffairs.co
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json; charset=utf-8
Content-Length
19
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
/
hb.emxdgt.com/ 		0
159 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://hb.emxdgt.com/?t=3000&ts=1661216562829&src=pbjs
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.57.79.170 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-57-79-170.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://securityaffairs.co
date
Tue, 23 Aug 2022 01:02:42 GMT
cache-control
no-cache
access-control-allow-credentials
true
access-control-allow-headers
security, Content-Type
v1
prg.smartadserver.com/prebid/ 		0
340 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prg.smartadserver.com/prebid/v1
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.86.139.58 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Tue, 23 Aug 2022 01:02:42 GMT
vary
Origin
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
access-control-allow-origin
https://securityaffairs.co
cache-control
no-cache,no-store
access-control-allow-credentials
true
content-type
application/json; charset=UTF-8
content-length
0
auction
prebidserver.pixfuture.com/openrtb2/ 		153 B
481 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebidserver.pixfuture.com/openrtb2/auction
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
137.184.242.150 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
/
Resource Hash
53c4012d69fd3f16064f76ad2908cbb1e5c5643308c76ae5b12a67c33df95694

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Tue, 23 Aug 2022 01:02:43 GMT
x-prebid
pbs-go/unknown
vary
Origin
content-type
application/json
access-control-allow-origin
https://securityaffairs.co
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-length
153
expires
0
prebid
prebid.media.net/rtb/ 		1 KB
776 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebid.media.net/rtb/prebid?cid=8CUIUMTP7
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.107.148.139 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
139.148.107.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
9fe5a3055dac69f217de91ce3a40c07006b298297afefd0fd55d524ccb91ace2

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Tue, 23 Aug 2022 01:02:43 GMT
content-encoding
gzip
server
nginx
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://securityaffairs.co
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
alt-svc
clear
via
1.1 google
v1
btlr.sharethrough.com/universal/ 		0
158 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.157.194.177 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-157-194-177.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://securityaffairs.co
date
Tue, 23 Aug 2022 01:02:42 GMT
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
vary
Origin
bidRequest
c2shb.ssp.yahoo.com/ 		62 B
92 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a969105017575db4f32dc2eda5c0067&pos=pixfuture_network_news_300x250&cmd=bid&eidid5-sync.com=0&secure=1
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.28.203.152 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-28-203-152.eu-central-1.compute.amazonaws.com
Software
ATS/9.1.10.25 /
Resource Hash
be6fba2cfddd59fbb0e7d828866ff32569c2d9c09ea13f9f4e887772b6081b07

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain

Response headers

date
Tue, 23 Aug 2022 01:02:42 GMT
server
ATS/9.1.10.25
age
0
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods
POST,GET,HEAD,OPTIONS
content-type
application/json;charset=utf-8
access-control-allow-origin
https://securityaffairs.co
access-control-allow-credentials
true
content-length
62
arj
pixfuture2-d.openx.net/w/1.0/ 		73 B
145 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://pixfuture2-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F133736%2Fmalware%2Fdsirf-behind-subzero-malware.html&ch=UTF-8&res=1600x1200x24&ifr=false&tz=0&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=a4e19278-c454-465a-9d95-998b67581eb6&nocache=1661216562837&id5id=0&pubcid=9afbc73b-f7d5-4dfc-bc4e-8b08e51d6dd6&schain=1.0%2C1!pixfuture.com%2C4142%2C1%2C%2C%2C&aus=300x250&divids=24270x300x250x4142x_ADSLOT1&aucs=&auid=540580840&tps=bXlrZXl3b3JkPWV1cm9wZWFuLGZpcm0sZHNpcmYsYmVoaW5kLGF0dGFja3Msc3ViemVybyxzdXJ2ZWlsbGFuY2UsbWFsd2FyZXNlY3VyaXR5LGFmZmFpcnMmbXlvdGhlcmtleXdvcmQ9ZXVyb3BlYW4sZmlybSxkc2lyZixiZWhpbmQsYXR0YWNrcyxzdWJ6ZXJvLHN1cnZlaWxsYW5jZSxtYWx3YXJlc2VjdXJpdHksYWZmYWlycw%3D%3D
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
8.159.244.35.bc.googleusercontent.com
Software
OXGW/0.0.0 /
Resource Hash
c7c20b92518892021ccf818b022d83228d3b731ebb6a58aff988c0c0fba9bcf3

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Tue, 23 Aug 2022 01:02:42 GMT
content-encoding
gzip
server
OXGW/0.0.0
vary
Accept, Accept-Encoding
p3p
CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin
https://securityaffairs.co
cache-control
private, max-age=0, no-cache
access-control-allow-credentials
true
content-type
application/json
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
79
via
1.1 google
expires
Mon, 26 Jul 1997 05:00:00 GMT
bid
ap.lijit.com/rtb/ 		25 B
656 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ap.lijit.com/rtb/bid?src=prebid_prebid_6.24.0-pre
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
216.52.2.30 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software
/
Resource Hash
f326204657b27672122e93b8ae7b6e1eecad138b6c7c07a2733345faaaae3d8d

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain

Response headers

date
Tue, 23 Aug 2022 01:02:42 GMT
pod
X-Sovrn-Pod: ad_ap6ams1
vary
Accept-Encoding, User-Agent
access-control-allow-methods
GET, POST, DELETE, PUT
content-type
application/json
access-control-allow-origin
https://securityaffairs.co
access-control-allow-credentials
true
access-control-allow-headers
X-Requested-With, Content-Type
content-length
25
/
hb.emxdgt.com/ 		0
159 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://hb.emxdgt.com/?t=3000&ts=1661216562837&src=pbjs
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.57.79.170 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-57-79-170.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://securityaffairs.co
date
Tue, 23 Aug 2022 01:02:42 GMT
cache-control
no-cache
access-control-allow-credentials
true
access-control-allow-headers
security, Content-Type
v1
prg.smartadserver.com/prebid/ 		0
340 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prg.smartadserver.com/prebid/v1
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.86.139.58 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Tue, 23 Aug 2022 01:02:42 GMT
vary
Origin
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
access-control-allow-origin
https://securityaffairs.co
cache-control
no-cache,no-store
access-control-allow-credentials
true
content-type
application/json; charset=UTF-8
content-length
0
translator
hbopenbid.pubmatic.com/ 		0
61 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://securityaffairs.co
date
Tue, 23 Aug 2022 01:02:43 GMT
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
fastlane.json
fastlane.rubiconproject.com/a/api/ 		284 B
743 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=23564&site_id=378734&zone_id=2094440&size_id=15&p_pos=atf&rp_schain=1.0,1!pixfuture.com,4142,1,,,&eid_id5-sync.com=0%5E1%5E&eid_pubcid.org=9afbc73b-f7d5-4dfc-bc4e-8b08e51d6dd6%5E1&rf=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F133736%2Fmalware%2Fdsirf-behind-subzero-malware.html&tk_flint=pbjs_lite_v6.24.0-pre&x_source.tid=a4e19278-c454-465a-9d95-998b67581eb6&l_pb_bid_id=9619ca8b0ce0f13&p_screen_res=1600x1200&rp_floor=0.1&rp_secure=1&rp_maxbids=1&slots=1&rand=0.41851490626892307
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
2602:803:c003:200::21 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.21.4 /
Resource Hash
312aa3314b7efba327e66690f36d2d278a8c220106f3a468b9f0fca2d4246dec

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Tue, 23 Aug 2022 01:02:42 GMT
Server
nginx/1.21.4
Vary
Accept-Encoding
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
https://securityaffairs.co
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json
Content-Length
284
Expires
Wed, 17 Sep 1975 21:32:10 GMT
prebid
ib.adnxs.com/ut/v3/ 		19 B
861 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.89.210.122 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
0c09c070833c786cb25be38bc30992b30bad578f817dbc9e34beacd8b8ea44c5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Tue, 23 Aug 2022 01:02:42 GMT
X-Proxy-Origin
81.95.5.37; 81.95.5.37; 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid
77dedc26-6f5d-4da1-b3e1-2352a1488c55
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
https://securityaffairs.co
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json; charset=utf-8
Content-Length
19
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
trinity.json
apex.go.sonobi.com/ 		30 B
618 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://apex.go.sonobi.com/trinity.json?key_maker=%7B%2210030758c57962ea%22%3A%22833199e4bd4003904bc3%7C300x250%7Cf%3D0.3%22%7D&ref=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F133736%2Fmalware%2Fdsirf-behind-subzero-malware.html&s=71265bf3-a00e-4f88-a051-e8d90b721a5b&pv=d8e33f8c-3de7-41bf-8991-a2bd0cefd085&vp=desktop&lib_name=prebid&lib_v=6.24.0-pre&us=0&ius=1&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22pixfuture.com%22%2C%22sid%22%3A%224142%22%2C%22hp%22%3A1%7D%5D%7D&userid=%7B%22id5id%22%3A%220%22%2C%22pubcid%22%3A%229afbc73b-f7d5-4dfc-bc4e-8b08e51d6dd6%22%7D&eids=%5B%7B%22source%22%3A%22id5-sync.com%22%2C%22uids%22%3A%5B%7B%22id%22%3A%220%22%2C%22atype%22%3A1%2C%22ext%22%3A%7B%22linkType%22%3A0%7D%7D%5D%7D%2C%7B%22source%22%3A%22pubcid.org%22%2C%22uids%22%3A%5B%7B%22id%22%3A%229afbc73b-f7d5-4dfc-bc4e-8b08e51d6dd6%22%2C%22atype%22%3A1%7D%5D%7D%5D&kw=european%2Cfirm%2Cdsirf%2Cbehind%2Cattacks%2Csubzero%2Csurveillance%2Cmalwaresecurity%2Caffairs&coppa=0
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
69.166.1.14 , United States, ASN27630 (AS-XFERNET, US),
Reverse DNS
Software
sonobi-go /
Resource Hash
bb836331fe0a3d9389f632440a016296ae78df6a82a201728cb8d77d268bdb38
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Tue, 23 Aug 2022 01:02:43 GMT
Server
sonobi-go
Vary
negotiate,Accept-Encoding
X-Go-Server
go-iad-2-5-33
P3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin
https://securityaffairs.co
Cache-Control
no-cache, no-store, private
Access-Control-Allow-Credentials
true
Tcn
Choice
Content-Type
application/json
Content-Length
30
X-Xss-Protection
0
Expires
Sat, 26 Jul 1997 05:00:00 GMT
hb
ssc.33across.com/api/v1/ 		0
0
/
ads.us.e-planning.net/uspd/1/ Frame F003
Redirect Chain
  • https://ads.us.e-planning.net/uspd/1/?du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
  • https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
2 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
46.249.52.249 Amsterdam, Netherlands, ASN50673 (SERVERIUS-AS, NL),
Reverse DNS
ads.us.e-planning.net
Software
openresty /
Resource Hash
373e5b81dbd8b457432edbcdb69e225751c79417f43f70f2cce60b66d353e084

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
max-age=0, no-cache
content-encoding
gzip
content-type
text/html
date
Tue, 23 Aug 2022 01:02:43 GMT
expires
Tue, 23 Aug 2022 01:02:43 GMT
p3p
policyref="http://ads.us.e-planning.net/p3p/eplanning.p3p", CP="NOI DSP COR NID CURa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV"
server
openresty
x-sid
AMS-738

Redirect headers

content-type
text/html; charset=iso-8859-1
date
Tue, 23 Aug 2022 01:02:43 GMT
location
/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
p3p
policyref="http://ads.us.e-planning.net/p3p/eplanning.p3p", CP="NOI DSP COR NID CURa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV"
server
openresty
x-sid
AMS-738
ptag
a.audrte.com/ Frame F003 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://a.audrte.com/ptag?p=M1353665098
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.200.207.25 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-200-207-25.compute-1.amazonaws.com
Software
nginx/1.18.0 /
Resource Hash
1e521dce475797cfe65f54a0a297c6d27c5952f70edbc78bb955d9e693def68f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.us.e-planning.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Date
Tue, 23 Aug 2022 01:02:43 GMT
Content-Encoding
gzip
Server
nginx/1.18.0
Vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods
POST, GET, OPTIONS
Content-Type
text/plain;charset=UTF-8
Access-Control-Allow-Origin
*
Cache-Control
no-transform, public, max-age=3600
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
1679
um
u-ams02.e-planning.net/ Frame F003
Redirect Chain
  • https://ib.adnxs.com/getuid?https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D8103fa85295fbe60%26fi%3D1122cdfada7bf47f%26uid%3D%24UID
  • https://u-ams02.e-planning.net/um?dc=8103fa85295fbe60&fi=1122cdfada7bf47f&uid=7779825215707672497
42 B
104 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://u-ams02.e-planning.net/um?dc=8103fa85295fbe60&fi=1122cdfada7bf47f&uid=7779825215707672497
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Server
46.249.52.248 Amsterdam, Netherlands, ASN50673 (SERVERIUS-AS, NL),
Reverse DNS
ads.us.e-planning.net
Software
openresty /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.us.e-planning.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 01:02:43 GMT
server
openresty
content-type
image/gif

Redirect headers

Pragma
no-cache
Date
Tue, 23 Aug 2022 01:02:43 GMT
X-Proxy-Origin
81.95.5.37; 81.95.5.37; 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid
fe07592e-18b5-4500-9ebc-8f730c9734ca
Server
nginx/1.21.3
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://u-ams02.e-planning.net/um?dc=8103fa85295fbe60&fi=1122cdfada7bf47f&uid=7779825215707672497
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
redirectuser
ssp.disqus.com/ Frame F003 		0
217 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ssp.disqus.com/redirectuser?r=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3De64f73568d2b3c34%26fi%3D1122cdfada7bf47f%26uid%3D%24UID&partner=eplanning
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.232.108.54 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-232-108-54.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.us.e-planning.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 23 Aug 2022 01:02:43 GMT
cache-control
no-store
vary
origin
expires
0
usync.html
eus.rubiconproject.com/ Frame 7352
Redirect Chain
  • https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?&p=eplanning_eu&endpoint=eu
  • https://eus.rubiconproject.com/usync.html?&p=eplanning_eu&endpoint=eu
281 B
554 B 		Document
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.html?&p=eplanning_eu&endpoint=eu
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
92.123.9.160 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a92-123-9-160.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer
https://ads.us.e-planning.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Connection
keep-alive
Content-Encoding
gzip
Content-Length
233
Content-Type
text/html; charset=UTF-8
Date
Tue, 23 Aug 2022 01:02:43 GMT
ETag
"40014-119-5d32342a551c0"
Last-Modified
Tue, 14 Dec 2021 23:07:59 GMT
Server
Apache/2.2.15 (CentOS)
Vary
Accept-Encoding

Redirect headers

access-control-allow-credentials
true
access-control-allow-origin
*
content-length
0
date
Tue, 23 Aug 2022 01:02:43 GMT
location
https://eus.rubiconproject.com/usync.html?&p=eplanning_eu&endpoint=eu
server
AkamaiGHost
usermatch
r.casalemedia.com/ Frame 8A36
Redirect Chain
  • https://ssum.casalemedia.com/usermatch?s=190243&cb=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3D1122cdfada7bf47f%26uid%3D
  • https://r.casalemedia.com/usermatch?cb=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3D1122cdfada7bf47f%26uid%3D&s=190243&C=1
2 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://r.casalemedia.com/usermatch?cb=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3D1122cdfada7bf47f%26uid%3D&s=190243&C=1
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.19.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
feee053a6a550932e1716966e78cfb37a4dabea49432710365e6c58cb34087f9

Request headers

Referer
https://ads.us.e-planning.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control
no-cache
cf-cache-status
DYNAMIC
cf-ray
73efeca04f88694f-FRA
content-encoding
br
content-type
text/html
date
Tue, 23 Aug 2022 01:02:43 GMT
dropped-udsids
241|39|230|45|17|196|65|156
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
expires
0
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
pragma
no-cache
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Mhf0xx1fIxuyfyBF6AlxDAbrKikY%2Bsrd34Ja%2FSGoEq0Q5yzClKlOhL9sIIinUsrbXcuda4j7XLyX5amhfBRWX8D%2BzDm6q%2F8nIk1L0hCP%2Bssgojc92XWU4f20THvNm0pZwmU3"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Is-Traffic-Usersync, Accept-Encoding

Redirect headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control
no-cache
cf-cache-status
DYNAMIC
cf-ray
73efec9fcb19bba9-FRA
content-type
text/html; charset=iso-8859-1
date
Tue, 23 Aug 2022 01:02:43 GMT
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
expires
0
location
https://r.casalemedia.com/usermatch?cb=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3D1122cdfada7bf47f%26uid%3D&s=190243&C=1
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
pragma
no-cache
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dYiy%2BgCw7KWk%2Fi6pwH7WUXIN58tTmDtPRU%2F7C2afrnEiCU4Mzn7I5%2B%2B8U%2B%2BD9sdXhl3WGHcjRH7cv%2BlkuEvsJ4Q85LhVilJzLTkkY12uDj%2B9B%2FG5i%2FUbu%2BFOsWA2ASGpsr%2FdFh50"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
navegg_2022_01_br.html
i.e-planning.net/esb/4/1/3fb8/2c3914c3ca0f7642/ Frame 65BD 		1 KB
1002 B 		Document
General
Check archive.org
Download Go to
Full URL
https://i.e-planning.net/esb/4/1/3fb8/2c3914c3ca0f7642/navegg_2022_01_br.html
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
205.234.175.175 , United States, ASN30081 (CACHENETWORKS, US),
Reverse DNS
vip1.G-anycast1.cachefly.net
Software
CFS 0215 /
Resource Hash
fda04c7b27b3db6bda165e1d1324e7c475edc1f3cc06e927a78f739d74992fcb

Request headers

Referer
https://ads.us.e-planning.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
access-control-allow-origin
*
cache-control
max-age=157680000
cf4age
136949
cf4ttl
157680000.000
content-encoding
gzip
content-length
624
content-type
text/html
date
Tue, 23 Aug 2022 01:02:43 GMT
etag
W/"61ddbb71-5f5"
expires
Tue, 18 May 2027 11:39:16 GMT
last-modified
Tue, 11 Jan 2022 17:16:33 GMT
server
CFS 0215
x-cf-reqid
19c1c50e485d6b66efe3039c2c2fe417
x-cf-tsc
1653097306
x-cf1
29080:fA.cdg1:co:1585621119:cacheB.cdg1-01:H
x-cf2
H
x-cf3
H
x-cff
B
/
onetag-sys.com/usync/ Frame 74DE 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://onetag-sys.com/usync/?pubId=5927d926323dc2c
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
51.89.9.253 London, United Kingdom, ASN16276 (OVH, FR),
Reverse DNS
ip253.ip-51-89-9.eu
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

Referer
https://ads.us.e-planning.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-store
strict-transport-security
max-age=15552000
/
spl.zeotap.com/ Frame 50E7 		8 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:1957 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
67bc099f3dad9e8d407de0f5b2f9b943497ce801a6182c8d22406d8140bd257a

Request headers

Referer
https://ads.us.e-planning.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-credentials
true
access-control-allow-headers
*
access-control-allow-origin
https://ads.us.e-planning.net
cf-cache-status
DYNAMIC
cf-ray
73efec9fbe279957-FRA
content-encoding
br
content-type
text/html
date
Tue, 23 Aug 2022 01:02:43 GMT
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
vary
Origin
via
1.1 google
getuid
ib.adnxs.com/ Frame 50E7 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ib.adnxs.com/getuid?https://mwzeom.zeotap.com/mw?adnxs_uid=$UID&zpartnerid=2&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=657abbc5-c17d-4d8c-74f1-339b1274ef87&reqId=f1a1bbda-0dfa-440c-7176-83ea04198e9a&zdid=1361
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.89.210.122 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers
pixel
cm.g.doubleclick.net/ Frame 50E7 		170 B
502 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=zeotap_ddp&google_cm&zpartnerid=1&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=657abbc5-c17d-4d8c-74f1-339b1274ef87&reqId=f1a1bbda-0dfa-440c-7176-83ea04198e9a&zdid=1361
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s48-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 23 Aug 2022 01:02:43 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
mw
mwzeom.zeotap.com/ Frame 50E7
Redirect Chain
  • https://pixel.tapad.com/idsync/ex/push?partner_url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BTA_DEVICE_ID%7D%26zpartnerid%3D5%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26...
  • https://pixel.tapad.com/idsync/ex/push/check?partner_url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BTA_DEVICE_ID%7D%26zpartnerid%3D5%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent...
  • https://mwzeom.zeotap.com/mw?cid=4415b4b3-bb77-4eb3-91b9-88b3940bd3c1&zpartnerid=5&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=657abbc5-c17d-4d8c-74f1-339b1274ef87&reqId=f1a1bbda-0dfa-440c...
95 B
153 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mwzeom.zeotap.com/mw?cid=4415b4b3-bb77-4eb3-91b9-88b3940bd3c1&zpartnerid=5&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=657abbc5-c17d-4d8c-74f1-339b1274ef87&reqId=f1a1bbda-0dfa-440c-7176-83ea04198e9a&zdid=1361
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Server
2606:4700:10::6816:1957 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 01:02:43 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin
content-type
image/png
access-control-allow-origin
https://spl.zeotap.com
access-control-allow-credentials
true
cf-ray
73efeca06e8c9957-FRA
access-control-allow-headers
*
content-length
95

Redirect headers

location
https://mwzeom.zeotap.com/mw?cid=4415b4b3-bb77-4eb3-91b9-88b3940bd3c1&zpartnerid=5&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=657abbc5-c17d-4d8c-74f1-339b1274ef87&reqId=f1a1bbda-0dfa-440c-7176-83ea04198e9a&zdid=1361
date
Tue, 23 Aug 2022 01:02:43 GMT
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
strict-transport-security
max-age=31536000
p3p
policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
/
dmp.adform.net/serving/cookie/match/ Frame 50E7 		0
331 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dmp.adform.net/serving/cookie/match/?party=1105&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=657abbc5-c17d-4d8c-74f1-339b1274ef87&reqId=f1a1bbda-0dfa-440c-7176-83ea04198e9a&zdid=1361
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.3.30 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 23 Aug 2022 01:02:43 GMT
server
nginx
access-control-max-age
86400
access-control-allow-methods
GET
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length
0
expires
-1
generic
match.adsrvr.org/track/cmf/ Frame 50E7 		70 B
264 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.adsrvr.org/track/cmf/generic?ttd_pid=2xlgrzl&ttd_tpi=1&ttd_puid=env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3D657abbc5-c17d-4d8c-74f1-339b1274ef87%26reqId%3Df1a1bbda-0dfa-440c-7176-83ea04198e9a%26zdid%3D1361&gdpr=1&gdpr_consent=
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
15.197.193.217 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a12b7a488abeaa9e4.awsglobalaccelerator.com
Software
/
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 23 Aug 2022 01:02:43 GMT
cache-control
private,no-cache, must-revalidate
x-aspnet-version
4.0.30319
content-type
image/gif
content-length
70
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
cm
trc.taboola.com/sg/zeotap/1/ Frame 50E7 		0
161 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://trc.taboola.com/sg/zeotap/1/cm?env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=657abbc5-c17d-4d8c-74f1-339b1274ef87&reqId=f1a1bbda-0dfa-440c-7176-83ea04198e9a&zdid=1361
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42::300 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

x-vcl-time-ms
8
date
Tue, 23 Aug 2022 01:02:43 GMT
via
1.1 varnish
server
nginx
x-timer
S1661216563.227709,VS0,VE8
x-cache
MISS
x-cache-hits
0
accept-ranges
bytes
content-length
0
x-served-by
cache-hhn4023-HHN
u
dmp.v.fwmrm.net/ad/ Frame 50E7 		0
411 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dmp.v.fwmrm.net/ad/u?mode=echo&cr=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D1368%26env%3DmWeb%26cid%3D%23%7Buser.id%7D%26gdpr%3D%24%7BGDPR_ENFORCED%7D%26gdpr_consent%3D%24%7BGDPR_CONSENT%7D
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f16:e61:3f01:ec47:44d4:778:a05a Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 23 Aug 2022 01:02:44 GMT
P3P
policyref="https://www.freewheel.tv/w3c/p3p.xml",CP="ALL DSP COR NID"
Cache-Control
no-store
Connection
keep-alive
Content-Type
text/html
Keep-Alive
timeout=300
Content-Length
0
Expires
0
UCookieSetPug
image6.pubmatic.com/AdServer/ Frame 50E7 		0
166 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://image6.pubmatic.com/AdServer/UCookieSetPug?gdpr=1&gdpr_consent=&rd=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D1384%26env%3DmWeb%26cid%3D%23PM_USER_ID%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3D657abbc5-c17d-4d8c-74f1-339b1274ef87%26reqId%3Df1a1bbda-0dfa-440c-7176-83ea04198e9a%26zdid%3D1361
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
198.47.127.19 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 01:02:42 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length
0
content-type
text/html; charset=UTF-8
mw
mwzeom.zeotap.com/ Frame 50E7
Redirect Chain
  • https://sync.tidaltv.com/genericusersync.ashx?dpid=3169&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=657abbc5-c17d-4d8c-74f1-339b1274ef87&reqId=f1a1bbda-0dfa-440c-7176-83ea04198e9a&zdid=1361
  • https://sync.tidaltv.com/genericusersync.ashx?dpid=3169&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=657abbc5-c17d-4d8c-74f1-339b1274ef87&reqId=f1a1bbda-0dfa-440c-7176-83ea04198e9a&zdid=136...
  • https://mwzeom.zeotap.com/mw?cid=465c6e62-b2b2-41ac-9851-19665f6e0631&zpartnerid=317&gdpr=1&gdpr_consent=
95 B
153 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mwzeom.zeotap.com/mw?cid=465c6e62-b2b2-41ac-9851-19665f6e0631&zpartnerid=317&gdpr=1&gdpr_consent=
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Server
2606:4700:10::6816:1957 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 01:02:43 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin
content-type
image/png
access-control-allow-origin
https://spl.zeotap.com
access-control-allow-credentials
true
cf-ray
73efeca17f5f9957-FRA
access-control-allow-headers
*
content-length
95

Redirect headers

location
https://mwzeom.zeotap.com/mw?cid=465c6e62-b2b2-41ac-9851-19665f6e0631&zpartnerid=317&gdpr=1&gdpr_consent=
pragma
no-cache
date
Tue, 23 Aug 2022 01:02:43 GMT
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-length
0
x-xss-protection
1; mode=block
expires
0
mw
mwzeom.zeotap.com/ Frame 50E7
Redirect Chain
  • https://dpm.demdex.net/ibs:dpid=199624&dpuuid=657abbc5-c17d-4d8c-74f1-339b1274ef87&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BDD_UUID%7D%26zpartnerid%3D314%26env%3DmWeb%26eventType%3D...
  • https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=199624&dpuuid=657abbc5-c17d-4d8c-74f1-339b1274ef87&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BDD_UUID%7D%26zpartnerid%3D314%26env...
  • https://mwzeom.zeotap.com/mw?cid=39569792789410797180614719976620002799&zpartnerid=314&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=657abbc5-c17d-4d8c-74f1-339b1274ef87&reqId=f1a1bbda-0dfa-...
95 B
153 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mwzeom.zeotap.com/mw?cid=39569792789410797180614719976620002799&zpartnerid=314&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=657abbc5-c17d-4d8c-74f1-339b1274ef87&reqId=f1a1bbda-0dfa-440c-7176-83ea04198e9a&zdid=1361
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Server
2606:4700:10::6816:1957 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 01:02:43 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin
content-type
image/png
access-control-allow-origin
https://spl.zeotap.com
access-control-allow-credentials
true
cf-ray
73efeca1af769957-FRA
access-control-allow-headers
*
content-length
95

Redirect headers

DCS
dcs-prod-irl1-1-v038-0fb401301.edge-irl1.demdex.com 2 ms
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-TID
7kv8rkywT7g=
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location
https://mwzeom.zeotap.com/mw?cid=39569792789410797180614719976620002799&zpartnerid=314&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=657abbc5-c17d-4d8c-74f1-339b1274ef87&reqId=f1a1bbda-0dfa-440c-7176-83ea04198e9a&zdid=1361
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Length
0
Expires
Thu, 01 Jan 1970 00:00:00 UTC
/
loadeu.exelator.com/load/ Frame 50E7 		0
324 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://loadeu.exelator.com/load/?p=709&g=008&j=0&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=657abbc5-c17d-4d8c-74f1-339b1274ef87&reqId=f1a1bbda-0dfa-440c-7176-83ea04198e9a&zdid=1361
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.198.69.109 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-198-69-109.eu-central-1.compute.amazonaws.com
Software
nginx / Undertow/1
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 01:02:43 GMT
cache-control
no-cache
access-control-allow-credentials
true
server
nginx
x-powered-by
Undertow/1
p3p
policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA, policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA
mw
mwzeom.zeotap.com/ Frame 50E7
Redirect Chain
  • https://bn01.er.bemail.it/zeotap.php?_bid=657abbc5-c17d-4d8c-74f1-339b1274ef87&_from=Zeotap&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=657abbc5-c17d-4d8c-74f1-339b1274ef87&reqId=f1a1bbda-...
  • https://mwzeom.zeotap.com/mw?cid=BE1-2022082310-15991-0.713824001661242946-6a8ec3fe901478b5d9e8381aaa8e922c&zdid=533&env=mWeb
95 B
153 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mwzeom.zeotap.com/mw?cid=BE1-2022082310-15991-0.713824001661242946-6a8ec3fe901478b5d9e8381aaa8e922c&zdid=533&env=mWeb
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Server
2606:4700:10::6816:1957 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 01:02:43 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin
content-type
image/png
access-control-allow-origin
https://spl.zeotap.com
access-control-allow-credentials
true
cf-ray
73efeca09ebc9957-FRA
access-control-allow-headers
*
content-length
95

Redirect headers

Location
https://mwzeom.zeotap.com/mw?cid=BE1-2022082310-15991-0.713824001661242946-6a8ec3fe901478b5d9e8381aaa8e922c&zdid=533&env=mWeb
Date
Tue, 23 Aug 2022 08:22:26 GMT
Server
nginx/1.10.2
Connection
keep-alive
X-Powered-By
PHP/5.4.16
Transfer-Encoding
chunked
Content-Type
text/html
mw
mwzeom.zeotap.com/ Frame 50E7
Redirect Chain
  • https://dsp.adfarm1.adition.com/cookie/?redirect=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%25%25COOKIE%25%25%26env%3DmWeb%26zpartnerid%3D563%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_con...
  • https://mwzeom.zeotap.com/mw?cid=7134870809663699093&env=mWeb&zpartnerid=563&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=657abbc5-c17d-4d8c-74f1-339b1274ef87&reqId=f1a1bbda-0dfa-440c-7176-...
95 B
153 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mwzeom.zeotap.com/mw?cid=7134870809663699093&env=mWeb&zpartnerid=563&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=657abbc5-c17d-4d8c-74f1-339b1274ef87&reqId=f1a1bbda-0dfa-440c-7176-83ea04198e9a&zdid=1361
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Server
2606:4700:10::6816:1957 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 01:02:43 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin
content-type
image/png
access-control-allow-origin
https://spl.zeotap.com
access-control-allow-credentials
true
cf-ray
73efeca09eb89957-FRA
access-control-allow-headers
*
content-length
95

Redirect headers

Location
https://mwzeom.zeotap.com/mw?cid=7134870809663699093&env=mWeb&zpartnerid=563&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=657abbc5-c17d-4d8c-74f1-339b1274ef87&reqId=f1a1bbda-0dfa-440c-7176-83ea04198e9a&zdid=1361
Date
Tue, 23 Aug 2022 01:02:43 GMT
Server
nginx
Connection
keep-alive
Transfer-Encoding
chunked
p3p
policyref="http://imagesrv.adition.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"
receive
pixel.tapad.com/idsync/ex/ Frame 50E7 		95 B
113 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.tapad.com/idsync/ex/receive?partner_id=2885&partner_device_id=657abbc5-c17d-4d8c-74f1-339b1274ef87
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.227.248.159 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
159.248.227.35.bc.googleusercontent.com
Software
/
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 01:02:43 GMT
via
1.1 google
content-type
image/png
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
95
strict-transport-security
max-age=31536000
p3p
policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
mw
mwzeom.zeotap.com/ Frame 50E7
Redirect Chain
  • https://idsync.frontend.weborama.fr/ids?key=zeotap&value=657abbc5-c17d-4d8c-74f1-339b1274ef87&url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fwebouuid%3D%7BWEBO_CID%7D%26env%3DmWeb%26zpartnerid%3D431%26...
  • https://idsync.frontend.weborama.fr/ids?key=zeotap&value=657abbc5-c17d-4d8c-74f1-339b1274ef87&url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fwebouuid%3D%7BWEBO_CID%7D%26env%3DmWeb%26zpartnerid%3D431%26...
  • https://mwzeom.zeotap.com/mw?webouuid=917u33a5AJjt62AnIQjA6u&env=mWeb&zpartnerid=431&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=657abbc5-c17d-4d8c-74f1-339b1274ef87&reqId=f1a1bbda-0dfa-44...
95 B
153 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mwzeom.zeotap.com/mw?webouuid=917u33a5AJjt62AnIQjA6u&env=mWeb&zpartnerid=431&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=657abbc5-c17d-4d8c-74f1-339b1274ef87&reqId=f1a1bbda-0dfa-440c-7176-83ea04198e9a&zdid=1361
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Server
2606:4700:10::6816:1957 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 01:02:43 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin
content-type
image/png
access-control-allow-origin
https://spl.zeotap.com
access-control-allow-credentials
true
cf-ray
73efeca0eef19957-FRA
access-control-allow-headers
*
content-length
95

Redirect headers

pragma
no-cache
date
Tue, 23 Aug 2022 01:02:42 GMT
via
1.1 google
last-modified
Tue, 23 Aug 2022 01:02:43 GMT
server
Weborama Collect Frontend
location
https://mwzeom.zeotap.com/mw?webouuid=917u33a5AJjt62AnIQjA6u&env=mWeb&zpartnerid=431&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=657abbc5-c17d-4d8c-74f1-339b1274ef87&reqId=f1a1bbda-0dfa-440c-7176-83ea04198e9a&zdid=1361
p3p
CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin
*
cache-control
no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Tue, 03 Jul 2001 06:00:00 GMT
2.gif
dmp.theadex.com/d/949/i/ Frame 50E7 		0
219 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dmp.theadex.com/d/949/i/2.gif?axd_fuid=657abbc5-c17d-4d8c-74f1-339b1274ef87&axd_pid=175
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.15.245.82 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 23 Aug 2022 01:02:43 GMT
cache-control
no-store, no-cache, must-revalidate
content-length
0
expires
0
mw
mwzeom.zeotap.com/ Frame 50E7
Redirect Chain
  • https://bcp.crwdcntrl.net/map/c=13620/tp=ZEOT/tpid=657abbc5-c17d-4d8c-74f1-339b1274ef87?https://mwzeom.zeotap.com/mw?pid=${profile_id}&zpartnerid=637&env=mWeb&gdpr=1&gdpr_consent=&env=mWeb&eventTyp...
  • https://bcp.crwdcntrl.net/map/ct=y/c=13620/tp=ZEOT/tpid=657abbc5-c17d-4d8c-74f1-339b1274ef87?https://mwzeom.zeotap.com/mw?pid=${profile_id}&zpartnerid=637&env=mWeb&gdpr=1&gdpr_consent=&env=mWeb&eve...
  • https://mwzeom.zeotap.com/mw?pid=&zpartnerid=637&env=mWeb&gdpr=1&gdpr_consent=&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=657abbc5-c17d-4d8c-74f1-339b1274ef87&reqId=f1a1bbda-0dfa-440c-717...
95 B
153 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mwzeom.zeotap.com/mw?pid=&zpartnerid=637&env=mWeb&gdpr=1&gdpr_consent=&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=657abbc5-c17d-4d8c-74f1-339b1274ef87&reqId=f1a1bbda-0dfa-440c-7176-83ea04198e9a&zdid=1361
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Server
2606:4700:10::6816:1957 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 01:02:43 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin
content-type
image/png
access-control-allow-origin
https://spl.zeotap.com
access-control-allow-credentials
true
cf-ray
73efeca1af759957-FRA
access-control-allow-headers
*
content-length
95

Redirect headers

pragma
no-cache
date
Tue, 23 Aug 2022 01:02:43 GMT
server
Jetty(9.4.38.v20210224)
p3p
CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
location
https://mwzeom.zeotap.com/mw?pid=&zpartnerid=637&env=mWeb&gdpr=1&gdpr_consent=&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=657abbc5-c17d-4d8c-74f1-339b1274ef87&reqId=f1a1bbda-0dfa-440c-7176-83ea04198e9a&zdid=1361
expires
0
cache-control
no-cache
x-server
10.45.17.95
content-length
0
x-consent
absent
mw
mwzeom.zeotap.com/ Frame 50E7
Redirect Chain
  • https://cms.analytics.yahoo.com/cms?partner_id=ZTAP
  • https://mwzeom.zeotap.com/mw?cid=y-UKQzciRE2ooDiIkT_0J9vGHByhBzGSto0A--~A&zpartnerid=570&env=mWeb
95 B
153 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mwzeom.zeotap.com/mw?cid=y-UKQzciRE2ooDiIkT_0J9vGHByhBzGSto0A--~A&zpartnerid=570&env=mWeb
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Server
2606:4700:10::6816:1957 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 01:02:43 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin
content-type
image/png
access-control-allow-origin
https://spl.zeotap.com
access-control-allow-credentials
true
cf-ray
73efeca1cf869957-FRA
access-control-allow-headers
*
content-length
95

Redirect headers

date
Tue, 23 Aug 2022 01:02:43 GMT
via
http/1.1 spdc0109.pbp.ir2.yahoo.com (ApacheTrafficServer)
server
ATS
age
0
strict-transport-security
max-age=31536000
content-type
text/html;charset=utf-8
location
https://mwzeom.zeotap.com/mw?cid=y-UKQzciRE2ooDiIkT_0J9vGHByhBzGSto0A--~A&zpartnerid=570&env=mWeb
content-length
0
mw
mwzeom.zeotap.com/ Frame 50E7
Redirect Chain
  • https://aa.agkn.com/adscores/g.pixel?sid=9212299398&zctry=DEU&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=657abbc5-c17d-4d8c-74f1-339b1274ef87&reqId=f1a1bbda-0dfa-440c-7176-83ea04198e9a&zd...
  • https://mwzeom.zeotap.com/mw?zpartnerid=660&env=mWeb&zctry=DEU&zdid=1361&cid=lwS6x6TnrYpl3dfw4ANLBzQL3XqM1hb9%2BS41iYitP1U%3D
95 B
164 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mwzeom.zeotap.com/mw?zpartnerid=660&env=mWeb&zctry=DEU&zdid=1361&cid=lwS6x6TnrYpl3dfw4ANLBzQL3XqM1hb9%2BS41iYitP1U%3D
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
H2
Server
2606:4700:10::6816:1957 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 01:02:43 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin
content-type
image/png
access-control-allow-origin
https://spl.zeotap.com
access-control-allow-credentials
true
cf-ray
73efeca02e659957-FRA
access-control-allow-headers
*
content-length
95

Redirect headers

pragma
no-cache
date
Tue, 23 Aug 2022 01:02:43 GMT
server
AAWebServer
location
https://mwzeom.zeotap.com/mw?zpartnerid=660&env=mWeb&zctry=DEU&zdid=1361&cid=lwS6x6TnrYpl3dfw4ANLBzQL3XqM1hb9%2BS41iYitP1U%3D
access-control-allow-methods
GET, POST, OPTIONS
p3p
policyref="https://www.agkn.com/p3p/p3p.xml",CP="NOI NID"
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
access-control-allow-headers
accept, cache-control, origin, x-requested-with, x-file-name, content-type
expires
0
usermatch.gif
beacon.krxd.net/ Frame 50E7 		0
338 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://beacon.krxd.net/usermatch.gif?partner=zeotap&partner_uid=141838&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=657abbc5-c17d-4d8c-74f1-339b1274ef87&reqId=f1a1bbda-0dfa-440c-7176-83ea04198e9a&zdid=1361
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.73.80.98 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-73-80-98.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 01:02:43 GMT
cache-control
private, no-cache, no-store
x-request-time
D=37 t=1661216563
x-served-by
beacon-n002-dub-prod.krxd.net
p3p
policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
/
sync.richaudience.com/1988B3F6BED450961C9D70DD91/ Frame 50E7 		95 B
361 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.richaudience.com/1988B3F6BED450961C9D70DD91/?uuid=657abbc5-c17d-4d8c-74f1-339b1274ef87&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=657abbc5-c17d-4d8c-74f1-339b1274ef87&reqId=f1a1bbda-0dfa-440c-7176-83ea04198e9a&zdid=1361
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
157.90.211.246 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.246.211.90.157.clients.your-server.de
Software
nginx/1.14.2 /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 01:02:43 GMT
server
nginx/1.14.2
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
content-type
image/png
cQZGoH6Q
sync-tm.everesttech.net/upi/pid/ Frame 50E7 		0
0
mw
mwzeom.zeotap.com/ Frame 50E7
Redirect Chain
  • https://pixel.mathtag.com/sync/img?mt_exid=10092&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%5BMM_UUID%5D%26env%3DmWeb%26zpartnerid%3D979%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_co...
  • https://mwzeom.zeotap.com/mw?cid=98066304-2733-4000-bf11-d38943c8bf93&env=mWeb&zpartnerid=979&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=657abbc5-c17d-4d8c-74f1-339b1274ef87&reqId=f1a1bbd...
95 B
176 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mwzeom.zeotap.com/mw?cid=98066304-2733-4000-bf11-d38943c8bf93&env=mWeb&zpartnerid=979&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=657abbc5-c17d-4d8c-74f1-339b1274ef87&reqId=f1a1bbda-0dfa-440c-7176-83ea04198e9a&zdid=1361
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Server
2606:4700:10::6816:1957 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 01:02:44 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin
content-type
image/png
access-control-allow-origin
https://spl.zeotap.com
access-control-allow-credentials
true
cf-ray
73efeca529da9957-FRA
access-control-allow-headers
*
content-length
95

Redirect headers

Date
Tue, 23 Aug 2022 01:02:44 GMT
Server
MT3 4494 7cf1da7 master zrh-pixel-x28 config:1.0.0
Access-Control-Allow-Origin
*
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Location
https://mwzeom.zeotap.com/mw?cid=98066304-2733-4000-bf11-d38943c8bf93&env=mWeb&zpartnerid=979&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=657abbc5-c17d-4d8c-74f1-339b1274ef87&reqId=f1a1bbda-0dfa-440c-7176-83ea04198e9a&zdid=1361
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Content-Length
0
Expires
Tue, 23 Aug 2022 01:02:43 GMT
usermatch.gif
beacon.krxd.net/ Frame 50E7
Redirect Chain
  • https://usermatch.krxd.net/um/v2?partner=zeotap&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=657abbc5-c17d-4d8c-74f1-339b1274ef87&reqId=f1a1bbda-0dfa-440c-7176-83ea04198e9a&zdid=1361
  • https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=zeotap&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=657abbc5-c17d-4d8c-74f1-339b1274ef87&reqId=f1a1bbda-0dfa-440c-7176-83ea0419...
0
337 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=zeotap&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=657abbc5-c17d-4d8c-74f1-339b1274ef87&reqId=f1a1bbda-0dfa-440c-7176-83ea04198e9a&zdid=1361
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Server
54.73.80.98 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-73-80-98.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 01:02:43 GMT
cache-control
private, no-cache, no-store
x-request-time
D=34 t=1661216563
x-served-by
beacon-n024-dub-prod.krxd.net
p3p
policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

location
https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=zeotap&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=657abbc5-c17d-4d8c-74f1-339b1274ef87&reqId=f1a1bbda-0dfa-440c-7176-83ea04198e9a&zdid=1361
date
Tue, 23 Aug 2022 01:02:43 GMT
x-cache-hits
0
x-age
0
content-length
0
x-cache
MISS
x-served-by
usermatch-a001-ash-prod.krxd.net
dcm
aax-eu.amazon-adsystem.com/s/ Frame 50E7
Redirect Chain
  • https://aax-eu.amazon-adsystem.com/s/dcm?pid=cda341cb-196c-4da8-897b-752ce4bb588d&id=657abbc5-c17d-4d8c-74f1-339b1274ef87&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=657abbc5-c17d-4d8c-74f...
  • https://aax-eu.amazon-adsystem.com/s/dcm?pid=cda341cb-196c-4da8-897b-752ce4bb588d&id=657abbc5-c17d-4d8c-74f1-339b1274ef87&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=657abbc5-c17d-4d8c-74f...
43 B
645 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aax-eu.amazon-adsystem.com/s/dcm?pid=cda341cb-196c-4da8-897b-752ce4bb588d&id=657abbc5-c17d-4d8c-74f1-339b1274ef87&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=657abbc5-c17d-4d8c-74f1-339b1274ef87&reqId=f1a1bbda-0dfa-440c-7176-83ea04198e9a&zdid=1361&dcc=t
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
HTTP/1.1
Server
52.95.115.255 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 23 Aug 2022 01:02:43 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
KGBQT845CS1EAX605588
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Tue, 23 Aug 2022 01:02:43 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
CTZMQCB8H4JDS4WS1R9J
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location
https://aax-eu.amazon-adsystem.com/s/dcm?pid=cda341cb-196c-4da8-897b-752ce4bb588d&id=657abbc5-c17d-4d8c-74f1-339b1274ef87&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=657abbc5-c17d-4d8c-74f1-339b1274ef87&reqId=f1a1bbda-0dfa-440c-7176-83ea04198e9a&zdid=1361&dcc=t
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Length
0
Expires
Thu, 01 Jan 1970 00:00:00 GMT
dcm
s.amazon-adsystem.com/ Frame 50E7
Redirect Chain
  • https://s.amazon-adsystem.com/dcm?pid=39af290e-e48a-466a-ba7d-77872fa636b5&id=657abbc5-c17d-4d8c-74f1-339b1274ef87&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=657abbc5-c17d-4d8c-74f1-339b1...
  • https://s.amazon-adsystem.com/dcm?pid=39af290e-e48a-466a-ba7d-77872fa636b5&id=657abbc5-c17d-4d8c-74f1-339b1274ef87&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=657abbc5-c17d-4d8c-74f1-339b1...
43 B
645 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.amazon-adsystem.com/dcm?pid=39af290e-e48a-466a-ba7d-77872fa636b5&id=657abbc5-c17d-4d8c-74f1-339b1274ef87&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=657abbc5-c17d-4d8c-74f1-339b1274ef87&reqId=f1a1bbda-0dfa-440c-7176-83ea04198e9a&zdid=1361&dcc=t
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
HTTP/1.1
Server
52.46.130.91 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 23 Aug 2022 01:02:43 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
FRQ34SV6VMPXAVQCTGDC
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Tue, 23 Aug 2022 01:02:43 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
702CHTGGGT5PH85TG0ZD
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location
https://s.amazon-adsystem.com/dcm?pid=39af290e-e48a-466a-ba7d-77872fa636b5&id=657abbc5-c17d-4d8c-74f1-339b1274ef87&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=657abbc5-c17d-4d8c-74f1-339b1274ef87&reqId=f1a1bbda-0dfa-440c-7176-83ea04198e9a&zdid=1361&dcc=t
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Length
0
Expires
Thu, 01 Jan 1970 00:00:00 GMT
87734
tags.bluekai.com/site/ Frame 50E7 		0
145 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tags.bluekai.com/site/87734?id=657abbc5-c17d-4d8c-74f1-339b1274ef87&gdpr=1&gdpr_consent=&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D1202%26env%3DmWeb%26cid%3D%24_BK_UUID%26BK_SWAP_DEST%3D87734&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=657abbc5-c17d-4d8c-74f1-339b1274ef87&reqId=f1a1bbda-0dfa-440c-7176-83ea04198e9a&zdid=1361
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.7.201.234 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-7-201-234.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 01:02:43 GMT
content-length
0
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
mw
mwzeom.zeotap.com/ Frame 50E7
Redirect Chain
  • https://obgpm76tt0a0sgogzhdfe.redinuid.imrworldwide.com/zeo?url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D1395%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3D657...
  • https://mwzeom.zeotap.com/mw?zpartnerid=1395&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=657abbc5-c17d-4d8c-74f1-339b1274ef87&reqId=f1a1bbda-0dfa-440c-7176-83ea04198e9a&zdid=1361
95 B
153 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mwzeom.zeotap.com/mw?zpartnerid=1395&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=657abbc5-c17d-4d8c-74f1-339b1274ef87&reqId=f1a1bbda-0dfa-440c-7176-83ea04198e9a&zdid=1361
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Server
2606:4700:10::6816:1957 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 01:02:43 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin
content-type
image/png
access-control-allow-origin
https://spl.zeotap.com
access-control-allow-credentials
true
cf-ray
73efeca378c79957-FRA
access-control-allow-headers
*
content-length
95

Redirect headers

location
https://mwzeom.zeotap.com/mw?zpartnerid=1395&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=657abbc5-c17d-4d8c-74f1-339b1274ef87&reqId=f1a1bbda-0dfa-440c-7176-83ea04198e9a&zdid=1361
date
Tue, 23 Aug 2022 01:02:43 GMT
cross-origin-resource-policy
cross-origin
content-length
0
cmp.min.js
spl.zeotap.com/ Frame 50E7 		557 B
470 B 		Script
General
Check archive.org
Download Go to
Full URL
https://spl.zeotap.com/cmp.min.js?env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=657abbc5-c17d-4d8c-74f1-339b1274ef87&reqId=f1a1bbda-0dfa-440c-7176-83ea04198e9a&zdid=1361
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:1957 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a78d5d54947006c52b6ddb1f6ae32c6541d2150da14dfb368d6940e2f9c17bbd

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

cf-ray
73efec9ffe489957-FRA
date
Tue, 23 Aug 2022 01:02:43 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin, Accept-Encoding
content-type
text/plain; charset=utf-8
access-control-allow-origin
https://spl.zeotap.com
access-control-allow-credentials
true
content-encoding
br
access-control-allow-headers
*
cmp
spl.zeotap.com/ Frame 50E7 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://spl.zeotap.com/cmp?env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=657abbc5-c17d-4d8c-74f1-339b1274ef87&reqId=f1a1bbda-0dfa-440c-7176-83ea04198e9a&zdid=1361&cmp=0
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/cmp.min.js?env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=657abbc5-c17d-4d8c-74f1-339b1274ef87&reqId=f1a1bbda-0dfa-440c-7176-83ea04198e9a&zdid=1361
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:1957 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-credentials
true
access-control-allow-headers
*
access-control-allow-origin
https://spl.zeotap.com
cf-cache-status
DYNAMIC
cf-ray
73efeca01e639957-FRA
date
Tue, 23 Aug 2022 01:02:43 GMT
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
vary
Origin
via
1.1 google
dcm
s.amazon-adsystem.com/ Frame 8A36
Redirect Chain
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YwQnM2UlIhxPnAzDgoUIbAAABJgAAAIB
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YwQnM2UlIhxPnAzDgoUIbAAABJgAAAIB&dcc=t
43 B
645 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YwQnM2UlIhxPnAzDgoUIbAAABJgAAAIB&dcc=t
Requested by
Host: r.casalemedia.com
URL: https://r.casalemedia.com/usermatch?cb=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3D1122cdfada7bf47f%26uid%3D&s=190243&C=1
Protocol
HTTP/1.1
Server
52.46.130.91 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://r.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 23 Aug 2022 01:02:43 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
HCAVNK26XQMVFTEHV2XM
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Tue, 23 Aug 2022 01:02:43 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
5MFR6XCSDPYXTR4SFX07
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YwQnM2UlIhxPnAzDgoUIbAAABJgAAAIB&dcc=t
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Length
0
Expires
Thu, 01 Jan 1970 00:00:00 GMT
casale
match.adsrvr.org/track/cmf/ Frame 8A36 		70 B
264 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.adsrvr.org/track/cmf/casale?gdpr=1
Requested by
Host: r.casalemedia.com
URL: https://r.casalemedia.com/usermatch?cb=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3D1122cdfada7bf47f%26uid%3D&s=190243&C=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
15.197.193.217 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a12b7a488abeaa9e4.awsglobalaccelerator.com
Software
/
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://r.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 23 Aug 2022 01:02:43 GMT
cache-control
private,no-cache, must-revalidate
x-aspnet-version
4.0.30319
content-type
image/gif
content-length
70
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
pixel
cm.g.doubleclick.net/ Frame 8A36 		170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=YwQnM2UlIhxPnAzDgoUIbAAABJgAAAIB&gdpr_consent=&us_privacy=&gdpr=1
Requested by
Host: r.casalemedia.com
URL: https://r.casalemedia.com/usermatch?cb=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3D1122cdfada7bf47f%26uid%3D&s=190243&C=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s48-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://r.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 23 Aug 2022 01:02:43 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
crum
dsum-sec.casalemedia.com/ Frame 8A36
Redirect Chain
  • https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D&gdpr=1
  • https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=YwQnM2UlIhxPnAzDgoUIbAAA
  • https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=casale_media2_dbm&google_cm=&google_sc=&google_hm=YwQnM2UlIhxPnAzDgoUIbAAA&google_tc=
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEGWJEvTLMtZuembPqPci4mo&google_cver=1&gdpr=1
43 B
904 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEGWJEvTLMtZuembPqPci4mo&google_cver=1&gdpr=1
Requested by
Host: r.casalemedia.com
URL: https://r.casalemedia.com/usermatch?cb=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3D1122cdfada7bf47f%26uid%3D&s=190243&C=1
Protocol
H3
Server
104.18.19.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://r.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

cf-ray
73efeca13cc0904c-FRA
pragma
no-cache
date
Tue, 23 Aug 2022 01:02:43 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oGhF1BctN%2FxlO9FTsa%2Bw000Acovlamp4RoZu3Jh9Td%2FDugpSVHS6oe7VI0xXWllQsP7PD7CWC71cK9cFJ4DuHF2VNZYT96YG6wxm0UavN1ljxrtYf7GisEvJA35a5hpLVTO4qHDo1eaSOQ%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
cache-control
no-cache
content-type
image/gif
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
43
expires
0

Redirect headers

pragma
no-cache
date
Tue, 23 Aug 2022 01:02:43 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEGWJEvTLMtZuembPqPci4mo&google_cver=1&gdpr=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
325
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
crum
dsum-sec.casalemedia.com/ Frame 8A36
Redirect Chain
  • https://b1sync.zemanta.com/usersync/index/?us_privacy=&gdpr=1&gdpr_consent=
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=17&external_user_id=&gdpr=1
43 B
914 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=17&external_user_id=&gdpr=1
Requested by
Host: r.casalemedia.com
URL: https://r.casalemedia.com/usermatch?cb=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3D1122cdfada7bf47f%26uid%3D&s=190243&C=1
Protocol
H3
Server
104.18.19.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://r.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

cf-ray
73efeca2ddaf904c-FRA
pragma
no-cache
date
Tue, 23 Aug 2022 01:02:43 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BjkCD9bBgnlO14gVsW6HUmR6tuornHn8FJ0fORMlWVn0%2FzjO%2Byno7xycJ0WXNKGMN%2BMhpcH3CjxjvGbvVyXGW5QHQq%2BIoZZLOwi55K0Hv%2Bof9JinZjxnBMMdtslp%2BPfCsCdhF0HBibENQA%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
cache-control
no-cache
content-type
image/gif
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
43
expires
0

Redirect headers

Location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=17&external_user_id=&gdpr=1
Pragma
no-cache
Date
Tue, 23 Aug 2022 01:02:43 GMT
Cache-Control
no-cache, no-store, must-revalidate
Expires
Thu, 01 Dec 1994 16:00:00 GMT
Content-Length
106
Content-Type
text/html; charset=utf-8
crum
dsum-sec.casalemedia.com/ Frame 8A36
Redirect Chain
  • https://gu.dyntrk.com/adx/ie/us.php?dynk=1nd3xx6ch1&gdpr=1
  • https://gu.dyntrk.com/adx/ie/us.php?dynk=1nd3xx6ch1&gdpr=1&prevuid=&knw=0
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=196&external_user_id=
43 B
946 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=196&external_user_id=
Requested by
Host: r.casalemedia.com
URL: https://r.casalemedia.com/usermatch?cb=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3D1122cdfada7bf47f%26uid%3D&s=190243&C=1
Protocol
H3
Server
104.18.19.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://r.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

cf-ray
73efeca11ca7904c-FRA
pragma
no-cache
date
Tue, 23 Aug 2022 01:02:43 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TiUz05OCkis0F7S9IrgykOkekkeC%2BfATUfzjPFJNP1D3G13DHAPAiJeRZl57jRajfZNAwColcC1S5sARMzguLkg6IB87jHLS%2BVUo%2BhCJrZjAwiVnDbepwHcQJfCP2%2BhlWUxEWsV%2FJLjSvg%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
cache-control
no-cache
content-type
image/gif
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
43
expires
0

Redirect headers

date
Tue, 23 Aug 2022 01:02:43 GMT
server
nginx
access-control-allow-origin
*
transfer-encoding
chunked
access-control-allow-methods
POST, GET, OPTIONS
p3p
CP="NOI DEV OUR BUS UNI"
location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=196&external_user_id=
cache-control
no-cache
content-type
text/html; charset=UTF-8
access-control-allow-headers
Origin
keep-alive
timeout=10
rum
dsum.casalemedia.com/ Frame 8A36
Redirect Chain
  • https://casale-match.dotomi.com/match/bounce/current?networkId=19998&version=1&gdpr=1
  • https://dsum.casalemedia.com/rum?cm_dsp_id=65&external_user_id=&expiration=1661302963&gdpr=1
43 B
947 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum.casalemedia.com/rum?cm_dsp_id=65&external_user_id=&expiration=1661302963&gdpr=1
Requested by
Host: r.casalemedia.com
URL: https://r.casalemedia.com/usermatch?cb=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3D1122cdfada7bf47f%26uid%3D&s=190243&C=1
Protocol
H2
Server
104.18.19.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://r.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

cf-ray
73efeca19b9168f7-FRA
pragma
no-cache
date
Tue, 23 Aug 2022 01:02:43 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BhH8Us4aEJpHH9dMtgthfjOYuRrw4zD1yFheew9UUq9BCQW7ao%2F7NSG2uV5pjKKg9GxfC%2Bs7Y5uQq4LhILp%2FQkjGh03fM54ivL%2BXuPfoOpYYO737QfZB%2BK6kh91U5UneuKS0OBrC"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
cache-control
no-cache
content-type
image/gif
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
43
expires
0

Redirect headers

location
https://dsum.casalemedia.com/rum?cm_dsp_id=65&external_user_id=&expiration=1661302963&gdpr=1
pragma
no-cache
date
Tue, 23 Aug 2022 01:02:43 GMT
cache-control
no-cache, private, max-age=0, no-store
server
nginx
content-length
0
expires
0
cookiesync
bttrack.com/pixel/ Frame 8A36 		35 B
380 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bttrack.com/pixel/cookiesync?source=67e94f23-25d6-4008-8236-375d1743c2e0&secure=1
Requested by
Host: r.casalemedia.com
URL: https://r.casalemedia.com/usermatch?cb=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3D1122cdfada7bf47f%26uid%3D&s=190243&C=1
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
192.132.33.46 , United States, ASN18568 (BIDTELLECT, US),
Reverse DNS
46.bidtellect.com
Software
Microsoft-IIS/8.5 /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://r.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

X-ServerName
Track001-iad
Pragma
no-cache
Date
Tue, 23 Aug 2022 01:02:20 GMT
X-AspNetMvc-Version
5.2
Server
Microsoft-IIS/8.5
X-AspNet-Version
4.0.30319
P3P
CP="CAO DSP COR ADMo DEVo PSAo PSDo HISo IVAo IVDo OUR IND OTC"
Cache-Control
private,no-cache
Content-Type
image/gif
Content-Length
35
Expires
-1
um
u-ams02.e-planning.net/ Frame 8A36 		42 B
103 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://u-ams02.e-planning.net/um?dc=99e41df815fd80b4&fi=1122cdfada7bf47f&uid=YwQnM2UlIhxPnAzDgoUIbAAA%261176
Requested by
Host: r.casalemedia.com
URL: https://r.casalemedia.com/usermatch?cb=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3D1122cdfada7bf47f%26uid%3D&s=190243&C=1
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
46.249.52.248 Amsterdam, Netherlands, ASN50673 (SERVERIUS-AS, NL),
Reverse DNS
ads.us.e-planning.net
Software
openresty /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://r.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 01:02:43 GMT
server
openresty
content-type
image/gif
usync.js
eus.rubiconproject.com/ Frame 7352 		31 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.js
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?&p=eplanning_eu&endpoint=eu
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
92.123.9.160 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a92-123-9-160.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash
ebf9218a016a4a06e257c70b58ebef5da0dc3ae22a3e28b9d394e688f54a228a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/usync.html?&p=eplanning_eu&endpoint=eu
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Date
Tue, 23 Aug 2022 01:02:43 GMT
Content-Encoding
gzip
Last-Modified
Wed, 17 Aug 2022 13:55:35 GMT
Server
Apache/2.2.15 (CentOS)
X-Powered-By
PHP/5.3.3
Vary
Accept-Encoding
p3p
CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control
max-age=38630
Connection
keep-alive
Content-Type
text/html; charset=UTF-8
Content-Length
9442
Expires
Tue, 23 Aug 2022 11:46:33 GMT
sync.php
pixel-eu.rubiconproject.com/exchange/ Frame 7352 		0
239 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel-eu.rubiconproject.com/exchange/sync.php?p=eplanning_eu&khaos=L75HG7F9-9-LNLQ
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?&p=eplanning_eu&endpoint=eu
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
69.173.144.165 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost
6f9fd0201ed801884e5299d5aabca094
Content-Type
image/gif
ecm3
s.amazon-adsystem.com/ Frame 7352
Redirect Chain
  • https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=
  • https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=&dcc=t
  • https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=uBRfswtSRL6NbuzTpCRbTA&rk=usync-na
  • https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=uBRfswtSRL6NbuzTpCRbTA
43 B
556 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=uBRfswtSRL6NbuzTpCRbTA
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?&p=eplanning_eu&endpoint=eu
Protocol
HTTP/1.1
Server
52.46.130.91 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 23 Aug 2022 01:02:44 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
DDG4RNZJ0GZXDGC0F4KX
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Location
https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=uBRfswtSRL6NbuzTpCRbTA
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
8f052d4f888ae4e0626c5f819879cacd
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
v1
ads.yahoo.com/cms/ Frame 7352
Redirect Chain
  • https://token.rubiconproject.com/token?pid=26594
  • https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=L75HG7F9-9-LNLQ&sigv=1&esig=2~14807bfde545df0a8e55a605f0c139e2d81df8ba
0
194 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=L75HG7F9-9-LNLQ&sigv=1&esig=2~14807bfde545df0a8e55a605f0c139e2d81df8ba
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?&p=eplanning_eu&endpoint=eu
Protocol
H2
Server
2a00:1288:f03d:1fa::4000 , United Kingdom, ASN10310 (YAHOO-1, US),
Reverse DNS
Software
ATS /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 01:02:43 GMT
cache-control
no-store
x-content-type-options
nosniff
server
ATS
strict-transport-security
max-age=15552000
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-xss-protection
1; mode=block

Redirect headers

Location
https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=L75HG7F9-9-LNLQ&sigv=1&esig=2~14807bfde545df0a8e55a605f0c139e2d81df8ba
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
66ef90d06496cfd000aab8206f2b6221
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
tap.php
pixel.rubiconproject.com/ Frame 7352
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc
  • https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEKP0Pzmt4hZUKKC3WZ9L3-U&google_cver=1
0
239 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEKP0Pzmt4hZUKKC3WZ9L3-U&google_cver=1
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?&p=eplanning_eu&endpoint=eu
Protocol
HTTP/1.1
Server
69.173.144.138 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost
8f052d4f888ae4e0626c5f819879cacd
Content-Type
image/gif

Redirect headers

pragma
no-cache
date
Tue, 23 Aug 2022 01:02:43 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEKP0Pzmt4hZUKKC3WZ9L3-U&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
326
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
tap.php
pixel.rubiconproject.com/ Frame 7352
Redirect Chain
  • https://token.rubiconproject.com/token?pid=2974&pt=n&a=1
  • https://pr-bh.ybp.yahoo.com/sync/rubicon/8Qud58iiTOd2dL0J9OK_dw?csrc=
  • https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=5092213599040779701
0
239 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=5092213599040779701
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?&p=eplanning_eu&endpoint=eu
Protocol
HTTP/1.1
Server
69.173.144.138 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost
8f052d4f888ae4e0626c5f819879cacd
Content-Type
image/gif

Redirect headers

date
Tue, 23 Aug 2022 01:02:43 GMT
referrer-policy
strict-origin-when-cross-origin
server
ATS
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security
max-age=31536000
location
https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=5092213599040779701
x-xss-protection
1; mode=block
content-length
0
x-content-type-options
nosniff
setuid
px.ads.linkedin.com/ Frame 7352
Redirect Chain
  • https://token.rubiconproject.com/token?pid=36584
  • https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=L75HG7F9-9-LNLQ
0
704 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=L75HG7F9-9-LNLQ
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?&p=eplanning_eu&endpoint=eu
Protocol
H2
Server
2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 01:02:43 GMT
x-li-pop
afd-prod-lva1-x
x-msedge-ref
Ref A: 78E66662C24A42CCB249712CE600A538 Ref B: FRAEDGE1118 Ref C: 2022-08-23T01:02:43Z
linkedin-action
1
x-cache
CONFIG_NOCACHE
x-li-fabric
prod-lva1
x-li-proto
http/2
content-length
0
x-li-uuid
AAXm3h8sYmi8Dqob+V9btA==

Redirect headers

Location
https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=L75HG7F9-9-LNLQ
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
4b510f0cc5fcbc9800016ef543086418
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
rubicon
match.adsrvr.org/track/cmf/ Frame 7352 		70 B
264 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.adsrvr.org/track/cmf/rubicon
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?&p=eplanning_eu&endpoint=eu
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
15.197.193.217 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a12b7a488abeaa9e4.awsglobalaccelerator.com
Software
/
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 23 Aug 2022 01:02:43 GMT
cache-control
private,no-cache, must-revalidate
x-aspnet-version
4.0.30319
content-type
image/gif
content-length
70
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
pixel
cm.g.doubleclick.net/ Frame 7352
Redirect Chain
  • https://token.rubiconproject.com/token?pid=2249&pt=n
  • https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=OTBjZmI5MDE3MTE3MGU3Y2UzYmU5YjBkM2Q4NDM5NGI1NzEyZGY1OQ
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=OTBjZmI5MDE3MTE3MGU3Y2UzYmU5YjBkM2Q4NDM5NGI1NzEyZGY1OQ
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?&p=eplanning_eu&endpoint=eu
Protocol
H3
Server
142.250.185.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s48-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 23 Aug 2022 01:02:43 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=OTBjZmI5MDE3MTE3MGU3Y2UzYmU5YjBkM2Q4NDM5NGI1NzEyZGY1OQ
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
66ef90d06496cfd000aab8206f2b6221
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
709414.gif
id.rlcdn.com/ Frame 7352 		0
98 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://id.rlcdn.com/709414.gif
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?&p=eplanning_eu&endpoint=eu
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
68.174.244.35.bc.googleusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 01:02:43 GMT
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
lotame20220804.html
s.e-planning.net/esb/4/0/1992d/823cbe91964ba8ec/ Frame C305 		627 B
544 B 		Document
General
Check archive.org
Download Go to
Full URL
https://s.e-planning.net/esb/4/0/1992d/823cbe91964ba8ec/lotame20220804.html
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
5.178.65.253 Rijswijk, Netherlands, ASN50673 (SERVERIUS-AS, NL),
Reverse DNS
i.e-planning.net
Software
openresty /
Resource Hash
30fe2b4dd3ea9446d92fa0dad1ce04ad1fb0729696ca6e04d6bfaacfb5681ed6

Request headers

Referer
https://ads.us.e-planning.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-origin
*
cache-control
max-age=157680000
content-encoding
gzip
content-type
text/html
date
Tue, 23 Aug 2022 01:02:42 GMT
etag
W/"62ec189b-273"
expires
Sun, 22 Aug 2027 01:02:42 GMT
last-modified
Thu, 04 Aug 2022 19:06:03 GMT
server
openresty
sirdata_03022021.html
s.e-planning.net/esb/4/0/1992d/bb6e7a161f794f56/ Frame C75C 		636 B
577 B 		Document
General
Check archive.org
Download Go to
Full URL
https://s.e-planning.net/esb/4/0/1992d/bb6e7a161f794f56/sirdata_03022021.html
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
5.178.65.253 Rijswijk, Netherlands, ASN50673 (SERVERIUS-AS, NL),
Reverse DNS
i.e-planning.net
Software
openresty /
Resource Hash
14d79e2cf47df339b79d25ffc6d0136e5d2e70a96b75e6782198ea6bbda3ca0a

Request headers

Referer
https://ads.us.e-planning.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-origin
*
cache-control
max-age=157680000
content-encoding
gzip
content-type
text/html
date
Tue, 23 Aug 2022 01:02:42 GMT
etag
W/"601b131c-27c"
expires
Sun, 22 Aug 2027 01:02:42 GMT
last-modified
Wed, 03 Feb 2021 21:18:20 GMT
server
openresty
sync
vid.vidoomy.com/ Frame 7A5D 		49 KB
17 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://vid.vidoomy.com/sync?gdpr={{.GDPR}}&gdpr_consent={{.GDPRConsent}}&us_privacy={{.USPrivacy}}&redirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D3ab023ac29ea5990%26fi%3D1122cdfada7bf47f%26uid%3D%7B%7BVID%7D%7D
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:6ea0:cb00::2 , United Kingdom, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software
CDN77-Turbo /
Resource Hash
acff2f7ced83945dfb1b2227c926ec6a29d4c9ef436b6cd78a0d0d7447286a09

Request headers

Referer
https://ads.us.e-planning.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-origin
*
content-encoding
br
content-type
text/html
date
Tue, 23 Aug 2022 01:02:43 GMT
etag
W/"61c991db-c5bc"
last-modified
Mon, 27 Dec 2021 10:13:47 GMT
server
CDN77-Turbo
x-77-cache
MISS
x-77-nzt
Abm0DAb0SrKh
x-77-nzt-ray
cWpcuZRaYV4
x-77-pop
viennaAT
x-accel-expires
@1662253363
x-cache
MISS
setuid
prebidserver.pixfuture.com/ Frame AD29 		0
469 B 		Document
General
Check archive.org
Download Go to
Full URL
https://prebidserver.pixfuture.com/setuid?bidder=eplanning&gdpr=&gdpr_consent=&f=b&uid=AA6PiF2-OTdaFRH2
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
137.184.242.150 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://ads.us.e-planning.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-cache, no-store, must-revalidate
content-length
0
content-type
text/html
date
Tue, 23 Aug 2022 01:02:43 GMT
expires
0
pragma
no-cache
vary
Origin
lt.min.js
tags.crwdcntrl.net/lt/c/15238/ Frame C305 		49 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.crwdcntrl.net/lt/c/15238/lt.min.js
Requested by
Host: s.e-planning.net
URL: https://s.e-planning.net/esb/4/0/1992d/823cbe91964ba8ec/lotame20220804.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.97.88 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-97-88.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
9466e9e7baf16cf5f9f787bec7685504c8c228cab66a7d871983d223c67a1ade

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s.e-planning.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 22 Aug 2022 11:54:21 GMT
content-encoding
gzip
etag
W/"fdcd13007d5be3c218bd461a6aad998b"
last-modified
Wed, 03 Aug 2022 18:30:08 GMT
server
AmazonS3
age
47303
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/javascript
via
1.1 03ffca0f67e3596b9a0c92342fe91598.cloudfront.net (CloudFront)
cache-control
max-age: 86400
x-amz-cf-pop
FRA56-P2
x-amz-cf-id
p2SeLqZx-OYHVSTGD4AQC6fhlw1ARCsGtEJ9lGQ7_-Kdtbuu8SaHzw==
GS.d
js.cookieless-data.com/ Frame C75C 		0
535 B 		Script
General
Check archive.org
Download Go to
Full URL
https://js.cookieless-data.com/GS.d?pa=24492&cmp=0&si=1&u=https%3A%2F%2Fs.e-planning.net%2Fesb%2F4%2F0%2F1992d%2Fbb6e7a161f794f56%2Fsirdata_03022021.html&r=https%3A%2F%2Fads.us.e-planning.net%2F&s=&rand=1661216563606
Requested by
Host: s.e-planning.net
URL: https://s.e-planning.net/esb/4/0/1992d/bb6e7a161f794f56/sirdata_03022021.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
51.15.145.115 Paris, France, ASN12876 (Online SAS, FR),
Reverse DNS
51-15-145-115.rev.poneytelecom.eu
Software
nginx/1.20.2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains; preload
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s.e-planning.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 23 Aug 2022 01:02:43 GMT
Server
nginx/1.20.2
Strict-Transport-Security
max-age=15724800; includeSubDomains; preload
P3p
CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
*
Cache-Control
no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
Cross-Origin-Resource-Policy
cross-origin
Connection
keep-alive
Content-Length
0
X-Xss-Protection
0
Expires
Tue, 01 Jan 2000 00:00:00 GMT
optimus_rules.json
tags.crwdcntrl.net/lt/c/15238/ Frame C305 		155 B
641 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://tags.crwdcntrl.net/lt/c/15238/optimus_rules.json
Requested by
Host: tags.crwdcntrl.net
URL: https://tags.crwdcntrl.net/lt/c/15238/lt.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.97.88 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-97-88.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
1b92260a400bea230772ccfff1953fbe65deeb30da1a8aa146342d20833f24ff

Request headers

Referer
https://s.e-planning.net/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Tue, 23 Aug 2022 00:05:23 GMT
via
1.1 9015971351bc982a04ee209a022bb1f8.cloudfront.net (CloudFront)
age
3441
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
155
last-modified
Wed, 03 Aug 2022 18:30:08 GMT
server
AmazonS3
etag
"1a1722e9cedbdc8af0dcd3345e46c73a"
vary
Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
access-control-allow-methods
GET
content-type
application/json
access-control-allow-origin
*
cache-control
max-age: 86400
x-amz-cf-pop
FRA56-P2
accept-ranges
bytes
x-amz-cf-id
L2Zx5XGpMurmqjaiq3MyVhGY5dz_Tx4WPQEnuCmN6NE-WWTU-Z946g==
data
bcp.crwdcntrl.net/6/ Frame C305 		20 B
306 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://bcp.crwdcntrl.net/6/data
Requested by
Host: tags.crwdcntrl.net
URL: https://tags.crwdcntrl.net/lt/c/15238/lt.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.216.202.57 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-216-202-57.eu-west-1.compute.amazonaws.com
Software
Jetty(9.4.38.v20210224) /
Resource Hash
ab612e26357285522cbacea29b729bfdff3b7342c75ee9438ab83a27ce4b297e

Request headers

Referer
https://s.e-planning.net/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Tue, 23 Aug 2022 01:02:43 GMT
server
Jetty(9.4.38.v20210224)
p3p
CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin
https://s.e-planning.net
expires
0
cache-control
no-cache
x-server
10.45.4.6
access-control-allow-credentials
true
content-type
application/json;charset=utf-8
content-length
20
x-consent
absent
um
u-ams02.e-planning.net/ Frame 7A5D 		42 B
103 B 		Document
General
Check archive.org
Download Go to
Full URL
https://u-ams02.e-planning.net/um?dc=3ab023ac29ea5990&fi=1122cdfada7bf47f&uid=a6f37f0123013099a595be2217fc435a
Requested by
Host: vid.vidoomy.com
URL: https://vid.vidoomy.com/sync?gdpr={{.GDPR}}&gdpr_consent={{.GDPRConsent}}&us_privacy={{.USPrivacy}}&redirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D3ab023ac29ea5990%26fi%3D1122cdfada7bf47f%26uid%3D%7B%7BVID%7D%7D
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
46.249.52.248 Amsterdam, Netherlands, ASN50673 (SERVERIUS-AS, NL),
Reverse DNS
ads.us.e-planning.net
Software
openresty /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
https://vid.vidoomy.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-type
image/gif
date
Tue, 23 Aug 2022 01:02:45 GMT
server
openresty
show_ads.js
pagead2.googlesyndication.com/pagead/ Frame 295F 		0
0
tracking.php
served-by.pixfuture.com/www/headerbid/library/tracking/ 		0
309 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://served-by.pixfuture.com/www/headerbid/library/tracking/tracking.php
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

pragma
no-cache
date
Tue, 23 Aug 2022 01:02:45 GMT
server
nginx/1.10.3 (Ubuntu)
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
cache-control
max-age=172800
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
expires
Thu, 25 Aug 2022 01:02:45 GMT
show_ads.js
pagead2.googlesyndication.com/pagead/ Frame 2A1A 		116 KB
39 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/show_ads.js
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
7a6e5c7785b3c9d3032fa6252696214127c545c808875ae8baa950f558e84590
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 01:02:45 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
40219
x-xss-protection
0
server
cafe
etag
5643722731050657219
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Tue, 23 Aug 2022 01:02:45 GMT
tracking.php
served-by.pixfuture.com/www/headerbid/library/tracking/ 		0
309 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://served-by.pixfuture.com/www/headerbid/library/tracking/tracking.php
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

pragma
no-cache
date
Tue, 23 Aug 2022 01:02:45 GMT
server
nginx/1.10.3 (Ubuntu)
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
cache-control
max-age=172800
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
expires
Thu, 25 Aug 2022 01:02:45 GMT
show_ads.js
pagead2.googlesyndication.com/pagead/ Frame 51B7 		116 KB
39 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/show_ads.js
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
75a340a51e6c6ca7451e8ea493becbbffbcf4513e58913dd38a46579ee8b6e7c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 01:02:45 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
40235
x-xss-protection
0
server
cafe
etag
9308421341338581908
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Tue, 23 Aug 2022 01:02:45 GMT
tracking.php
served-by.pixfuture.com/www/headerbid/library/tracking/ 		0
309 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://served-by.pixfuture.com/www/headerbid/library/tracking/tracking.php
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

pragma
no-cache
date
Tue, 23 Aug 2022 01:02:45 GMT
server
nginx/1.10.3 (Ubuntu)
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
cache-control
max-age=172800
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
expires
Thu, 25 Aug 2022 01:02:45 GMT
show_ads.js
pagead2.googlesyndication.com/pagead/ Frame 9759 		116 KB
39 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/show_ads.js
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
65cbd405e45281920679a4be1ac6506fef1cc419c633b89c0c234b7e2c0b3b1a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 01:02:45 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
40225
x-xss-protection
0
server
cafe
etag
13048465923775911543
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Tue, 23 Aug 2022 01:02:45 GMT
tracking.php
served-by.pixfuture.com/www/headerbid/library/tracking/ 		0
309 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://served-by.pixfuture.com/www/headerbid/library/tracking/tracking.php
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

pragma
no-cache
date
Tue, 23 Aug 2022 01:02:45 GMT
server
nginx/1.10.3 (Ubuntu)
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
cache-control
max-age=172800
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
expires
Thu, 25 Aug 2022 01:02:45 GMT
show_ads_impl_fy2021.js
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202208160101/ Frame 2A1A 		341 KB
120 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202208160101/show_ads_impl_fy2021.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/show_ads.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
69c1440941c7c1d846fa0d95daf05ad956cfa5dbadaff50fcf06c80494a8b45c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 01:02:45 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
122620
x-xss-protection
0
server
cafe
etag
6146412316317134178
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=1209600
timing-allow-origin
*
expires
Tue, 23 Aug 2022 01:02:45 GMT
show_ads_impl_fy2021.js
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202208180101/ Frame 51B7 		342 KB
120 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202208180101/show_ads_impl_fy2021.js?bust=31069050
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/show_ads.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
b0594d2080de4b628c3ea7e0f143b591e266b111b7d5f676147b7968041988d2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 01:02:45 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
122957
x-xss-protection
0
server
cafe
etag
13962048342843959174
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=1209600
timing-allow-origin
*
expires
Tue, 23 Aug 2022 01:02:45 GMT
show_ads_impl_fy2021.js
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202208170101/ Frame 9759 		341 KB
120 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202208170101/show_ads_impl_fy2021.js?bust=31069049
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/show_ads.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
4c8e9154733dee9585a977d6d5f316eccd55234b59b53da37e9070900c4aece1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 01:02:45 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
122731
x-xss-protection
0
server
cafe
etag
114821966349153296
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=1209600
timing-allow-origin
*
expires
Tue, 23 Aug 2022 01:02:45 GMT
cookie.js
partner.googleadservices.com/gampad/ Frame 2A1A 		403 B
701 B 		Script
General
Check archive.org
Download Go to
Full URL
https://partner.googleadservices.com/gampad/cookie.js?domain=securityaffairs.co&callback=_gfp_s_&client=ca-pub-1575911585432548&gpid_exp=1
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202208160101/show_ads_impl_fy2021.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s06-in-f2.1e100.net
Software
cafe /
Resource Hash
dbf2b89e67e65dff8b280e7388709c16e5bc69480dd71f551a68f807a7916fa3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 01:02:45 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type
text/javascript; charset=UTF-8
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
256
x-xss-protection
0
integrator.js
adservice.google.ru/adsid/ Frame 2A1A 		107 B
792 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.ru/adsid/integrator.js?domain=securityaffairs.co
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202208160101/show_ads_impl_fy2021.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

timing-allow-origin
*
date
Tue, 23 Aug 2022 01:02:46 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ Frame 2A1A 		107 B
549 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=securityaffairs.co
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202208160101/show_ads_impl_fy2021.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

timing-allow-origin
*
date
Tue, 23 Aug 2022 01:02:45 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
afr.php
served-by.pixfuture.com/www/delivery/ Frame 99D8
Redirect Chain
  • https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=90&slotname=Internal_728x90_0.10&adk=1194620937&adf=1480696134&pi=t.ma~as.Internal_728x90_0.10&w=728&lmt=...
  • https://served-by.pixfuture.com/www/delivery/afr.php
1 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://served-by.pixfuture.com/www/delivery/afr.php
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202208160101/show_ads_impl_fy2021.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
64c41a6752147d6209ab9377bd28d1970be83a0a8d8617dfa4ea8dddf0516194

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
cache-control
max-age=172800 public, no-transform
content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Tue, 23 Aug 2022 01:02:46 GMT
expires
Thu, 25 Aug 2022 01:02:46 GMT
pragma
no-cache
server
nginx/1.10.3 (Ubuntu)
vary
Accept-Encoding

Redirect headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-encoding
br
content-length
46
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Tue, 23 Aug 2022 01:02:46 GMT
location
https://served-by.pixfuture.com/www/delivery/afr.php
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
cookie.js
partner.googleadservices.com/gampad/ Frame 51B7 		403 B
282 B 		Script
General
Check archive.org
Download Go to
Full URL
https://partner.googleadservices.com/gampad/cookie.js?domain=securityaffairs.co&callback=_gfp_s_&client=ca-pub-1575911585432548&gpid_exp=1
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202208180101/show_ads_impl_fy2021.js?bust=31069050
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s06-in-f2.1e100.net
Software
cafe /
Resource Hash
0cc22b1a9c13fecfd7c08e50f7b239a00e0af8252f7fb209a1ab4d2be91639b2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 01:02:45 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type
text/javascript; charset=UTF-8
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
260
x-xss-protection
0
integrator.js
adservice.google.ru/adsid/ Frame 51B7 		107 B
165 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.ru/adsid/integrator.js?domain=securityaffairs.co
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202208180101/show_ads_impl_fy2021.js?bust=31069050
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

timing-allow-origin
*
date
Tue, 23 Aug 2022 01:02:46 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ Frame 51B7 		107 B
165 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=securityaffairs.co
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202208180101/show_ads_impl_fy2021.js?bust=31069050
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

timing-allow-origin
*
date
Tue, 23 Aug 2022 01:02:45 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
afr.php
served-by.pixfuture.com/www/delivery/ Frame 4FDA
Redirect Chain
  • https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=50&slotname=Internal_320x50_0.10&adk=468307373&adf=1480696135&pi=t.ma~as.Internal_320x50_0.10&w=320&lmt=1...
  • https://served-by.pixfuture.com/www/delivery/afr.php
1 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://served-by.pixfuture.com/www/delivery/afr.php
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202208180101/show_ads_impl_fy2021.js?bust=31069050
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
64c41a6752147d6209ab9377bd28d1970be83a0a8d8617dfa4ea8dddf0516194

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
cache-control
max-age=172800 public, no-transform
content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Tue, 23 Aug 2022 01:02:46 GMT
expires
Thu, 25 Aug 2022 01:02:46 GMT
pragma
no-cache
server
nginx/1.10.3 (Ubuntu)
vary
Accept-Encoding

Redirect headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-encoding
br
content-length
46
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Tue, 23 Aug 2022 01:02:46 GMT
location
https://served-by.pixfuture.com/www/delivery/afr.php
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
cookie.js
partner.googleadservices.com/gampad/ Frame 9759 		403 B
278 B 		Script
General
Check archive.org
Download Go to
Full URL
https://partner.googleadservices.com/gampad/cookie.js?domain=securityaffairs.co&callback=_gfp_s_&client=ca-pub-1575911585432548&gpid_exp=1
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202208170101/show_ads_impl_fy2021.js?bust=31069049
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s06-in-f2.1e100.net
Software
cafe /
Resource Hash
790b19d3740e2c198ad12fb6ab8318f9bbe84dc40296df54139a3b14df4bfb09
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 01:02:46 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type
text/javascript; charset=UTF-8
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
256
x-xss-protection
0
integrator.js
adservice.google.ru/adsid/ Frame 9759 		107 B
165 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.ru/adsid/integrator.js?domain=securityaffairs.co
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202208170101/show_ads_impl_fy2021.js?bust=31069049
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

timing-allow-origin
*
date
Tue, 23 Aug 2022 01:02:46 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ Frame 9759 		107 B
122 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=securityaffairs.co
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202208170101/show_ads_impl_fy2021.js?bust=31069049
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

timing-allow-origin
*
date
Tue, 23 Aug 2022 01:02:46 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
afr.php
served-by.pixfuture.com/www/delivery/ Frame B0D0
Redirect Chain
  • https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=250&slotname=Internal_300x250_0.10&adk=1639670682&adf=1480696132&pi=t.ma~as.Internal_300x250_0._&w=300&lm...
  • https://served-by.pixfuture.com/www/delivery/afr.php
1 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://served-by.pixfuture.com/www/delivery/afr.php
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202208170101/show_ads_impl_fy2021.js?bust=31069049
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
64c41a6752147d6209ab9377bd28d1970be83a0a8d8617dfa4ea8dddf0516194

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
cache-control
max-age=172800 public, no-transform
content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Tue, 23 Aug 2022 01:02:46 GMT
expires
Thu, 25 Aug 2022 01:02:46 GMT
pragma
no-cache
server
nginx/1.10.3 (Ubuntu)
vary
Accept-Encoding

Redirect headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-encoding
br
content-length
46
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Tue, 23 Aug 2022 01:02:46 GMT
location
https://served-by.pixfuture.com/www/delivery/afr.php
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
sodar
pagead2.googlesyndication.com/getconfig/ Frame 2A1A 		14 KB
11 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20220818&st=env
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202208160101/show_ads_impl_fy2021.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
8912643221148beed308d86d716e3df63f21c4bad323837a3186406f411fab8e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

timing-allow-origin
*
date
Tue, 23 Aug 2022 01:02:46 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
11077
x-xss-protection
0
sodar
pagead2.googlesyndication.com/getconfig/ Frame 51B7 		14 KB
11 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20220818&st=env
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202208180101/show_ads_impl_fy2021.js?bust=31069050
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
7b3441c3bc50c1d74fb5eadbe331d12884e80a6b13f185f2f9a65321aef8c488
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

timing-allow-origin
*
date
Tue, 23 Aug 2022 01:02:46 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
10957
x-xss-protection
0
sodar
pagead2.googlesyndication.com/getconfig/ Frame 9759 		14 KB
11 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20220818&st=env
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202208170101/show_ads_impl_fy2021.js?bust=31069049
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9195f44cc3e67293be8769489ccc1a83e6b9b4129b4e26641ea88990ba5e2eec
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

timing-allow-origin
*
date
Tue, 23 Aug 2022 01:02:46 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
11056
x-xss-protection
0
sodar2.js
tpc.googlesyndication.com/sodar/ Frame 51B7 		17 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202208180101/show_ads_impl_fy2021.js?bust=31069050
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 01:02:46 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6386
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
etag
"1637097310169751"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Tue, 23 Aug 2022 01:02:46 GMT
sodar2.js
tpc.googlesyndication.com/sodar/ Frame 2A1A 		17 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202208160101/show_ads_impl_fy2021.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 01:02:46 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6386
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
etag
"1637097310169751"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Tue, 23 Aug 2022 01:02:46 GMT
sodar2.js
tpc.googlesyndication.com/sodar/ Frame 9759 		17 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202208170101/show_ads_impl_fy2021.js?bust=31069049
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 01:02:46 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6386
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
etag
"1637097310169751"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Tue, 23 Aug 2022 01:02:46 GMT
runner.html
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 36D3 		13 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
17244
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
5046
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Mon, 22 Aug 2022 20:15:22 GMT
expires
Tue, 22 Aug 2023 20:15:22 GMT
last-modified
Mon, 21 Jun 2021 20:47:05 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
aframe
www.google.com/recaptcha/api2/ Frame 6AAC 		783 B
742 B 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/aframe
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
3d85875a1e53af8d9e6ea3c3bf25ff4fe8dc1eb5bcaeb44b2fcc85a9bc47c996
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-x_s3PdHA4BH_iSq4ZygoYw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
private, max-age=300
content-encoding
gzip
content-length
513
content-security-policy
script-src 'report-sample' 'nonce-x_s3PdHA4BH_iSq4ZygoYw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Tue, 23 Aug 2022 01:02:46 GMT
expires
Tue, 23 Aug 2022 01:02:46 GMT
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server
GSE
x-content-type-options
nosniff
x-xss-protection
1; mode=block
runner.html
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 54D6 		13 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
17244
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
5046
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Mon, 22 Aug 2022 20:15:22 GMT
expires
Tue, 22 Aug 2023 20:15:22 GMT
last-modified
Mon, 21 Jun 2021 20:47:05 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
aframe
www.google.com/recaptcha/api2/ Frame 4B0B 		783 B
740 B 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/aframe
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
006f93e4ee649b3b71423525ea6e839493b340c885dd87d15d438f22c208e4e9
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-IDkyJJ0EA-XJGs1nnLhnXw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
private, max-age=300
content-encoding
gzip
content-length
512
content-security-policy
script-src 'report-sample' 'nonce-IDkyJJ0EA-XJGs1nnLhnXw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Tue, 23 Aug 2022 01:02:46 GMT
expires
Tue, 23 Aug 2022 01:02:46 GMT
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server
GSE
x-content-type-options
nosniff
x-xss-protection
1; mode=block
runner.html
tpc.googlesyndication.com/sodar/sodar2/225/ Frame CCBE 		13 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
17244
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
5046
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Mon, 22 Aug 2022 20:15:22 GMT
expires
Tue, 22 Aug 2023 20:15:22 GMT
last-modified
Mon, 21 Jun 2021 20:47:05 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
aframe
www.google.com/recaptcha/api2/ Frame 8FDF 		783 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/aframe
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
1735fe61d2a5eeb6e73ec0a4c847287023223fe07161e86981a50edb60313128
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-3sBua2YzBIP-kGw5Dxp2LA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
private, max-age=300
content-encoding
gzip
content-length
514
content-security-policy
script-src 'report-sample' 'nonce-3sBua2YzBIP-kGw5Dxp2LA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Tue, 23 Aug 2022 01:02:46 GMT
expires
Tue, 23 Aug 2022 01:02:46 GMT
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server
GSE
x-content-type-options
nosniff
x-xss-protection
1; mode=block
8Oc7qVgGezqJSgjjaaCdJlEAdJIIw0tPZxYDqe1tkXI.js
pagead2.googlesyndication.com/bg/ Frame 54D6 		36 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/8Oc7qVgGezqJSgjjaaCdJlEAdJIIw0tPZxYDqe1tkXI.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f0e73ba958067b3a894a08e369a09d265100749208c34b4f671603a9ed6d9172
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Sun, 21 Aug 2022 19:04:38 GMT
content-encoding
br
x-content-type-options
nosniff
age
107888
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
14092
x-xss-protection
0
last-modified
Mon, 15 Aug 2022 08:48:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Mon, 21 Aug 2023 19:04:38 GMT
sodar
pagead2.googlesyndication.com/pagead/ Frame 8FDF 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20220818&jk=419439792104956&rc=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers
sodar
pagead2.googlesyndication.com/pagead/ Frame 4B0B 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20220818&jk=491855753043038&rc=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers
8Oc7qVgGezqJSgjjaaCdJlEAdJIIw0tPZxYDqe1tkXI.js
pagead2.googlesyndication.com/bg/ Frame CCBE 		36 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/8Oc7qVgGezqJSgjjaaCdJlEAdJIIw0tPZxYDqe1tkXI.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f0e73ba958067b3a894a08e369a09d265100749208c34b4f671603a9ed6d9172
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Sun, 21 Aug 2022 19:04:38 GMT
content-encoding
br
x-content-type-options
nosniff
age
107888
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
14092
x-xss-protection
0
last-modified
Mon, 15 Aug 2022 08:48:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Mon, 21 Aug 2023 19:04:38 GMT
sodar
pagead2.googlesyndication.com/pagead/ Frame 6AAC 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20220818&jk=1116817671410710&rc=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers
8Oc7qVgGezqJSgjjaaCdJlEAdJIIw0tPZxYDqe1tkXI.js
pagead2.googlesyndication.com/bg/ Frame 36D3 		36 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/8Oc7qVgGezqJSgjjaaCdJlEAdJIIw0tPZxYDqe1tkXI.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f0e73ba958067b3a894a08e369a09d265100749208c34b4f671603a9ed6d9172
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Sun, 21 Aug 2022 19:04:38 GMT
content-encoding
br
x-content-type-options
nosniff
age
107888
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
14092
x-xss-protection
0
last-modified
Mon, 15 Aug 2022 08:48:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Mon, 21 Aug 2023 19:04:38 GMT
generate_204
tpc.googlesyndication.com/ Frame 54D6 		0
10 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/generate_204?FL4A1g
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 01:02:46 GMT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
generate_204
tpc.googlesyndication.com/ Frame 36D3 		0
10 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/generate_204?JkZAkg
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 01:02:46 GMT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
generate_204
tpc.googlesyndication.com/ Frame CCBE 		0
10 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/generate_204?Uwi1DA
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 01:02:46 GMT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
checksync.php
contextual.media.net/ Frame 6BEC 		23 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUIUMTP7&prvid=2034%2C2033%2C2031%2C2030%2C273%2C2029%2C233%2C2028%2C2027%2C236%2C2025%2C237%2C117%2C238%2C359%2C97%2C55%2C99%2C2045%2C3012%2C2043%2C3010%2C244%2C201%2C3007%2C246%2C4%2C203%2C9%2C2011%2C3022%2C172%2C3020%2C173%2C251%2C175%2C2009%2C178%2C3018%2C3017%2C214%2C3016%2C336%2C3014%2C337%2C338%2C70%2C77%2C38%2C261%2C141%2C222%2C301%2C225%2C10000%2C80%2C108%2C229&itype=PREBID&purpose1=1&gdprconsent=0&gdpr=1&coppa=0&usp_status=0&usp_consent=1
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
92.123.38.97 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a92-123-38-97.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
8f94dff235b65488e759488b869b0000a2a17bf9e13f184289795e2ff65a803c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
max-age=91915
content-encoding
gzip
content-length
8304
content-type
text/html; charset=UTF-8
date
Tue, 23 Aug 2022 01:02:46 GMT
expires
Wed, 24 Aug 2022 02:34:41 GMT
server
Apache
strict-transport-security
max-age=31536000
vary
Accept-Encoding
x-mnet-hl2
E
async_usersync.html
acdn.adnxs.com/dmp/ Frame A9B3 		52 KB
17 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://acdn.adnxs.com/dmp/async_usersync.html
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.193.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Access-Control-Allow-Origin
*
Age
72875
Cache-Control
max-age=86402
Connection
keep-alive
Content-Encoding
gzip
Content-Length
17053
Content-Type
text/html
Date
Tue, 23 Aug 2022 01:02:46 GMT
ETag
W/"623de86a-cf34"
Expires
Wed, 03 Aug 2022 04:41:10 GMT
Last-Modified
Fri, 25 Mar 2022 16:06:02 GMT
Server
nginx/1.18.0 (Ubuntu)
Vary
Accept-Encoding
Via
1.1 varnish, 1.1 varnish
X-Cache
HIT, HIT
X-Cache-Hits
1, 1010761
X-Served-By
cache-lga21925-LGA, cache-hhn4072-HHN
X-Timer
S1661216567.831606,VS0,VE0
async_usersync.html
acdn.adnxs.com/dmp/ Frame 1118 		52 KB
17 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://acdn.adnxs.com/dmp/async_usersync.html
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.193.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Access-Control-Allow-Origin
*
Age
72875
Cache-Control
max-age=86402
Connection
keep-alive
Content-Encoding
gzip
Content-Length
17053
Content-Type
text/html
Date
Tue, 23 Aug 2022 01:02:46 GMT
ETag
W/"623de86a-cf34"
Expires
Wed, 03 Aug 2022 04:41:10 GMT
Last-Modified
Fri, 25 Mar 2022 16:06:02 GMT
Server
nginx/1.18.0 (Ubuntu)
Vary
Accept-Encoding
Via
1.1 varnish, 1.1 varnish
X-Cache
HIT, HIT
X-Cache-Hits
1, 1007951
X-Served-By
cache-lga21925-LGA, cache-hhn4028-HHN
X-Timer
S1661216567.832126,VS0,VE0
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 2553 		15 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.47.208.212 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-47-208-212.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
cache-control
max-age=88773
content-encoding
gzip
content-length
5549
content-type
text/html; charset=UTF-8
date
Tue, 23 Aug 2022 01:02:46 GMT
etag
"1300708-3de4-5d6ef246ef4cf"
expires
Wed, 24 Aug 2022 01:42:19 GMT
last-modified
Tue, 01 Feb 2022 06:38:00 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
Apache
vary
Accept-Encoding
pd
u.openx.net/w/1.0/ Frame 671F 		0
91 B 		Document
General
Check archive.org
Download Go to
Full URL
https://u.openx.net/w/1.0/pd
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
8.159.244.35.bc.googleusercontent.com
Software
OXGW/0.0.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding
gzip
content-length
20
content-type
text/html
date
Tue, 23 Aug 2022 01:02:46 GMT
server
OXGW/0.0.0
vary
Accept, Accept-Encoding
via
1.1 google
check.html
biddr.brealtime.com/ Frame B192 		926 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://biddr.brealtime.com/check.html
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.17.120.107 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
868a78df4f3d0a21f89c48ccc709df44d3875f5fb33e22bf51ca8b5c28be4202

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Age
3925
CF-Cache-Status
HIT
CF-RAY
73efecb6b9dd994b-FRA
Cache-Control
public, max-age=3600
Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html
Date
Tue, 23 Aug 2022 01:02:46 GMT
Expect-CT
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Expires
Tue, 23 Aug 2022 02:02:46 GMT
Last-Modified
Tue, 08 Sep 2020 13:51:51 GMT
Server
cloudflare
Transfer-Encoding
chunked
Vary
Accept-Encoding
x-amz-id-2
D8bCfiUfQmFaOPGY9GG00VqkPR8LyxoPPUMDv8kTzcs2w4+RBsqydpo2MRUbL19ONaisLRL7BCw=
x-amz-request-id
AGCHCGNC05GTWZVJ
checksync.php
contextual.media.net/ Frame 1938 		23 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUIUMTP7&prvid=2034%2C2033%2C2031%2C2030%2C273%2C2029%2C233%2C2028%2C2027%2C236%2C2025%2C237%2C117%2C238%2C359%2C97%2C55%2C99%2C2045%2C3012%2C2043%2C3010%2C244%2C201%2C3007%2C246%2C4%2C203%2C9%2C2011%2C3022%2C172%2C3020%2C173%2C251%2C175%2C2009%2C178%2C3018%2C3017%2C214%2C3016%2C336%2C3014%2C337%2C338%2C70%2C77%2C38%2C261%2C141%2C222%2C301%2C225%2C10000%2C80%2C108%2C229&itype=PREBID&purpose1=1&gdprconsent=0&gdpr=1&coppa=0&usp_status=0&usp_consent=1
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
92.123.38.97 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a92-123-38-97.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
8f94dff235b65488e759488b869b0000a2a17bf9e13f184289795e2ff65a803c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
max-age=91915
content-encoding
gzip
content-length
8304
content-type
text/html; charset=UTF-8
date
Tue, 23 Aug 2022 01:02:46 GMT
expires
Wed, 24 Aug 2022 02:34:41 GMT
server
Apache
strict-transport-security
max-age=31536000
vary
Accept-Encoding
x-mnet-hl2
E
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame F576 		15 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.47.208.212 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-47-208-212.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
cache-control
max-age=88773
content-encoding
gzip
content-length
5549
content-type
text/html; charset=UTF-8
date
Tue, 23 Aug 2022 01:02:46 GMT
etag
"1300708-3de4-5d6ef246ef4cf"
expires
Wed, 24 Aug 2022 01:42:19 GMT
last-modified
Tue, 01 Feb 2022 06:38:00 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
Apache
vary
Accept-Encoding
check.html
biddr.brealtime.com/ Frame 887C 		926 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://biddr.brealtime.com/check.html
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.17.120.107 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
868a78df4f3d0a21f89c48ccc709df44d3875f5fb33e22bf51ca8b5c28be4202

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Age
1333
CF-Cache-Status
HIT
CF-RAY
73efecb6b9a69183-FRA
Cache-Control
public, max-age=3600
Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html
Date
Tue, 23 Aug 2022 01:02:46 GMT
Expect-CT
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Expires
Tue, 23 Aug 2022 02:02:46 GMT
Last-Modified
Tue, 08 Sep 2020 13:51:51 GMT
Server
cloudflare
Transfer-Encoding
chunked
Vary
Accept-Encoding
x-amz-id-2
THBBha14TFKejWVop+slac2Gat7v7s2Fu4JGgxBkG9B75xNQjO1mn/icIaXCsUesNFddupQ0giY=
x-amz-request-id
15DG7FS62Q387667
/
ssc-cms.33across.com/ps/ Frame D4BE 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://ssc-cms.33across.com/ps/?m=xch&rt=html&ru=deb&id=azC7qard4r6OkMaKlId8sQ&gdpr_consent=undefined&us_privacy=undefined
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
67.202.105.22 , United States, ASN32748 (STEADFAST, US),
Reverse DNS
ip22.67-202-105.static.steadfastdns.net
Software
33XP004 /
Resource Hash

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

date
Tue, 23 Aug 2022 01:02:48 GMT
server
33XP004
x-33x-status
2000208
check.html
biddr.brealtime.com/ Frame 43DB 		926 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://biddr.brealtime.com/check.html
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.17.120.107 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
868a78df4f3d0a21f89c48ccc709df44d3875f5fb33e22bf51ca8b5c28be4202

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Age
1333
CF-Cache-Status
HIT
CF-RAY
73efecb6bb159b86-FRA
Cache-Control
public, max-age=3600
Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html
Date
Tue, 23 Aug 2022 01:02:46 GMT
Expect-CT
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Expires
Tue, 23 Aug 2022 02:02:46 GMT
Last-Modified
Tue, 08 Sep 2020 13:51:51 GMT
Server
cloudflare
Transfer-Encoding
chunked
Vary
Accept-Encoding
x-amz-id-2
THBBha14TFKejWVop+slac2Gat7v7s2Fu4JGgxBkG9B75xNQjO1mn/icIaXCsUesNFddupQ0giY=
x-amz-request-id
15DG7FS62Q387667
pd
u.openx.net/w/1.0/ Frame 48AB 		0
80 B 		Document
General
Check archive.org
Download Go to
Full URL
https://u.openx.net/w/1.0/pd
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
8.159.244.35.bc.googleusercontent.com
Software
OXGW/0.0.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding
gzip
content-length
20
content-type
text/html
date
Tue, 23 Aug 2022 01:02:46 GMT
server
OXGW/0.0.0
vary
Accept, Accept-Encoding
via
1.1 google
async_usersync.html
acdn.adnxs.com/dmp/ Frame 0CE3 		52 KB
17 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://acdn.adnxs.com/dmp/async_usersync.html
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.193.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Access-Control-Allow-Origin
*
Age
72875
Cache-Control
max-age=86402
Connection
keep-alive
Content-Encoding
gzip
Content-Length
17053
Content-Type
text/html
Date
Tue, 23 Aug 2022 01:02:46 GMT
ETag
W/"623de86a-cf34"
Expires
Wed, 03 Aug 2022 04:41:10 GMT
Last-Modified
Fri, 25 Mar 2022 16:06:02 GMT
Server
nginx/1.18.0 (Ubuntu)
Vary
Accept-Encoding
Via
1.1 varnish, 1.1 varnish
X-Cache
HIT, HIT
X-Cache-Hits
1, 1010762
X-Served-By
cache-lga21925-LGA, cache-hhn4072-HHN
X-Timer
S1661216567.831823,VS0,VE0
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 3937 		15 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.47.208.212 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-47-208-212.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
cache-control
max-age=88773
content-encoding
gzip
content-length
5549
content-type
text/html; charset=UTF-8
date
Tue, 23 Aug 2022 01:02:46 GMT
etag
"1300708-3de4-5d6ef246ef4cf"
expires
Wed, 24 Aug 2022 01:42:19 GMT
last-modified
Tue, 01 Feb 2022 06:38:00 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
Apache
vary
Accept-Encoding
check.html
biddr.brealtime.com/ Frame 3157 		926 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://biddr.brealtime.com/check.html
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.17.120.107 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
868a78df4f3d0a21f89c48ccc709df44d3875f5fb33e22bf51ca8b5c28be4202

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Age
1333
CF-Cache-Status
HIT
CF-RAY
73efecb6bf7a9124-FRA
Cache-Control
public, max-age=3600
Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html
Date
Tue, 23 Aug 2022 01:02:46 GMT
Expect-CT
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Expires
Tue, 23 Aug 2022 02:02:46 GMT
Last-Modified
Tue, 08 Sep 2020 13:51:51 GMT
Server
cloudflare
Transfer-Encoding
chunked
Vary
Accept-Encoding
x-amz-id-2
THBBha14TFKejWVop+slac2Gat7v7s2Fu4JGgxBkG9B75xNQjO1mn/icIaXCsUesNFddupQ0giY=
x-amz-request-id
15DG7FS62Q387667
checksync.php
contextual.media.net/ Frame 3031 		23 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUIUMTP7&prvid=2034%2C2033%2C2031%2C2030%2C273%2C2029%2C233%2C2028%2C2027%2C236%2C2025%2C237%2C117%2C238%2C359%2C97%2C55%2C99%2C2045%2C3012%2C2043%2C3010%2C244%2C201%2C3007%2C246%2C4%2C203%2C9%2C2011%2C3022%2C172%2C3020%2C173%2C251%2C175%2C2009%2C178%2C3018%2C3017%2C214%2C3016%2C336%2C3014%2C337%2C338%2C70%2C77%2C38%2C261%2C141%2C222%2C301%2C225%2C10000%2C80%2C108%2C229&itype=PREBID&purpose1=1&gdprconsent=0&gdpr=1&coppa=0&usp_status=0&usp_consent=1
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
92.123.38.97 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a92-123-38-97.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
8f94dff235b65488e759488b869b0000a2a17bf9e13f184289795e2ff65a803c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
max-age=91915
content-encoding
gzip
content-length
8304
content-type
text/html; charset=UTF-8
date
Tue, 23 Aug 2022 01:02:46 GMT
expires
Wed, 24 Aug 2022 02:34:41 GMT
server
Apache
strict-transport-security
max-age=31536000
vary
Accept-Encoding
x-mnet-hl2
E
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 19A7 		15 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.47.208.212 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-47-208-212.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
cache-control
max-age=88773
content-encoding
gzip
content-length
5549
content-type
text/html; charset=UTF-8
date
Tue, 23 Aug 2022 01:02:46 GMT
etag
"1300708-3de4-5d6ef246ef4cf"
expires
Wed, 24 Aug 2022 01:42:19 GMT
last-modified
Tue, 01 Feb 2022 06:38:00 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
Apache
vary
Accept-Encoding
usync.html
eus.rubiconproject.com/ Frame 58FB 		281 B
554 B 		Document
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.html
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
92.123.9.160 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a92-123-9-160.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Connection
keep-alive
Content-Encoding
gzip
Content-Length
233
Content-Type
text/html; charset=UTF-8
Date
Tue, 23 Aug 2022 01:02:46 GMT
ETag
"40014-119-5d32342a551c0"
Last-Modified
Tue, 14 Dec 2021 23:07:59 GMT
Server
Apache/2.2.15 (CentOS)
Vary
Accept-Encoding
pd
u.openx.net/w/1.0/ Frame 84AF 		0
80 B 		Document
General
Check archive.org
Download Go to
Full URL
https://u.openx.net/w/1.0/pd
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
8.159.244.35.bc.googleusercontent.com
Software
OXGW/0.0.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding
gzip
content-length
20
content-type
text/html
date
Tue, 23 Aug 2022 01:02:46 GMT
server
OXGW/0.0.0
vary
Accept, Accept-Encoding
via
1.1 google
async_usersync.html
acdn.adnxs.com/dmp/ Frame 62D1 		52 KB
17 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://acdn.adnxs.com/dmp/async_usersync.html
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.193.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Access-Control-Allow-Origin
*
Age
72875
Cache-Control
max-age=86402
Connection
keep-alive
Content-Encoding
gzip
Content-Length
17053
Content-Type
text/html
Date
Tue, 23 Aug 2022 01:02:46 GMT
ETag
W/"623de86a-cf34"
Expires
Wed, 03 Aug 2022 04:41:10 GMT
Last-Modified
Fri, 25 Mar 2022 16:06:02 GMT
Server
nginx/1.18.0 (Ubuntu)
Vary
Accept-Encoding
Via
1.1 varnish, 1.1 varnish
X-Cache
HIT, HIT
X-Cache-Hits
1, 1011005
X-Served-By
cache-lga21925-LGA, cache-hhn4069-HHN
X-Timer
S1661216567.832391,VS0,VE0
pd
u.openx.net/w/1.0/ Frame 9C54 		0
80 B 		Document
General
Check archive.org
Download Go to
Full URL
https://u.openx.net/w/1.0/pd
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
8.159.244.35.bc.googleusercontent.com
Software
OXGW/0.0.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding
gzip
content-length
20
content-type
text/html
date
Tue, 23 Aug 2022 01:02:46 GMT
server
OXGW/0.0.0
vary
Accept, Accept-Encoding
via
1.1 google
checksync.php
contextual.media.net/ Frame 2683 		23 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUIUMTP7&prvid=2034%2C2033%2C2031%2C2030%2C273%2C2029%2C233%2C2028%2C2027%2C236%2C2025%2C237%2C117%2C238%2C359%2C97%2C55%2C99%2C2045%2C3012%2C2043%2C3010%2C244%2C201%2C3007%2C246%2C4%2C203%2C9%2C2011%2C3022%2C172%2C3020%2C173%2C251%2C175%2C2009%2C178%2C3018%2C3017%2C214%2C3016%2C336%2C3014%2C337%2C338%2C70%2C77%2C38%2C261%2C141%2C222%2C301%2C225%2C10000%2C80%2C108%2C229&itype=PREBID&purpose1=1&gdprconsent=0&gdpr=1&coppa=0&usp_status=0&usp_consent=1
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
92.123.38.97 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a92-123-38-97.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
8f94dff235b65488e759488b869b0000a2a17bf9e13f184289795e2ff65a803c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
max-age=91915
content-encoding
gzip
content-length
8304
content-type
text/html; charset=UTF-8
date
Tue, 23 Aug 2022 01:02:46 GMT
expires
Wed, 24 Aug 2022 02:34:41 GMT
server
Apache
strict-transport-security
max-age=31536000
vary
Accept-Encoding
x-mnet-hl2
E
vtr.php
served-by.pixfuture.com/www/headerbid/library/tracking/ 		0
309 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://served-by.pixfuture.com/www/headerbid/library/tracking/vtr.php
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

pragma
no-cache
date
Tue, 23 Aug 2022 01:02:46 GMT
server
nginx/1.10.3 (Ubuntu)
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
cache-control
max-age=172800
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
expires
Thu, 25 Aug 2022 01:02:46 GMT
vtr.php
served-by.pixfuture.com/www/headerbid/library/tracking/ 		0
309 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://served-by.pixfuture.com/www/headerbid/library/tracking/vtr.php
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

pragma
no-cache
date
Tue, 23 Aug 2022 01:02:46 GMT
server
nginx/1.10.3 (Ubuntu)
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
cache-control
max-age=172800
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
expires
Thu, 25 Aug 2022 01:02:46 GMT
usync.js
eus.rubiconproject.com/ Frame 58FB 		31 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.js
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
92.123.9.160 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a92-123-9-160.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash
ebf9218a016a4a06e257c70b58ebef5da0dc3ae22a3e28b9d394e688f54a228a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/usync.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Date
Tue, 23 Aug 2022 01:02:46 GMT
Content-Encoding
gzip
Last-Modified
Wed, 17 Aug 2022 13:55:35 GMT
Server
Apache/2.2.15 (CentOS)
X-Powered-By
PHP/5.3.3
Vary
Accept-Encoding
p3p
CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control
max-age=38627
Connection
keep-alive
Content-Type
text/html; charset=UTF-8
Content-Length
9442
Expires
Tue, 23 Aug 2022 11:46:33 GMT
async_usersync
ib.adnxs.com/ Frame A9B3 		0
737 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/async_usersync?cbfn=queuePixels
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.89.210.122 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://acdn.adnxs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 23 Aug 2022 01:02:46 GMT
X-Proxy-Origin
81.95.5.37; 81.95.5.37; 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid
e8d8f428-5116-4ccf-9cba-71c7437ee607
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
async_usersync
ib.adnxs.com/ Frame 1118 		0
737 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/async_usersync?cbfn=queuePixels
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.89.210.122 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://acdn.adnxs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 23 Aug 2022 01:02:46 GMT
X-Proxy-Origin
81.95.5.37; 81.95.5.37; 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid
641d3001-aa3b-49a3-9a1f-8a7c5e537300
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
async_usersync
ib.adnxs.com/ Frame 0CE3 		0
737 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/async_usersync?cbfn=queuePixels
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.89.210.122 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://acdn.adnxs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 23 Aug 2022 01:02:46 GMT
X-Proxy-Origin
81.95.5.37; 81.95.5.37; 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid
c066f99c-d136-4b97-8ba0-792d70a5dc1d
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
async_usersync
ib.adnxs.com/ Frame 62D1 		0
737 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/async_usersync?cbfn=queuePixels
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.89.210.122 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://acdn.adnxs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 23 Aug 2022 01:02:46 GMT
X-Proxy-Origin
81.95.5.37; 81.95.5.37; 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid
2c3be2af-6f33-44d0-8034-4d26d1935fd2
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
PugMaster
image6.pubmatic.com/AdServer/ Frame 2553 		0
39 B 		Script
General
Check archive.org
Download Go to
Full URL
https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=68200341&p=158127&s=0&a=0&ptask=ALL&np=0&fp=0&rp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
198.47.127.19 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 01:02:46 GMT
content-length
0
sodar
pagead2.googlesyndication.com/pagead/ Frame 2A1A 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20220818&jk=491855753043038&bg=!6eql6q7NAAYUOm8VNDo7ACkAdvg8WlMM4D0ZmR0xmdK_5DZxtuLk-_0JEDpjkm3F_pqfCEGaFtUI9QIAAAChUgAAAAJoAQeZAwknrf4doyhWlV75oPXSCErq51pnsNuHDukzvoLUdRAS0ws9otaiIB0pvh8MfdYcRfZlBPhv4Ro7HlXHgiepHfhUM13fWN58pxFV0Ca-N61GZ2oWPRCi06IdFAGdGe93LNNpG7OWdDhfIZsCVGPSDITE7ygyRp1zaiCg4IqkvN6nCTJeRaZtK4_Crg-hdhJz4MUS7FqvLL7OaguI6pD4BFL9xsL7X8OubcYRXxVYlSXHDwWMAcA277zteirIHp0t0jo8Sn46JIY1TeLDoGGZyP2XiZKQxbHFwtbgIPzkxTrMKXJHnuXvAvBJSSMZaUyMu93HdAXP_pZ4pnt5Csxg-8qzzG1NQnXsjCuc5DK-80_3dNvMNSn7K-gylyI5Ao_1q9xYiBazFy4firYi0qii_Lcx90jcs1LFo5_W8QVlNc_qCw6bEndj-FKe74frjOB_3A7outbxvTg47hGBNrKoRTnYJSWo3t3H6UluCRfmfwTcQgj-7EIU9P5EVTIJ3TeQigf6w5zCD79LMAcWLW9O6j47ulPkxH_uhk4Z-naaHv-4unZNT6gkddUONONyC-368oZJSZi8QF21SDrt-N6F0wO4CNEe4Jgw0nEwUPK9TqhnxzhX9OPaF2lPzRY6ysmmiuxgWlKPxOjzO7hMs-hq2023qoeBMuMOc0RNh5z3zQ-GJOmbg1gp5WuGp0-JniqhLa--iwragzMKazp0yUOf3Muf3gr0f9LM98vgbdrCkUMZLS5H2tkOKC6xEIMgRVEIQ1B4sCUCYy4qDr2YyCU1U2mNU4H8ypHd_7DBrkNCcsfpl3jOMCCQOEAzTpOQtoeTrYmNnN8XAX89A3SsZKuITy_-n-y_EnLjYuMePp8kV8PpWwqTsIHmMONpz38VVwYLmrlQ9ZtBO06gJZHTAuWqybLkjCYJFmajYCI8mS06E9vq_isLhT2b5ntidkoR4aV9V3YvsioguJExi403u1qLzjBkIo-Z6bU58Fe1ClmG9YXIMmsVqzNDtUVQM5b5mE---SZvZnnFiJZtwfw
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers
sodar
pagead2.googlesyndication.com/pagead/ Frame 51B7 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20220818&jk=1116817671410710&bg=!h4SlhMDNAAYUOm8VNDo7ACkAdvg8Wg24xIxf_MtbC4Tg46Xl6_oVABZGwNp0P7tmv2Lks72k2qBskQIAAACWUgAAAAFoAQeZAvy7LTDdf6edP52mWoAUXvJfLOtn56OrtvOR82RZ3W0s5PM-9wBD98xR66LStJcO_ubf5oSYdG6-sRv8es8RCw8--NgwF3y7PjAN7oZ5wiRtpwAMb3bpFzylB4Sao483cvItqWADPVO_huzLSdlzvfE4WjmaO9EeNNQPBX80ssFqhfvXIH81Vgnnl9SQbiTe6J9qPRfrodS9OtB8LniAw-GBmEYa-kl6JF9MLvlGIdtzvE5O0mhd7Aq7lVZZePbKcJGX2OgiqMHEbPbuxybGzO-_yrwrSgpI97mWnBpYBHayXtIaGBdWURuY5oRObhKZBNeE7IqNVK-Qv9d0QbIxwQqx_7mUyF7fm-qgK1_EsUBaSCkad6jv0wI_nbdpnYUMxO9-ehSB67cExOvkUvyBsnxdnL__CoXSyM6QbZbwweOcwiZ_8Obic1VTcjsT5cvmEYhRi-PRcNUWUkKM2PyPtFmzOKfolrZllAZDKS3ksAZplM36LZVlI45t_oQThEN37J3whoQsIw_ExOiSDOj-GAsrJrymlm9mG7c3OyJFVcuPtL7j_SGLhnQBV0IELFgJ2VSeKj-954wEtc4PSnQ2ytPdkTTmSqZF6TNsUd2pkEoWCW0T6MHOhAPt55DX6rMOl9x6s_uChKaPVvA6Y5ybEk2h9zuUiTTUsOS8cMhm_gs9aIYyzVohgCkNKCU6LFuAhFZ48icJqd8sTtqOcqaOqu00a3n6WJiDvQo7_swHVVPZWc1EOcYQxm-cjB8E0DqLM72VJ8TtG91BnzxJuvsNNCl_rztXIaQ48S-CWBQX1SMdHddvLPnWkoD0mWnVDdzwcvbDnTYOS7qAjq1178H0fF2V7ViRXaOUv1FGmYv5hmXJEMa_2FlLZUY2ZIkBU2VqjaFs60ZZ4iGaqUxrMsr4uo-8dg5cR2RlRK_8Mz394oXq3s1TN07G5vHlBGUbzHujbzqFGEM9iX3yU8EO_6nqjOVseGEltjWDPzKxLQsrpk3V3UqrbFT_ZpIUGmyTLQ
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers
sodar
pagead2.googlesyndication.com/pagead/ Frame 9759 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20220818&jk=419439792104956&bg=!4eKl4qbNAAYUOm8VNDo7ACkAdvg8WktselwF42rWKFbb6C8vCAIRUY0Y2QxkFhsnE4SAyMn1LPALywIAAAC2UgAAAAJoAQeZAxyCYYzsa_ElULUIe-37oP_WLjjeyDoSRQjJp4tmOmNaD2jPuU4UbaD2vyl4JljV2ok2cDE0ifG-URsup9FaMuEZxZ5ywNCIKabchyNUt7RQz7xINMigEUxtYs5KNMRoPS9KCdnyHThHRR_myekDftuwvH5QDwzZ3VIzViHTO04l-sNsI1tfwoDaJAU7inMXrQXc35OjbVixgxG_uJ1uVfPebRX-LqVU5twsWQ8-6dEHMHfGaKjW4VwYBZyqybHHprbAMas5FmYBGQukMbaMjPMkKFYB51ET_f2H1h2MZgTp_U9-HodRQIP7crUU3OIvtOsdt9JjsQNrzEM2qbAF2Q_ZdgA6DSWQ_PfHoZiEBEqgcSFabKvJnQr3Ie4g-hcuGdWoRcxoKZj2jlqr4pq6Ud-lw_MLT915qTSx8aCLdW2Mn9HHF-2Xk_IU6WMt7-gSYuc6F9dleWvVgEdERwK58VpoXywfwmEjxvXchyRlTAt91pxxAzfbIvBTMEq7Eiy068FfuVgny5qEuoXIXS5330sS6mcf4xIhEDsDKfKBezj2c-qAxPnacoIyOlIG-Vrf4qeqqfeCUS406DqivBUVouIbrqqOOBDNrI2S5NAiRXjLt7IIc7PDhH4tMQbW4ms4vSdWkp8kCghU71J0qT884LhKNIOFblu70mLPNudTHFdMUFuVdHe6igQhWfZVmFzPlR-eByMVo427ItYnZ-lhEWtDUG5yF7DAh2XZYvigtvMhCmBBsKrAhDsOUEY0GutunvsCgxH9dJzgiK540zfe6Hd2TOH-B2gOpf67OsYxvTkye-aHku95Ox9hY6ZMACVk9xCW5ww2mpp9z2HvD7DEbJKBg6DhTZUg8jM9w4qlBVxtz7pvkHo2-Ow7UOPAeVx0g1HoMqXxptoOOccWEU0LyEXAzh9FIq8Nzw8FlpuHKIVyrt7Sd2zEpiZY_akhnwTQeHiTczOGpsrxLqjvhagTkA5bXcAZ5BGkoxMYnDY2A1eODmzKigFWAw5dbPGmZ7PGbi_dehDBOU-QHEJS5GcuYWRZDff6qg2hbhRli92m
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers
tracking.php
served-by.pixfuture.com/www/headerbid/library/tracking/ 		0
309 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://served-by.pixfuture.com/www/headerbid/library/tracking/tracking.php
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

pragma
no-cache
date
Tue, 23 Aug 2022 01:02:47 GMT
server
nginx/1.10.3 (Ubuntu)
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
cache-control
max-age=172800
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
expires
Thu, 25 Aug 2022 01:02:47 GMT
320x50.png
cdn.pixfuture.com/banners/ Frame F3E6 		20 KB
21 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.pixfuture.com/banners/320x50.png
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/133736/malware/dsirf-behind-subzero-malware.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:744 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6f83d6d161d5d98ac0a6305e882cbf211c330178f30bac4095f967b5475c0e92

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 01:02:47 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
133243
content-length
20836
last-modified
Tue, 02 Feb 2021 21:40:24 GMT
server
cloudflare
etag
"6019c6c8-5164"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MBRCEzemIn%2F%2Bl1n7RtXcDLaUObDHHKuebbnz1GwoyFMV43P8wD%2F6dCUsZIP%2BC5dubELKxRdBa0VrbBp9bhfzYhVpFpsArLXHySTnCI3%2F%2FJGWxjeUnH4sdqTgd8cy9ng4w87fNWPtymdMVxWNR8PQ"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
public, max-age=172800, no-transform
accept-ranges
bytes
cf-ray
73efecbc8ad59a12-FRA
expires
Tue, 23 Aug 2022 11:52:42 GMT
/
track.adform.net/adfscript/ Frame 9CBF
Redirect Chain
  • https://ghent-aws-fr.bidswitch.net/imp/0.06960/BSWhttps_A_B_Btrack.adform.net_Badfscript_B_Cbn_R37104562_Qrtbwp_R_I_WAUCTION__PRICE_X-uxdQnHF2lQEJAdULupjElawhbuXXKDvH0_Qrtbdata_RM9-Z3hVKlYRKxUEL0El...
  • https://track.adform.net/adfscript/?bn=37104562;rtbwp=0.074838-uxdQnHF2lQEJAdULupjElawhbuXXKDvH0;rtbdata=M9-Z3hVKlYRKxUEL0ElfocjgRHedBHg2ef0GNRsc8peltd8aI1YbmGs5W22QUdBXMi95g1qXc7X4llom4nvcxIpm3AJP...
1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://track.adform.net/adfscript/?bn=37104562;rtbwp=0.074838-uxdQnHF2lQEJAdULupjElawhbuXXKDvH0;rtbdata=M9-Z3hVKlYRKxUEL0ElfocjgRHedBHg2ef0GNRsc8peltd8aI1YbmGs5W22QUdBXMi95g1qXc7X4llom4nvcxIpm3AJPgcSSb3IRDH31pKk318h3KExEobsrkpnf8kPkGnhAt96TPb1EV3PoH3iK8-VcmtUnLZaG8GBQ6jzMNYga6vvGz7RJ9VK_XO0KT6NLigyuMOc5_7Qm0dcCNkpUTqqh1hsJb1lLHsUeW1F3wxGVOR-lTG9rcodX0EX7r43BWNxJ3JFWgHYWzpcFMu9_LWT0lQkXAT8x0;;OOBClickTrack=$%7BCLICK_URL_ENC%7D
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/133736/malware/dsirf-behind-subzero-malware.html
Protocol
H2
Server
37.157.2.234 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
56ad091dc0dba9ae99229b7d5e94ca2d06cebe2c511a2c58906d7b15604f39e7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 23 Aug 2022 01:02:48 GMT
content-encoding
gzip
server
nginx
vary
Accept-Encoding
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, no-transform
strict-transport-security
max-age=31536000; includeSubDomains
content-type
text/javascript; charset=utf-8
content-length
905
expires
-1

Redirect headers

Location
https://track.adform.net/adfscript/?bn=37104562;rtbwp=0.074838-uxdQnHF2lQEJAdULupjElawhbuXXKDvH0;rtbdata=M9-Z3hVKlYRKxUEL0ElfocjgRHedBHg2ef0GNRsc8peltd8aI1YbmGs5W22QUdBXMi95g1qXc7X4llom4nvcxIpm3AJPgcSSb3IRDH31pKk318h3KExEobsrkpnf8kPkGnhAt96TPb1EV3PoH3iK8-VcmtUnLZaG8GBQ6jzMNYga6vvGz7RJ9VK_XO0KT6NLigyuMOc5_7Qm0dcCNkpUTqqh1hsJb1lLHsUeW1F3wxGVOR-lTG9rcodX0EX7r43BWNxJ3JFWgHYWzpcFMu9_LWT0lQkXAT8x0;;OOBClickTrack=$%7BCLICK_URL_ENC%7D
Date
Tue, 23 Aug 2022 01:02:48 GMT
Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Content-Length
0
Content-Type
text/html; charset=UTF-8
put
e1.emxdgt.com/ Frame 9CBF
Redirect Chain
  • https://aws-fr-sync.bidswitch.net/sync?ssp=emxdigital&dsp_id=70&imp=1
  • https://aws-fr-sync.bidswitch.net/ul_cb/sync?ssp=emxdigital&dsp_id=70&imp=1
  • https://c1.adform.net/serving/cookie/match/?party=24&bidswitch_ssp_id=emxdigital
  • https://c1.adform.net/serving/cookie/match/?CC=1&party=24&bidswitch_ssp_id=emxdigital
  • https://x.bidswitch.net/sync?dsp_id=70&user_id=5811457281666223727&ssp=emxdigital
  • https://e1.emxdgt.com/put?d=d21&uid=ed9c7036-2a9a-4f52-9563-0ae1b4f690f6&gdpr=&gdpr_consent=
0
55 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://e1.emxdgt.com/put?d=d21&uid=ed9c7036-2a9a-4f52-9563-0ae1b4f690f6&gdpr=&gdpr_consent=
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/133736/malware/dsirf-behind-subzero-malware.html
Protocol
H2
Server
18.156.32.70 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-156-32-70.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 01:02:47 GMT
content-length
0
content-type
text/html

Redirect headers

Location
//e1.emxdgt.com/put?d=d21&uid=ed9c7036-2a9a-4f52-9563-0ae1b4f690f6&gdpr=&gdpr_consent=
Date
Tue, 23 Aug 2022 01:02:48 GMT
Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Content-Length
0
check_gdpr.js
biddr.brealtime.com/ Frame 9CBF
Redirect Chain
  • https://imp-euro.emxdgt.com/imp/?cp=0.06960&ts=1661216563&seat=70&w=728&h=90&pb=0.05568&sid=9508&tid=82818&pid=1323&uid=68411661216562783682f1&wid=21&dom=securityaffairs.co&tp=0.06960&mt=1&dt=2&st=...
  • https://biddr.brealtime.com/check_gdpr.js
704 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://biddr.brealtime.com/check_gdpr.js
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/133736/malware/dsirf-behind-subzero-malware.html
Protocol
HTTP/1.1
Server
104.17.120.107 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b3d8bcb82d61a3c0b87387b4dcdd2493ea09e7190e2980c6167182ad23cd96d3

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Date
Tue, 23 Aug 2022 01:02:47 GMT
Content-Encoding
gzip
CF-Cache-Status
HIT
Age
918
Transfer-Encoding
chunked
Connection
keep-alive
x-amz-request-id
7NQA4Q3C5H01T67D
x-amz-id-2
gi64xt4P9CIVuZdeFJizddgdK/QAkP7DQQzS4glM7PiTCmroJXckJOcKTHPMl3WDFxDJWCx/r1E=
Last-Modified
Wed, 19 Aug 2020 01:11:27 GMT
Server
cloudflare
ETag
W/"45fc2df97a85ec1dbd37c6e43e5da119"
Expect-CT
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary
Accept-Encoding
Content-Type
application/javascript
Cache-Control
public, max-age=3600
CF-RAY
73efecbd9c4d9124-FRA
Expires
Tue, 23 Aug 2022 02:02:47 GMT

Redirect headers

Location
https://biddr.brealtime.com/check_gdpr.js
Date
Tue, 23 Aug 2022 01:02:47 GMT
Connection
Keep-Alive
Content-Length
0
Content-Type
text/html
moatad.js
z.moatads.com/emxsspdisplay905071498485/ Frame 9CBF 		299 KB
102 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://z.moatads.com/emxsspdisplay905071498485/moatad.js?moatClientLevel1=1323&moatClientLevel2=9508&moatClientLevel3=82818&moatClientSlicer1=securityaffairs.co&moatClientSlicer2=&moatClientSlicer3=
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.47.209.169 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-47-209-169.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
4a0c4062dd4631f83121672154a0aa4d182030a500e4bab908e916339fdca038

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 01:02:47 GMT
content-encoding
gzip
last-modified
Thu, 04 Aug 2022 15:27:56 GMT
server
AmazonS3
x-amz-request-id
9Q3HMTPQZZ3KRKEB
etag
"829532b99e7b35176b0b4be14200c2fc"
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
max-age=31505
accept-ranges
bytes
content-length
103968
x-amz-id-2
C+kM4E0Vpa6pBoA79VP0TZj9rgl1OD/krXH2alogmDfu8NvgYjXKJQ6tGuiMRjT7OI9E1UpiH+E=
openvv.js
js.brealtime.com/ Frame 9CBF 		25 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.brealtime.com/openvv.js
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.17.120.107 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
eda8191f9ba76f5caac6877916a84ad731e96464925a7f9225d8a78b73d01240

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Date
Tue, 23 Aug 2022 01:02:47 GMT
Content-Encoding
gzip
CF-Cache-Status
HIT
Age
5642
Transfer-Encoding
chunked
Connection
keep-alive
x-amz-request-id
N32NT1XQ4EAMQ7SN
x-amz-id-2
JHDQT1RU12vdDQL/TSfiq30XlrZPRR2lwsOw6TsBsqrCp3mBlZEEcNAuHs2kbj5RpsGKBvmRrpo=
Last-Modified
Mon, 28 Jan 2019 20:39:00 GMT
Server
cloudflare
ETag
W/"a3f3c6d66a408f8552e62ced6abc6fb4"
Expect-CT
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary
Accept-Encoding
Content-Type
application/javascript
Cache-Control
public, max-age=3600
CF-RAY
73efecbd0be29c0a-FRA
Expires
Tue, 23 Aug 2022 02:02:47 GMT
tracking.php
served-by.pixfuture.com/www/headerbid/library/tracking/ 		0
309 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://served-by.pixfuture.com/www/headerbid/library/tracking/tracking.php
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

pragma
no-cache
date
Tue, 23 Aug 2022 01:02:47 GMT
server
nginx/1.10.3 (Ubuntu)
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
cache-control
max-age=172800
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
expires
Thu, 25 Aug 2022 01:02:47 GMT
tracking.php
served-by.pixfuture.com/www/headerbid/library/tracking/ 		0
309 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://served-by.pixfuture.com/www/headerbid/library/tracking/tracking.php
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

pragma
no-cache
date
Tue, 23 Aug 2022 01:02:47 GMT
server
nginx/1.10.3 (Ubuntu)
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
cache-control
max-age=172800
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
expires
Thu, 25 Aug 2022 01:02:47 GMT
300x250.png
cdn.pixfuture.com/banners/ Frame 850B 		44 KB
45 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.pixfuture.com/banners/300x250.png
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/133736/malware/dsirf-behind-subzero-malware.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:744 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6251b4b4525b9007511a48a6cda9a168f07ff77ccc4dd75759486af624a13301

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 01:02:47 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
133660
content-length
45195
last-modified
Wed, 03 Feb 2021 20:39:58 GMT
server
cloudflare
etag
"601b0a1e-b08b"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gSoQausJ9rIHb6qz7k8Cu1luZH21MYU93EyzH3qpvvmvVtZpHKScKvGOeztlYlcEQbSLVxsjw28i3JrRO%2Bk8pThTx53LjJU2J6dEc2p4t4orYwC%2BNLF50340V0lyYCN2XrPk7ySZfiVY3lIsfZ39"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
public, max-age=172800, no-transform
accept-ranges
bytes
cf-ray
73efecbd1b3f9a12-FRA
expires
Tue, 23 Aug 2022 11:51:52 GMT
async_usersync
ib.adnxs.com/ Frame A9B3 		0
737 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/async_usersync?cbfn=queuePixels
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.89.210.122 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://acdn.adnxs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 23 Aug 2022 01:02:47 GMT
X-Proxy-Origin
81.95.5.37; 81.95.5.37; 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid
97315fc1-aa4a-4725-bc7f-deda8d8d42f8
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
async_usersync
ib.adnxs.com/ Frame 1118 		0
737 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/async_usersync?cbfn=queuePixels
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.89.210.122 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://acdn.adnxs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 23 Aug 2022 01:02:47 GMT
X-Proxy-Origin
81.95.5.37; 81.95.5.37; 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid
1239e527-85bb-423b-9a19-a3c6135eee3a
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
async_usersync
ib.adnxs.com/ Frame 0CE3 		0
737 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/async_usersync?cbfn=queuePixels
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.89.210.122 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://acdn.adnxs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 23 Aug 2022 01:02:47 GMT
X-Proxy-Origin
81.95.5.37; 81.95.5.37; 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid
32edd182-fd1b-4502-90f7-0dd1e97418b0
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
async_usersync
ib.adnxs.com/ Frame 62D1 		0
737 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/async_usersync?cbfn=queuePixels
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.89.210.122 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://acdn.adnxs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 23 Aug 2022 01:02:47 GMT
X-Proxy-Origin
81.95.5.37; 81.95.5.37; 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid
37c73987-a80e-4419-8f07-3f5b3cf9f11c
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
bootstrap.js
s1.adform.net/stoat/626/s1.adform.net/ Frame 9CBF 		33 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js
Requested by
Host: ghent-aws-fr.bidswitch.net
URL: https://ghent-aws-fr.bidswitch.net/imp/0.06960/BSWhttps_A_B_Btrack.adform.net_Badfscript_B_Cbn_R37104562_Qrtbwp_R_I_WAUCTION__PRICE_X-uxdQnHF2lQEJAdULupjElawhbuXXKDvH0_Qrtbdata_RM9-Z3hVKlYRKxUEL0ElfocjgRHedBHg2ef0GNRsc8peltd8aI1YbmGs5W22QUdBXMi95g1qXc7X4llom4nvcxIpm3AJPgcSSb3IRDH31pKk318h3KExEobsrkpnf8kPkGnhAt96TPb1EV3PoH3iK8-VcmtUnLZaG8GBQ6jzMNYga6vvGz7RJ9VK__XO0KT6NLigyuMOc5__7Qm0dcCNkpUTqqh1hsJb1lLHsUeW1F3wxGVOR-lTG9rcodX0EX7r43BWNxJ3JFWgHYWzpcFMu9__LWT0lQkXAT8x0_Q_QOOBClickTrack_R_I_WCLICK__URL_AURLENCODE_X/MfEgK2xOHRQIn6hAI-z7WQGSmzF0PXmiPo6iUyXsTsdVjgUBfGGn06-rpN1ov7mEEGkkWwqjuJQRGpSjcf4kJqnLojM2PbyOODJOGPef5QDxX4LZCDGe3gnS368paodUaB55Jlh8glZOBphz3UCmfdxfaSS3oW8bgZUWd7j-8UN8-LaTwZn9UgmXsXR7UbH1KpmKgRqf9AD-0f9_-o0J-ts1l62tOZ825eGZzf-9SIPZ4zj1d4FPlvEjmlXpvK4_L7EX6DLhHO5uget2qWXEbDo88QdhL5MpobuqjoSYKG6bSCmkEYLRD3x8lRPBpYSyHrQmGDeIbaHB76LuTi8tqJCel9fc1S2Omy3IDiDWcKAY9Xcgy3_NlBc41FXOdMfxer_KiF8RR6olncFJ_2eUOlniBQI8mUwxAG_jeHvKfmI6VZyy37Xr00pEzKo1wZOZwR9J3deT7bMrsI2QNZHcQD-gZjqO5-mSSGGrQl02KpDaJBnn7LbA7FEaPfVKb7lVZXWBqTs8X9BPaZ4sU_Yen2E6GSbi9BPPgLl2YJyYK6nJ8gqQzLCafYNTQ7Hale6bUMGuMi7uNw0Urfw0s1vkcIWGsmuYF63hFoyQ9z84NlIEYRO44afCV8KcA80SJL7o8E2ClJuuUZJ0WOZabtnvNZYQUeBVuvICrxzG3OgFeM6ppPSptUCXqEGzjYvpOypAp595EJuejlTPfhHPMLUJRjzgozzuDEUAhmCtn33NW8P4tWwQmNHRXl_XOupobi3JVT_dNTx8FlLOBrK3xIzJobFgaq6dMmOv4AmU7LOLPWdGlnl0JsLqlsWK7dYoskWIEBq23bCKb6ZmyXa5wg8f7je9rLr_DEFf8NY5V7ddUoaDh_ZjDuMw0bT51drQbeOqdwHLEao_iCJUYnMqles2xzLyS--d5_Z3SH1BSWSkDhkPZEedZQdBKQQXgJk/$%7BCLICK_URL_ENC%7D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.6.236 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
0ce978a7907fdf3a7b393ff68e8c0c17703c7f2eae4772b4bdce769668118dda

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 01:02:48 GMT
content-encoding
gzip
last-modified
Wed, 27 Jul 2022 07:02:09 GMT
server
nginx
x-cache-status
HIT
vary
Accept-Encoding
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=100000
expires
Wed, 24 Aug 2022 04:15:59 GMT
/
track.adform.net/adfserve/ Frame 9CBF 		6 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://track.adform.net/adfserve/?bn=37104562;rtbwp=0.074838-uxdQnHF2lQEJAdULupjElawhbuXXKDvH0;rtbdata=M9-Z3hVKlYRKxUEL0ElfocjgRHedBHg2ef0GNRsc8peltd8aI1YbmGs5W22QUdBXMi95g1qXc7X4llom4nvcxIpm3AJPgcSSb3IRDH31pKk318h3KExEobsrkpnf8kPkGnhAt96TPb1EV3PoH3iK8-VcmtUnLZaG8GBQ6jzMNYga6vvGz7RJ9VK_XO0KT6NLigyuMOc5_7Qm0dcCNkpUTqqh1hsJb1lLHsUeW1F3wxGVOR-lTG9rcodX0EX7r43BWNxJ3JFWgHYWzpcFMu9_LWT0lQkXAT8x0;;oobclicktrack=%24%257BCLICK_URL_ENC%257D;js=1;adfxid=1x;10129;set=en-US|en-US|1600X1200|0|750|100|24|8|3|7|0|0;fd=0|2&CREFURL=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F133736%2Fmalware%2Fdsirf-behind-subzero-malware.html
Requested by
Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.2.234 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
8b92b8f673590056efabc2f9f6e60c92a7552dd183ea60d450ce05d70a04e842
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 23 Aug 2022 01:02:48 GMT
content-encoding
gzip
server
nginx
vary
Accept-Encoding
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, no-transform
strict-transport-security
max-age=31536000; includeSubDomains
content-type
text/javascript; charset=utf-8
content-length
2660
expires
-1
r62eglto.js
ad4m.at/ Frame 9CBF 		36 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ad4m.at/r62eglto.js
Requested by
Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b9b060fea5d40ed1a199f9ffec8eedb296149c1c5289e65818742d16f24f4dc4

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

x-goog-hash
crc32c=QLBs9A==, md5=pp9azZKJxl5nOXvhQrwsPw==
date
Tue, 23 Aug 2022 01:02:48 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
138176
x-guploader-uploadid
ADPycdvIQ2dWyUpZOcHVhl4Bssqz_uGTmr0SO5-IAu24JJuir0R_e8X8EITNMnJjIcir1_vpwWYqphh0Hd4VoJpwJDvepP0EvNOB
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
gzip
cf-bgj
minify
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Wed, 27 Jul 2022 10:39:11 GMT
server
cloudflare
etag
W/"a69f5acd9289c65e67397be142bc2c3f"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0C6TCHb5ANXjkc0ZIHXwOAC92jsG2WpyVSAjyGL7kq296j6sjTXTJpSEkNSp7P8HvMLOdAADHjz%2FX09vtbgKUyR1EOqyx1mWMlrryTvaui1ao7%2FWT9lHWNiQ0iZkotxDlmr3EbQ%3D"}],"group":"cf-nel","max_age":604800}
x-goog-generation
1658918351642621
content-type
application/javascript; charset=utf-8
cache-control
public, max-age=3600, must-revalidate, stale-while-revalidate=300
x-goog-stored-content-length
11980
cf-ray
73efecc10832bc01-FRA
expires
Sun, 21 Aug 2022 10:39:52 GMT
/
track.adform.net/csimpr/ Frame 9CBF 		35 B
470 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://track.adform.net/csimpr/?bn=37104562&csi=iEuJPljgvDcnIl2c8yjdVtFacZXC3dDri3mLmmJrvwkJDwKV3Zer3HWCnEto5flfxu4oDsk4HEmTy6xABeSi72QBbo50IEXs0
Requested by
Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.2.234 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Tue, 23 Aug 2022 01:02:48 GMT
server
nginx
access-control-max-age
86400
access-control-allow-methods
GET, POST
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
https://securityaffairs.co
cache-control
no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
access-control-allow-headers
Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
expires
-1
/
e1.emxdgt.com/sync/ Frame 9CBF 		0
22 B 		Script
General
Check archive.org
Download Go to
Full URL
https://e1.emxdgt.com/sync/
Requested by
Host: imp-euro.emxdgt.com
URL: https://imp-euro.emxdgt.com/imp/?cp=0.06960&ts=1661216563&seat=70&w=728&h=90&pb=0.05568&sid=9508&tid=82818&pid=1323&uid=68411661216562783682f1&wid=21&dom=securityaffairs.co&tp=0.06960&mt=1&dt=2&st=1&os=&ip=81.95.5.37&sz=&country=DE&region=BY&city=Hof&zip=&dma=&agency_id=&cluster=euro-hb&browser=chrome&rf=securityaffairs.co&data_fee_type=&data_fee=0&clstr_nm=header-bidding-euro-4&ua=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/104.0.5112.101%20Safari/537.36&make=&ifa=&adom=ad4m.at&cat=3&gdpr=1&crid=70_37104562&burlv2=aHR0cHMlM0ElMkYlMkZnaGVudC1hd3MtZnIuYmlkc3dpdGNoLm5ldCUyRndpbl9ub3RpY2UlMkZlbXhkaWdpdGFsX2JpZCUzRnJpZCUzRE1mRWdLMnhPSFJRSW42aEFJLXo3V1FHU216RjBQWG1pUG82aVV5WHNUc2RWamdVQmZHR24wNi1ycE4xb3Y3bUVFR2trV3dxanVKUVJHcFNqY2Y0a0pxbkxvak0yUGJ5T09ESk9HUGVmNVFEeFg0TFpDREdlM2duUzM2OHBhb2RVYUI1NUpsaDhnbFpPQnBoejNVQ21mZHhmYVNTM29XOGJnWlVXZDdqLThVTjgtTGFUd1puOVVnbVhzWFI3VWJIMUtwbUtnUnFmOUFELTBmOV8tbzBKLXRzMWw2MnRPWjgyNWVHWnpmLTlTSVBaNHpqMWQ0RlBsdkVqbWxYcHZLNF9MN0VYNkRMaEhPNXVnZXQycVdYRWJEbzg4UWRoTDVNcG9idXFqb1NZS0c2YlNDbWtFWUxSRDN4OGxSUEJwWVN5SHJRbUdEZUliYUhCNzZMdVRpOHRxSkNlbDlmYzFTMk9teTNJRGlEV2NLQVk5WGNneTNfTmxCYzQxRlhPZE1meGVyX0tpRjhSUjZvbG5jRkpfMmVVT2xuaUJRSThtVXd4QUdfamVIdktmbUk2Vlp5eTM3WHIwMHBFektvMXdaT1p3UjlKM2RlVDdiTXJzSTJRTlpIY1FELWdaanFPNS1tU1NHR3JRbDAyS3BEYUpCbm43TGJBN0ZFYVBmVktiN2xWWlhXQnFUczhYOUJQYVo0c1VfWWVuMkU2R1NiaTlCUFBnTGwyWUp5WUs2bko4Z3FRekxDYWZZTlRRN0hhbGU2YlVNR3VNaTd1TncwVXJmdzBzMXZrY0lXR3NtdVlGNjNoRm95UTl6ODRObElFWVJPNDRhZkNWOEtjQTgwU0pMN284RTJDbEp1dVVaSjBXT1phYnRudk5aWVFVZUJWdXZJQ3J4ekczT2dGZU02cHBQU3B0VUNYcUVHempZdnBPeXBBcDU5NUVKdWVqbFRQZmhIUE1MVUpSanpnb3p6dURFVUFobUN0bjMzTlc4UDR0V3dRbU5IUlhsX1hPdXBvYmkzSlZUX2ROVHg4RmxMT0JySzN4SXpKb2JGZ2FxNmRNbU92NEFtVTdMT0xQV2RHbG5sMEpzTHFsc1dLN2RZb3NrV0lFQnEyM2JDS2I2Wm15WGE1d2c4ZjdqZTlyTHJfREVGZjhOWTVWN2RkVW9hRGhfWmpEdU13MGJUNTFkclFiZU9xZHdITEVhb19pQ0pVWW5NcWxlczJ4ekx5Uy0tZDVfWjNTSDFCU1dTa0Roa1BaRWVkWlFkQktRUVhnSmslMjZwJTNEJTI0JTdCRU1YX0JVUkwlN0QlMjZhaWQlM0Q=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.156.32.70 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-156-32-70.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 01:02:47 GMT
content-length
0
content-type
text/html
pixel.gif
px.moatads.com/ 		43 B
274 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=17&i=EMX_SSP_DISPLAY1&hp=1&wf=1&ra=1&sgs=3&vb=-1&kq=1&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&bq=0&f=0&j=&t=1661216568513&de=797057097966&m=0&ar=1da355aa18f-clean&iw=43787e0&q=2&cb=0&ym=0&cu=1661216568513&ll=3&lm=0&ln=1&em=0&en=0&d=1323%3A9508%3A82818%3Aundefined&bo=securityaffairs.co&bp=&bd=&zGSRC=1&gu=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F133736%2Fmalware%2Fdsirf-behind-subzero-malware.html&id=1&ii=4&zMoatOrigSlicer1=securityaffairs.co&zMoatOrigSlicer2=N%2FA&gw=emxsspdisplay905071498485&fd=1&it=500&ti=0&ih=2&pe=1%3A2485%3A2596%3A2730%3A2491&fs=199703&na=124855502&cs=0
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.47.209.169 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-47-209-169.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

unused62
8096267
date
Tue, 23 Aug 2022 01:02:48 GMT
last-modified
Fri, 20 May 2016 15:16:00 GMT
server
AkamaiNetStorage
etag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type
image/gif
pragma
no-cache
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
43
expires
Tue, 23 Aug 2022 01:02:48 GMT
frame.html
ad4m.at/ Frame 1C9A 		2 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ad4m.at/frame.html
Requested by
Host: ad4m.at
URL: https://ad4m.at/r62eglto.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bdd681451ace45b4f9e4ea032868c87b80da96240a2adb696bd59ed6a238497b

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
2050444
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control
public, max-age=3600
cf-cache-status
HIT
cf-ray
73efecc1ab319107-FRA
content-encoding
br
content-language
en
content-type
text/html; charset=utf-8
date
Tue, 23 Aug 2022 01:02:48 GMT
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
expires
Tue, 23 Aug 2022 02:02:48 GMT
last-modified
Wed, 06 May 2020 15:09:30 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=e%2BCt6DlO%2F8o5roJ%2BDCaCBQynSYrBoDQa%2BqbERgH4CTksTL270M22Wa0%2B%2BpANip9HnXIUw8HzjREGowAEuJ95A7VMGl6ZgpZ57goeZtv7WvcAYxYGfKSPazCErO5wgg%2BtVKvBH1A%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
x-goog-custom-time
1970-01-01T00:00:00Z
x-goog-generation
1588777770164783
x-goog-hash
crc32c=iTDHew== md5=c2ZaqCqAXxKd4MgeeQDU8g==
x-goog-meta-
x-goog-metageneration
3
x-goog-storage-class
MULTI_REGIONAL
x-goog-stored-content-encoding
identity
x-goog-stored-content-length
1681
x-guploader-uploadid
ADPycds-8sQtq3wpa_8FZA4_lJm2l0V1rVRE94pQrLxNSzcoOyWFTKcSCQQ1tfbcjuocIbHYIVQdYrNUUHn7EVvK_wY
ThirdParty
s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.221/e/.gSBgiDQ/i/vCAv.IAAAAAoAA/r:types/ Frame 9CBF 		35 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.221/e/.gSBgiDQ/i/vCAv.IAAAAAoAA/r:types/ThirdParty
Requested by
Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.6.236 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
48cab163ff0e9b0d1181e52187d68e1bc909972b5f690b4a2bec7b20b8ff16f9

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 01:02:48 GMT
content-encoding
gzip
last-modified
Wed, 27 Jul 2022 07:02:09 GMT
server
nginx
x-cache-status
HIT
vary
Accept-Encoding
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=100000
expires
Wed, 24 Aug 2022 04:19:22 GMT
rs
ad4m.at/ Frame 9CBF 		1 KB
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://ad4m.at/rs
Requested by
Host: ad4m.at
URL: https://ad4m.at/r62eglto.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
65de1fa7bd550c89dd059d0abc6ba885b8812dd5c0a33846690ebec82e2c77b6

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
application/json

Response headers

cf-ray
73efecc218b090a9-FRA
date
Tue, 23 Aug 2022 01:02:48 GMT
via
1.1 google
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2C5t3iVD9ItaGBCasQ2zobnfvhY30g6eZWNtweuU0gJySacQuNYO1%2B6QyjJfThfstspjbYVm2vxsb7rEhQL%2BgqsEH0XZYU2zUG2tDnI7acTC3iP3yXk9FKR%2BBAzRe1hzagyayb0%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/plain
access-control-allow-origin
https://securityaffairs.co
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
access-control-allow-credentials
true
content-encoding
br
x-backend-server
aa-reachservice-group-europe-west1-h8v1
rs
ad4m.at/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://ad4m.at/rs
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://securityaffairs.co
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type
access-control-allow-methods
GET,PATCH,POST,OPTIONS,DELETE
access-control-allow-origin
https://securityaffairs.co
access-control-max-age
1800
allow
HEAD,POST,GET,OPTIONS
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
73efecc1e8a090a9-FRA
content-length
24
content-type
text/plain
date
Tue, 23 Aug 2022 01:02:48 GMT
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qw85NVJKmPxlR%2Fy51Uby%2ByHv6TWmStAP8y8Q80QeVt9q37RBERht0PxN0V%2FBEZS01isw5qOXfH1Ola6cx5AGL7DDAUsy9JBl8aS6WzJmTw8x6kzb%2BK%2FBH8fwjiemZnBlWiul%2Ffc%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
via
1.1 google
x-backend-server
aa-reachservice-group-europe-west1-h8v1
rar
as.ad4m.at/ad/ Frame BAF2 		8 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://as.ad4m.at/ad/rar?a=188906%2C15579%2C14019&b=4KZUEf5fA9rXCGH9HdtAtMmkzTbSpTVXUK%2Cj4YCEfGfbB2aYHEH2t6tWmGaZSzTMGS9%2CxM7tQfAfbRKtPHdHztQtRMWU7S6TgxaA&f=rBZFQf9f3PRZHAH7HjtJCVBdRFYS8TGdtd%2CxM7tQfAfMxpsPHdHztDCqWgS7S6TgxaA%2CY97Frf3f9GMfVH9HetgCRVeUkS1TbJUr&c=728&d=90&e=&g=56ea9913dbf08ee45efaabdfea351ea7%2F17948389842677730135&i=75451%2C26474%2C21596&j=22%2C41%2C16&k=0&l=0&m=0&n=&p=&q=&o=adf_Netmix_Reach09_Mweb_KreiselDeal&r=1661216568676&h=https%3A%2F%2Ftrack.adform.net%2FC%2F%3Fbn%3D37104562%3Bcrtbwp%3D0.074838-uxdQnHF2lQEJAdULupjElawhbuXXKDvH0%3Bcrtbdata%3DM9-Z3hVKlYRKxUEL0ElfocjgRHedBHg2ef0GNRsc8peltd8aI1YbmGs5W22QUdBXMi95g1qXc7X4llom4nvcxIpm3AJPgcSSb3IRDH31pKk318h3KExEobsrkpnf8kPkGnhAt96TPb1EV3PoH3iK8-VcmtUnLZaG8GBQ6jzMNYga6vvGz7RJ9VK_XO0KT6NLigyuMOc5_7Qm0dcCNkpUTqqh1hsJb1lLHsUeW1F3wxGVOR-lTG9rcodX0EX7r43BWNxJ3JFWgHYWzpcFMu9_LWT0lQkXAT8x0%3Badfibeg%3D0%3Bcdata%3DuTUMTIKLg7ASc5x_H_hRK9NsrEmeQv7dv2IhAEIHs8T2WUmd6gqM49-yQr5Uwg8bJyGcorp7hXsNoAr1I6LcPvtyo_bT1dqtHDiC3SsNMbT94cYkuPdDRa4WrCE8ovGnzIQIhGdsVEJholTa4zbQ2VA_gM4f-k2E-t0Sgi-O6BY6OsOKllYCzjuOiLq4yCDS0%3B%3BCREFURL%3Dhttps%253a%252f%252fsecurityaffairs.co%252fwordpress%252f133736%252fmalware%252fdsirf-behind-subzero-malware.html%3BC%3D1%3Bcpdir%3D&y=1&s=&z=0
Requested by
Host: ad4m.at
URL: https://ad4m.at/r62eglto.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
888821f71641db53455eec1ff33d6405106c4e88eb0be9bfcfeaff4aa2ebef48
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri *;child-src *;connect-src *;default-src 'self';font-src *;form-action 'none';frame-ancestors * data:;frame-src *;img-src * data:;manifest-src 'none';media-src 'none';navigate-to *;object-src 'none';prefetch-src 'none';script-src * 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';worker-src 'none'
Strict-Transport-Security max-age=86400; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate
cf-cache-status
DYNAMIC
cf-ray
73efecc2692abc01-FRA
content-encoding
br
content-security-policy
block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri *;child-src *;connect-src *;default-src 'self';font-src *;form-action 'none';frame-ancestors * data:;frame-src *;img-src * data:;manifest-src 'none';media-src 'none';navigate-to *;object-src 'none';prefetch-src 'none';script-src * 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';worker-src 'none'
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
unsafe-none
cross-origin-opener-policy
unsafe-none
cross-origin-resource-policy
cross-origin
date
Tue, 23 Aug 2022 01:02:48 GMT
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
expires
0
feature-policy
geolocation 'none';midi 'none';sync-xhr 'none';microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';fullscreen 'none';payment 'none';accelerometer 'none';usb 'none';autoplay 'self'
nel
{"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0","include_subdomains":true}
pragma
no-cache
referrer-policy
same-origin
report-to
{"endpoints":[{"url":"/ad/vre"}],"group":"report-endpoint","max_age":86400}
server
cloudflare
strict-transport-security
max-age=86400; includeSubDomains; preload
surrogate-control
no-store
vary
accept-encoding
via
1.1 google
x-content-type-options
nosniff
x-download-options
noopen
x-xss-protection
1; mode=block
default.css
as.ad4m.at/ad/style/0.1.21/one-ad/ Frame BAF2 		84 KB
11 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://as.ad4m.at/ad/style/0.1.21/one-ad/default.css
Requested by
Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=188906%2C15579%2C14019&b=4KZUEf5fA9rXCGH9HdtAtMmkzTbSpTVXUK%2Cj4YCEfGfbB2aYHEH2t6tWmGaZSzTMGS9%2CxM7tQfAfbRKtPHdHztQtRMWU7S6TgxaA&f=rBZFQf9f3PRZHAH7HjtJCVBdRFYS8TGdtd%2CxM7tQfAfMxpsPHdHztDCqWgS7S6TgxaA%2CY97Frf3f9GMfVH9HetgCRVeUkS1TbJUr&c=728&d=90&e=&g=56ea9913dbf08ee45efaabdfea351ea7%2F17948389842677730135&i=75451%2C26474%2C21596&j=22%2C41%2C16&k=0&l=0&m=0&n=&p=&q=&o=adf_Netmix_Reach09_Mweb_KreiselDeal&r=1661216568676&h=https%3A%2F%2Ftrack.adform.net%2FC%2F%3Fbn%3D37104562%3Bcrtbwp%3D0.074838-uxdQnHF2lQEJAdULupjElawhbuXXKDvH0%3Bcrtbdata%3DM9-Z3hVKlYRKxUEL0ElfocjgRHedBHg2ef0GNRsc8peltd8aI1YbmGs5W22QUdBXMi95g1qXc7X4llom4nvcxIpm3AJPgcSSb3IRDH31pKk318h3KExEobsrkpnf8kPkGnhAt96TPb1EV3PoH3iK8-VcmtUnLZaG8GBQ6jzMNYga6vvGz7RJ9VK_XO0KT6NLigyuMOc5_7Qm0dcCNkpUTqqh1hsJb1lLHsUeW1F3wxGVOR-lTG9rcodX0EX7r43BWNxJ3JFWgHYWzpcFMu9_LWT0lQkXAT8x0%3Badfibeg%3D0%3Bcdata%3DuTUMTIKLg7ASc5x_H_hRK9NsrEmeQv7dv2IhAEIHs8T2WUmd6gqM49-yQr5Uwg8bJyGcorp7hXsNoAr1I6LcPvtyo_bT1dqtHDiC3SsNMbT94cYkuPdDRa4WrCE8ovGnzIQIhGdsVEJholTa4zbQ2VA_gM4f-k2E-t0Sgi-O6BY6OsOKllYCzjuOiLq4yCDS0%3B%3BCREFURL%3Dhttps%253a%252f%252fsecurityaffairs.co%252fwordpress%252f133736%252fmalware%252fdsirf-behind-subzero-malware.html%3BC%3D1%3Bcpdir%3D&y=1&s=&z=0
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a57b918c3515ced748a8b0d297202db9b15fefd82acfddaf11f977761407b2ad
Security Headers
Name Value
Strict-Transport-Security max-age=86400; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://as.ad4m.at/ad/rar?a=188906%2C15579%2C14019&b=4KZUEf5fA9rXCGH9HdtAtMmkzTbSpTVXUK%2Cj4YCEfGfbB2aYHEH2t6tWmGaZSzTMGS9%2CxM7tQfAfbRKtPHdHztQtRMWU7S6TgxaA&f=rBZFQf9f3PRZHAH7HjtJCVBdRFYS8TGdtd%2CxM7tQfAfMxpsPHdHztDCqWgS7S6TgxaA%2CY97Frf3f9GMfVH9HetgCRVeUkS1TbJUr&c=728&d=90&e=&g=56ea9913dbf08ee45efaabdfea351ea7%2F17948389842677730135&i=75451%2C26474%2C21596&j=22%2C41%2C16&k=0&l=0&m=0&n=&p=&q=&o=adf_Netmix_Reach09_Mweb_KreiselDeal&r=1661216568676&h=https%3A%2F%2Ftrack.adform.net%2FC%2F%3Fbn%3D37104562%3Bcrtbwp%3D0.074838-uxdQnHF2lQEJAdULupjElawhbuXXKDvH0%3Bcrtbdata%3DM9-Z3hVKlYRKxUEL0ElfocjgRHedBHg2ef0GNRsc8peltd8aI1YbmGs5W22QUdBXMi95g1qXc7X4llom4nvcxIpm3AJPgcSSb3IRDH31pKk318h3KExEobsrkpnf8kPkGnhAt96TPb1EV3PoH3iK8-VcmtUnLZaG8GBQ6jzMNYga6vvGz7RJ9VK_XO0KT6NLigyuMOc5_7Qm0dcCNkpUTqqh1hsJb1lLHsUeW1F3wxGVOR-lTG9rcodX0EX7r43BWNxJ3JFWgHYWzpcFMu9_LWT0lQkXAT8x0%3Badfibeg%3D0%3Bcdata%3DuTUMTIKLg7ASc5x_H_hRK9NsrEmeQv7dv2IhAEIHs8T2WUmd6gqM49-yQr5Uwg8bJyGcorp7hXsNoAr1I6LcPvtyo_bT1dqtHDiC3SsNMbT94cYkuPdDRa4WrCE8ovGnzIQIhGdsVEJholTa4zbQ2VA_gM4f-k2E-t0Sgi-O6BY6OsOKllYCzjuOiLq4yCDS0%3B%3BCREFURL%3Dhttps%253a%252f%252fsecurityaffairs.co%252fwordpress%252f133736%252fmalware%252fdsirf-behind-subzero-malware.html%3BC%3D1%3Bcpdir%3D&y=1&s=&z=0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 01:02:48 GMT
via
1.1 google
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0","include_subdomains":true}
age
309901
cross-origin-embedder-policy
unsafe-none
cf-polished
origSize=86749
surrogate-control
no-store
report-to
{"endpoints":[{"url":"/ad/vre"}],"group":"report-endpoint","max_age":86400}
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=86400; includeSubDomains; preload
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection
1; mode=block
pragma
no-cache
referrer-policy
same-origin
last-modified
Fri, 19 Aug 2022 10:57:47 GMT
server
cloudflare
cross-origin-opener-policy
unsafe-none
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
accept-encoding
x-download-options
noopen
content-type
text/css; charset=utf-8
expires
0
cache-control
max-age=3600, must-revalidate, proxy-revalidate
cf-ray
73efecc29b9a9107-FRA
cf-bgj
minify
D47CDCC9ED573A7F0FC36327ED81D34D2A7FA777C24CB1FAB8DA54E6096BD3354B83AFD196FFC0C0A80FA860C3BE4240952C98421D5A9707BD98799011452967
assets.ad4m.at/logo/ Frame BAF2 		17 KB
18 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.ad4m.at/logo/D47CDCC9ED573A7F0FC36327ED81D34D2A7FA777C24CB1FAB8DA54E6096BD3354B83AFD196FFC0C0A80FA860C3BE4240952C98421D5A9707BD98799011452967
Requested by
Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=188906%2C15579%2C14019&b=4KZUEf5fA9rXCGH9HdtAtMmkzTbSpTVXUK%2Cj4YCEfGfbB2aYHEH2t6tWmGaZSzTMGS9%2CxM7tQfAfbRKtPHdHztQtRMWU7S6TgxaA&f=rBZFQf9f3PRZHAH7HjtJCVBdRFYS8TGdtd%2CxM7tQfAfMxpsPHdHztDCqWgS7S6TgxaA%2CY97Frf3f9GMfVH9HetgCRVeUkS1TbJUr&c=728&d=90&e=&g=56ea9913dbf08ee45efaabdfea351ea7%2F17948389842677730135&i=75451%2C26474%2C21596&j=22%2C41%2C16&k=0&l=0&m=0&n=&p=&q=&o=adf_Netmix_Reach09_Mweb_KreiselDeal&r=1661216568676&h=https%3A%2F%2Ftrack.adform.net%2FC%2F%3Fbn%3D37104562%3Bcrtbwp%3D0.074838-uxdQnHF2lQEJAdULupjElawhbuXXKDvH0%3Bcrtbdata%3DM9-Z3hVKlYRKxUEL0ElfocjgRHedBHg2ef0GNRsc8peltd8aI1YbmGs5W22QUdBXMi95g1qXc7X4llom4nvcxIpm3AJPgcSSb3IRDH31pKk318h3KExEobsrkpnf8kPkGnhAt96TPb1EV3PoH3iK8-VcmtUnLZaG8GBQ6jzMNYga6vvGz7RJ9VK_XO0KT6NLigyuMOc5_7Qm0dcCNkpUTqqh1hsJb1lLHsUeW1F3wxGVOR-lTG9rcodX0EX7r43BWNxJ3JFWgHYWzpcFMu9_LWT0lQkXAT8x0%3Badfibeg%3D0%3Bcdata%3DuTUMTIKLg7ASc5x_H_hRK9NsrEmeQv7dv2IhAEIHs8T2WUmd6gqM49-yQr5Uwg8bJyGcorp7hXsNoAr1I6LcPvtyo_bT1dqtHDiC3SsNMbT94cYkuPdDRa4WrCE8ovGnzIQIhGdsVEJholTa4zbQ2VA_gM4f-k2E-t0Sgi-O6BY6OsOKllYCzjuOiLq4yCDS0%3B%3BCREFURL%3Dhttps%253a%252f%252fsecurityaffairs.co%252fwordpress%252f133736%252fmalware%252fdsirf-behind-subzero-malware.html%3BC%3D1%3Bcpdir%3D&y=1&s=&z=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ab284bb4630bba786de179717df91dbee93cc78defd7e6e8b116c82be1313a8d

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

x-goog-hash
crc32c=Br2Brw==, md5=hMyAjBI5uoUAEWWpA7ZhZw==
date
Tue, 23 Aug 2022 01:02:48 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
441292
cf-polished
qual=85, origFmt=jpeg, origSize=66696
x-guploader-uploadid
ADPycds9Rp6rqVgLeakTUKFwEV5I-jCkgCq7Xa_0Ulyz_XVKn5V9La2wrxS1uQtTZIob5fpPPTKCckrTrPu3XwtX6vtTjA
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
17556
last-modified
Mon, 09 May 2022 11:56:32 GMT
server
cloudflare
etag
"84cc808c1239ba85001165a903b66167"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CfyARljyi%2BE6by8nxlc%2Fw8enGBthaKzlp0kOp4HFM0Z1Lq8U0qA8sN%2FoojSjugyCNdx9RUH%2F61oc%2FHwhJAbivMmJC33W6PI61pjTs1fo28AWRws4or60P%2FtJk%2B2xqkltKsz2Ky01yoMK3wWk"}],"group":"cf-nel","max_age":604800}
x-goog-generation
1652097392526772
content-type
image/webp
expires
Wed, 24 Aug 2022 01:02:48 GMT
cache-control
public, max-age=86400
x-goog-stored-content-length
66696
accept-ranges
bytes
cf-ray
73efecc2b95dbc01-FRA
cf-bgj
imgq:85,h2pri
7558552568825531EDEE804B1F6882A532B8A70DBF2ACADD7C127BC7F1EEB9F636C6B7BC23251B7AF4A4A304A43566C99FB836C00491A9CBB644A1BAF96AD5AE
assets.ad4m.at/product_image/ Frame BAF2 		98 KB
99 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.ad4m.at/product_image/7558552568825531EDEE804B1F6882A532B8A70DBF2ACADD7C127BC7F1EEB9F636C6B7BC23251B7AF4A4A304A43566C99FB836C00491A9CBB644A1BAF96AD5AE
Requested by
Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=188906%2C15579%2C14019&b=4KZUEf5fA9rXCGH9HdtAtMmkzTbSpTVXUK%2Cj4YCEfGfbB2aYHEH2t6tWmGaZSzTMGS9%2CxM7tQfAfbRKtPHdHztQtRMWU7S6TgxaA&f=rBZFQf9f3PRZHAH7HjtJCVBdRFYS8TGdtd%2CxM7tQfAfMxpsPHdHztDCqWgS7S6TgxaA%2CY97Frf3f9GMfVH9HetgCRVeUkS1TbJUr&c=728&d=90&e=&g=56ea9913dbf08ee45efaabdfea351ea7%2F17948389842677730135&i=75451%2C26474%2C21596&j=22%2C41%2C16&k=0&l=0&m=0&n=&p=&q=&o=adf_Netmix_Reach09_Mweb_KreiselDeal&r=1661216568676&h=https%3A%2F%2Ftrack.adform.net%2FC%2F%3Fbn%3D37104562%3Bcrtbwp%3D0.074838-uxdQnHF2lQEJAdULupjElawhbuXXKDvH0%3Bcrtbdata%3DM9-Z3hVKlYRKxUEL0ElfocjgRHedBHg2ef0GNRsc8peltd8aI1YbmGs5W22QUdBXMi95g1qXc7X4llom4nvcxIpm3AJPgcSSb3IRDH31pKk318h3KExEobsrkpnf8kPkGnhAt96TPb1EV3PoH3iK8-VcmtUnLZaG8GBQ6jzMNYga6vvGz7RJ9VK_XO0KT6NLigyuMOc5_7Qm0dcCNkpUTqqh1hsJb1lLHsUeW1F3wxGVOR-lTG9rcodX0EX7r43BWNxJ3JFWgHYWzpcFMu9_LWT0lQkXAT8x0%3Badfibeg%3D0%3Bcdata%3DuTUMTIKLg7ASc5x_H_hRK9NsrEmeQv7dv2IhAEIHs8T2WUmd6gqM49-yQr5Uwg8bJyGcorp7hXsNoAr1I6LcPvtyo_bT1dqtHDiC3SsNMbT94cYkuPdDRa4WrCE8ovGnzIQIhGdsVEJholTa4zbQ2VA_gM4f-k2E-t0Sgi-O6BY6OsOKllYCzjuOiLq4yCDS0%3B%3BCREFURL%3Dhttps%253a%252f%252fsecurityaffairs.co%252fwordpress%252f133736%252fmalware%252fdsirf-behind-subzero-malware.html%3BC%3D1%3Bcpdir%3D&y=1&s=&z=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
be3506e558922d62b5e4e4cc432dc890cebdee4fb9779485d505fd8793fa469c

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

x-goog-hash
crc32c=/FFg7g==, md5=yCa4XLa+IMHmbKT39v1eGg==
date
Tue, 23 Aug 2022 01:02:48 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
443591
cf-polished
origFmt=png, origSize=164457
x-guploader-uploadid
ADPycdtdRkeqQVUvz0TxViURYh8X5Hi0w_afsQa7fEtFgX83O5nVjkRPHymn2QdEPvGFwlET9a247reIHY427dJKR0AfvmGzlY6w
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
100446
last-modified
Fri, 06 May 2022 08:44:45 GMT
server
cloudflare
etag
"c826b85cb6be20c1e66ca4f7f6fd5e1a"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=36cH9MWa160cvL%2FcR2tICRyoq1CX94vSTHPSfBht9Bq%2FKKa4WUjtfn0GtW4PXxPb17SW1P4%2Ftgu0PGlYNQYcFgeNr%2F%2F3E2zHRApT35%2BXme8QbYMKjaIK98bGM8aBdwDbvfIU44aeKOOMOgNU"}],"group":"cf-nel","max_age":604800}
x-goog-generation
1651826685474440
content-type
image/webp
expires
Wed, 24 Aug 2022 01:02:48 GMT
cache-control
public, max-age=86400
x-goog-stored-content-length
164457
accept-ranges
bytes
cf-ray
73efecc2b95ebc01-FRA
cf-bgj
imgq:85,h2pri
csp.php
vfd2dyn.vodafone.de/csp/ Frame BAF2
Redirect Chain
  • https://private.vodafone-affiliate.de/tpv.php?t=112510V1175122964M&cons=&subid=oneid4KZUEf5fA9rXCGH9HdtAtMmkzTbSpTVXUKoneid__adf_Netmix_Reach09_Mweb_KreiselDeal&gdpr_consent=&gdpr=0&gdpr_pd=0
  • https://m.exactag.com/ai.aspx?extCa=707&extTcm=AffDisPer12218C|NonCpoNon|fq0gen&url=http://vfd2dyn.vodafone.de/csp/csp.php?b_id=1744&r_id=htlp&aid=2022082303024875218107569X112510V1175122964MSoneid...
  • https://vfd2dyn.vodafone.de/csp/csp.php?b_id=1744&r_id=htlp&aid=2022082303024875218107569X112510V1175122964MSoneid4KZUEf5fA9rXCGH9HdtAtMmkzTbSpTVXUKoneid__adf_Netmix_Reach09_Mweb_KreiselDeal&affili...
0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://vfd2dyn.vodafone.de/csp/csp.php?b_id=1744&r_id=htlp&aid=2022082303024875218107569X112510V1175122964MSoneid4KZUEf5fA9rXCGH9HdtAtMmkzTbSpTVXUKoneid__adf_Netmix_Reach09_Mweb_KreiselDeal&affiliate=112510&VFAffID=12218&pid=12218&extProvId=315&extProvApi=129048&extPu=12218&extLi=112510&extPm=112510&extCr=WWWWW
Requested by
Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=188906%2C15579%2C14019&b=4KZUEf5fA9rXCGH9HdtAtMmkzTbSpTVXUK%2Cj4YCEfGfbB2aYHEH2t6tWmGaZSzTMGS9%2CxM7tQfAfbRKtPHdHztQtRMWU7S6TgxaA&f=rBZFQf9f3PRZHAH7HjtJCVBdRFYS8TGdtd%2CxM7tQfAfMxpsPHdHztDCqWgS7S6TgxaA%2CY97Frf3f9GMfVH9HetgCRVeUkS1TbJUr&c=728&d=90&e=&g=56ea9913dbf08ee45efaabdfea351ea7%2F17948389842677730135&i=75451%2C26474%2C21596&j=22%2C41%2C16&k=0&l=0&m=0&n=&p=&q=&o=adf_Netmix_Reach09_Mweb_KreiselDeal&r=1661216568676&h=https%3A%2F%2Ftrack.adform.net%2FC%2F%3Fbn%3D37104562%3Bcrtbwp%3D0.074838-uxdQnHF2lQEJAdULupjElawhbuXXKDvH0%3Bcrtbdata%3DM9-Z3hVKlYRKxUEL0ElfocjgRHedBHg2ef0GNRsc8peltd8aI1YbmGs5W22QUdBXMi95g1qXc7X4llom4nvcxIpm3AJPgcSSb3IRDH31pKk318h3KExEobsrkpnf8kPkGnhAt96TPb1EV3PoH3iK8-VcmtUnLZaG8GBQ6jzMNYga6vvGz7RJ9VK_XO0KT6NLigyuMOc5_7Qm0dcCNkpUTqqh1hsJb1lLHsUeW1F3wxGVOR-lTG9rcodX0EX7r43BWNxJ3JFWgHYWzpcFMu9_LWT0lQkXAT8x0%3Badfibeg%3D0%3Bcdata%3DuTUMTIKLg7ASc5x_H_hRK9NsrEmeQv7dv2IhAEIHs8T2WUmd6gqM49-yQr5Uwg8bJyGcorp7hXsNoAr1I6LcPvtyo_bT1dqtHDiC3SsNMbT94cYkuPdDRa4WrCE8ovGnzIQIhGdsVEJholTa4zbQ2VA_gM4f-k2E-t0Sgi-O6BY6OsOKllYCzjuOiLq4yCDS0%3B%3BCREFURL%3Dhttps%253a%252f%252fsecurityaffairs.co%252fwordpress%252f133736%252fmalware%252fdsirf-behind-subzero-malware.html%3BC%3D1%3Bcpdir%3D&y=1&s=&z=0
Protocol
H2
Server
3.69.216.1 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-69-216-1.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Redirect headers

Strict-Transport-Security
max-age=31536000
X-Content-Type-Options
nosniff
Access-Control-Allow-Origin
*
P3P
policyref="https://m.exactag.com/w3c/p3p.xml", CP="NOI NID STP STA CUR OUR"
cross-origin-resource-policy
cross-origin
Connection
close
X-ET-Monitoring
1
Content-Length
0
X-Xss-Protection
0
Pragma
no-cache
X-ET-Code
0
Last-Modified
Di, 23 Aug 2022 01:02:49 GMT
Server
Microsoft-IIS/8.5
Date
Tue, 23 Aug 2022 01:02:48 GMT
Access-Control-Max-Age
1000
Access-Control-Allow-Methods
POST, GET, OPTIONS
Content-Type
text/html; charset=iso-8859-1
Location
https://vfd2dyn.vodafone.de/csp/csp.php?b_id=1744&r_id=htlp&aid=2022082303024875218107569X112510V1175122964MSoneid4KZUEf5fA9rXCGH9HdtAtMmkzTbSpTVXUKoneid__adf_Netmix_Reach09_Mweb_KreiselDeal&affiliate=112510&VFAffID=12218&pid=12218&extProvId=315&extProvApi=129048&extPu=12218&extLi=112510&extPm=112510&extCr=WWWWW
Cache-Control
private
Access-Control-Allow-Credentials
true
X-ET-Camp
1756
Access-Control-Allow-Headers
*
Expires
Mon, 26 Jul 1997 05:00:00 GMT
E622BC9BD82AE6F51E341CE5BBC00C7BCEF1113266FC86A7954D357A123D68059FD32592A221C64F87EEABAF18D4698D5388E6B9CA984D807BB6BB7E4D07744E
assets.ad4m.at/logo/ Frame BAF2 		10 KB
10 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.ad4m.at/logo/E622BC9BD82AE6F51E341CE5BBC00C7BCEF1113266FC86A7954D357A123D68059FD32592A221C64F87EEABAF18D4698D5388E6B9CA984D807BB6BB7E4D07744E
Requested by
Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=188906%2C15579%2C14019&b=4KZUEf5fA9rXCGH9HdtAtMmkzTbSpTVXUK%2Cj4YCEfGfbB2aYHEH2t6tWmGaZSzTMGS9%2CxM7tQfAfbRKtPHdHztQtRMWU7S6TgxaA&f=rBZFQf9f3PRZHAH7HjtJCVBdRFYS8TGdtd%2CxM7tQfAfMxpsPHdHztDCqWgS7S6TgxaA%2CY97Frf3f9GMfVH9HetgCRVeUkS1TbJUr&c=728&d=90&e=&g=56ea9913dbf08ee45efaabdfea351ea7%2F17948389842677730135&i=75451%2C26474%2C21596&j=22%2C41%2C16&k=0&l=0&m=0&n=&p=&q=&o=adf_Netmix_Reach09_Mweb_KreiselDeal&r=1661216568676&h=https%3A%2F%2Ftrack.adform.net%2FC%2F%3Fbn%3D37104562%3Bcrtbwp%3D0.074838-uxdQnHF2lQEJAdULupjElawhbuXXKDvH0%3Bcrtbdata%3DM9-Z3hVKlYRKxUEL0ElfocjgRHedBHg2ef0GNRsc8peltd8aI1YbmGs5W22QUdBXMi95g1qXc7X4llom4nvcxIpm3AJPgcSSb3IRDH31pKk318h3KExEobsrkpnf8kPkGnhAt96TPb1EV3PoH3iK8-VcmtUnLZaG8GBQ6jzMNYga6vvGz7RJ9VK_XO0KT6NLigyuMOc5_7Qm0dcCNkpUTqqh1hsJb1lLHsUeW1F3wxGVOR-lTG9rcodX0EX7r43BWNxJ3JFWgHYWzpcFMu9_LWT0lQkXAT8x0%3Badfibeg%3D0%3Bcdata%3DuTUMTIKLg7ASc5x_H_hRK9NsrEmeQv7dv2IhAEIHs8T2WUmd6gqM49-yQr5Uwg8bJyGcorp7hXsNoAr1I6LcPvtyo_bT1dqtHDiC3SsNMbT94cYkuPdDRa4WrCE8ovGnzIQIhGdsVEJholTa4zbQ2VA_gM4f-k2E-t0Sgi-O6BY6OsOKllYCzjuOiLq4yCDS0%3B%3BCREFURL%3Dhttps%253a%252f%252fsecurityaffairs.co%252fwordpress%252f133736%252fmalware%252fdsirf-behind-subzero-malware.html%3BC%3D1%3Bcpdir%3D&y=1&s=&z=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a85b1179ca4ed7dc5ea897d1b565a69ccae8d2aad29dff7bb874da7d94538bff

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

x-goog-hash
crc32c=GwuURg==, md5=tDQuJ3xDqtnFAgoEVkv9Hg==
date
Tue, 23 Aug 2022 01:02:48 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
443549
cf-polished
qual=85, origFmt=jpeg, origSize=58124
x-guploader-uploadid
ADPycdvrDQVe-WrX1aRr7VuDl3VRkTp790P-SoBthP3QKjqgnmkBkJ2U2PI4N2wNwYWzFm9HbNQZ8k1Yey_3-LPHtNOS
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
9782
last-modified
Fri, 08 Jul 2022 10:19:52 GMT
server
cloudflare
etag
"b4342e277c43aad9c5020a04564bfd1e"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AskJAXfBAgOmR59NQvJjqEkii3yuYq3BAI2jr31scJInWze29f3xYrwGxjeYMoyL8GGa6gtxcRPu6S%2BLoHAm2l75EAjhKbLj28KcZsKLNPDiJ3wugo0dSGwBcnjIACue5brvj23X6AwmPLTd"}],"group":"cf-nel","max_age":604800}
x-goog-generation
1657275592908471
content-type
image/webp
expires
Wed, 24 Aug 2022 01:02:48 GMT
cache-control
public, max-age=86400
x-goog-stored-content-length
58124
accept-ranges
bytes
cf-ray
73efecc2b962bc01-FRA
cf-bgj
imgq:85,h2pri
CD344C7198208A9A5F740F476AC3F2335508D7627FCE5B0F39A1436D67E60AB1E86775C9CFAD06EEACFED0D65DCA993D91C20CCA09713249CF6834EEECD25F41
assets.ad4m.at/product_image/ Frame BAF2 		382 KB
383 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.ad4m.at/product_image/CD344C7198208A9A5F740F476AC3F2335508D7627FCE5B0F39A1436D67E60AB1E86775C9CFAD06EEACFED0D65DCA993D91C20CCA09713249CF6834EEECD25F41
Requested by
Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=188906%2C15579%2C14019&b=4KZUEf5fA9rXCGH9HdtAtMmkzTbSpTVXUK%2Cj4YCEfGfbB2aYHEH2t6tWmGaZSzTMGS9%2CxM7tQfAfbRKtPHdHztQtRMWU7S6TgxaA&f=rBZFQf9f3PRZHAH7HjtJCVBdRFYS8TGdtd%2CxM7tQfAfMxpsPHdHztDCqWgS7S6TgxaA%2CY97Frf3f9GMfVH9HetgCRVeUkS1TbJUr&c=728&d=90&e=&g=56ea9913dbf08ee45efaabdfea351ea7%2F17948389842677730135&i=75451%2C26474%2C21596&j=22%2C41%2C16&k=0&l=0&m=0&n=&p=&q=&o=adf_Netmix_Reach09_Mweb_KreiselDeal&r=1661216568676&h=https%3A%2F%2Ftrack.adform.net%2FC%2F%3Fbn%3D37104562%3Bcrtbwp%3D0.074838-uxdQnHF2lQEJAdULupjElawhbuXXKDvH0%3Bcrtbdata%3DM9-Z3hVKlYRKxUEL0ElfocjgRHedBHg2ef0GNRsc8peltd8aI1YbmGs5W22QUdBXMi95g1qXc7X4llom4nvcxIpm3AJPgcSSb3IRDH31pKk318h3KExEobsrkpnf8kPkGnhAt96TPb1EV3PoH3iK8-VcmtUnLZaG8GBQ6jzMNYga6vvGz7RJ9VK_XO0KT6NLigyuMOc5_7Qm0dcCNkpUTqqh1hsJb1lLHsUeW1F3wxGVOR-lTG9rcodX0EX7r43BWNxJ3JFWgHYWzpcFMu9_LWT0lQkXAT8x0%3Badfibeg%3D0%3Bcdata%3DuTUMTIKLg7ASc5x_H_hRK9NsrEmeQv7dv2IhAEIHs8T2WUmd6gqM49-yQr5Uwg8bJyGcorp7hXsNoAr1I6LcPvtyo_bT1dqtHDiC3SsNMbT94cYkuPdDRa4WrCE8ovGnzIQIhGdsVEJholTa4zbQ2VA_gM4f-k2E-t0Sgi-O6BY6OsOKllYCzjuOiLq4yCDS0%3B%3BCREFURL%3Dhttps%253a%252f%252fsecurityaffairs.co%252fwordpress%252f133736%252fmalware%252fdsirf-behind-subzero-malware.html%3BC%3D1%3Bcpdir%3D&y=1&s=&z=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
25cbb0598f62d55b16729065a0955ce9efcdfb096c7f11fec31e731dcfa11e8a

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

x-goog-hash
crc32c=d5mymQ==, md5=bWiWSMa0+LV8pKw7Fyjaew==
date
Tue, 23 Aug 2022 01:02:48 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
438037
cf-polished
origFmt=png, origSize=588465
x-guploader-uploadid
ADPycdvnCtQ1iBS4nW9kOcQXMISPPGXcgSELVWK0TvUddq6oJNpTyJSTdXuZiOIhPVrpncr79Whzn8Pqj9fokZw9xzTcD0QiTGXf
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
391402
last-modified
Fri, 22 Oct 2021 09:31:50 GMT
server
cloudflare
etag
"6d689648c6b4f8b57ca4ac3b1728da7b"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=okZcKinfvqKH%2BBuyNwh0U3fblyija7b%2FTKUgvZUeJp%2BiNLpZ4hI1%2FPvtWJ2m8rryNidaUE61n8zLuspyFMQL%2Fcw3YEpYFhimw84dglo3%2FEMiPdK1bmR82CeGBAxS1h425Gneh54FkD8%2BHNIt"}],"group":"cf-nel","max_age":604800}
x-goog-generation
1634895110632642
content-type
image/webp
expires
Wed, 24 Aug 2022 01:02:48 GMT
cache-control
public, max-age=86400
x-goog-stored-content-length
588465
accept-ranges
bytes
cf-ray
73efecc2b95fbc01-FRA
cf-bgj
imgq:85,h2pri
view.aspx
pb.media01.eu/ Frame BAF2
Redirect Chain
  • https://pv.medialead.de/trck/epv/2aed39855b5f46b7d90f959867be60f8?t=htlp&subid=oneidj4YCEfGfbB2aYHEH2t6tWmGaZSzTMGS9oneid__adf_Netmix_Reach09_Mweb_KreiselDeal&gdpr_consent=&gdpr=0&gdpr_pd=0
  • https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=57372&dt_subid2=oneidj4YCEfGfbB2aYHEH2t6tWmGaZSzTMGS9oneid__adf_Netmix_Reach09_Mweb_KreiselDeal&actionid=981741&pr...
0
628 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=57372&dt_subid2=oneidj4YCEfGfbB2aYHEH2t6tWmGaZSzTMGS9oneid__adf_Netmix_Reach09_Mweb_KreiselDeal&actionid=981741&produktid=&dt_url=
Requested by
Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=188906%2C15579%2C14019&b=4KZUEf5fA9rXCGH9HdtAtMmkzTbSpTVXUK%2Cj4YCEfGfbB2aYHEH2t6tWmGaZSzTMGS9%2CxM7tQfAfbRKtPHdHztQtRMWU7S6TgxaA&f=rBZFQf9f3PRZHAH7HjtJCVBdRFYS8TGdtd%2CxM7tQfAfMxpsPHdHztDCqWgS7S6TgxaA%2CY97Frf3f9GMfVH9HetgCRVeUkS1TbJUr&c=728&d=90&e=&g=56ea9913dbf08ee45efaabdfea351ea7%2F17948389842677730135&i=75451%2C26474%2C21596&j=22%2C41%2C16&k=0&l=0&m=0&n=&p=&q=&o=adf_Netmix_Reach09_Mweb_KreiselDeal&r=1661216568676&h=https%3A%2F%2Ftrack.adform.net%2FC%2F%3Fbn%3D37104562%3Bcrtbwp%3D0.074838-uxdQnHF2lQEJAdULupjElawhbuXXKDvH0%3Bcrtbdata%3DM9-Z3hVKlYRKxUEL0ElfocjgRHedBHg2ef0GNRsc8peltd8aI1YbmGs5W22QUdBXMi95g1qXc7X4llom4nvcxIpm3AJPgcSSb3IRDH31pKk318h3KExEobsrkpnf8kPkGnhAt96TPb1EV3PoH3iK8-VcmtUnLZaG8GBQ6jzMNYga6vvGz7RJ9VK_XO0KT6NLigyuMOc5_7Qm0dcCNkpUTqqh1hsJb1lLHsUeW1F3wxGVOR-lTG9rcodX0EX7r43BWNxJ3JFWgHYWzpcFMu9_LWT0lQkXAT8x0%3Badfibeg%3D0%3Bcdata%3DuTUMTIKLg7ASc5x_H_hRK9NsrEmeQv7dv2IhAEIHs8T2WUmd6gqM49-yQr5Uwg8bJyGcorp7hXsNoAr1I6LcPvtyo_bT1dqtHDiC3SsNMbT94cYkuPdDRa4WrCE8ovGnzIQIhGdsVEJholTa4zbQ2VA_gM4f-k2E-t0Sgi-O6BY6OsOKllYCzjuOiLq4yCDS0%3B%3BCREFURL%3Dhttps%253a%252f%252fsecurityaffairs.co%252fwordpress%252f133736%252fmalware%252fdsirf-behind-subzero-malware.html%3BC%3D1%3Bcpdir%3D&y=1&s=&z=0
Protocol
H2
Server
88.198.250.30 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.88-198-250-30.clients.your-server.de
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 01:02:47 GMT
x-aspnet-version
4.0.30319
x-powered-by
ASP.NET
p3p
policyref="https://pb.media01.eu/pb.media01.eu/p3p.xml", CP="NOI NID PSA OUR BUS NAV STA"
content-length
0
x-xss-protection
1; mode=block
pragma
no-cache
last-modified
Tue, 23 Aug 2022 03:02:48 GMT
server
Microsoft-IIS/10.0
access-control-allow-methods
GET,POST
content-type
text/html; charset=UTF-8
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
access-control-allow-headers
Content-Type, Content-Range, Content-Disposition, Content-Description, X-XSRF-TOKEN, X-Location
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

Date
Tue, 23 Aug 2022 01:02:48 GMT
Server
nginx/1.17.5
Host
pv.medialead.de
X-IPLB-Request-ID
515F0525:C0D4_91EFC182:01BB_63042738_200F669:1F22B
X-IPLB-Instance
40028
Strict-Transport-Security
max-age=15768000
Content-Type
application/javascript
Location
https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=57372&dt_subid2=oneidj4YCEfGfbB2aYHEH2t6tWmGaZSzTMGS9oneid__adf_Netmix_Reach09_Mweb_KreiselDeal&actionid=981741&produktid=&dt_url=
Keep-Alive
timeout=20
Content-Length
0
Proxy-Host
pv.medialead.de
CE11F4A269236C0AF074ADB7F1ADA1F8C472CD7AC3290EFBF4A7DADA0100B8792254D4F2CF871D3311E6317269487774B650CDD0B207BED389DBEA35CD2DBC8F
assets.ad4m.at/logo/ Frame BAF2 		16 KB
16 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.ad4m.at/logo/CE11F4A269236C0AF074ADB7F1ADA1F8C472CD7AC3290EFBF4A7DADA0100B8792254D4F2CF871D3311E6317269487774B650CDD0B207BED389DBEA35CD2DBC8F
Requested by
Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=188906%2C15579%2C14019&b=4KZUEf5fA9rXCGH9HdtAtMmkzTbSpTVXUK%2Cj4YCEfGfbB2aYHEH2t6tWmGaZSzTMGS9%2CxM7tQfAfbRKtPHdHztQtRMWU7S6TgxaA&f=rBZFQf9f3PRZHAH7HjtJCVBdRFYS8TGdtd%2CxM7tQfAfMxpsPHdHztDCqWgS7S6TgxaA%2CY97Frf3f9GMfVH9HetgCRVeUkS1TbJUr&c=728&d=90&e=&g=56ea9913dbf08ee45efaabdfea351ea7%2F17948389842677730135&i=75451%2C26474%2C21596&j=22%2C41%2C16&k=0&l=0&m=0&n=&p=&q=&o=adf_Netmix_Reach09_Mweb_KreiselDeal&r=1661216568676&h=https%3A%2F%2Ftrack.adform.net%2FC%2F%3Fbn%3D37104562%3Bcrtbwp%3D0.074838-uxdQnHF2lQEJAdULupjElawhbuXXKDvH0%3Bcrtbdata%3DM9-Z3hVKlYRKxUEL0ElfocjgRHedBHg2ef0GNRsc8peltd8aI1YbmGs5W22QUdBXMi95g1qXc7X4llom4nvcxIpm3AJPgcSSb3IRDH31pKk318h3KExEobsrkpnf8kPkGnhAt96TPb1EV3PoH3iK8-VcmtUnLZaG8GBQ6jzMNYga6vvGz7RJ9VK_XO0KT6NLigyuMOc5_7Qm0dcCNkpUTqqh1hsJb1lLHsUeW1F3wxGVOR-lTG9rcodX0EX7r43BWNxJ3JFWgHYWzpcFMu9_LWT0lQkXAT8x0%3Badfibeg%3D0%3Bcdata%3DuTUMTIKLg7ASc5x_H_hRK9NsrEmeQv7dv2IhAEIHs8T2WUmd6gqM49-yQr5Uwg8bJyGcorp7hXsNoAr1I6LcPvtyo_bT1dqtHDiC3SsNMbT94cYkuPdDRa4WrCE8ovGnzIQIhGdsVEJholTa4zbQ2VA_gM4f-k2E-t0Sgi-O6BY6OsOKllYCzjuOiLq4yCDS0%3B%3BCREFURL%3Dhttps%253a%252f%252fsecurityaffairs.co%252fwordpress%252f133736%252fmalware%252fdsirf-behind-subzero-malware.html%3BC%3D1%3Bcpdir%3D&y=1&s=&z=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7024493525030ecd098ce0dcb2f0aea839373775120b40580028137b1d125ac9

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

x-goog-hash
crc32c=kzpU3g==, md5=rZM0ZkUU2QCgw7dtF8qWDw==
date
Tue, 23 Aug 2022 01:02:48 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
439415
cf-polished
origFmt=png, origSize=39979
x-guploader-uploadid
ADPycduI9pzYtS2XMEgAuwqxJpxUYssOaJ_FX-FV14HHsHxYs6-RmaRvCIRKnRDRLoKK9_x9SK1o1g0N7npM3mc-Yd4ZWQpj5QW4
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
15996
last-modified
Wed, 22 Jan 2020 13:07:55 GMT
server
cloudflare
etag
"ad9334664514d900a0c3b76d17ca960f"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tsyHLpjh1qZafu6tEQE5iPJSEZtNqtF9sLLAn8eQSNiVUV8UQogxmuK1vBPU%2BLbSbGsdGZG1Xtz5a%2BUlI09XafF4OshuI87b2MJ%2B%2FLbkgaaAqSZ8yv0PA7cy59rDrzmM%2FCONRkII4S%2Bof65u"}],"group":"cf-nel","max_age":604800}
x-goog-generation
1579698475785088
content-type
image/webp
expires
Wed, 24 Aug 2022 01:02:48 GMT
cache-control
public, max-age=86400
x-goog-stored-content-length
39979
accept-ranges
bytes
cf-ray
73efecc2b960bc01-FRA
cf-bgj
imgq:85,h2pri
EC9093D4AF3799CF781B1E590A25D192F3BFBB8EF4C33117758FB5ADF524B34A287AF80FDD08D80A46541DEAE1FFA692B6F4CA688E7C199182253AEB01A2863C
assets.ad4m.at/product_image/ Frame BAF2 		222 KB
222 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.ad4m.at/product_image/EC9093D4AF3799CF781B1E590A25D192F3BFBB8EF4C33117758FB5ADF524B34A287AF80FDD08D80A46541DEAE1FFA692B6F4CA688E7C199182253AEB01A2863C
Requested by
Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=188906%2C15579%2C14019&b=4KZUEf5fA9rXCGH9HdtAtMmkzTbSpTVXUK%2Cj4YCEfGfbB2aYHEH2t6tWmGaZSzTMGS9%2CxM7tQfAfbRKtPHdHztQtRMWU7S6TgxaA&f=rBZFQf9f3PRZHAH7HjtJCVBdRFYS8TGdtd%2CxM7tQfAfMxpsPHdHztDCqWgS7S6TgxaA%2CY97Frf3f9GMfVH9HetgCRVeUkS1TbJUr&c=728&d=90&e=&g=56ea9913dbf08ee45efaabdfea351ea7%2F17948389842677730135&i=75451%2C26474%2C21596&j=22%2C41%2C16&k=0&l=0&m=0&n=&p=&q=&o=adf_Netmix_Reach09_Mweb_KreiselDeal&r=1661216568676&h=https%3A%2F%2Ftrack.adform.net%2FC%2F%3Fbn%3D37104562%3Bcrtbwp%3D0.074838-uxdQnHF2lQEJAdULupjElawhbuXXKDvH0%3Bcrtbdata%3DM9-Z3hVKlYRKxUEL0ElfocjgRHedBHg2ef0GNRsc8peltd8aI1YbmGs5W22QUdBXMi95g1qXc7X4llom4nvcxIpm3AJPgcSSb3IRDH31pKk318h3KExEobsrkpnf8kPkGnhAt96TPb1EV3PoH3iK8-VcmtUnLZaG8GBQ6jzMNYga6vvGz7RJ9VK_XO0KT6NLigyuMOc5_7Qm0dcCNkpUTqqh1hsJb1lLHsUeW1F3wxGVOR-lTG9rcodX0EX7r43BWNxJ3JFWgHYWzpcFMu9_LWT0lQkXAT8x0%3Badfibeg%3D0%3Bcdata%3DuTUMTIKLg7ASc5x_H_hRK9NsrEmeQv7dv2IhAEIHs8T2WUmd6gqM49-yQr5Uwg8bJyGcorp7hXsNoAr1I6LcPvtyo_bT1dqtHDiC3SsNMbT94cYkuPdDRa4WrCE8ovGnzIQIhGdsVEJholTa4zbQ2VA_gM4f-k2E-t0Sgi-O6BY6OsOKllYCzjuOiLq4yCDS0%3B%3BCREFURL%3Dhttps%253a%252f%252fsecurityaffairs.co%252fwordpress%252f133736%252fmalware%252fdsirf-behind-subzero-malware.html%3BC%3D1%3Bcpdir%3D&y=1&s=&z=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9bfc7d34cd8bc7df36a984d6f3da50799752e33c48bbf07a4a1ee959b51476d0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

x-goog-hash
crc32c=KioGiw==, md5=gsfeD0L/Vf3QrMB3MWZAMQ==
date
Tue, 23 Aug 2022 01:02:48 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
439272
cf-polished
origFmt=png, origSize=342797
x-guploader-uploadid
ADPycdtS9bEloiUoLUZo-opR_Bp7PfZmi2qQfgYBQMQo3om04r5Mi9z25kyQLP4qGJcacPAYcSeDCutv0SDVii0fTLT6zDwe23Lz
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
226950
last-modified
Wed, 15 Jun 2022 14:01:11 GMT
server
cloudflare
etag
"82c7de0f42ff55fdd0acc07731664031"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=x9AHtefYy%2BaPy4qd%2BJYOyQfAJ0mm0nuMQA8VFmjcM4rBJc8ihfdUMPrSNVb7%2FwLfa7DD%2BAOiaLmarVgeKGdpVatyD9d3%2B2wl95k40zwCnzCEJlhhGw5WN%2F0kjJp8gt0MTTQYIMXWxqf%2FjqzO"}],"group":"cf-nel","max_age":604800}
x-goog-generation
1655301671870263
content-type
image/webp
expires
Wed, 24 Aug 2022 01:02:48 GMT
cache-control
public, max-age=86400
x-goog-stored-content-length
342797
accept-ranges
bytes
cf-ray
73efecc2b961bc01-FRA
cf-bgj
imgq:85,h2pri
ztpv.php
www.conrad.de/ Frame BAF2
Redirect Chain
  • https://www.awin1.com/cshow.php?s=2470185&v=11354&q=377129&r=412871&pv=1&pref3=oneidxM7tQfAfbRKtPHdHztQtRMWU7S6TgxaAoneid__adf_Netmix_Reach09_Mweb_KreiselDeal&gdpr_consent=&gdpr=0&gdpr_pd=0
  • https://www.zenaps.com/cshow.php?pvr=4e58b220-227f-11ed-89c6-2237875fe73c&v=11354&r=412871&q=377129&s=2470185&viewref3=oneidxM7tQfAfbRKtPHdHztQtRMWU7S6TgxaAoneid__adf_Netmix_Reach09_Mweb_KreiselDea...
  • https://www.conrad.de/ztpv.php?awc=11354_412871_1661216568_4e58b220-227f-11ed-89c6-2237875fe73c&insert=AW&&gdpr=0&gdpr_consent=
0
727 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.conrad.de/ztpv.php?awc=11354_412871_1661216568_4e58b220-227f-11ed-89c6-2237875fe73c&insert=AW&&gdpr=0&gdpr_consent=
Requested by
Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=188906%2C15579%2C14019&b=4KZUEf5fA9rXCGH9HdtAtMmkzTbSpTVXUK%2Cj4YCEfGfbB2aYHEH2t6tWmGaZSzTMGS9%2CxM7tQfAfbRKtPHdHztQtRMWU7S6TgxaA&f=rBZFQf9f3PRZHAH7HjtJCVBdRFYS8TGdtd%2CxM7tQfAfMxpsPHdHztDCqWgS7S6TgxaA%2CY97Frf3f9GMfVH9HetgCRVeUkS1TbJUr&c=728&d=90&e=&g=56ea9913dbf08ee45efaabdfea351ea7%2F17948389842677730135&i=75451%2C26474%2C21596&j=22%2C41%2C16&k=0&l=0&m=0&n=&p=&q=&o=adf_Netmix_Reach09_Mweb_KreiselDeal&r=1661216568676&h=https%3A%2F%2Ftrack.adform.net%2FC%2F%3Fbn%3D37104562%3Bcrtbwp%3D0.074838-uxdQnHF2lQEJAdULupjElawhbuXXKDvH0%3Bcrtbdata%3DM9-Z3hVKlYRKxUEL0ElfocjgRHedBHg2ef0GNRsc8peltd8aI1YbmGs5W22QUdBXMi95g1qXc7X4llom4nvcxIpm3AJPgcSSb3IRDH31pKk318h3KExEobsrkpnf8kPkGnhAt96TPb1EV3PoH3iK8-VcmtUnLZaG8GBQ6jzMNYga6vvGz7RJ9VK_XO0KT6NLigyuMOc5_7Qm0dcCNkpUTqqh1hsJb1lLHsUeW1F3wxGVOR-lTG9rcodX0EX7r43BWNxJ3JFWgHYWzpcFMu9_LWT0lQkXAT8x0%3Badfibeg%3D0%3Bcdata%3DuTUMTIKLg7ASc5x_H_hRK9NsrEmeQv7dv2IhAEIHs8T2WUmd6gqM49-yQr5Uwg8bJyGcorp7hXsNoAr1I6LcPvtyo_bT1dqtHDiC3SsNMbT94cYkuPdDRa4WrCE8ovGnzIQIhGdsVEJholTa4zbQ2VA_gM4f-k2E-t0Sgi-O6BY6OsOKllYCzjuOiLq4yCDS0%3B%3BCREFURL%3Dhttps%253a%252f%252fsecurityaffairs.co%252fwordpress%252f133736%252fmalware%252fdsirf-behind-subzero-malware.html%3BC%3D1%3Bcpdir%3D&y=1&s=&z=0
Protocol
H2
Server
2606:4700::6812:7e05 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 23 Aug 2022 01:02:49 GMT
via
1.1 varnish (Varnish/6.6)
cf-cache-status
DYNAMIC
server
cloudflare
age
0
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15552000
p3p
policyref="http://www.conrad.de/w3c/p3p.xml", CP="NOI NID STP STA CUR OUR"
content-type
text/html; charset=UTF-8
content-encoding
br
cache-control
no-cache
x-varnish
501367891
server-timing
intid;desc=ba38db99b32b83e9
cf-ray
73efecc53fbf9280-FRA
expires
-1

Redirect headers

Date
Tue, 23 Aug 2022 01:02:49 GMT
Strict-Transport-Security
max-age=86400
P3P
policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Location
https://www.conrad.de/ztpv.php?awc=11354_412871_1661216568_4e58b220-227f-11ed-89c6-2237875fe73c&insert=AW&&gdpr=0&gdpr_consent=
Awin-Akamai-Rule-Set
default
Node
Helix
Connection
keep-alive
Content-Length
0
vtr.php
served-by.pixfuture.com/www/headerbid/library/tracking/ 		0
309 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://served-by.pixfuture.com/www/headerbid/library/tracking/vtr.php
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

pragma
no-cache
date
Tue, 23 Aug 2022 01:02:48 GMT
server
nginx/1.10.3 (Ubuntu)
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
cache-control
max-age=172800
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
expires
Thu, 25 Aug 2022 01:02:48 GMT
pixel.gif
px.moatads.com/ 		43 B
274 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=0&q=0&hp=1&wf=1&ra=1&sgs=3&vb=-1&kq=1&lo=1&uk=null&pk=0&wk=1&rk=1&tk=0&ak=https%3A%2F%2Fas.ad4m.at%2Fad%2Frar%3Fa%3D188906%252C15579%252C14019%26b%3D4KZUEf5fA9rXCGH9HdtAtMmkzTbSpTVXUK%252Cj4YCEfGfbB2aYHEH2t6tWmGaZSzTMGS9%252CxM7tQfAfbRKtPHdHztQtRMWU7S6TgxaA%26f%3DrBZFQf9f3PRZHAH7HjtJCVBdRFYS8TGdtd%252CxM7tQfAfMxpsPHdHztDCqWgS7S6TgxaA%252CY97Frf3f9GMfVH9HetgCRVeUkS1TbJUr%26c%3D728%26d%3D90%26e%3D%26g%3D56ea9913dbf08ee45efaabdfea351ea7%252F17948389842677730135%26i%3D75451%252C26474%252C21596%26j%3D22%252C41%252C16%26k%3D0%26l%3D0%26m%3D0%26n%3D%26p%3D%26q%3D%26o%3Dadf_Netmix_Reach09_Mweb_KreiselDeal%26r%3D1661216568676%26h%3Dhttps%253A%252F%252Ftrack.adform.net%252FC%252F%253Fbn%253D37104562%253Bcrtbwp%253D0.074838-uxdQnHF2lQEJAdULupjElawhbuXXKDvH0%253Bcrtbdata%253DM9-Z3hVKlYRKxUEL0ElfocjgRHedBHg2ef0GNRsc8peltd8aI1YbmGs5W22QUdBXMi95g1qXc7X4llom4nvcxIpm3AJPgcSSb3IRDH31pKk318h3KExEobsrkpnf8kPkGnhAt96TPb1EV3PoH3iK8-VcmtUnLZaG8GBQ6jzMNYga6vvGz7RJ9VK_XO0KT6NLigyuMOc5_7Qm0dcCNkpUTqqh1hsJb1lLHsUeW1F3wxGVOR-lTG9rcodX0EX7r43BWNxJ3JFWgHYWzpcFMu9_LWT0lQkXAT8x0%253Badfibeg%253D0%253Bcdata%253DuTUMTIKLg7ASc5x_H_hRK9NsrEmeQv7dv2IhAEIHs8T2WUmd6gqM49-yQr5Uwg8bJyGcorp7hXsNoAr1I6LcPvtyo_bT1dqtHDiC3SsNMbT94cYkuPdDRa4WrCE8ovGnzIQIhGdsVEJholTa4zbQ2VA_gM4f-k2E-t0Sgi-O6BY6OsOKllYCzjuOiLq4yCDS0%253B%253BCREFURL%253Dhttps%25253a%25252f%25252fsecurityaffairs.co%25252fwordpress%25252f133736%25252fmalware%25252fdsirf-behind-subzero-ma&i=EMX_SSP_DISPLAY1&ol=1549293663&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2Fz(lKm3GFlNUU%2Cu%5Bh_GcS%25%5BHvLU%5B4(K%2B%7BgeFWl_%3DNqUXR%3A%3D%2BAxMn%3Ch%2CyenA8p%2FHm%24%60%233P(ry5*ZRocMp1tq%5BN%7Bq%60RP%3CG.ceFW%7CoG%22mxT%3Bwv%40V374BKm55%3D%261fp%5BoU5t(Kc%2CC%24%3D!!tmxgk3M%5EIz%5D6WAJN3NZ_h)G%3E3%5D*lTr1W*d%5B4kf%2FLyUoRdByZ%3CPnKMV%25%3C%2Cbq.%22oDOk%2Cz%25GY&tf=1_nMzjG---CSa7H-nHVQZC-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=0%2C1%2C0%2C3%2C3326192205%2C1%2C4%2C0%2Cprobably%2Cprobably&rb=1-EpoJRKfKKwuoQf5FQ6VoADQFd0C73LuhfDBJf6raYEJYmkDpFPmliBNlAlwWxmRnpyWz&rs=1-9jTEEAlWe0wLgg%3D%3D&sc=1&os=1-RA%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MxOtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJfR0BqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=0&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&ql=%3B%5BpwxnRd%7Dt%3Aal9EU%22y%2F.D%5B5%2F%5BGI%3Fi6%5EB61%2F%3DSqcMr1%7B%2CTu9LJJ(a.P%2B)s1(uA&qo=0&qr=0&bq=0&g=0&h=90&w=728&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&fy=0&gp=0&zGSRC=1&gu=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F133736%2Fmalware%2Fdsirf-behind-subzero-malware.html&id=1&ii=4&f=0&j=&t=1661216568513&de=797057097966&cu=1661216568513&m=565&ar=1da355aa18f-clean&iw=43787e0&cb=0&ym=0&ll=3&lm=0&ln=1&gh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=4700&le=1&gm=1&io=1&ch=0&vv=1&vw=1%3A3%3A0&vp=100&vx=100%3A-%3A-&pe=1%3A2485%3A2596%3A2730%3A2491&as=0&ag=76&an=0&gf=76&gg=0&ix=76&ic=76&ez=1&aj=1&pg=100&pf=0&ib=0&cc=0&bw=76&bx=0&dj=1&aa=0&ad=0&cn=0&gk=0&gl=0&ik=0&im=0&in=0&pd=0&em=0&en=0&st=1&su=1&of=1&oz=1&oe=0%3A0%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=151&cd=0&ah=151&am=0&xd=00&rf=0&re=0&wb=1&cl=0&at=0&d=1323%3A9508%3A82818%3Aundefined&bo=securityaffairs.co&bp=&bd=&gw=emxsspdisplay905071498485&zMoatOrigSlicer1=securityaffairs.co&zMoatOrigSlicer2=N%2FA&hv=findIframeAds&ab=2&fd=1&kt=strict&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&ti=0&ih=2&tc=0&fs=199703&na=1388105754&cs=0
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.47.209.169 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-47-209-169.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

unused62
8096267
date
Tue, 23 Aug 2022 01:02:49 GMT
last-modified
Fri, 20 May 2016 15:16:00 GMT
server
AkamaiNetStorage
etag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type
image/gif
pragma
no-cache
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
43
expires
Tue, 23 Aug 2022 01:02:49 GMT
/
imp.emxdgt.com/view/ Frame 9CBF 		0
129 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://imp.emxdgt.com/view/?cp=0.06960&ts=1661216563&seat=70&w=728&h=90&pb=0.05568&sid=9508&tid=82818&pid=1323&uid=68411661216562783682f1&wid=21&dom=securityaffairs.co&tp=0.06960&mt=1&dt=2&st=1&os=&ip=81.95.5.37&sz=&country=DE&region=BY&city=Hof&zip=&dma=&agency_id=&cluster=euro-hb&browser=chrome&rf=securityaffairs.co&data_fee_type=&data_fee=0&clstr_nm=header-bidding-euro-4&ua=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/104.0.5112.101%20Safari/537.36&make=&ifa=&adom=ad4m.at&cat=3&gdpr=1&crid=70_37104562&burlv2=aHR0cHMlM0ElMkYlMkZnaGVudC1hd3MtZnIuYmlkc3dpdGNoLm5ldCUyRndpbl9ub3RpY2UlMkZlbXhkaWdpdGFsX2JpZCUzRnJpZCUzRE1mRWdLMnhPSFJRSW42aEFJLXo3V1FHU216RjBQWG1pUG82aVV5WHNUc2RWamdVQmZHR24wNi1ycE4xb3Y3bUVFR2trV3dxanVKUVJHcFNqY2Y0a0pxbkxvak0yUGJ5T09ESk9HUGVmNVFEeFg0TFpDREdlM2duUzM2OHBhb2RVYUI1NUpsaDhnbFpPQnBoejNVQ21mZHhmYVNTM29XOGJnWlVXZDdqLThVTjgtTGFUd1puOVVnbVhzWFI3VWJIMUtwbUtnUnFmOUFELTBmOV8tbzBKLXRzMWw2MnRPWjgyNWVHWnpmLTlTSVBaNHpqMWQ0RlBsdkVqbWxYcHZLNF9MN0VYNkRMaEhPNXVnZXQycVdYRWJEbzg4UWRoTDVNcG9idXFqb1NZS0c2YlNDbWtFWUxSRDN4OGxSUEJwWVN5SHJRbUdEZUliYUhCNzZMdVRpOHRxSkNlbDlmYzFTMk9teTNJRGlEV2NLQVk5WGNneTNfTmxCYzQxRlhPZE1meGVyX0tpRjhSUjZvbG5jRkpfMmVVT2xuaUJRSThtVXd4QUdfamVIdktmbUk2Vlp5eTM3WHIwMHBFektvMXdaT1p3UjlKM2RlVDdiTXJzSTJRTlpIY1FELWdaanFPNS1tU1NHR3JRbDAyS3BEYUpCbm43TGJBN0ZFYVBmVktiN2xWWlhXQnFUczhYOUJQYVo0c1VfWWVuMkU2R1NiaTlCUFBnTGwyWUp5WUs2bko4Z3FRekxDYWZZTlRRN0hhbGU2YlVNR3VNaTd1TncwVXJmdzBzMXZrY0lXR3NtdVlGNjNoRm95UTl6ODRObElFWVJPNDRhZkNWOEtjQTgwU0pMN284RTJDbEp1dVVaSjBXT1phYnRudk5aWVFVZUJWdXZJQ3J4ekczT2dGZU02cHBQU3B0VUNYcUVHempZdnBPeXBBcDU5NUVKdWVqbFRQZmhIUE1MVUpSanpnb3p6dURFVUFobUN0bjMzTlc4UDR0V3dRbU5IUlhsX1hPdXBvYmkzSlZUX2ROVHg4RmxMT0JySzN4SXpKb2JGZ2FxNmRNbU92NEFtVTdMT0xQV2RHbG5sMEpzTHFsc1dLN2RZb3NrV0lFQnEyM2JDS2I2Wm15WGE1d2c4ZjdqZTlyTHJfREVGZjhOWTVWN2RkVW9hRGhfWmpEdU13MGJUNTFkclFiZU9xZHdITEVhb19pQ0pVWW5NcWxlczJ4ekx5Uy0tZDVfWjNTSDFCU1dTa0Roa1BaRWVkWlFkQktRUVhnSmslMjZwJTNEJTI0JTdCRU1YX0JVUkwlN0QlMjZhaWQlM0Q=
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
3.234.101.191 -, , ASN (),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Date
Tue, 23 Aug 2022 01:02:49 GMT
Connection
Keep-Alive
Content-Length
0
Content-Type
text/javscript
pixel.gif
px.moatads.com/ 		43 B
274 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=37&q=0&hp=1&wf=1&ra=1&sgs=3&vb=-1&kq=1&lo=1&uk=null&pk=0&wk=1&rk=1&tk=0&ak=-&i=EMX_SSP_DISPLAY1&ol=1549293663&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2Fz(lKm3GFlNUU%2Cu%5Bh_GcS%25%5BHvLU%5B4(K%2B%7BgeFWl_%3DNqUXR%3A%3D%2BAxMn%3Ch%2CyenA8p%2FHm%24%60%233P(ry5*ZRocMp1tq%5BN%7Bq%60RP%3CG.ceFW%7CoG%22mxT%3Bwv%40V374BKm55%3D%261fp%5BoU5t(Kc%2CC%24%3D!!tmxgk3M%5EIz%5D6WAJN3NZ_h)G%3E3%5D*lTr1W*d%5B4kf%2FLyUoRdByZ%3CPnKMV%25%3C%2Cbq.%22oDOk%2Cz%25GY&tf=1_nMzjG---CSa7H-nHVQZC-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=0%2C1%2C0%2C3%2C3326192205%2C1%2C4%2C0%2Cprobably%2Cprobably&rb=1-EpoJRKfKKwuoQf5FQ6VoADQFd0C73LuhfDBJf6raYEJYmkDpFPmliBNlAlwWxmRnpyWz&rs=1-9jTEEAlWe0wLgg%3D%3D&sc=1&os=1-RA%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MxOtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJfR0BqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=0&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&ql=%3B%5BpwxnRd%7Dt%3Aal9EU%22y%2F.D%5B5%2F%5BGI%3Fi6%5EB61%2F%3DSqcMr1%7B%2CTu9LJJ(a.P%2B)s1(uA&qo=0&qr=0&vf=1&vg=100&bq=0&g=1&h=90&w=728&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&fy=0&gp=0&zGSRC=1&gu=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F133736%2Fmalware%2Fdsirf-behind-subzero-malware.html&id=1&ii=4&f=0&j=&t=1661216568513&de=797057097966&cu=1661216568513&m=1613&ar=1da355aa18f-clean&iw=43787e0&cb=0&ym=0&ll=3&lm=0&ln=1&gh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=4700&le=1&gm=1&io=1&ch=0&vv=1&vw=1%3A3%3A0&vp=100&vx=100%3A100%3A-&pe=1%3A2485%3A2596%3A2730%3A2491&as=1&ag=1132&an=76&gi=1&gf=1132&gg=76&ix=1132&ic=1132&ez=1&ck=1132&kw=1006&aj=1&pg=100&pf=100&ib=0&cc=1&bw=1132&bx=76&ci=1132&jz=1006&dj=1&aa=1&ad=1032&cn=0&gn=1&gk=1032&gl=0&ik=1032&co=1032&cp=1006&cq=1&im=1&in=1&pd=1&nb=1&em=0&en=0&st=1&su=1&of=1&oz=1&oe=1%3A1%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=1006&cd=151&ah=1006&am=151&xd=00&rf=0&re=0&wb=1&cl=0&at=0&d=1323%3A9508%3A82818%3Aundefined&bo=securityaffairs.co&bp=&bd=&gw=emxsspdisplay905071498485&zMoatOrigSlicer1=securityaffairs.co&zMoatOrigSlicer2=N%2FA&hv=findIframeAds&ab=2&fd=1&kt=strict&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&ti=0&ih=2&tc=0&fs=199703&na=96959717&cs=0
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.47.209.169 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-47-209-169.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

unused62
8096267
date
Tue, 23 Aug 2022 01:02:50 GMT
last-modified
Fri, 20 May 2016 15:16:00 GMT
server
AkamaiNetStorage
etag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type
image/gif
pragma
no-cache
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
43
expires
Tue, 23 Aug 2022 01:02:50 GMT
pixel.gif
px.moatads.com/ 		43 B
274 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=5&q=0&hp=1&wf=1&ra=1&sgs=3&vb=-1&kq=1&lo=1&uk=null&pk=0&wk=1&rk=1&tk=0&ak=-&i=EMX_SSP_DISPLAY1&ol=1549293663&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2Fz(lKm3GFlNUU%2Cu%5Bh_GcS%25%5BHvLU%5B4(K%2B%7BgeFWl_%3DNqUXR%3A%3D%2BAxMn%3Ch%2CyenA8p%2FHm%24%60%233P(ry5*ZRocMp1tq%5BN%7Bq%60RP%3CG.ceFW%7CoG%22mxT%3Bwv%40V374BKm55%3D%261fp%5BoU5t(Kc%2CC%24%3D!!tmxgk3M%5EIz%5D6WAJN3NZ_h)G%3E3%5D*lTr1W*d%5B4kf%2FLyUoRdByZ%3CPnKMV%25%3C%2Cbq.%22oDOk%2Cz%25GY&tf=1_nMzjG---CSa7H-nHVQZC-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=0%2C1%2C0%2C3%2C3326192205%2C1%2C4%2C0%2Cprobably%2Cprobably&rb=1-EpoJRKfKKwuoQf5FQ6VoADQFd0C73LuhfDBJf6raYEJYmkDpFPmliBNlAlwWxmRnpyWz&rs=1-9jTEEAlWe0wLgg%3D%3D&sc=1&os=1-RA%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MxOtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJfR0BqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=0&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&ql=%3B%5BpwxnRd%7Dt%3Aal9EU%22y%2F.D%5B5%2F%5BGI%3Fi6%5EB61%2F%3DSqcMr1%7B%2CTu9LJJ(a.P%2B)s1(uA&qo=0&qr=0&vf=1&vg=100&bq=0&g=2&h=90&w=728&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&fy=0&gp=0&zGSRC=1&gu=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F133736%2Fmalware%2Fdsirf-behind-subzero-malware.html&id=1&ii=4&f=0&j=&t=1661216568513&de=797057097966&cu=1661216568513&m=1614&ar=1da355aa18f-clean&iw=43787e0&cb=0&ym=0&ll=3&lm=0&ln=1&gh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=4700&le=1&gm=1&io=1&ch=0&vv=1&vw=1%3A3%3A0&vp=100&vx=100%3A100%3A-&pe=1%3A2485%3A2596%3A2730%3A2491&as=1&ag=1132&an=1132&gi=1&gf=1132&gg=1132&ix=1132&ic=1132&ez=1&ck=1132&kw=1006&aj=1&pg=100&pf=100&ib=0&cc=1&bw=1132&bx=1132&ci=1132&jz=1006&dj=1&aa=1&ad=1032&cn=1032&gn=1&gk=1032&gl=1032&ik=1032&co=1032&cp=1006&cq=1&im=1&in=1&pd=1&nb=1&em=0&en=0&st=1&su=1&of=1&oz=1&oe=1%3A1%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=1006&cd=1006&ah=1006&am=1006&xd=00&rf=0&re=0&wb=1&cl=0&at=0&d=1323%3A9508%3A82818%3Aundefined&bo=securityaffairs.co&bp=&bd=&gw=emxsspdisplay905071498485&zMoatOrigSlicer1=securityaffairs.co&zMoatOrigSlicer2=N%2FA&hv=findIframeAds&ab=2&fd=1&kt=strict&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&ti=0&ih=2&tc=0&fs=199703&na=1082231034&cs=0
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.47.209.169 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-47-209-169.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

unused62
8096267
date
Tue, 23 Aug 2022 01:02:50 GMT
last-modified
Fri, 20 May 2016 15:16:00 GMT
server
AkamaiNetStorage
etag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type
image/gif
pragma
no-cache
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
43
expires
Tue, 23 Aug 2022 01:02:50 GMT
pixel.gif
px.moatads.com/ 		43 B
274 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=37&q=1&hp=1&wf=1&ra=1&sgs=3&vb=-1&kq=1&lo=1&uk=null&pk=0&wk=1&rk=1&tk=0&ak=-&i=EMX_SSP_DISPLAY1&ol=1549293663&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2Fz(lKm3GFlNUU%2Cu%5Bh_GcS%25%5BHvLU%5B4(K%2B%7BgeFWl_%3DNqUXR%3A%3D%2BAxMn%3Ch%2CyenA8p%2FHm%24%60%233P(ry5*ZRocMp1tq%5BN%7Bq%60RP%3CG.ceFW%7CoG%22mxT%3Bwv%40V374BKm55%3D%261fp%5BoU5t(Kc%2CC%24%3D!!tmxgk3M%5EIz%5D6WAJN3NZ_h)G%3E3%5D*lTr1W*d%5B4kf%2FLyUoRdByZ%3CPnKMV%25%3C%2Cbq.%22oDOk%2Cz%25GY&tf=1_nMzjG---CSa7H-nHVQZC-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=0%2C1%2C0%2C3%2C3326192205%2C1%2C4%2C0%2Cprobably%2Cprobably&rb=1-EpoJRKfKKwuoQf5FQ6VoADQFd0C73LuhfDBJf6raYEJYmkDpFPmliBNlAlwWxmRnpyWz&rs=1-9jTEEAlWe0wLgg%3D%3D&sc=1&os=1-RA%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MxOtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJfR0BqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=0&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&ql=%3B%5BpwxnRd%7Dt%3Aal9EU%22y%2F.D%5B5%2F%5BGI%3Fi6%5EB61%2F%3DSqcMr1%7B%2CTu9LJJ(a.P%2B)s1(uA&qo=0&qr=0&vf=1&vg=100&bq=0&g=3&h=90&w=728&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&fy=0&gp=0&zGSRC=1&gu=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F133736%2Fmalware%2Fdsirf-behind-subzero-malware.html&id=1&ii=4&f=0&j=&t=1661216568513&de=797057097966&cu=1661216568513&m=1615&ar=1da355aa18f-clean&iw=43787e0&cb=0&ym=0&ll=3&lm=0&ln=1&gh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=4700&le=1&gm=1&io=1&ch=0&vv=1&vw=1%3A3%3A0&vp=100&vx=100%3A100%3A-&pe=1%3A2485%3A2596%3A2730%3A2491&as=1&ag=1132&an=1132&gi=1&gf=1132&gg=1132&ix=1132&ic=1132&ez=1&ck=1132&kw=1006&aj=1&pg=100&pf=100&ib=0&cc=1&bw=1132&bx=1132&ci=1132&jz=1006&dj=1&aa=1&ad=1032&cn=1032&gn=1&gk=1032&gl=1032&ik=1032&co=1032&cp=1006&cq=1&im=1&in=1&pd=1&nb=1&em=0&en=0&st=1&su=1&of=1&oz=1&oe=1%3A1%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=1006&cd=1006&ah=1006&am=1006&xd=00&rf=0&re=0&wb=1&cl=0&at=0&d=1323%3A9508%3A82818%3Aundefined&bo=securityaffairs.co&bp=&bd=&gw=emxsspdisplay905071498485&zMoatOrigSlicer1=securityaffairs.co&zMoatOrigSlicer2=N%2FA&hv=findIframeAds&ab=2&fd=1&kt=strict&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&ti=0&ih=2&tc=0&fs=199703&na=1523385756&cs=0
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.47.209.169 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-47-209-169.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

unused62
8096267
date
Tue, 23 Aug 2022 01:02:50 GMT
last-modified
Fri, 20 May 2016 15:16:00 GMT
server
AkamaiNetStorage
etag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type
image/gif
pragma
no-cache
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
43
expires
Tue, 23 Aug 2022 01:02:50 GMT
/
track.adform.net/serving/unload/ Frame 9CBF 		35 B
470 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://track.adform.net/serving/unload/?version=15&unload=5811457281666223727@@37104562,6466233863768564937,100|1100|0|0|0|0|0|0|0||38|0|||||1|0|0|sf_Z6kZLdR648M5tcwHHbeRu7VCMUfeRELV5wljFk5uI7Lhwl_UMLhhpnBRkvb3lA7z_uuw_WOM1|||11|0|0
Requested by
Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.2.234 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Tue, 23 Aug 2022 01:02:50 GMT
server
nginx
access-control-max-age
86400
access-control-allow-methods
GET, POST
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
https://securityaffairs.co
cache-control
no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
access-control-allow-headers
Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
expires
-1

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
fonts.googleapis.com
URL
http://fonts.googleapis.com/css?family=Roboto+Condensed%3A400italic%2C700italic%2C400%2C700&subset=latin%2Ccyrillic-ext%2Cgreek-ext%2Cgreek%2Ccyrillic%2Clatin-ext%2Cvietnamese&ver=a27a5f2dbcd76fca02b031770446541d
Domain
fonts.googleapis.com
URL
http://fonts.googleapis.com/css?family=Lato%3A400%2C700%2C400italic%2C700italic&ver=a27a5f2dbcd76fca02b031770446541d
Domain
fonts.googleapis.com
URL
http://fonts.googleapis.com/css?family=Playfair+Display%3A400%2C700%2C400italic&subset=latin%2Ccyrillic-ext%2Cgreek-ext%2Ccyrillic&ver=a27a5f2dbcd76fca02b031770446541d
Domain
fonts.googleapis.com
URL
http://fonts.googleapis.com/css?family=Oswald%3A400%2C700%2C400italic&subset=latin%2Ccyrillic-ext%2Cgreek-ext%2Ccyrillic&ver=a27a5f2dbcd76fca02b031770446541d
Domain
api.rlcdn.com
URL
https://api.rlcdn.com/api/identity/envelope?pid=c2d18b01-4905-4aba-a83e-e41eac932694
Domain
ssc.33across.com
URL
https://ssc.33across.com/api/v1/hb?guid=azC7qard4r6OkMaKlId8sQ
Domain
ssc.33across.com
URL
https://ssc.33across.com/api/v1/hb?guid=azC7qard4r6OkMaKlId8sQ
Domain
ssc.33across.com
URL
https://ssc.33across.com/api/v1/hb?guid=azC7qard4r6OkMaKlId8sQ
Domain
ssc.33across.com
URL
https://ssc.33across.com/api/v1/hb?guid=azC7qard4r6OkMaKlId8sQ
Domain
sync-tm.everesttech.net
URL
https://sync-tm.everesttech.net/upi/pid/cQZGoH6Q?redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D876%26env%3DmWeb%26cid%3D${TM_USER_ID}%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3D657abbc5-c17d-4d8c-74f1-339b1274ef87%26reqId%3Df1a1bbda-0dfa-440c-7176-83ea04198e9a%26zdid%3D1361
Domain
pagead2.googlesyndication.com
URL
https://pagead2.googlesyndication.com/pagead/show_ads.js

Verdicts & Comments Add Verdict or Comment

117 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| 6 object| 7 object| 8 object| 9 object| 10 object| 11 object| 12 object| 13 object| 14 object| 15 object| 16 object| 17 object| 18 object| 19 object| 20 object| 21 object| 22 object| 23 object| 24 object| 25 object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation object| _wpemojiSettings undefined| $ function| jQuery object| Cli_Data object| cli_cookiebar_settings object| log_object object| CLI_Cookie object| CLI object| cliBlocker string| CLI_ACCEPT_COOKIE_NAME string| CLI_PREFERNCE_COOKIE number| CLI_ACCEPT_COOKIE_EXPIRE boolean| CLI_COOKIEBAR_AS_POPUP object| mnetCustomerData function| injectMnetScript object| _mNHandle string| medianet_versionId object| stlib boolean| tpcCookiesEnableCheckingDone boolean| tpcCookiesEnabledStatus boolean| sop_pview_logged string| stWidgetVersion object| stLight boolean| st_showing object| st object| __stdos__ function| __sharethis__docReady object| __sharethis__ string| GoogleAnalyticsObject function| ga object| dataLayer object| _mN function| logFailoverPing object| displayPlacement_PF_script boolean| pixfuture_environment_started function| init_____display____pixfuture object| WPCOM_sharing_counts object| click_object object| Main object| BrowserDetect object| mejs function| onYouTubePlayerAPIReady function| onYouTubePlayerReady function| MediaElement function| MediaElementPlayer function| $j function| imagePreview object| sharing_js_options object| WPCOMSharing undefined| windowOpen object| _stq object| twemoji function| st_go function| linktracker_init object| wpcom object| wp string| currentText string| categoryCookie object| categoryCookieValue object| cli_chkbox_elm string| cli_chkbox_data_id string| cli_chkbox_data_id_trimmed boolean| isPending string| prebid_file function| findCMP_PixFuture object| google_tag_data object| gaplugins object| gaGlobal object| gaData object| google_tag_manager object| pbjs_pixChunk object| pbjs_pix object| _pbjsGlobals object| mnet function| onYouTubeIframeAPIReady object| google_reactive_ads_global_state object| google_ad_modifications number| google_global_correlator object| google_prev_clients object| Moat#G26 boolean| Moat#EVA object| MoatSuperV26 object| Adform

80 Cookies

Domain/Path Name / Value
securityaffairs.co/wordpress/133736/malware Name: dt
Value: 2022-08-23T01:02:48.502Z
securityaffairs.co/ Name: cookielawinfo-checkbox-necessary
Value: yes
securityaffairs.co/ Name: cookielawinfo-checkbox-non-necessary
Value: yes
.securityaffairs.co/ Name: _gid
Value: GA1.2.1776779863.1661216562
.securityaffairs.co/ Name: _gat
Value: 1
.agkn.com/ Name: ab
Value: 0001%3AmjZgl%2FZD7cflfIOjd1aw7f%2FO04VS2Q2t
.securityaffairs.co/ Name: _ga_P62M3QN974
Value: GS1.1.1661216562.1.0.1661216562.0.0.0
.securityaffairs.co/ Name: _ga
Value: GA1.1.2030666481.1661216562
securityaffairs.co/ Name: _pbjs_userid_consent_data
Value: 3524755945110770
.securityaffairs.co/ Name: _pubcid
Value: 9afbc73b-f7d5-4dfc-bc4e-8b08e51d6dd6
securityaffairs.co/ Name: _lr_retry_request
Value: true
securityaffairs.co/ Name: _lr_env_src_ats
Value: false
.adnxs.com/ Name: anj
Value: dTM7k!M4/8CxrEQF']wIg2IlahKG$U!]tbP6j2F-XstGt!@DP:$aoBB
.adnxs.com/ Name: uuid2
Value: 7779825215707672497
securityaffairs.co/ Name: pbjs-unifiedid
Value: %7B%22TDID_LOOKUP%22%3A%22FALSE%22%2C%22TDID_CREATED_AT%22%3A%222022-08-23T01%3A02%3A42%22%7D
.rubiconproject.com/ Name: khaos
Value: L75HG7F9-9-LNLQ
.rubiconproject.com/ Name: audit
Value: 1|naVuGyos1qrTRQgr7/DNf14C1LCtWBX9mfsNIvv6Qtp0kTU4st2MubC1Z8BsCXxm5FGfGNePc3/th4iWCi6WjspbV3mhqimWXjmaZkH7bMyyqVI1k5poNA==
ads.us.e-planning.net/ Name: CT
Value: 1
.securityaffairs.co/ Name: cto_bundle
Value: dPji_F8yc0lRZjhhUnBtMmt4Q1k4T3BRb3JUTEtQblpBWFd4RHgzZk5pNFhkVmJYd0hsUkxsWCUyQmpwd0Q5eG9Rd04lMkJwaExWVGdudUszUU0lMkY2ekEzRkw4TTBBNndSMndXQjdNQWpsVTMyTEpDVXpIVEU4RUFOJTJGWWdUY21jN3dNTlFFenFy
.securityaffairs.co/ Name: cto_bidid
Value: o9HkZl9uUFBsa2t1bk5NVlh6M2QlMkJvQ0dOd1dMWW5aaUxDeGZVOTFIQTBrNHRyQW1QU05xR3lCWVRSSiUyQm1hMFRIeXVQd205Y0JhTXo2TEhOR1JTclV5b1hFb3clM0QlM0Q
.e-planning.net/ Name: E
Value: AA6PiF2-OTdaFRH2
.zeotap.com/ Name: zc
Value: 657abbc5-c17d-4d8c-74f1-339b1274ef87
.zeotap.com/ Name: zsc
Value: %8D%17%D7%B6%CDS%D2%0B%BA%AE%EF%B1N%83W%B2N%BB%DF%DE%A6%F6%E8%3C%8C%96%B69%CCh%3F%13%40%13%D9%18%B2%7D%A7%2F%3DR%CA%9F%26%ACG%60~%2F%DB0z%EA0C%18%0E%9C%D8v%24i%9D%E1%23%AFu%137%DB%BD%F9%26%E0%B5%EE%83%B6%9B%9BV%87R%A6%C97%12%15w%EB%11+%C70%22%ED%96CZ%19%94SwZ%BC%98%91%0B%8Ax%9D%3Bz%16%C4f%B3%A37i%BE%1A%F3%0Bj%CB%CA%0C%2A%F7GK%00W%3D%19i%02%B5%02+%05%5D%D8%5C%FCs%E5%86CJc%C2B%C5T%9E%86%A1%18%02%21%CC%A0%11%3D%1E
.casalemedia.com/ Name: CMID
Value: YwQnM2UlIhxPnAzDgoUIbAAA
.casalemedia.com/ Name: CMPS
Value: 5172
.go.sonobi.com/ Name: __uih
Value: 1
.tapad.com/ Name: TapAd_TS
Value: 1661216563229
.tapad.com/ Name: TapAd_DID
Value: 4415b4b3-bb77-4eb3-91b9-88b3940bd3c1
.go.sonobi.com/ Name: HAPLB8A
Value: s8533|YwQke
.tapad.com/ Name: TapAd_3WAY_SYNCS
Value:
.casalemedia.com/ Name: CMPRO
Value: 1176
.casalemedia.com/ Name: CMST
Value: YwQnM2MEJzMA
.casalemedia.com/ Name: CMRUM3
Value: 2d6304273305a0&27630427330b40&416304273305a0&c46304273305a0&f16304273305a0&116304273305a0&9c6304273305a00&e6630427332760
.adfarm1.adition.com/ Name: UserID1
Value: 7134870809663699093
.weborama.fr/ Name: AFFICHE_W
Value: 3uan9X3b2yfe20
.doubleclick.net/ Name: IDE
Value: AHWqTUnNpORmoEzcMPiOoCDjhSPC3jFY9rHwkIVySKtfWATZTy0S3ksMpvFqhjui3-A
.theadex.com/ Name: axd
Value: 4303466672805412041
.theadex.com/ Name: tis_agL
Value: agLeAo4z
.tidaltv.com/ Name: tidal_ttid
Value: 465c6e62-b2b2-41ac-9851-19665f6e0631
.richaudience.com/ Name: avcid-zeo-uid
Value: 657abbc5-c17d-4d8c-74f1-339b1274ef87
.crwdcntrl.net/ Name: _cc_cc
Value: ctst
.tidaltv.com/ Name: sync-his
Value: "H4sIAAAAAAAAADM0NjK0sDK0MAIAjH390AkAAAA="
.demdex.net/ Name: demdex
Value: 39569792789410797180614719976620002799
.dpm.demdex.net/ Name: dpm
Value: 39569792789410797180614719976620002799
.krxd.net/ Name: _kuid_
Value: PCMl1rb2
prebidserver.pixfuture.com/ Name: uids
Value: eyJ0ZW1wVUlEcyI6eyJlcGxhbm5pbmciOnsidWlkIjoiQUE2UGlGMi1PVGRhRlJIMiIsImV4cGlyZXMiOiIyMDIyLTA5LTA2VDAxOjAyOjQzLjU4MTM5OTE1MVoifX0sImJkYXkiOiIyMDIyLTA4LTIzVDAxOjAyOjQzLjU4MTMxNTMwNloifQ==
.disqus.com/ Name: zeta-ssp-user-id
Value: ua-a9e4c4aa-9059-33bd-a57e-9415d72d0a6f
.casalemedia.com/ Name: CMTS
Value: 5155
.yahoo.com/ Name: A3
Value: d=AQABBDMnBGMCEIqVnzzwi3NBAmU2aHeo9A4FEgEBAQF4BWMOYwAAAAAA_eMAAA&S=AQAAAlNPh-jw-8jNYSJoqPq5KOQ
.ads.linkedin.com/ Name: lang
Value: v=2&lang=en-us
.linkedin.com/ Name: bcookie
Value: "v=2&8d6bf5f7-13e9-47e5-8c86-d06e01309f83"
.linkedin.com/ Name: li_gc
Value: MTswOzE2NjEyMTY1NjM7MjswMjG2DDPX9wnaeA5CK2n5QCUFkZVgs1aziLg3UpSFWSf2Nw==
.linkedin.com/ Name: lidc
Value: "b=VGST00:s=V:r=V:a=V:p=V:g=2780:u=1:x=1:i=1661216563:t=1661302963:v=2:sig=AQH0ErojHEyzlnGxRuhCHCdynu43jn9O"
.amazon-adsystem.com/ Name: ad-id
Value: A7oc0pKGMkT_rhz7bkaNZ8M
.amazon-adsystem.com/ Name: ad-privacy
Value: 0
.mathtag.com/ Name: uuid
Value: 98066304-2733-4000-bf11-d38943c8bf93
.fwmrm.net/ Name: _uid
Value: "o003d_7134870813954022011"
.securityaffairs.co/ Name: __gads
Value: ID=6bb7e427d00dc554-222eb22b00ce0057:T=1661216566:RT=1661216566:S=ALNI_MZK3ZWVCu4HTkr2L_427UP0XA6w4A
.securityaffairs.co/ Name: __gpi
Value: UID=00000aee43b306ef:T=1661216566:RT=1661216566:S=ALNI_MaLbQI1GsY0xrSNPLlNu8NZSZt3Gg
.adform.net/ Name: C
Value: 1
.adform.net/ Name: uid
Value: 5811457281666223727
.bidswitch.net/ Name: tuuid
Value: ec114a7e-ca7b-45de-849b-1d5d42cf682a
.bidswitch.net/ Name: c
Value: 1661216568
.bidswitch.net/ Name: tuuid_lu
Value: 1661216568
.adform.net/ Name: TPC
Value: 1661216568418
private.vodafone-affiliate.de/ Name: PHPSESSID
Value: 39ns39d5bhhoo2n4jeavdt72gk
.vodafone-affiliate.de/ Name: ppv1175
Value: 2022082303024875218107569X112510V1175122964MSoneid4KZUEf5fA9rXCGH9HdtAtMmkzTbSpTVXUKoneid__adf_Netmix_Reach09_Mweb_KreiselDeal
.awin1.com/ Name: awpv11354
Value: 412871|1661216568|4e58b220-227f-11ed-89c6-2237875fe73c
.awin1.com/ Name: AWSESS
Value: 377129:2470185
pb.media01.eu/ Name: ASP.NET_SessionId
Value: pik5vvtlhrkrb1ps0cw3nd3v
pb.media01.eu/ Name: DTU
Value: 067573159FEB4E8D21BA237234E02A3C
m.exactag.com/ Name: exactag_new_gk
Value: 9de074915cfd486faca486731595a3c6%7c22.10.2022+01%3a02%3a48
m.exactag.com/ Name: exactag_new_uk
Value: 0b081b88346645f99289704491d6dc18%7c
m.exactag.com/ Name: session_session
Value: 7f393d7158724a73bc6a2350
.vodafone.de/ Name: oshop
Value: queryparams||b_id||1744||queryparams||shopid||2586
.zenaps.com/ Name: awpv11354
Value: 412871|1661216568|4e58b220-227f-11ed-89c6-2237875fe73c
.zenaps.com/ Name: AWSESS
Value: 377129:2470185
www.conrad.de/ Name: HTLP_timestamp
Value: 1661216569
www.conrad.de/ Name: CEAffHA
Value: YD
.www.conrad.de/ Name: __cf_bm
Value: Lfg5Y3mrugJ..a9jWk.WxHcHBjRQbtsSwINgMsHeRRA-1661216569-0-AVtKrUaUoof1jWvCpygWZKRwbT0HkPL253iXdh4/d+FA/4GKEjB8b20nHocxHmPaBz0X1w7l02TKSJkGsVcOhF8=

10 Console Messages

Source Level URL
Text
security error URL: https://securityaffairs.co/wordpress/133736/malware/dsirf-behind-subzero-malware.html(Line 392)
Message:
Mixed Content: The page at 'https://securityaffairs.co/wordpress/133736/malware/dsirf-behind-subzero-malware.html' was loaded over HTTPS, but requested an insecure stylesheet 'http://fonts.googleapis.com/css?family=Roboto+Condensed%3A400italic%2C700italic%2C400%2C700&subset=latin%2Ccyrillic-ext%2Cgreek-ext%2Cgreek%2Ccyrillic%2Clatin-ext%2Cvietnamese&ver=a27a5f2dbcd76fca02b031770446541d'. This request has been blocked; the content must be served over HTTPS.
security error URL: https://securityaffairs.co/wordpress/133736/malware/dsirf-behind-subzero-malware.html(Line 393)
Message:
Mixed Content: The page at 'https://securityaffairs.co/wordpress/133736/malware/dsirf-behind-subzero-malware.html' was loaded over HTTPS, but requested an insecure stylesheet 'http://fonts.googleapis.com/css?family=Lato%3A400%2C700%2C400italic%2C700italic&ver=a27a5f2dbcd76fca02b031770446541d'. This request has been blocked; the content must be served over HTTPS.
security error URL: https://securityaffairs.co/wordpress/133736/malware/dsirf-behind-subzero-malware.html(Line 394)
Message:
Mixed Content: The page at 'https://securityaffairs.co/wordpress/133736/malware/dsirf-behind-subzero-malware.html' was loaded over HTTPS, but requested an insecure stylesheet 'http://fonts.googleapis.com/css?family=Playfair+Display%3A400%2C700%2C400italic&subset=latin%2Ccyrillic-ext%2Cgreek-ext%2Ccyrillic&ver=a27a5f2dbcd76fca02b031770446541d'. This request has been blocked; the content must be served over HTTPS.
security error URL: https://securityaffairs.co/wordpress/133736/malware/dsirf-behind-subzero-malware.html(Line 395)
Message:
Mixed Content: The page at 'https://securityaffairs.co/wordpress/133736/malware/dsirf-behind-subzero-malware.html' was loaded over HTTPS, but requested an insecure stylesheet 'http://fonts.googleapis.com/css?family=Oswald%3A400%2C700%2C400italic&subset=latin%2Ccyrillic-ext%2Cgreek-ext%2Ccyrillic&ver=a27a5f2dbcd76fca02b031770446541d'. This request has been blocked; the content must be served over HTTPS.
javascript error URL: https://securityaffairs.co/wordpress/133736/malware/dsirf-behind-subzero-malware.html
Message:
Access to XMLHttpRequest at 'https://api.rlcdn.com/api/identity/envelope?pid=c2d18b01-4905-4aba-a83e-e41eac932694' from origin 'https://securityaffairs.co' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network error URL: https://api.rlcdn.com/api/identity/envelope?pid=c2d18b01-4905-4aba-a83e-e41eac932694
Message:
Failed to load resource: net::ERR_FAILED
network error URL: https://ib.adnxs.com/getuid?https://mwzeom.zeotap.com/mw?adnxs_uid=$UID&zpartnerid=2&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=657abbc5-c17d-4d8c-74f1-339b1274ef87&reqId=f1a1bbda-0dfa-440c-7176-83ea04198e9a&zdid=1361
Message:
Failed to load resource: the server responded with a status of 400 (Request failed due to privacy signals)
network error URL: https://dmp.adform.net/serving/cookie/match/?party=1105&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=657abbc5-c17d-4d8c-74f1-339b1274ef87&reqId=f1a1bbda-0dfa-440c-7176-83ea04198e9a&zdid=1361
Message:
Failed to load resource: the server responded with a status of 403 ()
network error URL: https://id.rlcdn.com/709414.gif
Message:
Failed to load resource: the server responded with a status of 451 ()
network error URL: https://tags.bluekai.com/site/87734?id=657abbc5-c17d-4d8c-74f1-339b1274ef87&gdpr=1&gdpr_consent=&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D1202%26env%3DmWeb%26cid%3D%24_BK_UUID%26BK_SWAP_DEST%3D87734&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=657abbc5-c17d-4d8c-74f1-339b1274ef87&reqId=f1a1bbda-0dfa-440c-7176-83ea04198e9a&zdid=1361
Message:
Failed to load resource: the server responded with a status of 400 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a.audrte.com
aa.agkn.com
aax-eu.amazon-adsystem.com
acdn.adnxs.com
ad4m.at
ads.pubmatic.com
ads.us.e-planning.net
ads.yahoo.com
adservice.google.com
adservice.google.ru
ap.lijit.com
apex.go.sonobi.com
api.rlcdn.com
as.ad4m.at
assets.ad4m.at
aws-fr-sync.bidswitch.net
b1sync.zemanta.com
bcp.crwdcntrl.net
beacon.krxd.net
biddr.brealtime.com
bn01.er.bemail.it
btlr.sharethrough.com
bttrack.com
buttons-config.sharethis.com
c1.adform.net
c2shb.ssp.yahoo.com
casale-match.dotomi.com
cdn.pixfuture.com
cm.g.doubleclick.net
cms.analytics.yahoo.com
contextual.media.net
dmp.adform.net
dmp.theadex.com
dmp.v.fwmrm.net
dpm.demdex.net
dsp.adfarm1.adition.com
dsum-sec.casalemedia.com
dsum.casalemedia.com
e1.emxdgt.com
eus.rubiconproject.com
fastlane.rubiconproject.com
fonts.googleapis.com
ghent-aws-fr.bidswitch.net
google-analytics.com
googleads.g.doubleclick.net
gu.dyntrk.com
gum.criteo.com
hb.emxdgt.com
hbopenbid.pubmatic.com
i.e-planning.net
i0.wp.com
ib.adnxs.com
id.rlcdn.com
id5-sync.com
idsync.frontend.weborama.fr
image6.pubmatic.com
imp-euro.emxdgt.com
imp.emxdgt.com
js.brealtime.com
js.cookieless-data.com
l.sharethis.com
lg3.media.net
loadeu.exelator.com
m.exactag.com
match.adsrvr.org
maxcdn.bootstrapcdn.com
mug.criteo.com
mwzeom.zeotap.com
obgpm76tt0a0sgogzhdfe.redinuid.imrworldwide.com
onetag-sys.com
pagead2.googlesyndication.com
partner.googleadservices.com
pb.media01.eu
pixel-eu.rubiconproject.com
pixel.mathtag.com
pixel.rubiconproject.com
pixel.tapad.com
pixel.wp.com
pixfuture2-d.openx.net
platform-api.sharethis.com
pr-bh.ybp.yahoo.com
prebid.media.net
prebidserver.pixfuture.com
prg.smartadserver.com
private.vodafone-affiliate.de
pv.medialead.de
px.ads.linkedin.com
px.moatads.com
r.casalemedia.com
region1.google-analytics.com
s.amazon-adsystem.com
s.e-planning.net
s1.adform.net
secure-assets.rubiconproject.com
secure.adnxs.com
secure.gravatar.com
securityaffairs.co
served-by.pixfuture.com
spl.zeotap.com
ssc-cms.33across.com
ssc.33across.com
ssp.disqus.com
ssum.casalemedia.com
stats.wp.com
sync-tm.everesttech.net
sync.richaudience.com
sync.tidaltv.com
tags.bluekai.com
tags.crwdcntrl.net
token.rubiconproject.com
tpc.googlesyndication.com
track.adform.net
trc.taboola.com
u-ams02.e-planning.net
u.openx.net
usermatch.krxd.net
vfd2dyn.vodafone.de
vid.vidoomy.com
ws.sharethis.com
www.awin1.com
www.conrad.de
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.zenaps.com
x.bidswitch.net
z.moatads.com
api.rlcdn.com
fonts.googleapis.com
pagead2.googlesyndication.com
ssc.33across.com
sync-tm.everesttech.net
104.17.120.107
104.18.18.126
104.18.19.126
135.125.160.77
137.184.242.150
141.95.98.69
142.250.185.66
142.250.186.98
145.239.193.130
15.197.193.217
151.1.205.165
151.101.193.108
157.90.211.246
176.34.72.130
178.250.2.146
18.156.32.70
18.198.69.109
18.66.15.29
18.66.97.88
185.15.245.82
185.64.189.112
185.86.139.58
185.89.210.122
185.89.210.244
192.0.76.3
192.0.77.2
192.132.33.46
198.47.127.19
2001:4860:4802:34::36
2001:8d8:100f:f000::289
205.234.175.175
212.82.100.182
213.202.235.8
216.52.2.30
23.47.208.212
23.47.209.169
23.47.212.25
23.7.197.114
23.7.201.234
2600:1f16:e61:3f01:ec47:44d4:778:a05a
2600:9000:223c:e400:c:abe:f440:93a1
2600:9000:225e:4600:3:c04e:c780:93a1
2602:803:c003:200::21
2606:4700:10::6816:1957
2606:4700:20::681a:744
2606:4700:20::681a:bd1
2606:4700::6812:7e05
2606:4700::6812:bcf
2620:1ec:21::14
2a00:1288:f03d:1fa::4000
2a00:1450:4001:806::2004
2a00:1450:4001:80e::2004
2a00:1450:4001:80f::2002
2a00:1450:4001:82a::200e
2a00:1450:4001:82b::2002
2a00:1450:4001:82b::2008
2a00:1450:4001:830::2001
2a00:1450:4001:831::2002
2a02:2638::1c
2a02:6ea0:cb00::2
2a02:fa8:8806:16::1400
2a04:4e42::300
2a04:fa87:fffe::c000:4902
2a05:d018:24:b001:c8ee:3b80:f7b4:fc56
2a05:d018:d29:3605:9ff9:d907:aaf7:c9c8
3.122.84.82
3.124.33.5
3.127.182.213
3.234.101.191
3.69.216.1
3.73.146.93
34.107.148.139
34.111.131.239
34.200.207.25
34.232.108.54
34.250.101.124
35.157.194.177
35.173.74.115
35.227.248.159
35.244.159.8
35.244.174.68
37.157.2.234
37.157.3.30
37.157.6.236
46.249.52.248
46.249.52.249
5.178.65.253
51.15.145.115
51.89.9.253
52.28.203.152
52.28.233.190
52.46.130.91
52.57.150.184
52.57.79.170
52.95.115.255
54.216.202.57
54.73.80.98
67.202.105.22
68.183.31.14
69.166.1.14
69.173.144.138
69.173.144.139
69.173.144.165
70.42.32.255
84.200.5.215
85.114.159.118
88.198.250.30
92.123.17.141
92.123.37.164
92.123.38.97
92.123.9.160
006f93e4ee649b3b71423525ea6e839493b340c885dd87d15d438f22c208e4e9
00d534b6d1d7adf2faa7861ce9557403c3c08304e2791fd4301029b0e142c286
00f28fdb987ce0f9edc935ffe381123a2e1f79fcc0f55759a7bb4a83b4a88584
01ae52edde002949eea644b646f484b13d151a8a9416afaa678b112b3b47a80e
0757f7ff6e5f6a581922a5e2d42c5e0cf7475d880885a9802e8bdd5e4188dd34
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0c09c070833c786cb25be38bc30992b30bad578f817dbc9e34beacd8b8ea44c5
0c27a9c1aee9eacb73655f930a6bbf9ec721006695e5c38405296081cdbcb878
0cc22b1a9c13fecfd7c08e50f7b239a00e0af8252f7fb209a1ab4d2be91639b2
0ce978a7907fdf3a7b393ff68e8c0c17703c7f2eae4772b4bdce769668118dda
0e53466218d7ff174e0a083ecce89b1c090c67ccbe55775eddca03e930ff9e35
0fd28fece9ebd606b8b071460ebd3fc2ed7bc7a66ef91c8834f11dfacab4a849
1063bee0008a93ea8babdc11081152953bc1830049eff6ff7ca98c2682b508ef
115e1f8fa4a1fc831d1ac9780657852c7d1a9f73ea9dc2c8122926f6524fa657
13b61826fde5b78966364a0bfe1f2309da1f0ccd75923528a5014978b7276742
14d79e2cf47df339b79d25ffc6d0136e5d2e70a96b75e6782198ea6bbda3ca0a
1709cd39402d83321f6aa7bf2c23e28ed5bf67e2e7528ef1114973731e0d9b4b
1735fe61d2a5eeb6e73ec0a4c847287023223fe07161e86981a50edb60313128
1832a6ee34745b08b1fcae42c24468086358b43071d7679a738951aa7dc243ea
18bab6cb803a8316f2f422a84a0b2f24179d5407e42481dc1c816aa056727393
18d61b5ee68a57bd7a4733f776f9f8aa5c353e7f35a420881523b6edbf7c6b19
1aaab3c3d6f974416ae34893cebe3a544aea17931439b2449ec392061d11ec82
1b92260a400bea230772ccfff1953fbe65deeb30da1a8aa146342d20833f24ff
1c3b03e5926994e506da800bf0eb0258ef86249a50101ddcfa55b012fc297d14
1d102b1ba499ea892a728bd28a23eaecb292b5700cd3f42ace831571977469cc
1dbf1a750e300830f25da7f805b4d3d4a1e0d2fc9b479b298cbb7ac7a7d1cd36
1e521dce475797cfe65f54a0a297c6d27c5952f70edbc78bb955d9e693def68f
1ee43b9f0b9d04dbb343045c231271c35c917319b8d0ac01ec9c0b5cfc8f24e6
2199990352edbb7ec586e01d26e2f6a7010a2fce1517711019b614dcec353ba3
2333802e4a0c86b4cc4c71b376fc0aedc3b03039bfc777d96105f82231215732
2353720088a332b63b77eba41fde88c9896e55bbe73c06283d4b0e6cd47a7f38
25cbb0598f62d55b16729065a0955ce9efcdfb096c7f11fec31e731dcfa11e8a
28670e1e4ce70b354f7433130f6b505fcae5329dfce85a08d44e170de64783f2
2b02c99b94bd29097fd168548bea6dfc28c9ffd3c2d751c1f375c9da902d8f63
2c29defe29114d0e8b948e78d50ebb281035df53a9167089deb1e77e801bbd2f
30fe2b4dd3ea9446d92fa0dad1ce04ad1fb0729696ca6e04d6bfaacfb5681ed6
312aa3314b7efba327e66690f36d2d278a8c220106f3a468b9f0fca2d4246dec
35997cd3caa22192f92391515f9e0f5e517a30ccc1e9c60c1ef4758ace6fce87
373e5b81dbd8b457432edbcdb69e225751c79417f43f70f2cce60b66d353e084
37d925559381e9d5388c4a096fe1383570546b7b11548d7d6a7e560adcc24e5d
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd
3d85875a1e53af8d9e6ea3c3bf25ff4fe8dc1eb5bcaeb44b2fcc85a9bc47c996
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390
40bc46248d8f8d5fbea7678bd0c0031327e206daaf99f3bf6723b9a70f665f7f
43ec4073d62958c460872f86b38f583f3187995f0147e29144340e6826e05cb9
45185c8f6cd2f9b42e3a02b78af40edc7d61328fac3167a0490c9c69bbecaaa6
48cab163ff0e9b0d1181e52187d68e1bc909972b5f690b4a2bec7b20b8ff16f9
4a0c4062dd4631f83121672154a0aa4d182030a500e4bab908e916339fdca038
4c0288102f5b97dce4d066f0de73765677a05ec9ccf28dcfbe481b087b5e2c7e
4c6b4ef22f4c5dd8fd6e17ab6706d8c55d236824c20b3d8dcd310f7de744def6
4c8e9154733dee9585a977d6d5f316eccd55234b59b53da37e9070900c4aece1
4cdecc62f5b2c8e9f7cf7b14b9fd42e0c4787d912c1b71426cdfbe0144cede46
521b009c22f71b3c9e6010779a783f6e7b493cd987a316a202bbd4787da7e491
53c4012d69fd3f16064f76ad2908cbb1e5c5643308c76ae5b12a67c33df95694
541ac58217a8ade1a5e292a65a0661dc9db7a49ae13654943817a4fbc6761afd
54e2d0f9b05ccacea68c9b4f158aeaa51e0158205575d4e3d9c423c58f3d29fc
5525d57ced576560de8777ea78e4bc0c9d55396c0b668a7563b354de9c165aee
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
56ad091dc0dba9ae99229b7d5e94ca2d06cebe2c511a2c58906d7b15604f39e7
5cbf31f01d7d1ce4853bcd6cc64dbfd103d412ec14d8bcc4ebca3b35dc3f3b74
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
6251b4b4525b9007511a48a6cda9a168f07ff77ccc4dd75759486af624a13301
64c41a6752147d6209ab9377bd28d1970be83a0a8d8617dfa4ea8dddf0516194
650868ebc4c00b2ea4ea72747f655f8a0552ba53c9b5b55defd9457be75f1aa9
655ae452d922f501b62c7028fc35e238138de989387381cc1ed9cea9085864db
65cbd405e45281920679a4be1ac6506fef1cc419c633b89c0c234b7e2c0b3b1a
65cfa6801a0886fab249b224e8a6982b4740fe7879fce99ff13ddaac9aaca01a
65de1fa7bd550c89dd059d0abc6ba885b8812dd5c0a33846690ebec82e2c77b6
67bc099f3dad9e8d407de0f5b2f9b943497ce801a6182c8d22406d8140bd257a
69c1440941c7c1d846fa0d95daf05ad956cfa5dbadaff50fcf06c80494a8b45c
6acaf1e28f06b9575940731ab904b18dde4d2bf52618c42fddb14d0d9b6c028c
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6c4bd366110b72757b6023d9749c0bca82568e79d29f95da657c1e4621e905ce
6c52384c7b0641dd1ead85d079c22d39bcc6dc5f2537afb1e6396bb619771a3f
6d9f061cba81145d9bab0964192d66cb2e13a71591482cdfaf5b718341171da1
6eab47c17572a089ad9ceb4c9694a99d7f3ffccd5d1c778438016b1eccdc8f0a
6f83d6d161d5d98ac0a6305e882cbf211c330178f30bac4095f967b5475c0e92
7024493525030ecd098ce0dcb2f0aea839373775120b40580028137b1d125ac9
71be00d8bb9f7eb68c8d091780ce24b914e5b439a216d40340f7f730ac739a3e
73cadf4725483d9a9290b8ea3ad87fe2afc746de5f70e89f088a3df9996bd8dd
7478123ab457a28ecf9df78f2832fbdbefc205eaef0930b4f6666903e756be46
759949fb0ffaa47eb3755d704adfee7be3ab4fd3d3fa2f37381ca6ea8b9506b1
75a340a51e6c6ca7451e8ea493becbbffbcf4513e58913dd38a46579ee8b6e7c
76b100bc7a91aa3f8b9740d92ca82af21c52daed2ddd9cf3659bfee0c193b1eb
78a76283c052e7521a90068d1fd670ac68396a6210276f8285581622adf95b20
790b19d3740e2c198ad12fb6ab8318f9bbe84dc40296df54139a3b14df4bfb09
7a6e5c7785b3c9d3032fa6252696214127c545c808875ae8baa950f558e84590
7b3441c3bc50c1d74fb5eadbe331d12884e80a6b13f185f2f9a65321aef8c488
823a363cf39047e9cd6ae2ca8164185c5d70016958afd6cc1e424b8047fcc0a4
82d0aae1e7b8cfc0574d6548d1f35096f5e4310321aa964ff3fdb46c4d12e302
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
868a78df4f3d0a21f89c48ccc709df44d3875f5fb33e22bf51ca8b5c28be4202
888821f71641db53455eec1ff33d6405106c4e88eb0be9bfcfeaff4aa2ebef48
8912643221148beed308d86d716e3df63f21c4bad323837a3186406f411fab8e
8b92b8f673590056efabc2f9f6e60c92a7552dd183ea60d450ce05d70a04e842
8c3010509fc7480b59413a90d69e9fafcb3d5aa202faf7862466f6bb8be1a335
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8d732b3483eb44546a848a82cc9d6a584c81860aae7255f7ac589dcb3f130535
8e45beb02e31d880817d7d27c126ae92c7c56ab84615c9f9277ee56b9d3128aa
8f94dff235b65488e759488b869b0000a2a17bf9e13f184289795e2ff65a803c
9195f44cc3e67293be8769489ccc1a83e6b9b4129b4e26641ea88990ba5e2eec
93a8cf4884da5c8a1de74f632e86d62d54ac1be48cd6df10a937e9e0f8e905dc
9466e9e7baf16cf5f9f787bec7685504c8c228cab66a7d871983d223c67a1ade
9a47abcc220084cd32dd51bd76f84ff7839e2dbf1a132fb970e8a1437f03726b
9b978821f78e7bd3a48e5ae8fd7121a291eec506579406745800ca0590f0907c
9bfc7d34cd8bc7df36a984d6f3da50799752e33c48bbf07a4a1ee959b51476d0
9c062d10663416484b5a59bb47a0308526bec56cc69e9f3499fa087d8eae5c7a
9c2388c40345a8c9a09e8eb634a72240123f49f4c2b15df11dc05c2982f52f32
9c4ac725c395d8cef3ca43823fdbb4221641e26ec4ccb27020c809760c83653a
9fe5a3055dac69f217de91ce3a40c07006b298297afefd0fd55d524ccb91ace2
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
a0fded691aed767f851011cd3185b928619298a21a0fbdad4808a9e88b490833
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a23329b767b748b1e61022539d5179f9c9c70c56e1cc378cddc41c57cf64c08b
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a555d376b8e93adce928f60b413685a95fbb16b195147960ba97fe9f99c17f53
a57b918c3515ced748a8b0d297202db9b15fefd82acfddaf11f977761407b2ad
a78d5d54947006c52b6ddb1f6ae32c6541d2150da14dfb368d6940e2f9c17bbd
a85b1179ca4ed7dc5ea897d1b565a69ccae8d2aad29dff7bb874da7d94538bff
ab284bb4630bba786de179717df91dbee93cc78defd7e6e8b116c82be1313a8d
ab612e26357285522cbacea29b729bfdff3b7342c75ee9438ab83a27ce4b297e
ab666175aef84b70aaad5fa6cc4ea1b6879a8dad8576f11667206ecf885a5262
acff2f7ced83945dfb1b2227c926ec6a29d4c9ef436b6cd78a0d0d7447286a09
b0594d2080de4b628c3ea7e0f143b591e266b111b7d5f676147b7968041988d2
b12c1cd811f54d11bfdcb5e235e73934a8b8a7a85eafb8529117f9a5bb64ccf8
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b3d8bcb82d61a3c0b87387b4dcdd2493ea09e7190e2980c6167182ad23cd96d3
b723228fb61c104c9c0038570c74403c8f435269502e43c4fffeb8b4c63de1e1
b7908a015a567ec2363011df2475368dbff34360e9da3fdff50604d6395fb646
b97d80b9eedfeb29936f0d7f89afbdd425ef8d930d09fa1f98030ceb8b26cabd
b9b060fea5d40ed1a199f9ffec8eedb296149c1c5289e65818742d16f24f4dc4
ba716187f8cc8c54806f5b9de46d1d94bec574ddf31c82f68532cd181e242b7f
bb836331fe0a3d9389f632440a016296ae78df6a82a201728cb8d77d268bdb38
bdd681451ace45b4f9e4ea032868c87b80da96240a2adb696bd59ed6a238497b
be3506e558922d62b5e4e4cc432dc890cebdee4fb9779485d505fd8793fa469c
be6fba2cfddd59fbb0e7d828866ff32569c2d9c09ea13f9f4e887772b6081b07
c09fa9679fb13cb821998f533f0f3b51a4a1756bbc05004aef91f8f217c54712
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
c7c20b92518892021ccf818b022d83228d3b731ebb6a58aff988c0c0fba9bcf3
cc1599a104cfe5f19fbd56f2dc73b4570a97acbea0b9521a5e7dc89a39c5d6d0
ce6957a819011ecc4e63652b3a92ccde4a3f15d2149136c18d7fbb4a48434550
ceb6d0c8321627007c1ca8f7de8f5fafc5a7140cceabe7d8adce562fc4885de7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d490f2efc64637640a21c5282a89dd22344e58974641bc7bbbfa4c7e4dc8648e
d99ea9db1da8549489666d36c9e3fb717842550eed1554e96860af8d30c3b008
dbf2b89e67e65dff8b280e7388709c16e5bc69480dd71f551a68f807a7916fa3
dd8b6ed7e8427914194b1ec8b82b2a789721149a5cfaea15fc9b3f4dc09a9198
dda6ad33ac53197002b0e3c6c09f3714a6c79b73969d15666500689d8fc50d3c
e087b94795fc057d189e4f0a024594d45586752b7d32c4aab0750b083a8843a3
e2dc35b0dbaa16b45d96eb3691927df48e091f4983ed2cc079568b789f9559da
e36d1b915da74311b07e823ef1fb5042554cfa7b3e42d0aabaf3e2af1e195298
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e503c59c36fc19803b2e9572b10e7c06236bda692aebd97f29e2a5a96f9aa5b6
e89bbc7723c5114f9cf138c6019bbca4e4f5e13f6b9febaa38c92c4c3584a964
ebf9218a016a4a06e257c70b58ebef5da0dc3ae22a3e28b9d394e688f54a228a
ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152
eda8191f9ba76f5caac6877916a84ad731e96464925a7f9225d8a78b73d01240
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f0c6d2d27de284102b03e30cd74be808801ec53ca49f30b4d15620ee84ea39f5
f0e73ba958067b3a894a08e369a09d265100749208c34b4f671603a9ed6d9172
f1f9eda417444f06ef060dd832d8821c84f081a98cdf62acfe981f5554c894dc
f326204657b27672122e93b8ae7b6e1eecad138b6c7c07a2733345faaaae3d8d
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1
f6c04b0274fe3b9afaf6a834aba6585d4b5c8f197831183cf2acdff796dfb0d9
fbe820b6140ad28e86f34ffae507d807cf591a22697a05b71958f2014e96a9e4
fda04c7b27b3db6bda165e1d1324e7c475edc1f3cc06e927a78f739d74992fcb
fdb60418f2e23b359b2ade2aca337dccf02e24215d1a77bb816ba1820e5bbff0
feee053a6a550932e1716966e78cfb37a4dabea49432710365e6c58cb34087f9